stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
4bdc298ec1fc821ee0d9dda6d2d4643dcedf6b35
git.stella-ops.org/docs/features/unchecked/cryptography/eidas-qualified-timestamping.md

3.2 KiB
Raw Blame History

eIDAS Qualified Timestamping

Module

Cryptography

Status

IMPLEMENTED

Description

EU-qualified timestamp verification with TSA configuration, EU Trust List integration, and CAdES signature building for eIDAS compliance.

Implementation Details

  • EidasPlugin: src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/EidasPlugin.cs -- eIDAS crypto provider plugin extending CryptoPluginBase
  • QualifiedTimestampVerifier: src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/QualifiedTimestampVerifier.cs -- verifies RFC 3161 timestamps from EU-qualified TSAs against the EU Trust List
  • IQualifiedTimestampVerifier: src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/IQualifiedTimestampVerifier.cs -- verification interface
  • EuTrustListService: src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/EuTrustListService.cs -- fetches and caches the EU Trusted List of TSA providers for validation
  • IEuTrustListService: src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/IEuTrustListService.cs -- trust list interface
  • TimestampModeSelector: src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/TimestampModeSelector.cs -- selects between qualified and standard timestamping based on configuration and TSA availability
  • ITimestampModeSelector: src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/ITimestampModeSelector.cs -- mode selection interface
  • CadesSignatureBuilder: src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/CadesSignatureBuilder.cs -- builds CAdES (CMS Advanced Electronic Signatures) signatures with embedded timestamps per EU regulation requirements
  • ICadesSignatureBuilder: src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/ICadesSignatureBuilder.cs -- CAdES builder interface
  • QualifiedTsaConfiguration: src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/QualifiedTsaConfiguration.cs -- TSA endpoint URL, authentication, certificate chain configuration
  • EidasTimestampingExtensions: src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/EidasTimestampingExtensions.cs -- DI registration extensions for eIDAS timestamping services
  • EtsiConformanceTestVectors: src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Tests/EtsiConformanceTestVectors.cs -- ETSI conformance test vectors
  • Tests: src/Cryptography/__Tests/StellaOps.Cryptography.Tests/Eidas/QualifiedTsaProviderTests.cs, TimestampModeSelectorTests.cs
  • Source: Feature matrix scan

E2E Test Plan

  • Verify qualified timestamp verification validates RFC 3161 timestamp against EU Trust List
  • Test timestamp mode selector chooses qualified mode when TSA is available and standard mode as fallback
  • Verify CAdES signature builder produces valid CMS Advanced Electronic Signatures with embedded timestamps
  • Test EU Trust List service fetches and caches TSA provider list
  • Verify QualifiedTsaConfiguration validates TSA endpoint URL and certificate chain
  • Test ETSI conformance test vectors pass validation
  • Verify timestamp verification fails for non-qualified TSA providers