From dbb7d78eb7ca9570a7549bb6fafd09fc1bff3973 Mon Sep 17 00:00:00 2001 From: Daniel Scott-Raynsford Date: Mon, 29 Aug 2016 15:54:05 +1200 Subject: [PATCH 1/2] Removed certificate verification from xCertReq because an network outage would cause certificate reissuance --- DSCResources/MSFT_xCertReq/MSFT_xCertReq.psm1 | 9 --------- .../MSFT_xCertReq/en-us/MSFT_xCertReq.strings.psd1 | 2 +- 2 files changed, 1 insertion(+), 10 deletions(-) diff --git a/DSCResources/MSFT_xCertReq/MSFT_xCertReq.psm1 b/DSCResources/MSFT_xCertReq/MSFT_xCertReq.psm1 index 7425b646..b9639c17 100644 --- a/DSCResources/MSFT_xCertReq/MSFT_xCertReq.psm1 +++ b/DSCResources/MSFT_xCertReq/MSFT_xCertReq.psm1 @@ -448,15 +448,6 @@ function Test-TargetResource } # if } # if - if (-not $cert.Verify()) - { - Write-Verbose -Message ( @( - "$($MyInvocation.MyCommand): " - $($LocalizedData.InvalidCertificateMessage -f $Subject,$ca,$cert.Thumbprint) - ) -join '' ) - return $false - } # if - # The certificate was found and is OK - so no change required. Write-Verbose -Message ( @( "$($MyInvocation.MyCommand): " diff --git a/DSCResources/MSFT_xCertReq/en-us/MSFT_xCertReq.strings.psd1 b/DSCResources/MSFT_xCertReq/en-us/MSFT_xCertReq.strings.psd1 index 4f652651..204756a2 100644 --- a/DSCResources/MSFT_xCertReq/en-us/MSFT_xCertReq.strings.psd1 +++ b/DSCResources/MSFT_xCertReq/en-us/MSFT_xCertReq.strings.psd1 @@ -14,7 +14,7 @@ ConvertFrom-StringData @' ExpiringCertificateMessage = The certificate found with subject '{0}' issued by {1} with thumbprint '{2}' is about to expire. NoValidCertificateMessage = No valid certificate found with subject '{0}' issued by {1}. ExpiredCertificateMessage = The certificate found with subject '{0}' issued by {1} with thumbprint '{2}' has expired. - InvalidCertificateMessage = Teh certificate found with subject '{0}' issued by {1} with thumbprint '{2}' is inavlid. + InvalidCertificateMessage = The certificate found with subject '{0}' issued by {1} with thumbprint '{2}' is inavlid. ValidCertificateExistsMessage = Valid certificate '{2}' found with subject '{0}' issued by {1}. CertificateReqNotFoundError = Certificate Request file '{0}' not found. CertificateCerNotFoundError = Certificate file '{0}' not found. From d08d73633cd0fd673a35cc40ad20f6e105b6744f Mon Sep 17 00:00:00 2001 From: Daniel Scott-Raynsford Date: Mon, 29 Aug 2016 16:06:39 +1200 Subject: [PATCH 2/2] Removed duplicate xCertReq tests and test for invalid test --- Tests/Unit/MSFT_xCertReq.tests.ps1 | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/Tests/Unit/MSFT_xCertReq.tests.ps1 b/Tests/Unit/MSFT_xCertReq.tests.ps1 index 8b7a14bf..cddd427c 100644 --- a/Tests/Unit/MSFT_xCertReq.tests.ps1 +++ b/Tests/Unit/MSFT_xCertReq.tests.ps1 @@ -118,16 +118,6 @@ try Add-Member -InputObject $expiredCert -MemberType ScriptMethod -Name Verify -Value { return $true } - $invalidCert = New-Object -TypeName PSObject -Property @{ - Thumbprint = $validThumbprint - Subject = "CN=$validSubject" - Issuer = $validIssuer - NotBefore = (Get-Date).AddDays(-30) # Issued on - NotAfter = (Get-Date).AddDays(31) # Expires after - } - Add-Member -InputObject $invalidCert -MemberType ScriptMethod -Name Verify -Value { - return $false - } $testUsername = 'DummyUsername' $testPassword = 'DummyPassword' @@ -473,16 +463,6 @@ RenewalCert = $validThumbprint -Mockwith { $expiringCert } Test-TargetResource @ParamsAutoRenew | Should Be $true } - It 'returns true when a valid certificate already exists and is about to expire and autorenew set' { - Mock Get-ChildItem -ParameterFilter { $Path -eq 'Cert:\LocalMachine\My' } ` - -Mockwith { $expiringCert } - Test-TargetResource @ParamsAutoRenew | Should Be $true - } - It 'returns false when a valid certificate already exists and is about to expire and autorenew not set' { - Mock Get-ChildItem -ParameterFilter { $Path -eq 'Cert:\LocalMachine\My' } ` - -Mockwith { $invalidCert } - Test-TargetResource @Params | Should Be $false - } } } }