test: improve self-signed certificate cleanup

[reubenmiller]

Proposed changes

Improve the tracking of self-signed certificates within the tests. With the changes, the system tests no longer leave self-signed certificate which where generated within the tests.

• New keyword to allow a certificate to be registered for cleanup
• Record the certificates after each test (instead of assuming the cert still exists at the end of the suite)
• Fix thumbprint parsing logic
• Use Cumulocity CA to register devices in the HSM tests, however a the RSA private key with a bit length of 1024 had to be removed as it isn't supported by the Cumulocity CA and is anyway deemed insecure by today's security recommendatons

Types of changes

• Bugfix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Improvement (general improvements like code refactoring that doesn't explicitly fix a bug or add any new functionality)
• Documentation Update (if none of the other choices apply)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)

Paste Link to the issue

Checklist

• I have read the CONTRIBUTING doc
• I have signed the CLA (in all commits with git commit -s. You can activate automatic signing by running just prepare-dev once)
• I ran just format as mentioned in CODING_GUIDELINES
• I used just check as mentioned in CODING_GUIDELINES
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)

Further comments

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

📢 Thoughts on this report? Let us know!

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

Robot Results

✅ Passed	❌ Failed	⏭️ Skipped	Total	Pass %	⏱️ Duration
652	0	3	652	100	1h47m1.985242s

[Bravo555]

Instead of manually tracking individual certificates, couldn't we perhaps just remove ALL the certificates from the tenant that match the test device name (and children)? These names should be globally unique, so no other device should be affected and additionally:

• if I debug a suite and create more certificates from the shell these would also get cleaned up
• if the test suite mistakenly didn't use the new keyword and uploaded the cert manually, this would also get cleaned up automatically
• the implementation could be much simplified

I think this would be a good enough solution assuming that from within the tests we only create certs with the name of the device (and children) or I'm otherwise not missing anything else.

[Bravo555]

Looks alright, still have some suggestions and questions, will approve after they're addressed.

[reubenmiller]

@Bravo555 I pushed a fix, ab51521, as I noticed that the Cumulocity device/user cleanup logic wasn't being run when self-signed certificates were not being used...but the latest run leaves a clean environment now.

[Bravo555]

Approved