JankariTechUG/GitTrustedTimestamps
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Compare commits

base: JankariTechUG:b1a1cdd088732930b98262996aaf7162cd65f3f9
Branches Tags
JankariTechUG:main JankariTechUG:date-order JankariTechUG:respect-MAX_COMMITS_TO_CHECK JankariTechUG:limit-num-commits-validated JankariTechUG:validate-each-commit-once-only
..
compare: JankariTechUG:validate-each-commit-once-only
Branches Tags
JankariTechUG:main JankariTechUG:date-order JankariTechUG:respect-MAX_COMMITS_TO_CHECK JankariTechUG:limit-num-commits-validated JankariTechUG:validate-each-commit-once-only

5 Commits
b1a1cdd088 ... validate-e

Author SHA1 Message Date
Phil Davis
2976a241af only validate each commit once
All checks were successful
Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 2m8s
Details
2025-03-18 13:47:27 +05:45
Artur Neumann
0d1494003c Merge pull request 'follow redirects when downloading certificates' (#6) from follow into main
All checks were successful
Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 25m42s
Details 
Reviewed-on: #6
Reviewed-by: phil <phil@jankaritech.eu>
 2025-02-17 03:37:10 +00:00
Artur Neumann
06b6d255e8 -----TIMESTAMP COMMIT-----
All checks were successful
Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 13m36s
Details 
Version: 1

Algorithm: sha1

Preimage: version:1,parent:d5c7b22b53192ffed685f3b8362ff8e8076c290c,tree:86b28882e4cf79c90690ac82831ddf06a10e55ad

Digest: 0050ab353bfbdc4f0faf1d555d19787eaf6a6913

Timestamp: https://freetsa.org/tsr
 Info: Timestamp generated with GitTrustedTimestamps by Mabulous GmbH

 Version: 1
 Policy OID: tsa_policy1
 Hash Algorithm: sha1
 Message data:
     0000 - 00 50 ab 35 3b fb dc 4f-0f af 1d 55 5d 19 78 7e   .P.5;..O...U].x~
     0010 - af 6a 69 13                                       .ji.
 Serial number: 0x05806698
 Time stamp: Feb 13 06:24:31 2025 GMT
 Accuracy: unspecified
 Ordering: yes
 Nonce: 0x9BFC14C8020EB66B
 TSA: DirName:/O=Free TSA/OU=TSA/description=This certificate digitally signs documents and time stamp requests made using the freetsa.org online services/CN=www.freetsa.org/emailAddress=busilezas@gmail.com/L=Wuerzburg/C=DE/ST=Bayern
 Extensions:

 -----BEGIN RFC3161 TOKEN-----
 MIIFOAYJKoZIhvcNAQcCoIIFKTCCBSUCAQMxDzANBglghkgBZQMEAgMFADCCAX8G
 CyqGSIb3DQEJEAEEoIIBbgSCAWowggFmAgEBBgQqAwQBMCEwCQYFKw4DAhoFAAQU
 AFCrNTv73E8Prx1VXRl4fq9qaRMCBAWAZpgYDzIwMjUwMjEzMDYyNDMxWgEB/wIJ
 AJv8FMgCDrZroIIBEaSCAQ0wggEJMREwDwYDVQQKEwhGcmVlIFRTQTEMMAoGA1UE
 CxMDVFNBMXYwdAYDVQQNE21UaGlzIGNlcnRpZmljYXRlIGRpZ2l0YWxseSBzaWdu
 cyBkb2N1bWVudHMgYW5kIHRpbWUgc3RhbXAgcmVxdWVzdHMgbWFkZSB1c2luZyB0
 aGUgZnJlZXRzYS5vcmcgb25saW5lIHNlcnZpY2VzMRgwFgYDVQQDEw93d3cuZnJl
 ZXRzYS5vcmcxIjAgBgkqhkiG9w0BCQEWE2J1c2lsZXphc0BnbWFpbC5jb20xEjAQ
 BgNVBAcTCVd1ZXJ6YnVyZzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJheWVybjGC
 A4owggOGAgEBMIGjMIGVMREwDwYDVQQKEwhGcmVlIFRTQTEQMA4GA1UECxMHUm9v
 dCBDQTEYMBYGA1UEAxMPd3d3LmZyZWV0c2Eub3JnMSIwIAYJKoZIhvcNAQkBFhNi
 dXNpbGV6YXNAZ21haWwuY29tMRIwEAYDVQQHEwlXdWVyemJ1cmcxDzANBgNVBAgT
 BkJheWVybjELMAkGA1UEBhMCREUCCQDB6YYWDajpgjANBglghkgBZQMEAgMFAKCB
 uDAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI1
 MDIxMzA2MjQzMVowKwYLKoZIhvcNAQkQAgwxHDAaMBgwFgQUkW2j2GDsyoLjS8Wd
 F5Pn6WiHXxQwTwYJKoZIhvcNAQkEMUIEQB52HUI0c2GSPHMEZ06bBC1B3c44YNNd
 ZAX5WaBuXq67HV+nlNcnY2HUtBEfDt0gjx9g8mXfVCB/hVpC+EN2bf8wDQYJKoZI
 hvcNAQEBBQAEggIAg3ZRGvOLTqX6ulk4dwjYRcj+nKK8hh2vyohA8OMq/+4VgYG+
 Ujgqe29V4APXQ3SsCtotSufOqWifSvzzn/olaUYOn9d8aP24JiDcmNf6oFUnZHEJ
 TfbQ0SUDeAYNodNMVxjG3IrVu0TYqjTLPmjYxvjeipnshUvfNDFzW87QILYT/ChB
 GNAv8p91z41/D+vMjtOUoSsyWDMUhrbxRWqsxHTDiBqAmWeGPVONxFpZDaRJpHlR
 pqkY/Cgs2JONw+o3AKCiSm9Hleue3liHxR0N6wixuZUl1eYge/19VluxeMLNS2IP
 Lx7vELITLpGsmtSCUKAhWgRd77xUrrfpQif1dIiZvHOIXF702swKuvsQ8jcXheQn
 1jBSLuiZbjLzpMGp59pN43ObhUeYwGmbgqlQaceP6C73iQogBU3N9uY5J3hwdYbx
 SgZUhyApjUIvhVKmSm9UU56dOYCxmb0innyxdDsWc3hdeDXAdIibPx+B6AcDlysr
 8QyEKgWogfEq+/NrFsc6xe+Jn6Td+p3+5izS6CgsHHA8S2nXfmQFNzMi2hnWVL5L
 f4zH0xoR+vD5vcQxo1K/FHh+6F6OxvAsjS2/KmmUjvj6yypVNqZGjTTvusGS9xKG
 r3jF1qbwWdKwhD0+LrdEia3TA5R+0eXc79aEeeoRrBGmY1O589cCYRJDPzE=
 -----END RFC3161 TOKEN-----

Timestamp: https://tsa.cesnet.cz:3162/tsa
 Info: Timestamp generated with GitTrustedTimestamps by Mabulous GmbH

 Version: 1
 Policy OID: 1.3.6.1.4.1.22408.1.2.3.45
 Hash Algorithm: sha1
 Message data:
     0000 - 00 50 ab 35 3b fb dc 4f-0f af 1d 55 5d 19 78 7e   .P.5;..O...U].x~
     0010 - af 6a 69 13                                       .ji.
 Serial number: 0x72F09E96316D97FF
 Time stamp: Feb 13 06:24:32 2025 GMT
 Accuracy: unspecified
 Ordering: no
 Nonce: 0xE050DA61DF1B13B1
 TSA: DirName:/DC=cz/DC=cesnet-ca/O=CESNET/CN=tsa.cesnet.cz
 Extensions:

 -----BEGIN RFC3161 TOKEN-----
 MIID1QYJKoZIhvcNAQcCoIIDxjCCA8ICAQMxDzANBglghkgBZQMEAgEFADCBzgYL
 KoZIhvcNAQkQAQSggb4EgbswgbgCAQEGDCsGAQQBga8IAQIDLTAhMAkGBSsOAwIa
 BQAEFABQqzU7+9xPD68dVV0ZeH6vamkTAghy8J6WMW2X/xgPMjAyNTAyMTMwNjI0
 MzJaAgkA4FDaYd8bE7GgXKRaMFgxEjAQBgoJkiaJk/IsZAEZFgJjejEZMBcGCgmS
 JomT8ixkARkWCWNlc25ldC1jYTEPMA0GA1UECgwGQ0VTTkVUMRYwFAYDVQQDDA10
 c2EuY2VzbmV0LmN6MYIC2TCCAtUCAQEwbDBgMRIwEAYKCZImiZPyLGQBGRYCY3ox
 GTAXBgoJkiaJk/IsZAEZFgljZXNuZXQtY2ExEjAQBgNVBAoMCUNFU05FVCBDQTEb
 MBkGA1UEAwwSUGVyc29uYWwgU2lnbmluZyAyAghq94ZoOsDXcDANBglghkgBZQME
 AgEFAKCCAT4wGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJ
 BTEPFw0yNTAyMTMwNjI0MzJaMC0GCSqGSIb3DQEJNDEgMB4wDQYJYIZIAWUDBAIB
 BQChDQYJKoZIhvcNAQELBQAwLwYJKoZIhvcNAQkEMSIEIBOM1Xd1ny1/Cn2qwXnV
 uTCuRE5ISmPDMJ66d0bTQKmzMIGhBgsqhkiG9w0BCRACDDGBkTCBjjCBizCBiAQU
 UCTsC5lLIjDwCg+Qpg0dKB0bP74wcDBkpGIwYDESMBAGCgmSJomT8ixkARkWAmN6
 MRkwFwYKCZImiZPyLGQBGRYJY2VzbmV0LWNhMRIwEAYDVQQKDAlDRVNORVQgQ0Ex
 GzAZBgNVBAMMElBlcnNvbmFsIFNpZ25pbmcgMgIIaveGaDrA13AwDQYJKoZIhvcN
 AQELBQAEggEArnIdS1TSpOveavo2Y83DKcRVh73cD5uykpY6R0OFFxY/NprrYnT/
 AHl+skRF0k5zcsVCbhH/BoWujj4Y+Oz5fSk29P/etC5kxTz9gMfmgSbKvV04vGjY
 n99Pb+ubx2xUFFQ4QeG43Esja4E37kt1H9VWuYBy+kNnExhQOW0/SwZXHJ3RV2N6
 bvIHeTjXYopgAdUn9Nvr70FS9QYgr/D/gIrx6YEOoWcra8fA/ze2s6kIeO2KgTMO
 7yt51tcjOtKvn/0amvHAazS4fnSDKoPWdQB33ZQQBcAI+luVGCpMYo5dHRQirOef
 VGE4bjPCkyXj9vuyQslf+yMw4VJ0Ur9yUw==
 -----END RFC3161 TOKEN-----
 2025-02-13 12:09:32 +05:45
Artur Neumann
d5c7b22b53 follow redirects when downloading certificate 2025-02-13 12:09:11 +05:45
Artur Neumann
0e07bab508 Merge pull request 'automatically validate all timestamps in CI' (#5) from validate-timestamps-in-ci into main
All checks were successful
Validate Trusted Timestamps Actions Demo / Validate (push) Successful in 13m35s
Details 
Reviewed-on: #5
Reviewed-by: phil <phil@jankaritech.eu>
 2025-01-31 05:52:10 +00:00
4 changed files with 2159 additions and 2261 deletions
Expand all files Collapse all files

4395
.timestampltv/crls/5024EC0B994B2230F00A0F90A60D1D281D1B3FBE.crl
View File

File diff suppressed because it is too large Load Diff

16
.timestampltv/crls/E1D782A8E191BEEF6BCA1691B5AAB494A6249BF3.crl
View File

@@ -2,17 +2,17 @@
MIIC5jCCAc4CAQEwDQYJKoZIhvcNAQELBQAwcjELMAkGA1UEBhMCVVMxFTATBgNV MIIC5jCCAc4CAQEwDQYJKoZIhvcNAQELBQAwcjELMAkGA1UEBhMCVVMxFTATBgNV
BAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTExMC8G BAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTExMC8G
A1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVkIElEIFRpbWVzdGFtcGluZyBDQRcN A1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVkIElEIFRpbWVzdGFtcGluZyBDQRcN
MjUwMTI0MDUxNDI4WhcNMjUwMTMxMDUxNDI4WjCB9TAhAhAL2v0LKRQzmpYSZqw1 MjUwMjEyMDUyMjQ1WhcNMjUwMjE5MDUyMjQ1WjCB9TAhAhAL2v0LKRQzmpYSZqw1
OkdEFw0xNjEwMjQxNzQyNDlaMCECEAH40oMtKRkZcbNQw9u8pQAXDTE2MTExMTE1 OkdEFw0xNjEwMjQxNzQyNDlaMCECEAH40oMtKRkZcbNQw9u8pQAXDTE2MTExMTE1
MjEzNFowIQIQClKwbEb16yWgi9U/3Ht4hhcNMTgwOTAzMTIxMTQyWjAhAhAFlx7K MjEzNFowIQIQClKwbEb16yWgi9U/3Ht4hhcNMTgwOTAzMTIxMTQyWjAhAhAFlx7K
SlmJinvPTLfjd5doFw0xOTA5MzAwODE2MjRaMCECEAxFkEkmQLBOlEh/jEwCeJAX SlmJinvPTLfjd5doFw0xOTA5MzAwODE2MjRaMCECEAxFkEkmQLBOlEh/jEwCeJAX
DTIxMDIwOTIyMzk0MlowIQIQBMvnUVSd49EL7YN0yV7iRBcNMjEwMjA5MjMyMzM3 DTIxMDIwOTIyMzk0MlowIQIQBMvnUVSd49EL7YN0yV7iRBcNMjEwMjA5MjMyMzM3
WjAhAhALmUrhw5aLANVesgZ0jpseFw0yMTAyMDkyMzI0MjNaoDAwLjAfBgNVHSME WjAhAhALmUrhw5aLANVesgZ0jpseFw0yMTAyMDkyMzI0MjNaoDAwLjAfBgNVHSME
GDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjALBgNVHRQEBAICDNwwDQYJKoZIhvcN GDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjALBgNVHRQEBAICDO8wDQYJKoZIhvcN
AQELBQADggEBAGuGW4lrI1pz4IwilL1u3rFRWD43/2Cu0+Pc1+tRx+QqB42aB0Jl AQELBQADggEBALr4VopJYkMfQ97HiyqytcWRY/vgyU/LxOwlH0/1DBSeeObQB0Nj
esdIRc7t7bZ+5wmJyl5DTToQ3Vm7v34dXlblmmlJ2IM+1BKNEO4jMg82i4CFHtaE uF7vcF2bhbpnxba7gvzOPryudwtbqquf2cl3CJG6MC2D8Nk1XzntDnpxCjVSfsAr
1e2lTfCOKR7YiTmUv/E44jAeQNJbt3k/6gnpDTGafJTIybYNh3uVDtC8Iiun4DKH 158zAWPevyiuj3yzFz04mYALt/ZmOJMTF0vyKN8cg5bwfLu3itV6b6vhpuloIhRc
x1qe0qzuixF2TDdTRgPP293nShxNJP5G9G5JaOGSreVOItwEhI+GP6rrPffcanfJ Hmsbgr3BtCVHkf4vJWq/qKDEMcOhSrJ6wxGCzVyphenewSIbVcogj19cRZDFPWOC
v7ghEutuJCE2BGZkqL5iEGgAbMYhFitCu58rfwCHF78uz8T/kxbe5Ax2Zu1IV3is 3sAy/GY3Rz0qK30tDvNbE1uum8gy5ijXFmepJ/lEetRCvrIsxTsXJOj0tqVZfIIQ
kuc5vOHsT/GFYnMC4PZn9J9eYKLE6mzr0SY= E1YWUZ57TiBBrdS+dTgmRxkN/zaAfYVAIck=
-----END X509 CRL----- -----END X509 CRL-----

2
hooks/timestamping
View File

@@ -553,7 +553,7 @@ download_crls_for_chain() {
local URL=$(openssl x509 -inform PEM -in $EXTRACTED_CERT -text -noout \ local URL=$(openssl x509 -inform PEM -in $EXTRACTED_CERT -text -noout \
| awk '/CRL Distribution Points:/{f=1} f && /URI:/ {print; exit}' \ | awk '/CRL Distribution Points:/{f=1} f && /URI:/ {print; exit}' \
| sed 's/^.*URI://1') | sed 's/^.*URI://1')
if curl "$URL" --output "$CRL_TMP" &> "$OUT_STREAM"; then if curl -L "$URL" --output "$CRL_TMP" &> "$OUT_STREAM"; then
if openssl crl -in "$CRL_TMP" -inform DER -noout &> "$OUT_STREAM"; then if openssl crl -in "$CRL_TMP" -inform DER -noout &> "$OUT_STREAM"; then
openssl crl -in "$CRL_TMP" -inform DER >> "$OUTPUT_FILE" openssl crl -in "$CRL_TMP" -inform DER >> "$OUTPUT_FILE"
elif openssl crl -in "$CRL_TMP" -inform PEM -noout &> "$OUT_STREAM"; then elif openssl crl -in "$CRL_TMP" -inform PEM -noout &> "$OUT_STREAM"; then

7
hooks/validate.sh
View File

@@ -42,6 +42,7 @@ if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi
. "$DIR/timestamping" . "$DIR/timestamping"
declare -i MINVERSION=$TIMESTAMPING_VERSION declare -i MINVERSION=$TIMESTAMPING_VERSION
declare -A PROCESSED_COMMIT
while [[ $# -gt 0 ]]; do while [[ $# -gt 0 ]]; do
KEY="$1" KEY="$1"
@@ -89,6 +90,10 @@ fi
# tokens, the function will return 0 but echo a warning about the invalid token. # tokens, the function will return 0 but echo a warning about the invalid token.
validate_commit() { validate_commit() {
local COMMIT_HASH="$1" local COMMIT_HASH="$1"
if [[ ${PROCESSED_COMMIT[$COMMIT_HASH]} ]]; then
log "validate_commit for $COMMIT_HASH has already been validated"
return 0
fi
log "validate_commit for $COMMIT_HASH" log "validate_commit for $COMMIT_HASH"
local TIMESTAMP_COMMIT_VERSION local TIMESTAMP_COMMIT_VERSION
@@ -275,6 +280,8 @@ validate_commit() {
#assert that all extracted timestamps have been processed #assert that all extracted timestamps have been processed
assert "[ $NUM_PROCESSED -eq $NUM_EXTRACTED ]" "All extracted token must be processed." assert "[ $NUM_PROCESSED -eq $NUM_EXTRACTED ]" "All extracted token must be processed."
PROCESSED_COMMIT[$COMMIT_HASH]=1
if [ $NUM_VALID -gt 0 ]; then if [ $NUM_VALID -gt 0 ]; then
if [ $NUM_INVALID -gt 0 ]; then if [ $NUM_INVALID -gt 0 ]; then
echo_warning "Warning: While commit $COMMIT_HASH contains $NUM_VALID valid timestamp tokens and thus is considered proppely timestamped, it also contains $NUM_INVALID invalid timestamp tokens." echo_warning "Warning: While commit $COMMIT_HASH contains $NUM_VALID valid timestamp tokens and thus is considered proppely timestamped, it also contains $NUM_INVALID invalid timestamp tokens."