stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Refactor code structure and optimize performance across multiple modules

Browse Source
This commit is contained in:
StellaOps Bot
2025-12-26 20:03:22 +02:00
parent c786faae84
commit f10d83c444
1385 changed files with 69732 additions and 10280 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
src/Attestor/StellaOps.Attestor.Envelope/StellaOps.Attestor.Envelope.Tests/DsseCosignCompatibilityTests.cs
View File

@@ -31,7 +31,8 @@ public sealed class DsseCosignCompatibilityTests : IDisposable
// DSSE-8200-013: Cosign-compatible envelope structure tests
// ==========================================================================
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void EnvelopeStructure_HasRequiredFields_ForCosignVerification()
{
// Arrange
@@ -45,7 +46,8 @@ public sealed class DsseCosignCompatibilityTests : IDisposable
Assert.True(result.IsValid, $"Structure validation failed: {string.Join(", ", result.Errors)}");
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void EnvelopePayload_IsBase64Encoded_InSerializedForm()
{
// Arrange
@@ -70,7 +72,8 @@ public sealed class DsseCosignCompatibilityTests : IDisposable
Assert.Equal(payload, decoded);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void EnvelopeSignature_IsBase64Encoded_InSerializedForm()
{
// Arrange
@@ -99,7 +102,8 @@ public sealed class DsseCosignCompatibilityTests : IDisposable
Assert.True(sigBytes.Length > 0);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void EnvelopePayloadType_IsCorrectMimeType_ForInToto()
{
// Arrange
@@ -112,7 +116,8 @@ public sealed class DsseCosignCompatibilityTests : IDisposable
Assert.Equal("application/vnd.in-toto+json", envelope.PayloadType);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void EnvelopeSerialization_ProducesValidJson_WithoutWhitespace()
{
// Arrange
@@ -136,7 +141,8 @@ public sealed class DsseCosignCompatibilityTests : IDisposable
// DSSE-8200-014: Fulcio certificate chain tests
// ==========================================================================
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void FulcioCertificate_HasCodeSigningEku()
{
// Arrange & Act
@@ -161,7 +167,8 @@ public sealed class DsseCosignCompatibilityTests : IDisposable
Assert.True(hasCodeSigning, "Certificate should have Code Signing EKU");
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void FulcioCertificate_HasDigitalSignatureKeyUsage()
{
// Arrange & Act
@@ -173,7 +180,8 @@ public sealed class DsseCosignCompatibilityTests : IDisposable
Assert.True(keyUsage.KeyUsages.HasFlag(X509KeyUsageFlags.DigitalSignature));
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void FulcioCertificate_IsShortLived()
{
// Arrange - Fulcio certs are typically valid for ~20 minutes
@@ -186,7 +194,8 @@ public sealed class DsseCosignCompatibilityTests : IDisposable
Assert.True(validity.TotalHours <= 24, $"Certificate validity ({validity.TotalHours}h) should be <= 24 hours");
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void BundleWithCertificate_HasValidPemFormat()
{
// Arrange
@@ -207,7 +216,8 @@ public sealed class DsseCosignCompatibilityTests : IDisposable
// DSSE-8200-015: Rekor transparency log offline verification tests
// ==========================================================================
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void RekorEntry_HasValidLogIndex()
{
// Arrange
@@ -221,7 +231,8 @@ public sealed class DsseCosignCompatibilityTests : IDisposable
Assert.True(rekorEntry.LogIndex >= 0);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void RekorEntry_HasValidIntegratedTime()
{
// Arrange
@@ -238,7 +249,8 @@ public sealed class DsseCosignCompatibilityTests : IDisposable
Assert.True(integratedTime >= now.AddHours(-1), "Integrated time should not be too old");
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void RekorEntry_HasValidInclusionProof()
{
// Arrange
@@ -256,7 +268,8 @@ public sealed class DsseCosignCompatibilityTests : IDisposable
Assert.NotEmpty(rekorEntry.InclusionProof.Hashes);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void RekorEntry_CanonicalizedBody_IsBase64Encoded()
{
// Arrange
@@ -276,7 +289,8 @@ public sealed class DsseCosignCompatibilityTests : IDisposable
Assert.NotNull(json);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void RekorEntry_InclusionProof_HashesAreBase64()
{
// Arrange
@@ -294,7 +308,8 @@ public sealed class DsseCosignCompatibilityTests : IDisposable
}
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void BundleWithRekor_ContainsValidTransparencyEntry()
{
// Arrange
@@ -310,7 +325,8 @@ public sealed class DsseCosignCompatibilityTests : IDisposable
Assert.True(bundle.RekorEntry.LogIndex >= 0);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void RekorEntry_CheckpointFormat_IsValid()
{
// Arrange
@@ -329,7 +345,8 @@ public sealed class DsseCosignCompatibilityTests : IDisposable
// Integration tests
// ==========================================================================
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void FullBundle_SignVerifyRoundtrip_Succeeds()
{
// Arrange
@@ -349,7 +366,8 @@ public sealed class DsseCosignCompatibilityTests : IDisposable
Assert.True(structureResult.IsValid);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void DeterministicSigning_SamePayload_ProducesConsistentEnvelope()
{
// Arrange
@@ -366,6 +384,7 @@ public sealed class DsseCosignCompatibilityTests : IDisposable
// Note: Signatures may differ if using randomized ECDSA
// (which is the default for security), so we only verify structure
Assert.Equal(envelope1.Signatures.Count, envelope2.Signatures.Count);
using StellaOps.TestKit;
}
// ==========================================================================

4
src/Attestor/StellaOps.Attestor.Envelope/StellaOps.Attestor.Envelope.Tests/DsseEnvelopeSerializerTests.cs
View File

@@ -12,7 +12,8 @@ public sealed class DsseEnvelopeSerializerTests
{
private static readonly byte[] SamplePayload = Encoding.UTF8.GetBytes("deterministic-dsse-payload");
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Serialize_ProducesDeterministicCompactJson_ForSignaturePermutations()
{
var signatures = new[]
@@ -44,6 +45,7 @@ public sealed class DsseEnvelopeSerializerTests
"payload hash must reflect the raw payload bytes");
using var document = JsonDocument.Parse(result.CompactJson!);
using StellaOps.TestKit;
var keyIds = document.RootElement
.GetProperty("signatures")
.EnumerateArray()

22
src/Attestor/StellaOps.Attestor.Envelope/StellaOps.Attestor.Envelope.Tests/EnvelopeSignatureServiceTests.cs
View File

@@ -23,7 +23,8 @@ public sealed class EnvelopeSignatureServiceTests
private readonly EnvelopeSignatureService service = new();
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void SignAndVerify_Ed25519_Succeeds()
{
var signingKey = EnvelopeKey.CreateEd25519Signer(Ed25519Seed, Ed25519Public);
@@ -44,7 +45,8 @@ public sealed class EnvelopeSignatureServiceTests
signingKey.KeyId.Should().Be(expectedKeyId);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Verify_Ed25519_InvalidSignature_ReturnsError()
{
var signingKey = EnvelopeKey.CreateEd25519Signer(Ed25519Seed, Ed25519Public);
@@ -62,7 +64,8 @@ public sealed class EnvelopeSignatureServiceTests
verifyResult.Error.Code.Should().Be(EnvelopeSignatureErrorCode.SignatureInvalid);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void SignAndVerify_EcdsaEs256_Succeeds()
{
using var ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP256);
@@ -80,7 +83,8 @@ public sealed class EnvelopeSignatureServiceTests
verifyResult.Value.Should().BeTrue();
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Sign_WithVerificationOnlyKey_ReturnsMissingPrivateKey()
{
using var ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP256);
@@ -93,7 +97,8 @@ public sealed class EnvelopeSignatureServiceTests
signResult.Error.Code.Should().Be(EnvelopeSignatureErrorCode.MissingPrivateKey);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Verify_WithMismatchedKeyId_ReturnsError()
{
var signingKey = EnvelopeKey.CreateEd25519Signer(Ed25519Seed, Ed25519Public);
@@ -107,7 +112,8 @@ public sealed class EnvelopeSignatureServiceTests
verifyResult.Error.Code.Should().Be(EnvelopeSignatureErrorCode.KeyIdMismatch);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Verify_WithInvalidSignatureLength_ReturnsFormatError()
{
var verifyKey = EnvelopeKey.CreateEd25519Verifier(Ed25519Public);
@@ -119,7 +125,8 @@ public sealed class EnvelopeSignatureServiceTests
verifyResult.Error.Code.Should().Be(EnvelopeSignatureErrorCode.InvalidSignatureFormat);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Verify_WithAlgorithmMismatch_ReturnsError()
{
using var ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP256);
@@ -140,6 +147,7 @@ public sealed class EnvelopeSignatureServiceTests
{
var jwk = $"{{\"crv\":\"Ed25519\",\"kty\":\"OKP\",\"x\":\"{ToBase64Url(publicKey)}\"}}";
using var sha = SHA256.Create();
using StellaOps.TestKit;
var digest = sha.ComputeHash(Encoding.UTF8.GetBytes(jwk));
return $"sha256:{ToBase64Url(digest)}";
}

13
src/Attestor/StellaOps.Attestor.Envelope/__Tests/StellaOps.Attestor.Envelope.Tests/DsseEnvelopeSerializerTests.cs
View File

@@ -11,7 +11,8 @@ namespace StellaOps.Attestor.Envelope.Tests;
public sealed class DsseEnvelopeSerializerTests
{
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Serialize_WithDefaultOptions_ProducesCompactAndExpandedJson()
{
var payload = Encoding.UTF8.GetBytes("{\"foo\":\"bar\"}");
@@ -46,7 +47,8 @@ public sealed class DsseEnvelopeSerializerTests
Assert.Equal("bar", preview.GetProperty("json").GetProperty("foo").GetString());
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Serialize_WithCompressionEnabled_EmbedsCompressedPayloadMetadata()
{
var payload = Encoding.UTF8.GetBytes("{\"foo\":\"bar\",\"count\":1}");
@@ -87,7 +89,8 @@ public sealed class DsseEnvelopeSerializerTests
Assert.Equal(compressedBytes.Length, result.EmbeddedPayloadLength);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Serialize_WithDetachedReference_WritesMetadata()
{
var payload = Encoding.UTF8.GetBytes("detached payload preview");
@@ -109,6 +112,7 @@ public sealed class DsseEnvelopeSerializerTests
Assert.NotNull(result.ExpandedJson);
using var expanded = JsonDocument.Parse(result.ExpandedJson!);
using StellaOps.TestKit;
var detached = expanded.RootElement.GetProperty("detachedPayload");
Assert.Equal(reference.Uri, detached.GetProperty("uri").GetString());
@@ -117,7 +121,8 @@ public sealed class DsseEnvelopeSerializerTests
Assert.Equal(reference.MediaType, detached.GetProperty("mediaType").GetString());
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Serialize_CompactOnly_SkipsExpandedPayload()
{
var payload = Encoding.UTF8.GetBytes("payload");