feat(eidas): Implement eIDAS Crypto Plugin with dependency injection and signing capabilities

- Added ServiceCollectionExtensions for eIDAS crypto providers. - Implemented EidasCryptoProvider for handling eIDAS-compliant signatures. - Created LocalEidasProvider for local signing using PKCS#12 keystores. - Defined SignatureLevel and SignatureFormat enums for eIDAS compliance. - Developed TrustServiceProviderClient for remote signing via TSP. - Added configuration support for eIDAS options in the project file. - Implemented unit tests for SM2 compliance and crypto operations. - Introduced dependency injection extensions for SM software and remote plugins.
2025-12-23 14:06:48 +02:00
parent ef933db0d8
commit 84d97fd22c
51 changed files with 4353 additions and 747 deletions
--- a/src/__Libraries/StellaOps.Cryptography.Plugin.EIDAS/Configuration/EidasOptions.cs
+++ b/src/__Libraries/StellaOps.Cryptography.Plugin.EIDAS/Configuration/EidasOptions.cs
@@ -0,0 +1,172 @@
+// SPDX-License-Identifier: AGPL-3.0-or-later
+// Sprint: SPRINT_4100_0006_0002 - eIDAS Crypto Plugin
+
+using StellaOps.Cryptography.Plugin.EIDAS.Models;
+
+namespace StellaOps.Cryptography.Plugin.EIDAS.Configuration;
+
+/// <summary>
+/// Configuration options for eIDAS crypto provider.
+/// </summary>
+public class EidasOptions
+{
+    /// <summary>
+    /// Default signature level (QES, AES, or AdES).
+    /// </summary>
+    public SignatureLevel SignatureLevel { get; set; } = SignatureLevel.AdES;
+
+    /// <summary>
+    /// Default signature format (CAdES, XAdES, PAdES, JAdES).
+    /// </summary>
+    public SignatureFormat SignatureFormat { get; set; } = SignatureFormat.CAdES;
+
+    /// <summary>
+    /// Default signature algorithm (ECDSA-P256, RSA-PSS-2048, etc.).
+    /// </summary>
+    public string DefaultAlgorithm { get; set; } = "ECDSA-P256";
+
+    /// <summary>
+    /// Default digest algorithm for hashing.
+    /// </summary>
+    public string DigestAlgorithm { get; set; } = "SHA256";
+
+    /// <summary>
+    /// Validate certificate chains against EU Trusted List.
+    /// </summary>
+    public bool ValidateCertificateChain { get; set; } = true;
+
+    /// <summary>
+    /// Maximum certificate chain depth.
+    /// </summary>
+    public int MaxCertificateChainDepth { get; set; } = 5;
+
+    /// <summary>
+    /// Trust Service Provider (TSP) configuration for remote signing.
+    /// </summary>
+    public TspOptions? Tsp { get; set; }
+
+    /// <summary>
+    /// Local signing configuration (PKCS#12 keystore).
+    /// </summary>
+    public LocalSigningOptions? Local { get; set; }
+
+    /// <summary>
+    /// EU Trusted List configuration.
+    /// </summary>
+    public TrustedListOptions TrustedList { get; set; } = new();
+
+    /// <summary>
+    /// Configured keys for signing/verification.
+    /// </summary>
+    public List<EidasKeyConfig> Keys { get; set; } = new();
+}
+
+/// <summary>
+/// Trust Service Provider configuration for remote QES signing.
+/// </summary>
+public class TspOptions
+{
+    /// <summary>
+    /// TSP API endpoint URL.
+    /// </summary>
+    public required string Endpoint { get; set; }
+
+    /// <summary>
+    /// TSP API key for authentication.
+    /// </summary>
+    public required string ApiKey { get; set; }
+
+    /// <summary>
+    /// TSP certificate for mutual TLS (optional).
+    /// </summary>
+    public string? Certificate { get; set; }
+
+    /// <summary>
+    /// Request timeout in seconds.
+    /// </summary>
+    public int TimeoutSeconds { get; set; } = 30;
+}
+
+/// <summary>
+/// Local signing configuration (PKCS#12 keystore).
+/// </summary>
+public class LocalSigningOptions
+{
+    /// <summary>
+    /// Keystore type (PKCS12, PEM).
+    /// </summary>
+    public string Type { get; set; } = "PKCS12";
+
+    /// <summary>
+    /// Path to keystore file.
+    /// </summary>
+    public required string Path { get; set; }
+
+    /// <summary>
+    /// Keystore password.
+    /// </summary>
+    public required string Password { get; set; }
+
+    /// <summary>
+    /// Path to certificate chain file (PEM format).
+    /// </summary>
+    public string? CertificateChainPath { get; set; }
+}
+
+/// <summary>
+/// EU Trusted List configuration.
+/// </summary>
+public class TrustedListOptions
+{
+    /// <summary>
+    /// EU Trusted List (EUTL) URL.
+    /// Default: https://ec.europa.eu/tools/lotl/eu-lotl.xml
+    /// </summary>
+    public string Url { get; set; } = "https://ec.europa.eu/tools/lotl/eu-lotl.xml";
+
+    /// <summary>
+    /// Local cache directory for trusted list.
+    /// </summary>
+    public string CachePath { get; set; } = "./crypto/eutl-cache";
+
+    /// <summary>
+    /// Refresh interval in hours.
+    /// </summary>
+    public int RefreshIntervalHours { get; set; } = 24;
+
+    /// <summary>
+    /// Enable strict validation (fail on any validation error).
+    /// </summary>
+    public bool StrictValidation { get; set; } = true;
+}
+
+/// <summary>
+/// eIDAS key configuration.
+/// </summary>
+public class EidasKeyConfig
+{
+    /// <summary>
+    /// Unique key identifier.
+    /// </summary>
+    public required string KeyId { get; set; }
+
+    /// <summary>
+    /// Key source: "tsp" (remote) or "local" (PKCS#12).
+    /// </summary>
+    public required string Source { get; set; }
+
+    /// <summary>
+    /// Certificate in PEM format (optional for validation).
+    /// </summary>
+    public string? Certificate { get; set; }
+
+    /// <summary>
+    /// Certificate subject DN.
+    /// </summary>
+    public string? SubjectDn { get; set; }
+
+    /// <summary>
+    /// Certificate serial number.
+    /// </summary>
+    public string? SerialNumber { get; set; }
+}