stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

semi implemented and features implemented save checkpoint

Browse Source
This commit is contained in:
master
2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
docs/features/unchecked/attestor/tsa-multi-provider-fallback-chain-with-cli.md Normal file
View File

@@ -0,0 +1,33 @@
# TSA Multi-Provider Fallback Chain with CLI
## Module
Attestor
## Status
IMPLEMENTED
## Description
Multi-provider TSA configuration with automatic fallback chain (primary/secondary/tertiary), retry policies with jitter, and CLI commands (`stella timestamp request/verify/providers`). Extends beyond the known "RFC-3161 TSA Client for CI/CD Timestamping" with multi-provider orchestration and CLI surface.
## Implementation Details
- **TSA Multi-Provider**: `src/Attestor/__Libraries/StellaOps.Attestor.Infrastructure/Timestamping/TsaMultiProvider.cs` -- multi-provider TSA client with ordered fallback chain (primary/secondary/tertiary), retry with exponential backoff and jitter, automatic failover on provider errors.
- **Attestation Timestamp Service**: `__Libraries/StellaOps.Attestor.Timestamping/AttestationTimestampService.cs` (with `.Helpers`, `.Timestamp`, `.Verify`) -- core timestamping service that uses the multi-provider chain. Implements `IAttestationTimestampService.cs`.
- **Attestation Timestamp Options**: `AttestationTimestampOptions.cs` -- configuration for provider URLs, retry policies, and fallback order.
- **Attestation Timestamp Service Options**: `AttestationTimestampServiceOptions.cs` -- service-level options (timeout, max retries, jitter parameters).
- **TSA Certificate Status**: `TsaCertificateStatus.cs` -- enum tracking TSA certificate validity (Valid, Expired, Revoked, Unknown).
- **TST Verification Status**: `TstVerificationStatus.cs` -- status of timestamp token verification.
- **Timestamp Policy**: `TimestampPolicy.cs` -- policy defining required timestamp providers and minimum provider count.
- **Timestamp Policy Evaluator**: `TimestampPolicyEvaluator.cs` -- evaluates timestamps against policy rules. `TimestampPolicyResult.cs` -- evaluation result.
- **Timestamped Attestation**: `TimestampedAttestation.cs` -- attestation with attached timestamp evidence from one or more TSA providers.
- **Time Correlation Validator**: `TimeCorrelationValidator.cs` (with `.Async`, `.GapChecks`, `.Validate`) -- cross-validates timestamps from multiple providers for consistency.
- **Tests**: `__Tests/StellaOps.Attestor.Timestamping.Tests/`
## E2E Test Plan
- [ ] Configure three TSA providers (primary, secondary, tertiary) and request a timestamp; verify the primary provider is used first
- [ ] Disable the primary TSA provider and request a timestamp; verify automatic fallover to the secondary provider
- [ ] Disable primary and secondary providers; verify fallover to the tertiary provider and successful timestamp
- [ ] Disable all providers and verify the request fails with a descriptive error after exhausting all fallbacks
- [ ] Verify retry with jitter: configure a provider that fails intermittently and verify retries succeed with exponential backoff
- [ ] Verify `TimestampPolicy` enforcement: require timestamps from at least 2 providers and verify the evaluator rejects single-provider timestamps
- [ ] Cross-validate timestamps from multiple providers via `TimeCorrelationValidator` and verify time consistency within acceptable drift
- [ ] Verify `TsaCertificateStatus` correctly identifies an expired TSA certificate and rejects its timestamps