notaryproject · Two-Hearts · Nov 12, 2024 · Nov 5, 2024 · Nov 5, 2024 · Nov 6, 2024
@@ -5,7 +5,7 @@ go 1.22
 require (
 	github.com/fxamacker/cbor/v2 v2.7.0
 	github.com/golang-jwt/jwt/v4 v4.5.1
-	github.com/notaryproject/tspclient-go v0.2.0
+	github.com/notaryproject/tspclient-go v0.2.1-0.20241030015323-90a141e7525c
 	github.com/veraison/go-cose v1.3.0
 	golang.org/x/crypto v0.28.0
 )

@@ -2,8 +2,8 @@ github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv
 github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
 github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo=
 github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
-github.com/notaryproject/tspclient-go v0.2.0 h1:g/KpQGmyk/h7j60irIRG1mfWnibNOzJ8WhLqAzuiQAQ=
-github.com/notaryproject/tspclient-go v0.2.0/go.mod h1:LGyA/6Kwd2FlM0uk8Vc5il3j0CddbWSHBj/4kxQDbjs=
+github.com/notaryproject/tspclient-go v0.2.1-0.20241030015323-90a141e7525c h1:bX6gGxFw9+DShmYTgbD+vr6neF1SoXIMUU2fDgdLsfA=
+github.com/notaryproject/tspclient-go v0.2.1-0.20241030015323-90a141e7525c/go.mod h1:LGyA/6Kwd2FlM0uk8Vc5il3j0CddbWSHBj/4kxQDbjs=
 github.com/veraison/go-cose v1.3.0 h1:2/H5w8kdSpQJyVtIhx8gmwPJ2uSz1PkyWFx0idbd7rk=
 github.com/veraison/go-cose v1.3.0/go.mod h1:df09OV91aHoQWLmy1KsDdYiagtXgyAwAl8vFeFn1gMc=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=

@@ -43,17 +43,8 @@ func Timestamp(req *signature.SignRequest, opts tspclient.RequestOptions) ([]byt
 	if err != nil {
 		return nil, err
 	}
-	info, err := token.Info()
-	if err != nil {
-		return nil, err
-	}
-	timestamp, err := info.Validate(opts.Content)
-	if err != nil {
-		return nil, err
-	}
 	tsaCertChain, err := token.Verify(ctx, x509.VerifyOptions{
-		CurrentTime: timestamp.Value,
-		Roots:       req.TSARootCAs,
+		Roots: req.TSARootCAs,
 	})
 	if err != nil {
 		return nil, err

@@ -74,7 +74,6 @@ func TestTimestamp(t *testing.T) {
 	opts = tspclient.RequestOptions{
 		Content:       []byte("notation"),
 		HashAlgorithm: crypto.SHA256,
-		NoNonce:       true,
 	}
 	expectedErr = "failed to timestamp"
 	_, err = Timestamp(req, opts)
@@ -92,35 +91,9 @@ func TestTimestamp(t *testing.T) {
 	_, err = Timestamp(req, opts)
 	assertErrorEqual(expectedErr, err, t)
 
-	req = &signature.SignRequest{
-		Timestamper: dummyTimestamper{
-			invalidTSTInfo: true,
-		},
-		TSARootCAs: rootCAs,
-	}
-	expectedErr = "cannot unmarshal TSTInfo from timestamp token: asn1: structure error: tags don't match (23 vs {class:0 tag:16 length:3 isCompound:true}) {optional:false explicit:false application:false private:false defaultValue:<nil> tag:<nil> stringType:0 timeType:24 set:false omitEmpty:false} Time @89"
-	_, err = Timestamp(req, opts)
-	assertErrorEqual(expectedErr, err, t)
-
-	opts = tspclient.RequestOptions{
-		Content:       []byte("mismatch"),
-		HashAlgorithm: crypto.SHA256,
-		NoNonce:       true,
-	}
-	req = &signature.SignRequest{
-		Timestamper: dummyTimestamper{
-			failValidate: true,
-		},
-		TSARootCAs: rootCAs,
-	}
-	expectedErr = "invalid TSTInfo: mismatched message"
-	_, err = Timestamp(req, opts)
-	assertErrorEqual(expectedErr, err, t)
-
 	opts = tspclient.RequestOptions{
 		Content:       []byte("notation"),
 		HashAlgorithm: crypto.SHA256,
-		NoNonce:       true,
 	}
 	req = &signature.SignRequest{
 		Timestamper: dummyTimestamper{
@@ -141,8 +114,6 @@ func assertErrorEqual(expected string, err error, t *testing.T) {
 
 type dummyTimestamper struct {
 	respWithRejectedStatus bool
-	invalidTSTInfo         bool
-	failValidate           bool
 	invalidSignature       bool
 }
 
@@ -154,34 +125,6 @@ func (d dummyTimestamper) Timestamp(context.Context, *tspclient.Request) (*tspcl
 			},
 		}, nil
 	}
-	if d.invalidTSTInfo {
-		token, err := os.ReadFile("testdata/TimeStampTokenWithInvalidTSTInfo.p7s")
-		if err != nil {
-			return nil, err
-		}
-		return &tspclient.Response{
-			Status: pki.StatusInfo{
-				Status: pki.StatusGranted,
-			},
-			TimestampToken: asn1.RawValue{
-				FullBytes: token,
-			},
-		}, nil
-	}
-	if d.failValidate {
-		token, err := os.ReadFile("testdata/TimeStampToken.p7s")
-		if err != nil {
-			return nil, err
-		}
-		return &tspclient.Response{
-			Status: pki.StatusInfo{
-				Status: pki.StatusGranted,
-			},
-			TimestampToken: asn1.RawValue{
-				FullBytes: token,
-			},
-		}, nil
-	}
 	if d.invalidSignature {
 		token, err := os.ReadFile("testdata/TimeStampTokenWithInvalidSignature.p7s")
 		if err != nil {

@@ -14,6 +14,7 @@
 package cose
 
 import (
+	"context"
 	"crypto"
 	"crypto/x509"
 	"errors"
@@ -341,11 +342,8 @@ func TestSignErrors(t *testing.T) {
 		if err != nil {
 			t.Fatalf("getSignRequest() failed. Error = %v", err)
 		}
-		signRequest.Timestamper, err = tspclient.NewHTTPTimestamper(nil, "invalid")
-		if err != nil {
-			t.Fatal(err)
-		}
-		expected := errors.New("timestamp: Post \"invalid\": unsupported protocol scheme \"\"")
+		signRequest.Timestamper = &dummyTimestamper{}
+		expected := errors.New("timestamp: failed to timestamp")
 		encoded, err := env.Sign(signRequest)
 		if !isErrEqual(expected, err) {
 			t.Fatalf("Sign() expects error: %v, but got: %v.", expected, err)
@@ -1101,3 +1099,9 @@ func generateTestRawMessage(raw cbor.RawMessage, label string, unmarshalError bo
 
 	return resRaw
 }
+
+type dummyTimestamper tspclient.Timestamp
+
+func (dts *dummyTimestamper) Timestamp(context.Context, *tspclient.Request) (*tspclient.Response, error) {
+	return nil, errors.New("failed to timestamp")
+}
@@ -14,6 +14,7 @@
 package jws
 
 import (
+	"context"
 	"crypto"
 	"crypto/ecdsa"
 	"crypto/rand"
@@ -266,11 +267,8 @@ func TestSignFailed(t *testing.T) {
 		signReq, err := getSignReq(signature.SigningSchemeX509, signer, nil)
 		checkNoError(t, err)
 
-		signReq.Timestamper, err = tspclient.NewHTTPTimestamper(nil, "invalid")
-		if err != nil {
-			t.Fatal(err)
-		}
-		expected := errors.New("timestamp: Post \"invalid\": unsupported protocol scheme \"\"")
+		signReq.Timestamper = &dummyTimestamper{}
+		expected := errors.New("timestamp: failed to timestamp")
 		encoded, err := env.Sign(signReq)
 		if !isErrEqual(expected, err) {
 			t.Fatalf("Sign() expects error: %v, but got: %v.", expected, err)
@@ -687,3 +685,9 @@ func isErrEqual(wanted, got error) bool {
 	}
 	return false
 }
+
+type dummyTimestamper tspclient.Timestamp
+
+func (dts *dummyTimestamper) Timestamp(context.Context, *tspclient.Request) (*tspclient.Response, error) {
+	return nil, errors.New("failed to timestamp")
+}