test(dcv): poll for GENERATED *with body*, not just GENERATED

spbsoluble · spbsoluble · commit edd8b21ce5f4 · 2026-06-11T11:21:08.000-07:00
The algo issuance matrix asserted the cert body immediately on GENERATED, but
CERTInext flips status to GENERATED a beat before GetCertificate returns the PEM
— so a fast-issuing order (ECDSA-P256, RSA-3072) could report GENERATED with an
empty body and fail the body assertion despite issuing fine. Wait for GENERATED
with a materialized body (slower-issuing RSA-2048/4096 + ECDSA-P384 already passed
because their DCV propagation gave the body time to land).
diff --git a/CERTInext.IntegrationTests/DcvLifecycleTests.cs b/CERTInext.IntegrationTests/DcvLifecycleTests.cs
@@ -436,7 +436,10 @@ record = await plugin.GetSingleRecord(enrollResult.CARequestID);
                 int status = record?.Status ?? -1;
                 _output.WriteLine($"[{tag}] poll #{poll}: status={status} certLen={record?.Certificate?.Length ?? 0}");
 
-                if (status == (int)EndEntityStatus.GENERATED)
+                // Wait for GENERATED *with a materialized body*. CERTInext flips status to
+                // GENERATED a beat before GetCertificate returns the PEM, so an order that
+                // issues quickly can report GENERATED with an empty body for a poll or two.
+                if (status == (int)EndEntityStatus.GENERATED && !string.IsNullOrWhiteSpace(record?.Certificate))
                     break;
                 if (status == (int)EndEntityStatus.FAILED)
                 {
