-
Notifications
You must be signed in to change notification settings - Fork 67
/
MSFT_xCertificateExport.Integration.Tests.ps1
170 lines (151 loc) · 7.96 KB
/
MSFT_xCertificateExport.Integration.Tests.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
$script:DSCModuleName = 'xCertificate'
$script:DSCResourceName = 'MSFT_xCertificateExport'
#region HEADER
# Integration Test Template Version: 1.1.0
[String] $script:moduleRoot = Split-Path -Parent (Split-Path -Parent $PSScriptRoot)
if ( (-not (Test-Path -Path (Join-Path -Path $script:moduleRoot -ChildPath 'DSCResource.Tests'))) -or `
(-not (Test-Path -Path (Join-Path -Path $script:moduleRoot -ChildPath 'DSCResource.Tests\TestHelper.psm1'))) )
{
& git @('clone','https://github.com/PowerShell/DscResource.Tests.git',(Join-Path -Path $script:moduleRoot -ChildPath '\DSCResource.Tests\'))
}
Import-Module (Join-Path -Path $script:moduleRoot -ChildPath 'DSCResource.Tests\TestHelper.psm1') -Force
$TestEnvironment = Initialize-TestEnvironment `
-DSCModuleName $script:DSCModuleName `
-DSCResourceName $script:DSCResourceName `
-TestType Integration
#endregion
Import-Module -Name (Join-Path -Path (Join-Path -Path (Split-Path $PSScriptRoot -Parent) -ChildPath 'TestHelpers') -ChildPath 'CommonTestHelper.psm1') -Global
# Using try/finally to always cleanup even if something awful happens.
try
{
#region Integration Tests
$ConfigFile = Join-Path -Path $PSScriptRoot -ChildPath "$($script:DSCResourceName).config.ps1"
. $ConfigFile
Describe "$($script:DSCResourceName)_Integration" {
# Download and dot source the New-SelfSignedCertificateEx script
. (Install-NewSelfSignedCertificateExScript)
# Prepare CER certificate properties
$script:certPath = Join-Path -Path $ENV:Temp -ChildPath 'xCertificateExportTestCert.cer'
$null = Remove-Item -Path $script:certPath -Force -ErrorAction SilentlyContinue
# Prepare PFX certificate properties
$script:pfxPath = Join-Path -Path $ENV:Temp -ChildPath 'xCertificateExportTestCert.pfx'
$null = Remove-Item -Path $script:pfxPath -Force -ErrorAction SilentlyContinue
$pfxPlainTextPassword = 'P@ssword!1'
$pfxPassword = ConvertTo-SecureString -String $pfxPlainTextPassword -AsPlainText -Force
$pfxCred = New-Object -TypeName System.Management.Automation.PSCredential `
-ArgumentList ('Dummy',$pfxPassword)
# Generate the Valid certificate for testing
$certDNSNames = @('www.fabrikam.com', 'www.contoso.com')
$certKeyUsage = @('DigitalSignature','DataEncipherment')
$certEKU = @('Server Authentication','Client authentication')
$certSubject = 'CN=contoso, DC=com'
$certFriendlyName = 'Contoso Test Cert'
$validCert = New-SelfSignedCertificateEx `
-Subject $certSubject `
-KeyUsage $certKeyUsage `
-KeySpec 'Exchange' `
-EKU $certEKU `
-SubjectAlternativeName $certDNSNames `
-FriendlyName $certFriendlyName `
-StoreLocation 'LocalMachine' `
-Exportable
$script:validThumbprint = $validCert.Thumbprint
Context 'Export CERT' {
#region DEFAULT TESTS
It 'Should compile without throwing' {
{
# This is to allow the testing of certreq with domain credentials
$ConfigData = @{
AllNodes = @(
@{
NodeName = 'localhost'
Path = $script:certPath
FriendlyName = $certFriendlyName
Subject = $certSubject
DNSName = $certDNSNames
Issuer = $certSubject
KeyUsage = $certKeyUsage
EnhancedKeyUsage = $certEKU
MatchSource = $true
Type = 'CERT'
}
)
}
& "$($script:DSCResourceName)_Config" `
-OutputPath $TestDrive `
-ConfigurationData $ConfigData
Start-DscConfiguration -Path $TestDrive -ComputerName localhost -Wait -Verbose -Force
} | Should not throw
}
It 'should be able to call Get-DscConfiguration without throwing' {
{ $script:currentCert = Get-DscConfiguration -Verbose -ErrorAction Stop } | Should Not throw
}
#endregion
It 'should have exported a Cert certificate' {
$script:currentCert.IsExported | Should Be $True
}
It 'Should have set the resource and the thumbprint of the exported certificate should match' {
$exportedCert = New-Object -TypeName 'System.Security.Cryptography.X509Certificates.X509Certificate2Collection'
$exportedCert.Import($script:certPath)
$exportedCert[0].Thumbprint | Should Be $script:validThumbprint
}
}
Context 'Export PFX' {
#region DEFAULT TESTS
It 'Should compile without throwing' {
{
# This is to allow the testing of certreq with domain credentials
$ConfigData = @{
AllNodes = @(
@{
NodeName = 'localhost'
Path = $script:pfxPath
FriendlyName = $certFriendlyName
Subject = $certSubject
DNSName = $certDNSNames
Issuer = $certSubject
KeyUsage = $certKeyUsage
EnhancedKeyUsage = $certEKU
MatchSource = $true
Type = 'PFX'
ChainOption = 'BuildChain'
Password = $pfxCred
PsDscAllowPlainTextPassword = $true
}
)
}
& "$($script:DSCResourceName)_Config" `
-OutputPath $TestDrive `
-ConfigurationData $ConfigData
Start-DscConfiguration -Path $TestDrive -ComputerName localhost -Wait -Verbose -Force
} | Should not throw
}
It 'should be able to call Get-DscConfiguration without throwing' {
{ $script:currentPFX = Get-DscConfiguration -Verbose -ErrorAction Stop } | Should Not throw
}
#endregion
It 'should have exported a PFX certificate' {
$script:currentPFX.IsExported | Should Be $True
}
It 'Should have set the resource and the thumbprint of the exported certificate should match' {
$exportedCert = New-Object -TypeName 'System.Security.Cryptography.X509Certificates.X509Certificate2Collection'
$exportedCert.Import($script:certPath,$pfxPassword,[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet)
$exportedCert[0].Thumbprint | Should Be $script:validThumbprint
}
}
AfterAll {
# Cleanup
$validCert = Get-Item -Path "cert:\LocalMachine\My\$($script:validThumbprint)"
$null = Remove-Item -Path $validCert.PSPath -Force -ErrorAction SilentlyContinue
$null = Remove-Item -Path $script:pfxPath -Force -ErrorAction SilentlyContinue
$null = Remove-Item -Path $script:certPath -Force -ErrorAction SilentlyContinue
}
}
#endregion
}
finally
{
#region FOOTER
Restore-TestEnvironment -TestEnvironment $TestEnvironment
#endregion
}