//
// Copyright (c) StellaOps. Licensed under the BUSL-1.1.
//
using StellaOps.Evidence.Pack.Models;
namespace StellaOps.Evidence.Pack;
///
/// Signs and verifies evidence packs using DSSE.
/// Sprint: SPRINT_20260109_011_005 Task: EVPK-003
///
public interface IEvidencePackSigner
{
///
/// Signs an evidence pack and creates a DSSE envelope.
///
/// The evidence pack to sign.
/// Cancellation token.
/// The DSSE envelope containing the signature.
Task SignAsync(
EvidencePack pack,
CancellationToken cancellationToken);
///
/// Verifies a DSSE envelope signature.
///
/// The envelope to verify.
/// Cancellation token.
/// The verification result.
Task VerifyAsync(
DsseEnvelope envelope,
CancellationToken cancellationToken);
}
///
/// Result of verifying a signature.
///
public sealed record SignatureVerificationResult
{
/// Gets whether the signature is valid.
public required bool Valid { get; init; }
/// Gets the signing key identifier.
public string? KeyId { get; init; }
/// Gets the verification timestamp.
public required DateTimeOffset VerifiedAt { get; init; }
/// Gets the failure reason if invalid.
public string? FailureReason { get; init; }
///
/// Creates a successful verification result.
///
public static SignatureVerificationResult Success(string keyId, DateTimeOffset verifiedAt) => new()
{
Valid = true,
KeyId = keyId,
VerifiedAt = verifiedAt
};
///
/// Creates a failed verification result.
///
public static SignatureVerificationResult Failure(string reason, DateTimeOffset verifiedAt) => new()
{
Valid = false,
VerifiedAt = verifiedAt,
FailureReason = reason
};
}