using StellaOps.Cryptography; using StellaOps.Cryptography.Models; using Xunit; namespace StellaOps.Cryptography.Tests; /// /// Tests for SignatureProfile enum. /// public sealed class SignatureProfileTests { [Theory] [InlineData(SignatureProfile.EdDsa)] [InlineData(SignatureProfile.EcdsaP256)] [InlineData(SignatureProfile.RsaPss)] [InlineData(SignatureProfile.Gost2012)] [InlineData(SignatureProfile.SM2)] [InlineData(SignatureProfile.Eidas)] public void SignatureProfile_AllStandardValues_AreValid(SignatureProfile profile) { Assert.True(Enum.IsDefined(profile)); } [Fact] public void SignatureProfile_EdDsa_IsDefault() { // EdDsa should be 0 - the default/baseline profile Assert.Equal(0, (int)SignatureProfile.EdDsa); } [Fact] public void SignatureProfile_AllValues_AreCounted() { var values = Enum.GetValues(); Assert.True(values.Length >= 6, "Should have at least 6 standard profiles"); } } /// /// Tests for Signature record. /// public sealed class SignatureTests { [Fact] public void Signature_RequiredProperties_MustBeSet() { var signatureBytes = new byte[] { 0x01, 0x02, 0x03, 0x04 }; var signature = new Signature { KeyId = "stella-ed25519-2024", Profile = SignatureProfile.EdDsa, Algorithm = "Ed25519", SignatureBytes = signatureBytes }; Assert.Equal("stella-ed25519-2024", signature.KeyId); Assert.Equal(SignatureProfile.EdDsa, signature.Profile); Assert.Equal("Ed25519", signature.Algorithm); Assert.Equal(signatureBytes, signature.SignatureBytes); } [Fact] public void Signature_WithTimestamp_ContainsValue() { var signedAt = DateTimeOffset.UtcNow; var signature = new Signature { KeyId = "key-001", Profile = SignatureProfile.EcdsaP256, Algorithm = "ES256", SignatureBytes = new byte[64], SignedAt = signedAt }; Assert.Equal(signedAt, signature.SignedAt); } [Fact] public void Signature_WithCertificateChain_ContainsValue() { var certChain = new byte[] { 0x30, 0x82, 0x01, 0x00 }; // Mock DER cert header var signature = new Signature { KeyId = "eidas-key", Profile = SignatureProfile.Eidas, Algorithm = "RS256", SignatureBytes = new byte[256], CertificateChain = certChain }; Assert.NotNull(signature.CertificateChain); Assert.Equal(certChain, signature.CertificateChain); } [Fact] public void Signature_WithTimestampToken_ContainsValue() { var timestampToken = new byte[] { 0x30, 0x82, 0x02, 0x00 }; // Mock RFC 3161 token var signature = new Signature { KeyId = "tsa-key", Profile = SignatureProfile.RsaPss, Algorithm = "PS256", SignatureBytes = new byte[256], TimestampToken = timestampToken }; Assert.NotNull(signature.TimestampToken); } [Fact] public void Signature_WithPublicKey_ContainsValue() { var publicKey = new byte[32]; // Ed25519 public key size var signature = new Signature { KeyId = "ephemeral-ed25519", Profile = SignatureProfile.EdDsa, Algorithm = "Ed25519", SignatureBytes = new byte[64], PublicKey = publicKey }; Assert.NotNull(signature.PublicKey); Assert.Equal(32, signature.PublicKey.Length); } [Fact] public void Signature_OptionalProperties_AreNullByDefault() { var signature = new Signature { KeyId = "key", Profile = SignatureProfile.EdDsa, Algorithm = "Ed25519", SignatureBytes = new byte[64] }; Assert.Null(signature.CertificateChain); Assert.Null(signature.TimestampToken); Assert.Null(signature.PublicKey); } } /// /// Tests for SignatureResult record. /// public sealed class SignatureResultTests { [Fact] public void SignatureResult_RequiredProperties_MustBeSet() { var signedAt = DateTimeOffset.UtcNow; var result = new SignatureResult { KeyId = "stella-ed25519-2024", Profile = SignatureProfile.EdDsa, Algorithm = "Ed25519", Signature = new byte[64], SignedAt = signedAt }; Assert.Equal("stella-ed25519-2024", result.KeyId); Assert.Equal(SignatureProfile.EdDsa, result.Profile); Assert.Equal("Ed25519", result.Algorithm); Assert.Equal(signedAt, result.SignedAt); } [Fact] public void SignatureResult_WithMetadata_ContainsValues() { var metadata = new Dictionary { ["kms_request_id"] = "req-12345", ["certificate_serial"] = "ABC123" }; var result = new SignatureResult { KeyId = "kms-key", Profile = SignatureProfile.RsaPss, Algorithm = "PS256", Signature = new byte[256], SignedAt = DateTimeOffset.UtcNow, Metadata = metadata }; Assert.NotNull(result.Metadata); Assert.Equal("req-12345", result.Metadata["kms_request_id"]); } [Theory] [InlineData("Ed25519", SignatureProfile.EdDsa)] [InlineData("ES256", SignatureProfile.EcdsaP256)] [InlineData("PS256", SignatureProfile.RsaPss)] [InlineData("GOST3410-2012-256", SignatureProfile.Gost2012)] [InlineData("SM2DSA", SignatureProfile.SM2)] public void SignatureResult_ProfileAlgorithmPairs_AreValid(string algorithm, SignatureProfile profile) { var result = new SignatureResult { KeyId = $"key-{profile}", Profile = profile, Algorithm = algorithm, Signature = new byte[64], SignedAt = DateTimeOffset.UtcNow }; Assert.Equal(algorithm, result.Algorithm); Assert.Equal(profile, result.Profile); } } /// /// Tests for VerificationResult record. /// public sealed class VerificationResultTests { [Fact] public void VerificationResult_Valid_HasNoFailureReason() { var result = new VerificationResult { IsValid = true, Profile = SignatureProfile.EdDsa, Algorithm = "Ed25519", KeyId = "key-001" }; Assert.True(result.IsValid); Assert.Null(result.FailureReason); } [Fact] public void VerificationResult_Invalid_HasFailureReason() { var result = new VerificationResult { IsValid = false, Profile = SignatureProfile.EdDsa, Algorithm = "Ed25519", KeyId = "key-001", FailureReason = "Signature mismatch" }; Assert.False(result.IsValid); Assert.Equal("Signature mismatch", result.FailureReason); } [Fact] public void VerificationResult_WithCertificateValidation_ContainsValue() { var certValidation = new CertificateValidationResult { IsValid = true, ValidFrom = DateTimeOffset.UtcNow.AddYears(-1), ValidTo = DateTimeOffset.UtcNow.AddYears(1), CertificateThumbprints = new[] { "ABC123", "DEF456" } }; var result = new VerificationResult { IsValid = true, Profile = SignatureProfile.Eidas, Algorithm = "RS256", KeyId = "eidas-key", CertificateValidation = certValidation }; Assert.NotNull(result.CertificateValidation); Assert.True(result.CertificateValidation.IsValid); Assert.Equal(2, result.CertificateValidation.CertificateThumbprints!.Count); } } /// /// Tests for CertificateValidationResult record. /// public sealed class CertificateValidationResultTests { [Fact] public void CertificateValidationResult_Valid_HasValidityPeriod() { var validFrom = DateTimeOffset.UtcNow.AddYears(-1); var validTo = DateTimeOffset.UtcNow.AddYears(2); var result = new CertificateValidationResult { IsValid = true, ValidFrom = validFrom, ValidTo = validTo }; Assert.True(result.IsValid); Assert.Equal(validFrom, result.ValidFrom); Assert.Equal(validTo, result.ValidTo); } [Fact] public void CertificateValidationResult_Invalid_HasFailureReason() { var result = new CertificateValidationResult { IsValid = false, FailureReason = "Certificate expired" }; Assert.False(result.IsValid); Assert.Equal("Certificate expired", result.FailureReason); } }