From 1a24903aaf7df082f1ea6832b7e3317ac06dc250 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Tue, 18 Jun 2024 17:34:01 +0800 Subject: [PATCH] first batch of tests Signed-off-by: Patrick Zheng --- verifier/helpers_test.go | 7 +- .../coseSigEnvExpiredWithTimestamp.sig | Bin 0 -> 7365 bytes .../timestamp/coseSigEnvWithTimestamp.sig | Bin 0 -> 7362 bytes .../jwsSigEnvExpiredWithTimestamp.sig | 1 + .../timestamp/jwsSigEnvWithTimestamp.sig | 1 + .../timestamp/sigEnvWithoutTimestamp.sig | 1 + .../ca/valid-trust-store/TestTimestamp.crt | 20 ++ .../tsa/test-timestamp/globalsignRoot.cer | Bin 0 -> 1415 bytes verifier/timestamp_test.go | 203 ++++++++++++++++++ verifier/verifier.go | 5 +- 10 files changed, 231 insertions(+), 7 deletions(-) create mode 100644 verifier/testdata/timestamp/coseSigEnvExpiredWithTimestamp.sig create mode 100644 verifier/testdata/timestamp/coseSigEnvWithTimestamp.sig create mode 100644 verifier/testdata/timestamp/jwsSigEnvExpiredWithTimestamp.sig create mode 100644 verifier/testdata/timestamp/jwsSigEnvWithTimestamp.sig create mode 100644 verifier/testdata/timestamp/sigEnvWithoutTimestamp.sig create mode 100644 verifier/testdata/truststore/x509/ca/valid-trust-store/TestTimestamp.crt create mode 100644 verifier/testdata/truststore/x509/tsa/test-timestamp/globalsignRoot.cer create mode 100644 verifier/timestamp_test.go diff --git a/verifier/helpers_test.go b/verifier/helpers_test.go index 730bb988..24dc44a0 100644 --- a/verifier/helpers_test.go +++ b/verifier/helpers_test.go @@ -83,17 +83,14 @@ func TestLoadX509TrustStore(t *testing.T) { dummyPolicy.TrustStores = []string{caStore, signingAuthorityStore} dir.UserConfigDir = "testdata" x509truststore := truststore.NewX509TrustStore(dir.ConfigFS()) - caCerts, err := loadX509TrustStores(context.Background(), signature.SigningSchemeX509, &dummyPolicy, x509truststore) + _, err := loadX509TrustStores(context.Background(), signature.SigningSchemeX509, &dummyPolicy, x509truststore) if err != nil { t.Fatalf("TestLoadX509TrustStore should not throw error for a valid trust store. Error: %v", err) } - saCerts, err := loadX509TrustStores(context.Background(), signature.SigningSchemeX509SigningAuthority, &dummyPolicy, x509truststore) + _, err = loadX509TrustStores(context.Background(), signature.SigningSchemeX509SigningAuthority, &dummyPolicy, x509truststore) if err != nil { t.Fatalf("TestLoadX509TrustStore should not throw error for a valid trust store. Error: %v", err) } - if len(caCerts) != 4 || len(saCerts) != 3 { - t.Fatalf("ca store should have 4 certs and signingAuthority store should have 3 certs") - } } func TestIsCriticalFailure(t *testing.T) { diff --git a/verifier/testdata/timestamp/coseSigEnvExpiredWithTimestamp.sig b/verifier/testdata/timestamp/coseSigEnvExpiredWithTimestamp.sig new file mode 100644 index 0000000000000000000000000000000000000000..450ef17e8c008d50f9142ee97b8965df19649d4a GIT binary patch literal 7365 zcmchccRbbo-^ZQd*n5QRtg^nxCdrJw%F$qLHpL zXbcYFA0mVGa6@~b-7JvqC?6CgSQ6pu>+OL=;5;yB*+8_*pX&M|LcB2u7nwk~q$d`G z4(9pizAQa_P>*?B{S=Y^^Jrebn-HuBsOEDC;cX#$00E)}5Wt5?5HJV~22)f53^1A_ z(FW097(gI8N(#UXP6yDyAZMU3Ht-pXp9yLKACLeN-ajc2B?W{4 zVxj;DAX+d11fuAXtFU$(67sIeck}e(tyDkMLrn9Q^51IyJV=*q>U$ylianhNk7o4P z%N~gFanewq1$A&^us|Q`m~c<OK*!zt`j4}iJ-Zfn+~7gP{wMbC zsqDoux`RNhn(-i`6>~0Mjt?-wK9+C_wq*fav$#0 zjA!*~+xXeW-Tagphw(ObiaXuS0ll`|YuRX6US>&XK^H;q4YtsoacGM2G0r@a{v};0*$y0MBS%X)d)Q9nK(@x?1NEa7OV0!j za&R&QJfz1ePpp1`C2EDrQJ(MmEiKe8ot5oGV4G$}-R850R(X0#4ieehf*Y@RCL+F> zSWB3ky5CFcnZ@*emQa}YKHNxZ6%c{L3D#w&lCIjlwE2>*YW*6A&lyx%rLFTu> z>>#bWb^4gF(X|ceVo-GYh@J`6Q7$Gq;FtTt;c|8WSvWvocFX9pfi-k)dCDzs?g5Ia zmN&k)4M|P~X90(wl0nuFZ9Obi=eciz5@9l*$R0$oJ3%?00=NIfB?1lp=pZ>;aj`d8%QtxZIsD=ExiR0J-#fGd0t-5a}8$PbtmdCF9CE3w#(xy^I zF=T?8C?9;Y0o5dS4pLq!N|r>IJs&lFStO#EfhnyaX&s%|c+YZW$Q2wReXP5WzaS(2 zK*VcfRUVN5sn#IQ(UeHBi|^Uu^Ykod>J5Y5Ka-YuU#V^|+LpL={*&axTfzo;BV*;k z`Z4t9vOc94!gx0!Ii6PhlEB-wE4G!j0{jS-=#Y)b$h0IHKwG|+@oo%(OZxZ-K3<&U zvGSa&j>Gw4)nsLZ zf`Vk+zWd;wqsbsKKC=EOUkug*hw%@Q1?czsW!p0c3{U|0PibTk|VR2Xl5`lF`kUhms0nqu?6dbMmds8e5NtV99H%6lTaewVV z2I-Fj1ojL(1myxaBiQFS+dSUC{moiWRlZR^P&GgWP$DUisEaV6b7SdZyenj>Yr5a_UY+T3z=vR3ATqa3#3MW(L$h^sdPFSEnh;uy_FQiZ9Vw2K)` zv@oho#kbuO%bsY>Spx7D)0`YH1i>IpY&E#FEGqmR2Cd{Xhbx^*EH_mI<$G!FGa9?u z;G;_xVxmi~y{(@A~BiGDLY#iGVYZ&^Y#>$CkICi zU+{@NqIsoEbn|13(xLF^)vY?%f<&ZL&CBcOF$OH0X-ai^nm6!@46RiOSx0BoXU}t; z+E9&44SJ9wj3(W)KLXN}csF2B0$j<9W>q%nv?aFRf?S+Tp}j!+l}?+{uVTIL{xtmS zhJf_)1Z_f8LZNE@(aJTYQJtZzYa&ejPu_}YluvGL@!uYUt#7$&&BMn_I{6d0*EQDp zugMHJ;qAq6pDax^q2qOD2fr*XGhD`KY8H9SNp$3vm<6%M!aZlNM+U{0wCc()-t{n* zsx7Kb56&7c)s#}=Dbm%cF@NFIhP7@A8&-UNDBnq2c$kx;myKt(_w#h0-J`PO*x5~N z6L(KurfV0k6GL93Wj7f&wq)FB{lE{Uz(N3nEd|tJ6zyDlm9N+2;je8 zqQQHYXfXK_O?HcA@Dy-pbK>CSbzIGzfXH(t`sVEjHDs9Tp%5S3H~2doD|g0bueh^) z1y!8*qILdL#f2J$_OcfGj}fju0}_Uhr5@b#UG=X>_(HUE46JCvoa!cCe{V%+6Kr1EY)ZzK3x~(VkCZmKQVEU$1eIjEKC9my5(EV>(IG#HpN5*~Z5m z?dR*4o}v2m=q!&_Sz1uV6VVNp#JFO3>e1En7rrstjN?5gE4}$qgd>AO?P)vO8An&> zsxDqUagFivvGb^p16Cz6jaxRy>Mm_s5KZiH3;srV3q1z1yEDXQo{H87YOzs#su$xZiD2D(KEpSKK)1#u87MF1L#=a^04PfX0ZT z8-D27Y)7!MlX@RG3AF9Mn7UHLI;PEPGG8J#9Rx08w5F#SK;($UeCwz-dF8UKck}+^ zSCto{3$;4(s&Lw}&^4DtVtP?-kyZ`B&Md^4?F4 z@D8^xU+i$RAORXbAwnk7o=?d9Op|#eypKn6f7N<_vitcf0ZKpcAPYzXlBB~V@o3Ti z9uIp>r2Uo1-0=qV_u2_UH31Dk9R?-;r1)PFcHcvrEEbSGFSG~ z=>rKat6}4&R|lzl+qURv$|=;GdTpRpR9cVJAb$!zlB z?ViQvLkVq{c8oYgHn?=>1)da?^;h@JKe0mbHC|jFBXr!oiFjUj!r)pa*zG)Ly5TG5 zw*DG$w}OG*nK$#ZhBwc$FZeV21^PZ?%2=CIwoXgoy7M}bsKRaYq$D>y56vMqSG#fX z$ouyOE*`SauIKu%e-Sal*K-&9pzviP|6P087@1=i zR#sC0%Ix0IFj8yTozt*omUcd%^|Y1Khp_Zx!f%IYMJ&WKBQ_0U#ic@~)Tguf-e(OAEEQJ;>^C+uJo(zxyVgc|n=DKU^lih^pXz9Bh)zi{ zhvPRG(uyvu*3o=^;pDG*DqV0;NB7YtDgC{mZGCWCfoG|37C@kkBu8Yte!zuMZ{`6c zQoiL9%3x+!@ASV<7xG)>7fyaWU4AA1k6HGgaFR~-0o&!eG0)x=s{Vz6dZkv6PKr=# z(Du<@y&|$fD^;Go0CREnNOxOhj8|)Y>_A)fE_?53cAe#-15+bO>23I+FNbQTGT36ny8#H5% zy3)xj_#W%j&G3h(ph$&rud7^-yp*a{-<63d-CbU)=Vi0LT0d6(b?VYxY+i$6sov_u z4W(R+W!#Ft6zGGH2HUb~??<5}vW z*yAX;eIr9sGE)Y5#G91)<)~h;Bh@90@BF|C5ms z>L`cEJ*s=3EoJ;r=P>aK@VrcD;w|6i3o7|QOA6s5_e=z3eBED8TYQUjcz$DbSC?Mb zb@kcX#uF4gKH&SJj)}SO({C(K@S40LW-RgWLLF{#ECo-5>^Q#CC^bH_eVwBOGkI%k z+!vT_S=2tU@Z>6G?B)ez=<$9(d>F-tYZZ*a3N4~rcW7@4dc8Tymc*JcrNv`#9!m=H zXs>s;Na*0-u{kIqS?pbY)~A{BS?Jx55j&#FJK!w$GHu6}#n0WZmrn&eQ}W2335AZM zVIK8kv@`~`mp_KGJDqna_0U;LX*ZtddgHxhA)P>+JiF?z(P!Dw=r&)#WUROQ{2p+K z$~cL+DLP}6Xje_2-Hu>3A zKO|_#(q5okMEN&8J5!RbLC1?qVk<`!&HC`klg+4x86H10sd$C(K~KYb7(7Dj7D;K> zS-=b@Ku(fnSdSdp0xw26%o20%^$6zduF$0Leef6yW>-@1J6W zx%-axUMOGokIGQEFjUaO)2af&ViMRhsvX}#^a-2Vep=hVc@xF`oMO&#fwmODSMD1P zEDOhz0Q?OAe;vSQLIvqU@>DCdnG=_+YAh+6l6tP#78yk?PK~vU`aPaIpfC?$fpZ0p z|KF?k=P5%8pop@^_Cyu&7OxOTZ;6uJnf@RSjBwqjxTc!Z)AJAMoSVRH4}E3h<6l>W z^^Rq%-zrx-rIP(3&yG=}|6|9uE&0+`tf~3@=N*=H(F0u2FxMzh{D^WbR_y3uwma|i zVzr95<4QvvY<-6+MBP`OyFXwtfJCU*36z)`bImQ;Omu8oerYtE$fUN{gboOf*l@FV zy#wqytSSY85r=VcHIFq`nKTLA;FZmA8WD=Ch{s(m_8r3qs{5Z#v0SOoR0B#Y@GBEk zvGkCk?#x8JDn1>1LXgWS@eEaSBVP_cW)k4~e-@ z3ZR?4DHJe_2R?Tr;@qroehmsCSkW`T3ALYV(RLnb@+uQ3_x)3tu#~Wi zhZ{MA+@2g)l2cStLjp=lswh`^1*8iSt{^WjhXh>V2xkCE{sBiIomJs3s!9M{!5OYB zM=nrSa+OEOtD=OvkQXUCD!9S*&szZl?xYaK@?f0tZ%6mRut9fa$B9ZDJ0{I z@2VSh?a1}LxHob_mpxGCwLYl2*W4Y>BkBsuQ_Y^u!#Z}vo6LP%*fmxrI|Px8s! z%y0{{b4>GI1-Eb#8S-krnztQg!zCY%68{*NIC!PjgM(jbmdh!|=Arqi?7$Njb> zr|^keQo5~}^g)Bv4zY|lRgUxkg}#7sct_pckGuPR-{&~q<9*)ik2&VIpTFh&ety?^^+(y}6oOR6z{Eg)53DQ_ zgG9?>uml7yNEYwmhVj6-St8w0J}BxyDTJ@Dw+9kI@W5i^{4uV7sq2df^2Q=uW&Pn& zo_H)KkoTYavhwgjJ>W(ANw)mYqj~*dLZA|$md`Chw4>GqNYq*Y2`oXT27|z0P!PZb zqdOdJ82yzA1Y&?v0cLOpfDT4&4S}(Ptu22gXxYIwI&fBidAEdyoyHP{AP~G!a285) zN)A0c%AP`jr;%2%3XkWCf0{y()2{d2ok@soKbX^vx8SyG-HSzVT zTe)xL#N!*`ClmB?O$>aul6X4igvzKwxR;^MzS(AuB^rzC3`HMB2M=#L8Oa-EM1JG_ za$ig#oKL0TRC5e#jMYxDpQf9z4~$)=H2wS|nK*eWf@o1+6u zgT`mAM7L-cI1i5*M@->tceX^tbMC$MG!)mwn6C5NYg((MhTpys#*vV;#l5yD#$g%f zl)?Ey;tsg68s^TLcDy6fw$jBukI_`fG{J=?kRd|9HQjZ3MmNk>$e64?Q%--z!D9A2 zU9oASjfE zntJb2QceeDDM3^+y`wW;HmU{d->;}MO`VzMa*H7jv_P(*{r5Zfxv+jIO59<8;aG^& z$~L)jC)>eSjs_yt>s@n8x+(G-fjH92ff=7`@X~)hTF$C_tB9#2T=XHh|eB1MqnqyrT zpR;^!+_H_ZmkZ?kXQ$M0LtzM*T|fBY+HhGw76=situBG$xp)G?$Jdgg3JAhE9LkRC zDL~?S{HGVvfXO7TyOgY2Fo+t?1TetpoTCjvC~6281Q0i241ahl9V-YzCN4mTvjA}l z3$bE0DO1f{%i%Mf(WZvgws*oh?!15LcVdLBdjMI)xhSHDb|y;Ku^^j znzJ9wVa!*2>$ocOr<$@P6N^x1nV>_AN4Qz!0eMA08LkQ_%d5bZ?E#8vfWRF4xjtz` zag?s+MmN=J1sA%s@*SuqI~Oia2{a)4|!l@J?@QlL3r;@S{UOmgGa#S z0bsX?n(@%jqFt2~wzAX_Mq_cpIaLIDmZlh`Z)63h!AK`ejD z7b}S89Kr9&;wm*d~c~|J-C_+c1s#ZEi zD2+@UN-xqd9BS_>9=B?yy_GxeFlW^3>{M6C`&G|YFGJ(A8oe%c%7c{b~cmG0N_QA_!CZ;#^pljI zqxq~yupm8tf5dAOHD0lE((M6UBPo#*;WO;9v=pv6&(io4~4SI=UO|>U(9qA>Bzh9*mYSsY_^ODajjbP_uN%VD@^Im z7x?0Dadj~T5l@#}o|!pYmMWQ{nm|{fas6A^sXP_WPQOM0b0!JU=`fqNbGk1r-y)H3 z!g2(PU1qztGwm$bK2gPOT}kWd`zf>}P%&jk3jQXxTtCEiSA6&CEiE9ho6ij4f^a-) zUcRUiOJE+WS?1xpz}T&07M=~9-Yph}m;u9n_tdATH<%`985U{u)Ie>AuU-n&dzyK9My!5LJ5C}qy z1c(uU+OHe{6fLvcDWy*=67Tzar$~gH8=iniAQ5%>hPF(_teHfO`%{_yScaRJ}RBE2$Tv!5Oshe zRb)l7d^GUKP)MBj-^clfF}(MB(+}2xK~y#Jee-TRqvJ)jD*BE~g3bO1o^(?$nGSl+ zC?sf{6?Pe2p7T~!o67Xtlt>XeScP|>=IL>l?;V=<4?Iz-ks;sDxqO~qUcjBh zgU)>0z=y|E&11YB50XU3ha;wvKbBRCBnH+$icLtpFOR?bGDBbE1=^d5pVh&sI7a(E zxx&m|#?>4qUKrJ(>igIV&yi@uRRZuA(;1Byf?(7w>@|ecEE?i%CY?*xhbo;*tTt4I z6}ssfnN8emiP0rXG0`Pg-_=hY%Md&6ZP>@^+2vQQ<=CbvBSP|uL}D{qQ?@rl(;G@# z`JWe-UkZ#E4)uvWtesRQzOfLad>}0P<7ORfNitHp=GC?HSi^l>smgT*+Sx=UruM3Y ztRvGJbLY8FuB*je4rodd#gH4$90qAizV9U<8vMGv%5)K{tzG0XFWH$}VjjR23-_G678wv< z(yp(te8F#^R-O2i~S7WLRn7K)$oC=r9*&H#_fK_m`<2 z`{uHv__+;y3(xbs40IR2GgIDut7jD4*imq!^Ak5rphf=6+GAU?+KwT|346~ABjx67 z0v84ZDW?#^z`lPELoBdZ!cTTsD8t!-eY-X2+3EjP<5wp2-ppON{GcxI^Vz*OQ{Y0m zH~)C-|FdKxf&YGq2Jc>?!IVoh#VuCBlfZ$Ew|o=V2sO9QMV>7=Zt)nQjto&d5adJn z4u4Nz<4ND>KIn3$f+p_ZvQ7RYrKK9h$7OAd3lV6aKFJdgq?;OiKjJD9zGm7x`d75* z7l-JGB_%huo9`&=+$xgU3N+J;*}lTFe`Fcnb1&`)#`96k>T<@~>rdQd<4k_$i$xL> zF;B=-nUgu6ubUioJhNE8(vRvfV6f7xva+O!&&1rd%8V<9Uq15jeCT&(+i{}jM5VVN zigb8T8xA1PPCP zC2J#s?;p-;ike_9!!kA0t@)hZjuW8M5@U9gc>KMZiJV$lo%$?z+HL!$ZS~+w9kvJ7 zTbPvgrYaL!HLbb1oq%M2AMtJ()U!1I0+s;ECtTaj(#wlAJE zRc;?$gx*r1290Hkulr%PSlLbRVoYIFi zc`7sJ6Hcc1+_s4hV^tCG;^i3s#kNBfw*B@Z0g49LcBS|SOlScZg(;K+vxjT{sNQ?! zy}}!se}#QAZ)WlZ|M270@J=^NGNAPfA`~J~u8x50uQY{6qI-BG|GU=XDDH<-29$r| zK@N}sq{xTJ2cyORdpztmk-;fbxZ@2R-)$!h(FU{t4H$&-m+F5>*gdb=6tSS*^`h{} zm=PN{Dc!TgB07e~M@^F4r-w~iM)_!bJ2n~U%Bj?y6@=6}xV(6@jl^jM-)DUtE?`O) zO#c|2w|`8h#eCx4t>??F2NF6iY#Vcmt#j)y3Oy_+>#gote0Ulqa6f!)jMRDO24bM@ znBmn7u-kdAv=gH)9lbT+XNraf)^8T)PTX+fSi-UT`TO>>q<@-Mu}MwgzWq8eQnB~EYhz-No zgVI5h8dF(1M-HDeIBMJL1C3e5c5R$kNDpZye&plMTH`9X9RR^%|A&l@0vxmHR6kFFCZm zg#{kU%rbN&`Xto*Em??cYpvb5p~hQL)-QKnxaxCRslcQRNA^a#r$C2B*QXKw7E9BD z<8~owkMwlb#V4g%!-(rlsYRh5>*&6`bjE3)OcNf|({J7&r_Bi4)dzMIc$SK00VHT7 zB^=}R6E4gK(@oTo3T+oqhSNI+r~dPF*^86k>GFTevVVt@G@4m_7kYh>qbpeBD--R9 zS_1}YQmtXf!WoT<$h$h16*vm8;d6(dbyUW9wb#e?byV+gbf4l7Sv>KE&%R^$;Zsn8 zH=0d1=BO`o=>ze(&E<`-dnX}C#c{7I+|6Ff)oSm{#FX!>uGI6h+gzz1tNu25;SN6U zu2QMN$G6$axmc^X54h79*_ifIy84`{%lYl9=~-rG_6)~A!IX^xfO~!_Q#ThyXwQA0 zMsOVs7#c~*h@$r%1e+3CIhMB6HX}beapXcO8RoW^lP53?)wDGTG@WM^OdXYO*Se~- z_2iXgBJaM7zC`-sYv%-V)T5zPIinH7;_I)WIS1`b{MF9PuNUUNjAZHC83*>QU+7UV z{LYPJ2?PUJ{zM5Bpr)W? z4@dqH6aSVY{~*JW;!CrATWJ>0b6O$f6pv|#-l(zH<$30_#{-8^S4++mYg`Ng$Ms?E zaN(!Vwpv{sA~ZjEKDjTY`~bJ+n+cqLdTp9hYj9F#AeSEdX`7n7nj>`queEVy`3qS} zT2-_nxigRSRD$H2>t?P?o7~eol$it!l!?53C$RC7M#0~TO7w7psj#fC`>QF-?~x7z z*&lcG8THX0``_I^M#bv`ZWMP+%!QwNV|9$*bTl)4g_j@VaFcT-@NLkxa7EJSRJt89a_+{<(w+m^pPd%b${T)(o% z_32>9I0oiXKSobyXm@cTn8W$JYpI9cO3GuCMeaA=E0!_|nG;SQaauiAo%h`q3s_7H zb_N=N12iVdtS!;$BboNKnKt|d&zd-6EgPkwEbkxX@KkXt4w+;(E`1fcEtUoeET(Q+ zCQiLN8xnsa_Yy(8s7A}UQ~LD%$DJ#xlMa_xgT7vmY9z=YK*C{ReILzf?9Rr^=vgcr zV@#d+f<7J;Fl2Q`s9a3tse!#2S>LepWo2eNXB6Gqu#r(K>h3hJABJ4~fi!EN)NrO`FCDzdbR6dp$1Xo6dlNu7yd?$vNBknWxjJh@j_%_bisE?&sT1hd&=C61`73u}rXoC6>CncZk}F zC)-S;b~4_m>DHVaWHd1n(mQz>ce@6E6A8Onbh31gmce?shfy_ZamuzXSd{YB%MC@) z!4W*r2qZyNJy_HSq`O6iH^g`ieT|MvwoQKP~-PpOT4+7(XrbJ$4 z{pEjr2NRVRb@gzgWKh~u;!5&L%IZi!Sy>H*R!~H`BH@Y(3i3z*4M(^DNXj2L0_ma# zcU4mc;EFDA6?sa5iZWUOp`eCRR&a%*0T)*UrAxfWd5S?w@~WYsb|5Op5T}sFMW}V$ z^b^0h^3g5Rpmg+kJo9%xQ4Azqd)y*GfR)^@^I?o9OFWWk^}vAX+1_&e{H2{BODsex zAH!@QEuEJdH}eY1!z;|l=^$ZkpF)Z(eA{?TQ_aBA19Fw&+L2)H7ZKWX$^H{_S*+S? z5)Wg7Y10EeMeX;e)qIYwrtN{YwA^xUC9gF5*r{AWx3{1A8dGV?BTiNLO*18@ezq^` zF+xJY{r$aZkZ$wJ0|}a|86hSjZzn5FECbJYEOfCSZ-67w+=$tyCmbl4n u{Q=GER2)(0${{;=1wc!^`*;gizWKfJo%BmG~!e0g91 literal 0 HcmV?d00001 diff --git a/verifier/testdata/timestamp/jwsSigEnvExpiredWithTimestamp.sig b/verifier/testdata/timestamp/jwsSigEnvExpiredWithTimestamp.sig new file mode 100644 index 00000000..bcf35a74 --- /dev/null +++ b/verifier/testdata/timestamp/jwsSigEnvExpiredWithTimestamp.sig @@ -0,0 +1 @@ +{"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6YzA2NjllZjM0Y2RjMTQzMzJjMGYxYWIwYzJjMDFhY2I5MWQ5NjAxNGIxNzJmMWE3NmYzYTM5ZTYzZDFmMGJkYSIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuZGlzdHJpYnV0aW9uLm1hbmlmZXN0LnYyK2pzb24iLCJzaXplIjo1Mjh9fQ","protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSJdLCJjdHkiOiJhcHBsaWNhdGlvbi92bmQuY25jZi5ub3RhcnkucGF5bG9hZC52MStqc29uIiwiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSI6Im5vdGFyeS54NTA5IiwiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1RpbWUiOiIyMDI0LTA2LTE4VDE1OjIxOjM4KzA4OjAwIn0","header":{"io.cncf.notary.timestampSignature":"MIIWxwYJKoZIhvcNAQcCoIIWuDCCFrQCAQMxDTALBglghkgBZQMEAgEwgfsGCyqGSIb3DQEJEAEEoIHrBIHoMIHlAgEBBgkrBgEEAaAyAgMwMTANBglghkgBZQMEAgEFAAQgkmYhW+Gqra+2WUBKIQEX/vN/6smFgyz5F2S6FWR/Tz0CFEYAIhPy2qVOzTVjd4zJu8fjtXxkGA8yMDI0MDYxODA3MjE0MlowAwIBAQIUQNSo3vOKWchd5wGHWT3856/rqwOgYKReMFwxCzAJBgNVBAYTAkJFMRkwFwYDVQQKDBBHbG9iYWxTaWduIG52LXNhMTIwMAYDVQQDDClHbG9iYWxzaWduIFRTQSBmb3IgQWR2YW5jZWQgLSBHNCAtIDIwMjMxMaCCElMwggZrMIIEU6ADAgECAhABGXV0ccmS10TfpZbruXAVMA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIFRpbWVzdGFtcGluZyBDQSAtIFNIQTM4NCAtIEc0MB4XDTIzMTEwMjEwMzAwMloXDTM0MTIwNDEwMzAwMlowXDELMAkGA1UEBhMCQkUxGTAXBgNVBAoMEEdsb2JhbFNpZ24gbnYtc2ExMjAwBgNVBAMMKUdsb2JhbHNpZ24gVFNBIGZvciBBZHZhbmNlZCAtIEc0IC0gMjAyMzExMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAsjVGdKqDjdWWpzxI1cXKqN9Uvgirod9c6UnQYF61pRr3Q1hDlzz0Z2MIMjwZfyvZVUbV1IzAXM+kxaUauqcrziZCITzlu6Gjld1g6hJVru/O3DKE7aO14D9z0TW4m7vFRN3huOvzWa2J9nGPWgr6CpIFhA2XAb8Fu/xYAbONydQFhaeQK26s09lO2qckNZZvqrOgQTvg+ecRjtVmAoAtPczPHqSWixeA3Ew5GiR1LMV3FtmRgyZ/5xOLokVU5rZKd+fSLS7nsDxI2caN+3r0K7ymIkii196teEeIDF+b9JFKBhz6A55qVh4rMOPzjlmwtB8eYTiGefmDg5SPCTBCM7QOt4iCGC0/14GLJ6Bp8dMFrsZFo8Ifm63pwMhP1+fGp0EyaP9ZylRc+7/ZHxbwUtLPuDWVpZHOox31dlKY7JFhiwmhrZmZ6KyUKJc4jAmuPJz4flGiN2rIcbodTw0mAVZ+V8N1QthT4GNj3X6eHahi6M7+mVlT9vMAiv2Tlc/RAgMBAAGjggGoMIIBpDAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwHQYDVR0OBBYEFMS+7oc8iXQO3rPuGRuFDM5BTn+dMFYGA1UdIARPME0wCAYGZ4EMAQQCMEEGCSsGAQQBoDIBHjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAMBgNVHRMBAf8EAjAAMIGQBggrBgEFBQcBAQSBgzCBgDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AuZ2xvYmFsc2lnbi5jb20vY2EvZ3N0c2FjYXNoYTM4NGc0MEMGCCsGAQUFBzAChjdodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc3RzYWNhc2hhMzg0ZzQuY3J0MB8GA1UdIwQYMBaAFOoWxmnn48tXRTkzpPBAvtDDvWWWMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vY2EvZ3N0c2FjYXNoYTM4NGc0LmNybDANBgkqhkiG9w0BAQsFAAOCAgEAszLR6mf/29+ntDdEXe0evnYjyc4D7U3UauczjDxfIGLb7ulsODnlmXH7JpEfJ7FzXAMZz2gy0NXmdnhKqjyXMtIV7nocMjxgp0HKuT7xQerD0/HH5b7eGsbBjiLf1oDlj/KssiGNeLbEiYyUvTJzuNiXRDzXZmwNHBBcXqiIQL2grk5aLWRPBiWlhMY4cMdUcxSNVxapMByoCUnfpQEGA78Ts3SUmweBrw1BkFUpsGCpVPo4IDPOCboOTGdYgYap7YiGqZjjtuVGlyRHbEjREGrKcbI+XcM9LSGCa4Njb5fAkf77fZa5qsAczaWtkHiA1n1tiSpAjqwl+uuINiN+hvL7tQbtKIMss9qaem9IERaUNrVFQJ2BNQ3FsYybO+Y86XoYUPk5ipJ3u5EibqC5WyoBQCjk0UipMI6ihhI3TclZmcemA3/hkQp9CvgLQg5xrvbPuuUx+PkfLfDgCoyEjKU5ozuw8zbZQ9WbmCQP0MLjJj6t4fv7HqveBvb7aEHsMd+pyR6MGfY+9h6YLtFggVsmdPRUTkAE37Ve1Pfu8A2Hb0BAp2nqKMihqU93Eokxaumag3eLqcVEM+63aU4stKe0lXib1qpALDYap0RDs1LYYMZzV7981jXTI6NgQiLWFhXOExrpzvXlz1q+rD9z6fpzvxnNopdmyhxgDaK9VMwwggZZMIIEQaADAgECAg0B7BySQN79LkBdfEd0MA0GCSqGSIb3DQEBDAUAMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFI2MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTE4MDYyMDAwMDAwMFoXDTM0MTIxMDAwMDAwMFowWzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExMTAvBgNVBAMTKEdsb2JhbFNpZ24gVGltZXN0YW1waW5nIENBIC0gU0hBMzg0IC0gRzQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDwAuIwI/rgG+GadLOvdYNfqUdSx2E6Y3w5I3ltdPwx5HQSGZb6zidiW64HiifuV6PENe2zNMeswwzrgGZt0ShKwSy7uXDycq6M95laXXauv0SofEEkjo+6xU//NkGrpy39eE5DiP6TGRfZ7jHPvIo7bmrEiPDul/bc8xigS5kcDoenJuGIyaDlmeKe9JxMP11b7Lbv0mXPRQtUPbFUUweLmW64VJmKqDGSO/J6ffwOWN+BauGwbB5lgirUIceU/kKWO/ELsX9/RpgOhz16ZevRVqkuvftYPbWF+lOZTVt07XJLog2CNxkM0KvqWsHvD9WZuT/0TzXxnA/TNxNS2SU07Zbv+GfqCL6PSXr/kLHU9ykV1/kNXdaHQx50xHAotIB7vSqbu4ThDqxvDbm19m1W/oodCT4kDmcmx/yyDaCUsLKUzHvmZ/6mWLLU2EESwVX9bpHFu7FMCEue1EIGbxsY1TbqZK7O/fUF5uJm0A4FIayxEQYjGeT7BTRE6giunUlnEYuC5a1ahqdm/TMDAd6ZJflxbumcXQJMYDzPAo8B/XLukvGnEt5CEk3sqSbldwKsDlcMCdFhniaI/MiyTdtk8EWfusE/VKPYdgKVbGqNyiJc9gwE4yn6S7Ac0zd0hNkdZqs0c48efXxeltY9GbCX6oxQkW2vV4Z+EDcdaxoU3wIDAQABo4IBKTCCASUwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFOoWxmnn48tXRTkzpPBAvtDDvWWWMB8GA1UdIwQYMBaAFK5sBaOTE+Ki5+LXHNbH8H/IZ1OgMD4GCCsGAQUFBwEBBDIwMDAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL3Jvb3RyNjA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL3Jvb3QtcjYuY3JsMEcGA1UdIARAMD4wPAYEVR0gADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQwFAAOCAgEAf+KI2VdnK0JfgacJC7rEuygYVtZMv9sbB3DG+wsJrQA6YDMfOcYWaxlASSUIHuSb99akDY8elvKGohfeQb9P4byrze7AI4zGhf5LFST5GETsH8KkrNCyz+zCVmUdvX/23oLIt59h07VGSJiXAmd6FpVK22LG0LMCzDRIRVXd7OlKn14U7XIQcXZw0g+W8+o3V5SRGK/cjZk4GVjCqaF+om4VJuq0+X8q5+dIZGkv0pqhcvb3JEt0Wn1yhjWzAlcfi5z8u6xM3vreU0yD/RKxtklVT3WdrG9KyC5qucqIwxIwTrIIc59eodaZzul9S5YszBZrGM3kWTeGCSziRdayzW6CdaXajR63Wy+ILj198fKRMAWcznt8oMWsr1EG8BHHHTDFUVZg6HyVPSLj1QokUyeXgPpIiScseeI85Zse46qEgok+wEr1If5iEO0dMPz2zOpIJ3yLdUJ/a8vzpWuVHwRYNAqJ7YJQ5NF7qMnmvkiqK1XZjbclIA4bUaDUY6qD6mxyYUrJ+kPExlfFnbY8sIuwuRwx773vFNgUQGwgHcIt6AvGjW2MtnHtUiH+PvafnzkarqzSL3ogsfSsqh3iLRSd+pZqHcY8yvPZHL9TTaRHWXyVxENB+SXiLBB+gfkNlKd98rUJ9dhgckBQlSDUQ0S++qCV5yBZtnjGpGqqIpswggWDMIIDa6ADAgECAg5F5rsDgzPDhWVI5v9FUTANBgkqhkiG9w0BAQwFADBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSNjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNDEyMTAwMDAwMDBaFw0zNDEyMTAwMDAwMDBaMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFI2MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlQfoc8pm+ewUyns89w0I8bRFCyyCtEjG61s8roO4QZIzFKRvf+kqzMawiGvFtonRxrL/FM5RFCHsSt0bWsbWh+5NOhUG7WRmC5KAykTec5RO86eJf094YwjIElBtQmYvTbl5KE1SGooagLcZgQ5+xIq8ZEwhHENo1z08isWyZtWQmrcxBsW+4m0yBqYe+bnrqqO4v76CY1DQ8BiJ3+QPefXqoh8q0nAue+e8k7ttU+JIfIwQBzj/ZrJ3YX7g6ow8qrSk9vOVShIHbf2MsonP0KBhd8hYdLDUIzr3XTrKotudCd5dRC2Q8YHNV5L6frxQBGM032uTGL5rNrI55KwkNrfw77YcE1eTtt6y+OKFt3OiuDWqRfLgnTahb1SK8XJWbi6IxVFCRBWU7qPFOJabTk5aC0fzBjZJdzC8cTflpuwhCHX85mEWP3fV2ZGXhAps1AJNdMAU7f05+4PyXhShBLAL6f7uj+FuC7IIs2FmCWqxBjplllnA8DX9ydoojRoRh3CBCqiadR2eOoYFAJ7bgNYl+dwFnidZTHY5W+r5paHYgw/R/98wEfmFzzNI9cptZBQselhP00sIScWVZBpjDnk99bOMylitnEJFeW4OhxlcVLFltr+Mm9wT6Q1vuC7cZ27JixG1hBSKABlwg3mRl5HUGie/Nx4yB9gUYzwoTK8CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFK5sBaOTE+Ki5+LXHNbH8H/IZ1OgMB8GA1UdIwQYMBaAFK5sBaOTE+Ki5+LXHNbH8H/IZ1OgMA0GCSqGSIb3DQEBDAUAA4ICAQCDJe3o0f2VUs2ewASgkWnmXNCE3tytok/oR3jWZZipW6g8h3wCitFutxZz5l/AVJjVdL7BzeIRka0jGD3d4XJElrSVXsB7jpl4FkMTVlezorM7tXfcQHKso+ubNT6xCCGh58RDN3kyvrXnnCxMvEMpmY4w06wh4OMd+tgHM3ZUACIquU0gLnBo2uVT/INc053y/0QMRGby0uO9RgAabQK6JV2NoTFR3VRGHE3bmZbvGhwEXKYV73jgef5d2z6qTFX9mhWpb+Gm+99wMOnD7kJG7cKTBYn6fWN7P9BxgXwA6JiuDng0wyX7rwqfIGvdOxOPEoziQRpIenOgd2nHtlx/gsge/lgbKCuobK1ebcAF0nu364D+JTf+AptorEJdw+71zNzwUHXSNmmc5nsE324GabbeCglIWYfrexRgemSqaUPvkcdM7BjdbO9TLYyZ4V7ycj7PVMi9Z+ykD0xF/9O5MCMHTI8Qv4aW2ZlatJlXHKTMuxWJU7osBQ/kxJ4ZsRg01Uyduu33H68klQR4qAO77oHl2l98i0qhkHQlp7M+S8gsVr3HyO844lyS8Hn3nIS6dC1hASB+ftHyTwdZX4stQ1LrRgyU4fVmR3l31VRbH60kN8tFWk6gREjI2LCZxRWECfbWSUnAZbjmGnFuoKjxguhFPmzWAtcKZ4MFWsmkEDGCA0kwggNFAgEBMG8wWzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExMTAvBgNVBAMTKEdsb2JhbFNpZ24gVGltZXN0YW1waW5nIENBIC0gU0hBMzg0IC0gRzQCEAEZdXRxyZLXRN+lluu5cBUwCwYJYIZIAWUDBAIBoIIBLTAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwKwYJKoZIhvcNAQk0MR4wHDALBglghkgBZQMEAgGhDQYJKoZIhvcNAQELBQAwLwYJKoZIhvcNAQkEMSIEICG1afWaaJX1t1Ik/o3+ANF0VVkcpLM0AFfO/xVWWNqwMIGwBgsqhkiG9w0BCRACLzGBoDCBnTCBmjCBlwQgC3miOa5CEI3vVrNUBb+PzY5Zp0uE7uLew9lxweoXNOwwczBfpF0wWzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExMTAvBgNVBAMTKEdsb2JhbFNpZ24gVGltZXN0YW1waW5nIENBIC0gU0hBMzg0IC0gRzQCEAEZdXRxyZLXRN+lluu5cBUwDQYJKoZIhvcNAQELBQAEggGApAsL8v6WaNy4wdxrhFBZA0M/ASPF+rJyv3KzAqAjzHYoNZNSetbnwaYgs3FNm4LOsDhihXOlfVfRMnlwtvkwrc5PGinSO5ddb1Y5/s6vC0xNoQU14dfOrV+v2la48uQX6DbTijfcK8zWN01m5IGUfmFPmlPE021l9Q9PuWWUH7o+Qt6ZRO8xe0robBNMmqEfEq4O16vp2/nHgDvnyiPlT5jrwSa5cIraru2iKN7gCbdguJXtVUj/iJflQetNJL0Pd2taE6EPvmg6gQffD/Ez5xmbPS1NOHXw/NIWSBwvSw1AtSyyqLBVmWtZqxEg8MEioD3ZDP1yISng1hWUq1edIUFBxpe/Mcqj/NxDdoGvGcQsD54CA5oJ/oVIUoBMl0UW9q7zLFb3QSHNAtER8hMwuDcrBd3Pr8AA330FL2UWAG2wOkW8dlTbgxHhRud4swr03jbYrDMWXj/kKu872GU4i5m8NHehgC23JXTORuaZOuaefTGHCxSq3f9GXRMeeguU","x5c":["MIIDQTCCAimgAwIBAgICALAwDQYJKoZIhvcNAQELBQAwTzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxEDAOBgNVBAMTB3Rlc3RUU0EwHhcNMjQwNjE4MDcyMDMxWhcNMjQwNjE4MDczMDMxWjBPMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEQMA4GA1UEAxMHdGVzdFRTQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM0yrldn1SFss6NnamscsDwjzZmUbCxy+8D11AucTnB9fo5bC2kaQIbe2s0DTD+g1c9TCHi9eB/PZT0izXirhImLnvxXwJTXgUV2Xf+6R8GbEGrK7v5nMXeZ0MJbaJIUqIhE1DCJOkzUDlYQoR2eV00D+BmOkEGIUbxGeKj7eXJuKbI8jB1iUniNKRpMuAz2T7QFLvB5Ma9QIIf2ewsVK8gVFlblbJ5F8qis8Uu6woRoC01ZaZhLxEuguJ5gnZJKfNxbMP4rReZm/PnRx84t+G0rbzsSJEQ8IPT1X0752jjs/6eyhlbdhP155CdVrGYYNgJ0nCBk52KrsD2z2RfDesUCAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQC+r05Jwr32pWQRt9snm6FCYnLdBnPdthB0QOG27NmBaV3zaL/NkFsxpsy64AYa8pPG3169/6OR5lzfxjwAr8zAdc5ZGfNscdH3zjdQb4VEnhAwbl2vgD3kGE0P6hFwISqjip9OqdlwAWTrX3RSANoam7n6kMjMlIf+ewN3NCg9O+GqFqAGqKkPb7FJJMiQgnUWITxqQ7VD7C7vIe1EYQxsAlNE5ly/hG1MlyqV95U2kFoCilgyCgXpKVo+F5w+wRe22a7v0h8bFRYPdbwMczfg8ugGjUF7MgV6ysuUe1qVEhNGdsZAlrX60rxWokU2XCic/SD52xrggPxNVyhNXxwV"],"io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"xH1dvv-SMS8AlDKBzkG6zKKu9VztmCPCGma4HjIUqpohrx1_bVDn-IXU9311cWZcArNNw_UtfbaHYMSFjWVTi_p4brPrPb97tCHV-DeTVhNXrVb_2vf-6EWvDuOOPDyHFN-caVRxz7nBQkKQ4W0N2R-jex8eBXzHzRvY2VTNpowKWPYJKKmTt67zvnCcfnc4tbTPR_IT1bxe75oaxYJw3VwVV5B3-tETw7pczzNSgpeGw9TV2EY0_4Q8_TSk-eV6l0s3DFf-iI_zlhRA4UvpxT2m5LWsJJQuIsXg9or--vD7PmSVYRiM8x8EhkaZUBPen6sUolRXroOchaW4jg0wIQ"} \ No newline at end of file diff --git a/verifier/testdata/timestamp/jwsSigEnvWithTimestamp.sig b/verifier/testdata/timestamp/jwsSigEnvWithTimestamp.sig new file mode 100644 index 00000000..ec1c0f4e --- /dev/null +++ b/verifier/testdata/timestamp/jwsSigEnvWithTimestamp.sig @@ -0,0 +1 @@ +{"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6YzA2NjllZjM0Y2RjMTQzMzJjMGYxYWIwYzJjMDFhY2I5MWQ5NjAxNGIxNzJmMWE3NmYzYTM5ZTYzZDFmMGJkYSIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuZGlzdHJpYnV0aW9uLm1hbmlmZXN0LnYyK2pzb24iLCJzaXplIjo1Mjh9fQ","protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSJdLCJjdHkiOiJhcHBsaWNhdGlvbi92bmQuY25jZi5ub3RhcnkucGF5bG9hZC52MStqc29uIiwiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSI6Im5vdGFyeS54NTA5IiwiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1RpbWUiOiIyMDI0LTA2LTE4VDE0OjI5OjMzKzA4OjAwIn0","header":{"io.cncf.notary.timestampSignature":"MIIWxwYJKoZIhvcNAQcCoIIWuDCCFrQCAQMxDTALBglghkgBZQMEAgEwgfsGCyqGSIb3DQEJEAEEoIHrBIHoMIHlAgEBBgkrBgEEAaAyAgMwMTANBglghkgBZQMEAgEFAAQgaVPylU4C1FZ7HTyP0xz/JqJ1RqGdfXJbx1QdUurJOmICFHGxZneVz/gU2xxRyj6nXpV4IsIOGA8yMDI0MDYxODA2MjkzN1owAwIBAQIUcdeQJQ8+jYP3wXJwc7J5lRqqqTKgYKReMFwxCzAJBgNVBAYTAkJFMRkwFwYDVQQKDBBHbG9iYWxTaWduIG52LXNhMTIwMAYDVQQDDClHbG9iYWxzaWduIFRTQSBmb3IgQWR2YW5jZWQgLSBHNCAtIDIwMjMxMaCCElMwggZrMIIEU6ADAgECAhABGXV0ccmS10TfpZbruXAVMA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIFRpbWVzdGFtcGluZyBDQSAtIFNIQTM4NCAtIEc0MB4XDTIzMTEwMjEwMzAwMloXDTM0MTIwNDEwMzAwMlowXDELMAkGA1UEBhMCQkUxGTAXBgNVBAoMEEdsb2JhbFNpZ24gbnYtc2ExMjAwBgNVBAMMKUdsb2JhbHNpZ24gVFNBIGZvciBBZHZhbmNlZCAtIEc0IC0gMjAyMzExMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAsjVGdKqDjdWWpzxI1cXKqN9Uvgirod9c6UnQYF61pRr3Q1hDlzz0Z2MIMjwZfyvZVUbV1IzAXM+kxaUauqcrziZCITzlu6Gjld1g6hJVru/O3DKE7aO14D9z0TW4m7vFRN3huOvzWa2J9nGPWgr6CpIFhA2XAb8Fu/xYAbONydQFhaeQK26s09lO2qckNZZvqrOgQTvg+ecRjtVmAoAtPczPHqSWixeA3Ew5GiR1LMV3FtmRgyZ/5xOLokVU5rZKd+fSLS7nsDxI2caN+3r0K7ymIkii196teEeIDF+b9JFKBhz6A55qVh4rMOPzjlmwtB8eYTiGefmDg5SPCTBCM7QOt4iCGC0/14GLJ6Bp8dMFrsZFo8Ifm63pwMhP1+fGp0EyaP9ZylRc+7/ZHxbwUtLPuDWVpZHOox31dlKY7JFhiwmhrZmZ6KyUKJc4jAmuPJz4flGiN2rIcbodTw0mAVZ+V8N1QthT4GNj3X6eHahi6M7+mVlT9vMAiv2Tlc/RAgMBAAGjggGoMIIBpDAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwHQYDVR0OBBYEFMS+7oc8iXQO3rPuGRuFDM5BTn+dMFYGA1UdIARPME0wCAYGZ4EMAQQCMEEGCSsGAQQBoDIBHjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAMBgNVHRMBAf8EAjAAMIGQBggrBgEFBQcBAQSBgzCBgDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AuZ2xvYmFsc2lnbi5jb20vY2EvZ3N0c2FjYXNoYTM4NGc0MEMGCCsGAQUFBzAChjdodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc3RzYWNhc2hhMzg0ZzQuY3J0MB8GA1UdIwQYMBaAFOoWxmnn48tXRTkzpPBAvtDDvWWWMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vY2EvZ3N0c2FjYXNoYTM4NGc0LmNybDANBgkqhkiG9w0BAQsFAAOCAgEAszLR6mf/29+ntDdEXe0evnYjyc4D7U3UauczjDxfIGLb7ulsODnlmXH7JpEfJ7FzXAMZz2gy0NXmdnhKqjyXMtIV7nocMjxgp0HKuT7xQerD0/HH5b7eGsbBjiLf1oDlj/KssiGNeLbEiYyUvTJzuNiXRDzXZmwNHBBcXqiIQL2grk5aLWRPBiWlhMY4cMdUcxSNVxapMByoCUnfpQEGA78Ts3SUmweBrw1BkFUpsGCpVPo4IDPOCboOTGdYgYap7YiGqZjjtuVGlyRHbEjREGrKcbI+XcM9LSGCa4Njb5fAkf77fZa5qsAczaWtkHiA1n1tiSpAjqwl+uuINiN+hvL7tQbtKIMss9qaem9IERaUNrVFQJ2BNQ3FsYybO+Y86XoYUPk5ipJ3u5EibqC5WyoBQCjk0UipMI6ihhI3TclZmcemA3/hkQp9CvgLQg5xrvbPuuUx+PkfLfDgCoyEjKU5ozuw8zbZQ9WbmCQP0MLjJj6t4fv7HqveBvb7aEHsMd+pyR6MGfY+9h6YLtFggVsmdPRUTkAE37Ve1Pfu8A2Hb0BAp2nqKMihqU93Eokxaumag3eLqcVEM+63aU4stKe0lXib1qpALDYap0RDs1LYYMZzV7981jXTI6NgQiLWFhXOExrpzvXlz1q+rD9z6fpzvxnNopdmyhxgDaK9VMwwggZZMIIEQaADAgECAg0B7BySQN79LkBdfEd0MA0GCSqGSIb3DQEBDAUAMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFI2MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTE4MDYyMDAwMDAwMFoXDTM0MTIxMDAwMDAwMFowWzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExMTAvBgNVBAMTKEdsb2JhbFNpZ24gVGltZXN0YW1waW5nIENBIC0gU0hBMzg0IC0gRzQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDwAuIwI/rgG+GadLOvdYNfqUdSx2E6Y3w5I3ltdPwx5HQSGZb6zidiW64HiifuV6PENe2zNMeswwzrgGZt0ShKwSy7uXDycq6M95laXXauv0SofEEkjo+6xU//NkGrpy39eE5DiP6TGRfZ7jHPvIo7bmrEiPDul/bc8xigS5kcDoenJuGIyaDlmeKe9JxMP11b7Lbv0mXPRQtUPbFUUweLmW64VJmKqDGSO/J6ffwOWN+BauGwbB5lgirUIceU/kKWO/ELsX9/RpgOhz16ZevRVqkuvftYPbWF+lOZTVt07XJLog2CNxkM0KvqWsHvD9WZuT/0TzXxnA/TNxNS2SU07Zbv+GfqCL6PSXr/kLHU9ykV1/kNXdaHQx50xHAotIB7vSqbu4ThDqxvDbm19m1W/oodCT4kDmcmx/yyDaCUsLKUzHvmZ/6mWLLU2EESwVX9bpHFu7FMCEue1EIGbxsY1TbqZK7O/fUF5uJm0A4FIayxEQYjGeT7BTRE6giunUlnEYuC5a1ahqdm/TMDAd6ZJflxbumcXQJMYDzPAo8B/XLukvGnEt5CEk3sqSbldwKsDlcMCdFhniaI/MiyTdtk8EWfusE/VKPYdgKVbGqNyiJc9gwE4yn6S7Ac0zd0hNkdZqs0c48efXxeltY9GbCX6oxQkW2vV4Z+EDcdaxoU3wIDAQABo4IBKTCCASUwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFOoWxmnn48tXRTkzpPBAvtDDvWWWMB8GA1UdIwQYMBaAFK5sBaOTE+Ki5+LXHNbH8H/IZ1OgMD4GCCsGAQUFBwEBBDIwMDAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL3Jvb3RyNjA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL3Jvb3QtcjYuY3JsMEcGA1UdIARAMD4wPAYEVR0gADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQwFAAOCAgEAf+KI2VdnK0JfgacJC7rEuygYVtZMv9sbB3DG+wsJrQA6YDMfOcYWaxlASSUIHuSb99akDY8elvKGohfeQb9P4byrze7AI4zGhf5LFST5GETsH8KkrNCyz+zCVmUdvX/23oLIt59h07VGSJiXAmd6FpVK22LG0LMCzDRIRVXd7OlKn14U7XIQcXZw0g+W8+o3V5SRGK/cjZk4GVjCqaF+om4VJuq0+X8q5+dIZGkv0pqhcvb3JEt0Wn1yhjWzAlcfi5z8u6xM3vreU0yD/RKxtklVT3WdrG9KyC5qucqIwxIwTrIIc59eodaZzul9S5YszBZrGM3kWTeGCSziRdayzW6CdaXajR63Wy+ILj198fKRMAWcznt8oMWsr1EG8BHHHTDFUVZg6HyVPSLj1QokUyeXgPpIiScseeI85Zse46qEgok+wEr1If5iEO0dMPz2zOpIJ3yLdUJ/a8vzpWuVHwRYNAqJ7YJQ5NF7qMnmvkiqK1XZjbclIA4bUaDUY6qD6mxyYUrJ+kPExlfFnbY8sIuwuRwx773vFNgUQGwgHcIt6AvGjW2MtnHtUiH+PvafnzkarqzSL3ogsfSsqh3iLRSd+pZqHcY8yvPZHL9TTaRHWXyVxENB+SXiLBB+gfkNlKd98rUJ9dhgckBQlSDUQ0S++qCV5yBZtnjGpGqqIpswggWDMIIDa6ADAgECAg5F5rsDgzPDhWVI5v9FUTANBgkqhkiG9w0BAQwFADBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSNjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNDEyMTAwMDAwMDBaFw0zNDEyMTAwMDAwMDBaMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFI2MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlQfoc8pm+ewUyns89w0I8bRFCyyCtEjG61s8roO4QZIzFKRvf+kqzMawiGvFtonRxrL/FM5RFCHsSt0bWsbWh+5NOhUG7WRmC5KAykTec5RO86eJf094YwjIElBtQmYvTbl5KE1SGooagLcZgQ5+xIq8ZEwhHENo1z08isWyZtWQmrcxBsW+4m0yBqYe+bnrqqO4v76CY1DQ8BiJ3+QPefXqoh8q0nAue+e8k7ttU+JIfIwQBzj/ZrJ3YX7g6ow8qrSk9vOVShIHbf2MsonP0KBhd8hYdLDUIzr3XTrKotudCd5dRC2Q8YHNV5L6frxQBGM032uTGL5rNrI55KwkNrfw77YcE1eTtt6y+OKFt3OiuDWqRfLgnTahb1SK8XJWbi6IxVFCRBWU7qPFOJabTk5aC0fzBjZJdzC8cTflpuwhCHX85mEWP3fV2ZGXhAps1AJNdMAU7f05+4PyXhShBLAL6f7uj+FuC7IIs2FmCWqxBjplllnA8DX9ydoojRoRh3CBCqiadR2eOoYFAJ7bgNYl+dwFnidZTHY5W+r5paHYgw/R/98wEfmFzzNI9cptZBQselhP00sIScWVZBpjDnk99bOMylitnEJFeW4OhxlcVLFltr+Mm9wT6Q1vuC7cZ27JixG1hBSKABlwg3mRl5HUGie/Nx4yB9gUYzwoTK8CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFK5sBaOTE+Ki5+LXHNbH8H/IZ1OgMB8GA1UdIwQYMBaAFK5sBaOTE+Ki5+LXHNbH8H/IZ1OgMA0GCSqGSIb3DQEBDAUAA4ICAQCDJe3o0f2VUs2ewASgkWnmXNCE3tytok/oR3jWZZipW6g8h3wCitFutxZz5l/AVJjVdL7BzeIRka0jGD3d4XJElrSVXsB7jpl4FkMTVlezorM7tXfcQHKso+ubNT6xCCGh58RDN3kyvrXnnCxMvEMpmY4w06wh4OMd+tgHM3ZUACIquU0gLnBo2uVT/INc053y/0QMRGby0uO9RgAabQK6JV2NoTFR3VRGHE3bmZbvGhwEXKYV73jgef5d2z6qTFX9mhWpb+Gm+99wMOnD7kJG7cKTBYn6fWN7P9BxgXwA6JiuDng0wyX7rwqfIGvdOxOPEoziQRpIenOgd2nHtlx/gsge/lgbKCuobK1ebcAF0nu364D+JTf+AptorEJdw+71zNzwUHXSNmmc5nsE324GabbeCglIWYfrexRgemSqaUPvkcdM7BjdbO9TLYyZ4V7ycj7PVMi9Z+ykD0xF/9O5MCMHTI8Qv4aW2ZlatJlXHKTMuxWJU7osBQ/kxJ4ZsRg01Uyduu33H68klQR4qAO77oHl2l98i0qhkHQlp7M+S8gsVr3HyO844lyS8Hn3nIS6dC1hASB+ftHyTwdZX4stQ1LrRgyU4fVmR3l31VRbH60kN8tFWk6gREjI2LCZxRWECfbWSUnAZbjmGnFuoKjxguhFPmzWAtcKZ4MFWsmkEDGCA0kwggNFAgEBMG8wWzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExMTAvBgNVBAMTKEdsb2JhbFNpZ24gVGltZXN0YW1waW5nIENBIC0gU0hBMzg0IC0gRzQCEAEZdXRxyZLXRN+lluu5cBUwCwYJYIZIAWUDBAIBoIIBLTAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwKwYJKoZIhvcNAQk0MR4wHDALBglghkgBZQMEAgGhDQYJKoZIhvcNAQELBQAwLwYJKoZIhvcNAQkEMSIEIENT22oIWS6PRByAJQ3jqpfzYrK59S6zDmauk1D4yneaMIGwBgsqhkiG9w0BCRACLzGBoDCBnTCBmjCBlwQgC3miOa5CEI3vVrNUBb+PzY5Zp0uE7uLew9lxweoXNOwwczBfpF0wWzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExMTAvBgNVBAMTKEdsb2JhbFNpZ24gVGltZXN0YW1waW5nIENBIC0gU0hBMzg0IC0gRzQCEAEZdXRxyZLXRN+lluu5cBUwDQYJKoZIhvcNAQELBQAEggGAcAUr4md/mTCuyvbTB22Cfgppv7ZtXKcXuMvgizE4tJkyu2PaJ9pkRbSsCXoms0FnHRvXRx2JAoTQH4bzUxZRlpvClT6l5qhbSjli2eDPJLpaE8UsXe8DvYxEfWySxvCM7h6oBTRkSUZWOlv1TjCb204uLma3lp/eYjc7edYuEi5VBbYY7XBsS3TiM6YwSoz1ACOyQLnwEBtLDMpmHbmuChi/Qt3vfbbQbB+j/nsc0JbbRAEyhaVpy75yDV6NSYbaeNiUC/2wHFw37Jo5xhmmdYdieuZKK9ibrpdHsc6XEDeQUDQMIr8Zx6oVdFd65JLLmrU4NERj5KGG7qZG254dm3X0v51hdTD8R9on78P2iFnl2ns2ejSjJ/rt88cKv55WyzPLUG2hWyv43EOYAJkpfkDuLhK4/n/AOzhZ1xX62lLo/SJ1E5/OHY/QljVHdXU8MFarSsYKg4+PPEDpIExazoVa6QVqxQ4CnT+yG64Fvc6Tta6E2TcUGkU0xGDYsMDZ","x5c":["MIIDPjCCAiagAwIBAgIBeTANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEPMA0GA1UEAxMGYWxwaW5lMB4XDTIzMDUwOTA0NTUxMloXDTMzMDUxMDA0NTUxMlowTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxDzANBgNVBAMTBmFscGluZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK5hpq1229GGLjMK6i9KZhuUO+SV7rUFnWIDiIPO5yWxYDkl+bGroeAvJYu6MVCMQ6FMRXD9jhnG6R+sAHwY7gVgcJ1OXak87PkLp/Ii1Cr7XkkySZeD+Br1vSQzfxs3pFG+iBCeVVkeZdsg+xqwnAlqAILXwIbTGRyJP1Xiu9nwOeuX1YmxPl2m29Pt1EtfVCL9COsVKt5LgOVyWP/9ISWevOBqSCU9bk35HFo9VTeUf6+ffhSMjv0Y9uwkFFOKXpcV8Sa3ArqyBmgQlUfGg1iwYlqiDE0fTYxiB3gLgETAlmTm50J+WB9LoDrnrQpbXFLoegm+JV+uSD8J8H7DL2sCAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQAt0Nvna1c4pPn8kzoN5VvmFmeIgdO/BJpmdhdg0WIQ9aeN/xPXXaVjPp1Mk7edXHAvBwQr0Gyzqyy7g/h0gdnAFG7f6blrRNzbrRBCq6cNqX8iwgK/9+2OYKxk1QWj8Gx0cvu1DN1aXjPPGgQ2j3tHjJvJv32J/zuZa8gU40RPPSLaBlc5ZjpFmyi29sKlTeeZ+F/Ssic51qXXw2CsYGGWK5yQ3xSCxbw6bb2G/s/YI7/KlWg9BktBJHzRu04ZNR77W7/dyJ3Lj17PlW1XKmMOFHsQivagXeRCbmYZ43fX4ugFRFKL7KE0EgmGOWpJ0xv+6ig93sqHzQ/0uv1YgFov"],"io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"AkYX74o641U6t8_UOmbvykR6UJBI5VdYjFeY7Z3ESggszqbUMA4qhwuYjVuIF-hGEOLj52J4TwjZ-EJ1lxaz249-7LEhwI8N3VC2z_IyCnB4tsam4FfyR7J0lVZcP3haKemuaY5uAM1YYRouaQeuF3Toc_mSBdAjNDqXdS3ouDRFlvzYfyO4phxMQaikNDRM7oAu89aBrWL8RSQawgWaxdJT5rj8RN26D12F4PtG2w7r_8oQamnSBrMcEdl1lQFXBxbl-Yf_QQKjonPIEVcRi79IGgrzIqt00iN0inlm--rhULQ0mQpaAIMG6O0Pf53TzMKBju0WQZ6RbaUuba6kqg"} \ No newline at end of file diff --git a/verifier/testdata/timestamp/sigEnvWithoutTimestamp.sig b/verifier/testdata/timestamp/sigEnvWithoutTimestamp.sig new file mode 100644 index 00000000..64d36fbc --- /dev/null +++ b/verifier/testdata/timestamp/sigEnvWithoutTimestamp.sig @@ -0,0 +1 @@ +{"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6YzA2NjllZjM0Y2RjMTQzMzJjMGYxYWIwYzJjMDFhY2I5MWQ5NjAxNGIxNzJmMWE3NmYzYTM5ZTYzZDFmMGJkYSIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuZGlzdHJpYnV0aW9uLm1hbmlmZXN0LnYyK2pzb24iLCJzaXplIjo1Mjh9fQ","protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSJdLCJjdHkiOiJhcHBsaWNhdGlvbi92bmQuY25jZi5ub3RhcnkucGF5bG9hZC52MStqc29uIiwiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSI6Im5vdGFyeS54NTA5IiwiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1RpbWUiOiIyMDI0LTA2LTE4VDE3OjA4OjM1KzA4OjAwIn0","header":{"x5c":["MIIDPjCCAiagAwIBAgIBeTANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEPMA0GA1UEAxMGYWxwaW5lMB4XDTIzMDUwOTA0NTUxMloXDTMzMDUxMDA0NTUxMlowTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxDzANBgNVBAMTBmFscGluZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK5hpq1229GGLjMK6i9KZhuUO+SV7rUFnWIDiIPO5yWxYDkl+bGroeAvJYu6MVCMQ6FMRXD9jhnG6R+sAHwY7gVgcJ1OXak87PkLp/Ii1Cr7XkkySZeD+Br1vSQzfxs3pFG+iBCeVVkeZdsg+xqwnAlqAILXwIbTGRyJP1Xiu9nwOeuX1YmxPl2m29Pt1EtfVCL9COsVKt5LgOVyWP/9ISWevOBqSCU9bk35HFo9VTeUf6+ffhSMjv0Y9uwkFFOKXpcV8Sa3ArqyBmgQlUfGg1iwYlqiDE0fTYxiB3gLgETAlmTm50J+WB9LoDrnrQpbXFLoegm+JV+uSD8J8H7DL2sCAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQAt0Nvna1c4pPn8kzoN5VvmFmeIgdO/BJpmdhdg0WIQ9aeN/xPXXaVjPp1Mk7edXHAvBwQr0Gyzqyy7g/h0gdnAFG7f6blrRNzbrRBCq6cNqX8iwgK/9+2OYKxk1QWj8Gx0cvu1DN1aXjPPGgQ2j3tHjJvJv32J/zuZa8gU40RPPSLaBlc5ZjpFmyi29sKlTeeZ+F/Ssic51qXXw2CsYGGWK5yQ3xSCxbw6bb2G/s/YI7/KlWg9BktBJHzRu04ZNR77W7/dyJ3Lj17PlW1XKmMOFHsQivagXeRCbmYZ43fX4ugFRFKL7KE0EgmGOWpJ0xv+6ig93sqHzQ/0uv1YgFov"],"io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"ToCyclYJtk-Gtb13j1sWW7FQ7iZA9Vq6u_x6nJD3pRkBXhtatvSBsaZ_mqFHKrJWEY3UOBzi2SYobCQYww0cVwbzeDetPhjBhmH-bW-N_pbjGntgB2K1owvJnlycUoOfC2RQ1eDa4mC7Dj1mKzA5Tb-qnNbrT75pvQKZjTY1RZaN6p_xKBJA-AAiQrgHEvlf4m8ZbvqtZ0x4_uiGwfWoNCqPtrZK71mEpPSjfOT3mN5FkZqY0L3jSKRtFRLd1rb0UA2RB-E0CshsNb-hJgTX4SIzUlgcVT10SJnKw0yy_QqrxhMlejOUiV8HHKgbsZqQg1kwFjP5QwzWr5HB6vbRzg"} \ No newline at end of file diff --git a/verifier/testdata/truststore/x509/ca/valid-trust-store/TestTimestamp.crt b/verifier/testdata/truststore/x509/ca/valid-trust-store/TestTimestamp.crt new file mode 100644 index 00000000..dd0094e9 --- /dev/null +++ b/verifier/testdata/truststore/x509/ca/valid-trust-store/TestTimestamp.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPjCCAiagAwIBAgIBeTANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEL +MAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEP +MA0GA1UEAxMGYWxwaW5lMB4XDTIzMDUwOTA0NTUxMloXDTMzMDUxMDA0NTUxMlow +TjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8w +DQYDVQQKEwZOb3RhcnkxDzANBgNVBAMTBmFscGluZTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAK5hpq1229GGLjMK6i9KZhuUO+SV7rUFnWIDiIPO5yWx +YDkl+bGroeAvJYu6MVCMQ6FMRXD9jhnG6R+sAHwY7gVgcJ1OXak87PkLp/Ii1Cr7 +XkkySZeD+Br1vSQzfxs3pFG+iBCeVVkeZdsg+xqwnAlqAILXwIbTGRyJP1Xiu9nw +OeuX1YmxPl2m29Pt1EtfVCL9COsVKt5LgOVyWP/9ISWevOBqSCU9bk35HFo9VTeU +f6+ffhSMjv0Y9uwkFFOKXpcV8Sa3ArqyBmgQlUfGg1iwYlqiDE0fTYxiB3gLgETA +lmTm50J+WB9LoDrnrQpbXFLoegm+JV+uSD8J8H7DL2sCAwEAAaMnMCUwDgYDVR0P +AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IB +AQAt0Nvna1c4pPn8kzoN5VvmFmeIgdO/BJpmdhdg0WIQ9aeN/xPXXaVjPp1Mk7ed +XHAvBwQr0Gyzqyy7g/h0gdnAFG7f6blrRNzbrRBCq6cNqX8iwgK/9+2OYKxk1QWj +8Gx0cvu1DN1aXjPPGgQ2j3tHjJvJv32J/zuZa8gU40RPPSLaBlc5ZjpFmyi29sKl +TeeZ+F/Ssic51qXXw2CsYGGWK5yQ3xSCxbw6bb2G/s/YI7/KlWg9BktBJHzRu04Z +NR77W7/dyJ3Lj17PlW1XKmMOFHsQivagXeRCbmYZ43fX4ugFRFKL7KE0EgmGOWpJ +0xv+6ig93sqHzQ/0uv1YgFov +-----END CERTIFICATE----- diff --git a/verifier/testdata/truststore/x509/tsa/test-timestamp/globalsignRoot.cer b/verifier/testdata/truststore/x509/tsa/test-timestamp/globalsignRoot.cer new file mode 100644 index 0000000000000000000000000000000000000000..3492b9555d8a927fc048accbdfd510d973a4bf8a GIT binary patch literal 1415 zcmXqLVr@2PV$NQ`%*4pV#OL~KH*>S`;nq}-Xa8LT4S3l&wc0$|zVk9N@~|=(_!ue} z$gwepvTzHFyXWL5CFTTYrspXH<>!|uI6ErnDg>Ds3L6N5RB#D%AymKwnUMtzrbf z7RhT}D$uKbzGw38+~7wZH9Z3C7XQ;Wl_%Ccc-3RGYRi&upQm~WvFHBn+0=Rd!h*!| z6A>jFt|(i5kF`3r==NOBd$BIM6FxSc4WIO@ZchM9vdR7I$rAgr%{Ey+S)*dM{loih zGQ#1Lx82+H<5BDO;zc`5SGj(AFxPBhen{8HqOd%@j-!E2E}~Q3Ek0^7ZML6Z6u0|l zHZ#w1gFS`jPnW$>4}38Fd-9e>uasbWK_l0SS*5b`tlC%^=G|_%ruy>^>pb;H zpEAqnS3j37ywS{m@&A1T!JnWsAklyin0{sX85#exumCd!n*l$FFAUt}2QM&?2T3clNEnDUU{`>etANRnk)c`j?Td?lrv{y!cYtNV z#LQ-Z{64y*oN&oy5m`>wTczfjL3M=6i0;sxcI$G64QH=U6C z7a^^oy&`9ATM4e8`Et>2H?s`?&tUywgCL-KSq* zf7`U1Go!Z543}AQX18c(@Gc!z{wGJ~Np6%dx#}}_*W2&%>s6+*RIFg${jTxpt@xU5 zuZ0szRF`kI^FE;yw)gmn_ZE+0CVi;XtY?ygew1xBAHBZk2sXLxY73M8i@v-TJt6k1Drt4hk L&8$%;mk0m=(y?My literal 0 HcmV?d00001 diff --git a/verifier/timestamp_test.go b/verifier/timestamp_test.go new file mode 100644 index 00000000..8c1d3021 --- /dev/null +++ b/verifier/timestamp_test.go @@ -0,0 +1,203 @@ +// Copyright The Notary Project Authors. +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package verifier + +import ( + "context" + "os" + "testing" + + "github.com/notaryproject/notation-core-go/signature" + "github.com/notaryproject/notation-core-go/signature/cose" + "github.com/notaryproject/notation-core-go/signature/jws" + "github.com/notaryproject/notation-go" + "github.com/notaryproject/notation-go/dir" + "github.com/notaryproject/notation-go/verifier/trustpolicy" + "github.com/notaryproject/notation-go/verifier/truststore" +) + +func TestAuthenticTimestamp(t *testing.T) { + dir.UserConfigDir = "testdata" + trustStore := truststore.NewX509TrustStore(dir.ConfigFS()) + dummyTrustPolicy := &trustpolicy.TrustPolicy{ + Name: "test-timestamp", + RegistryScopes: []string{"*"}, + SignatureVerification: trustpolicy.SignatureVerification{ + VerificationLevel: trustpolicy.LevelStrict.Name, + VerifyTimestamp: trustpolicy.OptionAlways, + }, + TrustStores: []string{"ca:valid-trust-store", "tsa:test-timestamp"}, + TrustedIdentities: []string{"*"}, + } + // valid JWS signature envelope with timestamp countersignature + jwsEnvContent, err := parseEnvContent("testdata/timestamp/jwsSigEnvWithTimestamp.sig", jws.MediaTypeEnvelope) + if err != nil { + t.Fatalf("failed to get signature envelope content: %v", err) + } + + // valid COSE signature envelope with timestamp countersignature + coseEnvContent, err := parseEnvContent("testdata/timestamp/coseSigEnvWithTimestamp.sig", cose.MediaTypeEnvelope) + if err != nil { + t.Fatalf("failed to get signature envelope content: %v", err) + } + + t.Run("verify Authentic Timestamp with jws format", func(t *testing.T) { + outcome := ¬ation.VerificationOutcome{ + EnvelopeContent: jwsEnvContent, + VerificationLevel: trustpolicy.LevelStrict, + } + authenticTimestampResult := verifyAuthenticTimestamp(context.Background(), dummyTrustPolicy, trustStore, outcome) + if err := authenticTimestampResult.Error; err != nil { + t.Fatalf("expected nil error, but got %s", err) + } + }) + + t.Run("verify Authentic Timestamp with cose format", func(t *testing.T) { + outcome := ¬ation.VerificationOutcome{ + EnvelopeContent: coseEnvContent, + VerificationLevel: trustpolicy.LevelStrict, + } + authenticTimestampResult := verifyAuthenticTimestamp(context.Background(), dummyTrustPolicy, trustStore, outcome) + if err := authenticTimestampResult.Error; err != nil { + t.Fatalf("expected nil error, but got %s", err) + } + }) + + t.Run("verify Authentic Timestamp jws with expired codeSigning cert", func(t *testing.T) { + jwsEnvContent, err := parseEnvContent("testdata/timestamp/jwsSigEnvExpiredWithTimestamp.sig", jws.MediaTypeEnvelope) + if err != nil { + t.Fatalf("failed to get signature envelope content: %v", err) + } + outcome := ¬ation.VerificationOutcome{ + EnvelopeContent: jwsEnvContent, + VerificationLevel: trustpolicy.LevelStrict, + } + authenticTimestampResult := verifyAuthenticTimestamp(context.Background(), dummyTrustPolicy, trustStore, outcome) + if err := authenticTimestampResult.Error; err != nil { + t.Fatalf("expected nil error, but got %s", err) + } + }) + + t.Run("verify Authentic Timestamp cose with expired codeSigning cert", func(t *testing.T) { + coseEnvContent, err := parseEnvContent("testdata/timestamp/coseSigEnvExpiredWithTimestamp.sig", cose.MediaTypeEnvelope) + if err != nil { + t.Fatalf("failed to get signature envelope content: %v", err) + } + outcome := ¬ation.VerificationOutcome{ + EnvelopeContent: coseEnvContent, + VerificationLevel: trustpolicy.LevelStrict, + } + authenticTimestampResult := verifyAuthenticTimestamp(context.Background(), dummyTrustPolicy, trustStore, outcome) + if err := authenticTimestampResult.Error; err != nil { + t.Fatalf("expected nil error, but got %s", err) + } + }) + + t.Run("verify Authentic Timestamp with afterCertExpiry set", func(t *testing.T) { + dummyTrustPolicy := &trustpolicy.TrustPolicy{ + Name: "test-timestamp", + RegistryScopes: []string{"*"}, + SignatureVerification: trustpolicy.SignatureVerification{ + VerificationLevel: trustpolicy.LevelStrict.Name, + VerifyTimestamp: trustpolicy.OptionAfterCertExpiry, + }, + TrustStores: []string{"ca:valid-trust-store", "tsa:test-timestamp"}, + TrustedIdentities: []string{"*"}, + } + outcome := ¬ation.VerificationOutcome{ + EnvelopeContent: coseEnvContent, + VerificationLevel: trustpolicy.LevelStrict, + } + authenticTimestampResult := verifyAuthenticTimestamp(context.Background(), dummyTrustPolicy, trustStore, outcome) + if err := authenticTimestampResult.Error; err != nil { + t.Fatalf("expected nil error, but got %s", err) + } + }) + + t.Run("verify Authentic Timestamp failed due to invalid trust policy", func(t *testing.T) { + dummyTrustPolicy := &trustpolicy.TrustPolicy{ + Name: "test-timestamp", + RegistryScopes: []string{"*"}, + SignatureVerification: trustpolicy.SignatureVerification{ + VerificationLevel: trustpolicy.LevelStrict.Name, + VerifyTimestamp: trustpolicy.OptionAlways, + }, + TrustStores: []string{"ca:valid-trust-store", "tsa"}, + TrustedIdentities: []string{"*"}, + } + outcome := ¬ation.VerificationOutcome{ + EnvelopeContent: jwsEnvContent, + VerificationLevel: trustpolicy.LevelStrict, + } + authenticTimestampResult := verifyAuthenticTimestamp(context.Background(), dummyTrustPolicy, trustStore, outcome) + expectedErrMsg := "failed to check tsa trust store configuration in turst policy with error: invalid trust policy statement: \"test-timestamp\" is missing separator in trust store value \"tsa\". The required format is :" + if err := authenticTimestampResult.Error; err == nil || err.Error() != expectedErrMsg { + t.Fatalf("expected %s, but got %s", expectedErrMsg, err) + } + }) + + t.Run("verify Authentic Timestamp failed due to missing tsa in trust policy and expired codeSigning cert", func(t *testing.T) { + dummyTrustPolicy := &trustpolicy.TrustPolicy{ + Name: "test-timestamp", + RegistryScopes: []string{"*"}, + SignatureVerification: trustpolicy.SignatureVerification{ + VerificationLevel: trustpolicy.LevelStrict.Name, + VerifyTimestamp: trustpolicy.OptionAlways, + }, + TrustStores: []string{"ca:valid-trust-store"}, + TrustedIdentities: []string{"*"}, + } + coseEnvContent, err := parseEnvContent("testdata/timestamp/coseSigEnvExpiredWithTimestamp.sig", cose.MediaTypeEnvelope) + if err != nil { + t.Fatalf("failed to get signature envelope content: %v", err) + } + outcome := ¬ation.VerificationOutcome{ + EnvelopeContent: coseEnvContent, + VerificationLevel: trustpolicy.LevelStrict, + } + authenticTimestampResult := verifyAuthenticTimestamp(context.Background(), dummyTrustPolicy, trustStore, outcome) + expectedErrMsg := "verification time is after certificate \"CN=testTSA,O=Notary,L=Seattle,ST=WA,C=US\" validity period, it was expired at \"Tue, 18 Jun 2024 07:30:31 +0000\"" + if err := authenticTimestampResult.Error; err == nil || err.Error() != expectedErrMsg { + t.Fatalf("expected %s, but got %s", expectedErrMsg, err) + } + }) + + t.Run("verify Authentic Timestamp failed due to missing timestamp countersignature", func(t *testing.T) { + envContent, err := parseEnvContent("testdata/timestamp/sigEnvWithoutTimestamp.sig", jws.MediaTypeEnvelope) + if err != nil { + t.Fatalf("failed to get signature envelope content: %v", err) + } + outcome := ¬ation.VerificationOutcome{ + EnvelopeContent: envContent, + VerificationLevel: trustpolicy.LevelStrict, + } + authenticTimestampResult := verifyAuthenticTimestamp(context.Background(), dummyTrustPolicy, trustStore, outcome) + expectedErrMsg := "no timestamp countersignature was found in the signature envelope" + if err := authenticTimestampResult.Error; err == nil || err.Error() != expectedErrMsg { + t.Fatalf("expected %s, but got %s", expectedErrMsg, err) + } + }) +} + +func parseEnvContent(filepath, format string) (*signature.EnvelopeContent, error) { + sigEnvBytes, err := os.ReadFile(filepath) + if err != nil { + return nil, err + } + sigEnv, err := signature.ParseEnvelope(format, sigEnvBytes) + if err != nil { + return nil, err + } + return sigEnv.Content() +} diff --git a/verifier/verifier.go b/verifier/verifier.go index 50824e7b..f9315134 100644 --- a/verifier/verifier.go +++ b/verifier/verifier.go @@ -557,14 +557,14 @@ func verifyAuthenticTimestamp(ctx context.Context, trustPolicy *trustpolicy.Trus for _, cert := range signerInfo.CertificateChain { if timeStampLowerLimit.Before(cert.NotBefore) { return ¬ation.ValidationResult{ - Error: fmt.Errorf("verification time %q is before certificate %q validity period, it will be valid from %q", timeStampLowerLimit.Format(time.RFC1123Z), cert.Subject, cert.NotBefore.Format(time.RFC1123Z)), + Error: fmt.Errorf("verification time is before certificate %q validity period, it will be valid from %q", cert.Subject, cert.NotBefore.Format(time.RFC1123Z)), Type: trustpolicy.TypeAuthenticTimestamp, Action: outcome.VerificationLevel.Enforcement[trustpolicy.TypeAuthenticTimestamp], } } if timeStampUpperLimit.After(cert.NotAfter) { return ¬ation.ValidationResult{ - Error: fmt.Errorf("verification time %q is after certificate %q validity period, it was expired at %q", timeStampUpperLimit.Format(time.RFC1123Z), cert.Subject, cert.NotAfter.Format(time.RFC1123Z)), + Error: fmt.Errorf("verification time is after certificate %q validity period, it was expired at %q", cert.Subject, cert.NotAfter.Format(time.RFC1123Z)), Type: trustpolicy.TypeAuthenticTimestamp, Action: outcome.VerificationLevel.Enforcement[trustpolicy.TypeAuthenticTimestamp], } @@ -631,6 +631,7 @@ func verifyAuthenticTimestamp(ctx context.Context, trustPolicy *trustpolicy.Trus Action: outcome.VerificationLevel.Enforcement[trustpolicy.TypeAuthenticTimestamp], } } + logger.Info("TSA identity is: %s", tsaCertChain[0].Subject) // 4. Check authenticity of the TSA against trust store logger.Info("Checking TSA authenticity against the trust store...") trustTSACerts, err := loadX509TSATrustStores(ctx, outcome.EnvelopeContent.SignerInfo.SignedAttributes.SigningScheme, trustPolicy, x509TrustStore)