From 13e09aafd3a773e82207cb9dd0fa066a8ed006d6 Mon Sep 17 00:00:00 2001 From: Zack Newman Date: Wed, 26 Apr 2023 01:43:33 -0400 Subject: [PATCH] Clarify TimeRange validity periods (#78) * Clarify TimeRange validity periods Signed-off-by: Zachary Newman * Update `struct TimeRange` comment too Signed-off-by: Zachary Newman * Fix spacing (tab->space) Signed-off-by: Zachary Newman --------- Signed-off-by: Zachary Newman --- gen/pb-go/common/v1/sigstore_common.pb.go | 6 +++--- gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go | 5 ++++- .../dev/sigstore/common/v1/__init__.py | 6 +++--- .../dev/sigstore/trustroot/v1/__init__.py | 3 +++ gen/pb-typescript/src/__generated__/sigstore_common.ts | 6 +++--- gen/pb-typescript/src/__generated__/sigstore_trustroot.ts | 5 ++++- protos/sigstore_common.proto | 6 +++--- protos/sigstore_trustroot.proto | 5 ++++- 8 files changed, 27 insertions(+), 15 deletions(-) diff --git a/gen/pb-go/common/v1/sigstore_common.pb.go b/gen/pb-go/common/v1/sigstore_common.pb.go index 4c0e4f1d..1c41f325 100644 --- a/gen/pb-go/common/v1/sigstore_common.pb.go +++ b/gen/pb-go/common/v1/sigstore_common.pb.go @@ -453,7 +453,7 @@ type PublicKey struct { RawBytes []byte `protobuf:"bytes,1,opt,name=raw_bytes,json=rawBytes,proto3,oneof" json:"raw_bytes,omitempty"` // Key encoding and signature algorithm to use for this key. KeyDetails PublicKeyDetails `protobuf:"varint,2,opt,name=key_details,json=keyDetails,proto3,enum=dev.sigstore.common.v1.PublicKeyDetails" json:"key_details,omitempty"` - // Optional validity period for this key. + // Optional validity period for this key, *inclusive* of the endpoints. ValidFor *TimeRange `protobuf:"bytes,3,opt,name=valid_for,json=validFor,proto3,oneof" json:"valid_for,omitempty"` } @@ -931,8 +931,8 @@ func (x *X509CertificateChain) GetCertificates() []*X509Certificate { return nil } -// The time range is half-open and does not include the end timestamp, -// i.e [start, end). +// The time range is closed and includes both the start and end times, +// (i.e., [start, end]). // End is optional to be able to capture a period that has started but // has no known end. type TimeRange struct { diff --git a/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go b/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go index 5aa908d6..d959eeb9 100644 --- a/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go +++ b/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go @@ -133,7 +133,10 @@ type CertificateAuthority struct { CertChain *v1.X509CertificateChain `protobuf:"bytes,3,opt,name=cert_chain,json=certChain,proto3" json:"cert_chain,omitempty"` // The time the *entire* chain was valid. This is at max the // longest interval when *all* certificates in the chain were valid, - // but it MAY be shorter. + // but it MAY be shorter. Clients MUST check timestamps against *both* + // the `valid_for` time range *and* the entire certificate chain. + // + // The TimeRange should be considered valid *inclusive* of the endpoints. ValidFor *v1.TimeRange `protobuf:"bytes,4,opt,name=valid_for,json=validFor,proto3" json:"valid_for,omitempty"` } diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py index bc8ceed7..a0cbef10 100644 --- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py +++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py @@ -135,7 +135,7 @@ class PublicKey(betterproto.Message): valid_for: Optional["TimeRange"] = betterproto.message_field( 3, optional=True, group="_valid_for" ) - """Optional validity period for this key.""" + """Optional validity period for this key, *inclusive* of the endpoints.""" @dataclass(eq=False, repr=False) @@ -216,8 +216,8 @@ class X509CertificateChain(betterproto.Message): @dataclass(eq=False, repr=False) class TimeRange(betterproto.Message): """ - The time range is half-open and does not include the end timestamp, i.e - [start, end). End is optional to be able to capture a period that has + The time range is closed and includes both the start and end times, (i.e., + [start, end]). End is optional to be able to capture a period that has started but has no known end. """ diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py index fca622d2..facb523a 100644 --- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py +++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py @@ -57,6 +57,9 @@ class CertificateAuthority(betterproto.Message): """ The time the *entire* chain was valid. This is at max the longest interval when *all* certificates in the chain were valid, but it MAY be shorter. + Clients MUST check timestamps against *both* the `valid_for` time range + *and* the entire certificate chain. The TimeRange should be considered + valid *inclusive* of the endpoints. """ diff --git a/gen/pb-typescript/src/__generated__/sigstore_common.ts b/gen/pb-typescript/src/__generated__/sigstore_common.ts index 082bb8de..db015dd6 100644 --- a/gen/pb-typescript/src/__generated__/sigstore_common.ts +++ b/gen/pb-typescript/src/__generated__/sigstore_common.ts @@ -225,7 +225,7 @@ export interface PublicKey { | undefined; /** Key encoding and signature algorithm to use for this key. */ keyDetails: PublicKeyDetails; - /** Optional validity period for this key. */ + /** Optional validity period for this key, *inclusive* of the endpoints. */ validFor?: TimeRange | undefined; } @@ -299,8 +299,8 @@ export interface X509CertificateChain { } /** - * The time range is half-open and does not include the end timestamp, - * i.e [start, end). + * The time range is closed and includes both the start and end times, + * (i.e., [start, end]). * End is optional to be able to capture a period that has started but * has no known end. */ diff --git a/gen/pb-typescript/src/__generated__/sigstore_trustroot.ts b/gen/pb-typescript/src/__generated__/sigstore_trustroot.ts index a96c8b6f..281fe929 100644 --- a/gen/pb-typescript/src/__generated__/sigstore_trustroot.ts +++ b/gen/pb-typescript/src/__generated__/sigstore_trustroot.ts @@ -55,7 +55,10 @@ export interface CertificateAuthority { /** * The time the *entire* chain was valid. This is at max the * longest interval when *all* certificates in the chain were valid, - * but it MAY be shorter. + * but it MAY be shorter. Clients MUST check timestamps against *both* + * the `valid_for` time range *and* the entire certificate chain. + * + * The TimeRange should be considered valid *inclusive* of the endpoints. */ validFor: TimeRange | undefined; } diff --git a/protos/sigstore_common.proto b/protos/sigstore_common.proto index eeb0fb43..54e8c3ba 100644 --- a/protos/sigstore_common.proto +++ b/protos/sigstore_common.proto @@ -104,7 +104,7 @@ message PublicKey { optional bytes raw_bytes = 1; // Key encoding and signature algorithm to use for this key. PublicKeyDetails key_details = 2; - // Optional validity period for this key. + // Optional validity period for this key, *inclusive* of the endpoints. optional TimeRange valid_for = 3; } @@ -187,8 +187,8 @@ message X509CertificateChain { repeated X509Certificate certificates = 1; } -// The time range is half-open and does not include the end timestamp, -// i.e [start, end). +// The time range is closed and includes both the start and end times, +// (i.e., [start, end]). // End is optional to be able to capture a period that has started but // has no known end. message TimeRange { diff --git a/protos/sigstore_trustroot.proto b/protos/sigstore_trustroot.proto index 4192dd76..7330ce40 100644 --- a/protos/sigstore_trustroot.proto +++ b/protos/sigstore_trustroot.proto @@ -52,7 +52,10 @@ message CertificateAuthority { dev.sigstore.common.v1.X509CertificateChain cert_chain = 3; // The time the *entire* chain was valid. This is at max the // longest interval when *all* certificates in the chain were valid, - // but it MAY be shorter. + // but it MAY be shorter. Clients MUST check timestamps against *both* + // the `valid_for` time range *and* the entire certificate chain. + // + // The TimeRange should be considered valid *inclusive* of the endpoints. dev.sigstore.common.v1.TimeRange valid_for = 4; }