# TSA Multi-Provider Fallback Chain with CLI

## Module
Attestor

## Status
IMPLEMENTED

## Description
Multi-provider TSA configuration with automatic fallback chain (primary/secondary/tertiary), retry policies with jitter, and CLI commands (`stella timestamp request/verify/providers`). Extends beyond the known "RFC-3161 TSA Client for CI/CD Timestamping" with multi-provider orchestration and CLI surface.

## Implementation Details
- **TSA Multi-Provider**: `src/Attestor/__Libraries/StellaOps.Attestor.Infrastructure/Timestamping/TsaMultiProvider.cs` -- multi-provider TSA client with ordered fallback chain (primary/secondary/tertiary), retry with exponential backoff and jitter, automatic failover on provider errors.
- **Attestation Timestamp Service**: `__Libraries/StellaOps.Attestor.Timestamping/AttestationTimestampService.cs` (with `.Helpers`, `.Timestamp`, `.Verify`) -- core timestamping service that uses the multi-provider chain. Implements `IAttestationTimestampService.cs`.
- **Attestation Timestamp Options**: `AttestationTimestampOptions.cs` -- configuration for provider URLs, retry policies, and fallback order.
- **Attestation Timestamp Service Options**: `AttestationTimestampServiceOptions.cs` -- service-level options (timeout, max retries, jitter parameters).
- **TSA Certificate Status**: `TsaCertificateStatus.cs` -- enum tracking TSA certificate validity (Valid, Expired, Revoked, Unknown).
- **TST Verification Status**: `TstVerificationStatus.cs` -- status of timestamp token verification.
- **Timestamp Policy**: `TimestampPolicy.cs` -- policy defining required timestamp providers and minimum provider count.
- **Timestamp Policy Evaluator**: `TimestampPolicyEvaluator.cs` -- evaluates timestamps against policy rules. `TimestampPolicyResult.cs` -- evaluation result.
- **Timestamped Attestation**: `TimestampedAttestation.cs` -- attestation with attached timestamp evidence from one or more TSA providers.
- **Time Correlation Validator**: `TimeCorrelationValidator.cs` (with `.Async`, `.GapChecks`, `.Validate`) -- cross-validates timestamps from multiple providers for consistency.
- **Tests**: `__Tests/StellaOps.Attestor.Timestamping.Tests/`

## E2E Test Plan
- [ ] Configure three TSA providers (primary, secondary, tertiary) and request a timestamp; verify the primary provider is used first
- [ ] Disable the primary TSA provider and request a timestamp; verify automatic fallover to the secondary provider
- [ ] Disable primary and secondary providers; verify fallover to the tertiary provider and successful timestamp
- [ ] Disable all providers and verify the request fails with a descriptive error after exhausting all fallbacks
- [ ] Verify retry with jitter: configure a provider that fails intermittently and verify retries succeed with exponential backoff
- [ ] Verify `TimestampPolicy` enforcement: require timestamps from at least 2 providers and verify the evaluator rejects single-provider timestamps
- [ ] Cross-validate timestamps from multiple providers via `TimeCorrelationValidator` and verify time consistency within acceptable drift
- [ ] Verify `TsaCertificateStatus` correctly identifies an expired TSA certificate and rejects its timestamps