updated to latest go-cose (notaryproject#54)

* added extended attribute getter for notation-go Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com> * update Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com> * updated COSE envelope unit tests Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com> * updating certificate chain Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com> * updated COSE envelope for the certificate chain changes Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com> * updated COSE envelope for certificate chain changes Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com> * updated to latest go-cose Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com> Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
JeyJeyGao · Sep 13, 2022 · 5bcf007 · 5bcf007
1 parent aa7d2ea
commit 5bcf007
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 16 deletions.
diff --git a/go.mod b/go.mod
@@ -6,6 +6,6 @@ require github.com/golang-jwt/jwt/v4 v4.4.1
 
 require (
 	github.com/fxamacker/cbor/v2 v2.4.0 // indirect
-	github.com/veraison/go-cose v1.0.0-rc.1
+	github.com/veraison/go-cose v1.0.0-rc.1.0.20220824135457-9d2fab636b83
 	github.com/x448/float16 v0.8.4 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -2,7 +2,7 @@ github.com/fxamacker/cbor/v2 v2.4.0 h1:ri0ArlOR+5XunOP8CRUowT0pSJOwhW098ZCUyskZD
 github.com/fxamacker/cbor/v2 v2.4.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo=
 github.com/golang-jwt/jwt/v4 v4.4.1 h1:pC5DB52sCeK48Wlb9oPcdhnjkz1TKt1D/P7WKJ0kUcQ=
 github.com/golang-jwt/jwt/v4 v4.4.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
-github.com/veraison/go-cose v1.0.0-rc.1 h1:4qA7dbFJGvt7gcqv5MCIyCQvN+NpHFPkW7do3EeDLb8=
-github.com/veraison/go-cose v1.0.0-rc.1/go.mod h1:7ziE85vSq4ScFTg6wyoMXjucIGOf4JkFEZi/an96Ct4=
+github.com/veraison/go-cose v1.0.0-rc.1.0.20220824135457-9d2fab636b83 h1:g8vDfnNOPcGzg6mnlBGc0J5t5lAJkaepXqbc9qFRnFs=
+github.com/veraison/go-cose v1.0.0-rc.1.0.20220824135457-9d2fab636b83/go.mod h1:7ziE85vSq4ScFTg6wyoMXjucIGOf4JkFEZi/an96Ct4=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
diff --git a/signature/cose/envelope.go b/signature/cose/envelope.go
@@ -55,7 +55,13 @@ var signingSchemeTimeLabelMap = map[signature.SigningScheme]string{
 	signature.SigningSchemeX509SigningAuthority: headerLabelAuthenticSigningTime,
 }
 
-// remoteSigner implements cose.Signer interface.
+// signer interface is a cose.Signer with certificate chain fetcher.
+type signer interface {
+	cose.Signer
+	CertificateChain() []*x509.Certificate
+}
+
+// remoteSigner implements signer interface.
 // It is used in Sign process when base's Sign implementation is desired.
 type remoteSigner struct {
 	base  signature.Signer
@@ -93,7 +99,12 @@ func (signer *remoteSigner) Sign(rand io.Reader, payload []byte) ([]byte, error)
 	return signature, nil
 }
 
-// localSigner implements cose.Signer interface.
+// CertificateChain implements signer interface
+func (signer *remoteSigner) CertificateChain() []*x509.Certificate {
+	return signer.certs
+}
+
+// localSigner implements signer interface.
 // It is used in Sign process when go-cose's built-in signer is desired.
 type localSigner struct {
 	base         signature.LocalSigner
@@ -141,6 +152,11 @@ func (signer *localSigner) Sign(rand io.Reader, payload []byte) ([]byte, error)
 	return coseSigner.Sign(rand, payload)
 }
 
+// CertificateChain implements signer interface
+func (signer *localSigner) CertificateChain() []*x509.Certificate {
+	return signer.certs
+}
+
 type envelope struct {
 	base *cose.Sign1Message
 }
@@ -372,7 +388,7 @@ func getSignatureAlgorithmFromKeySpec(keySpec signature.KeySpec) (cose.Algorithm
 
 // getSigner returns the built-in implementation of cose.Signer from go-cose
 // or a remote signer implementation of cose.Signer
-func getSigner(signer signature.Signer) (cose.Signer, error) {
+func getSigner(signer signature.Signer) (signer, error) {
 	if localSigner, ok := signer.(signature.LocalSigner); ok {
 		return newLocalSigner(localSigner)
 	}
@@ -421,18 +437,12 @@ func generateProtectedHeaders(req *signature.SignRequest, protected cose.Protect
 
 // generateUnprotectedHeaders creates Unprotected Headers of the COSE envelope
 // during Sign process.
-func generateUnprotectedHeaders(req *signature.SignRequest, signer cose.Signer, unprotected cose.UnprotectedHeader) {
+func generateUnprotectedHeaders(req *signature.SignRequest, signer signer, unprotected cose.UnprotectedHeader) {
 	// signing agent
 	unprotected[headerLabelSigningAgent] = req.SigningAgent
 
 	// certChain
-	var certs []*x509.Certificate
-	switch s := signer.(type) {
-	case *remoteSigner:
-		certs = s.certs
-	case *localSigner:
-		certs = s.certs
-	}
+	certs := signer.CertificateChain()
 	certChain := make([]interface{}, len(certs))
 	for i, c := range certs {
 		certChain[i] = c.Raw

diff --git a/signature/cose/envelope_test.go b/signature/cose/envelope_test.go
@@ -722,8 +722,8 @@ func newSignRequest(signingScheme string, keyType signature.KeyType, size int) (
 			Content:     []byte(payloadString),
 		},
 		Signer:      signer,
-		SigningTime: time.Now(),
-		Expiry:      time.Now().AddDate(0, 0, 1),
+		SigningTime: time.Now().Truncate(time.Second),
+		Expiry:      time.Now().AddDate(0, 0, 1).Truncate(time.Second),
 		ExtendedSignedAttributes: []signature.Attribute{
 			{Key: "signedCritKey1", Value: "signedCritValue1", Critical: true},
 			{Key: "signedKey1", Value: "signedValue1", Critical: false},