Restructure solution layout by module

src/Signer/StellaOps.Signer/StellaOps.Signer.Tests/SignerEndpointsTests.cs

@@ -0,0 +1,127 @@
+using System.Collections.Generic;
+using System.Net;
+using System.Net.Http;
+using System.Net.Http.Headers;
+using System.Net.Http.Json;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Testing;
+using StellaOps.Signer.WebService.Contracts;
+using Xunit;
+
+namespace StellaOps.Signer.Tests;
+
+public sealed class SignerEndpointsTests : IClassFixture<WebApplicationFactory<Program>>
+{
+    private readonly WebApplicationFactory<Program> _factory;
+    private const string TrustedDigest = "sha256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef";
+
+    public SignerEndpointsTests(WebApplicationFactory<Program> factory)
+    {
+        _factory = factory;
+    }
+
+    [Fact]
+    public async Task SignDsse_ReturnsBundle_WhenRequestValid()
+    {
+        var client = CreateClient();
+        var request = new HttpRequestMessage(HttpMethod.Post, "/api/v1/signer/sign/dsse")
+        {
+            Content = JsonContent.Create(new
+            {
+                subject = new[]
+                {
+                    new
+                    {
+                        name = "pkg:npm/example",
+                        digest = new Dictionary<string, string> { ["sha256"] = "4d5f" },
+                    },
+                },
+                predicateType = "https://in-toto.io/Statement/v0.1",
+                predicate = new { result = "pass" },
+                scannerImageDigest = TrustedDigest,
+                poe = new { format = "jwt", value = "valid-poe" },
+                options = new { signingMode = "kms", expirySeconds = 600, returnBundle = "dsse+cert" },
+            })
+        };
+
+        request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", "stub-token");
+        request.Headers.Add("DPoP", "stub-proof");
+
+        var response = await client.SendAsync(request);
+        var responseBody = await response.Content.ReadAsStringAsync();
+        Assert.True(response.IsSuccessStatusCode, $"Expected success but got {(int)response.StatusCode}: {responseBody}");
+
+        var body = await response.Content.ReadFromJsonAsync<SignDsseResponseDto>();
+        Assert.NotNull(body);
+        Assert.Equal("stub-subject", body!.Bundle.SigningIdentity.Subject);
+        Assert.Equal("stub-subject", body.Bundle.SigningIdentity.Issuer);
+    }
+
+    [Fact]
+    public async Task SignDsse_ReturnsForbidden_WhenDigestUntrusted()
+    {
+        var client = CreateClient();
+        var request = new HttpRequestMessage(HttpMethod.Post, "/api/v1/signer/sign/dsse")
+        {
+            Content = JsonContent.Create(new
+            {
+                subject = new[]
+                {
+                    new
+                    {
+                        name = "pkg:npm/example",
+                        digest = new Dictionary<string, string> { ["sha256"] = "4d5f" },
+                    },
+                },
+                predicateType = "https://in-toto.io/Statement/v0.1",
+                predicate = new { result = "pass" },
+                scannerImageDigest = "sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+                poe = new { format = "jwt", value = "valid-poe" },
+                options = new { signingMode = "kms", expirySeconds = 600, returnBundle = "dsse+cert" },
+            })
+        };
+        request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", "stub-token");
+        request.Headers.Add("DPoP", "stub-proof");
+
+        var response = await client.SendAsync(request);
+        var problemJson = await response.Content.ReadAsStringAsync();
+        Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
+
+        var problem = System.Text.Json.JsonSerializer.Deserialize<ProblemDetails>(problemJson, new System.Text.Json.JsonSerializerOptions
+        {
+            PropertyNameCaseInsensitive = true,
+        });
+        Assert.NotNull(problem);
+        Assert.Equal("release_untrusted", problem!.Type);
+    }
+
+    [Fact]
+    public async Task VerifyReferrers_ReturnsTrustedResult_WhenDigestIsKnown()
+    {
+        var client = CreateClient();
+        var request = new HttpRequestMessage(HttpMethod.Get, $"/api/v1/signer/verify/referrers?digest={TrustedDigest}");
+        request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", "stub-token");
+
+        var response = await client.SendAsync(request);
+        var responseBody = await response.Content.ReadAsStringAsync();
+        Assert.True(response.IsSuccessStatusCode, $"Expected success but got {(int)response.StatusCode}: {responseBody}");
+
+        var body = await response.Content.ReadFromJsonAsync<VerifyReferrersResponseDto>();
+        Assert.NotNull(body);
+        Assert.True(body!.Trusted);
+    }
+
+    [Fact]
+    public async Task VerifyReferrers_ReturnsProblem_WhenDigestMissing()
+    {
+        var client = CreateClient();
+        var request = new HttpRequestMessage(HttpMethod.Get, "/api/v1/signer/verify/referrers");
+        request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", "stub-token");
+
+        var response = await client.SendAsync(request);
+        Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
+    }
+
+    private HttpClient CreateClient() => _factory.CreateClient();
+}

src/Signer/StellaOps.Signer/StellaOps.Signer.Tests/StellaOps.Signer.Tests.csproj

@@ -0,0 +1,27 @@
+<?xml version='1.0' encoding='utf-8'?>
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <LangVersion>preview</LangVersion>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
+    <UseConcelierTestInfra>false</UseConcelierTestInfra>
+  </PropertyGroup>
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="10.0.0-rc.2.25502.107" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.14.0" />
+    <PackageReference Include="Mongo2Go" Version="3.1.3" />
+    <PackageReference Include="xunit" Version="2.9.2" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.8.2" />
+    <PackageReference Include="coverlet.collector" Version="6.0.4" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\StellaOps.Signer.WebService\StellaOps.Signer.WebService.csproj" />
+    <ProjectReference Include="..\StellaOps.Signer.Infrastructure\StellaOps.Signer.Infrastructure.csproj" />
+    <ProjectReference Include="..\StellaOps.Signer.Core\StellaOps.Signer.Core.csproj" />
+    <ProjectReference Include="../../../__Libraries/StellaOps.Configuration/StellaOps.Configuration.csproj" />
+    <ProjectReference Include="../../../__Libraries/StellaOps.DependencyInjection/StellaOps.DependencyInjection.csproj" />
+    <ProjectReference Include="../../../__Libraries/StellaOps.Cryptography/StellaOps.Cryptography.csproj" />
+  </ItemGroup>
+</Project>