using System; using System.Text; using System.Text.Json; using System.Threading.Tasks; using FluentAssertions; using StellaOps.Attestation; using StellaOps.Attestor.Envelope; using Xunit; using StellaOps.TestKit; public class DsseHelperTests { private sealed class FakeSigner : IAuthoritySigner { public Task GetKeyIdAsync(System.Threading.CancellationToken cancellationToken = default) => Task.FromResult("fake-key"); public Task SignAsync(ReadOnlyMemory paePayload, System.Threading.CancellationToken cancellationToken = default) => Task.FromResult(Convert.FromHexString("deadbeef")); } [Trait("Category", TestCategories.Unit)] [Fact] public async Task WrapAsync_ProducesDsseEnvelope() { var stmt = new InTotoStatement( Type: "https://in-toto.io/Statement/v1", Subject: new[] { new Subject("demo", new System.Collections.Generic.Dictionary { { "sha256", "abcd" } }) }, PredicateType: "demo/predicate", Predicate: new { hello = "world" }); var envelope = await DsseHelper.WrapAsync(stmt, new FakeSigner()); envelope.PayloadType.Should().Be("https://in-toto.io/Statement/v1"); var roundtrip = JsonSerializer.Deserialize(envelope.Payload.Span); roundtrip!.PredicateType.Should().Be("demo/predicate"); envelope.Signatures.Should().ContainSingle(); envelope.Signatures[0].KeyId.Should().Be("fake-key"); envelope.Signatures[0].Signature.Should().Be(Convert.ToBase64String(Convert.FromHexString("deadbeef"))); } [Trait("Category", TestCategories.Unit)] [Fact] public void PreAuthenticationEncoding_FollowsDsseSpec() { var payloadType = "example/type"; var payload = Encoding.UTF8.GetBytes("{}"); var pae = DsseHelper.PreAuthenticationEncoding(payloadType, payload); // Verify PAE contains expected components (payload type and payload) var paeString = Encoding.UTF8.GetString(pae); paeString.Should().Contain(payloadType); paeString.Should().Contain("{}"); } }