stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Implement VEX document verification system with issuer management and signature verification

Browse Source 
- Added IIssuerDirectory interface for managing VEX document issuers, including methods for registration, revocation, and trust validation.
- Created InMemoryIssuerDirectory class as an in-memory implementation of IIssuerDirectory for testing and single-instance deployments.
- Introduced ISignatureVerifier interface for verifying signatures on VEX documents, with support for multiple signature formats.
- Developed SignatureVerifier class as the default implementation of ISignatureVerifier, allowing extensibility for different signature formats.
- Implemented handlers for DSSE and JWS signature formats, including methods for verification and signature extraction.
- Defined various records and enums for issuer and signature metadata, enhancing the structure and clarity of the verification process.
This commit is contained in:
StellaOps Bot
2025-12-06 13:41:22 +02:00
parent 2141196496
commit 5e514532df
112 changed files with 24861 additions and 211 deletions
Download Patch File Download Diff File Expand all files Collapse all files

171
src/VexLens/StellaOps.VexLens/Extensions/VexLensServiceCollectionExtensions.cs Normal file
View File

@@ -0,0 +1,171 @@
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.DependencyInjection.Extensions;
using StellaOps.VexLens.Api;
using StellaOps.VexLens.Consensus;
using StellaOps.VexLens.Integration;
using StellaOps.VexLens.Mapping;
using StellaOps.VexLens.Normalization;
using StellaOps.VexLens.Observability;
using StellaOps.VexLens.Options;
using StellaOps.VexLens.Storage;
using StellaOps.VexLens.Trust;
using StellaOps.VexLens.Verification;
namespace StellaOps.VexLens.Extensions;
/// <summary>
/// Extension methods for registering VexLens services.
/// </summary>
public static class VexLensServiceCollectionExtensions
{
/// <summary>
/// Adds VexLens consensus engine services to the service collection.
/// </summary>
public static IServiceCollection AddVexLens(
this IServiceCollection services,
IConfiguration configuration)
{
var section = configuration.GetSection(VexLensOptions.SectionName);
services.Configure<VexLensOptions>(section);
var options = section.Get<VexLensOptions>() ?? new VexLensOptions();
return services.AddVexLensCore(options);
}
/// <summary>
/// Adds VexLens consensus engine services with explicit options.
/// </summary>
public static IServiceCollection AddVexLens(
this IServiceCollection services,
Action<VexLensOptions> configure)
{
var options = new VexLensOptions();
configure(options);
services.Configure(configure);
return services.AddVexLensCore(options);
}
/// <summary>
/// Adds VexLens services for testing with in-memory storage.
/// </summary>
public static IServiceCollection AddVexLensForTesting(this IServiceCollection services)
{
var options = new VexLensOptions
{
Storage = { Driver = "memory" },
Telemetry = { MetricsEnabled = false, TracingEnabled = false }
};
return services.AddVexLensCore(options);
}
private static IServiceCollection AddVexLensCore(
this IServiceCollection services,
VexLensOptions options)
{
// Normalization
services.TryAddSingleton<IVexNormalizerRegistry>(sp =>
{
var registry = new VexNormalizerRegistry();
RegisterNormalizers(registry, options.Normalization);
return registry;
});
// Product mapping
services.TryAddSingleton<IProductMapper, ProductMapper>();
// Verification
services.TryAddSingleton<ISignatureVerifier, SignatureVerifier>();
// Issuer directory - use in-memory by default, can be replaced
services.TryAddSingleton<IIssuerDirectory, InMemoryIssuerDirectory>();
// Trust engine
services.TryAddSingleton<ITrustWeightEngine, TrustWeightEngine>();
// Consensus engine
services.TryAddSingleton<IVexConsensusEngine, VexConsensusEngine>();
// Storage
RegisterStorage(services, options.Storage);
// Event emitter - in-memory for now
services.TryAddSingleton<IConsensusEventEmitter, InMemoryConsensusEventEmitter>();
// API service
services.TryAddScoped<IVexLensApiService, VexLensApiService>();
// Rationale service for AI/ML consumption
services.TryAddScoped<IConsensusRationaleService, ConsensusRationaleService>();
// Integration services
services.TryAddScoped<IPolicyEngineIntegration, PolicyEngineIntegration>();
services.TryAddScoped<IVulnExplorerIntegration, VulnExplorerIntegration>();
// Metrics
if (options.Telemetry.MetricsEnabled)
{
services.TryAddSingleton<VexLensMetrics>();
}
return services;
}
private static void RegisterNormalizers(
VexNormalizerRegistry registry,
VexLensNormalizationOptions options)
{
var enabledFormats = new HashSet<string>(
options.EnabledFormats,
StringComparer.OrdinalIgnoreCase);
if (enabledFormats.Contains("OpenVEX"))
{
registry.Register(new OpenVexNormalizer());
}
if (enabledFormats.Contains("CSAF"))
{
registry.Register(new CsafVexNormalizer());
}
if (enabledFormats.Contains("CycloneDX"))
{
registry.Register(new CycloneDxVexNormalizer());
}
}
private static void RegisterStorage(
IServiceCollection services,
VexLensStorageOptions options)
{
switch (options.Driver.ToLowerInvariant())
{
case "memory":
services.TryAddSingleton<IConsensusProjectionStore>(sp =>
{
var emitter = sp.GetRequiredService<IConsensusEventEmitter>();
return new InMemoryConsensusProjectionStore(emitter);
});
break;
case "mongo":
// MongoDB storage would be registered here
// For now, fall back to in-memory
services.TryAddSingleton<IConsensusProjectionStore>(sp =>
{
var emitter = sp.GetRequiredService<IConsensusEventEmitter>();
return new InMemoryConsensusProjectionStore(emitter);
});
break;
default:
throw new InvalidOperationException(
$"Unknown VexLens storage driver: {options.Driver}");
}
}
}