Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support different types of trust store #1174

Closed
1 task
binbin-li opened this issue Nov 15, 2023 · 0 comments · Fixed by #1538
Closed
1 task

Support different types of trust store #1174

binbin-li opened this issue Nov 15, 2023 · 0 comments · Fixed by #1538
Assignees
Labels
enhancement New feature or request
Milestone

Comments

@binbin-li
Copy link
Collaborator

binbin-li commented Nov 15, 2023

What would you like to be added?

Notation spec supports 3 trust store types: ca, tsa and signingAuthority: https://github.com/notaryproject/specifications/blob/main/specs/trust-store-trust-policy.md#trust-policy-properties

Ratify presently doesn't differentiate between types, and we used to just set it as ca type as default. As we already have users use signingAuthority instead of ca type, we should provide support soon. And we also need to support tsa for tsa signature.

There are a few places to be updated:

  1. Update GetCertificates implementation: https://github.com/deislabs/ratify/blob/main/pkg/verifier/notation/truststore.go#L43
  2. Update verificationCertStores to include trustStoreType: https://github.com/deislabs/ratify/blob/main/pkg/verifier/notation/notation.go#L60
  3. Update corresponding CR files.

And if we want to make it backward compatible, the implementation should support both old and new CRs.

Anything else you would like to add?

No response

Are you willing to submit PRs to contribute to this feature?

  • Yes, I am willing to implement it.
@binbin-li binbin-li added enhancement New feature or request triage Needs investigation labels Nov 15, 2023
@susanshi susanshi added this to the Future milestone Nov 21, 2023
@susanshi susanshi removed the triage Needs investigation label Nov 21, 2023
@junczhu junczhu self-assigned this Jan 2, 2024
@susanshi susanshi modified the milestones: Future, v1.3.0 May 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment