From df02ccaa0dfed04be0008c9738929732b6229046 Mon Sep 17 00:00:00 2001
From: Brian Botha <brian.botha@matrix.ai>
Date: Fri, 16 Aug 2024 12:03:24 +1000
Subject: [PATCH] tests: added test checking if certificate before target node
 is expired

---
 tests/nodes/utils.test.ts | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/tests/nodes/utils.test.ts b/tests/nodes/utils.test.ts
index 8bdca1192..ac6be9a91 100644
--- a/tests/nodes/utils.test.ts
+++ b/tests/nodes/utils.test.ts
@@ -415,6 +415,21 @@ describe('nodes/utils', () => {
         if (result.result === 'fail') fail();
         expect(Buffer.compare(result.nodeId, nodeIdIntermediate)).toBe(0);
       });
+      test('fails with expired intermediate before valid target', async () => {
+        cert = await testTlsUtils.createTLSConfigWithChain([
+          [keyPairRoot, 0],
+          [keyPairIntermediate, undefined],
+          [keyPairLeaf, 0],
+          [keyPairLeaf, undefined],
+        ]);
+        const result = await nodesUtils.verifyServerCertificateChain(
+          [nodeIdIntermediate],
+          cert.certChainPem.map((v) => wsUtils.pemToDER(v)),
+        );
+        expect(result.result).toBe('fail');
+        if (result.result !== 'fail') utils.never();
+        expect(result.value).toBe(CryptoError.CertificateExpired);
+      });
     });
     describe('server verifyClientCertificateChain', () => {
       test('verify with multiple certs', async () => {