stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

tenant fixes

Browse Source
This commit is contained in:
master
2026-02-23 23:44:50 +02:00
parent bdb1438654
commit 4f947a8b61
159 changed files with 1064 additions and 556 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/SmRemote/StellaOps.SmRemote.Service/Program.cs
View File

@@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Builder;
using Microsoft.Extensions.DependencyInjection;
using StellaOps.Auth.Abstractions;
using StellaOps.Auth.ServerIntegration;
using StellaOps.Auth.ServerIntegration.Tenancy;
using StellaOps.SmRemote.Service.Security;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Options;
@@ -40,6 +41,7 @@ builder.Services.AddAuthorization(options =>
options.AddStellaOpsScopePolicy(SmRemotePolicies.Verify, StellaOpsScopes.SmRemoteVerify);
});
builder.Services.AddStellaOpsTenantServices();
builder.Services.AddStellaOpsCors(builder.Environment, builder.Configuration);
// Stella Router integration
@@ -62,6 +64,7 @@ if (app.Environment.IsDevelopment())
app.UseStellaOpsCors();
app.UseAuthentication();
app.UseAuthorization();
app.UseStellaOpsTenantMiddleware();
app.TryUseStellaRouter(routerEnabled);
app.MapGet("/health", () => Results.Ok(new SmHealthResponse("ok")))
@@ -99,7 +102,8 @@ app.MapPost("/hash", (HashRequest req) =>
})
.WithName("SmRemoteHash")
.WithDescription("Computes an SM3 hash of the provided base64-encoded payload. Returns the hash as both base64 and lowercase hex. Defaults to SM3 if algorithmId is omitted. Returns 400 if the payload is missing, invalid base64, or an unsupported algorithm is requested.")
.RequireAuthorization(SmRemotePolicies.Sign);
.RequireAuthorization(SmRemotePolicies.Sign)
.RequireTenant();
app.MapPost("/encrypt", (EncryptRequest req) =>
{
@@ -125,7 +129,8 @@ app.MapPost("/encrypt", (EncryptRequest req) =>
return Results.Ok(new EncryptResponse(algorithmId, Convert.ToBase64String(ciphertext)));
})
.WithName("SmRemoteEncrypt")
.WithDescription("Encrypts the provided base64-encoded payload using SM4-ECB with PKCS7 padding and the supplied 128-bit (16-byte) base64-encoded key. Returns the ciphertext as base64. Returns 400 if the key, payload, or algorithm is missing, invalid, or the key length is not 16 bytes.");
.WithDescription("Encrypts the provided base64-encoded payload using SM4-ECB with PKCS7 padding and the supplied 128-bit (16-byte) base64-encoded key. Returns the ciphertext as base64. Returns 400 if the key, payload, or algorithm is missing, invalid, or the key length is not 16 bytes.")
.RequireTenant();
app.MapPost("/decrypt", (DecryptRequest req) =>
{
@@ -157,7 +162,8 @@ app.MapPost("/decrypt", (DecryptRequest req) =>
}
})
.WithName("SmRemoteDecrypt")
.WithDescription("Decrypts the provided base64-encoded SM4-ECB ciphertext using the supplied 128-bit (16-byte) base64-encoded key with PKCS7 unpadding. Returns the plaintext payload as base64. Returns 400 if the key, ciphertext, or algorithm is invalid, or if the ciphertext padding is corrupt.");
.WithDescription("Decrypts the provided base64-encoded SM4-ECB ciphertext using the supplied 128-bit (16-byte) base64-encoded key with PKCS7 unpadding. Returns the plaintext payload as base64. Returns 400 if the key, ciphertext, or algorithm is invalid, or if the ciphertext padding is corrupt.")
.RequireTenant();
app.MapPost("/sign", async (SignRequest req, ICryptoProviderRegistry registry, TimeProvider timeProvider, CancellationToken ct) =>
{
@@ -178,7 +184,8 @@ app.MapPost("/sign", async (SignRequest req, ICryptoProviderRegistry registry, T
return Results.Ok(new SignResponse(Convert.ToBase64String(signature)));
})
.WithName("SmRemoteSign")
.WithDescription("Signs the provided base64-encoded payload using the SM2 algorithm and the specified key ID. Seeds the key from an ephemeral EC key pair if not already present. Returns the base64-encoded SM2 signature. Returns 400 if the key ID, algorithm, or payload is missing or invalid.");
.WithDescription("Signs the provided base64-encoded payload using the SM2 algorithm and the specified key ID. Seeds the key from an ephemeral EC key pair if not already present. Returns the base64-encoded SM2 signature. Returns 400 if the key ID, algorithm, or payload is missing or invalid.")
.RequireTenant();
app.MapPost("/verify", async (VerifyRequest req, ICryptoProviderRegistry registry, TimeProvider timeProvider, CancellationToken ct) =>
{
@@ -198,7 +205,8 @@ app.MapPost("/verify", async (VerifyRequest req, ICryptoProviderRegistry registr
return Results.Ok(new VerifyResponse(ok));
})
.WithName("SmRemoteVerify")
.WithDescription("Verifies an SM2 signature against the provided base64-encoded payload using the specified key ID. Returns a boolean valid field indicating whether the signature matches. Returns 400 if the key ID, algorithm, payload, or signature is missing or invalid base64.");
.WithDescription("Verifies an SM2 signature against the provided base64-encoded payload using the specified key ID. Returns a boolean valid field indicating whether the signature matches. Returns 400 if the key ID, algorithm, payload, or signature is missing or invalid base64.")
.RequireTenant();
app.TryRefreshStellaRouterEndpoints(routerEnabled);
app.Run();