stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add support for ГОСТ Р 34.10 digital signatures

Browse Source 
- Implemented the GostKeyValue class for handling public key parameters in ГОСТ Р 34.10 digital signatures.
- Created the GostSignedXml class to manage XML signatures using ГОСТ 34.10, including methods for computing and checking signatures.
- Developed the GostSignedXmlImpl class to encapsulate the signature computation logic and public key retrieval.
- Added specific key value classes for ГОСТ Р 34.10-2001, ГОСТ Р 34.10-2012/256, and ГОСТ Р 34.10-2012/512 to support different signature algorithms.
- Ensured compatibility with existing XML signature standards while integrating ГОСТ cryptography.
This commit is contained in:
master
2025-11-09 21:59:57 +02:00
parent 75c2bcafce
commit cef4cb2c5a
486 changed files with 32952 additions and 801 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
docs/implplan/SPRINT_114_concelier_iii.md
View File

@@ -1,23 +1,23 @@
# Sprint 114 - Ingestion & Evidence · 110.B) Concelier.III
Active items only. Completed/historic work now resides in docs/implplan/archived_sprints_tasks.md (updated 2025-11-08).
Active items only. Completed/historic work now resides in docs/implplan/archived/tasks.md (updated 2025-11-08).
[Ingestion & Evidence] 110.B) Concelier.III
Depends on: Sprint 110.B - Concelier.II
Summary: Ingestion & Evidence focus on Concelier (phase III).
Task ID | State | Task description | Owners (Source)
--- | --- | --- | ---
CONCELIER-OAS-61-001 `Spec coverage` | TODO | Update Concelier OAS with advisory observation/linkset endpoints, standard pagination, and source provenance fields. | Concelier Core Guild, API Contracts Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-OAS-61-002 `Examples library` | TODO | Provide rich examples for advisories, linksets, conflict annotations used by SDK + docs. Dependencies: CONCELIER-OAS-61-001. | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-OAS-62-001 `SDK smoke tests` | TODO | Add SDK tests covering advisory search, pagination, and conflict handling; ensure source metadata surfaced. Dependencies: CONCELIER-OAS-61-002. | Concelier Core Guild, SDK Generator Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-OAS-63-001 `Deprecation headers` | TODO | Implement deprecation header support and timeline events for retiring endpoints. Dependencies: CONCELIER-OAS-62-001. | Concelier Core Guild, API Governance Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-OBS-51-001 `Metrics & SLOs` | TODO | Emit metrics for ingest latency (cold/warm), queue depth, aoc violation rate, and publish SLO burn-rate alerts (ingest P95 <30s cold / <5s warm). Ship dashboards + alert configs. Dependencies: CONCELIER-OBS-50-001. | Concelier Core Guild, DevOps Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-OBS-52-001 `Timeline events` | TODO | Emit `timeline_event` records for advisory ingest/normalization/linkset creation with provenance, trace IDs, conflict summaries, and evidence placeholders. Dependencies: CONCELIER-OBS-51-001. | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-OBS-53-001 `Evidence snapshots` | TODO | Produce advisory evaluation bundle payloads (raw doc, linkset, normalization diff) for evidence locker; ensure Merkle manifests seeded with content hashes. Dependencies: CONCELIER-OBS-52-001. | Concelier Core Guild, Evidence Locker Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-OBS-54-001 `Attestation & verification` | TODO | Attach DSSE attestations for advisory processing batches, expose verification API to confirm bundle integrity, and link attestation IDs back to timeline + ledger. Dependencies: CONCELIER-OBS-53-001. | Concelier Core Guild, Provenance Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-OBS-55-001 `Incident mode hooks` | TODO | Increase sampling, capture raw payload snapshots, and extend retention under incident mode; emit activation events + guardrails against PII leak. Dependencies: CONCELIER-OBS-54-001. | Concelier Core Guild, DevOps Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-ORCH-32-001 `Source registry integration` | TODO | Register Concelier data sources with orchestrator (metadata, schedules, rate policies) and wire provenance IDs/security scopes. | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-ORCH-32-002 `Worker SDK adoption` | TODO | Embed orchestrator worker SDK in ingestion loops, emit heartbeats/progress/artifact hashes, and enforce idempotency keys. Dependencies: CONCELIER-ORCH-32-001. | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-ORCH-33-001 `Control hook compliance` | TODO | Honor orchestrator throttle/pause/retry actions, surface structured error classes, and persist safe checkpoints for resume. Dependencies: CONCELIER-ORCH-32-002. | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-ORCH-34-001 `Backfill + ledger linkage` | TODO | Execute orchestrator-driven backfills, reuse artifact hashes to avoid duplicates, and link provenance to run ledger exports. Dependencies: CONCELIER-ORCH-33-001. | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-POLICY-20-001 `Policy selection endpoints` | TODO | Add batch advisory lookup APIs (`/policy/select/advisories`, `/policy/select/vex`) optimized for PURL/ID lists with pagination, tenant scoping, and explain metadata. | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService)
CONCELIER-OAS-61-001 `Spec coverage` | TODO | Update the OpenAPI spec so every observation/linkset/timeline endpoint documents provenance fields, tenant scopes, and AOC guarantees (no consensus fields), giving downstream SDKs unambiguous contracts. | Concelier Core Guild, API Contracts Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-OAS-61-002 `Examples library` | TODO | Provide realistic examples (conflict linksets, multi-source severity, timeline snippets) showing how raw advisories are surfaced without merges; wire them into docs/SDKs. Depends on CONCELIER-OAS-61-001. | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-OAS-62-001 `SDK smoke tests` | TODO | Add SDK scenarios covering advisory search, pagination, and conflict handling to ensure each language client preserves provenance fields and does not infer verdicts. Depends on CONCELIER-OAS-61-002. | Concelier Core Guild, SDK Generator Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-OAS-63-001 `Deprecation headers` | TODO | Implement Sunset/Deprecation headers + timeline notices for legacy endpoints being retired, keeping operators informed while discouraging use of merge-era APIs. Depends on CONCELIER-OAS-62-001. | Concelier Core Guild, API Governance Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-OBS-51-001 `Metrics & SLOs` | TODO | Emit ingestion latency, queue depth, and AOC violation metrics with burn-rate alerts so we can prove the evidence pipeline remains healthy without resorting to heuristics. | Concelier Core Guild, DevOps Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-OBS-52-001 `Timeline events` | TODO | Produce timeline records for ingest/normalization/linkset updates containing trace IDs, conflict summaries, and evidence hashes—pure facts for downstream replay. Depends on CONCELIER-OBS-51-001. | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-OBS-53-001 `Evidence snapshots` | TODO | Generate evidence locker bundles (raw doc, normalization diff, linkset) with Merkle manifests so audits can replay advisory history without touching live Mongo. Depends on CONCELIER-OBS-52-001. | Concelier Core Guild, Evidence Locker Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-OBS-54-001 `Attestation & verification` | TODO | Attach DSSE attestations to advisory batches, expose verification APIs, and link attestation IDs into timeline + ledger for transparency. Depends on CONCELIER-OBS-53-001. | Concelier Core Guild, Provenance Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-OBS-55-001 `Incident mode hooks` | TODO | Implement incident-mode levers (extra sampling, retention overrides, redaction guards) that collect more raw evidence without mutating advisory content. Depends on CONCELIER-OBS-54-001. | Concelier Core Guild, DevOps Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-ORCH-32-001 `Source registry integration` | TODO | Register every advisory connector with the orchestrator (metadata, auth scopes, rate policies) so ingest scheduling is transparent and reproducible. | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-ORCH-32-002 `Worker SDK adoption` | TODO | Adopt the orchestrator worker SDK in ingestion loops, emitting heartbeats/progress/artifact hashes to guarantee deterministic replays. Depends on CONCELIER-ORCH-32-001. | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-ORCH-33-001 `Control hook compliance` | TODO | Honor orchestrator pause/throttle/retry controls with structured error outputs and persisted checkpoints so operators can intervene without losing evidence. Depends on CONCELIER-ORCH-32-002. | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-ORCH-34-001 `Backfill + ledger linkage` | TODO | Execute orchestrator-driven backfills that reuse artifact hashes/signatures, log provenance, and push run metadata to the ledger for audits. Depends on CONCELIER-ORCH-33-001. | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-POLICY-20-001 `Policy selection endpoints` | TODO | Provide batch advisory lookup APIs for Policy Engine (purl/advisory filters, tenant scopes, explain metadata) so policy can join raw evidence without Concelier suggesting outcomes. | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService)