59 lines
2.0 KiB
C#
59 lines
2.0 KiB
C#
using System;
|
|
using static StellaOps.Localization.T;
|
|
|
|
namespace StellaOps.Configuration;
|
|
|
|
public sealed class AuthoritySealedModeOptions
|
|
{
|
|
private static readonly TimeSpan _defaultMaxEvidenceAge = TimeSpan.FromHours(6);
|
|
private static readonly TimeSpan _defaultCacheLifetime = TimeSpan.FromMinutes(1);
|
|
|
|
/// <summary>
|
|
/// Enables sealed-mode enforcement for clients that declare the requirement.
|
|
/// </summary>
|
|
public bool EnforcementEnabled { get; set; }
|
|
|
|
/// <summary>
|
|
/// Path to the latest authority-sealed-ci.json artefact emitted by sealed-mode CI.
|
|
/// </summary>
|
|
public string EvidencePath { get; set; } = "artifacts/sealed-mode-ci/latest/authority-sealed-ci.json";
|
|
|
|
/// <summary>
|
|
/// Maximum age accepted for the sealed evidence document.
|
|
/// </summary>
|
|
public TimeSpan MaxEvidenceAge { get; set; } = _defaultMaxEvidenceAge;
|
|
|
|
/// <summary>
|
|
/// Cache lifetime for parsed evidence to avoid re-reading the artefact on every request.
|
|
/// </summary>
|
|
public TimeSpan CacheLifetime { get; set; } = _defaultCacheLifetime;
|
|
|
|
public bool RequireAuthorityHealthPass { get; set; } = true;
|
|
public bool RequireSignerHealthPass { get; set; } = true;
|
|
public bool RequireAttestorHealthPass { get; set; } = true;
|
|
public bool RequireEgressProbePass { get; set; } = true;
|
|
|
|
internal void Validate()
|
|
{
|
|
if (!EnforcementEnabled)
|
|
{
|
|
return;
|
|
}
|
|
|
|
if (string.IsNullOrWhiteSpace(EvidencePath))
|
|
{
|
|
throw new InvalidOperationException(_t("config.sealed_mode.evidence_path_required"));
|
|
}
|
|
|
|
if (MaxEvidenceAge <= TimeSpan.Zero || MaxEvidenceAge > TimeSpan.FromDays(7))
|
|
{
|
|
throw new InvalidOperationException(_t("config.sealed_mode.max_age_range"));
|
|
}
|
|
|
|
if (CacheLifetime <= TimeSpan.Zero || CacheLifetime > MaxEvidenceAge)
|
|
{
|
|
throw new InvalidOperationException(_t("config.sealed_mode.cache_lifetime_range"));
|
|
}
|
|
}
|
|
}
|