git.stella-ops.org/tests/Provenance/StellaOps.Provenance.Attestation.Tests/ToolEntrypointTests.cs

using System.Text;
using StellaOps.Provenance.Attestation;
using Xunit;

namespace StellaOps.Provenance.Attestation.Tests;

public sealed class ToolEntrypointTests
{
    [Fact]
    public async Task RunAsync_ReturnsInvalidOnMissingArgs()
    {
        var code = await ToolEntrypoint.RunAsync(Array.Empty<string>(), TextWriter.Null, new StringWriter(), new TestTimeProvider(DateTimeOffset.UtcNow));
        Assert.Equal(1, code);
    }

    [Fact]
    public async Task RunAsync_VerifiesValidSignature()
    {
        var payload = Encoding.UTF8.GetBytes("payload");
        var key = Convert.ToHexString(Encoding.UTF8.GetBytes("secret"));
        using var hmac = new System.Security.Cryptography.HMACSHA256(Encoding.UTF8.GetBytes("secret"));
        var sig = Convert.ToHexString(hmac.ComputeHash(payload));

        var tmp = Path.GetTempFileName();
        await File.WriteAllBytesAsync(tmp, payload);

        var stdout = new StringWriter();
        var code = await ToolEntrypoint.RunAsync(new[]
        {
            "--payload", tmp,
            "--signature-hex", sig,
            "--key-hex", key,
            "--signed-at", "2025-11-22T00:00:00Z"
        }, stdout, new StringWriter(), new TestTimeProvider(new DateTimeOffset(2025,11,22,0,0,0,TimeSpan.Zero)));

        Assert.Equal(0, code);
        Assert.Contains("\"valid\":true", stdout.ToString());
    }
}