Add unit tests for SBOM ingestion and transformation
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Implement `SbomIngestServiceCollectionExtensionsTests` to verify the SBOM ingestion pipeline exports snapshots correctly. - Create `SbomIngestTransformerTests` to ensure the transformation produces expected nodes and edges, including deduplication of license nodes and normalization of timestamps. - Add `SbomSnapshotExporterTests` to test the export functionality for manifest, adjacency, nodes, and edges. - Introduce `VexOverlayTransformerTests` to validate the transformation of VEX nodes and edges. - Set up project file for the test project with necessary dependencies and configurations. - Include JSON fixture files for testing purposes.
This commit is contained in:
master
171
src/__Libraries/StellaOps.Cryptography.Kms/GcpKmsFacade.cs
Normal file
171
src/__Libraries/StellaOps.Cryptography.Kms/GcpKmsFacade.cs
Normal file
@@ -0,0 +1,171 @@
|
||||
using Google.Cloud.Kms.V1;
|
||||
using Google.Protobuf;
|
||||
|
||||
namespace StellaOps.Cryptography.Kms;
|
||||
|
||||
internal interface IGcpKmsFacade : IDisposable
|
||||
{
|
||||
Task<GcpSignResult> SignAsync(string versionName, ReadOnlyMemory<byte> digest, CancellationToken cancellationToken);
|
||||
|
||||
Task<GcpCryptoKeyMetadata> GetCryptoKeyMetadataAsync(string keyName, CancellationToken cancellationToken);
|
||||
|
||||
Task<IReadOnlyList<GcpCryptoKeyVersionMetadata>> ListKeyVersionsAsync(string keyName, CancellationToken cancellationToken);
|
||||
|
||||
Task<GcpPublicKeyMaterial> GetPublicKeyAsync(string versionName, CancellationToken cancellationToken);
|
||||
}
|
||||
|
||||
internal sealed record GcpSignResult(string VersionName, byte[] Signature);
|
||||
|
||||
internal sealed record GcpCryptoKeyMetadata(string KeyName, string? PrimaryVersionName, DateTimeOffset CreateTime);
|
||||
|
||||
internal enum GcpCryptoKeyVersionState
|
||||
{
|
||||
Unspecified = 0,
|
||||
PendingGeneration = 1,
|
||||
Enabled = 2,
|
||||
Disabled = 3,
|
||||
DestroyScheduled = 4,
|
||||
Destroyed = 5,
|
||||
PendingImport = 6,
|
||||
ImportFailed = 7,
|
||||
GenerationFailed = 8,
|
||||
}
|
||||
|
||||
internal sealed record GcpCryptoKeyVersionMetadata(
|
||||
string VersionName,
|
||||
GcpCryptoKeyVersionState State,
|
||||
DateTimeOffset CreateTime,
|
||||
DateTimeOffset? DestroyTime);
|
||||
|
||||
internal sealed record GcpPublicKeyMaterial(string VersionName, string Algorithm, string Pem);
|
||||
|
||||
internal sealed class GcpKmsFacade : IGcpKmsFacade
|
||||
{
|
||||
private readonly KeyManagementServiceClient _client;
|
||||
private readonly bool _ownsClient;
|
||||
|
||||
public GcpKmsFacade(GcpKmsOptions options)
|
||||
{
|
||||
ArgumentNullException.ThrowIfNull(options);
|
||||
var builder = new KeyManagementServiceClientBuilder
|
||||
{
|
||||
Endpoint = string.IsNullOrWhiteSpace(options.Endpoint)
|
||||
? KeyManagementServiceClient.DefaultEndpoint.Host
|
||||
: options.Endpoint,
|
||||
};
|
||||
|
||||
_client = builder.Build();
|
||||
_ownsClient = true;
|
||||
}
|
||||
|
||||
public GcpKmsFacade(KeyManagementServiceClient client)
|
||||
{
|
||||
_client = client ?? throw new ArgumentNullException(nameof(client));
|
||||
_ownsClient = false;
|
||||
}
|
||||
|
||||
public async Task<GcpSignResult> SignAsync(string versionName, ReadOnlyMemory<byte> digest, CancellationToken cancellationToken)
|
||||
{
|
||||
ArgumentException.ThrowIfNullOrWhiteSpace(versionName);
|
||||
|
||||
var response = await _client.AsymmetricSignAsync(new AsymmetricSignRequest
|
||||
{
|
||||
Name = versionName,
|
||||
Digest = new Digest
|
||||
{
|
||||
Sha256 = ByteString.CopyFrom(digest.ToArray()),
|
||||
},
|
||||
}, cancellationToken).ConfigureAwait(false);
|
||||
|
||||
return new GcpSignResult(response.Name ?? versionName, response.Signature.ToByteArray());
|
||||
}
|
||||
|
||||
public async Task<GcpCryptoKeyMetadata> GetCryptoKeyMetadataAsync(string keyName, CancellationToken cancellationToken)
|
||||
{
|
||||
ArgumentException.ThrowIfNullOrWhiteSpace(keyName);
|
||||
|
||||
var response = await _client.GetCryptoKeyAsync(new GetCryptoKeyRequest
|
||||
{
|
||||
Name = keyName,
|
||||
}, cancellationToken).ConfigureAwait(false);
|
||||
|
||||
return new GcpCryptoKeyMetadata(
|
||||
response.Name,
|
||||
response.Primary?.Name,
|
||||
ToDateTimeOffsetOrUtcNow(response.CreateTime));
|
||||
}
|
||||
|
||||
public async Task<IReadOnlyList<GcpCryptoKeyVersionMetadata>> ListKeyVersionsAsync(string keyName, CancellationToken cancellationToken)
|
||||
{
|
||||
ArgumentException.ThrowIfNullOrWhiteSpace(keyName);
|
||||
|
||||
var results = new List<GcpCryptoKeyVersionMetadata>();
|
||||
var request = new ListCryptoKeyVersionsRequest
|
||||
{
|
||||
Parent = keyName,
|
||||
};
|
||||
|
||||
await foreach (var version in _client.ListCryptoKeyVersionsAsync(request).WithCancellation(cancellationToken).ConfigureAwait(false))
|
||||
{
|
||||
results.Add(new GcpCryptoKeyVersionMetadata(
|
||||
version.Name,
|
||||
MapState(version.State),
|
||||
ToDateTimeOffsetOrUtcNow(version.CreateTime),
|
||||
version.DestroyTime is null ? null : ToDateTimeOffsetOrUtcNow(version.DestroyTime)));
|
||||
}
|
||||
|
||||
return results;
|
||||
}
|
||||
|
||||
public async Task<GcpPublicKeyMaterial> GetPublicKeyAsync(string versionName, CancellationToken cancellationToken)
|
||||
{
|
||||
ArgumentException.ThrowIfNullOrWhiteSpace(versionName);
|
||||
|
||||
var response = await _client.GetPublicKeyAsync(new GetPublicKeyRequest
|
||||
{
|
||||
Name = versionName,
|
||||
}, cancellationToken).ConfigureAwait(false);
|
||||
|
||||
return new GcpPublicKeyMaterial(
|
||||
response.Name ?? versionName,
|
||||
response.Algorithm.ToString(),
|
||||
response.Pem);
|
||||
}
|
||||
|
||||
private static GcpCryptoKeyVersionState MapState(CryptoKeyVersion.Types.CryptoKeyVersionState state)
|
||||
=> state switch
|
||||
{
|
||||
CryptoKeyVersion.Types.CryptoKeyVersionState.Enabled => GcpCryptoKeyVersionState.Enabled,
|
||||
CryptoKeyVersion.Types.CryptoKeyVersionState.Disabled => GcpCryptoKeyVersionState.Disabled,
|
||||
CryptoKeyVersion.Types.CryptoKeyVersionState.DestroyScheduled => GcpCryptoKeyVersionState.DestroyScheduled,
|
||||
CryptoKeyVersion.Types.CryptoKeyVersionState.Destroyed => GcpCryptoKeyVersionState.Destroyed,
|
||||
CryptoKeyVersion.Types.CryptoKeyVersionState.PendingGeneration => GcpCryptoKeyVersionState.PendingGeneration,
|
||||
CryptoKeyVersion.Types.CryptoKeyVersionState.PendingImport => GcpCryptoKeyVersionState.PendingImport,
|
||||
CryptoKeyVersion.Types.CryptoKeyVersionState.ImportFailed => GcpCryptoKeyVersionState.ImportFailed,
|
||||
CryptoKeyVersion.Types.CryptoKeyVersionState.GenerationFailed => GcpCryptoKeyVersionState.GenerationFailed,
|
||||
_ => GcpCryptoKeyVersionState.Unspecified,
|
||||
};
|
||||
|
||||
public void Dispose()
|
||||
{
|
||||
if (_ownsClient)
|
||||
{
|
||||
_client.Dispose();
|
||||
}
|
||||
}
|
||||
|
||||
private static DateTimeOffset ToDateTimeOffsetOrUtcNow(Timestamp? timestamp)
|
||||
{
|
||||
if (timestamp is null)
|
||||
{
|
||||
return DateTimeOffset.UtcNow;
|
||||
}
|
||||
|
||||
if (timestamp.Seconds == 0 && timestamp.Nanos == 0)
|
||||
{
|
||||
return DateTimeOffset.UtcNow;
|
||||
}
|
||||
|
||||
return timestamp.ToDateTimeOffset();
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user