updated logs

Signed-off-by: Patrick Zheng <[email protected]>

Author: Two-Hearts

verifier/verifier.go

@@ -1070,18 +1070,15 @@ func verifyTimestamp(ctx context.Context, policyName string, trustStores []strin
 	logger.Debug("Checking the timestamp against the signing certificate chain...")
 	logger.Debugf("Timestamp range: %s", timestamp.Format(time.RFC3339))
 	for _, cert := range signerInfo.CertificateChain {
-		if timeOfVerification.Before(cert.NotBefore) {
-			logger.Debugf("Certificate %q is not valid yet. It will be valid from %q", cert.Subject, cert.NotBefore.Format(time.RFC1123Z))
-		}
-		if timeOfVerification.After(cert.NotAfter) {
-			logger.Debugf("Certificate %q expired at %q", cert.Subject, cert.NotAfter.Format(time.RFC1123Z))
-		}
 		if !timestamp.BoundedAfter(cert.NotBefore) {
 			return fmt.Errorf("timestamp can be before certificate %q validity period, it will be valid from %q", cert.Subject, cert.NotBefore.Format(time.RFC1123Z))
 		}
 		if !timestamp.BoundedBefore(cert.NotAfter) {
 			return fmt.Errorf("timestamp can be after certificate %q validity period, it was expired at %q", cert.Subject, cert.NotAfter.Format(time.RFC1123Z))
 		}
+		if timeOfVerification.After(cert.NotAfter) {
+			logger.Debugf("Certificate %q expired at %q, but timestamp is within certificate validity period", cert.Subject, cert.NotAfter.Format(time.RFC1123Z))
+		}
 	}
 
 	// 5. Perform the timestamping certificate chain revocation check