stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
9ca2de05dff9c7db11eb49df6d4e47bbfe7a99f6
git.stella-ops.org/docs/implplan-blocked/audits/csproj-standards/Cryptography/StellaOps.Cryptography.Plugin.Eidas/StellaOps.Cryptography.Plugin.Eidas.md

3.1 KiB
Raw Blame History

Audit - StellaOps.Cryptography.Plugin.Eidas

Project

  • Path: src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/StellaOps.Cryptography.Plugin.Eidas.csproj
  • Module: Cryptography
  • Kind: Plugin
  • SDK: Microsoft.NET.Sdk
  • TargetFramework: net10.0
  • Audit date (UTC): 2026-01-30

Coding Standards Findings

  • Status: FAIL
  • Nullable: enable
  • TreatWarningsAsErrors: explicit true
  • Deterministic: inherited true
  • 100-line rule violations: 12
  • Service locator usage (BuildServiceProvider/GetService): 3
  • Analyzer enforcement: missing repo-wide (see summary).

Details

  • 100-line files:
    • src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/EidasPlugin.cs (517 lines)
    • src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/EuTrustListService.cs (405 lines)
    • src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/QualifiedTimestampVerifier.cs (403 lines)
    • src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/CadesSignatureBuilder.cs (318 lines)
    • src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/QualifiedTsaConfiguration.cs (257 lines)
    • src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/TimestampModeSelector.cs (216 lines)
    • src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/IQualifiedTimestampVerifier.cs (214 lines)
    • src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/ICadesSignatureBuilder.cs (210 lines)
    • src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Tests/EtsiConformanceTestVectors.cs (189 lines)
    • src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/IEuTrustListService.cs (181 lines)
    • src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/EidasTimestampingExtensions.cs (145 lines)
    • src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/Timestamping/ITimestampModeSelector.cs (103 lines)
  • Service locator matches:
    • src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/EidasPlugin.cs:76 _cadesBuilder = context.Services.GetService();
    • src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/EidasPlugin.cs:77 _timestampModeSelector = context.Services.GetService();
    • src/Cryptography/StellaOps.Cryptography.Plugin.Eidas/EidasPlugin.cs:78 _timestampVerifier = context.Services.GetService();

Fix Guidance

  • Split files over 100 lines into smaller types or partials.
  • Replace service locator usage with constructor injection.

Testing Fullness Findings

  • Status: FAIL
  • Expected layers: Unit, Integration, Security, Offline
  • Detected test projects: src/__Libraries/StellaOps.Cryptography.Plugin.EIDAS.Tests/StellaOps.Cryptography.Plugin.EIDAS.Tests.csproj [Unit]
  • Missing layers: Integration, Security, Offline

Manual checks required

  • Observability contract tests for WebService/Worker.
  • Offline execution (tests must run without network access).

Fix Guidance

  • Add integration tests for cross-component flows.
  • Add security tests for authn/authz or input validation.
  • Add offline/airgap coverage with fixtures only.