From df82147fd041d73820a35ee524bec558e866f6b0 Mon Sep 17 00:00:00 2001
From: John McCrae <jmccrae@chf.io>
Date: Sun, 15 May 2022 11:14:44 +0600
Subject: [PATCH] refactoring to correct for not finding certs correctly in
 some cases.

Signed-off-by: John McCrae <jmccrae@chf.io>
---
 lib/win32/certstore.rb            |  10 ++--------
 lib/win32/certstore/store_base.rb |  10 +++++++---
 spec/win32/assets/billg.pfx       | Bin 0 -> 2597 bytes
 spec/win32/unit/certstore_spec.rb |  15 +++++++++++++--
 4 files changed, 22 insertions(+), 13 deletions(-)
 create mode 100644 spec/win32/assets/billg.pfx

diff --git a/lib/win32/certstore.rb b/lib/win32/certstore.rb
index cacc42a..d4f48c6 100644
--- a/lib/win32/certstore.rb
+++ b/lib/win32/certstore.rb
@@ -84,7 +84,7 @@ def get(certificate_thumbprint)
     def get!(certificate_thumbprint)
       cert_pem = cert_get(certificate_thumbprint)
 
-      raise ArgumentError, "Unable to retrieve the certificate" if cert_pem.empty?
+      raise ArgumentError, "Unable to retrieve the certificate" if cert_pem.empty? || cert_pem == "Certificate Not Found"
 
       cert_pem
     end
@@ -118,13 +118,7 @@ def get_thumbprint(search_token)
     # @param request[thumbprint<string>] of certificate
     # @return [true, false] only true or false
     def valid?(certificate_thumbprint)
-      cert_validate(certificate_thumbprint).yield_self do |x|
-        if x.is_a?(TrueClass) || x.is_a?(FalseClass)
-          x
-        else
-          false
-        end
-      end
+      cert_validate(certificate_thumbprint)
     end
 
     # To close and destroy pointer of open certificate store handler
diff --git a/lib/win32/certstore/store_base.rb b/lib/win32/certstore/store_base.rb
index bf0b52c..0f37db2 100644
--- a/lib/win32/certstore/store_base.rb
+++ b/lib/win32/certstore/store_base.rb
@@ -146,10 +146,11 @@ def cert_delete(store_handler, certificate_thumbprint)
       def cert_validate(certificate_thumbprint)
         validate_thumbprint(certificate_thumbprint)
         thumbprint = update_thumbprint(certificate_thumbprint)
-
         cert_pem = get_cert_pem(thumbprint)
+        return cert_pem  if cert_pem == "Certificate Not Found"
         cert_pem = format_pem(cert_pem)
-        verify_certificate(cert_pem)
+        result = verify_certificate(cert_pem)
+        result == false ? "Certificate Has Expired" : result
       end
 
       # Search certificate from open certificate store and return list
@@ -184,13 +185,16 @@ def cert_lookup_by_token(search_token, store_name: @store_name, store_location:
                           end
         powershell_cmd = <<~EOH
             $result = Get-ChildItem -Path Cert:\\#{converted_store}\\#{store_name} | Where-Object { $_.Subject -match "#{search_token.strip}" } | Select-Object Thumbprint
+            if ([string]::IsNullOrEmpty($result)){
+              return "Certificate Not Found"
+            }
             return $result[0].Thumbprint
         EOH
 
         powershell_exec!(powershell_cmd, :powershell, timeout: timeout).result
 
       rescue ChefPowerShell::PowerShellExceptions::PowerShellCommandFailed
-        return "Certificate not found"
+        raise ArgumentError, "PowerShell threw an error retreiving the certificate. You asked for a cert with this Search Token : #{search_token}, located in this store : #{store_name}, at this location : #{store_location}"
       end
 
       # To close and destroy pointer of open certificate store handler
diff --git a/spec/win32/assets/billg.pfx b/spec/win32/assets/billg.pfx
new file mode 100644
index 0000000000000000000000000000000000000000..3efdf25cb3bd0f741804f2c4e96fddd3072597ab
GIT binary patch
literal 2597
zcmZWqc{tQtAODRRGsZ4;sb&g;>}H6ul@!IDOm-t{W8X6<W4oEGc^N7$34>eKLPWAF
z%aASGWGVY4*$OeQ;m+;3%kw_(bDr-xpYP{$zRN%7e9;tcaSjj|O@U8A;c~HtvETVX
zFc6Ib?}Jd_-E6u8O@Rvhj|2rE6wZA#g>#o}TTq_AqIkJM95f2#08N1~(FiE_-!wZp
zKZNVd8J_fG47Y3!4%h&M0%2rd$Q@Nm*WV7;<g(C=)l$jF7iGy;;#py1-w7w8rgHlY
zyqazc7tz&y75G!4vD<~co_R{J0|`Fv1}4Mz10z-Nii}DtGU533JetR#n~!)jE$LWc
zQ=|Q6QrT((z5bUjr+cmu)*tE6K%cO_bs?1Xh?Rc5li&8E5XhG7!piBC=U$vL*ZGxE
z;is0m%C#A=tIkROC!QaTVR-Yc0R?GEUNZ;d#mk~fZyzb#cTQ^7ox)=8@p!+|9}uGQ
zbmkTJZG7m{bX0>1N8f)%p~!LfV=&Vk!F6wVqhID_fyFb^)=a1o7fZWTF1%7QEzxf1
zobAl58(qD0v_xLi(D=zgV(V&0$rQ@&p-a2X?o0Vj&}ey(XitPbf^r6`*`snA@>?$J
zy{raSkJswdh1Xp-Z*rQ&e8|)`gs>3OhIQ9SD{dMvd{Mhn$)x|g-ME(O#~WiGf@6(I
zVYA#Gp^Kvsrkba&@i->4p3u6bH0(KJEu)FQM<%F1L$q5Ax|S~TQ0()k23yoY%}ayQ
zQg30EZXPGI0^YQrqQzDHwk;JZUg2x~&X_!cpc39p^73dolgn-(#8@#_(^X5^t@BUQ
zQ1L5NqMDSz(Ax|j3%XE#*OOg_@4ao~sB>@X#%S>lm8_1d`o%kUm;!?F`IVbB7S|00
zry2t+Pv|*#!2LQ*%um)grpD`T=5OH~Eb1<0p9Ru<ZMg!J|1(BKzw^vJz}pVVwwz-m
z)tYhH)v(kheE=jeae}o@KK(i&FPTVr;x0j*cpoWYxyID7%Zi9a9ika-I_645V%Qgh
z%;~D_TPzV3)e-~YeA(Nc*j~Uah5!++n{?qHqTKU2h(T-h%3QPj0!40Xb&E6+rM09|
z&u!RObcQ6D9f{H93oxzv^=39>$D;9pen8F&xzDdxwK~UT%13+XuGq^*!SB~m8jn&_
zBu?6ci_Guf%d>?z_g?dTRRXD?oMekQy`qoDj!=|GvdaS!Yi@O$Tg2$?#E$6289bdq
zV{Oabk&let4-{g%8*4+Gax2EILi`#E3*j*uV9LAskVS=$(PB$$ZL_ME*LYRxc>7m|
zzqVPD)rx8ySHi&s2@g7O2P0kHv()ZuL*TW!&EfiXN5$U#^Gnbu2#?<tOjxwU`6Z7G
z<YJDi2j7%MLD#7&wFXCldN-*ttkY}S2G;nwL;G7kLdP^L!26q;8sbW<h*mt4Yv@x4
zWL);uq2^EAxZW3s!qSEb96Tes<}VbfmWZySkLU1qh$BWfj~gQBHK{tK_p-&o9J>yK
z4wAQJ+<#38{Vl&4*|F8B9Xw^RsVaUa3XX)M69(Z63n{ShM!O0kQ=KK^)o8MDO|{@N
z_sDJcL-8W5UEN{6aD#mn+uq9lW)y5rem`1!PpY_ZS<1fwS)*BbD@`l`lM=G@T~$`w
zeLEu`Y@fz)odO^3*FLV<N;53_6k90=Q~<jn{pZ%nF8;LvvfXVb!O07LNjJkh6h5AA
z9<H7-u?s@+FS~WE%3V<sgvJ`rCWqp#BU9y*V_;;BZxpi$Ga9nm+&TnjdvX&Td4HUa
zaivse?hiELn|fenuGH(>i|J60%U5C^_$TI4gXSz{u6F!v8BncL_L)~?6JfS@$p@8=
z-_a_Vo~MstqGr*2P`Er41OZX7LL3+XE&R{#2|tE`LLeXj0MPdTl1DKnr|>`!;0h=L
zssI{L2Z#Wc?WwbuBH#vK*sKa0odq=5hGC-{>~$8<WFu#`asyCf@6PNPA{)E0J@r4+
z|J?%UM|xwxlYNB*_yd7#b7Pki1I+(Ix7lGNc0n-!$KJ_5lpwZ7V)O1lc#|KIx7ayc
z*ggqO0hj;NKMYEvfN5;%F$V}>A8G$8p#Pr(T2YO4L1Mzof6jqB6tGAAq(F3d;6npR
zW2a+}qtgR#473n@FC!v+X7CAm_xrLO2YbS@9*T#O9oCAKn;D$N^F(i1g7C-Ayu0Pw
zr2RcFBe>e+A_BU4@`Vune8{y8zi(c&$^93S)Iv$kne;FAwxj36l=r>OXCFxpO{E=K
z+iF{_K3<e!+OuzneS09LnfB&V<tGDu)kdnwhmZL=+B~(hwQZdn1DLXEIE?mmFtga&
z=xfjsXVB!#*00jTheF(TUoSUU502~NtjNycIW6r#o;$tQ=0J+`l8(>S^NG_&k`pl*
zY3R6fO9o6s0#(B$Gep`9e<3$@WAP=)ZMn)Nwma}DO(+s3xPCS)i`gNdWz+U$l3SB{
z#Dk&NC_(HjKNk;)-6ST&)fCmK@5oISe5AVG|C~JFiF6{+9-vE8S^VCLo1En%+a+F9
zMQkduZ~A@R@1{NccDp45L##-`8O71Pw34!i37<mrY$HpVrNoSA5uaRCe=*}t<FKjd
z&#;=7@I<Na=CfEU4yhrn4~}qr11k5~GoHiOAwadrK}DiZSMtF3bg{*?$l40}Gnt-I
z1?GSbG#VjDdbvzpv0aey-Tqy*sj@Uv2Om$e2*;IWj0@`aODBxsDoH5fks<?Appy^!
zfNpG&(;eg(D_?4Ff_G#+<C5)}`5YtcKr?zD3IrC+Ds;3tKTYWhBuqwZHV2?=h~b&T
zfd*y+f}Ev7bc=_LuBuC-h^9RU=jI&#Q!>dH{a9fpaaf+b=Ta3jB@uH%l)%IJK>Pou
z43d0xFIvUHc4`@(=B*PvLcbJr`I}a?>2&U7uh;_|+%h&Bo{HO<>FqeV`qY4jWZzFM
zTL#7J$`>x;))nR*jYmO=SUIm%W{Je8y3Gym$P1JtQ=MR)70-$*@^z*W`_Igfy;W^N
z*K(JTdxUAFy3@Bd&+vVfsk)qoZ#56Nfx}mDBb^@`l9b^~Hwjyh&&!x1g>oWRBc<+`
zDO_rDIM$YL^F#o*QbJbBelFyw&HFuKfotW}N_uI*Pa`jbgPGZ`qN}En4FcbGM2j3d
zB0`<KCI*Nn9_XvD-mP==)G%1SJK_I?%Q9?LVXc7lj=#3U8KahJ0)%Se=5BkgtheP9
zJ4{A7DWCD$*;RX*V*AC2q-ge;Kj(F8r`r<$0#6lM8+{rLgL2CAgE>w>j?zz*2$pZ9
rVCdu^*vz*Kr65i&7UXD%yqn0=SM9FGz_B^zq2jI1?sxNlKGZ(|`C*Nt

literal 0
HcmV?d00001

diff --git a/spec/win32/unit/certstore_spec.rb b/spec/win32/unit/certstore_spec.rb
index 51acfcc..1c03229 100644
--- a/spec/win32/unit/certstore_spec.rb
+++ b/spec/win32/unit/certstore_spec.rb
@@ -270,9 +270,20 @@
   describe "#cert_lookup_by_token" do
     context "when searching for a certificate that does not exist" do
       let(:store_name) { "root" }
-      it "returns a message of Certificate not found" do
+      it "returns a message of Certificate Not Found" do
         store = certstore.open(store_name, store_location: store_location)
-        expect(store.cert_lookup_by_token("nunya")).to eql("Certificate not found")
+        expect(store.cert_lookup_by_token("nunya")).to eql("Certificate Not Found")
+      end
+    end
+
+    context "when searching for a certificate that does exist" do
+      before(:each) do
+        allow_any_instance_of(certbase).to receive(:cert_lookup_by_token).and_return("506285bbf4f30446d93e3120e2bffa71b7b9acf2")
+      end
+      let(:store_name) { "root" }
+      it "returns a message of Certificate Not Found" do
+        store = certstore.open(store_name, store_location: store_location)
+        expect(store.cert_lookup_by_token("BillG")).to eql("506285bbf4f30446d93e3120e2bffa71b7b9acf2")
       end
     end
   end