updated to latest go-cose

go.mod

@@ -6,6 +6,6 @@ require github.com/golang-jwt/jwt/v4 v4.4.1
 
 require (
 	github.com/fxamacker/cbor/v2 v2.4.0 // indirect
-	github.com/veraison/go-cose v1.0.0-rc.1
+	github.com/veraison/go-cose v1.0.0-rc.1.0.20220824135457-9d2fab636b83
 	github.com/x448/float16 v0.8.4 // indirect
 )

go.sum

@@ -2,7 +2,7 @@ github.com/fxamacker/cbor/v2 v2.4.0 h1:ri0ArlOR+5XunOP8CRUowT0pSJOwhW098ZCUyskZD
 github.com/fxamacker/cbor/v2 v2.4.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo=
 github.com/golang-jwt/jwt/v4 v4.4.1 h1:pC5DB52sCeK48Wlb9oPcdhnjkz1TKt1D/P7WKJ0kUcQ=
 github.com/golang-jwt/jwt/v4 v4.4.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
-github.com/veraison/go-cose v1.0.0-rc.1 h1:4qA7dbFJGvt7gcqv5MCIyCQvN+NpHFPkW7do3EeDLb8=
-github.com/veraison/go-cose v1.0.0-rc.1/go.mod h1:7ziE85vSq4ScFTg6wyoMXjucIGOf4JkFEZi/an96Ct4=
+github.com/veraison/go-cose v1.0.0-rc.1.0.20220824135457-9d2fab636b83 h1:g8vDfnNOPcGzg6mnlBGc0J5t5lAJkaepXqbc9qFRnFs=
+github.com/veraison/go-cose v1.0.0-rc.1.0.20220824135457-9d2fab636b83/go.mod h1:7ziE85vSq4ScFTg6wyoMXjucIGOf4JkFEZi/an96Ct4=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=

signature/cose/envelope.go

@@ -55,7 +55,13 @@ var signingSchemeTimeLabelMap = map[signature.SigningScheme]string{
 	signature.SigningSchemeX509SigningAuthority: headerLabelAuthenticSigningTime,
 }
 
-// remoteSigner implements cose.Signer interface.
+// signer interface is a cose.Signer with certificate chain fetcher.
+type signer interface {
+	cose.Signer
+	CertificateChain() []*x509.Certificate
+}
+
+// remoteSigner implements signer interface.
 // It is used in Sign process when base's Sign implementation is desired.
 type remoteSigner struct {
 	base  signature.Signer
@@ -93,7 +99,12 @@ func (signer *remoteSigner) Sign(rand io.Reader, payload []byte) ([]byte, error)
 	return signature, nil
 }
 
-// localSigner implements cose.Signer interface.
+// CertificateChain implements signer interface
+func (signer *remoteSigner) CertificateChain() []*x509.Certificate {
+	return signer.certs
+}
+
+// localSigner implements signer interface.
 // It is used in Sign process when go-cose's built-in signer is desired.
 type localSigner struct {
 	base         signature.LocalSigner
@@ -141,6 +152,11 @@ func (signer *localSigner) Sign(rand io.Reader, payload []byte) ([]byte, error)
 	return coseSigner.Sign(rand, payload)
 }
 
+// CertificateChain implements signer interface
+func (signer *localSigner) CertificateChain() []*x509.Certificate {
+	return signer.certs
+}
+
 type envelope struct {
 	base *cose.Sign1Message
 }
@@ -372,7 +388,7 @@ func getSignatureAlgorithmFromKeySpec(keySpec signature.KeySpec) (cose.Algorithm
 
 // getSigner returns the built-in implementation of cose.Signer from go-cose
 // or a remote signer implementation of cose.Signer
-func getSigner(signer signature.Signer) (cose.Signer, error) {
+func getSigner(signer signature.Signer) (signer, error) {
 	if localSigner, ok := signer.(signature.LocalSigner); ok {
 		return newLocalSigner(localSigner)
 	}
@@ -421,18 +437,12 @@ func generateProtectedHeaders(req *signature.SignRequest, protected cose.Protect
 
 // generateUnprotectedHeaders creates Unprotected Headers of the COSE envelope
 // during Sign process.
-func generateUnprotectedHeaders(req *signature.SignRequest, signer cose.Signer, unprotected cose.UnprotectedHeader) {
+func generateUnprotectedHeaders(req *signature.SignRequest, signer signer, unprotected cose.UnprotectedHeader) {
 	// signing agent
 	unprotected[headerLabelSigningAgent] = req.SigningAgent
 
 	// certChain
-	var certs []*x509.Certificate
-	switch s := signer.(type) {
-	case *remoteSigner:
-		certs = s.certs
-	case *localSigner:
-		certs = s.certs
-	}
+	certs := signer.CertificateChain()
 	certChain := make([]interface{}, len(certs))
 	for i, c := range certs {
 		certChain[i] = c.Raw

signature/cose/envelope_test.go

@@ -722,8 +722,8 @@ func newSignRequest(signingScheme string, keyType signature.KeyType, size int) (
 			Content:     []byte(payloadString),
 		},
 		Signer:      signer,
-		SigningTime: time.Now(),
-		Expiry:      time.Now().AddDate(0, 0, 1),
+		SigningTime: time.Now().Truncate(time.Second),
+		Expiry:      time.Now().AddDate(0, 0, 1).Truncate(time.Second),
 		ExtendedSignedAttributes: []signature.Attribute{
 			{Key: "signedCritKey1", Value: "signedCritValue1", Critical: true},
 			{Key: "signedKey1", Value: "signedValue1", Critical: false},