mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-13 19:28:55 +00:00
feat: add TSA cert chain support in cosign (#9961)
* feat: add TSA cert chain support in cosign Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add chainsaw test Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add unit test Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: unit tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>
This commit is contained in:
parent
b67141154f
commit
83f2846572
22 changed files with 2037 additions and 2 deletions
|
@ -285,6 +285,12 @@ type CTLog struct {
|
|||
// PubKey, if set, is used to validate SCTs against a custom source.
|
||||
// +kubebuilder:validation:Optional
|
||||
CTLogPubKey string `json:"pubkey,omitempty" yaml:"pubkey,omitempty"`
|
||||
|
||||
// TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
// contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
// may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
// +kubebuilder:validation:Optional
|
||||
TSACertChain string `json:"tsaCertChain,omitempty" yaml:"tsaCertChain,omitempty"`
|
||||
}
|
||||
|
||||
// Attestation are checks for signed in-toto Statements that are used to verify the image.
|
||||
|
|
|
@ -3070,6 +3070,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -3120,6 +3126,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -3176,6 +3188,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -3471,6 +3489,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -3521,6 +3545,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -3577,6 +3607,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -3831,6 +3867,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -3880,6 +3922,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -3935,6 +3983,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -7237,6 +7291,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -7287,6 +7347,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -7343,6 +7409,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -7641,6 +7713,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -7693,6 +7771,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -7752,6 +7836,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -8008,6 +8098,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -8058,6 +8154,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -8114,6 +8216,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -11240,6 +11348,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -11290,6 +11404,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -11346,6 +11466,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -11630,6 +11756,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -11680,6 +11812,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -11736,6 +11874,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -11990,6 +12134,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -12039,6 +12189,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -12094,6 +12250,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -15381,6 +15543,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -15431,6 +15599,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -15487,6 +15661,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -15785,6 +15965,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -15837,6 +16023,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -15896,6 +16088,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -16152,6 +16350,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -16202,6 +16406,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -16258,6 +16468,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
|
|
@ -3071,6 +3071,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -3121,6 +3127,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -3177,6 +3189,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -3472,6 +3490,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -3522,6 +3546,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -3578,6 +3608,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -3832,6 +3868,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -3881,6 +3923,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -3936,6 +3984,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -7239,6 +7293,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -7289,6 +7349,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -7345,6 +7411,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -7643,6 +7715,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -7695,6 +7773,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -7754,6 +7838,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -8010,6 +8100,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -8060,6 +8156,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -8116,6 +8218,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -11243,6 +11351,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -11293,6 +11407,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -11349,6 +11469,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -11633,6 +11759,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -11683,6 +11815,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -11739,6 +11877,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -11993,6 +12137,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -12042,6 +12192,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -12097,6 +12253,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -15384,6 +15546,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -15434,6 +15602,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -15490,6 +15664,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -15788,6 +15968,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -15840,6 +16026,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -15899,6 +16091,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -16155,6 +16353,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -16205,6 +16409,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -16261,6 +16471,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
|
|
@ -3064,6 +3064,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -3114,6 +3120,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -3170,6 +3182,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -3465,6 +3483,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -3515,6 +3539,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -3571,6 +3601,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -3825,6 +3861,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -3874,6 +3916,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -3929,6 +3977,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -7231,6 +7285,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -7281,6 +7341,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -7337,6 +7403,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -7635,6 +7707,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -7687,6 +7765,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -7746,6 +7830,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -8002,6 +8092,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -8052,6 +8148,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -8108,6 +8210,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -11234,6 +11342,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -11284,6 +11398,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -11340,6 +11460,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -11624,6 +11750,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -11674,6 +11806,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -11730,6 +11868,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -11984,6 +12128,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -12033,6 +12183,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -12088,6 +12244,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -15375,6 +15537,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -15425,6 +15593,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -15481,6 +15655,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -15779,6 +15959,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -15831,6 +16017,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -15890,6 +16082,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -16146,6 +16344,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -16196,6 +16400,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -16252,6 +16462,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
|
|
@ -3065,6 +3065,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -3115,6 +3121,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -3171,6 +3183,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -3466,6 +3484,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -3516,6 +3540,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -3572,6 +3602,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -3826,6 +3862,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -3875,6 +3917,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -3930,6 +3978,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -7233,6 +7287,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -7283,6 +7343,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -7339,6 +7405,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -7637,6 +7709,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -7689,6 +7767,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -7748,6 +7832,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -8004,6 +8094,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -8054,6 +8150,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -8110,6 +8212,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -11237,6 +11345,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -11287,6 +11401,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -11343,6 +11463,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -11627,6 +11753,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -11677,6 +11809,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -11733,6 +11871,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -11987,6 +12131,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -12036,6 +12186,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -12091,6 +12247,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -15378,6 +15540,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -15428,6 +15596,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -15484,6 +15658,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -15782,6 +15962,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -15834,6 +16020,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -15893,6 +16085,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -16149,6 +16347,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -16199,6 +16403,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -16255,6 +16465,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
|
|
@ -3064,6 +3064,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -3114,6 +3120,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -3170,6 +3182,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -3465,6 +3483,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -3515,6 +3539,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -3571,6 +3601,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -3825,6 +3861,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -3874,6 +3916,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -3929,6 +3977,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -7231,6 +7285,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -7281,6 +7341,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -7337,6 +7403,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -7635,6 +7707,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -7687,6 +7765,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -7746,6 +7830,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -8002,6 +8092,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -8052,6 +8148,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -8108,6 +8210,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -11234,6 +11342,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -11284,6 +11398,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -11340,6 +11460,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -11624,6 +11750,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -11674,6 +11806,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -11730,6 +11868,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -11984,6 +12128,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -12033,6 +12183,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -12088,6 +12244,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -15375,6 +15537,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -15425,6 +15593,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -15481,6 +15655,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -15779,6 +15959,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -15831,6 +16017,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -15890,6 +16082,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -16146,6 +16344,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -16196,6 +16400,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -16252,6 +16462,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
|
|
@ -3065,6 +3065,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -3115,6 +3121,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -3171,6 +3183,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -3466,6 +3484,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -3516,6 +3540,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -3572,6 +3602,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -3826,6 +3862,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -3875,6 +3917,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -3930,6 +3978,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -7233,6 +7287,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -7283,6 +7343,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -7339,6 +7405,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -7637,6 +7709,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -7689,6 +7767,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -7748,6 +7832,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -8004,6 +8094,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -8054,6 +8150,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -8110,6 +8212,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -11237,6 +11345,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -11287,6 +11401,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -11343,6 +11463,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -11627,6 +11753,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -11677,6 +11809,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -11733,6 +11871,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -11987,6 +12131,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -12036,6 +12186,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -12091,6 +12247,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -15378,6 +15540,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -15428,6 +15596,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -15484,6 +15658,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -15782,6 +15962,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -15834,6 +16020,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -15893,6 +16085,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -16149,6 +16347,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -16199,6 +16403,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -16255,6 +16465,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
|
|
@ -13157,6 +13157,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -13207,6 +13213,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -13263,6 +13275,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -13558,6 +13576,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -13608,6 +13632,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -13664,6 +13694,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -13918,6 +13954,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -13967,6 +14009,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -14022,6 +14070,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -17324,6 +17378,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -17374,6 +17434,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -17430,6 +17496,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -17728,6 +17800,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -17780,6 +17858,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -17839,6 +17923,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -18095,6 +18185,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -18145,6 +18241,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -18201,6 +18303,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -21327,6 +21435,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -21377,6 +21491,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -21433,6 +21553,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -21717,6 +21843,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -21767,6 +21899,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -21823,6 +21961,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -22077,6 +22221,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -22126,6 +22276,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -22181,6 +22337,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -25468,6 +25630,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -25518,6 +25686,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -25574,6 +25748,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -25872,6 +26052,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -25924,6 +26110,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -25983,6 +26175,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -26239,6 +26437,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -26289,6 +26493,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -26345,6 +26555,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -29974,6 +30190,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -30024,6 +30246,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -30080,6 +30308,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -30375,6 +30609,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -30425,6 +30665,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -30481,6 +30727,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -30735,6 +30987,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -30784,6 +31042,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -30839,6 +31103,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -34142,6 +34412,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -34192,6 +34468,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -34248,6 +34530,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -34546,6 +34834,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -34598,6 +34892,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -34657,6 +34957,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -34913,6 +35219,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -34963,6 +35275,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -35019,6 +35337,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -38146,6 +38470,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -38196,6 +38526,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -38252,6 +38588,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -38536,6 +38878,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -38586,6 +38934,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -38642,6 +38996,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -38896,6 +39256,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -38945,6 +39311,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -39000,6 +39372,12 @@ spec:
|
|||
to validate SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -42287,6 +42665,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -42337,6 +42721,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -42393,6 +42783,12 @@ spec:
|
|||
is used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -42691,6 +43087,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -42743,6 +43145,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -42802,6 +43210,12 @@ spec:
|
|||
SCTs against a custom
|
||||
source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
@ -43058,6 +43472,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
rekor:
|
||||
description: |-
|
||||
|
@ -43108,6 +43528,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
issuer:
|
||||
description: Issuer is the certificate
|
||||
|
@ -43164,6 +43590,12 @@ spec:
|
|||
used to validate SCTs against
|
||||
a custom source.
|
||||
type: string
|
||||
tsaCertChain:
|
||||
description: |-
|
||||
TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.
|
||||
type: string
|
||||
type: object
|
||||
kms:
|
||||
description: |-
|
||||
|
|
|
@ -1146,6 +1146,19 @@ string
|
|||
<p>PubKey, if set, is used to validate SCTs against a custom source.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<code>tsaCertChain</code><br/>
|
||||
<em>
|
||||
string
|
||||
</em>
|
||||
</td>
|
||||
<td>
|
||||
<p>TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.</p>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<hr />
|
||||
|
|
|
@ -2268,6 +2268,37 @@ timestamp. Default is false. Set to true if this was opted out during signing.</
|
|||
</tr>
|
||||
|
||||
|
||||
|
||||
|
||||
<tr>
|
||||
<td><code>tsaCertChain</code>
|
||||
|
||||
<span style="color:blue;"> *</span>
|
||||
|
||||
</br>
|
||||
|
||||
|
||||
|
||||
|
||||
<span style="font-family: monospace">string</span>
|
||||
|
||||
|
||||
</td>
|
||||
<td>
|
||||
|
||||
|
||||
<p>TSACertChain, if set, is the PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must
|
||||
contain the root CA certificate. Optionally may contain intermediate CA certificates, and
|
||||
may contain the leaf TSA certificate if not present in the timestamurce.</p>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
|
||||
|
||||
|
||||
</tbody>
|
||||
|
|
|
@ -21,8 +21,9 @@ package v1
|
|||
// CTLogApplyConfiguration represents an declarative configuration of the CTLog type for use
|
||||
// with apply.
|
||||
type CTLogApplyConfiguration struct {
|
||||
IgnoreSCT *bool `json:"ignoreSCT,omitempty"`
|
||||
CTLogPubKey *string `json:"pubkey,omitempty"`
|
||||
IgnoreSCT *bool `json:"ignoreSCT,omitempty"`
|
||||
CTLogPubKey *string `json:"pubkey,omitempty"`
|
||||
TSACertChain *string `json:"tsaCertChain,omitempty"`
|
||||
}
|
||||
|
||||
// CTLogApplyConfiguration constructs an declarative configuration of the CTLog type for use with
|
||||
|
@ -46,3 +47,11 @@ func (b *CTLogApplyConfiguration) WithCTLogPubKey(value string) *CTLogApplyConfi
|
|||
b.CTLogPubKey = &value
|
||||
return b
|
||||
}
|
||||
|
||||
// WithTSACertChain sets the TSACertChain field in the declarative configuration to the given value
|
||||
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
|
||||
// If called multiple times, the TSACertChain field is set to the value of the last call.
|
||||
func (b *CTLogApplyConfiguration) WithTSACertChain(value string) *CTLogApplyConfiguration {
|
||||
b.TSACertChain = &value
|
||||
return b
|
||||
}
|
||||
|
|
|
@ -214,6 +214,21 @@ func buildCosignOptions(ctx context.Context, opts images.Options) (*cosign.Check
|
|||
cosignOpts.RegistryClientOpts = append(cosignOpts.RegistryClientOpts, remote.WithTargetRepository(signatureRepo))
|
||||
}
|
||||
|
||||
if opts.TSACertChain != "" {
|
||||
leaves, intermediates, roots, err := splitPEMCertificateChain([]byte(opts.TSACertChain))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error splitting tsa certificates: %w", err)
|
||||
}
|
||||
if len(leaves) > 1 {
|
||||
return nil, fmt.Errorf("certificate chain must contain at most one TSA certificate")
|
||||
}
|
||||
if len(leaves) == 1 {
|
||||
cosignOpts.TSACertificate = leaves[0]
|
||||
}
|
||||
cosignOpts.TSAIntermediateCertificates = intermediates
|
||||
cosignOpts.TSARootCertificates = roots
|
||||
}
|
||||
|
||||
return cosignOpts, nil
|
||||
}
|
||||
|
||||
|
@ -612,3 +627,25 @@ func getCTLogPubs(ctx context.Context, ctlogPubKey string) (*cosign.TrustedTrans
|
|||
}
|
||||
return &publicKeys, nil
|
||||
}
|
||||
|
||||
func splitPEMCertificateChain(pem []byte) (leaves, intermediates, roots []*x509.Certificate, err error) {
|
||||
certs, err := cryptoutils.UnmarshalCertificatesFromPEM(pem)
|
||||
if err != nil {
|
||||
return nil, nil, nil, err
|
||||
}
|
||||
|
||||
for _, cert := range certs {
|
||||
if !cert.IsCA {
|
||||
leaves = append(leaves, cert)
|
||||
} else {
|
||||
// root certificates are self-signed
|
||||
if bytes.Equal(cert.RawSubject, cert.RawIssuer) {
|
||||
roots = append(roots, cert)
|
||||
} else {
|
||||
intermediates = append(intermediates, cert)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return leaves, intermediates, roots, nil
|
||||
}
|
||||
|
|
|
@ -252,6 +252,78 @@ func TestCosignMatchCertificateData(t *testing.T) {
|
|||
assert.Error(t, matchErr, "extension mismatch: expected pull for key githubWorkflowTrigger, received push")
|
||||
}
|
||||
|
||||
func TestTSACertChain(t *testing.T) {
|
||||
key := `
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEstG5Xl7UxkQsmLUxdmS85HLgYBFy
|
||||
c/P/oQ22iazkKm8P0sNlaZiaZC4TSEea3oh2Pim0+wxSubhKoK+7jq9Egg==
|
||||
-----END PUBLIC KEY-----`
|
||||
|
||||
tsaCertChain := `
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIH/zCCBeegAwIBAgIJAMHphhYNqOmAMA0GCSqGSIb3DQEBDQUAMIGVMREwDwYD
|
||||
VQQKEwhGcmVlIFRTQTEQMA4GA1UECxMHUm9vdCBDQTEYMBYGA1UEAxMPd3d3LmZy
|
||||
ZWV0c2Eub3JnMSIwIAYJKoZIhvcNAQkBFhNidXNpbGV6YXNAZ21haWwuY29tMRIw
|
||||
EAYDVQQHEwlXdWVyemJ1cmcxDzANBgNVBAgTBkJheWVybjELMAkGA1UEBhMCREUw
|
||||
HhcNMTYwMzEzMDE1MjEzWhcNNDEwMzA3MDE1MjEzWjCBlTERMA8GA1UEChMIRnJl
|
||||
ZSBUU0ExEDAOBgNVBAsTB1Jvb3QgQ0ExGDAWBgNVBAMTD3d3dy5mcmVldHNhLm9y
|
||||
ZzEiMCAGCSqGSIb3DQEJARYTYnVzaWxlemFzQGdtYWlsLmNvbTESMBAGA1UEBxMJ
|
||||
V3VlcnpidXJnMQ8wDQYDVQQIEwZCYXllcm4xCzAJBgNVBAYTAkRFMIICIjANBgkq
|
||||
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtgKODjAy8REQ2WTNqUudAnjhlCrpE6ql
|
||||
mQfNppeTmVvZrH4zutn+NwTaHAGpjSGv4/WRpZ1wZ3BRZ5mPUBZyLgq0YrIfQ5Fx
|
||||
0s/MRZPzc1r3lKWrMR9sAQx4mN4z11xFEO529L0dFJjPF9MD8Gpd2feWzGyptlel
|
||||
b+PqT+++fOa2oY0+NaMM7l/xcNHPOaMz0/2olk0i22hbKeVhvokPCqhFhzsuhKsm
|
||||
q4Of/o+t6dI7sx5h0nPMm4gGSRhfq+z6BTRgCrqQG2FOLoVFgt6iIm/BnNffUr7V
|
||||
DYd3zZmIwFOj/H3DKHoGik/xK3E82YA2ZulVOFRW/zj4ApjPa5OFbpIkd0pmzxzd
|
||||
EcL479hSA9dFiyVmSxPtY5ze1P+BE9bMU1PScpRzw8MHFXxyKqW13Qv7LWw4sbk3
|
||||
SciB7GACbQiVGzgkvXG6y85HOuvWNvC5GLSiyP9GlPB0V68tbxz4JVTRdw/Xn/XT
|
||||
FNzRBM3cq8lBOAVt/PAX5+uFcv1S9wFE8YjaBfWCP1jdBil+c4e+0tdywT2oJmYB
|
||||
BF/kEt1wmGwMmHunNEuQNzh1FtJY54hbUfiWi38mASE7xMtMhfj/C4SvapiDN837
|
||||
gYaPfs8x3KZxbX7C3YAsFnJinlwAUss1fdKar8Q/YVs7H/nU4c4Ixxxz4f67fcVq
|
||||
M2ITKentbCMCAwEAAaOCAk4wggJKMAwGA1UdEwQFMAMBAf8wDgYDVR0PAQH/BAQD
|
||||
AgHGMB0GA1UdDgQWBBT6VQ2MNGZRQ0z357OnbJWveuaklzCBygYDVR0jBIHCMIG/
|
||||
gBT6VQ2MNGZRQ0z357OnbJWveuakl6GBm6SBmDCBlTERMA8GA1UEChMIRnJlZSBU
|
||||
U0ExEDAOBgNVBAsTB1Jvb3QgQ0ExGDAWBgNVBAMTD3d3dy5mcmVldHNhLm9yZzEi
|
||||
MCAGCSqGSIb3DQEJARYTYnVzaWxlemFzQGdtYWlsLmNvbTESMBAGA1UEBxMJV3Vl
|
||||
cnpidXJnMQ8wDQYDVQQIEwZCYXllcm4xCzAJBgNVBAYTAkRFggkAwemGFg2o6YAw
|
||||
MwYDVR0fBCwwKjAooCagJIYiaHR0cDovL3d3dy5mcmVldHNhLm9yZy9yb290X2Nh
|
||||
LmNybDCBzwYDVR0gBIHHMIHEMIHBBgorBgEEAYHyJAEBMIGyMDMGCCsGAQUFBwIB
|
||||
FidodHRwOi8vd3d3LmZyZWV0c2Eub3JnL2ZyZWV0c2FfY3BzLmh0bWwwMgYIKwYB
|
||||
BQUHAgEWJmh0dHA6Ly93d3cuZnJlZXRzYS5vcmcvZnJlZXRzYV9jcHMucGRmMEcG
|
||||
CCsGAQUFBwICMDsaOUZyZWVUU0EgdHJ1c3RlZCB0aW1lc3RhbXBpbmcgU29mdHdh
|
||||
cmUgYXMgYSBTZXJ2aWNlIChTYWFTKTA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUH
|
||||
MAGGG2h0dHA6Ly93d3cuZnJlZXRzYS5vcmc6MjU2MDANBgkqhkiG9w0BAQ0FAAOC
|
||||
AgEAaK9+v5OFYu9M6ztYC+L69sw1omdyli89lZAfpWMMh9CRmJhM6KBqM/ipwoLt
|
||||
nxyxGsbCPhcQjuTvzm+ylN6VwTMmIlVyVSLKYZcdSjt/eCUN+41K7sD7GVmxZBAF
|
||||
ILnBDmTGJmLkrU0KuuIpj8lI/E6Z6NnmuP2+RAQSHsfBQi6sssnXMo4HOW5gtPO7
|
||||
gDrUpVXID++1P4XndkoKn7Svw5n0zS9fv1hxBcYIHPPQUze2u30bAQt0n0iIyRLz
|
||||
aWuhtpAtd7ffwEbASgzB7E+NGF4tpV37e8KiA2xiGSRqT5ndu28fgpOY87gD3ArZ
|
||||
DctZvvTCfHdAS5kEO3gnGGeZEVLDmfEsv8TGJa3AljVa5E40IQDsUXpQLi8G+UC4
|
||||
1DWZu8EVT4rnYaCw1VX7ShOR1PNCCvjb8S8tfdudd9zhU3gEB0rxdeTy1tVbNLXW
|
||||
99y90xcwr1ZIDUwM/xQ/noO8FRhm0LoPC73Ef+J4ZBdrvWwauF3zJe33d4ibxEcb
|
||||
8/pz5WzFkeixYM2nsHhqHsBKw7JPouKNXRnl5IAE1eFmqDyC7G/VT7OF669xM6hb
|
||||
Ut5G21JE4cNK6NNucS+fzg1JPX0+3VhsYZjj7D5uljRvQXrJ8iHgr/M6j2oLHvTA
|
||||
I2MLdq2qjZFDOCXsxBxJpbmLGBx9ow6ZerlUxzws2AWv2pk=
|
||||
-----END CERTIFICATE-----
|
||||
`
|
||||
opts := images.Options{
|
||||
ImageRef: "ghcr.io/kyverno/test-verify-image:tsa",
|
||||
Key: key,
|
||||
}
|
||||
|
||||
rc, err := registryclient.New()
|
||||
assert.NilError(t, err)
|
||||
opts.Client = rc
|
||||
|
||||
verifier := &cosignVerifier{}
|
||||
_, err = verifier.VerifySignature(context.TODO(), opts)
|
||||
assert.ErrorContains(t, err, "unable to verify RFC3161 timestamp bundle: no TSA root certificate(s) provided to verify timestamp")
|
||||
|
||||
opts.TSACertChain = tsaCertChain
|
||||
_, err = verifier.VerifySignature(context.TODO(), opts)
|
||||
assert.NilError(t, err)
|
||||
}
|
||||
|
||||
type testSignature struct {
|
||||
cert *x509.Certificate
|
||||
}
|
||||
|
|
|
@ -592,6 +592,7 @@ func (iv *ImageVerifier) buildCosignVerifier(
|
|||
if attestor.Keys.CTLog != nil {
|
||||
opts.IgnoreSCT = attestor.Keys.CTLog.IgnoreSCT
|
||||
opts.CTLogsPubKey = attestor.Keys.CTLog.CTLogPubKey
|
||||
opts.TSACertChain = attestor.Keys.CTLog.TSACertChain
|
||||
} else {
|
||||
opts.IgnoreSCT = false
|
||||
}
|
||||
|
@ -613,6 +614,7 @@ func (iv *ImageVerifier) buildCosignVerifier(
|
|||
if attestor.Certificates.CTLog != nil {
|
||||
opts.IgnoreSCT = attestor.Certificates.CTLog.IgnoreSCT
|
||||
opts.CTLogsPubKey = attestor.Certificates.CTLog.CTLogPubKey
|
||||
opts.TSACertChain = attestor.Certificates.CTLog.TSACertChain
|
||||
} else {
|
||||
opts.IgnoreSCT = false
|
||||
}
|
||||
|
@ -630,6 +632,7 @@ func (iv *ImageVerifier) buildCosignVerifier(
|
|||
if attestor.Keyless.CTLog != nil {
|
||||
opts.IgnoreSCT = attestor.Keyless.CTLog.IgnoreSCT
|
||||
opts.CTLogsPubKey = attestor.Keyless.CTLog.CTLogPubKey
|
||||
opts.TSACertChain = attestor.Keyless.CTLog.TSACertChain
|
||||
} else {
|
||||
opts.IgnoreSCT = false
|
||||
}
|
||||
|
|
|
@ -37,6 +37,7 @@ type Options struct {
|
|||
RekorURL string
|
||||
RekorPubKey string
|
||||
IgnoreSCT bool
|
||||
TSACertChain string
|
||||
CTLogsPubKey string
|
||||
SignatureAlgorithm string
|
||||
PredicateType string
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
## Description
|
||||
|
||||
This test performs a simple verification of an image using a public key and a tsa cert chain.
|
||||
|
||||
## Expected Behavior
|
||||
|
||||
Pod creation should pass as the image has been signed by the public key and timestamp created using the TSA provider specified in the policy.
|
||||
|
||||
## Reference Issue(s)
|
||||
|
||||
N/A
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: test-verify-images
|
|
@ -0,0 +1,74 @@
|
|||
apiVersion: kyverno.io/v1
|
||||
kind: ClusterPolicy
|
||||
metadata:
|
||||
name: keyed-tsa-policy
|
||||
spec:
|
||||
background: false
|
||||
failurePolicy: Fail
|
||||
rules:
|
||||
- match:
|
||||
any:
|
||||
- resources:
|
||||
kinds:
|
||||
- Pod
|
||||
name: keyed-tsa-rule
|
||||
verifyImages:
|
||||
- attestors:
|
||||
- entries:
|
||||
- keys:
|
||||
publicKeys: |-
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEstG5Xl7UxkQsmLUxdmS85HLgYBFy
|
||||
c/P/oQ22iazkKm8P0sNlaZiaZC4TSEea3oh2Pim0+wxSubhKoK+7jq9Egg==
|
||||
-----END PUBLIC KEY-----
|
||||
ctlog:
|
||||
tsaCertChain: |-
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIH/zCCBeegAwIBAgIJAMHphhYNqOmAMA0GCSqGSIb3DQEBDQUAMIGVMREwDwYD
|
||||
VQQKEwhGcmVlIFRTQTEQMA4GA1UECxMHUm9vdCBDQTEYMBYGA1UEAxMPd3d3LmZy
|
||||
ZWV0c2Eub3JnMSIwIAYJKoZIhvcNAQkBFhNidXNpbGV6YXNAZ21haWwuY29tMRIw
|
||||
EAYDVQQHEwlXdWVyemJ1cmcxDzANBgNVBAgTBkJheWVybjELMAkGA1UEBhMCREUw
|
||||
HhcNMTYwMzEzMDE1MjEzWhcNNDEwMzA3MDE1MjEzWjCBlTERMA8GA1UEChMIRnJl
|
||||
ZSBUU0ExEDAOBgNVBAsTB1Jvb3QgQ0ExGDAWBgNVBAMTD3d3dy5mcmVldHNhLm9y
|
||||
ZzEiMCAGCSqGSIb3DQEJARYTYnVzaWxlemFzQGdtYWlsLmNvbTESMBAGA1UEBxMJ
|
||||
V3VlcnpidXJnMQ8wDQYDVQQIEwZCYXllcm4xCzAJBgNVBAYTAkRFMIICIjANBgkq
|
||||
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtgKODjAy8REQ2WTNqUudAnjhlCrpE6ql
|
||||
mQfNppeTmVvZrH4zutn+NwTaHAGpjSGv4/WRpZ1wZ3BRZ5mPUBZyLgq0YrIfQ5Fx
|
||||
0s/MRZPzc1r3lKWrMR9sAQx4mN4z11xFEO529L0dFJjPF9MD8Gpd2feWzGyptlel
|
||||
b+PqT+++fOa2oY0+NaMM7l/xcNHPOaMz0/2olk0i22hbKeVhvokPCqhFhzsuhKsm
|
||||
q4Of/o+t6dI7sx5h0nPMm4gGSRhfq+z6BTRgCrqQG2FOLoVFgt6iIm/BnNffUr7V
|
||||
DYd3zZmIwFOj/H3DKHoGik/xK3E82YA2ZulVOFRW/zj4ApjPa5OFbpIkd0pmzxzd
|
||||
EcL479hSA9dFiyVmSxPtY5ze1P+BE9bMU1PScpRzw8MHFXxyKqW13Qv7LWw4sbk3
|
||||
SciB7GACbQiVGzgkvXG6y85HOuvWNvC5GLSiyP9GlPB0V68tbxz4JVTRdw/Xn/XT
|
||||
FNzRBM3cq8lBOAVt/PAX5+uFcv1S9wFE8YjaBfWCP1jdBil+c4e+0tdywT2oJmYB
|
||||
BF/kEt1wmGwMmHunNEuQNzh1FtJY54hbUfiWi38mASE7xMtMhfj/C4SvapiDN837
|
||||
gYaPfs8x3KZxbX7C3YAsFnJinlwAUss1fdKar8Q/YVs7H/nU4c4Ixxxz4f67fcVq
|
||||
M2ITKentbCMCAwEAAaOCAk4wggJKMAwGA1UdEwQFMAMBAf8wDgYDVR0PAQH/BAQD
|
||||
AgHGMB0GA1UdDgQWBBT6VQ2MNGZRQ0z357OnbJWveuaklzCBygYDVR0jBIHCMIG/
|
||||
gBT6VQ2MNGZRQ0z357OnbJWveuakl6GBm6SBmDCBlTERMA8GA1UEChMIRnJlZSBU
|
||||
U0ExEDAOBgNVBAsTB1Jvb3QgQ0ExGDAWBgNVBAMTD3d3dy5mcmVldHNhLm9yZzEi
|
||||
MCAGCSqGSIb3DQEJARYTYnVzaWxlemFzQGdtYWlsLmNvbTESMBAGA1UEBxMJV3Vl
|
||||
cnpidXJnMQ8wDQYDVQQIEwZCYXllcm4xCzAJBgNVBAYTAkRFggkAwemGFg2o6YAw
|
||||
MwYDVR0fBCwwKjAooCagJIYiaHR0cDovL3d3dy5mcmVldHNhLm9yZy9yb290X2Nh
|
||||
LmNybDCBzwYDVR0gBIHHMIHEMIHBBgorBgEEAYHyJAEBMIGyMDMGCCsGAQUFBwIB
|
||||
FidodHRwOi8vd3d3LmZyZWV0c2Eub3JnL2ZyZWV0c2FfY3BzLmh0bWwwMgYIKwYB
|
||||
BQUHAgEWJmh0dHA6Ly93d3cuZnJlZXRzYS5vcmcvZnJlZXRzYV9jcHMucGRmMEcG
|
||||
CCsGAQUFBwICMDsaOUZyZWVUU0EgdHJ1c3RlZCB0aW1lc3RhbXBpbmcgU29mdHdh
|
||||
cmUgYXMgYSBTZXJ2aWNlIChTYWFTKTA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUH
|
||||
MAGGG2h0dHA6Ly93d3cuZnJlZXRzYS5vcmc6MjU2MDANBgkqhkiG9w0BAQ0FAAOC
|
||||
AgEAaK9+v5OFYu9M6ztYC+L69sw1omdyli89lZAfpWMMh9CRmJhM6KBqM/ipwoLt
|
||||
nxyxGsbCPhcQjuTvzm+ylN6VwTMmIlVyVSLKYZcdSjt/eCUN+41K7sD7GVmxZBAF
|
||||
ILnBDmTGJmLkrU0KuuIpj8lI/E6Z6NnmuP2+RAQSHsfBQi6sssnXMo4HOW5gtPO7
|
||||
gDrUpVXID++1P4XndkoKn7Svw5n0zS9fv1hxBcYIHPPQUze2u30bAQt0n0iIyRLz
|
||||
aWuhtpAtd7ffwEbASgzB7E+NGF4tpV37e8KiA2xiGSRqT5ndu28fgpOY87gD3ArZ
|
||||
DctZvvTCfHdAS5kEO3gnGGeZEVLDmfEsv8TGJa3AljVa5E40IQDsUXpQLi8G+UC4
|
||||
1DWZu8EVT4rnYaCw1VX7ShOR1PNCCvjb8S8tfdudd9zhU3gEB0rxdeTy1tVbNLXW
|
||||
99y90xcwr1ZIDUwM/xQ/noO8FRhm0LoPC73Ef+J4ZBdrvWwauF3zJe33d4ibxEcb
|
||||
8/pz5WzFkeixYM2nsHhqHsBKw7JPouKNXRnl5IAE1eFmqDyC7G/VT7OF669xM6hb
|
||||
Ut5G21JE4cNK6NNucS+fzg1JPX0+3VhsYZjj7D5uljRvQXrJ8iHgr/M6j2oLHvTA
|
||||
I2MLdq2qjZFDOCXsxBxJpbmLGBx9ow6ZerlUxzws2AWv2pk=
|
||||
-----END CERTIFICATE-----
|
||||
imageReferences:
|
||||
- ghcr.io/kyverno/test-verify-image:*
|
||||
validationFailureAction: Enforce
|
||||
webhookTimeoutSeconds: 30
|
|
@ -0,0 +1,9 @@
|
|||
apiVersion: kyverno.io/v1
|
||||
kind: ClusterPolicy
|
||||
metadata:
|
||||
name: keyed-tsa-policy
|
||||
status:
|
||||
conditions:
|
||||
- reason: Succeeded
|
||||
status: "True"
|
||||
type: Ready
|
|
@ -0,0 +1,9 @@
|
|||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: test-tsa-pod
|
||||
namespace: test-verify-images
|
||||
spec:
|
||||
containers:
|
||||
- image: ghcr.io/kyverno/test-verify-image:tsa
|
||||
name: test-secret
|
|
@ -0,0 +1,5 @@
|
|||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: test-tsa-pod
|
||||
namespace: test-verify-images
|
|
@ -0,0 +1,23 @@
|
|||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: keyed-basic
|
||||
spec:
|
||||
timeouts:
|
||||
delete: 2m
|
||||
steps:
|
||||
- name: step-01
|
||||
try:
|
||||
- apply:
|
||||
file: chainsaw-step-01-apply-1.yaml
|
||||
- apply:
|
||||
file: chainsaw-step-01-apply-2.yaml
|
||||
- assert:
|
||||
file: chainsaw-step-01-assert-1.yaml
|
||||
- name: step-02
|
||||
try:
|
||||
- apply:
|
||||
file: chainsaw-step-02-apply-1.yaml
|
||||
- assert:
|
||||
file: chainsaw-step-02-assert-1.yaml
|
Loading…
Add table
Reference in a new issue