save progress

src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Signing/EvidenceGraphDsseSigner.cs

@@ -6,9 +6,9 @@ using Org.BouncyCastle.Crypto.Signers;
 using Org.BouncyCastle.OpenSsl;
 using Org.BouncyCastle.Asn1.X9;
 using StellaOps.Cryptography;
-using StellaOps.AirGap.Importer.Validation;
 using AttestorDsseEnvelope = StellaOps.Attestor.Envelope.DsseEnvelope;
 using AttestorDsseSignature = StellaOps.Attestor.Envelope.DsseSignature;
+using AttestorDssePreAuthenticationEncoding = StellaOps.Attestor.Envelope.DssePreAuthenticationEncoding;
 using StellaOps.Attestor.Envelope;
 
 namespace StellaOps.AirGap.Importer.Reconciliation.Signing;
@@ -43,7 +43,7 @@ internal sealed class EvidenceGraphDsseSigner
 
         var canonicalJson = serializer.Serialize(graph, pretty: false);
         var payloadBytes = Encoding.UTF8.GetBytes(canonicalJson);
-        var pae = DssePreAuthenticationEncoding.Encode(EvidenceGraphPayloadType, payloadBytes);
+        var pae = AttestorDssePreAuthenticationEncoding.Compute(EvidenceGraphPayloadType, payloadBytes);
 
         var envelopeKey = LoadEcdsaEnvelopeKey(signingPrivateKeyPemPath, signingKeyId);
         var signature = SignDeterministicEcdsa(pae, signingPrivateKeyPemPath, envelopeKey.AlgorithmId);

src/AirGap/StellaOps.AirGap.Importer/TASKS.md

@@ -8,3 +8,4 @@ Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.
 | AUDIT-0026-M | DONE | Maintainability audit for StellaOps.AirGap.Importer. |
 | AUDIT-0026-T | DONE | Test coverage audit for StellaOps.AirGap.Importer. |
 | AUDIT-0026-A | DOING | Pending approval for changes. |
+| VAL-SMOKE-001 | DONE | Resolved DSSE signer ambiguity; smoke build now proceeds. |

src/AirGap/__Tests/StellaOps.AirGap.Importer.Tests/DsseVerifierTests.cs

@@ -53,19 +53,8 @@ public class DsseVerifierTests
 
     private static byte[] BuildPae(string payloadType, string payload)
     {
-        var parts = new[] { "DSSEv1", payloadType, payload };
-        var paeBuilder = new System.Text.StringBuilder();
-        paeBuilder.Append("PAE:");
-        paeBuilder.Append(parts.Length);
-        foreach (var part in parts)
-        {
-            paeBuilder.Append(' ');
-            paeBuilder.Append(part.Length);
-            paeBuilder.Append(' ');
-            paeBuilder.Append(part);
-        }
-
-        return System.Text.Encoding.UTF8.GetBytes(paeBuilder.ToString());
+        var payloadBytes = System.Text.Encoding.UTF8.GetBytes(payload);
+        return StellaOps.Attestor.Envelope.DssePreAuthenticationEncoding.Compute(payloadType, payloadBytes);
     }
 
     private static string Fingerprint(byte[] pub)

src/AirGap/__Tests/StellaOps.AirGap.Importer.Tests/ImportValidatorTests.cs

@@ -94,6 +94,9 @@ public sealed class ImportValidatorTests
             quarantine,
             NullLogger<ImportValidator>.Instance);
 
+        var payloadEntries = new List<NamedStream> { new("a.txt", new MemoryStream("data"u8.ToArray())) };
+        var merkleRoot = new MerkleRootCalculator().ComputeRoot(payloadEntries);
+        var manifestJson = $"{{\"version\":\"1.0.0\",\"merkleRoot\":\"{merkleRoot}\"}}";
         var tempRoot = Path.Combine(Path.GetTempPath(), "stellaops-airgap-tests", Guid.NewGuid().ToString("N"));
         Directory.CreateDirectory(tempRoot);
         var bundlePath = Path.Combine(tempRoot, "bundle.tar.zst");
@@ -106,7 +109,7 @@ public sealed class ImportValidatorTests
                 BundleType: "offline-kit",
                 BundleDigest: "sha256:bundle",
                 BundlePath: bundlePath,
-                ManifestJson: "{\"version\":\"1.0.0\"}",
+                ManifestJson: manifestJson,
                 ManifestVersion: "1.0.0",
                 ManifestCreatedAt: DateTimeOffset.Parse("2025-12-15T00:00:00Z"),
                 ForceActivate: false,
@@ -116,7 +119,7 @@ public sealed class ImportValidatorTests
                 RootJson: root,
                 SnapshotJson: snapshot,
                 TimestampJson: timestamp,
-                PayloadEntries: new List<NamedStream> { new("a.txt", new MemoryStream("data"u8.ToArray())) },
+                PayloadEntries: payloadEntries,
                 TrustStore: trustStore,
                 ApproverIds: new[] { "approver-1", "approver-2" });
 
@@ -146,19 +149,8 @@ public sealed class ImportValidatorTests
 
     private static byte[] BuildPae(string payloadType, string payload)
     {
-        var parts = new[] { "DSSEv1", payloadType, payload };
-        var paeBuilder = new System.Text.StringBuilder();
-        paeBuilder.Append("PAE:");
-        paeBuilder.Append(parts.Length);
-        foreach (var part in parts)
-        {
-            paeBuilder.Append(' ');
-            paeBuilder.Append(part.Length);
-            paeBuilder.Append(' ');
-            paeBuilder.Append(part);
-        }
-
-        return System.Text.Encoding.UTF8.GetBytes(paeBuilder.ToString());
+        var payloadBytes = System.Text.Encoding.UTF8.GetBytes(payload);
+        return StellaOps.Attestor.Envelope.DssePreAuthenticationEncoding.Compute(payloadType, payloadBytes);
     }
 
     private static string Fingerprint(byte[] pub) => Convert.ToHexString(SHA256.HashData(pub)).ToLowerInvariant();

src/AirGap/__Tests/StellaOps.AirGap.Importer.Tests/TASKS.md

@@ -8,3 +8,4 @@ Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.
 | AUDIT-0027-M | DONE | Maintainability audit for StellaOps.AirGap.Importer.Tests. |
 | AUDIT-0027-T | DONE | Test coverage audit for StellaOps.AirGap.Importer.Tests. |
 | AUDIT-0027-A | TODO | Pending approval for changes. |
+| VAL-SMOKE-001 | DONE | Align DSSE PAE test data and manifest merkle root; unit tests pass. |