Issuer Behavior Integration Tests #579
Description
Before we can safely start changing the behavior of issuers in CBP, we need to have comprehensive tests for the existing behavior. Unexpected behavior in this service can be catastrophic and difficult to recover from, so this is a hard block on future changes.
Needed tests:
- Issuer fetch
- Key fetch
- Message signing
- Message verification
- Token issuance
- Token redemption
- Duplicate redemption (idempotent)
- Duplicate redemption (malicious)
Proposed tools: