Skip to content
This repository was archived by the owner on Aug 3, 2024. It is now read-only.

Add Status column to TrustedTimestamp entity#135

Merged
loic-sharma merged 2 commits intomasterfrom
loshar-tmstp-status
Feb 5, 2018
Merged

Add Status column to TrustedTimestamp entity#135
loic-sharma merged 2 commits intomasterfrom
loshar-tmstp-status

Conversation

@loic-sharma
Copy link
Copy Markdown
Contributor

@loic-sharma loic-sharma commented Feb 5, 2018
edited
Loading

During signature validation, TrustedTimestamp that are no longer trusted are treated as if they don't exist. Today, we have to manually inspect a timestamp and its certificates to determine whether the timestamp is valid and trusted. This new Status column will be updated to reflect timestamps' latest known status, thereby making it easier to filter out TrustedTimestamps that are no longer trusted during package signature validation.

⚠️ NOTE: The default Status is Invalid. After we run the migrations, ALL TrustedTimestamps will be marked as Invalid. We will need to fix the E&V job to properly mark TrustedTimestamps as Valid, then, TrustedTimestamps in the database will need to be fixed up with the following SQL query:

DECLARE @invalidTimestampStatus int = 0;
DECLARE @validTimestampStatus int = 1;

DECLARE @validCertificateStatus int = 1;

UPDATE [signature].[TrustedTimestamps]
SET [Status] = @validTimestampStatus
WHERE [Key] in (
    SELECT TOP 100 t.[Key]
    FROM [signature].[TrustedTimestamps] t
    INNER JOIN [signature].[EndCertificates] c
    ON t.[EndCertificateKey] = c.[Key]
    WHERE
        t.[Status] = @invalidTimestampStatus AND
        c.[Status] = @validCertificateStatus
)

@loic-sharma loic-sharma self-assigned this Feb 5, 2018
@loic-sharma loic-sharma mentioned this pull request Feb 5, 2018
Merged
@loic-sharma loic-sharma merged commit b82950e into master Feb 5, 2018
@loic-sharma loic-sharma deleted the loshar-tmstp-status branch February 5, 2018 23:33
loic-sharma added a commit to NuGet/NuGet.Jobs that referenced this pull request Feb 6, 2018
@loic-sharma
[Package Signing] Add Trusted Timestamp Status (#328)
dd2effb 
Updates `NuGet.Services.*` dependencies to add the `Status` property to `TrustedTimestamp` entities. Also modified the Extract & Validate job to properly initialize timestamp's status as `Valid`.

Depends on NuGet/ServerCommon#135
joelverhagen pushed a commit to NuGet/NuGet.Jobs that referenced this pull request Oct 26, 2020
@loic-sharma
[Package Signing] Add Trusted Timestamp Status (#328)
41005f6 
Updates `NuGet.Services.*` dependencies to add the `Status` property to `TrustedTimestamp` entities. Also modified the Extract & Validate job to properly initialize timestamp's status as `Valid`.

Depends on NuGet/ServerCommon#135
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@agr agr Awaiting requested review from agr

@xavierdecoster xavierdecoster Awaiting requested review from xavierdecoster

@skofman1 skofman1 Awaiting requested review from skofman1

1 more reviewer

@joelverhagen joelverhagen joelverhagen approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@loic-sharma loic-sharma

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@loic-sharma @joelverhagen