using StellaOps.Provenance;
using StellaOps.TestKit;
using Xunit;

namespace StellaOps.Provenance.Tests;

public sealed partial class ProvenanceJsonParserTests
{
    [Trait("Category", TestCategories.Unit)]
    [Fact]
    public void Parse_ReturnsDsseAndTrust()
    {
        var json = @"{
  ""dsse"": {
    ""envelopeDigest"": ""sha256:deadbeef"",
    ""payloadType"": ""application/vnd.in-toto+json"",
    ""key"": { ""keyId"": ""cosign:SHA256-PKIX:TEST"", ""issuer"": ""fulcio"", ""algo"": ""ECDSA"" },
    ""rekor"": { ""logIndex"": 12, ""uuid"": ""rekor-1"", ""integratedTime"": 1234, ""mirrorSeq"": 5 },
    ""chain"": [ { ""type"": ""build"", ""id"": ""att:build#1"", ""digest"": ""sha256:chain"" } ]
  },
  ""trust"": { ""verified"": true, ""verifier"": ""Authority@stella"", ""witnesses"": 2, ""policyScore"": 0.75 }
}";

        var result = ProvenanceJsonParser.Parse(json);

        Assert.Equal("sha256:deadbeef", result.Dsse.EnvelopeDigest);
        Assert.Equal("application/vnd.in-toto+json", result.Dsse.PayloadType);
        Assert.Equal("cosign:SHA256-PKIX:TEST", result.Dsse.Key.KeyId);
        Assert.Equal(12, result.Dsse.Rekor?.LogIndex);
        Assert.Equal("rekor-1", result.Dsse.Rekor?.Uuid);
        Assert.NotNull(result.Dsse.Chain);
        var link = Assert.Single(result.Dsse.Chain);
        Assert.Equal("build", link.Type);
        Assert.True(result.Trust.Verified);
        Assert.Equal("Authority@stella", result.Trust.Verifier);
        Assert.Equal(2, result.Trust.Witnesses);
        Assert.Equal(0.75, result.Trust.PolicyScore);
    }
}