# Timestamp Evidence Storage with Re-Timestamping Service

## Module
Attestor

## Status
IMPLEMENTED

## Description
PostgreSQL-backed storage for timestamp evidence (TSTs, OCSP responses, CRLs) with a re-timestamping service for algorithm migration. Includes air-gap bundle export/import for offline timestamp evidence. No direct match in known features list.

## Implementation Details
- **Attestation Timestamp Service**: `src/Attestor/__Libraries/StellaOps.Attestor.Timestamping/AttestationTimestampService.cs` (with `.Helpers`, `.Timestamp`, `.Verify`) -- core service for creating and verifying timestamp evidence. Implements `IAttestationTimestampService.cs`.
- **Timestamped Attestation**: `TimestampedAttestation.cs` -- attestation with attached timestamp evidence (TST, verification data).
- **Time Correlation Validator**: `TimeCorrelationValidator.cs` (with `.Async`, `.GapChecks`, `.Validate`) -- validates time consistency between multiple timestamp sources. Implements `ITimeCorrelationValidator.cs`.
- **Timestamp Policy**: `TimestampPolicy.cs` -- policy defining timestamp requirements. `TimestampPolicyEvaluator.cs` -- evaluates timestamps against policy. `TimestampPolicyResult.cs` -- evaluation result.
- **Time Correlation**: `TimeCorrelationPolicy.cs`, `TimeCorrelationResult.cs`, `TimeCorrelationStatus.cs`, `TimeConsistencyResult.cs` -- time correlation models.
- **TST Verification**: `TstVerificationStatus.cs` -- TST verification status. `TsaCertificateStatus.cs` -- TSA certificate validity status.
- **Verification Result**: `AttestationTimestampVerificationResult.cs` -- comprehensive verification result.
- **Options**: `AttestationTimestampOptions.cs`, `AttestationTimestampServiceOptions.cs`, `AttestationTimestampVerificationOptions.cs` -- configuration.
- **Rekor Receipt**: `RekorReceipt.cs` -- Rekor receipt as timestamp evidence.
- **Tests**: `__Tests/StellaOps.Attestor.Timestamping.Tests/`

## E2E Test Plan
- [ ] Create a timestamped attestation via `AttestationTimestampService.Timestamp` and verify the TST is attached
- [ ] Verify the timestamp via `.Verify` and confirm `AttestationTimestampVerificationResult` passes
- [ ] Validate time correlation between TST, Rekor receipt, and wall clock via `TimeCorrelationValidator` and verify consistency
- [ ] Evaluate a timestamp against policy via `TimestampPolicyEvaluator` and verify the result
- [ ] Simulate algorithm migration: re-timestamp an attestation with a new hash algorithm and verify the new TST is valid
- [ ] Verify time gap detection via `TimeCorrelationValidator.GapChecks` for suspicious time differences
- [ ] Export timestamp evidence as an air-gap bundle and import on an offline system; verify verification works
- [ ] Verify `TsaCertificateStatus` correctly reports TSA certificate validity (valid, expired, revoked)