git.stella-ops.org/src/__Libraries/StellaOps.Cryptography.Tests/PolicyProvidersTests.cs

using System;
using System.Security.Cryptography;
using System.Text;
using FluentAssertions;
using StellaOps.Cryptography;
using Xunit;


using StellaOps.TestKit;
namespace StellaOps.Cryptography.Tests;

public class PolicyProvidersTests
{
    [Trait("Category", TestCategories.Unit)]
        [Fact]
    public async Task FipsSoft_Signs_And_Verifies_Es256()
    {
        Environment.SetEnvironmentVariable("FIPS_SOFT_ALLOWED", "1");

        var provider = new FipsSoftCryptoProvider();
        using var ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP256);
        var key = new CryptoSigningKey(
            new CryptoKeyReference("fips-es256"),
            SignatureAlgorithms.Es256,
            ecdsa.ExportParameters(true),
            DateTimeOffset.UtcNow);

        provider.UpsertSigningKey(key);

        var signer = provider.GetSigner(SignatureAlgorithms.Es256, new CryptoKeyReference("fips-es256"));
        var data = Encoding.UTF8.GetBytes("fips-soft-provider");
        var signature = await signer.SignAsync(data);

        (await signer.VerifyAsync(data, signature)).Should().BeTrue();
        provider.GetHasher(HashAlgorithms.Sha256).ComputeHash(data).Length.Should().Be(32);
    }

    [Trait("Category", TestCategories.Unit)]
        [Fact]
    public async Task EidasSoft_Signs_And_Verifies_Es384()
    {
        Environment.SetEnvironmentVariable("EIDAS_SOFT_ALLOWED", "1");

        var provider = new EidasSoftCryptoProvider();
        using var ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP384);
using StellaOps.TestKit;
        var key = new CryptoSigningKey(
            new CryptoKeyReference("eidas-es384"),
            SignatureAlgorithms.Es384,
            ecdsa.ExportParameters(true),
            DateTimeOffset.UtcNow);

        provider.UpsertSigningKey(key);

        var signer = provider.GetSigner(SignatureAlgorithms.Es384, new CryptoKeyReference("eidas-es384"));
        var data = Encoding.UTF8.GetBytes("eidas-soft-provider");
        var signature = await signer.SignAsync(data);

        (await signer.VerifyAsync(data, signature)).Should().BeTrue();
        provider.GetHasher(HashAlgorithms.Sha384).ComputeHash(data).Length.Should().Be(48);
    }

    [Trait("Category", TestCategories.Unit)]
        [Fact]
    public void KcmvpHashOnly_Computes_Hash()
    {
        Environment.SetEnvironmentVariable("KCMVP_HASH_ALLOWED", "1");

        var provider = new KcmvpHashOnlyProvider();
        var data = Encoding.UTF8.GetBytes("kcmvp-hash-only");

        provider.Supports(CryptoCapability.ContentHashing, HashAlgorithms.Sha256).Should().BeTrue();
        var digest = provider.GetHasher(HashAlgorithms.Sha256).ComputeHash(data);
        digest.Length.Should().Be(32);

        provider.Invoking(p => p.GetSigner(SignatureAlgorithms.Es256, new CryptoKeyReference("none")))
            .Should().Throw<NotSupportedException>();
    }
}