stella-ops.org/git.stella-ops.org

Files

master 557feefdc3 stabilizaiton work - projects rework for maintenanceability and ui livening

2026-02-03 23:40:04 +02:00

1.3 KiB

Raw Blame History

SmRemote Service Charter

Mission

Provide a remote SM2 signing service that integrates with the cryptography plugin stack.

Responsibilities

Host the SM2 signing API with strict input validation and auth.
Bridge requests to the configured remote HSM or key service.
Ensure deterministic signing outputs and audit logging.
Maintain offline-safe operation when remote endpoints are allowed.

Required Reading

docs/README.md
docs/07_HIGH_LEVEL_ARCHITECTURE.md
docs/modules/platform/architecture-overview.md
docs/modules/cryptography/architecture.md

Working Agreement

Never log key material, raw digests, or secrets.
Use TimeProvider and IGuidGenerator for timestamps and request ids.
Use InvariantCulture for parsing and formatting.
Propagate CancellationToken to all IO calls.
Network access only to configured HSM endpoints; no ambient network calls.

Testing Strategy

Unit tests for request validation and error mapping.
Integration tests with mocked HSM endpoints and deterministic fixtures.
Security tests for auth, scope enforcement, and input bounds.

Service Endpoints

Development: https://localhost:10310, http://localhost:10311
Local alias: https://smremote.stella-ops.local, http://smremote.stella-ops.local
Env var: STELLAOPS_SMREMOTE_URL