part #2
This commit is contained in:
master
@@ -1,10 +1,8 @@
|
||||
// SPDX-License-Identifier: BUSL-1.1
|
||||
// Sprint: SPRINT_4100_0006_0002 - eIDAS Crypto Plugin
|
||||
|
||||
using Microsoft.Extensions.Logging;
|
||||
using Microsoft.Extensions.Options;
|
||||
using StellaOps.Cryptography.Plugin.EIDAS.Configuration;
|
||||
using System.Security.Cryptography;
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
|
||||
namespace StellaOps.Cryptography.Plugin.EIDAS;
|
||||
@@ -13,7 +11,7 @@ namespace StellaOps.Cryptography.Plugin.EIDAS;
|
||||
/// Local eIDAS signing provider using PKCS#12 keystores.
|
||||
/// Suitable for development and AdES-level signatures.
|
||||
/// </summary>
|
||||
public class LocalEidasProvider
|
||||
public partial class LocalEidasProvider
|
||||
{
|
||||
private readonly ILogger<LocalEidasProvider> _logger;
|
||||
private readonly LocalSigningOptions? _options;
|
||||
@@ -27,96 +25,6 @@ public class LocalEidasProvider
|
||||
_options = options.Value.Local;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Local signing with PKCS#12 certificate (stub implementation).
|
||||
/// </summary>
|
||||
public async Task<byte[]> LocalSignAsync(
|
||||
byte[] data,
|
||||
string algorithmId,
|
||||
EidasKeyConfig keyConfig,
|
||||
CancellationToken cancellationToken)
|
||||
{
|
||||
_logger.LogDebug("Local eIDAS signing: keyId={KeyId}, algorithm={Algorithm}, dataLength={Length}",
|
||||
keyConfig.KeyId, algorithmId, data.Length);
|
||||
|
||||
if (_options == null)
|
||||
{
|
||||
throw new InvalidOperationException("Local signing options not configured");
|
||||
}
|
||||
|
||||
// Load certificate from PKCS#12 keystore (cached)
|
||||
_certificate ??= LoadCertificate(_options);
|
||||
|
||||
// Stub implementation - in production, use actual certificate signing
|
||||
_logger.LogWarning("Using stub local signing - replace with actual PKCS#12 signing in production");
|
||||
|
||||
// Compute hash
|
||||
var hash = algorithmId.Contains("SHA256") ? SHA256.HashData(data) : SHA512.HashData(data);
|
||||
|
||||
// Stub: Create mock signature
|
||||
var stubSignature = new byte[64]; // ECDSA-P256 signature
|
||||
RandomNumberGenerator.Fill(stubSignature);
|
||||
|
||||
_logger.LogInformation("Local eIDAS signature created (stub): keyId={KeyId}, signatureLength={Length}",
|
||||
keyConfig.KeyId, stubSignature.Length);
|
||||
|
||||
await Task.CompletedTask; // For async signature
|
||||
return stubSignature;
|
||||
|
||||
// Production implementation:
|
||||
// using var rsa = _certificate.GetRSAPrivateKey();
|
||||
// using var ecdsa = _certificate.GetECDsaPrivateKey();
|
||||
//
|
||||
// return algorithmId switch
|
||||
// {
|
||||
// "RSA-PSS-2048" or "RSA-PSS-4096" => rsa.SignData(data, HashAlgorithmName.SHA256, RSASignaturePadding.Pss),
|
||||
// "ECDSA-P256" or "ECDSA-P384" or "ECDSA-P521" => ecdsa.SignData(data, HashAlgorithmName.SHA256),
|
||||
// _ => throw new NotSupportedException($"Algorithm {algorithmId} not supported for local signing")
|
||||
// };
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Local verification with PKCS#12 certificate (stub implementation).
|
||||
/// </summary>
|
||||
public async Task<bool> LocalVerifyAsync(
|
||||
byte[] data,
|
||||
byte[] signature,
|
||||
string algorithmId,
|
||||
EidasKeyConfig keyConfig,
|
||||
CancellationToken cancellationToken)
|
||||
{
|
||||
_logger.LogDebug("Local eIDAS verification: keyId={KeyId}, algorithm={Algorithm}",
|
||||
keyConfig.KeyId, algorithmId);
|
||||
|
||||
if (_options == null)
|
||||
{
|
||||
throw new InvalidOperationException("Local signing options not configured");
|
||||
}
|
||||
|
||||
// Load certificate from PKCS#12 keystore
|
||||
_certificate ??= LoadCertificate(_options);
|
||||
|
||||
// Stub: Always return true
|
||||
_logger.LogWarning("Using stub local verification - replace with actual PKCS#12 verification in production");
|
||||
await Task.Delay(10, cancellationToken); // Simulate crypto operation
|
||||
|
||||
_logger.LogInformation("Local eIDAS verification complete (stub): keyId={KeyId}, valid=true",
|
||||
keyConfig.KeyId);
|
||||
|
||||
return true;
|
||||
|
||||
// Production implementation:
|
||||
// using var rsa = _certificate.GetRSAPublicKey();
|
||||
// using var ecdsa = _certificate.GetECDsaPublicKey();
|
||||
//
|
||||
// return algorithmId switch
|
||||
// {
|
||||
// "RSA-PSS-2048" or "RSA-PSS-4096" => rsa.VerifyData(data, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pss),
|
||||
// "ECDSA-P256" or "ECDSA-P384" or "ECDSA-P521" => ecdsa.VerifyData(data, signature, HashAlgorithmName.SHA256),
|
||||
// _ => throw new NotSupportedException($"Algorithm {algorithmId} not supported for local verification")
|
||||
// };
|
||||
}
|
||||
|
||||
private X509Certificate2 LoadCertificate(LocalSigningOptions options)
|
||||
{
|
||||
_logger.LogDebug("Loading eIDAS certificate from keystore: path={Path}, type={Type}",
|
||||
@@ -141,7 +49,8 @@ public class LocalEidasProvider
|
||||
|
||||
return cert;
|
||||
}
|
||||
else if (options.Type.Equals("PEM", StringComparison.OrdinalIgnoreCase))
|
||||
|
||||
if (options.Type.Equals("PEM", StringComparison.OrdinalIgnoreCase))
|
||||
{
|
||||
// Load PEM certificate (requires separate key file)
|
||||
var certPem = File.ReadAllText(options.Path);
|
||||
@@ -152,10 +61,8 @@ public class LocalEidasProvider
|
||||
|
||||
return cert;
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new NotSupportedException($"Keystore type '{options.Type}' not supported");
|
||||
}
|
||||
|
||||
throw new NotSupportedException($"Keystore type '{options.Type}' not supported");
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user