2.1 KiB
2.1 KiB
Rekor Timestamp in Evidence Graph Metadata
Module
EvidenceLocker
Status
IMPLEMENTED
Description
Evidence graph signature metadata extended with Rekor integrated time (RFC3339) and entry URL for UI timestamp linking and verifiable provenance display.
Implementation Details
- Modules:
src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Core/Domain/,src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/ - Key Classes:
EvidenceBundleSignature(src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Core/Domain/EvidenceBundleSignature.cs) - extended with Rekor integrated time and entry URL fieldsEvidenceBundleMetadata(src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Core/Domain/EvidenceBundleMetadata.cs) - metadata model with Rekor timestamp referencesRfc3161TimestampAuthorityClient(src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Signing/Rfc3161TimestampAuthorityClient.cs) - retrieves and validates RFC 3161 timestampsTimelineIndexerEvidenceTimelinePublisher(src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Timeline/TimelineIndexerEvidenceTimelinePublisher.cs) - publishes Rekor-timestamped events to the timeline
- Interfaces:
ITimestampAuthorityClient,IEvidenceTimelinePublisher - Source: SPRINT_20260112_004_FINDINGS_evidence_graph_rekor_time.md
E2E Test Plan
- Create a signed evidence bundle and verify
EvidenceBundleSignatureincludes Rekor integrated time in RFC3339 format - Verify
EvidenceBundleSignatureincludes a Rekor entry URL that resolves to the correct log entry - Verify
Rfc3161TimestampAuthorityClientretrieves and validates RFC 3161 timestamps from the authority - Verify
TimelineIndexerEvidenceTimelinePublisherpublishes events with Rekor timestamps for UI display - Verify the Rekor entry URL is clickable and links to the transparency log entry in the UI
- Verify timestamp metadata persists in
EvidenceBundleMetadataand is returned by API queries