part #2

2026-02-04 19:59:20 +02:00
parent 557feefdc3
commit 5548cf83bf
1479 changed files with 53557 additions and 40339 deletions
--- a/src/__Libraries/StellaOps.Cryptography.Plugin.EIDAS/EidasCryptoProvider.cs
+++ b/src/__Libraries/StellaOps.Cryptography.Plugin.EIDAS/EidasCryptoProvider.cs
@@ -1,6 +1,5 @@
 // SPDX-License-Identifier: BUSL-1.1
 // Sprint: SPRINT_4100_0006_0002 - eIDAS Crypto Plugin
-
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Cryptography;
@@ -82,6 +81,7 @@ public class EidasCryptoProvider : ICryptoProvider
        {
            _logger.LogInformation("eIDAS signing key removed: keyId={KeyId}", keyId);
        }
+
        return removed;
    }

@@ -90,112 +90,3 @@ public class EidasCryptoProvider : ICryptoProvider
        return _signingKeys.Values.ToList().AsReadOnly();
    }
 }
-
-/// <summary>
-/// eIDAS signer implementation that routes to TSP or local provider.
-/// </summary>
-internal class EidasSigner : ICryptoSigner
-{
-    private readonly ILogger _logger;
-    private readonly EidasOptions _options;
-    private readonly TrustServiceProviderClient _tspClient;
-    private readonly LocalEidasProvider _localProvider;
-    private readonly string _algorithmId;
-    private readonly CryptoKeyReference _keyReference;
-
-    public EidasSigner(
-        ILogger logger,
-        EidasOptions options,
-        TrustServiceProviderClient tspClient,
-        LocalEidasProvider localProvider,
-        string algorithmId,
-        CryptoKeyReference keyReference)
-    {
-        _logger = logger;
-        _options = options;
-        _tspClient = tspClient;
-        _localProvider = localProvider;
-        _algorithmId = algorithmId;
-        _keyReference = keyReference;
-    }
-
-    public string KeyId => _keyReference.KeyId;
-    public string AlgorithmId => _algorithmId;
-
-    public async ValueTask<byte[]> SignAsync(ReadOnlyMemory<byte> data, CancellationToken cancellationToken = default)
-    {
-        _logger.LogDebug("eIDAS signing request: keyId={KeyId}, algorithm={Algorithm}",
-            _keyReference.KeyId, _algorithmId);
-
-        // Resolve key configuration
-        var keyConfig = _options.Keys.FirstOrDefault(k => k.KeyId == _keyReference.KeyId);
-        if (keyConfig == null)
-        {
-            throw new KeyNotFoundException($"eIDAS key '{_keyReference.KeyId}' not configured");
-        }
-
-        // Route to appropriate signer based on key source
-        byte[] signature = keyConfig.Source.ToLowerInvariant() switch
-        {
-            "tsp" => await _tspClient.RemoteSignAsync(data.ToArray(), _algorithmId, keyConfig, cancellationToken),
-            "local" => await _localProvider.LocalSignAsync(data.ToArray(), _algorithmId, keyConfig, cancellationToken),
-            _ => throw new InvalidOperationException($"Unsupported eIDAS key source: {keyConfig.Source}")
-        };
-
-        _logger.LogInformation("eIDAS signature created: keyId={KeyId}, signatureLength={Length}, level={Level}",
-            _keyReference.KeyId, signature.Length, _options.SignatureLevel);
-
-        return signature;
-    }
-
-    public async ValueTask<bool> VerifyAsync(ReadOnlyMemory<byte> data, ReadOnlyMemory<byte> signature, CancellationToken cancellationToken = default)
-    {
-        _logger.LogDebug("eIDAS verification request: keyId={KeyId}, algorithm={Algorithm}",
-            _keyReference.KeyId, _algorithmId);
-
-        // Resolve key configuration
-        var keyConfig = _options.Keys.FirstOrDefault(k => k.KeyId == _keyReference.KeyId);
-        if (keyConfig == null)
-        {
-            throw new KeyNotFoundException($"eIDAS key '{_keyReference.KeyId}' not configured");
-        }
-
-        // Route to appropriate verifier
-        bool isValid = keyConfig.Source.ToLowerInvariant() switch
-        {
-            "tsp" => await _tspClient.RemoteVerifyAsync(data.ToArray(), signature.ToArray(), _algorithmId, keyConfig, cancellationToken),
-            "local" => await _localProvider.LocalVerifyAsync(data.ToArray(), signature.ToArray(), _algorithmId, keyConfig, cancellationToken),
-            _ => throw new InvalidOperationException($"Unsupported eIDAS key source: {keyConfig.Source}")
-        };
-
-        _logger.LogInformation("eIDAS verification result: keyId={KeyId}, valid={Valid}",
-            _keyReference.KeyId, isValid);
-
-        return isValid;
-    }
-
-    public Microsoft.IdentityModel.Tokens.JsonWebKey ExportPublicJsonWebKey()
-    {
-        // For eIDAS, public key export requires certificate parsing
-        // Stub implementation - in production, extract from certificate
-        _logger.LogWarning("eIDAS ExportPublicJsonWebKey is not fully implemented - returning stub JWK");
-
-        var keyConfig = _options.Keys.FirstOrDefault(k => k.KeyId == _keyReference.KeyId);
-        if (keyConfig?.Certificate != null)
-        {
-            // Production: Parse certificate and extract public key
-            // var cert = X509Certificate2.CreateFromPem(keyConfig.Certificate);
-            // var ecdsa = cert.GetECDsaPublicKey();
-            // return JsonWebKeyConverter.ConvertFromECDsaSecurityKey(new ECDsaSecurityKey(ecdsa));
-        }
-
-        return new Microsoft.IdentityModel.Tokens.JsonWebKey
-        {
-            Kty = "EC",
-            Crv = "P-256",
-            Use = "sig",
-            Kid = _keyReference.KeyId,
-            Alg = _algorithmId
-        };
-    }
-}