Skip to content

Commit

Permalink
add/update_target -> set_target
Browse files Browse the repository at this point in the history 
Signed-off-by: Firas Ghanmi <fghanmi@redhat.com>
  • Loading branch information
@fghanmi
fghanmi committed Sep 8, 2024
1 parent 1b22b3f commit 353dcf2
Showing 1 changed file with 117 additions and 119 deletions.
236 changes: 117 additions & 119 deletions src/trust/sigstore/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -166,20 +166,40 @@ impl SigstoreTrustRoot {
.map(|cert| cert.raw_bytes.as_slice())
}

// Add a new target in the TrustedRoot
pub fn add_target(&mut self, new_target: TargetType, target_name: Target) -> Result<()> {
// Set a target in the TrustedRoot: Add or Update
pub fn set_target(&mut self, new_target: TargetType, target_name: Target) -> Result<()> {
match target_name {
Target::CertificateAuthority => {
if let TargetType::Authority(ca) = new_target {
// Expire the last entry if it doesn't have an `end` value
if let Some(last_ca) = self.trusted_root.certificate_authorities.last_mut() {
if let Some(valid_for) = &mut last_ca.valid_for {
if valid_for.end.is_none() {
valid_for.end = ca.valid_for.clone().unwrap().start;
// Check if the Certificate Authority already exists
let exists = self
.trusted_root
.certificate_authorities
.iter()
.any(|existing_ca| existing_ca.cert_chain == ca.cert_chain);

// If exists, update the Certificate Authority
if exists {
if let Some(existing_ca) = self
.trusted_root
.certificate_authorities
.iter_mut()
.find(|existing_ca| existing_ca.cert_chain == ca.cert_chain)
{
existing_ca.clone_from(&ca);
}
} else {
// Add the new Certificate Authority if it doesn't exist
if let Some(last_ca) = self.trusted_root.certificate_authorities.last_mut()
{
if let Some(valid_for) = &mut last_ca.valid_for {
if valid_for.end.is_none() {
valid_for.end = ca.valid_for.clone().unwrap().start;
}
}
}
self.trusted_root.certificate_authorities.push(ca);
}
self.trusted_root.certificate_authorities.push(ca);
} else {
return Err(SigstoreError::UnexpectedError(
"Expected a CertificateAuthority, but got a different target.".to_string(),
Expand All @@ -188,14 +208,31 @@ impl SigstoreTrustRoot {
}
Target::TimestampAuthority => {
if let TargetType::Authority(tsa) = new_target {
if let Some(last_tsa) = self.trusted_root.timestamp_authorities.last_mut() {
if let Some(valid_for) = &mut last_tsa.valid_for {
if valid_for.end.is_none() {
valid_for.end = tsa.valid_for.clone().unwrap().start;
let exists = self
.trusted_root
.timestamp_authorities
.iter()
.any(|existing_tsa| existing_tsa.cert_chain == tsa.cert_chain);

if exists {
if let Some(existing_tsa) = self
.trusted_root
.timestamp_authorities
.iter_mut()
.find(|existing_tsa| existing_tsa.cert_chain == tsa.cert_chain)
{
existing_tsa.clone_from(&tsa);
}
} else {
if let Some(last_tsa) = self.trusted_root.timestamp_authorities.last_mut() {
if let Some(valid_for) = &mut last_tsa.valid_for {
if valid_for.end.is_none() {
valid_for.end = tsa.valid_for.clone().unwrap().start;
}
}
}
self.trusted_root.timestamp_authorities.push(tsa);
}
self.trusted_root.timestamp_authorities.push(tsa);
} else {
return Err(SigstoreError::UnexpectedError(
"Expected a TimestampAuthority, but got a different target.".to_string(),
Expand All @@ -204,25 +241,41 @@ impl SigstoreTrustRoot {
}
Target::Ctlog => {
if let TargetType::Log(ctlog) = new_target {
if let Some(last_ctlog) = self.trusted_root.ctlogs.last_mut() {
if let Some(valid_for) = last_ctlog
.public_key
.as_mut()
.and_then(|pk| pk.valid_for.as_mut())
let exists = self.trusted_root.ctlogs.iter().any(|existing_ctlog| {
existing_ctlog.log_id == ctlog.log_id
|| existing_ctlog.public_key == ctlog.public_key
});

if exists {
if let Some(existing_ctlog) = self
.trusted_root
.ctlogs
.iter_mut()
.find(|existing_ctlog| existing_ctlog.log_id == ctlog.log_id)
{
if valid_for.end.is_none() {
valid_for.end = ctlog
.clone()
.public_key
.unwrap()
.valid_for
.clone()
.unwrap()
.start;
existing_ctlog.clone_from(&ctlog);
}
} else {
if let Some(last_ctlog) = self.trusted_root.ctlogs.last_mut() {
if let Some(valid_for) = last_ctlog
.public_key
.as_mut()
.and_then(|pk| pk.valid_for.as_mut())
{
if valid_for.end.is_none() {
valid_for.end = ctlog
.clone()
.public_key
.unwrap()
.valid_for
.clone()
.unwrap()
.start;
}
}
}
self.trusted_root.ctlogs.push(ctlog);
}
self.trusted_root.ctlogs.push(ctlog);
} else {
return Err(SigstoreError::UnexpectedError(
"Expected a Ctlog, but got a different target.".to_string(),
Expand All @@ -231,95 +284,40 @@ impl SigstoreTrustRoot {
}
Target::Tlog => {
if let TargetType::Log(tlog) = new_target {
if let Some(last_tlog) = self.trusted_root.tlogs.last_mut() {
if let Some(valid_for) = last_tlog
.public_key
.as_mut()
.and_then(|pk| pk.valid_for.as_mut())
let exists = self.trusted_root.tlogs.iter().any(|existing_tlog| {
existing_tlog.log_id == tlog.log_id
|| existing_tlog.public_key == tlog.public_key
});

if exists {
if let Some(existing_tlog) = self
.trusted_root
.tlogs
.iter_mut()
.find(|existing_tlog| existing_tlog.log_id == tlog.log_id)
{
if valid_for.end.is_none() {
valid_for.end = tlog
.clone()
.public_key
.unwrap()
.valid_for
.clone()
.unwrap()
.start;
existing_tlog.clone_from(&tlog);
}
} else {
if let Some(last_tlog) = self.trusted_root.tlogs.last_mut() {
if let Some(valid_for) = last_tlog
.public_key
.as_mut()
.and_then(|pk| pk.valid_for.as_mut())
{
if valid_for.end.is_none() {
valid_for.end = tlog
.clone()
.public_key
.unwrap()
.valid_for
.clone()
.unwrap()
.start;
}
}
}
}
self.trusted_root.tlogs.push(tlog);
} else {
return Err(SigstoreError::UnexpectedError(
"Expected a Tlog, but got a different target.".to_string(),
));
}
}
}
Ok(())
}

// Update a target in the TrustedRoot
pub fn update_target(&mut self, target: TargetType, target_name: Target) -> Result<()> {
match target_name {
Target::CertificateAuthority => {
if let TargetType::Authority(new_ca) = target {
if let Some(existing_ca) = self
.trusted_root
.certificate_authorities
.iter_mut()
.find(|ca| ca.cert_chain == new_ca.cert_chain)
{
existing_ca.clone_from(&new_ca);
}
} else {
return Err(SigstoreError::UnexpectedError(
"Expected a CertificateAuthority, but got a different target.".to_string(),
));
}
}
Target::TimestampAuthority => {
if let TargetType::Authority(new_tsa) = target {
if let Some(existing_tsa) = self
.trusted_root
.timestamp_authorities
.iter_mut()
.find(|tsa| tsa.cert_chain == new_tsa.cert_chain)
{
existing_tsa.clone_from(&new_tsa);
}
} else {
return Err(SigstoreError::UnexpectedError(
"Expected a TimestampAuthority, but got a different target.".to_string(),
));
}
}
Target::Ctlog => {
if let TargetType::Log(new_ctlog) = target {
if let Some(existing_ctlog) = self
.trusted_root
.ctlogs
.iter_mut()
.find(|ctlog| ctlog.log_id == new_ctlog.log_id)
{
existing_ctlog.clone_from(&new_ctlog);
}
} else {
return Err(SigstoreError::UnexpectedError(
"Expected a Ctlog, but got a different target.".to_string(),
));
}
}
Target::Tlog => {
if let TargetType::Log(new_tlog) = target {
if let Some(existing_tlog) = self
.trusted_root
.tlogs
.iter_mut()
.find(|tlog| tlog.log_id == new_tlog.log_id)
{
existing_tlog.clone_from(&new_tlog);
self.trusted_root.tlogs.push(tlog);
}
} else {
return Err(SigstoreError::UnexpectedError(
Expand Down Expand Up @@ -587,7 +585,7 @@ mod tests {
}),
};
let result =
trust_root.add_target(TargetType::Authority(new_ca), Target::CertificateAuthority);
trust_root.set_target(TargetType::Authority(new_ca), Target::CertificateAuthority);
assert!(result.is_ok(), "Failed to add new certificate authority");
let new_length = trust_root.trusted_root.certificate_authorities.len();
assert_eq!(
Expand Down Expand Up @@ -642,7 +640,7 @@ mod tests {
}),
end: None,
});
let result = trust_root.update_target(
let result = trust_root.set_target(
TargetType::Authority(updated_ca),
Target::CertificateAuthority,
);
Expand Down Expand Up @@ -692,7 +690,7 @@ mod tests {
checkpoint_key_id: None,
};

let result = trust_root.add_target(TargetType::Log(new_ctlog), Target::Ctlog);
let result = trust_root.set_target(TargetType::Log(new_ctlog), Target::Ctlog);
assert!(result.is_ok(), "Failed to add new Ctlog entry");
let new_length = trust_root.trusted_root.ctlogs.len();
assert_eq!(trust_root.trusted_root.ctlogs.len(), initial_length + 1);
Expand Down Expand Up @@ -761,7 +759,7 @@ mod tests {
}),
};
let result =
trust_root.add_target(TargetType::Authority(new_ca), Target::CertificateAuthority);
trust_root.set_target(TargetType::Authority(new_ca), Target::CertificateAuthority);
assert!(result.is_ok(), "Failed to add new certificate authority");

let cert_chain = X509Certificate {
Expand Down Expand Up @@ -830,7 +828,7 @@ mod tests {
checkpoint_key_id: None,
};

let result = trust_root.add_target(TargetType::Log(new_ctlog), Target::Ctlog);
let result = trust_root.set_target(TargetType::Log(new_ctlog), Target::Ctlog);
assert!(result.is_ok(), "Failed to add new Ctlog entry");

let public_key = PublicKey {
Expand Down

0 comments on commit 353dcf2

Please sign in to comment.