From 27a8be92c970cc16f96a0865f4295df10938dffb Mon Sep 17 00:00:00 2001
From: makeworld <makeworld@protonmail.com>
Date: Fri, 28 Jun 2024 14:48:04 -0400
Subject: [PATCH] trust digicert for wacz timestamping (fixes #50)

---
 preprocessor/wacz/wacz.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/preprocessor/wacz/wacz.go b/preprocessor/wacz/wacz.go
index 7e470e5..3cb59c5 100644
--- a/preprocessor/wacz/wacz.go
+++ b/preprocessor/wacz/wacz.go
@@ -72,9 +72,17 @@ type WaczFileData struct {
 	UserAgent   string
 }
 
+// SHA-256 fingerprints of CA certs for Timestamp Authorities we trust
 var trustedTimestampFingerprints = []string{
 	// freetsa.org Root CA (self-signed)
+	// Need to trust this because Authsign uses it
 	"a6379e7cecc05faa3cbf076013d745e327bbbaa38c0b9af22469d4701d18aabc",
+
+	// DigiCertTrustedG4RSA4096SHA256TimeStampingCA.cer
+	// DigiCert's CA for timestamping operations
+	// Authsign will use this in the future:
+	// https://github.com/starlinglab/integrity-v2/issues/50
+	"281734d4592d1291d27190709cb510b07e22c405d5e0d6119b70e73589f98acf",
 }
 
 // findUserAgent finds the user agent string in the data.warc.gz file.