36 lines
3.2 KiB
Markdown
36 lines
3.2 KiB
Markdown
# eIDAS Qualified Timestamping
|
|
|
|
## Module
|
|
Cryptography
|
|
|
|
## Status
|
|
IMPLEMENTED
|
|
|
|
## Description
|
|
EU-qualified timestamp verification with TSA configuration, EU Trust List integration, and CAdES signature building for eIDAS compliance.
|
|
|
|
## Implementation Details
|
|
- **EidasPlugin**: `src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/EidasPlugin.cs` -- eIDAS crypto provider plugin extending CryptoPluginBase
|
|
- **QualifiedTimestampVerifier**: `src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/QualifiedTimestampVerifier.cs` -- verifies RFC 3161 timestamps from EU-qualified TSAs against the EU Trust List
|
|
- **IQualifiedTimestampVerifier**: `src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/IQualifiedTimestampVerifier.cs` -- verification interface
|
|
- **EuTrustListService**: `src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/EuTrustListService.cs` -- fetches and caches the EU Trusted List of TSA providers for validation
|
|
- **IEuTrustListService**: `src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/IEuTrustListService.cs` -- trust list interface
|
|
- **TimestampModeSelector**: `src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/TimestampModeSelector.cs` -- selects between qualified and standard timestamping based on configuration and TSA availability
|
|
- **ITimestampModeSelector**: `src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/ITimestampModeSelector.cs` -- mode selection interface
|
|
- **CadesSignatureBuilder**: `src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/CadesSignatureBuilder.cs` -- builds CAdES (CMS Advanced Electronic Signatures) signatures with embedded timestamps per EU regulation requirements
|
|
- **ICadesSignatureBuilder**: `src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/ICadesSignatureBuilder.cs` -- CAdES builder interface
|
|
- **QualifiedTsaConfiguration**: `src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/QualifiedTsaConfiguration.cs` -- TSA endpoint URL, authentication, certificate chain configuration
|
|
- **EidasTimestampingExtensions**: `src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/EidasTimestampingExtensions.cs` -- DI registration extensions for eIDAS timestamping services
|
|
- **EtsiConformanceTestVectors**: `src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Tests/EtsiConformanceTestVectors.cs` -- ETSI conformance test vectors
|
|
- **Tests**: `src/Cryptography/__Tests/StellaOps.Cryptography.Tests/Eidas/QualifiedTsaProviderTests.cs`, `TimestampModeSelectorTests.cs`
|
|
- **Source**: Feature matrix scan
|
|
|
|
## E2E Test Plan
|
|
- [ ] Verify qualified timestamp verification validates RFC 3161 timestamp against EU Trust List
|
|
- [ ] Test timestamp mode selector chooses qualified mode when TSA is available and standard mode as fallback
|
|
- [ ] Verify CAdES signature builder produces valid CMS Advanced Electronic Signatures with embedded timestamps
|
|
- [ ] Test EU Trust List service fetches and caches TSA provider list
|
|
- [ ] Verify QualifiedTsaConfiguration validates TSA endpoint URL and certificate chain
|
|
- [ ] Test ETSI conformance test vectors pass validation
|
|
- [ ] Verify timestamp verification fails for non-qualified TSA providers
|