script to validate whether the hash of the trustanchors folder changed #4

Merged

artur merged 2 commits from validate_trustanchors_hash into main

2025-01-24 07:58:27 +00:00

Author	SHA1	Message	Date
Artur Neumann	49f05d35b8	-----TIMESTAMP COMMIT----- Version: 1 Algorithm: sha1 Preimage: version:1,parent:d22f203ab5b04e04de0dbcdf0fce3ec6a18dbf51,tree:e70e876f915fa2d63bdf7d405fb48ca1a9e50096 Digest: 94ca5c45f986511199fda711cd83dae79b27eaf5 Timestamp: https://freetsa.org/tsr Info: Timestamp generated with GitTrustedTimestamps by Mabulous GmbH Version: 1 Policy OID: tsa_policy1 Hash Algorithm: sha1 Message data: 0000 - 94 ca 5c 45 f9 86 51 11-99 fd a7 11 cd 83 da e7 ..\E..Q......... 0010 - 9b 27 ea f5 .'.. Serial number: 0x052729E1 Time stamp: Jan 24 07:57:56 2025 GMT Accuracy: unspecified Ordering: yes Nonce: 0x95B6DC184C0090F2 TSA: DirName:/O=Free TSA/OU=TSA/description=This certificate digitally signs documents and time stamp requests made using the freetsa.org online services/CN=www.freetsa.org/emailAddress=busilezas@gmail.com/L=Wuerzburg/C=DE/ST=Bayern Extensions: -----BEGIN RFC3161 TOKEN----- MIIFOAYJKoZIhvcNAQcCoIIFKTCCBSUCAQMxDzANBglghkgBZQMEAgMFADCCAX8G CyqGSIb3DQEJEAEEoIIBbgSCAWowggFmAgEBBgQqAwQBMCEwCQYFKw4DAhoFAAQU lMpcRfmGURGZ/acRzYPa55sn6vUCBAUnKeEYDzIwMjUwMTI0MDc1NzU2WgEB/wIJ AJW23BhMAJDyoIIBEaSCAQ0wggEJMREwDwYDVQQKEwhGcmVlIFRTQTEMMAoGA1UE CxMDVFNBMXYwdAYDVQQNE21UaGlzIGNlcnRpZmljYXRlIGRpZ2l0YWxseSBzaWdu cyBkb2N1bWVudHMgYW5kIHRpbWUgc3RhbXAgcmVxdWVzdHMgbWFkZSB1c2luZyB0 aGUgZnJlZXRzYS5vcmcgb25saW5lIHNlcnZpY2VzMRgwFgYDVQQDEw93d3cuZnJl ZXRzYS5vcmcxIjAgBgkqhkiG9w0BCQEWE2J1c2lsZXphc0BnbWFpbC5jb20xEjAQ BgNVBAcTCVd1ZXJ6YnVyZzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJheWVybjGC A4owggOGAgEBMIGjMIGVMREwDwYDVQQKEwhGcmVlIFRTQTEQMA4GA1UECxMHUm9v dCBDQTEYMBYGA1UEAxMPd3d3LmZyZWV0c2Eub3JnMSIwIAYJKoZIhvcNAQkBFhNi dXNpbGV6YXNAZ21haWwuY29tMRIwEAYDVQQHEwlXdWVyemJ1cmcxDzANBgNVBAgT BkJheWVybjELMAkGA1UEBhMCREUCCQDB6YYWDajpgjANBglghkgBZQMEAgMFAKCB uDAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI1 MDEyNDA3NTc1NlowKwYLKoZIhvcNAQkQAgwxHDAaMBgwFgQUkW2j2GDsyoLjS8Wd F5Pn6WiHXxQwTwYJKoZIhvcNAQkEMUIEQPeVDoOWvx/xfL2roIlwOifjPctlsWCF PWngjJJGdXQwuT2n3/KkTXQ+D6AMVRV0Jvj6fKEtx9LEvH4EIQ2XnG4wDQYJKoZI hvcNAQEBBQAEggIAm/KiZ2o9EG98tkVm0h5xAUVqDwLaBFlRxz7W6600iiJNZPd3 yBW0JbZ1thRT/AyUgGEc2M27I57EDLkHEmWGhA1Dh/HMhL9lNtsLhM5GJQuOD/2S SQjS72ySVcZYnLqRK8z4tR8+Q7san0oxT6UhQGmzOu08pjjs+E9BxZVNhMu7MSGu gSmg1qtAPQs7dXeAX+WKrxaFMSgz3COn9xSWhubwhE+9YKYIO0V7iEu/aimd9syr WxYhzcmmpqe+TNnAIEICqf/8Loj7NlJT6EZiErUBi19f4rnbKjae2wgWdon/901m vcTGgEpCGeWWnP2uMgibYeMfmo8PqAowOCmbbtb4ImvsXtJ+w12cE77eBVvHkOtd 9c4pzwrBDdWf9rDaEGvmytsn9hiUOqNUJqy7X0RokgZAhKBiwnWwj0tcBSVRymMH P2OKQqPW5QmIEnN4l9cXxI1jjzR9DuGLOXN/HFHetE6Q9J7svTvb2ojHAy9Vu6op MKgD36kmLB2BoDFKWWsNRah2rcR7JBq8AwHvR3wjFrjBK3bcmKrkHPbZLQM1Xrhy 8pDWJtLE7qUVjT5peAV+HJTL79l1ayBwPyl5EU9lWSxRjrHqHlesKH70u47u5JNi PAt9wgoQ4LWnFWqujtv4dZWDc5yNWq0sUmoII9WIO+HfiOJ1Ue+2nYkP9Xw= -----END RFC3161 TOKEN----- Timestamp: https://tsa.cesnet.cz:3162/tsa Info: Timestamp generated with GitTrustedTimestamps by Mabulous GmbH Version: 1 Policy OID: 1.3.6.1.4.1.22408.1.2.3.45 Hash Algorithm: sha1 Message data: 0000 - 94 ca 5c 45 f9 86 51 11-99 fd a7 11 cd 83 da e7 ..\E..Q......... 0010 - 9b 27 ea f5 .'.. Serial number: 0x6B11456390A4A52C Time stamp: Jan 24 07:57:57 2025 GMT Accuracy: unspecified Ordering: no Nonce: 0xBCDBFCA8C45E6309 TSA: DirName:/DC=cz/DC=cesnet-ca/O=CESNET/CN=tsa.cesnet.cz Extensions: -----BEGIN RFC3161 TOKEN----- MIID1QYJKoZIhvcNAQcCoIIDxjCCA8ICAQMxDzANBglghkgBZQMEAgEFADCBzgYL KoZIhvcNAQkQAQSggb4EgbswgbgCAQEGDCsGAQQBga8IAQIDLTAhMAkGBSsOAwIa BQAEFJTKXEX5hlERmf2nEc2D2uebJ+r1AghrEUVjkKSlLBgPMjAyNTAxMjQwNzU3 NTdaAgkAvNv8qMReYwmgXKRaMFgxEjAQBgoJkiaJk/IsZAEZFgJjejEZMBcGCgmS JomT8ixkARkWCWNlc25ldC1jYTEPMA0GA1UECgwGQ0VTTkVUMRYwFAYDVQQDDA10 c2EuY2VzbmV0LmN6MYIC2TCCAtUCAQEwbDBgMRIwEAYKCZImiZPyLGQBGRYCY3ox GTAXBgoJkiaJk/IsZAEZFgljZXNuZXQtY2ExEjAQBgNVBAoMCUNFU05FVCBDQTEb MBkGA1UEAwwSUGVyc29uYWwgU2lnbmluZyAyAghq94ZoOsDXcDANBglghkgBZQME AgEFAKCCAT4wGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJ BTEPFw0yNTAxMjQwNzU3NTdaMC0GCSqGSIb3DQEJNDEgMB4wDQYJYIZIAWUDBAIB BQChDQYJKoZIhvcNAQELBQAwLwYJKoZIhvcNAQkEMSIEIArVkoHd0fkRZmDW1bjL /QcSZHQ1HshoIG5TlCmiC3C5MIGhBgsqhkiG9w0BCRACDDGBkTCBjjCBizCBiAQU UCTsC5lLIjDwCg+Qpg0dKB0bP74wcDBkpGIwYDESMBAGCgmSJomT8ixkARkWAmN6 MRkwFwYKCZImiZPyLGQBGRYJY2VzbmV0LWNhMRIwEAYDVQQKDAlDRVNORVQgQ0Ex GzAZBgNVBAMMElBlcnNvbmFsIFNpZ25pbmcgMgIIaveGaDrA13AwDQYJKoZIhvcN AQELBQAEggEAIkPQW/pDRhf5wP0wgXVK/fkxQSZHxws0PsmeWoYXe+4qOZZnBp6w KCemSSlaB6Eru2pZmQlbD/4gHvoZvZqk/J3d2zCGcDZwwnPC/dfo6YpCDXZ3hYnk gH5N+U2KjA9io3BdTNQ/Xt3aMCubV81nE+/O1vWtQEWwKVvuc6pzXAn9TivOaoX/ tpvQZI68lDH4sz1kN+TjkVVGllVERag8z4lBPWqWO1/bAAU90xT9oFyAOOd+0ERW ScEOVBVPaRw8C+EqiDmxAWhzoe+Bxi1KME/XX+JD40J5TnXTDVGXMx3sBKvl7uZl Xt012A1KyoWs+99V/ixgeeiiQQtphcYE4A== -----END RFC3161 TOKEN-----	2025-01-24 13:42:57 +05:45
Artur Neumann	d22f203ab5	script to validate whether the hash of the trustanchors folder changed this is useful to make sure the same set of TSA are used on different machines and that they haven't been changed. E.g. I want to make sure I use the same TSA on my local machine as in CI and I want to make sure the imported certificates in CI are the same as in my local machine, so that I can trust them.	2025-01-24 13:42:46 +05:45

Author

SHA1

Message

Date

Artur Neumann

49f05d35b8

-----TIMESTAMP COMMIT-----

Version: 1

Algorithm: sha1

Preimage: version:1,parent:d22f203ab5b04e04de0dbcdf0fce3ec6a18dbf51,tree:e70e876f915fa2d63bdf7d405fb48ca1a9e50096

Digest: 94ca5c45f986511199fda711cd83dae79b27eaf5

Timestamp: https://freetsa.org/tsr
 Info: Timestamp generated with GitTrustedTimestamps by Mabulous GmbH

 Version: 1
 Policy OID: tsa_policy1
 Hash Algorithm: sha1
 Message data:
     0000 - 94 ca 5c 45 f9 86 51 11-99 fd a7 11 cd 83 da e7   ..\E..Q.........
     0010 - 9b 27 ea f5                                       .'..
 Serial number: 0x052729E1
 Time stamp: Jan 24 07:57:56 2025 GMT
 Accuracy: unspecified
 Ordering: yes
 Nonce: 0x95B6DC184C0090F2
 TSA: DirName:/O=Free TSA/OU=TSA/description=This certificate digitally signs documents and time stamp requests made using the freetsa.org online services/CN=www.freetsa.org/emailAddress=busilezas@gmail.com/L=Wuerzburg/C=DE/ST=Bayern
 Extensions:

 -----BEGIN RFC3161 TOKEN-----
 MIIFOAYJKoZIhvcNAQcCoIIFKTCCBSUCAQMxDzANBglghkgBZQMEAgMFADCCAX8G
 CyqGSIb3DQEJEAEEoIIBbgSCAWowggFmAgEBBgQqAwQBMCEwCQYFKw4DAhoFAAQU
 lMpcRfmGURGZ/acRzYPa55sn6vUCBAUnKeEYDzIwMjUwMTI0MDc1NzU2WgEB/wIJ
 AJW23BhMAJDyoIIBEaSCAQ0wggEJMREwDwYDVQQKEwhGcmVlIFRTQTEMMAoGA1UE
 CxMDVFNBMXYwdAYDVQQNE21UaGlzIGNlcnRpZmljYXRlIGRpZ2l0YWxseSBzaWdu
 cyBkb2N1bWVudHMgYW5kIHRpbWUgc3RhbXAgcmVxdWVzdHMgbWFkZSB1c2luZyB0
 aGUgZnJlZXRzYS5vcmcgb25saW5lIHNlcnZpY2VzMRgwFgYDVQQDEw93d3cuZnJl
 ZXRzYS5vcmcxIjAgBgkqhkiG9w0BCQEWE2J1c2lsZXphc0BnbWFpbC5jb20xEjAQ
 BgNVBAcTCVd1ZXJ6YnVyZzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJheWVybjGC
 A4owggOGAgEBMIGjMIGVMREwDwYDVQQKEwhGcmVlIFRTQTEQMA4GA1UECxMHUm9v
 dCBDQTEYMBYGA1UEAxMPd3d3LmZyZWV0c2Eub3JnMSIwIAYJKoZIhvcNAQkBFhNi
 dXNpbGV6YXNAZ21haWwuY29tMRIwEAYDVQQHEwlXdWVyemJ1cmcxDzANBgNVBAgT
 BkJheWVybjELMAkGA1UEBhMCREUCCQDB6YYWDajpgjANBglghkgBZQMEAgMFAKCB
 uDAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI1
 MDEyNDA3NTc1NlowKwYLKoZIhvcNAQkQAgwxHDAaMBgwFgQUkW2j2GDsyoLjS8Wd
 F5Pn6WiHXxQwTwYJKoZIhvcNAQkEMUIEQPeVDoOWvx/xfL2roIlwOifjPctlsWCF
 PWngjJJGdXQwuT2n3/KkTXQ+D6AMVRV0Jvj6fKEtx9LEvH4EIQ2XnG4wDQYJKoZI
 hvcNAQEBBQAEggIAm/KiZ2o9EG98tkVm0h5xAUVqDwLaBFlRxz7W6600iiJNZPd3
 yBW0JbZ1thRT/AyUgGEc2M27I57EDLkHEmWGhA1Dh/HMhL9lNtsLhM5GJQuOD/2S
 SQjS72ySVcZYnLqRK8z4tR8+Q7san0oxT6UhQGmzOu08pjjs+E9BxZVNhMu7MSGu
 gSmg1qtAPQs7dXeAX+WKrxaFMSgz3COn9xSWhubwhE+9YKYIO0V7iEu/aimd9syr
 WxYhzcmmpqe+TNnAIEICqf/8Loj7NlJT6EZiErUBi19f4rnbKjae2wgWdon/901m
 vcTGgEpCGeWWnP2uMgibYeMfmo8PqAowOCmbbtb4ImvsXtJ+w12cE77eBVvHkOtd
 9c4pzwrBDdWf9rDaEGvmytsn9hiUOqNUJqy7X0RokgZAhKBiwnWwj0tcBSVRymMH
 P2OKQqPW5QmIEnN4l9cXxI1jjzR9DuGLOXN/HFHetE6Q9J7svTvb2ojHAy9Vu6op
 MKgD36kmLB2BoDFKWWsNRah2rcR7JBq8AwHvR3wjFrjBK3bcmKrkHPbZLQM1Xrhy
 8pDWJtLE7qUVjT5peAV+HJTL79l1ayBwPyl5EU9lWSxRjrHqHlesKH70u47u5JNi
 PAt9wgoQ4LWnFWqujtv4dZWDc5yNWq0sUmoII9WIO+HfiOJ1Ue+2nYkP9Xw=
 -----END RFC3161 TOKEN-----

Timestamp: https://tsa.cesnet.cz:3162/tsa
 Info: Timestamp generated with GitTrustedTimestamps by Mabulous GmbH

 Version: 1
 Policy OID: 1.3.6.1.4.1.22408.1.2.3.45
 Hash Algorithm: sha1
 Message data:
     0000 - 94 ca 5c 45 f9 86 51 11-99 fd a7 11 cd 83 da e7   ..\E..Q.........
     0010 - 9b 27 ea f5                                       .'..
 Serial number: 0x6B11456390A4A52C
 Time stamp: Jan 24 07:57:57 2025 GMT
 Accuracy: unspecified
 Ordering: no
 Nonce: 0xBCDBFCA8C45E6309
 TSA: DirName:/DC=cz/DC=cesnet-ca/O=CESNET/CN=tsa.cesnet.cz
 Extensions:

 -----BEGIN RFC3161 TOKEN-----
 MIID1QYJKoZIhvcNAQcCoIIDxjCCA8ICAQMxDzANBglghkgBZQMEAgEFADCBzgYL
 KoZIhvcNAQkQAQSggb4EgbswgbgCAQEGDCsGAQQBga8IAQIDLTAhMAkGBSsOAwIa
 BQAEFJTKXEX5hlERmf2nEc2D2uebJ+r1AghrEUVjkKSlLBgPMjAyNTAxMjQwNzU3
 NTdaAgkAvNv8qMReYwmgXKRaMFgxEjAQBgoJkiaJk/IsZAEZFgJjejEZMBcGCgmS
 JomT8ixkARkWCWNlc25ldC1jYTEPMA0GA1UECgwGQ0VTTkVUMRYwFAYDVQQDDA10
 c2EuY2VzbmV0LmN6MYIC2TCCAtUCAQEwbDBgMRIwEAYKCZImiZPyLGQBGRYCY3ox
 GTAXBgoJkiaJk/IsZAEZFgljZXNuZXQtY2ExEjAQBgNVBAoMCUNFU05FVCBDQTEb
 MBkGA1UEAwwSUGVyc29uYWwgU2lnbmluZyAyAghq94ZoOsDXcDANBglghkgBZQME
 AgEFAKCCAT4wGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJ
 BTEPFw0yNTAxMjQwNzU3NTdaMC0GCSqGSIb3DQEJNDEgMB4wDQYJYIZIAWUDBAIB
 BQChDQYJKoZIhvcNAQELBQAwLwYJKoZIhvcNAQkEMSIEIArVkoHd0fkRZmDW1bjL
 /QcSZHQ1HshoIG5TlCmiC3C5MIGhBgsqhkiG9w0BCRACDDGBkTCBjjCBizCBiAQU
 UCTsC5lLIjDwCg+Qpg0dKB0bP74wcDBkpGIwYDESMBAGCgmSJomT8ixkARkWAmN6
 MRkwFwYKCZImiZPyLGQBGRYJY2VzbmV0LWNhMRIwEAYDVQQKDAlDRVNORVQgQ0Ex
 GzAZBgNVBAMMElBlcnNvbmFsIFNpZ25pbmcgMgIIaveGaDrA13AwDQYJKoZIhvcN
 AQELBQAEggEAIkPQW/pDRhf5wP0wgXVK/fkxQSZHxws0PsmeWoYXe+4qOZZnBp6w
 KCemSSlaB6Eru2pZmQlbD/4gHvoZvZqk/J3d2zCGcDZwwnPC/dfo6YpCDXZ3hYnk
 gH5N+U2KjA9io3BdTNQ/Xt3aMCubV81nE+/O1vWtQEWwKVvuc6pzXAn9TivOaoX/
 tpvQZI68lDH4sz1kN+TjkVVGllVERag8z4lBPWqWO1/bAAU90xT9oFyAOOd+0ERW
 ScEOVBVPaRw8C+EqiDmxAWhzoe+Bxi1KME/XX+JD40J5TnXTDVGXMx3sBKvl7uZl
 Xt012A1KyoWs+99V/ixgeeiiQQtphcYE4A==
 -----END RFC3161 TOKEN-----

2025-01-24 13:42:57 +05:45

Artur Neumann

d22f203ab5

script to validate whether the hash of the trustanchors folder changed

this is useful to make sure the same set of TSA are used on different
machines and that they haven't been changed.
E.g. I want to make sure I use the same TSA on my local machine as in CI
and I want to make sure the imported certificates in CI are the same as
in my local machine, so that I can trust them.

2025-01-24 13:42:46 +05:45

script to validate whether the hash of the trustanchors folder changed #4

2 Commits