Add unit tests for OCSP and CRL certificate verification

[heskew]

Problem

The OCSP and CRL certificate verification implementation has no unit test coverage. While integration tests exist, they are currently skipped in CI (see #118), and unit tests would provide:

• Faster feedback during development
• Isolated testing of core logic without network dependencies
• Better coverage of edge cases and error conditions

Current State

• Integration Tests: Exist but skipped in CI (24_ocspVerification.mjs, 26_crlVerification.mjs)
• Unit Tests: None exist for certificate verification
• Implementation Files:
  • security/certificateVerification/ocspVerification.ts
  • security/certificateVerification/index.ts
  • security/certificateVerification/verificationUtils.ts

Proposed Solution

Add unit tests to cover:

OCSP Verification (ocspVerification.ts)

1. verifyOCSP() function:

   • Test with valid certificates (should return {valid: true, status: 'good'})
   • Test with revoked certificates (should return {valid: false, status: 'revoked'})
   • Test caching behavior (cache hits vs source fetches)
   • Test with enabled: false config (should return disabled status)
   • Test failure modes: fail-open vs fail-closed
   • Test timeout handling
   • Test invalid certificate formats

2. performOCSPCheck() function:

   • Test good, revoked, and unknown certificate statuses
   • Test timeout/abort errors
   • Test with pre-extracted OCSP URLs vs parsing from cert

Certificate Verification Utils (verificationUtils.ts)

• Test bufferToPem() conversion
• Test createCacheKey() generation
• Test cache key uniqueness for different cert combinations

Integration with Harper Cache

• Test that cache entries use correct TTL
• Test concurrent request handling (cache stampede prevention)
• Test cache invalidation scenarios

Testing Approach

Use mocking for external dependencies:

// Mock easy-ocsp library
const mockGetCertStatus = sinon.stub();
// Mock Harper's certificate cache table
const mockCacheTable = { get: sinon.stub() };

Benefits

• Fast test execution (no network/OpenSSL dependencies)
• Better coverage of edge cases and error paths
• Catch bugs earlier in development
• Complements integration tests (when Enable OCSP and CRL certificate verification tests in CI #118 is complete)

Files to Create

• unitTests/server/security/certificateVerification/ocspVerification.test.js
• unitTests/server/security/certificateVerification/verificationUtils.test.js
• unitTests/server/security/certificateVerification/index.test.js (if needed)

Related Issues

• Enable OCSP and CRL certificate verification tests in CI #118 - Enable OCSP/CRL tests in CI (integration tests)

Priority

Medium - This is a nice-to-have after #118 is completed. Integration tests provide end-to-end validation, but unit tests would improve development velocity and edge case coverage.