Skip to content

feat: adding OCSP revocation implementation#134

Merged
priteshbandi merged 32 commits intonotaryproject:mainfrom
kody-kimberl:main
Apr 20, 2023
Merged

feat: adding OCSP revocation implementation#134
priteshbandi merged 32 commits intonotaryproject:mainfrom
kody-kimberl:main

Conversation

@kody-kimberl
Copy link
Contributor

@kody-kimberl kody-kimberl commented Mar 24, 2023

This PR adds a new package that will perform OCSP revocation checking for a certificate chain.

Based on my design from #132 and the specification here.

This PR addresses part of the following issue:

Once it is approved and merged, a second PR will implement this functionality into notation-go.

Signed-off-by: Kody Kimberl kody.kimberl.work@gmail.com

@kody-kimberl
Adding OCSP revocation implementation
65ead65 
Signed-off-by: Kody Kimberl <kody.kimberl.work@gmail.com>
@codecov-commenter
Copy link

codecov-commenter commented Mar 25, 2023
edited
Loading

Codecov Report

Merging #134 (2a643ff) into main (010204d) will decrease coverage by 1.00%.
The diff coverage is 82.72%.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@            Coverage Diff             @@
##             main     #134      +/-   ##
==========================================
- Coverage   90.32%   89.32%   -1.00%     
==========================================
  Files          16       21       +5     
  Lines        1457     1677     +220     
==========================================
+ Hits         1316     1498     +182     
- Misses        110      142      +32     
- Partials       31       37       +6
Impacted Files Coverage Δ
signature/types.go 0.00% <0.00%> (ø)
revocation/ocsp/ocsp.go 82.69% <82.69%> (ø)
revocation/ocsp/errors.go 100.00% <100.00%> (ø)
revocation/result/errors.go 100.00% <100.00%> (ø)
revocation/result/results.go 100.00% <100.00%> (ø)
revocation/revocation.go 100.00% <100.00%> (ø)

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

patrickzheng200
patrickzheng200 reviewed Mar 27, 2023
View reviewed changes
@kody-kimberl
Updated revocation checks with chain validationand better func docs
1150936 
Signed-off-by: Kody Kimberl <kody.kimberl.work@gmail.com>
byronchien
byronchien reviewed Mar 27, 2023
View reviewed changes
priteshbandi
priteshbandi reviewed Mar 28, 2023
View reviewed changes
shizhMSFT
shizhMSFT reviewed Mar 28, 2023
View reviewed changes
@kody-kimberl
Refactoring and addressing PR comments
36890d6 
Signed-off-by: Kody Kimberl <kody.kimberl.work@gmail.com>
@kody-kimberl kody-kimberl mentioned this pull request Mar 29, 2023
Merged
shizhMSFT
shizhMSFT reviewed Mar 29, 2023
View reviewed changes
@kody-kimberl
removing logger, moving chain validation, and adding new error
de36fc7 
Signed-off-by: Kody Kimberl <kody.kimberl.work@gmail.com>
priteshbandi
priteshbandi reviewed Mar 29, 2023
View reviewed changes
priteshbandi
priteshbandi reviewed Mar 29, 2023
View reviewed changes
patrickzheng200
patrickzheng200 reviewed Mar 30, 2023
View reviewed changes
shizhMSFT
shizhMSFT requested changes Mar 30, 2023
View reviewed changes
@kody-kimberl
refactoring and updating based on PR comments
7ca76d7 
Signed-off-by: Kody Kimberl <kody.kimberl.work@gmail.com>
@kody-kimberl
Copy link
Contributor Author

kody-kimberl commented Mar 30, 2023

I've made a new commit that address some of the unresolved comments. It may not perfectly address them (as a final decision had not been made for everything), but it should bring many aspects of the implementation closer to everyone's desired solution.

shizhMSFT
shizhMSFT reviewed Mar 31, 2023
View reviewed changes
@kody-kimberl
Refactoring certOCSPStatus loop and changing naming
115aef8 
Signed-off-by: Kody Kimberl <kody.kimberl.work@gmail.com>
shizhMSFT
shizhMSFT reviewed Mar 31, 2023
View reviewed changes
@kody-kimberl
Copy link
Contributor Author

kody-kimberl commented Mar 31, 2023

1.18 is failing due to the incorporation of url.JoinPath (which was added in 1.19) to construct the url instead of adding the strings together. Rather than changing this back (since JoinPath is the better option), @shizhMSFT recommended a new PR to update the Go support window (Issue: #115).

The PR can be found here: #135

@kody-kimberl
Updated results, reformatted errors, and changed single cert logic
b330009 
Signed-off-by: Kody Kimberl <kody.kimberl.work@gmail.com>
@kody-kimberl
Added error to returns
821d32d 
Signed-off-by: Kody Kimberl <kody.kimberl.work@gmail.com>
@kody-kimberl
Cleaned up code a bit from comment suggestions
ae7cccb 
Signed-off-by: Kody Kimberl <kody.kimberl.work@gmail.com>
@kody-kimberl
Added and modified some documentation
b8bf5ff 
Signed-off-by: Kody Kimberl <kody.kimberl.work@gmail.com>
@kody-kimberl
Renamed base package to result
5757f70 
Signed-off-by: Kody Kimberl <kody.kimberl.work@gmail.com>
@kody-kimberl
Added server URI to ServerResult and adjusted some errors
5102a77 
Signed-off-by: Kody Kimberl <kody.kimberl.work@gmail.com>
@kody-kimberl
Removing waterfall logic for multiple server results
1020040 
Signed-off-by: Kody Kimberl <kody.kimberl.work@gmail.com>
@kody-kimberl
Addressing new PR comments
f291015 
Signed-off-by: Kody Kimberl <kody.kimberl.work@gmail.com>
@kody-kimberl
Switching to invalidityDate
dd0b168 
Signed-off-by: Kody Kimberl <kody.kimberl.work@gmail.com>
@kody-kimberl
Name changes and addressing comments
5d6f6e8 
Signed-off-by: Kody Kimberl <kody.kimberl.work@gmail.com>
@kody-kimberl
Refactoring extension handling and zero time
6376931 
Signed-off-by: Kody Kimberl <kody.kimberl.work@gmail.com>
@kody-kimberl
Adding authentic signing time implementation
17c0ff7 
Signed-off-by: Kody Kimberl <kody.kimberl.work@gmail.com>
@kody-kimberl
Updating test certs, chain validation, and authentic signing time imp…
6473871 
…lementation

Signed-off-by: Kody Kimberl <kody.kimberl.work@gmail.com>
@kody-kimberl
Addressed new comments
ffcd32e 
Signed-off-by: Kody Kimberl <kody.kimberl.work@gmail.com>
@kody-kimberl
Updating to bypass linter warnings without comments
03f6251 
Signed-off-by: Kody Kimberl <kody.kimberl.work@gmail.com>
@kody-kimberl
Updating GetAuthenticSigningTime for TSA to return error for not impl…
75a41e1 
…emented

Signed-off-by: Kody Kimberl <kody.kimberl.work@gmail.com>
@kody-kimberl
Updating GetAuthenticSigningTime generic error message
3645077 
Signed-off-by: Kody Kimberl <kody.kimberl.work@gmail.com>
@kody-kimberl
Changed GetAuthenticSigningTime to AuthenticSigningTime
2a643ff 
Signed-off-by: Kody Kimberl <kody.kimberl.work@gmail.com>
@kody-kimberl
Copy link
Contributor Author

kody-kimberl commented Apr 20, 2023

Signing issue is resolved. Somehow two were unsigned. I rebased reworded to add signatures then force pushed it. The diff befor and after the force push is the same (as seen here), so shouldn't require extensive re-review.

shizhMSFT
shizhMSFT approved these changes Apr 20, 2023
View reviewed changes
Copy link
Contributor

@shizhMSFT shizhMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

patrickzheng200
patrickzheng200 approved these changes Apr 20, 2023
View reviewed changes
Copy link

@patrickzheng200 patrickzheng200 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@priteshbandi priteshbandi merged commit cefe2ef into notaryproject:main Apr 20, 2023
@kody-kimberl kody-kimberl mentioned this pull request Apr 20, 2023
Open
priteshbandi pushed a commit to notaryproject/notation-go that referenced this pull request Apr 20, 2023
@kody-kimberl
feat: adding OCSP revocation checks to Verify (#295)
3dd11cb 
This PR adds OCSP revocation checking to the Verify function using the notation-core-go's revocation package.
This PR addresses part of the following issue: notaryproject/notation-core-go#124. It is dependent on notaryproject/notation-core-go#134

Signed-off-by: Kody Kimberl <kody.kimberl.work@gmail.com>
Signed-off-by: Kody Kimberl <59657721+kody-kimberl@users.noreply.github.com>
@kody-kimberl kody-kimberl mentioned this pull request Apr 21, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@priteshbandi priteshbandi priteshbandi approved these changes

@shizhMSFT shizhMSFT shizhMSFT approved these changes

@gokarnm gokarnm Awaiting requested review from gokarnm gokarnm is a code owner

@JeyJeyGao JeyJeyGao Awaiting requested review from JeyJeyGao

@justincormack justincormack Awaiting requested review from justincormack

@NiazFK NiazFK Awaiting requested review from NiazFK NiazFK is a code owner

@SteveLasker SteveLasker Awaiting requested review from SteveLasker

@rgnote rgnote Awaiting requested review from rgnote rgnote is a code owner

+2 more reviewers

@byronchien byronchien byronchien left review comments

@patrickzheng200 patrickzheng200 patrickzheng200 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@kody-kimberl @codecov-commenter @yizha1 @priteshbandi @rgnote @byronchien @shizhMSFT @patrickzheng200

Comments