Validate TSA certificate chain at timestamp issuance time

[codysoyland]

Summary

• Validate the TSA certificate chain at the timestamp's genTime rather than at the current wall-clock time, so that verification succeeds even after the TSA certificate has expired
• Add VerifyOpts.CurrentTime to allow callers to override the validation time explicitly

Motivation

Previously, VerifyTimestampResponse validated the TSA certificate chain using time.Now() (Go's default when x509.VerifyOptions.CurrentTime is zero). This caused verification to fail once the TSA signing certificate expired, even though the timestamp was issued while the certificate was still valid.

Per RFC 3161 Appendix B (steps B.4–B.5), the TSA certificate chain should be validated at the time the timestamp was issued (genTime), not at the time of verification. A timestamp token remains valid as long as the TSA certificate was valid and unrevoked at genTime.

This change defaults CurrentTime to ts.Time when the caller does not specify one, aligning certificate chain validation with the RFC 3161 verification model.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 26.38%. Comparing base (6fd19b0) to head (de81c9d).
⚠️ Report is 642 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #1384       +/-   ##
===========================================
- Coverage   52.85%   26.38%   -26.47%     
===========================================
  Files          20       55       +35     
  Lines        1209     3134     +1925     
===========================================
+ Hits          639      827      +188     
- Misses        509     2254     +1745     
+ Partials       61       53        -8     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Hayden-IO]

To confirm, was there a regression or was this a new conformance test recently added?

[codysoyland]

To confirm, was there a regression or was this a new conformance test recently added?

As we discussed in Slack, this is a regression due to the underlying pkcs7 library's defaults when we switched from VerifyWithOpts to Verify in #1375. -- VerifyWithOpts set the CurrentTime to the signing time (if present), but Verify uses the current time.