Skip to content

Commit

Permalink
Moving the timestamper interfaces to the timestamp directory (#132)
Browse files Browse the repository at this point in the history
* moving the timestamper interfaces to the timestamp directory

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>

* adding license headers

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>

---------

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
  • Loading branch information
ChaosInTheCRD authored Jan 24, 2024
1 parent dd59a2b commit cfcb7cc
Show file tree
Hide file tree
Showing 7 changed files with 95 additions and 52 deletions.
41 changes: 9 additions & 32 deletions dsse/dsse_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,19 +16,17 @@ package dsse

import (
"bytes"
"context"
"crypto"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"fmt"
"io"
"math/big"
"testing"
"time"

"github.com/in-toto/go-witness/cryptoutil"
"github.com/in-toto/go-witness/timestamp"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
Expand Down Expand Up @@ -235,17 +233,17 @@ func TestTimestamp(t *testing.T) {
require.NoError(t, err)
v, err := s.Verifier()
require.NoError(t, err)
expectedTimestampers := []dummyTimestamper{
{t: time.Now()},
{t: time.Now().Add(12 * time.Hour)},
expectedTimestampers := []timestamp.FakeTimestamper{
{T: time.Now()},
{T: time.Now().Add(12 * time.Hour)},
}
unexpectedTimestampers := []dummyTimestamper{
{t: time.Now().Add(36 * time.Hour)},
{t: time.Now().Add(128 * time.Hour)},
unexpectedTimestampers := []timestamp.FakeTimestamper{
{T: time.Now().Add(36 * time.Hour)},
{T: time.Now().Add(128 * time.Hour)},
}

allTimestampers := make([]Timestamper, 0)
allTimestampVerifiers := make([]TimestampVerifier, 0)
allTimestampers := make([]timestamp.Timestamper, 0)
allTimestampVerifiers := make([]timestamp.TimestampVerifier, 0)
for _, expected := range expectedTimestampers {
allTimestampers = append(allTimestampers, expected)
allTimestampVerifiers = append(allTimestampVerifiers, expected)
Expand All @@ -265,24 +263,3 @@ func TestTimestamp(t *testing.T) {
assert.Len(t, approvedVerifiers[0].PassedTimestampVerifiers, len(expectedTimestampers))
assert.ElementsMatch(t, approvedVerifiers[0].PassedTimestampVerifiers, expectedTimestampers)
}

type dummyTimestamper struct {
t time.Time
}

func (dt dummyTimestamper) Timestamp(context.Context, io.Reader) ([]byte, error) {
return []byte(dt.t.Format(time.RFC3339)), nil
}

func (dt dummyTimestamper) Verify(ctx context.Context, ts io.Reader, sig io.Reader) (time.Time, error) {
b, err := io.ReadAll(ts)
if err != nil {
return time.Time{}, err
}

if string(b) != dt.t.Format(time.RFC3339) {
return time.Time{}, fmt.Errorf("mismatched time")
}

return dt.t, nil
}
9 changes: 3 additions & 6 deletions dsse/sign.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,15 +22,12 @@ import (
"io"

"github.com/in-toto/go-witness/cryptoutil"
"github.com/in-toto/go-witness/timestamp"
)

type Timestamper interface {
Timestamp(context.Context, io.Reader) ([]byte, error)
}

type signOptions struct {
signers []cryptoutil.Signer
timestampers []Timestamper
timestampers []timestamp.Timestamper
}

type SignOption func(*signOptions)
Expand All @@ -41,7 +38,7 @@ func SignWithSigners(signers ...cryptoutil.Signer) SignOption {
}
}

func SignWithTimestampers(timestampers ...Timestamper) SignOption {
func SignWithTimestampers(timestampers ...timestamp.Timestamper) SignOption {
return func(so *signOptions) {
so.timestampers = timestampers
}
Expand Down
14 changes: 5 additions & 9 deletions dsse/verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,23 +18,19 @@ import (
"bytes"
"context"
"crypto/x509"
"io"
"time"

"github.com/in-toto/go-witness/cryptoutil"
"github.com/in-toto/go-witness/log"
"github.com/in-toto/go-witness/timestamp"
)

type TimestampVerifier interface {
Verify(context.Context, io.Reader, io.Reader) (time.Time, error)
}

type verificationOptions struct {
roots []*x509.Certificate
intermediates []*x509.Certificate
verifiers []cryptoutil.Verifier
threshold int
timestampVerifiers []TimestampVerifier
timestampVerifiers []timestamp.TimestampVerifier
}

type VerificationOption func(*verificationOptions)
Expand Down Expand Up @@ -63,15 +59,15 @@ func VerifyWithThreshold(threshold int) VerificationOption {
}
}

func VerifyWithTimestampVerifiers(verifiers ...TimestampVerifier) VerificationOption {
func VerifyWithTimestampVerifiers(verifiers ...timestamp.TimestampVerifier) VerificationOption {
return func(vo *verificationOptions) {
vo.timestampVerifiers = verifiers
}
}

type PassedVerifier struct {
Verifier cryptoutil.Verifier
PassedTimestampVerifiers []TimestampVerifier
PassedTimestampVerifiers []timestamp.TimestampVerifier
}

func (e Envelope) Verify(opts ...VerificationOption) ([]PassedVerifier, error) {
Expand Down Expand Up @@ -121,7 +117,7 @@ func (e Envelope) Verify(opts ...VerificationOption) ([]PassedVerifier, error) {
}
} else {
var passedVerifier cryptoutil.Verifier
passedTimestampVerifiers := []TimestampVerifier{}
passedTimestampVerifiers := []timestamp.TimestampVerifier{}

for _, timestampVerifier := range options.timestampVerifiers {
for _, sigTimestamp := range sig.Timestamps {
Expand Down
5 changes: 3 additions & 2 deletions run.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,14 +25,15 @@ import (
"github.com/in-toto/go-witness/cryptoutil"
"github.com/in-toto/go-witness/dsse"
"github.com/in-toto/go-witness/intoto"
"github.com/in-toto/go-witness/timestamp"
)

type runOptions struct {
stepName string
signer cryptoutil.Signer
attestors []attestation.Attestor
attestationOpts []attestation.AttestationContextOption
timestampers []dsse.Timestamper
timestampers []timestamp.Timestamper
}

type RunOption func(ro *runOptions)
Expand All @@ -49,7 +50,7 @@ func RunWithAttestationOpts(opts ...attestation.AttestationContextOption) RunOpt
}
}

func RunWithTimestampers(ts ...dsse.Timestamper) RunOption {
func RunWithTimestampers(ts ...timestamp.Timestamper) RunOption {
return func(ro *runOptions) {
ro.timestampers = ts
}
Expand Down
43 changes: 43 additions & 0 deletions timestamp/fake.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
// Copyright 2022 The Witness Contributors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package timestamp

import (
"context"
"fmt"
"io"
"time"
)

type FakeTimestamper struct {
T time.Time
}

func (ft FakeTimestamper) Timestamp(context.Context, io.Reader) ([]byte, error) {
return []byte(ft.T.Format(time.RFC3339)), nil
}

func (ft FakeTimestamper) Verify(ctx context.Context, ts io.Reader, sig io.Reader) (time.Time, error) {
b, err := io.ReadAll(ts)
if err != nil {
return time.Time{}, err
}

if string(b) != ft.T.Format(time.RFC3339) {
return time.Time{}, fmt.Errorf("mismatched time")
}

return ft.T, nil
}
29 changes: 29 additions & 0 deletions timestamp/timestamp.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
// Copyright 2022 The Witness Contributors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package timestamp

import (
"context"
"io"
"time"
)

type TimestampVerifier interface {
Verify(context.Context, io.Reader, io.Reader) (time.Time, error)
}

type Timestamper interface {
Timestamp(context.Context, io.Reader) ([]byte, error)
}
6 changes: 3 additions & 3 deletions verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ func VerifySignature(r io.Reader, verifiers ...cryptoutil.Verifier) (dsse.Envelo
}

type verifyOptions struct {
policyTimestampAuthorities []dsse.TimestampVerifier
policyTimestampAuthorities []timestamp.TimestampVerifier
policyCARoots []*x509.Certificate
policyCAIntermediates []*x509.Certificate
policyEnvelope dsse.Envelope
Expand All @@ -67,7 +67,7 @@ func VerifyWithCollectionSource(source source.Sourcer) VerifyOption {
}
}

func VerifyWithPolicyTimestampAuthorities(authorities []dsse.TimestampVerifier) VerifyOption {
func VerifyWithPolicyTimestampAuthorities(authorities []timestamp.TimestampVerifier) VerifyOption {
return func(vo *verifyOptions) {
vo.policyTimestampAuthorities = authorities
}
Expand Down Expand Up @@ -127,7 +127,7 @@ func Verify(ctx context.Context, policyEnvelope dsse.Envelope, policyVerifiers [
return nil, fmt.Errorf("failed to load policy timestamp authorities: %w", err)
}

timestampVerifiers := make([]dsse.TimestampVerifier, 0)
timestampVerifiers := make([]timestamp.TimestampVerifier, 0)
for _, timestampAuthority := range timestampAuthoritiesById {
certs := []*x509.Certificate{timestampAuthority.Root}
certs = append(certs, timestampAuthority.Intermediates...)
Expand Down

0 comments on commit cfcb7cc

Please sign in to comment.