Fix a CMS test that fails in nightly build.

Add a certificate that cannot be used to encrypt data to verify an error condition.
2017-03-06 23:01:45 -08:00 · 2017-03-06 23:01:45 -08:00 · 60583b1b73
parent 6198b9b943
commit 60583b1b73
1 changed files with 48 additions and 10 deletions
--- a/test/powershell/Modules/Microsoft.PowerShell.Security/CmsMessage.Tests.ps1
+++ b/test/powershell/Modules/Microsoft.PowerShell.Security/CmsMessage.Tests.ps1
@ -1,5 +1,5 @@

-Function Create-TestCertificate
+Function Create-GoodCertificate
 {
    $dataEnciphermentCert = "
 MIIKYAIBAzCCCiAGCSqGSIb3DQEHAaCCChEEggoNMIIKCTCCBgoGCSqGSIb3DQEHAaCCBfsEggX3
@ -59,11 +59,38 @@ OksttXT1kXf+aez9EzDlsgQU4ck78h0WTy01zHLwSKNWK4wFFQM=
    return $certLocation
 }

+Function Create-BadCertificate
+{
+    $codeSigningCert = "
+MIIDAjCCAeqgAwIBAgIQW/oHcNaftoFGOYb4w5A0JTANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQD
+DA5DTVNUZXN0QmFkQ2VydDAeFw0xNzAzMDcwNjEyMDNaFw0xODAzMDcwNjMyMDNaMBkxFzAVBgNV
+BAMMDkNNU1Rlc3RCYWRDZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogOnCBPp
+xCQXvCJOe4KUXrTL5hwzKSV/mA4pF/kWCVLseWkeTzll+02S0SzMR1oqyxGZOU+KiakmH8sIxDpS
+pBpYi3R+JtaUYeK7IwvM7yMgxzYbVUFupNXDIdFcgd7FwX4R9wJGwd/hEw5fe+ua96G6bBlfQC8j
+I8iHfqHZ2GmssIuSt72WhT6tKZhPJIMjwmKaB8j/gm6EC7eH83wNmVW/ss2AsG5cMT0Zmk2vkXPd
+7rVYbAh9WcvxYzTYZLsPkXx/s6uanLo7pBPMqQ8fgImSXiD5EBO9d6SzqoagoAkH/l3oKCUztsqU
+PAfTu1aTAYRW5O26AcICTbIYOMkDMQIDAQABo0YwRDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAww
+CgYIKwYBBQUHAwMwHQYDVR0OBBYEFLSLHDqLWoDBj0j/UavIf0hAHZ2YMA0GCSqGSIb3DQEBCwUA
+A4IBAQB7GJ3ykI07k2D1mfiQ10+Xse4b6KXylbzYfJ1k3K0NEBwT7H/lhMu4yz95A7pXU41yKKVE
+OzmpX8QGyczRM269+WpUvVOXwudQL7s/JFeZyEhxPYRP0JC8U9rur1iJeULvsPZJU2kGeLceTl7k
+psuZeHouYeNuFeeKR66GcHKzqm+5odAJBxjQ/iGP+CVfNVX56Abhu8mXX6sFiorrBSV/NzPThqja
+mtsMC3Fq53xANMjFT4kUqMtK+oehPf0+0jHHra4hpCVZ2KoPLLPxpJPko8hUO5LxATLU+UII7w3c
+nMbw+XY4C8xdDnHfS6mF+Hol98dURB/MC/x3sZ3gSjKo
+"
+
+    $codeSigningCert = $codeSigningCert -replace '\s',''
+    $certBytes = [Convert]::FromBase64String($codeSigningCert)
+    $certLocation = Join-Path $TestDrive "CMSTestBadCert"
+    [IO.File]::WriteAllBytes($certLocation, $certBytes)
+
+    return $certLocation
+}
+

 Describe "CmsMessage cmdlets and Get-PfxCertificate basic tests" -Tags "CI" {
    
    BeforeAll {
-        $certLocation = Create-TestCertificate
+        $certLocation = Create-GoodCertificate
        $certLocation | Should Not BeNullOrEmpty | Out-Null
    }

@ -124,9 +151,12 @@ Describe "CmsMessage cmdlets thorough tests" -Tags "Feature" {
    BeforeAll {
        if ($IsWindows)
        {
-            $certLocation = Create-TestCertificate
+            $certLocation = Create-GoodCertificate
            $certLocation | Should Not BeNullOrEmpty | Out-Null

+            $badCertLocation = Create-BadCertificate
+            $badCertLocation | Should Not BeNullOrEmpty | Out-Null
+
            if ($IsCoreCLR)
            {
                # PKI module is not available for PowerShell Core, so we need to use Windows PowerShell to import the cert
@ -136,9 +166,15 @@ Describe "CmsMessage cmdlets thorough tests" -Tags "Feature" {
                    $modulePathCopy = $env:PSMODULEPATH
                    $env:PSMODULEPATH = $null

-                    $importedCertPath = & $fullPowerShell -NoProfile -NonInteractive `
-                                                          -Command "Import-PfxCertificate $certLocation -CertStoreLocation cert:\CurrentUser\My | % PSPath"
-                    $importedCert = Get-ChildItem $importedCertPath
+                    $command = @"
+Import-PfxCertificate $certLocation -CertStoreLocation cert:\CurrentUser\My | % PSPath
+Import-Certificate $badCertLocation -CertStoreLocation Cert:\CurrentUser\My | % PSPath
+"@
+                    $certPaths = & $fullPowerShell -NoProfile -NonInteractive -Command $command
+                    $certPaths.Count | Should Be 2 | Out-Null
+
+                    $importedCert = Get-ChildItem $certPaths[0]
+                    $testBadCert  = Get-ChildItem $certPaths[1]
                } finally {
                    $env:PSMODULEPATH = $modulePathCopy
                }
@ -146,6 +182,7 @@ Describe "CmsMessage cmdlets thorough tests" -Tags "Feature" {
            else
            {
                $importedCert = Import-PfxCertificate $certLocation -CertStoreLocation cert:\CurrentUser\My
+                $testBadCert = Import-Certificate $badCertLocation -CertStoreLocation Cert:\CurrentUser\My
            }
        }
        else
@ -163,6 +200,10 @@ Describe "CmsMessage cmdlets thorough tests" -Tags "Feature" {
            {
                Remove-Item (Join-Path Cert:\CurrentUser\My $importedCert.Thumbprint) -Force -ErrorAction SilentlyContinue
            }
+            if ($testBadCert)
+            {
+                Remove-Item (Join-Path Cert:\CurrentUser\My $testBadCert.Thumbprint) -Force -ErrorAction SilentlyContinue
+            }
        }
        else
        {
@ -273,10 +314,7 @@ Describe "CmsMessage cmdlets thorough tests" -Tags "Feature" {

    It "Verify error when encrypting to wrong cert" {
        $errors = $null
-        $goodCerts = @(Get-ChildItem Cert:\currentuser\My -DocumentEncryptionCert | ForEach-Object Thumbprint)
-        $badCert = Get-ChildItem Cert:\currentuser\My | ? { $_.Thumbprint -notin $goodCerts } | Select -First 1
-
-        $recipient = [System.Management.Automation.CmsMessageRecipient] $badCert.Thumbprint
+        $recipient = [System.Management.Automation.CmsMessageRecipient] $testBadCert.Thumbprint
        $recipient.Resolve($ExecutionContext.SessionState, "Encryption", [ref] $errors)

        $errors.Count | Should Be 1