367 lines
33 KiB
JSON
367 lines
33 KiB
JSON
{
|
|
"_meta": {
|
|
"locale": "de-DE",
|
|
"namespace": "common",
|
|
"version": "1.0"
|
|
},
|
|
"common.error.generic": "Something went wrong.",
|
|
"common.error.not_found": "Die angeforderte Ressource wurde nicht gefunden.",
|
|
"common.error.entity_not_found": "{0} \u0027{1}\u0027 not found.",
|
|
"common.error.unauthorized": "Sie sind nicht berechtigt, diese Aktion auszufuehren.",
|
|
"common.error.forbidden": "Access denied.",
|
|
"common.error.bad_request": "The request is invalid.",
|
|
"common.error.conflict": "A conflict occurred. The resource may have been modified.",
|
|
"common.error.timeout": "Request timed out after {0} seconds.",
|
|
"common.error.server_error": "Ein interner Serverfehler ist aufgetreten. Bitte spaeter erneut versuchen.",
|
|
"common.error.service_unavailable": "The service is temporarily unavailable.",
|
|
"common.error.too_many_requests": "Zu viele Anfragen. Bitte warten und erneut versuchen.",
|
|
"common.error.network": "Network error. Check your connection.",
|
|
"common.error.body_required": "Anfrageinhalt ist erforderlich.",
|
|
"common.error.deserialization_failed": "Failed to deserialize {0}.",
|
|
"common.error.not_supported": "{0} is not supported.",
|
|
"common.error.already_exists": "{0} \u0027{1}\u0027 already exists.",
|
|
"common.error.revoked": "{0} \u0027{1}\u0027 has been revoked and cannot be used.",
|
|
"common.error.state_invalid": "{0} \u0027{1}\u0027 is not in the expected state. Current state: {2}",
|
|
"common.validation.required": "{0} is required.",
|
|
"common.validation.invalid": "{0} is invalid.",
|
|
"common.validation.too_long": "{0} exceeds the maximum length of {1} characters.",
|
|
"common.validation.too_short": "{0} must be at least {1} characters.",
|
|
"common.validation.out_of_range": "{0} must be between {1} and {2}.",
|
|
"common.validation.invalid_format": "{0} has an invalid format.",
|
|
"common.validation.duplicate": "{0} already exists.",
|
|
"common.validation.empty_not_allowed": "{0} must not be empty.",
|
|
"common.validation.empty_after_trim": "{0} must not be empty after trimming.",
|
|
"common.validation.greater_than_zero": "{0} must be greater than zero.",
|
|
"common.validation.non_negative": "{0} must be non-negative.",
|
|
"common.validation.at_least_one": "At least one {0} must be configured.",
|
|
"common.validation.at_least_n": "{0} must have at least {1} entries.",
|
|
"common.validation.null_or_empty": "{0} cannot be null or empty.",
|
|
"common.validation.absolute_uri": "{0} must be an absolute URI.",
|
|
"common.validation.invalid_regex": "{0} \u0027{1}\u0027 is not a valid regular expression.",
|
|
"common.validation.unknown_value": "{0} \u0027{1}\u0027 is not recognized. Allowed values: {2}",
|
|
"common.validation.max_exceeded": "{0} must be {1} characters or fewer.",
|
|
"common.actions.save": "Save",
|
|
"common.actions.cancel": "Cancel",
|
|
"common.actions.delete": "Delete",
|
|
"common.actions.confirm": "Confirm",
|
|
"common.actions.submit": "Submit",
|
|
"common.actions.close": "Close",
|
|
"common.actions.retry": "Retry",
|
|
"common.actions.expand": "Expand",
|
|
"common.actions.collapse": "Collapse",
|
|
"common.actions.show_more": "Show more",
|
|
"common.actions.show_less": "Show less",
|
|
"common.status.healthy": "Healthy",
|
|
"common.status.degraded": "Degraded",
|
|
"common.status.unavailable": "Unavailable",
|
|
"common.status.unknown": "Unknown",
|
|
"common.status.active": "Active",
|
|
"common.status.inactive": "Inactive",
|
|
"common.status.pending": "Pending",
|
|
"common.status.running": "Running",
|
|
"common.status.completed": "Completed",
|
|
"common.status.failed": "Failed",
|
|
"common.status.canceled": "Canceled",
|
|
"common.status.blocked": "Blocked",
|
|
"common.severity.critical": "Critical",
|
|
"common.severity.high": "High",
|
|
"common.severity.medium": "Medium",
|
|
"common.severity.low": "Low",
|
|
"common.severity.info": "Info",
|
|
"common.severity.none": "None",
|
|
"common.time.seconds_ago": "{0} seconds ago",
|
|
"common.time.minutes_ago": "{0} minutes ago",
|
|
"common.time.hours_ago": "{0} hours ago",
|
|
"common.time.days_ago": "{0} days ago",
|
|
"common.time.just_now": "Just now",
|
|
"common.ui.loading": "Loading...",
|
|
"common.ui.saving": "Saving...",
|
|
"common.ui.deleting": "Deleting...",
|
|
"common.ui.submitting": "Submitting...",
|
|
"common.ui.no_results": "No results found.",
|
|
"common.ui.offline": "You are offline.",
|
|
"common.ui.reconnecting": "Reconnecting...",
|
|
"common.ui.back_online": "Back online.",
|
|
"auth.dpop.proof_lifetime_invalid": "DPoP proof lifetime must be greater than zero.",
|
|
"auth.dpop.clock_skew_invalid": "DPoP allowed clock skew must be between 0 seconds and 5 minutes.",
|
|
"auth.dpop.replay_window_invalid": "DPoP replay window must be greater than or equal to zero.",
|
|
"auth.dpop.algorithm_required": "At least one allowed DPoP algorithm must be configured.",
|
|
"auth.dpop.algorithm_empty_after_normalization": "Allowed DPoP algorithms cannot be empty after normalization.",
|
|
"auth.dpop.options_required": "DPoP options must be provided.",
|
|
"auth.dpop.nonce_ttl_invalid": "Nonce TTL must be greater than zero.",
|
|
"auth.dpop.nonce_max_issuance_invalid": "Max issuance per minute must be at least 1.",
|
|
"auth.dpop.nonce_store_required": "Dpop.Nonce.Store must be specified.",
|
|
"auth.dpop.nonce_store_invalid": "Dpop.Nonce.Store must be either \u0027memory\u0027 or \u0027redis\u0027.",
|
|
"auth.dpop.nonce_redis_required": "Dpop.Nonce.RedisConnectionString must be provided when using the \u0027redis\u0027 store.",
|
|
"auth.dpop.nonce_audiences_required": "Dpop.Nonce.RequiredAudiences must include at least one audience.",
|
|
"auth.dpop.token_three_segments": "Token must contain three segments.",
|
|
"auth.dpop.segment_out_of_range": "Segment index out of range.",
|
|
"auth.dpop.header_decode_failed": "Unable to decode header.",
|
|
"auth.dpop.header_missing_typ": "DPoP proof missing typ=dpop+jwt header.",
|
|
"auth.dpop.header_missing_alg": "DPoP proof missing alg header.",
|
|
"auth.dpop.header_unsupported_alg": "Unsupported DPoP algorithm.",
|
|
"auth.dpop.header_missing_jwk": "DPoP proof missing jwk header.",
|
|
"auth.dpop.header_invalid_jwk": "DPoP proof jwk header is invalid.",
|
|
"auth.dpop.payload_decode_failed": "Unable to decode payload.",
|
|
"auth.dpop.payload_missing_htm": "DPoP proof missing htm claim.",
|
|
"auth.dpop.payload_htm_mismatch": "DPoP htm does not match request method.",
|
|
"auth.dpop.payload_missing_htu": "DPoP proof missing htu claim.",
|
|
"auth.dpop.payload_htu_mismatch": "DPoP htu does not match request URI.",
|
|
"auth.dpop.payload_missing_iat": "DPoP proof missing iat claim.",
|
|
"auth.dpop.payload_missing_jti": "DPoP proof missing jti claim.",
|
|
"auth.dpop.payload_iat_invalid": "DPoP proof iat claim is not a valid number.",
|
|
"auth.dpop.nonce_missing": "DPoP proof missing nonce claim.",
|
|
"auth.dpop.nonce_mismatch": "DPoP nonce mismatch.",
|
|
"auth.dpop.proof_future": "DPoP proof issued in the future.",
|
|
"auth.dpop.proof_expired": "DPoP proof expired.",
|
|
"auth.dpop.signature_failed": "DPoP proof signature validation failed.",
|
|
"auth.dpop.replay_detected": "DPoP proof already used.",
|
|
"config.authority.schema_version_required": "Authority configuration requires a positive schemaVersion.",
|
|
"config.authority.issuer_required": "Authority configuration requires an issuer URL.",
|
|
"config.authority.issuer_absolute": "Authority issuer must be an absolute URI.",
|
|
"config.authority.issuer_https": "Authority issuer must use HTTPS unless running on a loopback interface.",
|
|
"config.authority.duplicate_tenant": "Authority configuration contains duplicate tenant identifier \u0027{0}\u0027.",
|
|
"config.authority.property_greater_than_zero": "Authority configuration requires {0} to be greater than zero.",
|
|
"config.authority.property_max": "Authority configuration requires {0} to be less than or equal to {1}.",
|
|
"config.authority.remote_inference_required": "Authority configuration requires at least one advisory AI remote inference profile when remote inference is enabled.",
|
|
"config.tenant.id_required": "Each tenant requires an id (slug).",
|
|
"config.tenant.id_format": "Tenant id \u0027{0}\u0027 must contain only lowercase letters, digits, and hyphen.",
|
|
"config.tenant.project_format": "Tenant \u0027{0}\u0027 defines project \u0027{1}\u0027 which must contain only lowercase letters, digits, and hyphen.",
|
|
"config.tenant.role_missing_config": "Tenant \u0027{0}\u0027 defines role \u0027{1}\u0027 without configuration.",
|
|
"config.tenant.role_scope_required": "Tenant \u0027{0}\u0027 role \u0027{1}\u0027 must specify at least one scope.",
|
|
"config.tenant.role_unknown_scope": "Tenant \u0027{0}\u0027 role \u0027{1}\u0027 references unknown scope \u0027{2}\u0027.",
|
|
"config.tenant.role_unsupported_attribute": "Tenant \u0027{0}\u0027 role \u0027{1}\u0027 defines unsupported attribute \u0027{2}\u0027. Allowed attributes: env, owner, business_tier.",
|
|
"config.tenant.delegation_max_tokens": "Tenant \u0027{0}\u0027 delegation maxActiveTokens must be greater than zero when specified.",
|
|
"config.tenant.remote_inference_disabled": "Tenant remote inference consent cannot be granted when remote inference is disabled.",
|
|
"config.tenant.remote_inference_consent_version_length": "Tenant remote inference consentVersion must be {0} characters or fewer.",
|
|
"config.tenant.remote_inference_consented_by_length": "Tenant remote inference consentedBy must be {0} characters or fewer.",
|
|
"config.tenant.remote_inference_consent_version_required": "Tenant remote inference consent requires consentVersion when consentGranted is true.",
|
|
"config.tenant.remote_inference_consented_at_required": "Tenant remote inference consent requires consentedAt when consentGranted is true.",
|
|
"config.service_account.id_required": "Delegation service account seeds require an accountId.",
|
|
"config.service_account.id_format": "Service account id \u0027{0}\u0027 must contain lowercase letters, digits, colon, underscore, or hyphen.",
|
|
"config.service_account.tenant_required": "Service account \u0027{0}\u0027 requires a tenant assignment.",
|
|
"config.service_account.tenant_unknown": "Service account \u0027{0}\u0027 references unknown tenant \u0027{1}\u0027.",
|
|
"config.service_account.scope_required": "Service account \u0027{0}\u0027 must specify at least one allowed scope.",
|
|
"config.service_account.unsupported_attribute": "Service account \u0027{0}\u0027 defines unsupported attribute \u0027{1}\u0027. Allowed attributes: env, owner, business_tier.",
|
|
"config.plugin.assembly_required": "Authority plugin \u0027{0}\u0027 must define either assemblyName or assemblyPath.",
|
|
"config.plugin.config_file_required": "Authority plugin \u0027{0}\u0027 must define a configFile.",
|
|
"config.plugin.config_file_missing": "Authority plugin \u0027{0}\u0027 specifies configFile \u0027{1}\u0027 which does not exist.",
|
|
"config.plugin.unknown_capability": "Authority plugin \u0027{0}\u0027 declares unknown capability \u0027{1}\u0027. Allowed values: password, mfa, clientProvisioning, bootstrap.",
|
|
"config.plugin.descriptor_null": "Authority plugin descriptor \u0027{0}\u0027 is null.",
|
|
"config.delegation.duplicate_account": "Delegation configuration contains duplicate service account id \u0027{0}\u0027.",
|
|
"config.delegation.quota_max_tokens": "Authority delegation configuration requires {0}.MaxActiveTokens to be greater than zero.",
|
|
"config.mtls.rotation_grace_negative": "Mtls.RotationGrace must be non-negative.",
|
|
"config.mtls.audiences_required": "Mtls.EnforceForAudiences must include at least one audience when enabled.",
|
|
"config.mtls.ca_empty": "Mtls.AllowedCertificateAuthorities entries must not be empty.",
|
|
"config.mtls.san_types_required": "Mtls.AllowedSanTypes must include at least one entry when enabled.",
|
|
"config.mtls.subject_patterns_empty": "Mtls.AllowedSubjectPatterns entries must not be empty.",
|
|
"config.mtls.subject_pattern_invalid": "Mtls.AllowedSubjectPatterns entry \u0027{0}\u0027 is not a valid regular expression.",
|
|
"config.signing.key_id_required": "Authority signing configuration requires signing.activeKeyId.",
|
|
"config.signing.key_path_required": "Authority signing configuration requires signing.keyPath.",
|
|
"config.signing.jwks_cache_range": "Authority signing configuration requires signing.jwksCacheLifetime to be between 00:00:01 and 01:00:00.",
|
|
"config.signing.additional_key_id_required": "Additional signing keys require a keyId.",
|
|
"config.signing.additional_key_path_required": "Signing key \u0027{0}\u0027 requires a path.",
|
|
"config.bootstrap.api_key_required": "Authority bootstrap configuration requires an API key when enabled.",
|
|
"config.bootstrap.idp_required": "Authority bootstrap configuration requires a default identity provider name when enabled.",
|
|
"config.rate_limit.permit_limit": "Authority rate limiting \u0027{0}\u0027 requires permitLimit to be greater than zero.",
|
|
"config.rate_limit.queue_limit": "Authority rate limiting \u0027{0}\u0027 queueLimit cannot be negative.",
|
|
"config.rate_limit.window": "Authority rate limiting \u0027{0}\u0027 window must be greater than zero and no more than one hour.",
|
|
"config.storage.connection_required": "Authority storage requires a connection string.",
|
|
"config.storage.timeout_invalid": "Authority storage command timeout must be greater than zero.",
|
|
"config.ack_token.payload_type_required": "notifications.ackTokens.payloadType must be specified when ack tokens are enabled.",
|
|
"config.ack_token.default_lifetime_invalid": "notifications.ackTokens.defaultLifetime must be greater than zero.",
|
|
"config.ack_token.max_lifetime_invalid": "notifications.ackTokens.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
|
|
"config.ack_token.key_id_required": "notifications.ackTokens.activeKeyId must be provided when ack tokens are enabled.",
|
|
"config.ack_token.key_path_required": "notifications.ackTokens.keyPath must be provided when ack tokens are enabled.",
|
|
"config.ack_token.jwks_cache_range": "notifications.ackTokens.jwksCacheLifetime must be between 00:00:01 and 01:00:00.",
|
|
"config.exceptions.null_template": "Authority exception routing template entries must not be null.",
|
|
"config.exceptions.duplicate_template": "Authority exception routing template \u0027{0}\u0027 is configured more than once.",
|
|
"config.exceptions.template_id_required": "Authority exception routing templates require an id.",
|
|
"config.exceptions.template_route_required": "Authority exception routing template \u0027{0}\u0027 requires authorityRouteId.",
|
|
"config.sealed_mode.evidence_path_required": "AirGap.SealedMode.EvidencePath must be provided when enforcement is enabled.",
|
|
"config.sealed_mode.max_age_range": "AirGap.SealedMode.MaxEvidenceAge must be between 00:00:01 and 7.00:00:00.",
|
|
"config.sealed_mode.cache_lifetime_range": "AirGap.SealedMode.CacheLifetime must be greater than zero and less than or equal to AirGap.SealedMode.MaxEvidenceAge.",
|
|
"config.webhook.hosts_required": "notifications.webhooks.allowedHosts must include at least one host when enabled.",
|
|
"config.escalation.scope_required": "notifications.escalation.scope must be specified.",
|
|
"config.anti_forgery.audience_required": "vulnerabilityExplorer.workflow.antiForgery.audience must be specified when anti-forgery tokens are enabled.",
|
|
"config.anti_forgery.default_lifetime_invalid": "vulnerabilityExplorer.workflow.antiForgery.defaultLifetime must be greater than zero.",
|
|
"config.anti_forgery.max_lifetime_invalid": "vulnerabilityExplorer.workflow.antiForgery.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
|
|
"config.anti_forgery.max_context_entries": "vulnerabilityExplorer.workflow.antiForgery.maxContextEntries must be non-negative.",
|
|
"config.anti_forgery.max_context_value_length": "vulnerabilityExplorer.workflow.antiForgery.maxContextValueLength must be greater than zero.",
|
|
"config.attachment.default_lifetime_invalid": "vulnerabilityExplorer.attachments.defaultLifetime must be greater than zero when attachment tokens are enabled.",
|
|
"config.attachment.max_lifetime_invalid": "vulnerabilityExplorer.attachments.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
|
|
"config.attachment.payload_type_required": "vulnerabilityExplorer.attachments.payloadType must be specified when attachment tokens are enabled.",
|
|
"config.attachment.max_metadata_entries": "vulnerabilityExplorer.attachments.maxMetadataEntries must be non-negative.",
|
|
"config.attachment.max_metadata_value_length": "vulnerabilityExplorer.attachments.maxMetadataValueLength must be greater than zero.",
|
|
"config.api_lifecycle.sunset_after_deprecation": "Legacy auth sunset date must be after the deprecation date.",
|
|
"config.api_lifecycle.docs_url_format": "Legacy auth documentation URL must be an absolute HTTP or HTTPS URL.",
|
|
"crypto.provider.algorithm_not_supported": "Signing algorithm \u0027{0}\u0027 is not supported by provider \u0027{1}\u0027.",
|
|
"crypto.provider.hash_not_supported": "Hash algorithm \u0027{0}\u0027 is not supported by provider \u0027{1}\u0027.",
|
|
"crypto.provider.verify_not_supported": "Verification algorithm \u0027{0}\u0027 is not supported by provider \u0027{1}\u0027.",
|
|
"crypto.provider.key_not_registered": "Signing key \u0027{0}\u0027 is not registered with provider \u0027{1}\u0027.",
|
|
"crypto.provider.key_algorithm_mismatch": "Signing key \u0027{0}\u0027 is registered for algorithm \u0027{1}\u0027, not \u0027{2}\u0027.",
|
|
"crypto.provider.ec_keys_only": "Provider \u0027{0}\u0027 only accepts EC signing keys.",
|
|
"crypto.provider.no_password_hashing": "Provider \u0027{0}\u0027 does not expose password hashing capabilities.",
|
|
"crypto.provider.no_content_hashing": "Provider \u0027{0}\u0027 does not support content hashing.",
|
|
"crypto.provider.no_ephemeral_verification": "Provider \u0027{0}\u0027 does not support ephemeral verification.",
|
|
"crypto.provider.not_signing_capable": "Signing algorithm \u0027{0}\u0027 is not supported by provider \u0027{1}\u0027.",
|
|
"crypto.provider.es256_only": "Only ES256 signing keys are currently supported by provider \u0027{0}\u0027.",
|
|
"crypto.provider.p256_required": "ES256 signing keys must use the NIST P-256 curve.",
|
|
"crypto.provider.curve_mismatch": "Signing key curve mismatch. Expected curve \u0027{0}\u0027 for algorithm \u0027{1}\u0027.",
|
|
"crypto.registry.empty": "At least one crypto provider must be registered.",
|
|
"crypto.registry.algorithm_required": "Algorithm identifier is required.",
|
|
"crypto.registry.signing_not_supported": "Signing algorithm \u0027{0}\u0027 is not supported by any registered provider.",
|
|
"crypto.registry.hash_not_supported": "Hash algorithm \u0027{0}\u0027 is not supported by any registered provider.",
|
|
"crypto.registry.verify_not_supported": "Verification algorithm \u0027{0}\u0027 is not supported by any registered provider.",
|
|
"crypto.registry.active_profile_required": "Active profile is required.",
|
|
"crypto.registry.profile_not_found": "Profile ID \u0027{0}\u0027 is not found in the registry.",
|
|
"crypto.registry.profile_id_required": "Profile ID cannot be null or empty.",
|
|
"crypto.key.algorithm_required": "Algorithm identifier is required.",
|
|
"crypto.key.private_scalar_required": "Private key parameters must include the scalar component.",
|
|
"crypto.key.verification_only": "This constructor is only for verification-only keys. Set verificationOnly to true.",
|
|
"crypto.key.public_xy_required": "Public key parameters must include X and Y coordinates.",
|
|
"crypto.key.private_material_required": "Private key material must be provided.",
|
|
"crypto.hash.algorithm_unsupported": "Unsupported hash algorithm \u0027{0}\u0027.",
|
|
"crypto.hash.purpose_required": "Purpose cannot be null or empty.",
|
|
"crypto.hmac.algorithm_unknown": "Unknown HMAC algorithm \u0027{0}\u0027.",
|
|
"crypto.hmac.algorithm_unsupported": "Unsupported HMAC algorithm \u0027{0}\u0027.",
|
|
"crypto.ecdsa.algorithm_unsupported": "Unsupported ECDSA signing algorithm \u0027{0}\u0027.",
|
|
"crypto.ecdsa.curve_unsupported": "Unsupported ECDSA curve mapping for algorithm \u0027{0}\u0027.",
|
|
"crypto.digest.required": "Digest is required.",
|
|
"crypto.digest.prefix_required": "{0} must start with \u0027{1}\u0027.",
|
|
"crypto.digest.algorithm_unsupported": "Unsupported digest algorithm in \u0027{0}\u0027. Only sha256 is supported.",
|
|
"crypto.digest.hex_length": "{0} must contain {1} hexadecimal characters.",
|
|
"crypto.password.memory_cost_invalid": "Password hashing memory cost must be greater than zero.",
|
|
"crypto.password.iterations_invalid": "Password hashing iteration count must be greater than zero.",
|
|
"crypto.password.parallelism_invalid": "Password hashing parallelism must be greater than zero.",
|
|
"crypto.password.algorithm_mismatch": "{0} only supports the {1} algorithm.",
|
|
"crypto.password.pbkdf2_iterations": "PBKDF2 requires a positive iteration count.",
|
|
"crypto.gost.not_der": "Signature is not DER encoded.",
|
|
"crypto.gost.invalid_der": "Invalid DER structure for GOST signature.",
|
|
"crypto.gost.raw_length": "Raw GOST signature must be {0} bytes.",
|
|
"crypto.gost.neither_format": "Signature payload is neither DER nor raw GOST format.",
|
|
"crypto.gost.coordinate_overflow": "Coordinate exceeds expected length.",
|
|
"crypto.profile.unknown_purpose": "Unknown hash purpose \u0027{0}\u0027 in profile \u0027{1}\u0027.",
|
|
"crypto.compliance.at_least_one_signing": "At least one signing algorithm must be supplied.",
|
|
"crypto.compliance.at_least_one_hash": "At least one hash algorithm must be supplied.",
|
|
"crypto.ed25519.private_key_size": "Ed25519 private key must be 32 or 64 bytes.",
|
|
"crypto.ed25519.public_key_size": "Ed25519 public key must be 32 bytes.",
|
|
"crypto.ed25519.no_hashing": "BouncyCastle Ed25519 provider does not expose hashing capabilities.",
|
|
"crypto.ed25519.raw_key_required": "Provider \u0027{0}\u0027 requires raw Ed25519 private key material.",
|
|
"crypto.sm.no_password_hashing": "SM provider does not expose password hashing.",
|
|
"crypto.sm.raw_key_required": "SM2 provider requires raw private key bytes (PKCS#8 DER).",
|
|
"crypto.sm.unsupported_format": "Unsupported SM2 key format. Expect PEM or PKCS#8 DER.",
|
|
"crypto.sm.disabled": "Provider \u0027{0}\u0027 is disabled. Set {1}=1 (or disable RequireEnvironmentGate) to enable software SM2/SM3.",
|
|
"crypto.di.registry_empty": "Crypto provider registry cannot be empty. Configure at least one provider for RU deployments.",
|
|
"crypto.di.ru_openssl_required": "Linux RU baseline requires provider \u0027ru.openssl.gost\u0027 (set STELLAOPS_CRYPTO_ENABLE_RU_OPENSSL=0 to override explicitly).",
|
|
"crypto.di.ru_provider_required": "RU Linux baseline is misconfigured: both ru.openssl.gost and ru.pkcs11 are disabled via environment. Enable at least one provider.",
|
|
"crypto.di.no_plugins_loaded": "No crypto providers were loaded. Check plugin configuration and manifest.",
|
|
"crypto.kms.rotation_via_policy": "{0} rotation must be orchestrated via {1} policies or schedules.",
|
|
"crypto.kms.revocation_via_policy": "{0} revocation must be managed through {1} APIs or console.",
|
|
"crypto.kms.public_key_missing_x": "Public key missing X coordinate.",
|
|
"crypto.kms.public_key_missing_y": "Public key missing Y coordinate.",
|
|
"crypto.kms.hash_failed": "Failed to hash payload with SHA-256.",
|
|
"crypto.kms.key_not_found": "Key \u0027{0}\u0027 does not exist.",
|
|
"crypto.kms.key_revoked": "Key \u0027{0}\u0027 has been revoked and cannot be rotated.",
|
|
"crypto.kms.key_revoked_signing": "Key \u0027{0}\u0027 is revoked and cannot be used for signing.",
|
|
"crypto.kms.key_version_not_found": "Key version \u0027{0}\u0027 does not exist for key \u0027{1}\u0027.",
|
|
"crypto.kms.key_no_active_version": "Key \u0027{0}\u0027 does not have an active version.",
|
|
"crypto.kms.key_version_inactive": "Key version \u0027{0}\u0027 is not active. Current state: {1}",
|
|
"crypto.kms.key_no_public_material": "Key \u0027{0}\u0027 version \u0027{1}\u0027 does not have public key material.",
|
|
"crypto.kms.algorithm_unsupported": "Algorithm \u0027{0}\u0027 is not supported by the file KMS driver.",
|
|
"crypto.kms.curve_unsupported": "Curve \u0027{0}\u0027 is not supported.",
|
|
"crypto.kms.metadata_failed": "Failed to create or load key metadata.",
|
|
"crypto.kms.algorithm_mismatch": "Algorithm mismatch. Expected \u0027{0}\u0027, received \u0027{1}\u0027.",
|
|
"crypto.kms.version_exists": "Key version \u0027{0}\u0027 already exists for key \u0027{1}\u0027.",
|
|
"crypto.kms.material_not_found": "Key material for version \u0027{0}\u0027 was not found.",
|
|
"crypto.kms.envelope_deserialize_failed": "Key envelope could not be deserialized.",
|
|
"crypto.kms.payload_deserialize_failed": "Key payload could not be deserialized.",
|
|
"crypto.kms.pem_empty": "Public key PEM cannot be empty.",
|
|
"crypto.kms.no_primary_version": "Crypto key \u0027{0}\u0027 does not have an active primary version.",
|
|
"crypto.kms.es256_only": "Provider \u0027{0}\u0027 only supports ES256 signing keys.",
|
|
"crypto.kms.version_metadata_required": "KMS signing keys must include metadata entry \u0027kms.version\u0027.",
|
|
"crypto.kms.missing_public_key": "KMS signing key is missing public key material.",
|
|
"crypto.fido2.curve_unsupported": "Unsupported FIDO2 curve OID \u0027{0}\u0027.",
|
|
"crypto.fido2.rotation_required": "FIDO2 credential rotation requires new enrolment.",
|
|
"crypto.fido2.revocation_relying_party": "FIDO2 credential revocation must be managed in the relying party.",
|
|
"crypto.fido2.missing_x": "FIDO2 public key missing X coordinate.",
|
|
"crypto.fido2.missing_y": "FIDO2 public key missing Y coordinate.",
|
|
"crypto.fido2.authenticator_required": "IFido2Authenticator must be registered to use FIDO2 KMS.",
|
|
"crypto.pkcs11.rotation_hsm": "PKCS#11 rotation requires HSM administrative tooling.",
|
|
"crypto.pkcs11.revocation_hsm": "PKCS#11 revocation must be handled by HSM policies.",
|
|
"crypto.pkcs11.slot_not_found": "Could not resolve PKCS#11 slot.",
|
|
"crypto.pkcs11.private_key_not_found": "PKCS#11 private key not found.",
|
|
"crypto.pkcs11.public_key_not_found": "PKCS#11 public key not found.",
|
|
"crypto.pkcs11.missing_ec_point": "Public key missing EC point.",
|
|
"crypto.pkcs11.missing_ec_params": "Public key missing EC parameters.",
|
|
"crypto.pkcs11.unsupported_point_format": "Unsupported EC point format.",
|
|
"crypto.pkcs11.curve_oid_unsupported": "Unsupported EC curve OID \u0027{0}\u0027.",
|
|
"crypto.pkcs11.curve_unsupported": "Unsupported EC curve \u0027{0}\u0027.",
|
|
"common.provcache.sbom_hash_required": "SBOM hash cannot be null or empty.",
|
|
"common.provcache.fetch_url_absolute": "Lazy fetch base URL must be absolute.",
|
|
"common.provcache.fetch_url_no_userinfo": "Lazy fetch base URL must not include user info.",
|
|
"common.provcache.fetch_url_host_required": "Lazy fetch base URL must include a host.",
|
|
"common.provcache.fetch_url_scheme_invalid": "Lazy fetch base URL scheme \u0027{0}\u0027 is not allowed.",
|
|
"common.provcache.fetch_url_host_invalid": "Lazy fetch base URL host \u0027{0}\u0027 is not allowlisted.",
|
|
"common.provcache.no_chunks_provided": "No chunks provided.",
|
|
"common.provcache.bundle_deserialize_failed": "Failed to deserialize bundle.",
|
|
"common.provcache.signer_not_configured": "Signer is not configured.",
|
|
"common.provcache.signing_requested_no_signer": "Signing requested but no signer is configured.",
|
|
"common.provcache.cache_entry_not_found": "Cache entry not found for VeriKey: {0}",
|
|
"common.provcache.chunk_manifest_not_found": "Chunk manifest not found for proof root: {0}",
|
|
"common.provcache.http_timeout_invalid": "Lazy fetch HTTP timeout must be a positive, non-infinite duration.",
|
|
"common.provcache.http_base_address_required": "HttpChunkFetcher requires a BaseAddress on the HTTP client.",
|
|
"common.provcache.merkle_root_mismatch": "Merkle root mismatch. Expected: {0}, Computed: {1}",
|
|
"common.provcache.chunk_verification_failed": "Chunk {0} verification failed. Expected hash: {1}",
|
|
"common.provcache.artifact_reference_required": "Artifact reference is required.",
|
|
"common.provcache.artifact_digest_required": "Artifact digest is required.",
|
|
"common.provcache.decision_digest_required": "DecisionDigest is required.",
|
|
"common.provcache.decision_digest_verikey_required": "DecisionDigest.VeriKey is required.",
|
|
"common.provcache.digest_empty": "Digest cannot be empty.",
|
|
"common.provcache.time_window_required": "Time window cannot be null or empty.",
|
|
"common.provcache.vex_hash_required": "VEX hash set hash cannot be null or empty.",
|
|
"common.provcache.policy_hash_required": "Policy hash cannot be null or empty.",
|
|
"common.provcache.source_hash_required": "Source hash cannot be null or empty.",
|
|
"common.provcache.signer_set_hash_required": "Signer set hash cannot be null or empty.",
|
|
"common.evidence.toolchain_required": "ToolChain must be set before building index.",
|
|
"common.evidence.deserialization_failed": "Failed to deserialize evidence index.",
|
|
"common.evidence.verdict_deserialization_failed": "Failed to deserialize verdict.",
|
|
"common.evidence.inputs_json_required": "JSON cannot be null or empty.",
|
|
"common.evidence.inputs_deserialization_failed": "Failed to deserialize pinned scoring inputs.",
|
|
"common.evidence.bundle_alert_id_required": "AlertId is required",
|
|
"common.evidence.bundle_artifact_id_required": "ArtifactId is required",
|
|
"common.evidence.pdf_export_requires_config": "PDF export requires additional configuration",
|
|
"common.evidence.invalid_uri_format": "Invalid evidence URI format: {0}. Expected stella://type/path",
|
|
"common.evidence.invalid_uri_missing_path": "Invalid evidence URI format: {0}. Missing path.",
|
|
"common.evidence.null_resolver_cannot_resolve": "NullTypeResolver cannot resolve evidence type: {0}",
|
|
"common.evidence.schema_resource_not_found": "Schema resource not found: {0}",
|
|
"common.evidence.schema_resource_not_available": "Schema resource not available: {0}",
|
|
"common.evidence.provenance_deserialize_failed": "Failed to deserialize provenance for evidence {0}",
|
|
"common.evidence.bundle_deserialize_failed": "Failed to deserialize verdict bundle",
|
|
"common.evidence.delta_verdict_deserialize_failed": "Failed to deserialize delta verdict",
|
|
"common.canonicalization.value_empty_after_trim": "Value must not be empty after trimming.",
|
|
"common.canonicalization.deserialize_failed": "Failed to deserialize {0}",
|
|
"common.canonicalization.datetime_value_null": "DateTimeOffset value is null.",
|
|
"common.canonicalization.dict_key_null": "Dictionary key cannot be null.",
|
|
"common.audit.replay_token_value_empty": "Token value cannot be empty.",
|
|
"common.audit.replay_token_empty": "Token cannot be empty.",
|
|
"common.audit.replay_token_format_invalid": "Invalid replay token format: {0}",
|
|
"common.audit.replay_token_version_invalid": "Invalid replay token version: {0}",
|
|
"common.audit.replay_token_expiration_invalid": "Invalid expiration timestamp in replay token: {0}",
|
|
"common.audit.replay_token_duplicate_context_key": "AdditionalContext contains duplicate key after normalization: \u0027{0}\u0027.",
|
|
"common.artifact.uri_format_invalid": "Invalid URI format: {0}",
|
|
"common.artifact.uri_scheme_not_supported": "URI scheme not supported: {0}",
|
|
"common.artifact.file_not_accessible": "File not accessible: {0}",
|
|
"common.artifact.file_too_large": "File too large: {0} bytes exceeds 100MB limit",
|
|
"common.artifact.uri_not_accessible": "URI not accessible: {0} returned {1}",
|
|
"common.artifact.content_too_large": "Content too large: {0} bytes exceeds 100MB limit",
|
|
"common.artifact.fetch_failed": "Failed to fetch from {0}: {1}",
|
|
"common.delta_verdict.artifact_ref_required": "Artifact reference is required.",
|
|
"common.delta_verdict.unsupported_signing_algorithm": "Unsupported signing algorithm: {0}",
|
|
"common.delta_verdict.hmac_secret_required": "HMAC signing requires a base64 secret.",
|
|
"common.eventing.no_entry_assembly": "No entry assembly found",
|
|
"auth.persistence.deserialize_inputs_failed": "Failed to deserialize inputs",
|
|
"auth.persistence.deserialize_result_failed": "Failed to deserialize result",
|
|
"auth.persistence.revocation_sequence_mismatch": "Revocation export sequence mismatch. Expected {0}, current {1}.",
|
|
"auth.persistence.revocation_update_rejected": "Revocation export state update rejected. Expected sequence {0}."
|
|
} |