So a couple things I figured out after poking around:
-
In case it wasn’t obvious, if you have no NNS subnet then your canister will write a certificate with it’s subnet pub key as the rootKey. (root_key for searchers).
-
Also the pic.getPubKey just returned an array and the verification library needs a byte buffer or it fails due to checking byteLength instead of length.
let nnspubkey = new Uint8Array(await pic.getPubKey(subnet.id));
- I had hell getting the npm package to work with my jest and typescript set up so I just rawdogged the ts files from the verification project into mine and then futzed around until I exported validateTree which seemed to get me what I wanted.
And now my test passes. 