using StellaOps.Provenance;
using StellaOps.TestKit;
using Xunit;

namespace StellaOps.Provenance.Tests;

public sealed partial class ProvenanceExtensionsTests
{
    [Trait("Category", TestCategories.Unit)]
    [Fact]
    public void AttachDsseProvenance_SkipsOptionalFields_WhenMissing()
    {
        var document = new DocumentObject
        {
            { "kind", "SBOM" }
        };

        var dsse = new DsseProvenance
        {
            EnvelopeDigest = "sha256:optional",
            PayloadType = "application/vnd.in-toto+json",
            Key = new DsseKeyInfo
            {
                KeyId = "cosign:SHA256-PKIX:TEST"
            },
            Rekor = null,
            Chain = null
        };

        var trust = new TrustInfo
        {
            Verified = false,
            Verifier = null,
            Witnesses = null,
            PolicyScore = null
        };

        document.AttachDsseProvenance(dsse, trust);

        var provenanceDoc = (DocumentObject)document["provenance"];
        var dsseDoc = (DocumentObject)provenanceDoc["dsse"];
        Assert.False(dsseDoc.ContainsKey("rekor"));
        Assert.False(dsseDoc.ContainsKey("chain"));

        var trustDoc = (DocumentObject)document["trust"];
        Assert.False((bool)((DocumentBoolean)trustDoc["verified"]).Value!);
        Assert.False(trustDoc.ContainsKey("witnesses"));
        Assert.False(trustDoc.ContainsKey("policyScore"));
        Assert.IsType<DocumentNull>(trustDoc["verifier"]);
    }
}