e923880694
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
- Introduced DigestUpsertRequest for handling digest upsert requests with properties like ChannelId, Recipient, DigestKey, Events, and CollectUntil. - Created LockEntity to represent a lightweight distributed lock entry with properties such as Id, TenantId, Resource, Owner, ExpiresAt, and CreatedAt. feat: Implement ILockRepository interface and LockRepository class - Defined ILockRepository interface with methods for acquiring and releasing locks. - Implemented LockRepository class with methods to try acquiring a lock and releasing it, using SQL for upsert operations. feat: Add SurfaceManifestPointer record for manifest pointers - Introduced SurfaceManifestPointer to represent a minimal pointer to a Surface.FS manifest associated with an image digest. feat: Create PolicySimulationInputLock and related validation logic - Added PolicySimulationInputLock record to describe policy simulation inputs and expected digests. - Implemented validation logic for policy simulation inputs, including checks for digest drift and shadow mode requirements. test: Add unit tests for ReplayVerificationService and ReplayVerifier - Created ReplayVerificationServiceTests to validate the behavior of the ReplayVerificationService under various scenarios. - Developed ReplayVerifierTests to ensure the correctness of the ReplayVerifier logic. test: Implement PolicySimulationInputLockValidatorTests - Added tests for PolicySimulationInputLockValidator to verify the validation logic against expected inputs and conditions. chore: Add cosign key example and signing scripts - Included a placeholder cosign key example for development purposes. - Added a script for signing Signals artifacts using cosign with support for both v2 and v3. chore: Create script for uploading evidence to the evidence locker - Developed a script to upload evidence to the evidence locker, ensuring required environment variables are set.
94 lines
3.2 KiB
C#
94 lines
3.2 KiB
C#
using StellaOps.AirGap.Controller.Endpoints.Contracts;
|
|
using StellaOps.AirGap.Controller.Services;
|
|
using StellaOps.AirGap.Controller.Stores;
|
|
using StellaOps.AirGap.Importer.Contracts;
|
|
using StellaOps.AirGap.Importer.Validation;
|
|
using StellaOps.AirGap.Time.Models;
|
|
using StellaOps.AirGap.Time.Services;
|
|
using Xunit;
|
|
|
|
namespace StellaOps.AirGap.Controller.Tests;
|
|
|
|
public class ReplayVerificationServiceTests
|
|
{
|
|
private readonly ReplayVerificationService _service;
|
|
private readonly AirGapStateService _stateService;
|
|
private readonly StalenessCalculator _staleness = new();
|
|
private readonly InMemoryAirGapStateStore _store = new();
|
|
|
|
public ReplayVerificationServiceTests()
|
|
{
|
|
_stateService = new AirGapStateService(_store, _staleness);
|
|
_service = new ReplayVerificationService(_stateService, new ReplayVerifier());
|
|
}
|
|
|
|
[Fact]
|
|
public async Task Passes_full_recompute_when_hashes_match()
|
|
{
|
|
var now = DateTimeOffset.Parse("2025-12-02T01:00:00Z");
|
|
await _stateService.SealAsync("tenant-a", "policy-x", TimeAnchor.Unknown, StalenessBudget.Default, now);
|
|
|
|
var request = new VerifyRequest
|
|
{
|
|
Depth = ReplayDepth.FullRecompute,
|
|
ManifestSha256 = new string('a', 64),
|
|
BundleSha256 = new string('b', 64),
|
|
ComputedManifestSha256 = new string('a', 64),
|
|
ComputedBundleSha256 = new string('b', 64),
|
|
ManifestCreatedAt = now.AddHours(-2),
|
|
StalenessWindowHours = 24,
|
|
BundlePolicyHash = "policy-x"
|
|
};
|
|
|
|
var result = await _service.VerifyAsync("tenant-a", request, now);
|
|
|
|
Assert.True(result.IsValid);
|
|
Assert.Equal("full-recompute-passed", result.Reason);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task Detects_stale_manifest()
|
|
{
|
|
var now = DateTimeOffset.UtcNow;
|
|
var request = new VerifyRequest
|
|
{
|
|
Depth = ReplayDepth.HashOnly,
|
|
ManifestSha256 = new string('a', 64),
|
|
BundleSha256 = new string('b', 64),
|
|
ComputedManifestSha256 = new string('a', 64),
|
|
ComputedBundleSha256 = new string('b', 64),
|
|
ManifestCreatedAt = now.AddHours(-30),
|
|
StalenessWindowHours = 12
|
|
};
|
|
|
|
var result = await _service.VerifyAsync("default", request, now);
|
|
|
|
Assert.False(result.IsValid);
|
|
Assert.Equal("manifest-stale", result.Reason);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task Policy_freeze_requires_matching_policy()
|
|
{
|
|
var now = DateTimeOffset.UtcNow;
|
|
await _stateService.SealAsync("tenant-b", "sealed-policy", TimeAnchor.Unknown, StalenessBudget.Default, now);
|
|
|
|
var request = new VerifyRequest
|
|
{
|
|
Depth = ReplayDepth.PolicyFreeze,
|
|
ManifestSha256 = new string('a', 64),
|
|
BundleSha256 = new string('b', 64),
|
|
ComputedManifestSha256 = new string('a', 64),
|
|
ComputedBundleSha256 = new string('b', 64),
|
|
ManifestCreatedAt = now,
|
|
StalenessWindowHours = 48,
|
|
BundlePolicyHash = "bundle-policy"
|
|
};
|
|
|
|
var result = await _service.VerifyAsync("tenant-b", request, now);
|
|
|
|
Assert.False(result.IsValid);
|
|
Assert.Equal("policy-hash-drift", result.Reason);
|
|
}
|
|
}
|