@alwaysai/device-agent 1.3.1 → 1.4.0

package/lib/secure-tunneling/secure-tunneling.test.js

@@ -0,0 +1,1070 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const paths_1 = require("alwaysai/lib/paths");
+const path_1 = require("path");
+const urls_1 = require("../urls");
+const directories_1 = require("../util/directories");
+const download_file_1 = require("../util/download-file");
+const system_info_1 = require("../util/system-info");
+const secure_tunneling_1 = require("./secure-tunneling");
+const spawner_detached_1 = require("./spawner-detached");
+//-----------------------------------------------------------------------------
+// mocks
+//-----------------------------------------------------------------------------
+jest.mock('alwaysai/lib/util/spawner');
+const mockJsSpawner = {
+    exiresolvePathsts: jest.fn(),
+    readdir: jest.fn(),
+    readFile: jest.fn(),
+    writeFile: jest.fn(),
+    mkdirp: jest.fn(),
+    rimraf: jest.fn(),
+    tar: jest.fn(),
+    rename: jest.fn(),
+    untar: jest.fn(),
+    exists: jest.fn(),
+    run: jest.fn()
+};
+jest.mock('alwaysai/lib/util/spawner', () => {
+    return Object.assign(Object.assign({}, jest.requireActual('alwaysai/lib/util/spawner')), { JsSpawner: jest.fn(() => mockJsSpawner) });
+});
+jest.mock('../util/system-info', () => ({
+    getArch: jest.fn(),
+    getOsVersion: jest.fn(),
+    getDistribution: jest.fn()
+}));
+jest.mock('../util/download-file', () => ({
+    downloadFile: jest.fn()
+}));
+jest.mock('./spawner-detached', () => ({
+    runDetachedProcess: jest.fn(),
+    killDetachedProcess: jest.fn()
+}));
+//-----------------------------------------------------------------------------
+// constants
+//-----------------------------------------------------------------------------
+const ST_START_PORT_NUMBER = 5010;
+const disabledSshPortInfo = {
+    enabled: false,
+    type: 'SSH',
+    ip: '0.0.0.0',
+    port: 22
+};
+const enabledSshPortInfo = {
+    enabled: true,
+    type: 'SSH',
+    ip: '0.0.0.0',
+    port: 22
+};
+const invalidSshPortInfo = {
+    enabled: true,
+    type: 'SSH',
+    ip: '192.168.0.255',
+    port: 80
+};
+const disabledHttpPortInfo_1 = {
+    enabled: false,
+    type: 'HTTP',
+    ip: '192.168.0.10',
+    port: 1
+};
+const enabledHttpPortInfo_1 = {
+    enabled: true,
+    type: 'HTTP',
+    ip: '192.168.0.10',
+    port: 1
+};
+const disabledHttpPortInfo_2 = {
+    enabled: false,
+    type: 'HTTP',
+    ip: '192.168.0.20',
+    port: 2
+};
+const enabledHttpPortInfo_2 = {
+    enabled: true,
+    type: 'HTTP',
+    ip: '192.168.0.20',
+    port: 2
+};
+const disabledHttpPortInfo_3 = {
+    enabled: false,
+    type: 'HTTP',
+    ip: '192.168.0.30',
+    port: 3
+};
+const enabledHttpPortInfo_3 = {
+    enabled: true,
+    type: 'HTTP',
+    ip: '192.168.0.30',
+    port: 3
+};
+describe('SecureTunnelHandlerSingleton', () => {
+    //---------------------------------------------------------------------------
+    // test variables
+    //---------------------------------------------------------------------------
+    let testStHandlerSingleton;
+    let shadowVersion = 0;
+    let shadowTimestamp = 1708726929;
+    const testDefaultShadow = {
+        st_ports: [disabledSshPortInfo]
+    };
+    beforeEach(() => {
+        jest.clearAllMocks();
+        jest.resetModules();
+        testStHandlerSingleton = secure_tunneling_1.SecureTunnelHandlerSingleton.getInstance();
+        shadowVersion++;
+        shadowTimestamp++;
+    });
+    afterEach(async () => {
+        await testStHandlerSingleton.destroy();
+    });
+    //---------------------------------------------------------------------------
+    // help functions
+    //---------------------------------------------------------------------------
+    function createDeltaShadowMsg(stPorts) {
+        const stPortsCopy = JSON.parse(JSON.stringify(stPorts));
+        const deltaShadowMsg = {
+            version: shadowVersion,
+            timestamp: shadowTimestamp,
+            state: { st_ports: stPortsCopy }
+        };
+        return deltaShadowMsg;
+    }
+    function transformDeltaToUpdateReported(deltaMsg) {
+        const { version, state } = deltaMsg;
+        const reportedStateReported = JSON.parse(JSON.stringify(state));
+        return reportedStateReported;
+    }
+    //---------------------------------------------------------------------------
+    // test class methods
+    //---------------------------------------------------------------------------
+    it('should be a singleton', () => {
+        const handler = secure_tunneling_1.SecureTunnelHandlerSingleton.getInstance();
+        expect(testStHandlerSingleton).toBe(handler);
+    });
+    it('should have a getSecureTunnelShadow method', () => {
+        expect(testStHandlerSingleton.getSecureTunnelShadow).toBeDefined();
+    });
+    it('should have a syncShadowToDeviceState method', () => {
+        expect(testStHandlerSingleton.syncShadowToDeviceState).toBeDefined();
+    });
+    it('should have a secureTunnelNotifyHandler method', () => {
+        expect(testStHandlerSingleton.secureTunnelNotifyHandler).toBeDefined();
+    });
+    it('should have a destroy method', () => {
+        expect(testStHandlerSingleton.destroy).toBeDefined();
+    });
+    it('should initialize reportedShadowState to default', () => {
+        const actualReportedShadow = testStHandlerSingleton.getSecureTunnelShadow();
+        expect(actualReportedShadow).toEqual(testDefaultShadow);
+    });
+    //---------------------------------------------------------------------------
+    // test syncShadowToDeviceState function
+    //---------------------------------------------------------------------------
+    it('should update reportedShadowSate to 1 SSH and 1 HTTP port config', async () => {
+        // Arrange
+        // --------------------------------------------------------------------
+        const deltaShadowMsg = createDeltaShadowMsg([
+            disabledSshPortInfo,
+            disabledHttpPortInfo_1
+        ]);
+        const expUpdateReported = transformDeltaToUpdateReported(deltaShadowMsg);
+        // Act
+        // --------------------------------------------------------------------
+        const actualReportedShadow = await testStHandlerSingleton.syncShadowToDeviceState(deltaShadowMsg);
+        // Assert
+        // --------------------------------------------------------------------
+        expect(actualReportedShadow).toEqual(expUpdateReported);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenCalledTimes(0);
+        expect(spawner_detached_1.killDetachedProcess).toHaveBeenCalledTimes(0);
+    });
+    it('should update reportedShadowState to 1 SSH and 2 HTTP port config', async () => {
+        // Arrange
+        // --------------------------------------------------------------------
+        const deltaShadowMsg = createDeltaShadowMsg([
+            disabledSshPortInfo,
+            disabledHttpPortInfo_1,
+            disabledHttpPortInfo_2
+        ]);
+        const expUpdateReported = transformDeltaToUpdateReported(deltaShadowMsg);
+        // Act
+        // --------------------------------------------------------------------
+        const actualReportedShadow = await testStHandlerSingleton.syncShadowToDeviceState(deltaShadowMsg);
+        // Assert
+        // --------------------------------------------------------------------
+        expect(actualReportedShadow).toEqual(expUpdateReported);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenCalledTimes(0);
+        expect(spawner_detached_1.killDetachedProcess).toHaveBeenCalledTimes(0);
+    });
+    it('should update reportedShadowState to 1 SSH and 2 HTTP port config, order is important', async () => {
+        // Arrange
+        // --------------------------------------------------------------------
+        const deltaShadowMsg = createDeltaShadowMsg([
+            disabledHttpPortInfo_1,
+            disabledSshPortInfo,
+            disabledHttpPortInfo_2
+        ]);
+        const expUpdateReported = transformDeltaToUpdateReported(deltaShadowMsg);
+        // Act
+        // --------------------------------------------------------------------
+        const actualReportedShadow = await testStHandlerSingleton.syncShadowToDeviceState(deltaShadowMsg);
+        // Assert
+        // --------------------------------------------------------------------
+        expect(actualReportedShadow).toEqual(expUpdateReported);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenCalledTimes(0);
+        expect(spawner_detached_1.killDetachedProcess).toHaveBeenCalledTimes(0);
+    });
+    it('should update reportedShadowState to only 1 HTTP port config', async () => {
+        // Arrange
+        // --------------------------------------------------------------------
+        const deltaShadowMsg = createDeltaShadowMsg([disabledHttpPortInfo_1]);
+        const expUpdateReported = transformDeltaToUpdateReported(deltaShadowMsg);
+        // Act
+        // --------------------------------------------------------------------
+        const actualReportedShadow = await testStHandlerSingleton.syncShadowToDeviceState(deltaShadowMsg);
+        // Assert
+        // --------------------------------------------------------------------
+        expect(actualReportedShadow).toEqual(expUpdateReported);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenCalledTimes(0);
+        expect(spawner_detached_1.killDetachedProcess).toHaveBeenCalledTimes(0);
+    });
+    it('should update reportedShadowState from 1 SSH port to 3 HTTP ports config', async () => {
+        // Arrange
+        // --------------------------------------------------------------------
+        const deltaShadowMsg = createDeltaShadowMsg([
+            disabledHttpPortInfo_1,
+            disabledHttpPortInfo_2,
+            disabledHttpPortInfo_3
+        ]);
+        const expUpdateReported = transformDeltaToUpdateReported(deltaShadowMsg);
+        // Act
+        // --------------------------------------------------------------------
+        const actualReportedShadow = await testStHandlerSingleton.syncShadowToDeviceState(deltaShadowMsg);
+        // Assert
+        // --------------------------------------------------------------------
+        expect(actualReportedShadow).toEqual(expUpdateReported);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenCalledTimes(0);
+        expect(spawner_detached_1.killDetachedProcess).toHaveBeenCalledTimes(0);
+    });
+    it('should update reportedShadowState from 3 HTTP ports to only 1 SSH port config', async () => {
+        // Arrange
+        // --------------------------------------------------------------------
+        const orgDeltaShadowMsg = createDeltaShadowMsg([
+            disabledHttpPortInfo_1,
+            disabledHttpPortInfo_2,
+            disabledHttpPortInfo_3
+        ]);
+        const orgUpdateReported = transformDeltaToUpdateReported(orgDeltaShadowMsg);
+        let actualReportedShadow = await testStHandlerSingleton.syncShadowToDeviceState(orgDeltaShadowMsg);
+        expect(actualReportedShadow).toEqual(orgUpdateReported);
+        const expDeltaShadowMsg = createDeltaShadowMsg([disabledSshPortInfo]);
+        const expUpdateReported = transformDeltaToUpdateReported(expDeltaShadowMsg);
+        // Act
+        // --------------------------------------------------------------------
+        actualReportedShadow = await testStHandlerSingleton.syncShadowToDeviceState(expDeltaShadowMsg);
+        // Assert
+        // --------------------------------------------------------------------
+        expect(actualReportedShadow).toEqual(expUpdateReported);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenCalledTimes(0);
+        expect(spawner_detached_1.killDetachedProcess).toHaveBeenCalledTimes(0);
+    });
+    it('should update reportedShadowState, when the 1st HTTP shadow changes from disabled to enabled', async () => {
+        // Arrange
+        // --------------------------------------------------------------------
+        const orgDeltaShadowMsg = createDeltaShadowMsg([
+            disabledSshPortInfo,
+            disabledHttpPortInfo_1,
+            disabledHttpPortInfo_2
+        ]);
+        const orgUpdateReported = transformDeltaToUpdateReported(orgDeltaShadowMsg);
+        let actualReportedShadow = await testStHandlerSingleton.syncShadowToDeviceState(orgDeltaShadowMsg);
+        expect(actualReportedShadow).toEqual(orgUpdateReported);
+        const expDeltaShadowMsg = createDeltaShadowMsg([
+            disabledSshPortInfo,
+            enabledHttpPortInfo_1,
+            disabledHttpPortInfo_2
+        ]);
+        const expUpdateReported = transformDeltaToUpdateReported(expDeltaShadowMsg);
+        jest.mocked(spawner_detached_1.runDetachedProcess).mockResolvedValueOnce({});
+        // Act
+        // --------------------------------------------------------------------
+        actualReportedShadow = await testStHandlerSingleton.syncShadowToDeviceState(expDeltaShadowMsg);
+        // Assert
+        // --------------------------------------------------------------------
+        expect(actualReportedShadow).toEqual(expUpdateReported);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenCalledTimes(1);
+        expect(spawner_detached_1.runDetachedProcess).toBeCalledWith('socat', [
+            `tcp4-listen:${ST_START_PORT_NUMBER + 1},fork`,
+            `tcp4:${enabledHttpPortInfo_1.ip}:${enabledHttpPortInfo_1.port}`
+        ]);
+        expect(spawner_detached_1.killDetachedProcess).not.toBeCalled();
+    });
+    it('should update reportedShadowState, when the 1st HTTP shadow changes from enabled to disabled', async () => {
+        // Arrange
+        // --------------------------------------------------------------------
+        const orgDeltaShadowMsg = createDeltaShadowMsg([
+            disabledSshPortInfo,
+            enabledHttpPortInfo_1,
+            disabledHttpPortInfo_2
+        ]);
+        const orgUpdateReported = transformDeltaToUpdateReported(orgDeltaShadowMsg);
+        jest.mocked(spawner_detached_1.runDetachedProcess).mockResolvedValueOnce({});
+        let actualReportedShadow = await testStHandlerSingleton.syncShadowToDeviceState(orgDeltaShadowMsg);
+        expect(actualReportedShadow).toEqual(orgUpdateReported);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenCalledTimes(1);
+        const socatArgs = [
+            `tcp4-listen:${ST_START_PORT_NUMBER + 1},fork`,
+            `tcp4:${enabledHttpPortInfo_1.ip}:${enabledHttpPortInfo_1.port}`
+        ];
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenCalledWith('socat', socatArgs);
+        const expDeltaShadowMsg = createDeltaShadowMsg([
+            disabledSshPortInfo,
+            disabledHttpPortInfo_1,
+            disabledHttpPortInfo_2
+        ]);
+        const expUpdateReported = transformDeltaToUpdateReported(expDeltaShadowMsg);
+        jest.clearAllMocks();
+        jest.resetModules();
+        jest.mocked(spawner_detached_1.killDetachedProcess).mockResolvedValueOnce(undefined);
+        // Act
+        // --------------------------------------------------------------------
+        actualReportedShadow = await testStHandlerSingleton.syncShadowToDeviceState(expDeltaShadowMsg);
+        // Assert
+        // --------------------------------------------------------------------
+        expect(actualReportedShadow).toEqual(expUpdateReported);
+        expect(spawner_detached_1.runDetachedProcess).not.toBeCalled();
+        expect(spawner_detached_1.killDetachedProcess).toHaveBeenCalledTimes(1);
+        expect(spawner_detached_1.killDetachedProcess).toHaveBeenCalledWith({}, [
+            ['socat', ...socatArgs].join(' ')
+        ]);
+    });
+    it('should update reportedShadowState, all 3 HTTP services enabled, with SSH disabled', async () => {
+        // Arrange
+        // --------------------------------------------------------------------
+        const expDeltaShadowMsg = createDeltaShadowMsg([
+            disabledSshPortInfo,
+            enabledHttpPortInfo_1,
+            enabledHttpPortInfo_2,
+            enabledHttpPortInfo_3
+        ]);
+        const expUpdateReported = transformDeltaToUpdateReported(expDeltaShadowMsg);
+        jest.mocked(spawner_detached_1.runDetachedProcess).mockResolvedValueOnce({});
+        jest.mocked(spawner_detached_1.runDetachedProcess).mockResolvedValueOnce({});
+        jest.mocked(spawner_detached_1.runDetachedProcess).mockResolvedValueOnce({});
+        // Act
+        // --------------------------------------------------------------------
+        const actualReportedShadow = await testStHandlerSingleton.syncShadowToDeviceState(expDeltaShadowMsg);
+        // Assert
+        // --------------------------------------------------------------------
+        expect(actualReportedShadow).toEqual(expUpdateReported);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenCalledTimes(3);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenNthCalledWith(1, 'socat', [
+            `tcp4-listen:${ST_START_PORT_NUMBER + 1},fork`,
+            `tcp4:${enabledHttpPortInfo_1.ip}:${enabledHttpPortInfo_1.port}`
+        ]);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenNthCalledWith(2, 'socat', [
+            `tcp4-listen:${ST_START_PORT_NUMBER + 2},fork`,
+            `tcp4:${enabledHttpPortInfo_2.ip}:${enabledHttpPortInfo_2.port}`
+        ]);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenNthCalledWith(3, 'socat', [
+            `tcp4-listen:${ST_START_PORT_NUMBER + 3},fork`,
+            `tcp4:${enabledHttpPortInfo_3.ip}:${enabledHttpPortInfo_3.port}`
+        ]);
+        expect(spawner_detached_1.killDetachedProcess).toHaveBeenCalledTimes(0);
+    });
+    it('should update reportedShadowState, all 1 SSH and 2 HTTP services enabled', async () => {
+        // Arrange
+        // --------------------------------------------------------------------
+        const expDeltaShadowMsg = createDeltaShadowMsg([
+            enabledSshPortInfo,
+            enabledHttpPortInfo_1,
+            enabledHttpPortInfo_2
+        ]);
+        const expUpdateReported = transformDeltaToUpdateReported(expDeltaShadowMsg);
+        jest.mocked(spawner_detached_1.runDetachedProcess).mockResolvedValueOnce({});
+        jest.mocked(spawner_detached_1.runDetachedProcess).mockResolvedValueOnce({});
+        // Act
+        // --------------------------------------------------------------------
+        const actualReportedShadow = await testStHandlerSingleton.syncShadowToDeviceState(expDeltaShadowMsg);
+        // Assert
+        // --------------------------------------------------------------------
+        expect(actualReportedShadow).toEqual(expUpdateReported);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenCalledTimes(2);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenNthCalledWith(1, 'socat', [
+            `tcp4-listen:${ST_START_PORT_NUMBER + 1},fork`,
+            `tcp4:${enabledHttpPortInfo_1.ip}:${enabledHttpPortInfo_1.port}`
+        ]);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenNthCalledWith(2, 'socat', [
+            `tcp4-listen:${ST_START_PORT_NUMBER + 2},fork`,
+            `tcp4:${enabledHttpPortInfo_2.ip}:${enabledHttpPortInfo_2.port}`
+        ]);
+        expect(spawner_detached_1.killDetachedProcess).toHaveBeenCalledTimes(0);
+    });
+    it('should update reportedShadowState, SSH1, HTTP1 and HTTP3 services enabled', async () => {
+        // Arrange
+        // --------------------------------------------------------------------
+        const expDeltaShadowMsg = createDeltaShadowMsg([
+            enabledSshPortInfo,
+            enabledHttpPortInfo_1,
+            disabledHttpPortInfo_2,
+            enabledHttpPortInfo_3
+        ]);
+        const expUpdateReported = transformDeltaToUpdateReported(expDeltaShadowMsg);
+        jest.mocked(spawner_detached_1.runDetachedProcess).mockResolvedValueOnce({});
+        jest.mocked(spawner_detached_1.runDetachedProcess).mockResolvedValueOnce({});
+        // Act
+        // --------------------------------------------------------------------
+        const actualReportedShadow = await testStHandlerSingleton.syncShadowToDeviceState(expDeltaShadowMsg);
+        // Assert
+        // --------------------------------------------------------------------
+        expect(actualReportedShadow).toEqual(expUpdateReported);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenCalledTimes(2);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenNthCalledWith(1, 'socat', [
+            `tcp4-listen:${ST_START_PORT_NUMBER + 1},fork`,
+            `tcp4:${enabledHttpPortInfo_1.ip}:${enabledHttpPortInfo_1.port}`
+        ]);
+        expect(spawner_detached_1.runDetachedProcess).not.toHaveBeenCalledWith('socat', [
+            `tcp4-listen:${ST_START_PORT_NUMBER + 2},fork`,
+            `tcp4:${enabledHttpPortInfo_2.ip}:${enabledHttpPortInfo_2.port}`
+        ]);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenNthCalledWith(2, 'socat', [
+            `tcp4-listen:${ST_START_PORT_NUMBER + 2},fork`,
+            `tcp4:${enabledHttpPortInfo_3.ip}:${enabledHttpPortInfo_3.port}`
+        ]);
+        expect(spawner_detached_1.killDetachedProcess).toHaveBeenCalledTimes(0);
+    });
+    it('should update last HTTP reportedShadowState, all 1 SSH and 3 HTTP services enabled', async () => {
+        // Arrange
+        // --------------------------------------------------------------------
+        const expectedShadow = createDeltaShadowMsg([
+            enabledSshPortInfo,
+            enabledHttpPortInfo_1,
+            enabledHttpPortInfo_2,
+            enabledHttpPortInfo_3
+        ]);
+        const expUpdateReported = transformDeltaToUpdateReported(expectedShadow);
+        const desiredDeltaMsg = createDeltaShadowMsg([
+            enabledSshPortInfo,
+            enabledHttpPortInfo_1,
+            enabledHttpPortInfo_2,
+            enabledHttpPortInfo_3
+        ]);
+        jest.mocked(spawner_detached_1.runDetachedProcess).mockResolvedValueOnce({});
+        jest.mocked(spawner_detached_1.runDetachedProcess).mockResolvedValueOnce({});
+        // Act
+        // --------------------------------------------------------------------
+        const actualReportedShadow = await testStHandlerSingleton.syncShadowToDeviceState(desiredDeltaMsg);
+        // Assert
+        // --------------------------------------------------------------------
+        expect(actualReportedShadow).toEqual(expUpdateReported);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenCalledTimes(3);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenNthCalledWith(1, 'socat', [
+            `tcp4-listen:${ST_START_PORT_NUMBER + 1},fork`,
+            `tcp4:${enabledHttpPortInfo_1.ip}:${enabledHttpPortInfo_1.port}`
+        ]);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenNthCalledWith(2, 'socat', [
+            `tcp4-listen:${ST_START_PORT_NUMBER + 2},fork`,
+            `tcp4:${enabledHttpPortInfo_2.ip}:${enabledHttpPortInfo_2.port}`
+        ]);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenCalledWith('socat', [
+            `tcp4-listen:${ST_START_PORT_NUMBER + 3},fork`,
+            `tcp4:${enabledHttpPortInfo_3.ip}:${enabledHttpPortInfo_3.port}`
+        ]);
+        expect(spawner_detached_1.killDetachedProcess).toHaveBeenCalledTimes(0);
+    });
+    it('should update last HTTP reportedShadowState, when ports changing the state from disabled to enabled', async () => {
+        // Arrange
+        // --------------------------------------------------------------------
+        const disableDeltaMsg = createDeltaShadowMsg([
+            disabledSshPortInfo,
+            disabledHttpPortInfo_1,
+            disabledHttpPortInfo_2,
+            disabledHttpPortInfo_3
+        ]);
+        const disableUpdateReported = transformDeltaToUpdateReported(disableDeltaMsg);
+        const disabledReportedShadow = await testStHandlerSingleton.syncShadowToDeviceState(disableDeltaMsg);
+        expect(disabledReportedShadow).toEqual(disableUpdateReported);
+        const enableDeltaMsg = createDeltaShadowMsg([
+            enabledSshPortInfo,
+            enabledHttpPortInfo_1,
+            enabledHttpPortInfo_2,
+            enabledHttpPortInfo_3
+        ]);
+        const expectedDeltaShadow = createDeltaShadowMsg([
+            enabledSshPortInfo,
+            enabledHttpPortInfo_1,
+            enabledHttpPortInfo_2,
+            enabledHttpPortInfo_3
+        ]);
+        const expectedUpdateReported = transformDeltaToUpdateReported(expectedDeltaShadow);
+        jest.mocked(spawner_detached_1.runDetachedProcess).mockResolvedValueOnce({});
+        jest.mocked(spawner_detached_1.runDetachedProcess).mockResolvedValueOnce({});
+        // Act
+        // --------------------------------------------------------------------
+        const actualReportedShadow = await testStHandlerSingleton.syncShadowToDeviceState(enableDeltaMsg);
+        // Assert
+        // --------------------------------------------------------------------
+        expect(actualReportedShadow).toEqual(expectedUpdateReported);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenCalledTimes(3);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenNthCalledWith(1, 'socat', [
+            `tcp4-listen:${ST_START_PORT_NUMBER + 1},fork`,
+            `tcp4:${enabledHttpPortInfo_1.ip}:${enabledHttpPortInfo_1.port}`
+        ]);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenNthCalledWith(2, 'socat', [
+            `tcp4-listen:${ST_START_PORT_NUMBER + 2},fork`,
+            `tcp4:${enabledHttpPortInfo_2.ip}:${enabledHttpPortInfo_2.port}`
+        ]);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenCalledWith('socat', [
+            `tcp4-listen:${ST_START_PORT_NUMBER + 3},fork`,
+            `tcp4:${enabledHttpPortInfo_3.ip}:${enabledHttpPortInfo_3.port}`
+        ]);
+        expect(spawner_detached_1.killDetachedProcess).toHaveBeenCalledTimes(0);
+    });
+    //---------------------------------------------------------------------------
+    // test destroy function
+    //---------------------------------------------------------------------------
+    it('should destroy all socat processes', async () => {
+        // Arrange
+        // --------------------------------------------------------------------
+        const stConfig = [enabledSshPortInfo, enabledHttpPortInfo_1];
+        const deltaShadowMsg = createDeltaShadowMsg(stConfig);
+        const updateReported = transformDeltaToUpdateReported(deltaShadowMsg);
+        stConfig
+            .filter((portInfo) => portInfo.type === 'HTTP')
+            .forEach((portInfo) => {
+            jest
+                .mocked(spawner_detached_1.runDetachedProcess)
+                .mockResolvedValueOnce({});
+        });
+        const newReportedShadow = await testStHandlerSingleton.syncShadowToDeviceState(deltaShadowMsg);
+        expect(newReportedShadow).toEqual(updateReported);
+        jest.clearAllMocks(); // after setting up the shadow, we need to reset mocks again
+        jest.resetModules();
+        const expStConfig = [disabledSshPortInfo];
+        const expDeltaShadowMsg = createDeltaShadowMsg(expStConfig);
+        const expUpdateReported = transformDeltaToUpdateReported(expDeltaShadowMsg);
+        // Act
+        // --------------------------------------------------------------------
+        await testStHandlerSingleton.destroy();
+        const actualReportedShadow = testStHandlerSingleton.getSecureTunnelShadow();
+        // Assert
+        // --------------------------------------------------------------------
+        expect(actualReportedShadow).toEqual(expUpdateReported);
+    });
+    //---------------------------------------------------------------------------
+    // test secureTunnelNotifyHandler function
+    //---------------------------------------------------------------------------
+    it('should start Secure Tunnel, given localproxy already downloaded and default shadow is not enabled, that is default SSH connection', async () => {
+        // Arrange
+        // --------------------------------------------------------------------
+        mockJsSpawner.exists.mockResolvedValueOnce(true); // mock that localproxy already exists on file system
+        const message = {
+            clientAccessToken: 'DefaultSSHConnection_001',
+            region: 'us-west-2',
+            services: ['SSH']
+        };
+        const expectedLocalproxyArgs = [
+            '--destination-app',
+            '22',
+            '--region',
+            message.region,
+            '--capath',
+            directories_1.AWS_ROOT_CERTIFICATE_FILE_PATH,
+            '--local-bind-address',
+            '0.0.0.0',
+            '-t',
+            message.clientAccessToken
+        ];
+        // Act
+        // --------------------------------------------------------------------
+        await testStHandlerSingleton.secureTunnelNotifyHandler(message);
+        // Assert
+        // --------------------------------------------------------------------
+        expect(mockJsSpawner.exists).toHaveBeenCalledTimes(1);
+        expect(system_info_1.getArch).not.toHaveBeenCalled();
+        expect(system_info_1.getOsVersion).not.toHaveBeenCalled();
+        expect(system_info_1.getDistribution).not.toHaveBeenCalled();
+        expect(mockJsSpawner.mkdirp).not.toHaveBeenCalled();
+        expect(mockJsSpawner.run).not.toHaveBeenCalled();
+        expect(download_file_1.downloadFile).not.toHaveBeenCalled();
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenCalledTimes(1);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenCalledWith(directories_1.SECURE_TUNNEL_BIN_PATH, expectedLocalproxyArgs);
+        expect(spawner_detached_1.killDetachedProcess).not.toHaveBeenCalled();
+    });
+    const testCasesForDIfferentLocalproxyEnv = [
+        // linuxDistro, osVersion, arch
+        ['debian', '12', 'aarch64'],
+        ['debian', '12', 'arm64'],
+        ['macos', '13.4', 'arm64v8'],
+        ['raspbian', '9.13', 'armhf'],
+        ['raspbian', '11', 'armhf'],
+        ['ubuntu', '18.04', 'amd64'],
+        ['ubuntu', '18.04', 'arm64'],
+        ['ubuntu', '18.04', 'armhf'],
+        ['ubuntu', '20.04', 'amd64'],
+        ['ubuntu', '20.04', 'arm64'],
+        ['ubuntu', '20.04', 'armhf'],
+        ['ubuntu', '22.04', 'amd64'],
+        ['ubuntu', '22.04', 'arm64'],
+        ['ubuntu', '23.04', 'amd64'],
+        ['ubuntu', '23.04', 'arm64'],
+        ['ubuntu', '23.10', 'amd64'],
+        ['ubuntu', '23.10', 'arm64']
+    ];
+    test.each(testCasesForDIfferentLocalproxyEnv)('should start Secure Tunnel, given localproxy downloaded needed and default shadow is not enabled, that is default SSH connection', async (linuxDistro, osVersion, arch) => {
+        // Arrange
+        // --------------------------------------------------------------------
+        mockJsSpawner.exists.mockResolvedValueOnce(false); // mock that localproxy does not exist on file system
+        jest.mocked(system_info_1.getArch).mockResolvedValueOnce(arch);
+        jest.mocked(system_info_1.getOsVersion).mockResolvedValueOnce(osVersion);
+        jest.mocked(system_info_1.getDistribution).mockResolvedValueOnce(linuxDistro);
+        const expectedUrl = `${urls_1.aaiArtifactsBucketUrl}/securetunnel/${linuxDistro}/${osVersion}/${arch}/${directories_1.SECURE_TUNNEL_BIN_NAME}`;
+        const message = {
+            clientAccessToken: 'DefaultSSHConnection_001',
+            region: 'us-west-2',
+            services: ['SSH']
+        };
+        const expectedLocalproxyArgs = [
+            '--destination-app',
+            '22',
+            '--region',
+            message.region,
+            '--capath',
+            directories_1.AWS_ROOT_CERTIFICATE_FILE_PATH,
+            '--local-bind-address',
+            '0.0.0.0',
+            '-t',
+            message.clientAccessToken
+        ];
+        // Act
+        // --------------------------------------------------------------------
+        await testStHandlerSingleton.secureTunnelNotifyHandler(message);
+        // Assert
+        // --------------------------------------------------------------------
+        expect(mockJsSpawner.exists).toHaveBeenCalledTimes(1);
+        expect(mockJsSpawner.exists).toHaveBeenCalledWith(directories_1.SECURE_TUNNEL_BIN_PATH);
+        expect(system_info_1.getArch).toHaveBeenCalledTimes(1);
+        expect(system_info_1.getOsVersion).toHaveBeenCalledTimes(1);
+        expect(system_info_1.getDistribution).toHaveBeenCalledTimes(1);
+        expect(mockJsSpawner.mkdirp).toHaveBeenCalledTimes(1);
+        expect(mockJsSpawner.mkdirp).toHaveBeenCalledWith((0, path_1.join)(paths_1.AAI_DIR, directories_1.SECURE_TUNNEL_BIN_DIR));
+        expect(mockJsSpawner.run).toHaveBeenCalledTimes(1);
+        expect(mockJsSpawner.run).toHaveBeenCalledWith({
+            exe: 'chmod',
+            args: ['+x', directories_1.SECURE_TUNNEL_BIN_PATH]
+        });
+        expect(download_file_1.downloadFile).toHaveBeenCalledTimes(1);
+        expect(download_file_1.downloadFile).toHaveBeenCalledWith({
+            url: expectedUrl,
+            path: directories_1.SECURE_TUNNEL_BIN_PATH,
+            errorMessage: `Secure Tunnel bin for ${linuxDistro} ${osVersion} ${arch} not found}`
+        });
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenCalledTimes(1);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenCalledWith(directories_1.SECURE_TUNNEL_BIN_PATH, expectedLocalproxyArgs);
+        expect(spawner_detached_1.killDetachedProcess).not.toHaveBeenCalled();
+    });
+    const testCasesForInvalidSecureTunnelNotificationParameters = [
+        [{ clientAccessToken: '', region: '', services: [] }],
+        [
+            {
+                clientAccessToken: '',
+                region: 'us-west-2',
+                services: ['SSH']
+            }
+        ],
+        [
+            {
+                clientAccessToken: '001',
+                region: 'us-west-1',
+                services: ['SSH']
+            }
+        ],
+        [
+            {
+                clientAccessToken: '002',
+                region: 'us-east-2',
+                services: ['SSH']
+            }
+        ],
+        [
+            {
+                clientAccessToken: '003',
+                region: 'eu-central-1',
+                services: ['SSH']
+            }
+        ],
+        [
+            {
+                clientAccessToken: '004',
+                region: 'invalid region',
+                services: ['SSH']
+            }
+        ],
+        [
+            {
+                clientAccessToken: '005',
+                region: 'us-west-2',
+                services: [] // no service field
+            }
+        ],
+        [
+            {
+                clientAccessToken: '006',
+                region: 'us-west-2',
+                services: [''] // empty field in service
+            }
+        ],
+        [
+            {
+                clientAccessToken: '007',
+                region: 'us-west-2',
+                services: ['SSH', ''] // one of the fields is empty in service
+            }
+        ],
+        [
+            {
+                clientAccessToken: '008',
+                region: 'us-west-2',
+                services: ['SSH1', '', 'HTTP1'] // one of the fields is empty in service
+            }
+        ],
+        [
+            {
+                clientAccessToken: '009',
+                region: 'us-west-2',
+                services: ['SSH1', 'NOT_VALID'] // one of the fields is invalid
+            }
+        ],
+        [
+            {
+                clientAccessToken: '010',
+                region: 'us-west-2',
+                services: ['FTP', 'HTTP1'] // one of the fields is invalid
+            }
+        ],
+        [
+            {
+                clientAccessToken: '011',
+                region: 'us-west-2',
+                services: ['SSH1', 'FTP1', 'HTTP1'] // one of the fields is invalid
+            }
+        ]
+    ];
+    test.each(testCasesForInvalidSecureTunnelNotificationParameters)('should NOT start Secure Tunnel, given one of the fields of message is invalid', async (message) => {
+        // Arrange
+        // --------------------------------------------------------------------
+        mockJsSpawner.exists.mockResolvedValueOnce(true); // mock that localproxy already exists on file system
+        const expectedLocalproxyArgs = [
+            '--destination-app',
+            '22',
+            '--region',
+            message.region,
+            '--capath',
+            directories_1.AWS_ROOT_CERTIFICATE_FILE_PATH,
+            '--local-bind-address',
+            '0.0.0.0',
+            '-t',
+            message.clientAccessToken
+        ];
+        // Act
+        // --------------------------------------------------------------------
+        await testStHandlerSingleton.secureTunnelNotifyHandler(message);
+        // Assert
+        // --------------------------------------------------------------------
+        expect(mockJsSpawner.exists).toHaveBeenCalledTimes(0);
+        expect(system_info_1.getArch).not.toHaveBeenCalled();
+        expect(system_info_1.getOsVersion).not.toHaveBeenCalled();
+        expect(system_info_1.getDistribution).not.toHaveBeenCalled();
+        expect(mockJsSpawner.mkdirp).not.toHaveBeenCalled();
+        expect(download_file_1.downloadFile).not.toHaveBeenCalled();
+        expect(mockJsSpawner.run).not.toHaveBeenCalled();
+        expect(spawner_detached_1.runDetachedProcess).not.toHaveBeenCalled();
+        expect(spawner_detached_1.killDetachedProcess).not.toHaveBeenCalled();
+    });
+    const testCasesMismatchBetweenServicesAndConfig = [
+        [
+            {
+                clientAccessToken: '001',
+                region: 'us-west-2',
+                services: ['SSH']
+            },
+            [enabledHttpPortInfo_1]
+        ],
+        [
+            {
+                clientAccessToken: '002',
+                region: 'us-west-2',
+                services: ['SSH1', 'HTTP1', 'HTTP2']
+            },
+            [enabledHttpPortInfo_1, enabledHttpPortInfo_2, enabledHttpPortInfo_3]
+        ],
+        [
+            {
+                clientAccessToken: '003',
+                region: 'us-west-2',
+                services: ['HTTP1', 'HTTP2']
+            },
+            [enabledHttpPortInfo_1, enabledHttpPortInfo_2, enabledHttpPortInfo_3]
+        ],
+        [
+            {
+                clientAccessToken: '004',
+                region: 'us-west-2',
+                services: ['HTTP1', 'HTTP2', 'HTTP3']
+            },
+            [enabledHttpPortInfo_1, enabledHttpPortInfo_2]
+        ],
+        [
+            {
+                clientAccessToken: '005',
+                region: 'us-west-2',
+                services: ['HTTP1', 'HTTP2', 'HTTP3', 'HTTP4']
+            },
+            [enabledHttpPortInfo_1, enabledHttpPortInfo_2, enabledHttpPortInfo_3]
+        ],
+        [
+            {
+                clientAccessToken: '006',
+                region: 'us-west-2',
+                services: ['SSH', 'HTTP1']
+            },
+            [enabledSshPortInfo]
+        ],
+        [
+            {
+                clientAccessToken: '006',
+                region: 'us-west-2',
+                services: ['SSH1', 'SSH2']
+            },
+            [enabledSshPortInfo, invalidSshPortInfo]
+        ]
+    ];
+    test.each(testCasesMismatchBetweenServicesAndConfig)('should NOT start Secure Tunnel, given services mismatch received config', async (message, stConfig) => {
+        // Arrange
+        // --------------------------------------------------------------------
+        const deltaShadowMsg = createDeltaShadowMsg(stConfig);
+        const updateReported = transformDeltaToUpdateReported(deltaShadowMsg);
+        stConfig
+            .filter((portInfo) => portInfo.type === 'HTTP')
+            .forEach((portInfo) => {
+            jest
+                .mocked(spawner_detached_1.runDetachedProcess)
+                .mockResolvedValueOnce({});
+        });
+        const actualReportedShadow = await testStHandlerSingleton.syncShadowToDeviceState(deltaShadowMsg);
+        expect(actualReportedShadow).toEqual(updateReported);
+        jest.clearAllMocks(); // after setting up the shadow, we need to reset mocks again
+        jest.resetModules();
+        mockJsSpawner.exists.mockResolvedValueOnce(true); // mock that localproxy already exists on file system
+        const expectedLocalproxyArgs = [
+            '--destination-app',
+            '22',
+            '--region',
+            message.region,
+            '--capath',
+            directories_1.AWS_ROOT_CERTIFICATE_FILE_PATH,
+            '--local-bind-address',
+            '0.0.0.0',
+            '-t',
+            message.clientAccessToken
+        ];
+        // Act
+        // --------------------------------------------------------------------
+        await testStHandlerSingleton.secureTunnelNotifyHandler(message);
+        // Assert
+        // --------------------------------------------------------------------
+        expect(mockJsSpawner.exists).toHaveBeenCalledTimes(0);
+        expect(system_info_1.getArch).not.toHaveBeenCalled();
+        expect(system_info_1.getOsVersion).not.toHaveBeenCalled();
+        expect(system_info_1.getDistribution).not.toHaveBeenCalled();
+        expect(mockJsSpawner.mkdirp).not.toHaveBeenCalled();
+        expect(download_file_1.downloadFile).not.toHaveBeenCalled();
+        expect(spawner_detached_1.runDetachedProcess).not.toHaveBeenCalled();
+        expect(spawner_detached_1.killDetachedProcess).not.toHaveBeenCalled();
+    });
+    const testCasesMatchBetweenServicesAndConfig = [
+        [
+            {
+                clientAccessToken: '001',
+                region: 'us-west-2',
+                services: ['SSH']
+            },
+            [enabledSshPortInfo],
+            '22'
+        ],
+        [
+            {
+                clientAccessToken: '002',
+                region: 'us-west-2',
+                services: ['SSH1', 'HTTP1', 'HTTP2']
+            },
+            [
+                enabledSshPortInfo,
+                enabledHttpPortInfo_1,
+                enabledHttpPortInfo_2,
+                disabledHttpPortInfo_3
+            ],
+            'SSH1=22,HTTP1=5011,HTTP2=5012'
+        ],
+        [
+            {
+                clientAccessToken: '003',
+                region: 'us-west-2',
+                services: ['HTTP1', 'HTTP2']
+            },
+            [enabledHttpPortInfo_1, enabledHttpPortInfo_2],
+            'HTTP1=5011,HTTP2=5012'
+        ],
+        [
+            {
+                clientAccessToken: '004',
+                region: 'us-west-2',
+                services: ['HTTP1', 'HTTP2', 'HTTP3']
+            },
+            [enabledHttpPortInfo_1, enabledHttpPortInfo_2, enabledHttpPortInfo_3],
+            'HTTP1=5011,HTTP2=5012,HTTP3=5013'
+        ],
+        [
+            {
+                clientAccessToken: '005',
+                region: 'us-west-2',
+                services: ['HTTP1', 'HTTP2', 'HTTP3']
+            },
+            [
+                disabledSshPortInfo,
+                enabledHttpPortInfo_1,
+                enabledHttpPortInfo_2,
+                enabledHttpPortInfo_3
+            ],
+            'HTTP1=5011,HTTP2=5012,HTTP3=5013'
+        ],
+        [
+            {
+                clientAccessToken: '006',
+                region: 'us-west-2',
+                services: ['SSH1', 'HTTP1']
+            },
+            [
+                enabledSshPortInfo,
+                disabledHttpPortInfo_1,
+                enabledHttpPortInfo_2,
+                disabledHttpPortInfo_3
+            ],
+            'SSH1=22,HTTP1=5011'
+        ]
+    ];
+    test.each(testCasesMatchBetweenServicesAndConfig)('should start Secure Tunnel, given services and port config match', async (message, stConfig, expectedPortMapping) => {
+        // Arrange
+        // --------------------------------------------------------------------
+        const deltaShadowMsg = createDeltaShadowMsg(stConfig);
+        const updateReported = transformDeltaToUpdateReported(deltaShadowMsg);
+        stConfig
+            .filter((portInfo) => portInfo.type === 'HTTP')
+            .forEach((portInfo) => {
+            jest
+                .mocked(spawner_detached_1.runDetachedProcess)
+                .mockResolvedValueOnce({});
+        });
+        const actualReportedShadow = await testStHandlerSingleton.syncShadowToDeviceState(deltaShadowMsg);
+        expect(actualReportedShadow).toEqual(updateReported);
+        jest.clearAllMocks(); // after setting up the shadow, we need to reset mocks again
+        jest.resetModules();
+        mockJsSpawner.exists.mockResolvedValueOnce(true); // mock that localproxy already exists on file system
+        const expectedLocalproxyArgs = [
+            '--destination-app',
+            expectedPortMapping,
+            '--region',
+            message.region,
+            '--capath',
+            directories_1.AWS_ROOT_CERTIFICATE_FILE_PATH,
+            '--local-bind-address',
+            '0.0.0.0',
+            '-t',
+            message.clientAccessToken
+        ];
+        // Act
+        // --------------------------------------------------------------------
+        await testStHandlerSingleton.secureTunnelNotifyHandler(message);
+        // Assert
+        // --------------------------------------------------------------------
+        expect(mockJsSpawner.exists).toHaveBeenCalledTimes(1);
+        expect(system_info_1.getArch).not.toHaveBeenCalled();
+        expect(system_info_1.getOsVersion).not.toHaveBeenCalled();
+        expect(system_info_1.getDistribution).not.toHaveBeenCalled();
+        expect(mockJsSpawner.mkdirp).not.toHaveBeenCalled();
+        expect(download_file_1.downloadFile).not.toHaveBeenCalled();
+        expect(mockJsSpawner.run).not.toHaveBeenCalled();
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenCalledTimes(1);
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenCalledWith(directories_1.SECURE_TUNNEL_BIN_PATH, expectedLocalproxyArgs);
+        expect(spawner_detached_1.killDetachedProcess).toHaveBeenCalledTimes(0);
+    });
+    it('should start Secure Tunnel, given 1 SSH and 1 HTTP ports enabled', async () => {
+        // Arrange
+        // --------------------------------------------------------------------
+        const message = {
+            clientAccessToken: '089',
+            region: 'us-west-2',
+            services: ['SSH1', 'HTTP1']
+        };
+        let stConfig = [enabledSshPortInfo, enabledHttpPortInfo_1];
+        const expectedPortMapping = 'SSH1=22,HTTP1=5011';
+        let deltaShadowMsg = createDeltaShadowMsg(stConfig);
+        let updateReported = transformDeltaToUpdateReported(deltaShadowMsg);
+        stConfig
+            .filter((portInfo) => portInfo.type === 'HTTP')
+            .forEach((portInfo) => {
+            jest
+                .mocked(spawner_detached_1.runDetachedProcess)
+                .mockResolvedValueOnce({});
+        });
+        const socatArgs = [
+            `tcp4-listen:${ST_START_PORT_NUMBER + 1},fork`,
+            `tcp4:${enabledHttpPortInfo_1.ip}:${enabledHttpPortInfo_1.port}`
+        ];
+        const beforeReportedShadow = await testStHandlerSingleton.syncShadowToDeviceState(deltaShadowMsg);
+        expect(beforeReportedShadow).toEqual(updateReported);
+        jest.clearAllMocks(); // after setting up the shadow, we need to reset mocks again
+        jest.resetModules();
+        mockJsSpawner.exists.mockResolvedValueOnce(true); // mock that localproxy already exists on file system
+        const expectedLocalproxyArgs = [
+            '--destination-app',
+            expectedPortMapping,
+            '--region',
+            message.region,
+            '--capath',
+            directories_1.AWS_ROOT_CERTIFICATE_FILE_PATH,
+            '--local-bind-address',
+            '0.0.0.0',
+            '-t',
+            message.clientAccessToken
+        ];
+        await testStHandlerSingleton.secureTunnelNotifyHandler(message);
+        jest.clearAllMocks(); // after setting up the shadow, we need to reset mocks again
+        jest.resetModules();
+        stConfig = [disabledSshPortInfo, disabledHttpPortInfo_1];
+        deltaShadowMsg = createDeltaShadowMsg(stConfig);
+        updateReported = transformDeltaToUpdateReported(deltaShadowMsg);
+        stConfig.forEach((portInfo) => {
+            jest.mocked(spawner_detached_1.runDetachedProcess).mockResolvedValueOnce({});
+        });
+        // Act
+        // --------------------------------------------------------------------
+        const actualReportedShadow = await testStHandlerSingleton.syncShadowToDeviceState(deltaShadowMsg);
+        // Assert
+        // --------------------------------------------------------------------
+        expect(actualReportedShadow).toEqual(updateReported);
+        expect(mockJsSpawner.exists).not.toHaveBeenCalled();
+        expect(system_info_1.getArch).not.toHaveBeenCalled();
+        expect(system_info_1.getOsVersion).not.toHaveBeenCalled();
+        expect(system_info_1.getDistribution).not.toHaveBeenCalled();
+        expect(mockJsSpawner.mkdirp).not.toHaveBeenCalled();
+        expect(download_file_1.downloadFile).not.toHaveBeenCalled();
+        expect(mockJsSpawner.run).not.toHaveBeenCalled();
+        expect(spawner_detached_1.runDetachedProcess).toHaveBeenCalledTimes(0);
+        expect(spawner_detached_1.killDetachedProcess).toHaveBeenCalledTimes(2);
+        expect(spawner_detached_1.killDetachedProcess).toHaveBeenCalledWith({}, [
+            ['socat', ...socatArgs].join(' ')
+        ]);
+    });
+});
+//# sourceMappingURL=secure-tunneling.test.js.map