Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add more logs for timestamp validation #1004

Closed
yizha1 opened this issue Aug 9, 2024 · 1 comment
Closed

Add more logs for timestamp validation #1004

yizha1 opened this issue Aug 9, 2024 · 1 comment
Assignees
@Two-Hearts
Labels
enhancement New feature or request
Milestone
1.3.0

Comments

@yizha1
Copy link
Contributor

yizha1 commented Aug 9, 2024
edited
Loading

Is your feature request related to a problem?

When using the notation verify command to validate a signature with timestamp validation enabled, the signature verification succeeds even if the signing certificate has expired, provided the signature was generated before the certificate’s expiry. This behavior is expected. However, the verbose log output is not informative, as shown below:

INFO Performing timestamp verification...
INFO TSA identity is: ***
Successfully verified signature for ***

What solution do you propose?

The current log indicates that timestamp validation is enabled and is now validating the timestamp:

INFO Performing timestamp verification...

Subsequently, the log shows the TSA identity:

INFO TSA identity is: ***

It is proposed to enhance the log output to provide more detailed information about the timestamp verification process. For example, the log should indicate whether each certificate in the certificate chain has expired or not.

Examples for valid certificates:

INFO Performing timestamp verification...
INFO The certificate <Subject of Leaf> is still valid and will expire on <Time>.
INFO The certificate <Subject of Intermediate> is still valid and will expire on <Time>.
INFO The certificate <Subject of Root> is still valid and will expire on <Time>.

Examples for an expired leaf certificate:

INFO Performing timestamp verification...
WARN The certificate <Subject of Leaf> has expired. It expired on <Time>.
INFO The certificate <Subject of Intermediate> is still valid and will expire on <Time>.
INFO The certificate <Subject of Root> is still valid and will expire on <Time>.

Additionally, we can make it more clear about what TSA identity is

INFO The subject of TSA leaf/signing certificate is: ***

What alternatives have you considered?

There could be other information printed out for timestamp validation. Any suggestions are welcome.

Any additional context?

Notation v1.2.0-beta.1
@yizha1 yizha1 added enhancement New feature or request triage Need to triage labels Aug 9, 2024
@yizha1 yizha1 changed the title Add warning logs for expired certificates during timestamp validation Add more logs for expired certificates during timestamp validation Aug 9, 2024
@yizha1 yizha1 changed the title Add more logs for expired certificates during timestamp validation Add more logs for timestamp validation Aug 9, 2024
@yizha1 yizha1 removed the triage Need to triage label Sep 3, 2024
@yizha1 yizha1 added this to the 1.3.0 milestone Sep 3, 2024
@Two-Hearts Two-Hearts mentioned this issue Oct 8, 2024
Merged
priteshbandi pushed a commit to notaryproject/notation-go that referenced this issue Oct 16, 2024
@Two-Hearts
chore: update logs (#469)
82014a9 
This PR updates logs.
Resolves #430. Also should resolve issue notaryproject/notation#1004.

Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts
Copy link
Contributor

Closing as completed.

Two-Hearts added a commit to Two-Hearts/notation-go that referenced this issue Dec 9, 2024
@Two-Hearts
chore: update logs (notaryproject#469)
e723406 
This PR updates logs.
Resolves notaryproject#430. Also should resolve issue notaryproject/notation#1004.

Signed-off-by: Patrick Zheng <[email protected]>
Two-Hearts added a commit to Two-Hearts/notation-go that referenced this issue Dec 9, 2024
@Two-Hearts
chore: update logs (notaryproject#469)
a907fc6 
This PR updates logs.
Resolves notaryproject#430. Also should resolve issue notaryproject/notation#1004.

Signed-off-by: Patrick Zheng <[email protected]>
Two-Hearts added a commit to Two-Hearts/notation-go that referenced this issue Dec 9, 2024
@Two-Hearts
chore: update logs (notaryproject#469)
ccd16cb 
This PR updates logs.
Resolves notaryproject#430. Also should resolve issue notaryproject/notation#1004.

Signed-off-by: Patrick Zheng <[email protected]>
Two-Hearts added a commit to Two-Hearts/notation-go that referenced this issue Dec 10, 2024
@Two-Hearts
chore: update logs (notaryproject#469)
e2789a7 
This PR updates logs.
Resolves notaryproject#430. Also should resolve issue notaryproject/notation#1004.

Signed-off-by: Patrick Zheng <[email protected]>
Two-Hearts added a commit to Two-Hearts/notation-go that referenced this issue Dec 10, 2024
@Two-Hearts
chore: update logs (notaryproject#469)
b3f528e 
This PR updates logs.
Resolves notaryproject#430. Also should resolve issue notaryproject/notation#1004.

Signed-off-by: Patrick Zheng <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Two-Hearts Two-Hearts

Labels
enhancement New feature or request
Projects
Notary Project Planning Board
Status: Done
Milestone
1.3.0
Development

No branches or pull requests
2 participants
@yizha1 @Two-Hearts