stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
docs/features/checked/excititor/vex-cryptographic-verification.md Normal file
View File

@@ -0,0 +1,38 @@
# VEX Cryptographic Verification
## Module
Excititor
## Status
VERIFIED
## Description
Cryptographic signature verification of VEX documents at ingestion time with crypto profile selection and issuer validation.
## Implementation Details
- **Modules**: `src/Excititor/__Libraries/StellaOps.Excititor.Core/Verification/`, `src/Excititor/StellaOps.Excititor.Worker/Signature/`
- **Key Classes**:
- `ProductionVexSignatureVerifier` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Verification/ProductionVexSignatureVerifier.cs`) - production signature verifier for VEX documents
- `CryptoProfileSelector` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Verification/CryptoProfileSelector.cs`) - selects crypto profile (FIPS, eIDAS, GOST, SM) based on issuer
- `VerificationCacheService` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Verification/VerificationCacheService.cs`) - caches verification results for performance
- `VexSignatureVerifierOptions` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Verification/VexSignatureVerifierOptions.cs`) - configurable verification options
- `VexVerificationModels` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Verification/VexVerificationModels.cs`) - verification result models
- `VexVerificationMetrics` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Verification/VexVerificationMetrics.cs`) - metrics for verification operations
- `WorkerSignatureVerifier` (`src/Excititor/StellaOps.Excititor.Worker/Signature/WorkerSignatureVerifier.cs`) - worker-side signature verification
- `VerifyingVexRawDocumentSink` (`src/Excititor/StellaOps.Excititor.Worker/Signature/VerifyingVexRawDocumentSink.cs`) - sink that verifies signatures before persisting
- **Interfaces**: `IVexSignatureVerifierV2`
- **Source**: Feature matrix scan
## E2E Test Plan
- [ ] Ingest a cryptographically signed VEX document and verify `ProductionVexSignatureVerifier` validates the signature
- [ ] Verify `CryptoProfileSelector` selects the correct crypto profile based on the issuer's regional requirements
- [ ] Verify `VerificationCacheService` caches verification results and returns cached results for repeated checks
- [ ] Ingest a VEX document with an invalid signature and verify rejection with a clear error
- [ ] Verify `VerifyingVexRawDocumentSink` rejects unsigned documents when signature verification is required
- [ ] Verify `VexVerificationMetrics` records verification success/failure counts and latency
## Verification
- Verified on 2026-02-13 via `run-001`.
- Tier 0: Source files confirmed present on disk.
- Tier 1: `dotnet build` passed (0 errors); 503/504 tests passed (1 env_issue: no local Postgres).
- Tier 2d: `docs/qa/feature-checks/runs/excititor/vex-cryptographic-verification/run-001/tier2-integration-check.json`