34 lines
1.3 KiB
Markdown
34 lines
1.3 KiB
Markdown
# SmRemote Service Charter
|
|
|
|
## Mission
|
|
- Provide a remote SM2 signing service that integrates with the cryptography plugin stack.
|
|
|
|
## Responsibilities
|
|
- Host the SM2 signing API with strict input validation and auth.
|
|
- Bridge requests to the configured remote HSM or key service.
|
|
- Ensure deterministic signing outputs and audit logging.
|
|
- Maintain offline-safe operation when remote endpoints are allowed.
|
|
|
|
## Required Reading
|
|
- docs/README.md
|
|
- docs/07_HIGH_LEVEL_ARCHITECTURE.md
|
|
- docs/modules/platform/architecture-overview.md
|
|
- docs/modules/cryptography/architecture.md
|
|
|
|
## Working Agreement
|
|
- Never log key material, raw digests, or secrets.
|
|
- Use TimeProvider and IGuidGenerator for timestamps and request ids.
|
|
- Use InvariantCulture for parsing and formatting.
|
|
- Propagate CancellationToken to all IO calls.
|
|
- Network access only to configured HSM endpoints; no ambient network calls.
|
|
|
|
## Testing Strategy
|
|
- Unit tests for request validation and error mapping.
|
|
- Integration tests with mocked HSM endpoints and deterministic fixtures.
|
|
- Security tests for auth, scope enforcement, and input bounds.
|
|
|
|
## Service Endpoints
|
|
- Development: https://localhost:10310, http://localhost:10311
|
|
- Local alias: https://smremote.stella-ops.local, http://smremote.stella-ops.local
|
|
- Env var: STELLAOPS_SMREMOTE_URL
|