semi implemented and features implemented save checkpoint

2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
--- a/docs/features/unchecked/excititor/vex-cryptographic-verification.md
+++ b/docs/features/unchecked/excititor/vex-cryptographic-verification.md
@@ -0,0 +1,32 @@
+# VEX Cryptographic Verification
+
+## Module
+Excititor
+
+## Status
+IMPLEMENTED
+
+## Description
+Cryptographic signature verification of VEX documents at ingestion time with crypto profile selection and issuer validation.
+
+## Implementation Details
+- **Modules**: `src/Excititor/__Libraries/StellaOps.Excititor.Core/Verification/`, `src/Excititor/StellaOps.Excititor.Worker/Signature/`
+- **Key Classes**:
+  - `ProductionVexSignatureVerifier` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Verification/ProductionVexSignatureVerifier.cs`) - production signature verifier for VEX documents
+  - `CryptoProfileSelector` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Verification/CryptoProfileSelector.cs`) - selects crypto profile (FIPS, eIDAS, GOST, SM) based on issuer
+  - `VerificationCacheService` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Verification/VerificationCacheService.cs`) - caches verification results for performance
+  - `VexSignatureVerifierOptions` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Verification/VexSignatureVerifierOptions.cs`) - configurable verification options
+  - `VexVerificationModels` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Verification/VexVerificationModels.cs`) - verification result models
+  - `VexVerificationMetrics` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Verification/VexVerificationMetrics.cs`) - metrics for verification operations
+  - `WorkerSignatureVerifier` (`src/Excititor/StellaOps.Excititor.Worker/Signature/WorkerSignatureVerifier.cs`) - worker-side signature verification
+  - `VerifyingVexRawDocumentSink` (`src/Excititor/StellaOps.Excititor.Worker/Signature/VerifyingVexRawDocumentSink.cs`) - sink that verifies signatures before persisting
+- **Interfaces**: `IVexSignatureVerifierV2`
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- [ ] Ingest a cryptographically signed VEX document and verify `ProductionVexSignatureVerifier` validates the signature
+- [ ] Verify `CryptoProfileSelector` selects the correct crypto profile based on the issuer's regional requirements
+- [ ] Verify `VerificationCacheService` caches verification results and returns cached results for repeated checks
+- [ ] Ingest a VEX document with an invalid signature and verify rejection with a clear error
+- [ ] Verify `VerifyingVexRawDocumentSink` rejects unsigned documents when signature verification is required
+- [ ] Verify `VexVerificationMetrics` records verification success/failure counts and latency