Add validity helpers

Signed-off-by: Appu Goundan <appu@google.com>
sigstore · Aug 8, 2023 · bd41966 · bd41966
1 parent 59dae85
commit bd41966
Show file tree

Hide file tree

Showing 4 changed files with 65 additions and 11 deletions.
diff --git a/sigstore-java/src/main/java/dev/sigstore/trustroot/CertificateAuthorities.java b/sigstore-java/src/main/java/dev/sigstore/trustroot/CertificateAuthorities.java
@@ -63,7 +63,7 @@ public List<CertificateAuthority> find(Instant time) {
   public CertificateAuthority current() {
     var current =
         getCertificateAuthorities().stream()
-            .filter(ca -> ca.getValidFor().getEnd().isEmpty())
+            .filter(CertificateAuthority::isCurrent)
             .collect(Collectors.toList());
     if (current.size() == 0) {
       throw new IllegalStateException("Trust root contains no current certificate authorities");

diff --git a/sigstore-java/src/main/java/dev/sigstore/trustroot/CertificateAuthority.java b/sigstore-java/src/main/java/dev/sigstore/trustroot/CertificateAuthority.java
@@ -19,19 +19,24 @@
 import java.net.URI;
 import java.security.cert.CertPath;
 import java.security.cert.CertificateException;
+import java.time.Instant;
 import org.immutables.value.Value.Immutable;
 
 @Immutable
-public interface CertificateAuthority {
-  CertPath getCertPath();
+public abstract class CertificateAuthority {
+  public abstract CertPath getCertPath();
 
-  URI getUri();
+  public abstract URI getUri();
 
-  ValidFor getValidFor();
+  public abstract ValidFor getValidFor();
 
-  Subject getSubject();
+  public abstract Subject getSubject();
 
-  static CertificateAuthority from(dev.sigstore.proto.trustroot.v1.CertificateAuthority proto)
+  public boolean isCurrent() {
+    return getValidFor().contains(Instant.now());
+  }
+
+  public static CertificateAuthority from(dev.sigstore.proto.trustroot.v1.CertificateAuthority proto)
       throws CertificateException {
     return ImmutableCertificateAuthority.builder()
         .certPath(ProtoMutators.toCertPath(proto.getCertChain().getCertificatesList()))

diff --git a/sigstore-java/src/main/java/dev/sigstore/trustroot/ValidFor.java b/sigstore-java/src/main/java/dev/sigstore/trustroot/ValidFor.java
@@ -22,12 +22,22 @@
 import org.immutables.value.Value.Immutable;
 
 @Immutable
-public interface ValidFor {
-  Instant getStart();
+public abstract class ValidFor {
+  public abstract Instant getStart();
 
-  Optional<Instant> getEnd();
+  public abstract Optional<Instant> getEnd();
 
-  static ValidFor from(TimeRange proto) {
+  public boolean contains(Instant instant) {
+    if (!getStart().isBefore(instant)) {
+      return false;
+    }
+    if (getEnd().isEmpty() || getEnd().get().isAfter(instant)) {
+      return true;
+    }
+    return false;
+  }
+
+  public static ValidFor from(TimeRange proto) {
     return ImmutableValidFor.builder()
         .start(ProtoMutators.toInstant(proto.getStart()))
         .end(
@@ -36,4 +46,5 @@ static ValidFor from(TimeRange proto) {
                 : Optional.empty())
         .build();
   }
+
 }
diff --git a/sigstore-java/src/test/java/dev/sigstore/trustroot/ValidForTest.java b/sigstore-java/src/test/java/dev/sigstore/trustroot/ValidForTest.java
@@ -0,0 +1,38 @@
+package dev.sigstore.trustroot;
+
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+
+class ValidForTest {
+
+  @Test
+  public void contains_withStartAndEnd() {
+    var start = Instant.now().minus(10, ChronoUnit.MINUTES);
+    var end = Instant.now().plus(10, ChronoUnit.MINUTES);
+    var range = ImmutableValidFor.builder().start(start).end(end).build();
+
+    Assertions.assertTrue(range.contains(Instant.now()));
+
+    Assertions.assertTrue(range.contains(start.plus(10, ChronoUnit.SECONDS)));
+    Assertions.assertFalse(range.contains(start));
+    Assertions.assertFalse(range.contains(start.minus(10, ChronoUnit.SECONDS)));
+
+    Assertions.assertTrue(range.contains(end.minus(10, ChronoUnit.SECONDS)));
+    Assertions.assertFalse(range.contains(end));
+    Assertions.assertFalse(range.contains(end.plus(10, ChronoUnit.SECONDS)));
+  }
+
+  public void contains_withNoEnd() {
+    var start = Instant.now().minus(10, ChronoUnit.MINUTES);
+    var range = ImmutableValidFor.builder().start(start).build();
+
+    Assertions.assertTrue(range.contains(Instant.now()));
+    Assertions.assertTrue(range.contains(Instant.now().plus(10, ChronoUnit.SECONDS)));
+
+    Assertions.assertTrue(range.contains(start.plus(10, ChronoUnit.SECONDS)));
+    Assertions.assertFalse(range.contains(start));
+    Assertions.assertFalse(range.contains(start.minus(10, ChronoUnit.SECONDS)));
+  }
+}