audit notes work completed, test fixes work (95% done), new sprints, new data sources setup and configuration

2026-01-14 10:48:00 +02:00
parent d7be6ba34b
commit 95d5898650
379 changed files with 40695 additions and 19041 deletions
--- a/src/Cryptography/__Tests/StellaOps.Cryptography.Tests/CryptographyModelTests.cs
+++ b/src/Cryptography/__Tests/StellaOps.Cryptography.Tests/CryptographyModelTests.cs
@@ -0,0 +1,317 @@
+using StellaOps.Cryptography;
+using StellaOps.Cryptography.Models;
+using Xunit;
+
+namespace StellaOps.Cryptography.Tests;
+
+/// <summary>
+/// Tests for SignatureProfile enum.
+/// </summary>
+public sealed class SignatureProfileTests
+{
+    [Theory]
+    [InlineData(SignatureProfile.EdDsa)]
+    [InlineData(SignatureProfile.EcdsaP256)]
+    [InlineData(SignatureProfile.RsaPss)]
+    [InlineData(SignatureProfile.Gost2012)]
+    [InlineData(SignatureProfile.SM2)]
+    [InlineData(SignatureProfile.Eidas)]
+    public void SignatureProfile_AllStandardValues_AreValid(SignatureProfile profile)
+    {
+        Assert.True(Enum.IsDefined(profile));
+    }
+
+    [Fact]
+    public void SignatureProfile_EdDsa_IsDefault()
+    {
+        // EdDsa should be 0 - the default/baseline profile
+        Assert.Equal(0, (int)SignatureProfile.EdDsa);
+    }
+
+    [Fact]
+    public void SignatureProfile_AllValues_AreCounted()
+    {
+        var values = Enum.GetValues<SignatureProfile>();
+        Assert.True(values.Length >= 6, "Should have at least 6 standard profiles");
+    }
+}
+
+/// <summary>
+/// Tests for Signature record.
+/// </summary>
+public sealed class SignatureTests
+{
+    [Fact]
+    public void Signature_RequiredProperties_MustBeSet()
+    {
+        var signatureBytes = new byte[] { 0x01, 0x02, 0x03, 0x04 };
+
+        var signature = new Signature
+        {
+            KeyId = "stella-ed25519-2024",
+            Profile = SignatureProfile.EdDsa,
+            Algorithm = "Ed25519",
+            SignatureBytes = signatureBytes
+        };
+
+        Assert.Equal("stella-ed25519-2024", signature.KeyId);
+        Assert.Equal(SignatureProfile.EdDsa, signature.Profile);
+        Assert.Equal("Ed25519", signature.Algorithm);
+        Assert.Equal(signatureBytes, signature.SignatureBytes);
+    }
+
+    [Fact]
+    public void Signature_WithTimestamp_ContainsValue()
+    {
+        var signedAt = DateTimeOffset.UtcNow;
+
+        var signature = new Signature
+        {
+            KeyId = "key-001",
+            Profile = SignatureProfile.EcdsaP256,
+            Algorithm = "ES256",
+            SignatureBytes = new byte[64],
+            SignedAt = signedAt
+        };
+
+        Assert.Equal(signedAt, signature.SignedAt);
+    }
+
+    [Fact]
+    public void Signature_WithCertificateChain_ContainsValue()
+    {
+        var certChain = new byte[] { 0x30, 0x82, 0x01, 0x00 }; // Mock DER cert header
+
+        var signature = new Signature
+        {
+            KeyId = "eidas-key",
+            Profile = SignatureProfile.Eidas,
+            Algorithm = "RS256",
+            SignatureBytes = new byte[256],
+            CertificateChain = certChain
+        };
+
+        Assert.NotNull(signature.CertificateChain);
+        Assert.Equal(certChain, signature.CertificateChain);
+    }
+
+    [Fact]
+    public void Signature_WithTimestampToken_ContainsValue()
+    {
+        var timestampToken = new byte[] { 0x30, 0x82, 0x02, 0x00 }; // Mock RFC 3161 token
+
+        var signature = new Signature
+        {
+            KeyId = "tsa-key",
+            Profile = SignatureProfile.RsaPss,
+            Algorithm = "PS256",
+            SignatureBytes = new byte[256],
+            TimestampToken = timestampToken
+        };
+
+        Assert.NotNull(signature.TimestampToken);
+    }
+
+    [Fact]
+    public void Signature_WithPublicKey_ContainsValue()
+    {
+        var publicKey = new byte[32]; // Ed25519 public key size
+
+        var signature = new Signature
+        {
+            KeyId = "ephemeral-ed25519",
+            Profile = SignatureProfile.EdDsa,
+            Algorithm = "Ed25519",
+            SignatureBytes = new byte[64],
+            PublicKey = publicKey
+        };
+
+        Assert.NotNull(signature.PublicKey);
+        Assert.Equal(32, signature.PublicKey.Length);
+    }
+
+    [Fact]
+    public void Signature_OptionalProperties_AreNullByDefault()
+    {
+        var signature = new Signature
+        {
+            KeyId = "key",
+            Profile = SignatureProfile.EdDsa,
+            Algorithm = "Ed25519",
+            SignatureBytes = new byte[64]
+        };
+
+        Assert.Null(signature.CertificateChain);
+        Assert.Null(signature.TimestampToken);
+        Assert.Null(signature.PublicKey);
+    }
+}
+
+/// <summary>
+/// Tests for SignatureResult record.
+/// </summary>
+public sealed class SignatureResultTests
+{
+    [Fact]
+    public void SignatureResult_RequiredProperties_MustBeSet()
+    {
+        var signedAt = DateTimeOffset.UtcNow;
+
+        var result = new SignatureResult
+        {
+            KeyId = "stella-ed25519-2024",
+            Profile = SignatureProfile.EdDsa,
+            Algorithm = "Ed25519",
+            Signature = new byte[64],
+            SignedAt = signedAt
+        };
+
+        Assert.Equal("stella-ed25519-2024", result.KeyId);
+        Assert.Equal(SignatureProfile.EdDsa, result.Profile);
+        Assert.Equal("Ed25519", result.Algorithm);
+        Assert.Equal(signedAt, result.SignedAt);
+    }
+
+    [Fact]
+    public void SignatureResult_WithMetadata_ContainsValues()
+    {
+        var metadata = new Dictionary<string, object>
+        {
+            ["kms_request_id"] = "req-12345",
+            ["certificate_serial"] = "ABC123"
+        };
+
+        var result = new SignatureResult
+        {
+            KeyId = "kms-key",
+            Profile = SignatureProfile.RsaPss,
+            Algorithm = "PS256",
+            Signature = new byte[256],
+            SignedAt = DateTimeOffset.UtcNow,
+            Metadata = metadata
+        };
+
+        Assert.NotNull(result.Metadata);
+        Assert.Equal("req-12345", result.Metadata["kms_request_id"]);
+    }
+
+    [Theory]
+    [InlineData("Ed25519", SignatureProfile.EdDsa)]
+    [InlineData("ES256", SignatureProfile.EcdsaP256)]
+    [InlineData("PS256", SignatureProfile.RsaPss)]
+    [InlineData("GOST3410-2012-256", SignatureProfile.Gost2012)]
+    [InlineData("SM2DSA", SignatureProfile.SM2)]
+    public void SignatureResult_ProfileAlgorithmPairs_AreValid(string algorithm, SignatureProfile profile)
+    {
+        var result = new SignatureResult
+        {
+            KeyId = $"key-{profile}",
+            Profile = profile,
+            Algorithm = algorithm,
+            Signature = new byte[64],
+            SignedAt = DateTimeOffset.UtcNow
+        };
+
+        Assert.Equal(algorithm, result.Algorithm);
+        Assert.Equal(profile, result.Profile);
+    }
+}
+
+/// <summary>
+/// Tests for VerificationResult record.
+/// </summary>
+public sealed class VerificationResultTests
+{
+    [Fact]
+    public void VerificationResult_Valid_HasNoFailureReason()
+    {
+        var result = new VerificationResult
+        {
+            IsValid = true,
+            Profile = SignatureProfile.EdDsa,
+            Algorithm = "Ed25519",
+            KeyId = "key-001"
+        };
+
+        Assert.True(result.IsValid);
+        Assert.Null(result.FailureReason);
+    }
+
+    [Fact]
+    public void VerificationResult_Invalid_HasFailureReason()
+    {
+        var result = new VerificationResult
+        {
+            IsValid = false,
+            Profile = SignatureProfile.EdDsa,
+            Algorithm = "Ed25519",
+            KeyId = "key-001",
+            FailureReason = "Signature mismatch"
+        };
+
+        Assert.False(result.IsValid);
+        Assert.Equal("Signature mismatch", result.FailureReason);
+    }
+
+    [Fact]
+    public void VerificationResult_WithCertificateValidation_ContainsValue()
+    {
+        var certValidation = new CertificateValidationResult
+        {
+            IsValid = true,
+            ValidFrom = DateTimeOffset.UtcNow.AddYears(-1),
+            ValidTo = DateTimeOffset.UtcNow.AddYears(1),
+            CertificateThumbprints = new[] { "ABC123", "DEF456" }
+        };
+
+        var result = new VerificationResult
+        {
+            IsValid = true,
+            Profile = SignatureProfile.Eidas,
+            Algorithm = "RS256",
+            KeyId = "eidas-key",
+            CertificateValidation = certValidation
+        };
+
+        Assert.NotNull(result.CertificateValidation);
+        Assert.True(result.CertificateValidation.IsValid);
+        Assert.Equal(2, result.CertificateValidation.CertificateThumbprints!.Count);
+    }
+}
+
+/// <summary>
+/// Tests for CertificateValidationResult record.
+/// </summary>
+public sealed class CertificateValidationResultTests
+{
+    [Fact]
+    public void CertificateValidationResult_Valid_HasValidityPeriod()
+    {
+        var validFrom = DateTimeOffset.UtcNow.AddYears(-1);
+        var validTo = DateTimeOffset.UtcNow.AddYears(2);
+
+        var result = new CertificateValidationResult
+        {
+            IsValid = true,
+            ValidFrom = validFrom,
+            ValidTo = validTo
+        };
+
+        Assert.True(result.IsValid);
+        Assert.Equal(validFrom, result.ValidFrom);
+        Assert.Equal(validTo, result.ValidTo);
+    }
+
+    [Fact]
+    public void CertificateValidationResult_Invalid_HasFailureReason()
+    {
+        var result = new CertificateValidationResult
+        {
+            IsValid = false,
+            FailureReason = "Certificate expired"
+        };
+
+        Assert.False(result.IsValid);
+        Assert.Equal("Certificate expired", result.FailureReason);
+    }
+}
--- a/src/Cryptography/__Tests/StellaOps.Cryptography.Tests/StellaOps.Cryptography.Tests.csproj
+++ b/src/Cryptography/__Tests/StellaOps.Cryptography.Tests/StellaOps.Cryptography.Tests.csproj
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <LangVersion>preview</LangVersion>
+    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
+    <IsPackable>false</IsPackable>
+    <OutputType>Exe</OutputType>
+    <UseXunitV3>true</UseXunitV3>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Using Include="Xunit" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Moq" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\StellaOps.Cryptography\StellaOps.Cryptography.csproj" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <Content Include="xunit.runner.json" CopyToOutputDirectory="PreserveNewest" />
+  </ItemGroup>
+</Project>
--- a/src/Cryptography/__Tests/StellaOps.Cryptography.Tests/xunit.runner.json
+++ b/src/Cryptography/__Tests/StellaOps.Cryptography.Tests/xunit.runner.json
@@ -0,0 +1,7 @@
+{
+  "$schema": "https://xunit.net/schema/current/xunit.runner.schema.json",
+  "diagnosticMessages": true,
+  "parallelizeAssembly": true,
+  "parallelizeTestCollections": true,
+  "maxParallelThreads": -1
+}