stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/cli/auth-revocation-bundle-export-verify-cli.md

1.8 KiB
Raw Blame History

Auth Revocation Bundle Export/Verify CLI (stella auth revoke export/verify)

Module

Cli

Status

IMPLEMENTED

Description

Export revocation bundles with JWS signatures to disk and verify bundles against detached JWS signatures using PEM public keys for offline revocation verification.

Implementation Details

  • Command Group: src/Cli/StellaOps.Cli/Commands/AuthCommandGroup.cs -- AuthCommandGroup (public static class), Sprint SPRINT_20260117_016_CLI_auth_access (tasks AAC-001 through AAC-005)
  • Revocation Client: src/Cli/StellaOps.Cli/Services/AuthorityRevocationClient.cs / IAuthorityRevocationClient.cs -- handles revocation bundle export and verification
  • Authority Client: src/Cli/StellaOps.Cli/Services/AuthorityConsoleClient.cs / IAuthorityConsoleClient.cs -- authority API operations
  • Commands:
    • stella auth revoke export --output <path> -- export revocation bundle with JWS signature to disk
    • stella auth revoke verify --bundle <path> --key <pem-path> -- verify revocation bundle against JWS signature using PEM public key
  • Subcommands under stella auth: clients, roles, scopes, token, api-keys (all part of AuthCommandGroup)

E2E Test Plan

  • Run stella auth revoke export --output ./revocation-bundle.json and verify bundle file created with JWS signature
  • Run stella auth revoke verify --bundle ./revocation-bundle.json --key ./public.pem and verify signature validation passes
  • Verify bundle verification fails with wrong public key
  • Verify bundle verification fails with tampered bundle content
  • Verify offline verification works without network connectivity
  • Run with --format json and verify structured output
  • Verify exit code 0 for valid verification, non-zero for failures