stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/attestor/timestamp-evidence-storage-with-re-timestamping-service.md

2.8 KiB
Raw Blame History

Timestamp Evidence Storage with Re-Timestamping Service

Module

Attestor

Status

IMPLEMENTED

Description

PostgreSQL-backed storage for timestamp evidence (TSTs, OCSP responses, CRLs) with a re-timestamping service for algorithm migration. Includes air-gap bundle export/import for offline timestamp evidence. No direct match in known features list.

Implementation Details

  • Attestation Timestamp Service: src/Attestor/__Libraries/StellaOps.Attestor.Timestamping/AttestationTimestampService.cs (with .Helpers, .Timestamp, .Verify) -- core service for creating and verifying timestamp evidence. Implements IAttestationTimestampService.cs.
  • Timestamped Attestation: TimestampedAttestation.cs -- attestation with attached timestamp evidence (TST, verification data).
  • Time Correlation Validator: TimeCorrelationValidator.cs (with .Async, .GapChecks, .Validate) -- validates time consistency between multiple timestamp sources. Implements ITimeCorrelationValidator.cs.
  • Timestamp Policy: TimestampPolicy.cs -- policy defining timestamp requirements. TimestampPolicyEvaluator.cs -- evaluates timestamps against policy. TimestampPolicyResult.cs -- evaluation result.
  • Time Correlation: TimeCorrelationPolicy.cs, TimeCorrelationResult.cs, TimeCorrelationStatus.cs, TimeConsistencyResult.cs -- time correlation models.
  • TST Verification: TstVerificationStatus.cs -- TST verification status. TsaCertificateStatus.cs -- TSA certificate validity status.
  • Verification Result: AttestationTimestampVerificationResult.cs -- comprehensive verification result.
  • Options: AttestationTimestampOptions.cs, AttestationTimestampServiceOptions.cs, AttestationTimestampVerificationOptions.cs -- configuration.
  • Rekor Receipt: RekorReceipt.cs -- Rekor receipt as timestamp evidence.
  • Tests: __Tests/StellaOps.Attestor.Timestamping.Tests/

E2E Test Plan

  • Create a timestamped attestation via AttestationTimestampService.Timestamp and verify the TST is attached
  • Verify the timestamp via .Verify and confirm AttestationTimestampVerificationResult passes
  • Validate time correlation between TST, Rekor receipt, and wall clock via TimeCorrelationValidator and verify consistency
  • Evaluate a timestamp against policy via TimestampPolicyEvaluator and verify the result
  • Simulate algorithm migration: re-timestamp an attestation with a new hash algorithm and verify the new TST is valid
  • Verify time gap detection via TimeCorrelationValidator.GapChecks for suspicious time differences
  • Export timestamp evidence as an air-gap bundle and import on an offline system; verify verification works
  • Verify TsaCertificateStatus correctly reports TSA certificate validity (valid, expired, revoked)