stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
docs/features/checked/evidencelocker/rekor-timestamp-in-evidence-graph-metadata.md Normal file
View File

@@ -0,0 +1,28 @@
# Rekor Timestamp in Evidence Graph Metadata
## Module
EvidenceLocker
## Status
IMPLEMENTED
## Description
Evidence graph signature metadata extended with Rekor integrated time (RFC3339) and entry URL for UI timestamp linking and verifiable provenance display.
## Implementation Details
- **Modules**: `src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Core/Domain/`, `src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/`
- **Key Classes**:
- `EvidenceBundleSignature` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Core/Domain/EvidenceBundleSignature.cs`) - extended with Rekor integrated time and entry URL fields
- `EvidenceBundleMetadata` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Core/Domain/EvidenceBundleMetadata.cs`) - metadata model with Rekor timestamp references
- `Rfc3161TimestampAuthorityClient` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Signing/Rfc3161TimestampAuthorityClient.cs`) - retrieves and validates RFC 3161 timestamps
- `TimelineIndexerEvidenceTimelinePublisher` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Timeline/TimelineIndexerEvidenceTimelinePublisher.cs`) - publishes Rekor-timestamped events to the timeline
- **Interfaces**: `ITimestampAuthorityClient`, `IEvidenceTimelinePublisher`
- **Source**: SPRINT_20260112_004_FINDINGS_evidence_graph_rekor_time.md
## E2E Test Plan
- [ ] Create a signed evidence bundle and verify `EvidenceBundleSignature` includes Rekor integrated time in RFC3339 format
- [ ] Verify `EvidenceBundleSignature` includes a Rekor entry URL that resolves to the correct log entry
- [ ] Verify `Rfc3161TimestampAuthorityClient` retrieves and validates RFC 3161 timestamps from the authority
- [ ] Verify `TimelineIndexerEvidenceTimelinePublisher` publishes events with Rekor timestamps for UI display
- [ ] Verify the Rekor entry URL is clickable and links to the transparency log entry in the UI
- [ ] Verify timestamp metadata persists in `EvidenceBundleMetadata` and is returned by API queries