verification

package

v2.1.2 Latest Latest Go to latest Published: Jun 2, 2026 License: Apache-2.0 Imports: 12 Imported by: 4

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/sigstore/timestamp-authority

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func VerifyRequest(ts *timestamp.Request) error
func VerifyTimestampResponse(tsrBytes []byte, artifact io.Reader, opts VerifyOpts) (*timestamp.Timestamp, error)
type VerifyOpts

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// EKUOID is the Extended Key Usage OID, per RFC 5280
	EKUOID = asn1.ObjectIdentifier{2, 5, 29, 37}
)

View Source

var ErrInconsistentDigestLength = errors.New("digest length inconsistent with specified hash algorithm")

View Source

var ErrUnacceptedExtension = errors.New("unaccepted extension: requested extensions are not supported by the TSA")

View Source

var ErrUnacceptedPolicy = errors.New("unaccepted policy: requested TSA policy is not supported by the TSA")

View Source

var ErrUnsupportedHashAlg = errors.New("unsupported hash algorithm")

View Source

var ErrWeakHashAlg = errors.New("weak hash algorithm: must be SHA-256, SHA-384, or SHA-512")

Functions ¶

func VerifyRequest ¶

func VerifyRequest(ts *timestamp.Request) error

func VerifyTimestampResponse ¶

func VerifyTimestampResponse(tsrBytes []byte, artifact io.Reader, opts VerifyOpts) (*timestamp.Timestamp, error)

VerifyTimestampResponse verifies the timestamp response using a timestamp certificate chain. Note: This function does not perform CRL/OCSP certificate revocation checks.

Types ¶

type VerifyOpts ¶

type VerifyOpts struct {
	// OID verifies that the TSR's OID has an expected value. Optional, used when
	// an alternative OID was passed with a request to the TSA
	OID asn1.ObjectIdentifier
	// TSACertificate verifies that the TSR uses the TSACertificate as expected. Optional if the TSR contains the TSA certificate
	TSACertificate *x509.Certificate
	// Intermediates verifies the TSR's certificate. Optional, used for chain building
	Intermediates []*x509.Certificate
	// Roots is the set of trusted root certificates that verifies the TSR's certificate
	Roots []*x509.Certificate
	// Nonce verifies that the TSR contains the expected nonce. Optional, used when
	// an optional nonce was passed with a request to the TSA
	Nonce *big.Int
	// CommonName verifies that the TSR certificate subject's Common Name matches the expected value. Optional
	CommonName string
	// CurrentTime, if not zero, is used as the current time for certificate
	// chain validation instead of time.Now. This is necessary when verifying
	// timestamps after the TSA certificate has expired, since the timestamp
	// was issued while the certificate was still valid.
	CurrentTime time.Time
}

VerifyOpts contains verification options for a RFC3161 timestamp

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL