more audit work

2026-01-08 10:21:51 +02:00
parent 43c02081ef
commit 51cf4bc16c
546 changed files with 36721 additions and 4003 deletions
--- a/src/__Tests/unit/StellaOps.AuditPack.Tests/AuditPackBuilderTests.cs
+++ b/src/__Tests/unit/StellaOps.AuditPack.Tests/AuditPackBuilderTests.cs
@@ -56,22 +56,16 @@ public class AuditPackBuilderTests
    }

    [Fact]
-    public void PackDigest_IsComputedCorrectly()
+    public async Task PackDigest_IsComputedCorrectly()
    {
        // Arrange
-        var pack = new AuditPack
-        {
-            PackId = "test-pack",
-            Name = "Test Pack",
-            CreatedAt = new DateTimeOffset(2025, 1, 1, 0, 0, 0, TimeSpan.Zero),
-            RunManifest = new RunManifest("scan-1", DateTimeOffset.UtcNow),
-            EvidenceIndex = new EvidenceIndex([]),
-            Verdict = new Verdict("verdict-1", "pass"),
-            OfflineBundle = new BundleManifest("bundle-1", "1.0"),
-            Contents = new PackContents()
-        };
+        var scanResult = new ScanResult("scan-1");
+        var builder = new AuditPackBuilder();

-        // Act - digest should be set during build
-        pack.PackDigest.Should().NotBeNull();
+        // Act
+        var pack = await builder.BuildAsync(scanResult, new AuditPackOptions());
+
+        // Assert
+        pack.PackDigest.Should().NotBeNullOrEmpty();
    }
 }
--- a/src/__Tests/unit/StellaOps.AuditPack.Tests/ReplayAttestationServiceTests.cs
+++ b/src/__Tests/unit/StellaOps.AuditPack.Tests/ReplayAttestationServiceTests.cs
@@ -159,16 +159,18 @@ public class ReplayAttestationServiceTests
    public async Task VerifyAsync_ValidAttestation_ReturnsValid()
    {
        // Arrange
+        var service = new ReplayAttestationService(new FakeSigner(), new AcceptAllVerifier());
        var manifest = CreateTestManifest();
        var result = CreateTestResult();
-        var attestation = await _service.GenerateAsync(manifest, result);
+        var attestation = await service.GenerateAsync(manifest, result);

        // Act
-        var verificationResult = await _service.VerifyAsync(attestation);
+        var verificationResult = await service.VerifyAsync(attestation);

        // Assert
        verificationResult.IsValid.Should().BeTrue();
        verificationResult.Errors.Should().BeEmpty();
+        verificationResult.SignatureVerified.Should().BeTrue();
    }

    [Fact]
@@ -255,4 +257,27 @@ public class ReplayAttestationServiceTests
        verificationResult.IsValid.Should().BeFalse();
        verificationResult.Errors.Should().Contain(e => e.Contains("payload digest"));
    }
+
+    private sealed class FakeSigner : IReplayAttestationSigner
+    {
+        public Task<DsseSignatureResult> SignAsync(byte[] payload, CancellationToken cancellationToken = default)
+        {
+            return Task.FromResult(new DsseSignatureResult
+            {
+                KeyId = "test-key",
+                Signature = Convert.ToBase64String(payload.Take(8).ToArray())
+            });
+        }
+    }
+
+    private sealed class AcceptAllVerifier : IReplayAttestationSignatureVerifier
+    {
+        public Task<ReplayAttestationSignatureVerification> VerifyAsync(
+            ReplayDsseEnvelope envelope,
+            byte[] payload,
+            CancellationToken cancellationToken = default)
+        {
+            return Task.FromResult(new ReplayAttestationSignatureVerification { Verified = true });
+        }
+    }
 }