stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/checked/gateway/gateway-identity-header-strip-and-overwrite-policy-middleware.md
master cf5b72974f save checkpoint
2026-02-11 01:32:14 +02:00

6.6 KiB
Raw Blame History

Gateway Identity Header Strip-and-Overwrite Policy Middleware

Module

Gateway

Status

VERIFIED

Description

Security middleware that enforces identity header integrity at the Gateway/Router level. Strips incoming identity headers from external requests and overwrites them with verified claims from the authenticated session, preventing header spoofing attacks in service-to-service communication.

Implementation Details

  • Identity header middleware: src/Gateway/StellaOps.Gateway.WebService/Middleware/IdentityHeaderPolicyMiddleware.cs -- strips incoming identity headers and overwrites with verified claims (335 lines)
  • Claims store: src/Gateway/StellaOps.Gateway.WebService/Authorization/EffectiveClaimsStore.cs, IEffectiveClaimsStore.cs -- manages effective claims after header processing
  • Authorization middleware: src/Gateway/StellaOps.Gateway.WebService/Authorization/AuthorizationMiddleware.cs -- enforces authorization after identity header processing
  • Sender constraints: src/Gateway/StellaOps.Gateway.WebService/Middleware/SenderConstraintMiddleware.cs -- validates sender identity
  • Source: SPRINT_8100_0011_0002_gateway_identity_header_hardening.md

E2E Test Plan

  • Verify incoming identity headers are stripped from external requests
  • Test verified claims replace stripped headers correctly
  • Verify header spoofing attempts are blocked
  • Test service-to-service communication uses verified identity headers
  • Verify edge cases and error handling

Verification

  • Run ID: run-002
  • Date: 2026-02-09
  • Method: Tier 1 code review + Tier 2d integration tests
  • Build: PASS (0 errors, 0 warnings)
  • Tests: PASS (202/202 gateway tests pass)
  • Code Review:
    • IdentityHeaderPolicyMiddleware (335 lines): Lists 14 reserved headers (X-StellaOps-* and legacy X-Stella-*), strips all from incoming requests, extracts identity from validated ClaimsPrincipal, writes canonical + legacy downstream headers.
    • IdentityHeaderPolicyMiddlewareTests (502 lines, 18+ tests): Security-focused assertions verifying spoofed headers are replaced, raw claim headers stripped, scopes sorted deterministically, system paths bypass processing.
    • Strongest test coverage in the module.
  • Verdict: PASS

Tier 2 Recheck (2026-02-10)

  • Run ID: run-003
  • Result: PASS
  • What was rechecked: Spoofed identity-header request path replay plus regression-suite confirmation for identity header strip/overwrite behavior.
  • Evidence: docs/qa/feature-checks/runs/gateway/gateway-identity-header-strip-and-overwrite-policy-middleware/run-003/tier2-integration-check.json

Recheck (run-005)

  • Date: 2026-02-10
  • Result: PASS
  • Verification: Identity header strip/overwrite anti-spoofing behavior remains stable.
  • Tests: Gateway.WebService.Tests 259/259, Router Gateway WebService.Tests 160/160, Router.Gateway.Tests 13/13 (432 total).
  • Evidence: docs/qa/feature-checks/runs/gateway/gateway-identity-header-strip-and-overwrite-policy-middleware/run-005/tier2-integration-check.json

Recheck (Run-006)

  • Verified: 2026-02-10
  • Method: Tier 2 replay + full Gateway/Router matrix.
  • Tests: PASS (src/Gateway/__Tests/StellaOps.Gateway.WebService.Tests: 259/259; src/Router/__Tests/StellaOps.Gateway.WebService.Tests: 160/160; src/Router/__Tests/StellaOps.Router.Gateway.Tests: 13/13).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/gateway/gateway-identity-header-strip-and-overwrite-policy-middleware/run-006/tier2-integration-check.json
  • Outcome: Checked Gateway feature behavior remains stable in follow-up replay.

Recheck (Run-007)

  • Verified: 2026-02-10
  • Method: Tier 2 integration replay.
  • Tests: PASS (src/Gateway/__Tests/StellaOps.Gateway.WebService.Tests: 259/259; src/Router/__Tests/StellaOps.Gateway.WebService.Tests: 160/160; src/Router/__Tests/StellaOps.Router.Gateway.Tests: 13/13).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/gateway/gateway-identity-header-strip-and-overwrite-policy-middleware/run-007/tier2-integration-check.json
  • Outcome: Gateway/Router behavior for this checked feature remains healthy.

Recheck (Run-008)

  • Verified: 2026-02-10
  • Method: Tier 2 replay with deterministic Gateway+Router suite verification.
  • Tests: PASS (src/Gateway/__Tests/StellaOps.Gateway.WebService.Tests: 259/259; src/Router/__Tests/StellaOps.Gateway.WebService.Tests: 160/160; src/Router/__Tests/StellaOps.Router.Gateway.Tests: 13/13).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/gateway/gateway-identity-header-strip-and-overwrite-policy-middleware/run-008/tier2-integration-check.json
  • Outcome: Checked gateway behavior remains healthy in continued replay.

Recheck (Run-009)

  • Verified: 2026-02-10
  • Method: Tier 2 replay with deterministic Gateway+Router suite verification.
  • Tests: PASS (src/Gateway/__Tests/StellaOps.Gateway.WebService.Tests: 259/259; src/Router/__Tests/StellaOps.Gateway.WebService.Tests: 160/160; src/Router/__Tests/StellaOps.Router.Gateway.Tests: 13/13).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/gateway/gateway-identity-header-strip-and-overwrite-policy-middleware/run-009/tier2-integration-check.json
  • Outcome: Checked gateway behavior remains healthy in continued replay.

Recheck (Run-010)

  • Verified: 2026-02-10
  • Method: Tier 2d deterministic integration replay.
  • Tests: PASS (Gateway.WebService.Tests 259/259, Router.Gateway.WebService.Tests 160/160, Router.Gateway.Tests 13/13).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/gateway/gateway-identity-header-strip-and-overwrite-policy-middleware/run-010/tier2-integration-check.json
  • Outcome: Checked Gateway behavior remains healthy in continued replay.

Recheck (Run-011)

  • Verified: 2026-02-10
  • Method: Tier 2d deterministic integration replay.
  • Tests: PASS (Gateway.WebService 259/259, Router.Gateway.WebService 160/160, Router.Gateway 13/13; total 432/432).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/gateway/gateway-identity-header-strip-and-overwrite-policy-middleware/run-011/tier2-integration-check.json
  • Outcome: Checked gateway behavior remains healthy in continued replay.

Recheck (Run-012)

  • Verified: 2026-02-10
  • Method: Tier 2d deterministic integration replay.
  • Tests: PASS (Gateway.WebService 259/259, Router.Gateway.WebService 160/160, Router.Gateway 13/13; total 432/432).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/gateway/gateway-identity-header-strip-and-overwrite-policy-middleware/run-012/tier2-integration-check.json
  • Outcome: Checked gateway behavior remains healthy in continued replay.