Implement PKI Interface for eID-Server

[Hermann-Core]

Implement the PKI layer needed to retrieve and validate the certificates required by the eID server:

• Terminal certificates
• CSCA / CVCA chains
• Blacklists / defect lists

Tasks

• Implement TR-03129 webservice client
• Schedule periodic certificate refresh
• Validate Chip / Terminal Auth chains during session
• Maintain local trust store and cache

Reference

• TR-03129
• TR-03130 §2.3.3 and §2.4