// SPDX-License-Identifier: BUSL-1.1
// Sprint: SPRINT_4100_0006_0002 - eIDAS Crypto Plugin
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using StellaOps.Cryptography.Plugin.EIDAS.Configuration;
using System.Security.Cryptography.X509Certificates;
namespace StellaOps.Cryptography.Plugin.EIDAS;
///
/// Local eIDAS signing provider using PKCS#12 keystores.
/// Suitable for development and AdES-level signatures.
///
public partial class LocalEidasProvider
{
private readonly ILogger _logger;
private readonly LocalSigningOptions? _options;
private X509Certificate2? _certificate;
public LocalEidasProvider(
ILogger logger,
IOptions options)
{
_logger = logger;
_options = options.Value.Local;
}
private X509Certificate2 LoadCertificate(LocalSigningOptions options)
{
_logger.LogDebug("Loading eIDAS certificate from keystore: path={Path}, type={Type}",
options.Path, options.Type);
if (!File.Exists(options.Path))
{
throw new FileNotFoundException($"eIDAS keystore not found: {options.Path}");
}
try
{
if (options.Type.Equals("PKCS12", StringComparison.OrdinalIgnoreCase))
{
var cert = X509CertificateLoader.LoadPkcs12FromFile(
options.Path,
options.Password,
X509KeyStorageFlags.Exportable);
_logger.LogInformation("eIDAS certificate loaded: subject={Subject}, serial={Serial}, expires={Expires}",
cert.Subject, cert.SerialNumber, cert.NotAfter);
return cert;
}
if (options.Type.Equals("PEM", StringComparison.OrdinalIgnoreCase))
{
// Load PEM certificate (requires separate key file)
var certPem = File.ReadAllText(options.Path);
var cert = X509Certificate2.CreateFromPem(certPem);
_logger.LogInformation("eIDAS PEM certificate loaded: subject={Subject}",
cert.Subject);
return cert;
}
throw new NotSupportedException($"Keystore type '{options.Type}' not supported");
}
catch (Exception ex)
{
_logger.LogError(ex, "Failed to load eIDAS certificate from keystore");
throw;
}
}
}