From 8bfd0dc6b44438ba6c5d2844ce21fbc2adfe3f1a Mon Sep 17 00:00:00 2001
From: Thomas Vanbesien <tvanbesi@proton.me>
Date: Wed, 18 Feb 2026 23:09:43 +0100
Subject: Add TOFU certificate bootstrap integration test

Make download-cert always use an unsecure client so it can connect to
a server's None discovery endpoint without the server certificate in
the trust store.  Add a cert_bootstrap test that verifies the full
Trust On First Use workflow: find-servers succeeds, get-endpoints fails
(untrusted cert), download-cert retrieves the certificate via None,
then get-endpoints and read-time both succeed.
---
 tests/cert_bootstrap/certs/trust/Client_cert.der          | Bin 0 -> 913 bytes
 tests/cert_bootstrap/certs/trust/ServerLDS_cert.der       | Bin 0 -> 922 bytes
 .../certs/trust/ServerRegisterClient_cert.der             | Bin 0 -> 949 bytes
 tests/cert_bootstrap/certs/trust/ServerRegister_cert.der  | Bin 0 -> 937 bytes
 4 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 tests/cert_bootstrap/certs/trust/Client_cert.der
 create mode 100644 tests/cert_bootstrap/certs/trust/ServerLDS_cert.der
 create mode 100644 tests/cert_bootstrap/certs/trust/ServerRegisterClient_cert.der
 create mode 100644 tests/cert_bootstrap/certs/trust/ServerRegister_cert.der

(limited to 'tests/cert_bootstrap/certs/trust')

diff --git a/tests/cert_bootstrap/certs/trust/Client_cert.der b/tests/cert_bootstrap/certs/trust/Client_cert.der
new file mode 100644
index 0000000..84724c1
Binary files /dev/null and b/tests/cert_bootstrap/certs/trust/Client_cert.der differ
diff --git a/tests/cert_bootstrap/certs/trust/ServerLDS_cert.der b/tests/cert_bootstrap/certs/trust/ServerLDS_cert.der
new file mode 100644
index 0000000..9983c3b
Binary files /dev/null and b/tests/cert_bootstrap/certs/trust/ServerLDS_cert.der differ
diff --git a/tests/cert_bootstrap/certs/trust/ServerRegisterClient_cert.der b/tests/cert_bootstrap/certs/trust/ServerRegisterClient_cert.der
new file mode 100644
index 0000000..937960e
Binary files /dev/null and b/tests/cert_bootstrap/certs/trust/ServerRegisterClient_cert.der differ
diff --git a/tests/cert_bootstrap/certs/trust/ServerRegister_cert.der b/tests/cert_bootstrap/certs/trust/ServerRegister_cert.der
new file mode 100644
index 0000000..9fb39f5
Binary files /dev/null and b/tests/cert_bootstrap/certs/trust/ServerRegister_cert.der differ
-- 
cgit v1.2.3