mosaicstack/stack
1
0
Fork 0
Code Issues 18 Pull Requests 1 Actions Packages Projects Releases 13 Wiki Activity

fix(federation): use real PEM certs in enrollment + ca service tests #507

Merged
jason.woltje merged 1 commits from fix/gateway-federation-test-fixtures-real-pem into main 2026-04-24 02:43:43 +00:00
Conversation 0 Commits 1 Files Changed 3 +218 -37
jason.woltje commented 2026-04-24 02:39:34 +00:00
Owner
Copy Link

Summary

  • PR #501 (FED-M2-11) added strict X509Certificate parsing without silent fallback
  • Existing test mocks returned dummy strings — 13 tests failing on main since that merge with error:0680007B:asn1 encoding routines::header too long
  • The same PR also added CRIT-2 returning() on the grant-activation update path — mock did not expose this method, adding 6 more TypeError failures
  • Fix: add test helper that generates real self-signed EC P-256 certs via @peculiar/x509; use it in EnrollmentService and CaService spec mocks
  • Production strictness intentionally preserved (HIGH-2 and CRIT-1/CRIT-2 contracts)

Files changed

  • apps/gateway/src/federation/tests/helpers/test-cert.ts (new): generates real certs via @peculiar/x509 + webcrypto.subtle
  • apps/gateway/src/federation/tests/enrollment.service.spec.ts: use real cert in caService.issueCert mock; fix tx mock to support returning() on grant-activation path
  • apps/gateway/src/federation/ca.service.spec.ts: use realIssuedCertPem (with Mosaic OIDs) as the mock crt returned by step-ca

Test plan

  • pnpm --filter @mosaicstack/gateway test — 439 passed, 11 skipped (integration), 0 failed (was 13 failing)
  • pnpm typecheck — PASS
  • pnpm lint — PASS
  • pnpm format:check — PASS
  • CI green on push

Generated with Claude Code

## Summary - PR #501 (FED-M2-11) added strict X509Certificate parsing without silent fallback - Existing test mocks returned dummy strings — 13 tests failing on main since that merge with error:0680007B:asn1 encoding routines::header too long - The same PR also added CRIT-2 returning() on the grant-activation update path — mock did not expose this method, adding 6 more TypeError failures - Fix: add test helper that generates real self-signed EC P-256 certs via @peculiar/x509; use it in EnrollmentService and CaService spec mocks - Production strictness intentionally preserved (HIGH-2 and CRIT-1/CRIT-2 contracts) ## Files changed - apps/gateway/src/federation/__tests__/helpers/test-cert.ts (new): generates real certs via @peculiar/x509 + webcrypto.subtle - apps/gateway/src/federation/__tests__/enrollment.service.spec.ts: use real cert in caService.issueCert mock; fix tx mock to support returning() on grant-activation path - apps/gateway/src/federation/ca.service.spec.ts: use realIssuedCertPem (with Mosaic OIDs) as the mock crt returned by step-ca ## Test plan - [x] pnpm --filter @mosaicstack/gateway test — 439 passed, 11 skipped (integration), 0 failed (was 13 failing) - [x] pnpm typecheck — PASS - [x] pnpm lint — PASS - [x] pnpm format:check — PASS - [ ] CI green on push Generated with Claude Code
jason.woltje added 1 commit 2026-04-24 02:39:35 +00:00
fix(federation): use real PEM certs in enrollment + ca service tests
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
59fc3cdebf 
PR #501 (FED-M2-11) added strict `new X509Certificate(certPem)` parsing
without falling back silently — but the existing test mocks were still
returning dummy strings, so 13+6 tests have been failing on `main` since
that merge with `error:0680007B:asn1 encoding routines::header too long`.

Also fixes a mock gap introduced by CRIT-2 in the same PR: the tx mock
did not have a `.returning()` method on the grant-activation update path,
causing 6 of the 13 failures with `TypeError: not a function`.

Add a test helper that generates a real self-signed EC P-256 cert via
@peculiar/x509 and use it in the EnrollmentService and CaService spec
mocks. Two variants:
  - makeSelfSignedCert()        plain cert for extractCertNotAfter
  - makeMosaicIssuedCert(opts)  cert with Mosaic OID extensions for CRIT-1

Production strictness is intentionally preserved.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
jason.woltje merged commit 7342c1290d into main 2026-04-24 02:43:43 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
jason.woltje
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: mosaicstack/stack#507
Delete Branch "fix/gateway-federation-test-fixtures-real-pem"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?