consolidation of some of the modules, localization fixes, product advisories work, qa work

2026-03-05 03:54:22 +02:00
parent 7bafcc3eef
commit 8e1cb9448d
3878 changed files with 72600 additions and 46861 deletions
--- a/src/Attestor/__Tests/StellaOps.Provenance.Attestation.Tests/SignerTests.cs
+++ b/src/Attestor/__Tests/StellaOps.Provenance.Attestation.Tests/SignerTests.cs
@@ -0,0 +1,51 @@
+using System;
+using System.Text;
+using System.Threading.Tasks;
+using System.Collections.Generic;
+using FluentAssertions;
+using StellaOps.Provenance.Attestation;
+using StellaOps.Cryptography;
+using Xunit;
+
+using StellaOps.TestKit;
+namespace StellaOps.Provenance.Attestation.Tests;
+
+public class SignerTests
+{
+    [Trait("Category", TestCategories.Unit)]
+        [Fact]
+    public async Task HmacSigner_is_deterministic_for_same_input()
+    {
+        var key = new InMemoryKeyProvider("test-key", Encoding.UTF8.GetBytes("secret"));
+        var audit = new InMemoryAuditSink();
+        var signer = new HmacSigner(key, DefaultCryptoHmac.CreateForTests(), audit, TimeProvider.System);
+
+        var request = new SignRequest(Encoding.UTF8.GetBytes("payload"), "application/json");
+
+        var r1 = await signer.SignAsync(request);
+        var r2 = await signer.SignAsync(request);
+
+        r1.Signature.Should().BeEquivalentTo(r2.Signature);
+        r1.KeyId.Should().Be("test-key");
+        audit.Signed.Should().HaveCount(2);
+    }
+
+    [Trait("Category", TestCategories.Unit)]
+        [Fact]
+    public async Task HmacSigner_enforces_required_claims()
+    {
+        var key = new InMemoryKeyProvider("test-key", Encoding.UTF8.GetBytes("secret"));
+        var audit = new InMemoryAuditSink();
+        var signer = new HmacSigner(key, DefaultCryptoHmac.CreateForTests(), audit, TimeProvider.System);
+
+        var request = new SignRequest(
+            Payload: Encoding.UTF8.GetBytes("payload"),
+            ContentType: "application/json",
+            Claims: new Dictionary<string, string> { ["foo"] = "bar" },
+            RequiredClaims: new[] { "foo", "bar" });
+
+        var ex = await Assert.ThrowsAsync<InvalidOperationException>(() => signer.SignAsync(request));
+        ex.Message.Should().Contain("bar");
+        audit.Missing.Should().ContainSingle(m => m.claim == "bar");
+    }
+}