only validate each commit once

Merge pull request 'follow redirects when downloading certificates' (#6 ) from follow into main
Reviewed-on: #6 Reviewed-by: phil <phil@jankaritech.eu>
2025-03-18 13:47:27 +05:45 · 2025-02-17 03:37:10 +00:00 · 2025-02-13 12:09:32 +05:45 · 2025-02-13 12:09:11 +05:45 · 2025-01-31 05:52:10 +00:00 · 2025-01-24 16:12:33 +05:45
5 changed files with 2191 additions and 2261 deletions
--- a/.gitea/workflows/validate.yaml
+++ b/.gitea/workflows/validate.yaml
@@ -0,0 +1,32 @@
+name: Validate Trusted Timestamps Actions Demo
+run-name: ${{ gitea.actor }} is validating the trusted timestamps of all commits 🚀
+on: [push]
+
+variables:
+  EXPECTED_TRUSTANCHORS_HASH: "70a1c7e2fc62a0b62e44063f0e730b20b0f209d15c84b310ad06ce616c352829"
+
+jobs:
+  Validate:
+    runs-on: ubuntu-latest
+    timeout-minutes: 2
+    steps:
+      - name: Install extra software
+        run: |
+          apt-get update
+          apt-get install -y xxd
+      - name: Check out repository code
+        uses: actions/checkout@v4
+        with:
+           fetch-depth: 0
+      - name: Setup timestamping authorities
+        run: |
+          git config --local timestamping.tsa0.url https://freetsa.org/tsr
+          bash -c 'yes | ./hooks/trust.sh https://freetsa.org/tsr'
+          git config --local timestamping.tsa1.url https://tsa.cesnet.cz:3162/tsa
+          bash -c 'yes | ./hooks/trust.sh https://tsa.cesnet.cz:3162/tsa'
+      - name: Check hashes of all trustanchors
+        run: |
+          ./hooks/validate_trustanchors_hash.sh .git/hoqoks/trustanchors ${{ EXPECTED_TRUSTANCHORS_HASH }}
+      - name: Validate timestamps of all commits
+        run: |
+          ./hooks/validate.sh --minversion 0
--- a/.timestampltv/crls/5024EC0B994B2230F00A0F90A60D1D281D1B3FBE.crl
+++ b/.timestampltv/crls/5024EC0B994B2230F00A0F90A60D1D281D1B3FBE.crl
--- a/.timestampltv/crls/E1D782A8E191BEEF6BCA1691B5AAB494A6249BF3.crl
+++ b/.timestampltv/crls/E1D782A8E191BEEF6BCA1691B5AAB494A6249BF3.crl
@@ -2,17 +2,17 @@
 MIIC5jCCAc4CAQEwDQYJKoZIhvcNAQELBQAwcjELMAkGA1UEBhMCVVMxFTATBgNV
 BAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTExMC8G
 A1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVkIElEIFRpbWVzdGFtcGluZyBDQRcN
-MjUwMTI0MDUxNDI4WhcNMjUwMTMxMDUxNDI4WjCB9TAhAhAL2v0LKRQzmpYSZqw1
+MjUwMjEyMDUyMjQ1WhcNMjUwMjE5MDUyMjQ1WjCB9TAhAhAL2v0LKRQzmpYSZqw1
 OkdEFw0xNjEwMjQxNzQyNDlaMCECEAH40oMtKRkZcbNQw9u8pQAXDTE2MTExMTE1
 MjEzNFowIQIQClKwbEb16yWgi9U/3Ht4hhcNMTgwOTAzMTIxMTQyWjAhAhAFlx7K
 SlmJinvPTLfjd5doFw0xOTA5MzAwODE2MjRaMCECEAxFkEkmQLBOlEh/jEwCeJAX
 DTIxMDIwOTIyMzk0MlowIQIQBMvnUVSd49EL7YN0yV7iRBcNMjEwMjA5MjMyMzM3
 WjAhAhALmUrhw5aLANVesgZ0jpseFw0yMTAyMDkyMzI0MjNaoDAwLjAfBgNVHSME
-GDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjALBgNVHRQEBAICDNwwDQYJKoZIhvcN
-AQELBQADggEBAGuGW4lrI1pz4IwilL1u3rFRWD43/2Cu0+Pc1+tRx+QqB42aB0Jl
-esdIRc7t7bZ+5wmJyl5DTToQ3Vm7v34dXlblmmlJ2IM+1BKNEO4jMg82i4CFHtaE
-1e2lTfCOKR7YiTmUv/E44jAeQNJbt3k/6gnpDTGafJTIybYNh3uVDtC8Iiun4DKH
-x1qe0qzuixF2TDdTRgPP293nShxNJP5G9G5JaOGSreVOItwEhI+GP6rrPffcanfJ
-v7ghEutuJCE2BGZkqL5iEGgAbMYhFitCu58rfwCHF78uz8T/kxbe5Ax2Zu1IV3is
-kuc5vOHsT/GFYnMC4PZn9J9eYKLE6mzr0SY=
+GDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjALBgNVHRQEBAICDO8wDQYJKoZIhvcN
+AQELBQADggEBALr4VopJYkMfQ97HiyqytcWRY/vgyU/LxOwlH0/1DBSeeObQB0Nj
+uF7vcF2bhbpnxba7gvzOPryudwtbqquf2cl3CJG6MC2D8Nk1XzntDnpxCjVSfsAr
+158zAWPevyiuj3yzFz04mYALt/ZmOJMTF0vyKN8cg5bwfLu3itV6b6vhpuloIhRc
+Hmsbgr3BtCVHkf4vJWq/qKDEMcOhSrJ6wxGCzVyphenewSIbVcogj19cRZDFPWOC
+3sAy/GY3Rz0qK30tDvNbE1uum8gy5ijXFmepJ/lEetRCvrIsxTsXJOj0tqVZfIIQ
+E1YWUZ57TiBBrdS+dTgmRxkN/zaAfYVAIck=
 -----END X509 CRL-----
--- a/hooks/timestamping
+++ b/hooks/timestamping
@@ -553,7 +553,7 @@ download_crls_for_chain() {
      local URL=$(openssl x509 -inform PEM -in $EXTRACTED_CERT -text -noout \
                  | awk '/CRL Distribution Points:/{f=1} f && /URI:/ {print; exit}' \
                  | sed 's/^.*URI://1')
-      if curl "$URL" --output "$CRL_TMP" &> "$OUT_STREAM"; then
+      if curl -L "$URL" --output "$CRL_TMP" &> "$OUT_STREAM"; then
        if openssl crl -in "$CRL_TMP" -inform DER -noout &> "$OUT_STREAM"; then
          openssl crl -in "$CRL_TMP" -inform DER >> "$OUTPUT_FILE"
        elif openssl crl -in "$CRL_TMP" -inform PEM -noout &> "$OUT_STREAM"; then
--- a/hooks/validate.sh
+++ b/hooks/validate.sh
@@ -42,6 +42,7 @@ if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi
 . "$DIR/timestamping"

 declare -i MINVERSION=$TIMESTAMPING_VERSION
+declare -A PROCESSED_COMMIT

 while [[ $# -gt 0 ]]; do
  KEY="$1"
@@ -89,6 +90,10 @@ fi
 # tokens, the function will return 0 but echo a warning about the invalid token.
 validate_commit() {
  local COMMIT_HASH="$1"
+  if [[ ${PROCESSED_COMMIT[$COMMIT_HASH]} ]]; then
+    log "validate_commit for $COMMIT_HASH has already been validated"
+    return 0
+  fi
  log "validate_commit for $COMMIT_HASH"

  local TIMESTAMP_COMMIT_VERSION
@@ -275,6 +280,8 @@ validate_commit() {
  #assert that all extracted timestamps have been processed
  assert "[ $NUM_PROCESSED -eq $NUM_EXTRACTED ]" "All extracted token must be processed."

+  PROCESSED_COMMIT[$COMMIT_HASH]=1
+
  if [ $NUM_VALID -gt 0 ]; then
    if [ $NUM_INVALID -gt 0 ]; then
      echo_warning "Warning: While commit $COMMIT_HASH contains $NUM_VALID valid timestamp tokens and thus is considered proppely timestamped, it also contains $NUM_INVALID invalid timestamp tokens."
Author	SHA1	Message	Date
Phil Davis	2976a241af	only validate each commit once All checks were successful Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 2m8s Details	2025-03-18 13:47:27 +05:45
Artur Neumann	0d1494003c	Merge pull request 'follow redirects when downloading certificates' (#6 ) from follow into main All checks were successful Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 25m42s Details Reviewed-on: #6 Reviewed-by: phil <phil@jankaritech.eu>	2025-02-17 03:37:10 +00:00
Artur Neumann	06b6d255e8	-----TIMESTAMP COMMIT----- All checks were successful Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 13m36s Details Version: 1 Algorithm: sha1 Preimage: version:1,parent:d5c7b22b53192ffed685f3b8362ff8e8076c290c,tree:86b28882e4cf79c90690ac82831ddf06a10e55ad Digest: 0050ab353bfbdc4f0faf1d555d19787eaf6a6913 Timestamp: https://freetsa.org/tsr Info: Timestamp generated with GitTrustedTimestamps by Mabulous GmbH Version: 1 Policy OID: tsa_policy1 Hash Algorithm: sha1 Message data: 0000 - 00 50 ab 35 3b fb dc 4f-0f af 1d 55 5d 19 78 7e .P.5;..O...U].x~ 0010 - af 6a 69 13 .ji. Serial number: 0x05806698 Time stamp: Feb 13 06:24:31 2025 GMT Accuracy: unspecified Ordering: yes Nonce: 0x9BFC14C8020EB66B TSA: DirName:/O=Free TSA/OU=TSA/description=This certificate digitally signs documents and time stamp requests made using the freetsa.org online services/CN=www.freetsa.org/emailAddress=busilezas@gmail.com/L=Wuerzburg/C=DE/ST=Bayern Extensions: -----BEGIN RFC3161 TOKEN----- MIIFOAYJKoZIhvcNAQcCoIIFKTCCBSUCAQMxDzANBglghkgBZQMEAgMFADCCAX8G CyqGSIb3DQEJEAEEoIIBbgSCAWowggFmAgEBBgQqAwQBMCEwCQYFKw4DAhoFAAQU AFCrNTv73E8Prx1VXRl4fq9qaRMCBAWAZpgYDzIwMjUwMjEzMDYyNDMxWgEB/wIJ AJv8FMgCDrZroIIBEaSCAQ0wggEJMREwDwYDVQQKEwhGcmVlIFRTQTEMMAoGA1UE CxMDVFNBMXYwdAYDVQQNE21UaGlzIGNlcnRpZmljYXRlIGRpZ2l0YWxseSBzaWdu cyBkb2N1bWVudHMgYW5kIHRpbWUgc3RhbXAgcmVxdWVzdHMgbWFkZSB1c2luZyB0 aGUgZnJlZXRzYS5vcmcgb25saW5lIHNlcnZpY2VzMRgwFgYDVQQDEw93d3cuZnJl ZXRzYS5vcmcxIjAgBgkqhkiG9w0BCQEWE2J1c2lsZXphc0BnbWFpbC5jb20xEjAQ BgNVBAcTCVd1ZXJ6YnVyZzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJheWVybjGC A4owggOGAgEBMIGjMIGVMREwDwYDVQQKEwhGcmVlIFRTQTEQMA4GA1UECxMHUm9v dCBDQTEYMBYGA1UEAxMPd3d3LmZyZWV0c2Eub3JnMSIwIAYJKoZIhvcNAQkBFhNi dXNpbGV6YXNAZ21haWwuY29tMRIwEAYDVQQHEwlXdWVyemJ1cmcxDzANBgNVBAgT BkJheWVybjELMAkGA1UEBhMCREUCCQDB6YYWDajpgjANBglghkgBZQMEAgMFAKCB uDAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI1 MDIxMzA2MjQzMVowKwYLKoZIhvcNAQkQAgwxHDAaMBgwFgQUkW2j2GDsyoLjS8Wd F5Pn6WiHXxQwTwYJKoZIhvcNAQkEMUIEQB52HUI0c2GSPHMEZ06bBC1B3c44YNNd ZAX5WaBuXq67HV+nlNcnY2HUtBEfDt0gjx9g8mXfVCB/hVpC+EN2bf8wDQYJKoZI hvcNAQEBBQAEggIAg3ZRGvOLTqX6ulk4dwjYRcj+nKK8hh2vyohA8OMq/+4VgYG+ Ujgqe29V4APXQ3SsCtotSufOqWifSvzzn/olaUYOn9d8aP24JiDcmNf6oFUnZHEJ TfbQ0SUDeAYNodNMVxjG3IrVu0TYqjTLPmjYxvjeipnshUvfNDFzW87QILYT/ChB GNAv8p91z41/D+vMjtOUoSsyWDMUhrbxRWqsxHTDiBqAmWeGPVONxFpZDaRJpHlR pqkY/Cgs2JONw+o3AKCiSm9Hleue3liHxR0N6wixuZUl1eYge/19VluxeMLNS2IP Lx7vELITLpGsmtSCUKAhWgRd77xUrrfpQif1dIiZvHOIXF702swKuvsQ8jcXheQn 1jBSLuiZbjLzpMGp59pN43ObhUeYwGmbgqlQaceP6C73iQogBU3N9uY5J3hwdYbx SgZUhyApjUIvhVKmSm9UU56dOYCxmb0innyxdDsWc3hdeDXAdIibPx+B6AcDlysr 8QyEKgWogfEq+/NrFsc6xe+Jn6Td+p3+5izS6CgsHHA8S2nXfmQFNzMi2hnWVL5L f4zH0xoR+vD5vcQxo1K/FHh+6F6OxvAsjS2/KmmUjvj6yypVNqZGjTTvusGS9xKG r3jF1qbwWdKwhD0+LrdEia3TA5R+0eXc79aEeeoRrBGmY1O589cCYRJDPzE= -----END RFC3161 TOKEN----- Timestamp: https://tsa.cesnet.cz:3162/tsa Info: Timestamp generated with GitTrustedTimestamps by Mabulous GmbH Version: 1 Policy OID: 1.3.6.1.4.1.22408.1.2.3.45 Hash Algorithm: sha1 Message data: 0000 - 00 50 ab 35 3b fb dc 4f-0f af 1d 55 5d 19 78 7e .P.5;..O...U].x~ 0010 - af 6a 69 13 .ji. Serial number: 0x72F09E96316D97FF Time stamp: Feb 13 06:24:32 2025 GMT Accuracy: unspecified Ordering: no Nonce: 0xE050DA61DF1B13B1 TSA: DirName:/DC=cz/DC=cesnet-ca/O=CESNET/CN=tsa.cesnet.cz Extensions: -----BEGIN RFC3161 TOKEN----- MIID1QYJKoZIhvcNAQcCoIIDxjCCA8ICAQMxDzANBglghkgBZQMEAgEFADCBzgYL KoZIhvcNAQkQAQSggb4EgbswgbgCAQEGDCsGAQQBga8IAQIDLTAhMAkGBSsOAwIa BQAEFABQqzU7+9xPD68dVV0ZeH6vamkTAghy8J6WMW2X/xgPMjAyNTAyMTMwNjI0 MzJaAgkA4FDaYd8bE7GgXKRaMFgxEjAQBgoJkiaJk/IsZAEZFgJjejEZMBcGCgmS JomT8ixkARkWCWNlc25ldC1jYTEPMA0GA1UECgwGQ0VTTkVUMRYwFAYDVQQDDA10 c2EuY2VzbmV0LmN6MYIC2TCCAtUCAQEwbDBgMRIwEAYKCZImiZPyLGQBGRYCY3ox GTAXBgoJkiaJk/IsZAEZFgljZXNuZXQtY2ExEjAQBgNVBAoMCUNFU05FVCBDQTEb MBkGA1UEAwwSUGVyc29uYWwgU2lnbmluZyAyAghq94ZoOsDXcDANBglghkgBZQME AgEFAKCCAT4wGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJ BTEPFw0yNTAyMTMwNjI0MzJaMC0GCSqGSIb3DQEJNDEgMB4wDQYJYIZIAWUDBAIB BQChDQYJKoZIhvcNAQELBQAwLwYJKoZIhvcNAQkEMSIEIBOM1Xd1ny1/Cn2qwXnV uTCuRE5ISmPDMJ66d0bTQKmzMIGhBgsqhkiG9w0BCRACDDGBkTCBjjCBizCBiAQU UCTsC5lLIjDwCg+Qpg0dKB0bP74wcDBkpGIwYDESMBAGCgmSJomT8ixkARkWAmN6 MRkwFwYKCZImiZPyLGQBGRYJY2VzbmV0LWNhMRIwEAYDVQQKDAlDRVNORVQgQ0Ex GzAZBgNVBAMMElBlcnNvbmFsIFNpZ25pbmcgMgIIaveGaDrA13AwDQYJKoZIhvcN AQELBQAEggEArnIdS1TSpOveavo2Y83DKcRVh73cD5uykpY6R0OFFxY/NprrYnT/ AHl+skRF0k5zcsVCbhH/BoWujj4Y+Oz5fSk29P/etC5kxTz9gMfmgSbKvV04vGjY n99Pb+ubx2xUFFQ4QeG43Esja4E37kt1H9VWuYBy+kNnExhQOW0/SwZXHJ3RV2N6 bvIHeTjXYopgAdUn9Nvr70FS9QYgr/D/gIrx6YEOoWcra8fA/ze2s6kIeO2KgTMO 7yt51tcjOtKvn/0amvHAazS4fnSDKoPWdQB33ZQQBcAI+luVGCpMYo5dHRQirOef VGE4bjPCkyXj9vuyQslf+yMw4VJ0Ur9yUw== -----END RFC3161 TOKEN-----	2025-02-13 12:09:32 +05:45
Artur Neumann	d5c7b22b53	follow redirects when downloading certificate	2025-02-13 12:09:11 +05:45
Artur Neumann	0e07bab508	Merge pull request 'automatically validate all timestamps in CI' (#5 ) from validate-timestamps-in-ci into main All checks were successful Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 13m35s Details Reviewed-on: #5 Reviewed-by: phil <phil@jankaritech.eu>	2025-01-31 05:52:10 +00:00
Artur Neumann	b1a1cdd088	-----TIMESTAMP COMMIT----- All checks were successful Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 7m30s Details Version: 1 Algorithm: sha1 Preimage: version:1,parent:e1d1c5e26ee291018cd217af3f734066af67e1c2,tree:6bb692a51b515326489d4f5cda9f6de455bf71bb Digest: a45bc2719ce0c445cf7aaec3549ae8e8297c45a3 Timestamp: https://freetsa.org/tsr Info: Timestamp generated with GitTrustedTimestamps by Mabulous GmbH Version: 1 Policy OID: tsa_policy1 Hash Algorithm: sha1 Message data: 0000 - a4 5b c2 71 9c e0 c4 45-cf 7a ae c3 54 9a e8 e8 .[.q...E.z..T... 0010 - 29 7c 45 a3 )\|E. Serial number: 0x0527B7D9 Time stamp: Jan 24 10:27:32 2025 GMT Accuracy: unspecified Ordering: yes Nonce: 0x301EF3AF455AF2B2 TSA: DirName:/O=Free TSA/OU=TSA/description=This certificate digitally signs documents and time stamp requests made using the freetsa.org online services/CN=www.freetsa.org/emailAddress=busilezas@gmail.com/L=Wuerzburg/C=DE/ST=Bayern Extensions: -----BEGIN RFC3161 TOKEN----- MIIFNwYJKoZIhvcNAQcCoIIFKDCCBSQCAQMxDzANBglghkgBZQMEAgMFADCCAX4G CyqGSIb3DQEJEAEEoIIBbQSCAWkwggFlAgEBBgQqAwQBMCEwCQYFKw4DAhoFAAQU pFvCcZzgxEXPeq7DVJro6Cl8RaMCBAUnt9kYDzIwMjUwMTI0MTAyNzMyWgEB/wII MB7zr0Va8rKgggERpIIBDTCCAQkxETAPBgNVBAoTCEZyZWUgVFNBMQwwCgYDVQQL EwNUU0ExdjB0BgNVBA0TbVRoaXMgY2VydGlmaWNhdGUgZGlnaXRhbGx5IHNpZ25z IGRvY3VtZW50cyBhbmQgdGltZSBzdGFtcCByZXF1ZXN0cyBtYWRlIHVzaW5nIHRo ZSBmcmVldHNhLm9yZyBvbmxpbmUgc2VydmljZXMxGDAWBgNVBAMTD3d3dy5mcmVl dHNhLm9yZzEiMCAGCSqGSIb3DQEJARYTYnVzaWxlemFzQGdtYWlsLmNvbTESMBAG A1UEBxMJV3VlcnpidXJnMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmF5ZXJuMYID ijCCA4YCAQEwgaMwgZUxETAPBgNVBAoTCEZyZWUgVFNBMRAwDgYDVQQLEwdSb290 IENBMRgwFgYDVQQDEw93d3cuZnJlZXRzYS5vcmcxIjAgBgkqhkiG9w0BCQEWE2J1 c2lsZXphc0BnbWFpbC5jb20xEjAQBgNVBAcTCVd1ZXJ6YnVyZzEPMA0GA1UECBMG QmF5ZXJuMQswCQYDVQQGEwJERQIJAMHphhYNqOmCMA0GCWCGSAFlAwQCAwUAoIG4 MBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAcBgkqhkiG9w0BCQUxDxcNMjUw MTI0MTAyNzMyWjArBgsqhkiG9w0BCRACDDEcMBowGDAWBBSRbaPYYOzKguNLxZ0X k+fpaIdfFDBPBgkqhkiG9w0BCQQxQgRAOhGsL1oQELPv80v31i69i6cmzAjZZQHN HJa/S4qmj6B6+larLZDPHJpIBcuBn1yXxEUylN6O5wjBy4Bt1OfVOzANBgkqhkiG 9w0BAQEFAASCAgA22duKRnJngnpVAjqex7dIDOleDMlwL97U5BaYrCHKJfUEwIH8 M3Q2HmiYEIFBXwnifxQxY4zZXJIAx7VIhwW82Yyt9c5SlPAWRKTZ8tllJQy0gUiL fFcn+tj0iKJEcBTHM5rxRlIJkP2S0nu0FPC3/lUsx0MLSL7gA11h2lsQhPMdehHx yp5JMuSg/+fiqfmwwSFBd9LPlxmwcyBu/6sBKSoPBnL9DJiKl9GZYKrxoUiGJF9s 6N+wkbp5qgusAnsEOnb8rd1+BYn74wyXtY+8z3nmO/qTV6DJWFe94NMYRvilGf3F 9hqpXAVF0LCrUWbwNpWsUlE/+V5OiDgs4mRWLNFIXvcHySOkPmM1y7xDvUUIcvsw uwDUwPmwpAHSTXgakcfkhLdxev6H4yPUO0LjzGfL5U7Rwzjt/SygJRgZhLO3cDI0 94sbBMiNUbnjSOCTW9AJ4FAHJchzDWjHo6EHPq/VZBm5dhlc6nLLjb4glL7nTQ6B j1ceJhZ/1P4n9Ht7tXHNjysKd5kRkstMecsC8XkeTHyzcCpH4MnnkDlY0yY8imAp Bvk5M0kpeE0CX1X15TRNHCKoLhuBHGj6CS2CaPwhsSzR5Iemt0eIIiIUNNWAQ97z vRZ+wF7EefGsf3MNyl5UqaTdWyBReNbllSTasN4zlo1NJBv6k7xNI8QfdQ== -----END RFC3161 TOKEN----- Timestamp: https://tsa.cesnet.cz:3162/tsa Info: Timestamp generated with GitTrustedTimestamps by Mabulous GmbH Version: 1 Policy OID: 1.3.6.1.4.1.22408.1.2.3.45 Hash Algorithm: sha1 Message data: 0000 - a4 5b c2 71 9c e0 c4 45-cf 7a ae c3 54 9a e8 e8 .[.q...E.z..T... 0010 - 29 7c 45 a3 )\|E. Serial number: 0x27AA2B6CB2AEA0CE Time stamp: Jan 24 10:27:33 2025 GMT Accuracy: unspecified Ordering: no Nonce: 0xEB2CD76043666DEA TSA: DirName:/DC=cz/DC=cesnet-ca/O=CESNET/CN=tsa.cesnet.cz Extensions: -----BEGIN RFC3161 TOKEN----- MIID1QYJKoZIhvcNAQcCoIIDxjCCA8ICAQMxDzANBglghkgBZQMEAgEFADCBzgYL KoZIhvcNAQkQAQSggb4EgbswgbgCAQEGDCsGAQQBga8IAQIDLTAhMAkGBSsOAwIa BQAEFKRbwnGc4MRFz3quw1Sa6OgpfEWjAggnqitssq6gzhgPMjAyNTAxMjQxMDI3 MzNaAgkA6yzXYENmbeqgXKRaMFgxEjAQBgoJkiaJk/IsZAEZFgJjejEZMBcGCgmS JomT8ixkARkWCWNlc25ldC1jYTEPMA0GA1UECgwGQ0VTTkVUMRYwFAYDVQQDDA10 c2EuY2VzbmV0LmN6MYIC2TCCAtUCAQEwbDBgMRIwEAYKCZImiZPyLGQBGRYCY3ox GTAXBgoJkiaJk/IsZAEZFgljZXNuZXQtY2ExEjAQBgNVBAoMCUNFU05FVCBDQTEb MBkGA1UEAwwSUGVyc29uYWwgU2lnbmluZyAyAghq94ZoOsDXcDANBglghkgBZQME AgEFAKCCAT4wGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJ BTEPFw0yNTAxMjQxMDI3MzNaMC0GCSqGSIb3DQEJNDEgMB4wDQYJYIZIAWUDBAIB BQChDQYJKoZIhvcNAQELBQAwLwYJKoZIhvcNAQkEMSIEIODM6KO3/ht6dWauUKQT N3BJKLMYAmo+GyAN5hfHC80lMIGhBgsqhkiG9w0BCRACDDGBkTCBjjCBizCBiAQU UCTsC5lLIjDwCg+Qpg0dKB0bP74wcDBkpGIwYDESMBAGCgmSJomT8ixkARkWAmN6 MRkwFwYKCZImiZPyLGQBGRYJY2VzbmV0LWNhMRIwEAYDVQQKDAlDRVNORVQgQ0Ex GzAZBgNVBAMMElBlcnNvbmFsIFNpZ25pbmcgMgIIaveGaDrA13AwDQYJKoZIhvcN AQELBQAEggEAW8YhIhKvAEroACSgC1XB/fGemF9KUAYz9RAVMzCzNqvCJlut56Wc ynCl7NG7b+cR8OEtecp9VvzqHoVH1B0YpOWglkIYYRWEy3sWuYjQLiTBwTxvmTUC NQXn4khbngiZboXHnF8c/y2qxBwENra4TPt4JT5HdfNdkOhf7UhGH3FrgpHDpgPN Qsh3oXZz9140D9oT5DB/uXDRGkhCJ/9aWrP3VgIraFZ/LBJMYA1KAdc+wLsMMMUx nQzto8K2t4OMKVW731Z+43lY/GQECDWgvi5KXnT7r5wYGh5QaAziOf/XnalvtohN /Y2Cda6fjivYNFbyjkvsJJzOTFf6W+XE+g== -----END RFC3161 TOKEN-----	2025-01-24 16:12:33 +05:45
Artur Neumann	e1d1c5e26e	automatically validate all timestamps any time a change is proposed or incrporated int the archive (main branch) this check runs and 1. checks if all certificates of the Time-stamping authorities are as expected 2. all new and historic time-stamps are valid	2025-01-24 16:12:22 +05:45