stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
fa4823f46c4bc090294580a9136fb6b0e11e50f9
git.stella-ops.org/docs/features/unchecked/attestor/asn-1-native-rfc-3161-timestamp-token-parsing.md

3.1 KiB
Raw Blame History

ASN.1-Native RFC 3161 Timestamp Token Parsing

Module

Attestor

Status

IMPLEMENTED

Description

Native ASN.1 parsing of RFC 3161 timestamp tokens using System.Formats.Asn1 (no BouncyCastle dependency). Includes request encoding, response decoding, TstInfo extraction, certificate chain parsing, and signature verification. This is the low-level implementation detail behind the known "RFC-3161 TSA Client" entry.

Implementation Details

  • Timestamp Service: src/Attestor/__Libraries/StellaOps.Attestor.Timestamping/AttestationTimestampService.cs (with .Helpers, .Timestamp, .Verify partials) -- core service handling RFC 3161 timestamp request/response lifecycle.
  • IAttestationTimestampService: IAttestationTimestampService.cs -- interface for timestamp operations.
  • Timestamp Policy: TimestampPolicy.cs, TimestampPolicyEvaluator.cs, TimestampPolicyResult.cs -- policy evaluation for timestamp requirements.
  • TSA Certificate Validation: TsaCertificateStatus.cs -- certificate chain status. TstVerificationStatus.cs -- TstInfo verification result.
  • Time Correlation: TimeCorrelationValidator.cs (with .Async, .GapChecks, .Validate partials) -- validates timestamp consistency across multiple TSA sources. TimeCorrelationPolicy.cs, TimeCorrelationResult.cs, TimeCorrelationStatus.cs define correlation rules.
  • Time Consistency: TimeConsistencyResult.cs -- result of cross-TSA time consistency checks.
  • Multi-Provider Fallback: src/Attestor/__Libraries/StellaOps.Attestor.Infrastructure/Timestamping/TsaMultiProvider.cs -- fallback chain across multiple TSA providers.
  • Configuration: AttestationTimestampOptions.cs, AttestationTimestampServiceOptions.cs, AttestationTimestampVerificationOptions.cs, AttestationTimestampPolicyContext.cs.
  • Timestamped Attestation: TimestampedAttestation.cs -- wraps an attestation with its timestamp token.
  • Tests: StellaOps.Attestor/StellaOps.Attestor.Tests/Timestamping/AttestationTimestampServiceTests.cs, AttestationTimestampPolicyTests.cs, TimeCorrelationValidatorTests.cs

E2E Test Plan

  • Create a timestamp request for a SHA-256 hash via AttestationTimestampService, send to a TSA endpoint, and verify the response contains a valid TstInfo with matching hash
  • Parse an RFC 3161 timestamp token response and verify certificate chain extraction produces valid TsaCertificateStatus
  • Verify a timestamp token signature against the TSA certificate and confirm TstVerificationStatus indicates success
  • Configure TimeCorrelationValidator with two TSA sources and verify TimeConsistencyResult passes when timestamps are within configured gap tolerance
  • Configure TimeCorrelationValidator with a strict gap threshold and submit timestamps with drift exceeding the threshold, verifying TimeCorrelationStatus indicates failure
  • Test TsaMultiProvider fallback by configuring a primary TSA that fails and a secondary that succeeds, verifying the timestamp is obtained from the fallback provider
  • Create a TimestampedAttestation wrapping a DSSE envelope and verify the timestamp token is correctly associated