# Transport Layer Test Suite

Comprehensive test suite for all aspects of transaction sending via raw TLS S2S connection.

## Test Coverage

### 1. TLS Connection Tests (`tls-connection.test.ts`)
Tests raw TLS S2S connection establishment:
- ✅ Receiver IP configuration (172.67.157.88)
- ✅ Receiver port configuration (443, 8443)
- ✅ SNI (Server Name Indication) handling (devmindgroup.com)
- ✅ TLS version negotiation (TLSv1.2, TLSv1.3)
- ✅ Connection reuse and lifecycle
- ✅ Error handling and timeouts
- ✅ Mutual TLS (mTLS) support

### 2. Message Framing Tests (`message-framing.test.ts`)
Tests length-prefix-4be framing:
- ✅ 4-byte big-endian length prefix framing
- ✅ Message unframing and parsing
- ✅ Multiple messages in buffer
- ✅ Edge cases (empty, large, Unicode, binary)
- ✅ ISO 20022 message framing

### 3. ACK/NACK Handling Tests (`ack-nack-handling.test.ts`)
Tests ACK/NACK response parsing:
- ✅ ACK XML parsing (various formats)
- ✅ NACK XML parsing with reasons
- ✅ Validation of parsed responses
- ✅ Error handling for malformed XML
- ✅ ISO 20022 pacs.002 format support

### 4. Idempotency Tests (`idempotency.test.ts`)
Tests exactly-once delivery guarantee:
- ✅ UETR generation and validation
- ✅ MsgId generation and validation
- ✅ Duplicate transmission prevention
- ✅ ACK/NACK matching by UETR/MsgId
- ✅ Message state transitions
- ✅ Retry idempotency

### 5. Certificate Verification Tests (`certificate-verification.test.ts`)
Tests certificate validation:
- ✅ SHA256 fingerprint verification
- ✅ Certificate chain validation
- ✅ SNI matching
- ✅ TLS version and cipher suite
- ✅ Certificate expiration checks

### 6. End-to-End Transmission Tests (`end-to-end-transmission.test.ts`)
Tests complete transaction flow:
- ✅ Connection → Message → Transmission → Response
- ✅ Message validation before transmission
- ✅ Error handling in transmission
- ✅ Session management
- ✅ Receiver configuration validation

### 7. Retry and Error Handling Tests (`retry-error-handling.test.ts`)
Tests retry logic and error recovery:
- ✅ Retry configuration
- ✅ Connection retry logic
- ✅ Timeout handling
- ✅ Error recovery
- ✅ Idempotency in retries
- ✅ Error classification
- ✅ Circuit breaker pattern

### 8. Session Management and Audit Tests (`session-audit.test.ts`)
Tests session tracking and audit logging:
- ✅ TLS session tracking
- ✅ Session lifecycle management
- ✅ Audit logging (establishment, transmission, ACK/NACK)
- ✅ Session metadata recording
- ✅ Monitoring and metrics
- ✅ Security audit trail

## Running Tests

### Run All Transport Tests
```bash
npm test -- tests/integration/transport
```

### Run Specific Test Suite
```bash
npm test -- tests/integration/transport/tls-connection.test.ts
```

### Run with Coverage
```bash
npm test -- tests/integration/transport --coverage
```

### Run Test Runner Script
```bash
chmod +x tests/integration/transport/run-transport-tests.sh
./tests/integration/transport/run-transport-tests.sh
```

## Test Configuration

### Environment Variables
Tests use the following receiver configuration:
- **IP**: 172.67.157.88
- **Port**: 443 (primary), 8443 (alternate)
- **SNI**: devmindgroup.com
- **SHA256 Fingerprint**: b19f2a94eab4cd3b92f1e3e0dce9d5e41c8b7aa3fdbe6e2f4ac3c91a5fbb2f44
- **TLS Version**: TLSv1.2 minimum, TLSv1.3 preferred
- **Framing**: length-prefix-4be

### Test Timeouts
- Connection tests: 60 seconds
- End-to-end tests: 120 seconds
- Other tests: 30-60 seconds

## Test Requirements

### Database
Tests require a database connection for:
- Message storage
- Delivery status tracking
- Session management
- Audit logging

### Network Access
Some tests require network access to:
- Receiver endpoint (172.67.157.88:443)
- DNS resolution for SNI

**Note**: Tests that require actual network connectivity may be skipped or fail if the receiver is unavailable. This is expected behavior for integration tests.

## Test Data

Tests use the ISO 20022 pacs.008 template from:
- `docs/examples/pacs008-template-a.xml`

## Expected Test Results

### Passing Tests
- ✅ All unit tests (framing, parsing, validation)
- ✅ Configuration validation tests
- ✅ Message format tests

### Conditional Tests
- ⚠️ Network-dependent tests (may fail if receiver unavailable)
  - TLS connection tests
  - End-to-end transmission tests
  - Certificate verification tests

### Skipped Tests
- Tests that require specific environment setup
- Tests that depend on external services

## Troubleshooting

### Connection Timeouts
If tests timeout connecting to receiver:
1. Verify network connectivity to 172.67.157.88
2. Check firewall rules
3. Verify receiver is accepting connections on port 443
4. Check DNS resolution for devmindgroup.com

### Certificate Errors
If certificate verification fails:
1. Verify SHA256 fingerprint matches expected value
2. Check certificate expiration
3. Verify SNI is correctly set
4. Check CA certificate bundle if using custom CA

### Database Errors
If database-related tests fail:
1. Verify database is running
2. Check DATABASE_URL environment variable
3. Verify database schema is up to date
4. Check database permissions

## Next Steps

After running tests:
1. Review test results and fix any failures
2. Check test coverage report
3. Verify all critical paths are tested
4. Update tests as requirements change