feat(eidas): Implement eIDAS Crypto Plugin with dependency injection and signing capabilities

- Added ServiceCollectionExtensions for eIDAS crypto providers. - Implemented EidasCryptoProvider for handling eIDAS-compliant signatures. - Created LocalEidasProvider for local signing using PKCS#12 keystores. - Defined SignatureLevel and SignatureFormat enums for eIDAS compliance. - Developed TrustServiceProviderClient for remote signing via TSP. - Added configuration support for eIDAS options in the project file. - Implemented unit tests for SM2 compliance and crypto operations. - Introduced dependency injection extensions for SM software and remote plugins.
2025-12-23 14:06:48 +02:00
parent ef933db0d8
commit 84d97fd22c
51 changed files with 4353 additions and 747 deletions
--- a/etc/appsettings.sm.yaml.example
+++ b/etc/appsettings.sm.yaml.example
@@ -0,0 +1,124 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
+# Sprint: SPRINT_4100_0006_0003 - SM Crypto CLI Integration
+# Configuration example for Chinese ShangMi (SM) crypto providers
+
+StellaOps:
+  Crypto:
+    Registry:
+      # Active profile for SM operations
+      ActiveProfile: "sm-production"
+
+      Profiles:
+        # Production profile using GmSSL or remote CSP
+        - Name: "sm-production"
+          PreferredProviders:
+            - "cn.sm.soft"       # GmSSL software implementation
+            - "cn.sm.remote.http" # Remote cryptographic service provider
+
+          Keys:
+            # Software SM2 key (GmSSL)
+            - KeyId: "sm-signing-2025"
+              Source: "file"
+              Location: "/etc/stellaops/keys/sm-2025.pem"
+              Algorithm: "SM2"
+              CertificateFormat: "GM/T 0015-2012"  # SM2 certificate standard
+              Metadata:
+                description: "Production SM2 signing key"
+                usage: "signatures"
+                compliant: "OSCCA GM/T 0003-2012"
+
+            # Remote CSP key
+            - KeyId: "sm-csp-prod"
+              Source: "remote-csp"
+              Endpoint: "https://sm-csp.example.cn"
+              CredentialId: "cred-sm-123456"
+              Algorithm: "SM2"
+              Metadata:
+                description: "Remote CSP signing key"
+                vendor: "Example CSP Provider"
+                certified: "true"
+
+        # Testing/development profile with simulator
+        - Name: "sm-simulator"
+          PreferredProviders:
+            - "cn.sm.simulator"  # Simulator for testing without real CSP
+
+          Keys:
+            - KeyId: "sm-test-key"
+              Source: "simulator"
+              Algorithm: "SM2"
+              Metadata:
+                description: "Test SM2 key for development"
+                warning: "NOT for production use"
+
+    # SM Soft Provider Configuration (GmSSL-based)
+    Profiles:
+      sm-soft:
+        # Require SM_SOFT_ALLOWED=1 environment variable
+        RequireEnvironmentGate: true
+
+        # Pre-configured keys
+        Keys:
+          - KeyId: "sm-signing-2025"
+            PrivateKeyPath: "/etc/stellaops/keys/sm-2025.pem"
+            # Supports both PEM and PKCS#8 DER formats
+
+      # SM Remote Provider Configuration (Remote CSP)
+      sm-remote:
+        # Skip initial probe if CSP is not always available
+        SkipProbe: false
+
+        # Pre-configured remote keys
+        Keys:
+          - KeyId: "sm-csp-prod"
+            RemoteKeyId: "remote-key-id-at-csp"
+
+      # SM Simulator Provider Configuration (Testing)
+      sm-simulator:
+        # Simulator endpoint (local or remote)
+        Endpoint: "http://localhost:8888"
+
+        # Auto-generate test keys
+        AutoGenerateKeys: true
+
+        Keys:
+          - KeyId: "sm-test-key"
+            GenerateOnStartup: true
+
+# SM Algorithm Constants
+# - SM2: Public key cryptography (equivalent to ECDSA P-256)
+# - SM3: Hash function (equivalent to SHA-256, 256-bit output)
+# - SM4: Block cipher (equivalent to AES-128)
+# - SM9: Identity-based cryptography
+
+# Compliance Requirements (OSCCA)
+# - Algorithms must use OSCCA-certified implementations
+# - Certificates must follow GM/T 0015-2012 (SM2 certificate format)
+# - Key exchange follows GM/T 0003.5 protocol
+
+# Usage Examples:
+#
+# Sign with SM2:
+#   stella crypto sign \
+#     --provider cn.sm.soft \
+#     --profile sm-production \
+#     --key-id sm-signing-2025 \
+#     --alg SM2 \
+#     --file document.pdf \
+#     --out document.pdf.sig
+#
+# Hash with SM3:
+#   stella crypto hash \
+#     --alg SM3 \
+#     --file document.pdf
+#
+# Verify SM2 signature:
+#   stella crypto verify \
+#     --provider cn.sm.soft \
+#     --key-id sm-signing-2025 \
+#     --alg SM2 \
+#     --file document.pdf \
+#     --signature document.pdf.sig
+#
+# List SM providers:
+#   stella crypto providers --filter sm