Skip to main content

Testing

:::info Source Sourced from services/certification-service/TESTING_STRATEGY.md in the documentation repo. :::

1. Coverage Targets

Domain 95% line / 98% branch / 80% mutation. Integration 80%.

2. Unit Tests

  • Certificate state machine (pending → issued → revoked).
  • JWS sign/verify round-trip with multiple kids.
  • Verification token HMAC fingerprint determinism.
  • Template layout placeholder resolution.
  • OfflineIssuanceClaim signature verification (valid, tampered, expired nonce).
  • Revocation invariants (cannot un-revoke).

3. Integration Tests

  • Postgres + NATS + mock KMS.
  • Issue flow: consume completion event → render artifacts → persist → emit.
  • Revocation flow: revoke → reindex search → notification trigger.
  • Offline claim: submit → verify against progress-service → issue.
  • Template CRUD.

4. Contract Tests

Pact:

  • certification ← progress: progress.completion.recorded.v1.
  • certification → notification: certification.certificate.issued.v1.
  • certification → search: same.
  • certification → analytics: same.
  • OpenAPI diff in CI.

5. E2E Tests

  • J-05 continuation: course completion → cert issued → verify via public URL.
  • J-10: revoke → verify returns revoked + public reason.
  • J-11: offline completion → claim submitted → verified on reconnect.

6. Load Tests

  • Issuance: 500/sec sustained, p95 render < 5s.
  • Public verify: 10k rps (mostly cached), 1k rps cold.

7. Chaos

  • KMS outage → issuance queues; drains on recovery.
  • S3 outage for artifact upload → retries; alert.
  • Revocation event lost → consumer inbox dedups on re-delivery.

8. Security Tests

  • Forged JWS proof (wrong key) → verify rejects.
  • Unrotated kid beyond overlap → new bundles fail; old bundles valid.
  • Token enumeration attempt → rate-limited, alert.
  • Offline claim with wrong bundle key → rejected.
  • Cross-tenant verify token reuse attempt → N/A (token globally unique).

9. OpenBadges Conformance

  • IMS Global Verifiable Credentials Conformance Test green on every release.
  • JSON-LD proof verified in reference verifier.

10. Replay Tests

  • Event log → rebuild certificates table.
  • Compare with previous state; idempotency ensures no duplicates.
  • JWS signatures reproduce (with same KMS key).

11. Accessibility Tests

  • PDF tagged (Section 508).
  • Certificate image alt-text + screen-reader-friendly description.
  • Public verify page WCAG 2.2 AA.

12. CI Gates

  • Unit + integration green.
  • OpenBadges conformance green.
  • OpenAPI + Pact verified.
  • Two-tenant iso green.
  • Mutation ≥ 80% on domain.