stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

more audit work

Browse Source
This commit is contained in:
master
2026-01-08 10:21:51 +02:00
parent 43c02081ef
commit 51cf4bc16c
546 changed files with 36721 additions and 4003 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/__Libraries/__Tests/StellaOps.Auth.Security.Tests/DpopProofValidatorTests.cs
View File

@@ -1,4 +1,5 @@
using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Cryptography;
using System.Text;
@@ -190,11 +191,23 @@ public class DpopProofValidatorTests
var securityKey = new ECDsaSecurityKey(ecdsa) { KeyId = Guid.NewGuid().ToString("N") };
var jwk = JsonWebKeyConverter.ConvertFromECDsaSecurityKey(securityKey);
var jwkHeader = new Dictionary<string, object>
{
["kty"] = jwk.Kty,
["crv"] = jwk.Crv,
["x"] = jwk.X,
["y"] = jwk.Y
};
if (!string.IsNullOrWhiteSpace(jwk.Kid))
{
jwkHeader["kid"] = jwk.Kid;
}
var header = new JwtHeader(new SigningCredentials(securityKey, SecurityAlgorithms.EcdsaSha256))
{
{ "typ", "dpop+jwt" },
{ "jwk", jwk }
{ "jwk", jwkHeader }
};
header["typ"] = "dpop+jwt";
headerMutator?.Invoke(header);
var payload = new JwtPayload
@@ -217,6 +230,7 @@ public class DpopProofValidatorTests
return (handler.WriteToken(token), jwk);
}
private static string BuildUnsignedToken(object header, object payload)
{
var headerJson = JsonSerializer.Serialize(header);

9
src/__Libraries/__Tests/StellaOps.Auth.Security.Tests/TASKS.md
View File

@@ -5,6 +5,9 @@ Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.
| Task ID | Status | Notes |
| --- | --- | --- |
| AUDIT-0785-M | TODO | Maintainability audit for StellaOps.Auth.Security.Tests (pending revalidation). |
| AUDIT-0785-T | TODO | Test coverage audit for StellaOps.Auth.Security.Tests (pending revalidation). |
| AUDIT-0785-A | DONE | Waived (test project). |
| AUDIT-0017-M | DONE | Revalidated 2026-01-08 (rebaseline). |
| AUDIT-0017-T | DONE | Revalidated 2026-01-08 (rebaseline). |
| AUDIT-0017-A | DONE | Waived (test project). |
| AUDIT-0785-M | DONE | Revalidated 2026-01-07 (test project). |
| AUDIT-0785-T | DONE | Revalidated 2026-01-07. |
| AUDIT-0785-A | DONE | Waived (test project; revalidated 2026-01-07). |