validateSigTime returns true when valid

greetingsuniverse · greetingsuniverse · commit a167dc653caf · 2026-04-30T08:02:46.000-07:00
diff --git a/std/security/trust_config.go b/std/security/trust_config.go
@@ -206,7 +206,7 @@ func (tc *TrustConfig) Validate(args TrustConfigValidateArgs) {
 			return
 		}
 
-		if args.UseSignatureTime.GetOr(false) && ValidateSigTime(args.Data, args.cert) {
+		if args.UseSignatureTime.GetOr(false) && !ValidateSigTime(args.Data, args.cert) {
 			args.Callback(false, fmt.Errorf("data not signed during validity period: %s", args.cert.Name()))
 			return
 		}
@@ -416,7 +416,7 @@ func (tc *TrustConfig) validateCrossSchema(args TrustConfigValidateArgs) {
 	// Check validity period of the cross schema
 	if args.UseSignatureTime.GetOr(false) {
 		// Cross schema was valid at signature time
-		if ValidateSigTime(args.Data, crossData) {
+		if !ValidateSigTime(args.Data, crossData) {
 			args.Callback(false, fmt.Errorf("cross schema signature time invalid: %s", crossData.Name()))
 			return
 		}
@@ -694,22 +694,22 @@ func (tc *TrustConfig) tryListedCerts(args certListArgs, names []enc.Name, idx i
 // Returns true if signature time is within certificate validity period
 func ValidateSigTime(data ndn.Data, cert ndn.Data) bool {
 	if cert.Signature() == nil {
-		return true
+		return false
 	}
 
 	sigTime := data.Signature().SigTime()
 
 	if sigTime == nil {
-		return true
+		return false
 	}
 
 	notBefore, notAfter := cert.Signature().Validity()
 	if val, ok := notBefore.Get(); !ok || sigTime.Before(val) {
-		return true
+		return false
 	}
 	if val, ok := notAfter.Get(); !ok || sigTime.After(val) {
-		return true
+		return false
 	}
 
-	return false
+	return true
 }

Original file line number	Diff line number	Diff line change
`@@ -206,7 +206,7 @@ func (tc *TrustConfig) Validate(args TrustConfigValidateArgs) {`
`206`	`206`	`return`
`207`	`207`	`}`
`208`	`208`
`209`		`- if args.UseSignatureTime.GetOr(false) && ValidateSigTime(args.Data, args.cert) {`
	`209`	`+ if args.UseSignatureTime.GetOr(false) && !ValidateSigTime(args.Data, args.cert) {`
`210`	`210`	`args.Callback(false, fmt.Errorf("data not signed during validity period: %s", args.cert.Name()))`
`211`	`211`	`return`
`212`	`212`	`}`
`@@ -416,7 +416,7 @@ func (tc *TrustConfig) validateCrossSchema(args TrustConfigValidateArgs) {`
`416`	`416`	`// Check validity period of the cross schema`
`417`	`417`	`if args.UseSignatureTime.GetOr(false) {`
`418`	`418`	`// Cross schema was valid at signature time`
`419`		`- if ValidateSigTime(args.Data, crossData) {`
	`419`	`+ if !ValidateSigTime(args.Data, crossData) {`
`420`	`420`	`args.Callback(false, fmt.Errorf("cross schema signature time invalid: %s", crossData.Name()))`
`421`	`421`	`return`
`422`	`422`	`}`
`@@ -694,22 +694,22 @@ func (tc *TrustConfig) tryListedCerts(args certListArgs, names []enc.Name, idx i`
`694`	`694`	`// Returns true if signature time is within certificate validity period`
`695`	`695`	`func ValidateSigTime(data ndn.Data, cert ndn.Data) bool {`
`696`	`696`	`if cert.Signature() == nil {`
`697`		`- return true`
	`697`	`+ return false`
`698`	`698`	`}`
`699`	`699`
`700`	`700`	`sigTime := data.Signature().SigTime()`
`701`	`701`
`702`	`702`	`if sigTime == nil {`
`703`		`- return true`
	`703`	`+ return false`
`704`	`704`	`}`
`705`	`705`
`706`	`706`	`notBefore, notAfter := cert.Signature().Validity()`
`707`	`707`	`if val, ok := notBefore.Get(); !ok \|\| sigTime.Before(val) {`
`708`		`- return true`
	`708`	`+ return false`
`709`	`709`	`}`
`710`	`710`	`if val, ok := notAfter.Get(); !ok \|\| sigTime.After(val) {`
`711`		`- return true`
	`711`	`+ return false`
`712`	`712`	`}`
`713`	`713`
`714`		`- return false`
	`714`	`+ return true`
`715`	`715`	`}`