-
Notifications
You must be signed in to change notification settings - Fork 533
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFC: When verifying, only use data after it is considered acceptable #2482
Commits on Dec 7, 2022
-
Rename sig to untrustedSignature
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for f8299e8 - Browse repository at this point
Copy the full SHA f8299e8View commit details -
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for a155a19 - Browse repository at this point
Copy the full SHA a155a19View commit details -
Rename chain to untrustedChain
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for cb0f9eb - Browse repository at this point
Copy the full SHA cb0f9ebView commit details -
Rename CheckOpts.IntermediateCerts to UntrustedIntermediateCerts
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 2ce0cd0 - Browse repository at this point
Copy the full SHA 2ce0cd0View commit details -
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for f44d639 - Browse repository at this point
Copy the full SHA f44d639View commit details -
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 17cad99 - Browse repository at this point
Copy the full SHA 17cad99View commit details -
Rename parameters to TrustedCert to indicate untrusted...
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 58380e3 - Browse repository at this point
Copy the full SHA 58380e3View commit details -
Rename TrustedCert to CertificateSignedByTrustedRoot
Let's not dangerously overpromise. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 21d19e8 - Browse repository at this point
Copy the full SHA 21d19e8View commit details -
Introduce a correctlySignedCert variable
... to track the trust state. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 5ae11b5 - Browse repository at this point
Copy the full SHA 5ae11b5View commit details -
Rename cert to correctlySignedCert
Document the requirement. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 5de8a27 - Browse repository at this point
Copy the full SHA 5de8a27View commit details -
Rename validateCertIdentity to validateCertSubject
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 9831a1d - Browse repository at this point
Copy the full SHA 9831a1dView commit details -
Rename cert to correctlySignedCert
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for e3d4d9e - Browse repository at this point
Copy the full SHA e3d4d9eView commit details -
Split validateIssuerPolicy from CheckCertificatePolicy
Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 9286e3a - Browse repository at this point
Copy the full SHA 9286e3aView commit details -
Validate the certificate issuer before worrying about the subject
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for b8ad87a - Browse repository at this point
Copy the full SHA b8ad87aView commit details -
Rename CheckCertificatePolicy to CheckCertificateIssuerAndSubject
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 784d491 - Browse repository at this point
Copy the full SHA 784d491View commit details -
Only create a verifier from a certificate _after_ it passes conditions.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for d4a62a5 - Browse repository at this point
Copy the full SHA d4a62a5View commit details -
Only worry about certificate issuer and subject if the SCT is acceptable
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 5120f37 - Browse repository at this point
Copy the full SHA 5120f37View commit details -
... into validateCertIssuanceAndSubject and verifierFromTrustedCertificate. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 8aa0f7d - Browse repository at this point
Copy the full SHA 8aa0f7dView commit details -
Replace ValidateAndUnpackCert in verifyInternal by its components
We will want to delay verifierFromTrustedCertificate much further. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for bc50a08 - Browse repository at this point
Copy the full SHA bc50a08View commit details -
Warn more explicitly in some functions that ignore certificate validi…
…ty restrictions. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 91c6593 - Browse repository at this point
Copy the full SHA 91c6593View commit details -
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 0d4bda1 - Browse repository at this point
Copy the full SHA 0d4bda1View commit details -
Rename ts to untrustedTimestamp
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 8b4421e - Browse repository at this point
Copy the full SHA 8b4421eView commit details -
Rename b64sig to untrustedB64Sig
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for e7b3199 - Browse repository at this point
Copy the full SHA e7b3199View commit details -
Rename signedPayload to untrustedPayload
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 43564e8 - Browse repository at this point
Copy the full SHA 43564e8View commit details -
Rename rawSig to untrustedRawSig
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 0ace845 - Browse repository at this point
Copy the full SHA 0ace845View commit details -
Rename tsBytes to untrustedTSAArtifact
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 07ffbb8 - Browse repository at this point
Copy the full SHA 07ffbb8View commit details -
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for c37d3f8 - Browse repository at this point
Copy the full SHA c37d3f8View commit details -
Rename bundle to untrustedBundle
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for d7028e7 - Browse repository at this point
Copy the full SHA d7028e7View commit details -
Rename parameters of VerifySET
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 7136f69 - Browse repository at this point
Copy the full SHA 7136f69View commit details -
Introduce acceptableBundleBody
... to track the trust status of the Rekor bundle Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for c9c92e2 - Browse repository at this point
Copy the full SHA c9c92e2View commit details -
Only validate the public key and signature _after_ we accept the SET
And validate the public key first, the signature second, just for consistency with the flow of trust (although that really doesn't mattere here, we want all of (key, signature, payload) to match). Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 5aa2e8e - Browse repository at this point
Copy the full SHA 5aa2e8eView commit details -
Rename payload to untrustedPayload
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for b150bcf - Browse repository at this point
Copy the full SHA b150bcfView commit details -
Rename signature to untrustedSignature
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 7428fc3 - Browse repository at this point
Copy the full SHA 7428fc3View commit details -
Document VerifyBundle a bit more
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for ea498b2 - Browse repository at this point
Copy the full SHA ea498b2View commit details -
Rename pemBytes to untrustedPEMBytes
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 0321492 - Browse repository at this point
Copy the full SHA 0321492View commit details -
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 0771a5a - Browse repository at this point
Copy the full SHA 0771a5aView commit details -
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 28cb652 - Browse repository at this point
Copy the full SHA 28cb652View commit details -
Rename b64sig to untrustedB64sig
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 5c35a52 - Browse repository at this point
Copy the full SHA 5c35a52View commit details -
Rename payload to untrustedPayload
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 66a6644 - Browse repository at this point
Copy the full SHA 66a6644View commit details -
BEHAVIOR CHANGE: Don't check against current time if we have a RFC 31…
…61 timestamp Reorganize the certificate expiry checks, so that we check against the accepted timestamps if any, and only fall back to current time if there is no data. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 75cd9e8 - Browse repository at this point
Copy the full SHA 75cd9e8View commit details -
Eliminate the redundant cert variable
Use certWithUnverifiedExpiry , which we already have, and which we care about. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 2c2f0da - Browse repository at this point
Copy the full SHA 2c2f0daView commit details -
Finally, only create the verifier based on an actually acceptable certificate, instead of creating it first and then hoping not to forget to validate preconditions. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 36f9fa1 - Browse repository at this point
Copy the full SHA 36f9fa1View commit details -
Update comments in verifyInternal
... to document the individual stages. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for deebfc5 - Browse repository at this point
Copy the full SHA deebfc5View commit details