notify doctors work, audit work, new product advisory sprints
This commit is contained in:
master
@@ -18,6 +18,7 @@
|
||||
<ProjectReference Include="..\..\__Libraries\StellaOps.Scanner.Reachability\StellaOps.Scanner.Reachability.csproj" />
|
||||
<ProjectReference Include="..\..\__Libraries\StellaOps.Scanner.Cache\StellaOps.Scanner.Cache.csproj" />
|
||||
<ProjectReference Include="../../../__Libraries/StellaOps.TestKit/StellaOps.TestKit.csproj" />
|
||||
<ProjectReference Include="../../../__Libraries/StellaOps.Canonical.Json/StellaOps.Canonical.Json.csproj" />
|
||||
<ProjectReference Include="../../../BinaryIndex/__Libraries/StellaOps.BinaryIndex.Decompiler/StellaOps.BinaryIndex.Decompiler.csproj" />
|
||||
<ProjectReference Include="../../../BinaryIndex/__Libraries/StellaOps.BinaryIndex.Ghidra/StellaOps.BinaryIndex.Ghidra.csproj" />
|
||||
</ItemGroup>
|
||||
|
||||
@@ -1,7 +1,11 @@
|
||||
using System.Text.Encodings.Web;
|
||||
using System.Text.Json;
|
||||
using System.Text.Json.Serialization;
|
||||
using Org.BouncyCastle.Crypto.Generators;
|
||||
using Org.BouncyCastle.Crypto.Parameters;
|
||||
using Org.BouncyCastle.Security;
|
||||
using StellaOps.Attestor.Envelope;
|
||||
using StellaOps.Canonical.Json;
|
||||
using StellaOps.Scanner.Reachability.Witnesses;
|
||||
using Xunit;
|
||||
|
||||
@@ -137,6 +141,49 @@ public class WitnessDsseSignerTests
|
||||
Assert.Equal(result1.PayloadBytes, result2.PayloadBytes);
|
||||
}
|
||||
|
||||
[Trait("Category", TestCategories.Unit)]
|
||||
[Fact]
|
||||
public void SignWitness_UsesCanonicalPayloadAndDssePae()
|
||||
{
|
||||
// Arrange
|
||||
var witness = CreateTestWitness();
|
||||
var (privateKey, publicKey) = CreateTestKeyPair();
|
||||
var signingKey = EnvelopeKey.CreateEd25519Signer(privateKey, publicKey);
|
||||
var signer = new WitnessDsseSigner(new EnvelopeSignatureService());
|
||||
|
||||
var options = new JsonSerializerOptions
|
||||
{
|
||||
PropertyNamingPolicy = JsonNamingPolicy.SnakeCaseLower,
|
||||
WriteIndented = false,
|
||||
DefaultIgnoreCondition = JsonIgnoreCondition.WhenWritingNull,
|
||||
Encoder = JavaScriptEncoder.Default
|
||||
};
|
||||
|
||||
// Act
|
||||
var signResult = signer.SignWitness(witness, signingKey, TestCancellationToken);
|
||||
|
||||
// Assert
|
||||
Assert.True(signResult.IsSuccess, signResult.Error);
|
||||
Assert.NotNull(signResult.Envelope);
|
||||
Assert.NotNull(signResult.PayloadBytes);
|
||||
|
||||
var payloadBytes = signResult.PayloadBytes!;
|
||||
var expectedPayload = CanonJson.Canonicalize(witness, options);
|
||||
Assert.Equal(expectedPayload, payloadBytes);
|
||||
|
||||
var verifyKey = EnvelopeKey.CreateEd25519Verifier(publicKey);
|
||||
var signatureBytes = Convert.FromBase64String(signResult.Envelope!.Signatures[0].Signature);
|
||||
var envelopeSignature = new EnvelopeSignature(signingKey.KeyId, signingKey.AlgorithmId, signatureBytes);
|
||||
var verifyResult = new EnvelopeSignatureService().VerifyDsse(
|
||||
WitnessSchema.DssePayloadType,
|
||||
payloadBytes,
|
||||
envelopeSignature,
|
||||
verifyKey,
|
||||
TestCancellationToken);
|
||||
|
||||
Assert.True(verifyResult.IsSuccess);
|
||||
}
|
||||
|
||||
[Trait("Category", TestCategories.Unit)]
|
||||
[Fact]
|
||||
public void VerifyWitness_WithInvalidPayloadType_ReturnsFails()
|
||||
|
||||
@@ -1,7 +1,11 @@
|
||||
using System.Text.Encodings.Web;
|
||||
using System.Text.Json;
|
||||
using System.Text.Json.Serialization;
|
||||
using Org.BouncyCastle.Crypto.Generators;
|
||||
using Org.BouncyCastle.Crypto.Parameters;
|
||||
using Org.BouncyCastle.Security;
|
||||
using StellaOps.Attestor.Envelope;
|
||||
using StellaOps.Canonical.Json;
|
||||
using StellaOps.Scanner.Reachability.Witnesses;
|
||||
using StellaOps.TestKit;
|
||||
using Xunit;
|
||||
@@ -286,6 +290,49 @@ public sealed class SuppressionDsseSignerTests
|
||||
verifyResult.Witness.Evidence.Unreachability?.UnreachableSymbol);
|
||||
}
|
||||
|
||||
[Trait("Category", TestCategories.Unit)]
|
||||
[Fact]
|
||||
public void SignWitness_UsesCanonicalPayloadAndDssePae()
|
||||
{
|
||||
// Arrange
|
||||
var witness = CreateTestWitness();
|
||||
var (privateKey, publicKey) = CreateTestKeyPair();
|
||||
var signingKey = EnvelopeKey.CreateEd25519Signer(privateKey, publicKey);
|
||||
var signer = new SuppressionDsseSigner(new EnvelopeSignatureService());
|
||||
|
||||
var options = new JsonSerializerOptions
|
||||
{
|
||||
PropertyNamingPolicy = JsonNamingPolicy.SnakeCaseLower,
|
||||
WriteIndented = false,
|
||||
DefaultIgnoreCondition = JsonIgnoreCondition.WhenWritingNull,
|
||||
Encoder = JavaScriptEncoder.Default
|
||||
};
|
||||
|
||||
// Act
|
||||
var signResult = signer.SignWitness(witness, signingKey, TestCancellationToken);
|
||||
|
||||
// Assert
|
||||
Assert.True(signResult.IsSuccess, signResult.Error);
|
||||
Assert.NotNull(signResult.Envelope);
|
||||
Assert.NotNull(signResult.PayloadBytes);
|
||||
|
||||
var payloadBytes = signResult.PayloadBytes!;
|
||||
var expectedPayload = CanonJson.Canonicalize(witness, options);
|
||||
Assert.Equal(expectedPayload, payloadBytes);
|
||||
|
||||
var verifyKey = EnvelopeKey.CreateEd25519Verifier(publicKey);
|
||||
var signatureBytes = Convert.FromBase64String(signResult.Envelope!.Signatures[0].Signature);
|
||||
var envelopeSignature = new EnvelopeSignature(signingKey.KeyId, signingKey.AlgorithmId, signatureBytes);
|
||||
var verifyResult = new EnvelopeSignatureService().VerifyDsse(
|
||||
SuppressionWitnessSchema.DssePayloadType,
|
||||
payloadBytes,
|
||||
envelopeSignature,
|
||||
verifyKey,
|
||||
TestCancellationToken);
|
||||
|
||||
Assert.True(verifyResult.IsSuccess);
|
||||
}
|
||||
|
||||
private sealed class FixedRandomGenerator : Org.BouncyCastle.Crypto.Prng.IRandomGenerator
|
||||
{
|
||||
private byte _value;
|
||||
|
||||
Reference in New Issue
Block a user