using System;
using System.Collections.Generic;
using System.Text.Json.Serialization;
namespace StellaOps.Provcache;
///
/// DSSE signature envelope for bundle integrity.
///
public sealed record BundleSignature
{
///
/// Signature algorithm (e.g., "ES256", "RS256", "Ed25519").
///
[JsonPropertyName("algorithm")]
public required string Algorithm { get; init; }
///
/// Key identifier used for signing.
///
[JsonPropertyName("keyId")]
public required string KeyId { get; init; }
///
/// Base64-encoded signature bytes.
///
[JsonPropertyName("signature")]
public required string SignatureBytes { get; init; }
///
/// UTC timestamp when bundle was signed.
///
[JsonPropertyName("signedAt")]
public required DateTimeOffset SignedAt { get; init; }
///
/// Optional certificate chain for verification.
///
[JsonPropertyName("certificateChain")]
public IReadOnlyList? CertificateChain { get; init; }
}