cef4cb2c5a
- Implemented the GostKeyValue class for handling public key parameters in ГОСТ Р 34.10 digital signatures. - Created the GostSignedXml class to manage XML signatures using ГОСТ 34.10, including methods for computing and checking signatures. - Developed the GostSignedXmlImpl class to encapsulate the signature computation logic and public key retrieval. - Added specific key value classes for ГОСТ Р 34.10-2001, ГОСТ Р 34.10-2012/256, and ГОСТ Р 34.10-2012/512 to support different signature algorithms. - Ensured compatibility with existing XML signature standards while integrating ГОСТ cryptography.
24 lines
4.1 KiB
Markdown
24 lines
4.1 KiB
Markdown
# Sprint 510 - Ops & Offline · 190.E) AirGap
|
|
|
|
Active items only. Completed/historic work now resides in docs/implplan/archived/tasks.md (updated 2025-11-08).
|
|
|
|
[Ops & Offline] 190.E) AirGap
|
|
Depends on: Sprint 100.A - Attestor, Sprint 110.A - AdvisoryAI, Sprint 120.A - AirGap, Sprint 130.A - Scanner, Sprint 140.A - Graph, Sprint 150.A - Orchestrator, Sprint 160.A - EvidenceLocker, Sprint 170.A - Notifier, Sprint 180.A - Cli
|
|
Summary: Ops & Offline focus on AirGap).
|
|
Task ID | State | Task description | Owners (Source)
|
|
--- | --- | --- | ---
|
|
AIRGAP-CTL-56-001 | TODO | Implement `airgap_state` persistence, seal/unseal state machine, and Authority scope checks (`airgap:seal`, `airgap:status:read`). | AirGap Controller Guild (src/AirGap/StellaOps.AirGap.Controller)
|
|
AIRGAP-CTL-56-002 | TODO | Expose `GET /system/airgap/status`, `POST /system/airgap/seal`, integrate policy hash validation, and return staleness/time anchor placeholders. Dependencies: AIRGAP-CTL-56-001. | AirGap Controller Guild, DevOps Guild (src/AirGap/StellaOps.AirGap.Controller)
|
|
AIRGAP-CTL-57-001 | TODO | Add startup diagnostics that block application run when sealed flag set but egress policies missing; emit audit + telemetry. Dependencies: AIRGAP-CTL-56-002. | AirGap Controller Guild (src/AirGap/StellaOps.AirGap.Controller)
|
|
AIRGAP-CTL-57-002 | TODO | Instrument seal/unseal events with trace/log fields and timeline emission (`airgap.sealed`, `airgap.unsealed`). Dependencies: AIRGAP-CTL-57-001. | AirGap Controller Guild, Observability Guild (src/AirGap/StellaOps.AirGap.Controller)
|
|
AIRGAP-CTL-58-001 | TODO | Persist time anchor metadata, compute drift seconds, and surface staleness budgets in status API. Dependencies: AIRGAP-CTL-57-002. | AirGap Controller Guild, AirGap Time Guild (src/AirGap/StellaOps.AirGap.Controller)
|
|
AIRGAP-IMP-56-001 | TODO | Implement DSSE verification helpers, TUF metadata parser (`root.json`, `snapshot.json`, `timestamp.json`), and Merkle root calculator. | AirGap Importer Guild (src/AirGap/StellaOps.AirGap.Importer)
|
|
AIRGAP-IMP-56-002 | TODO | Introduce root rotation policy validation (dual approval) and signer trust store management. Dependencies: AIRGAP-IMP-56-001. | AirGap Importer Guild, Security Guild (src/AirGap/StellaOps.AirGap.Importer)
|
|
AIRGAP-IMP-57-001 | TODO | Write `bundle_catalog` and `bundle_items` repositories with RLS + deterministic migrations. Dependencies: AIRGAP-IMP-56-002. | AirGap Importer Guild (src/AirGap/StellaOps.AirGap.Importer)
|
|
AIRGAP-IMP-57-002 | TODO | Implement object-store loader storing artifacts under tenant/global mirror paths with Zstandard decompression and checksum validation. Dependencies: AIRGAP-IMP-57-001. | AirGap Importer Guild, DevOps Guild (src/AirGap/StellaOps.AirGap.Importer)
|
|
AIRGAP-IMP-58-001 | TODO | Implement API (`POST /airgap/import`, `/airgap/verify`) and CLI commands wiring verification + catalog updates, including diff preview. Dependencies: AIRGAP-IMP-57-002. | AirGap Importer Guild, CLI Guild (src/AirGap/StellaOps.AirGap.Importer)
|
|
AIRGAP-IMP-58-002 | TODO | Emit timeline events (`airgap.import.started. Dependencies: AIRGAP-IMP-58-001. | AirGap Importer Guild, Observability Guild (src/AirGap/StellaOps.AirGap.Importer)
|
|
AIRGAP-TIME-57-001 | TODO | Implement signed time token parser (Roughtime/RFC3161), verify signatures against bundle trust roots, and expose normalized anchor representation. | AirGap Time Guild (src/AirGap/StellaOps.AirGap.Time)
|
|
AIRGAP-TIME-57-002 | TODO | Add telemetry counters for time anchors (`airgap_time_anchor_age_seconds`) and alerts for approaching thresholds. Dependencies: AIRGAP-TIME-57-001. | AirGap Time Guild, Observability Guild (src/AirGap/StellaOps.AirGap.Time)
|
|
AIRGAP-TIME-58-001 | TODO | Persist drift baseline, compute per-content staleness (advisories, VEX, policy) based on bundle metadata, and surface through controller status API. Dependencies: AIRGAP-TIME-57-002. | AirGap Time Guild (src/AirGap/StellaOps.AirGap.Time)
|
|
AIRGAP-TIME-58-002 | TODO | Emit notifications and timeline events when staleness budgets breached or approaching. Dependencies: AIRGAP-TIME-58-001. | AirGap Time Guild, Notifications Guild (src/AirGap/StellaOps.AirGap.Time) |