5e514532df
- Added IIssuerDirectory interface for managing VEX document issuers, including methods for registration, revocation, and trust validation. - Created InMemoryIssuerDirectory class as an in-memory implementation of IIssuerDirectory for testing and single-instance deployments. - Introduced ISignatureVerifier interface for verifying signatures on VEX documents, with support for multiple signature formats. - Developed SignatureVerifier class as the default implementation of ISignatureVerifier, allowing extensibility for different signature formats. - Implemented handlers for DSSE and JWS signature formats, including methods for verification and signature extraction. - Defined various records and enums for issuer and signature metadata, enhancing the structure and clarity of the verification process.
53 lines
1.8 KiB
C#
53 lines
1.8 KiB
C#
namespace StellaOps.Policy.Engine.AirGap;
|
|
|
|
/// <summary>
|
|
/// Service for managing sealed-mode operations for policy packs per CONTRACT-SEALED-MODE-004.
|
|
/// </summary>
|
|
public interface ISealedModeService
|
|
{
|
|
/// <summary>
|
|
/// Gets whether the environment is currently sealed.
|
|
/// </summary>
|
|
bool IsSealed { get; }
|
|
|
|
/// <summary>
|
|
/// Gets the current sealed state for a tenant.
|
|
/// </summary>
|
|
Task<PolicyPackSealedState> GetStateAsync(string tenantId, CancellationToken cancellationToken = default);
|
|
|
|
/// <summary>
|
|
/// Gets the sealed status with staleness evaluation.
|
|
/// </summary>
|
|
Task<SealedStatusResponse> GetStatusAsync(string tenantId, CancellationToken cancellationToken = default);
|
|
|
|
/// <summary>
|
|
/// Seals the environment for a tenant.
|
|
/// </summary>
|
|
Task<SealResponse> SealAsync(string tenantId, SealRequest request, CancellationToken cancellationToken = default);
|
|
|
|
/// <summary>
|
|
/// Unseals the environment for a tenant.
|
|
/// </summary>
|
|
Task<SealResponse> UnsealAsync(string tenantId, CancellationToken cancellationToken = default);
|
|
|
|
/// <summary>
|
|
/// Evaluates staleness for the current time anchor.
|
|
/// </summary>
|
|
Task<StalenessEvaluation?> EvaluateStalenessAsync(string tenantId, CancellationToken cancellationToken = default);
|
|
|
|
/// <summary>
|
|
/// Enforces sealed-mode constraints for bundle import operations.
|
|
/// </summary>
|
|
Task<SealedModeEnforcementResult> EnforceBundleImportAsync(
|
|
string tenantId,
|
|
string bundlePath,
|
|
CancellationToken cancellationToken = default);
|
|
|
|
/// <summary>
|
|
/// Verifies a bundle against trust roots.
|
|
/// </summary>
|
|
Task<BundleVerifyResponse> VerifyBundleAsync(
|
|
BundleVerifyRequest request,
|
|
CancellationToken cancellationToken = default);
|
|
}
|