Skip to content

Commit

Permalink
Remove Test Dependency on New-SelfSignedCertificateEx - Fixes #221, #250
Browse files Browse the repository at this point in the history 
 (#251)

* Remove Windows Server 2012 R2 test support

* Correct support for using New-SelfSignedCertificate

* Fix unit tests and FIPS support on PS7

* Fix CertExport Integration Tests

* Improve performance of resources

* Changes as per PR comments. Cleaned up comments
  • Loading branch information
@PlagueHO
PlagueHO authored Feb 11, 2021
1 parent c1f49d0 commit 57f817a
Show file tree
Hide file tree
Showing 18 changed files with 831 additions and 671 deletions.
14 changes: 14 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

- Renamed `master` branch to `main` - Fixes [Issue #237](https://github.com/dsccommunity/CertificateDsc/issues/237).
- Updated `GitVersion.yml` to latest pattern - Fixes [Issue #245](https://github.com/dsccommunity/CertificateDsc/issues/245).
- Changed `Test-Thumbprint` to cache supported hash algorithms to increase
performance - Fixes [Issue #221](https://github.com/dsccommunity/CertificateDsc/issues/221).
- Added warning messages into empty catch blocks in `Certificate.PDT` module to
assist with debugging.

### Fixed

- Removed requirement for tests to use `New-SelfSignedCertificateEx` from
[TechNet Gallery due to retirement](https://docs.microsoft.com/teamblog/technet-gallery-retirement).
This will prevent tests from running on Windows Server 2012 R2 - Fixes [Issue #250](https://github.com/dsccommunity/CertificateDsc/issues/250).
- Fixed FIPS support when used in versions of PowerShell Core 6 & PowerShell 7.
- Moved thumbprint generation for testing into helper function `New-CertificateThumbprint`
and fixed tests for validating FIPS thumbprints in `Test-Thumbprint` so that it runs
on PowerShell Core/7.x.

## [5.0.0] - 2020-10-16

Expand Down
10 changes: 10 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,3 +49,13 @@ This project has adopted [this code of conduct](CODE_OF_CONDUCT.md).

For a full list of resources in CertificateDsc and examples on their use, check out
the [CertificateDsc wiki](https://github.com/dsccommunity/CertificateDsc/wiki).

## Operating Systems

These resources are automatically tested on **Windows Server 2016** and
**Windows Server 2019**.

The resources should still work on Windows Server 2012 R2 and older operating
systems, but are will no longer be updated to work with these older versions.
The tests do not work on Windows Server 2012 R2 and older operating systems
because of the missing features in the `New-SelfSignedCertificate` function.
149 changes: 75 additions & 74 deletions source/DSCResources/DSC_CertReq/DSC_CertReq.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,64 +19,64 @@ $script:localizedData = Get-LocalizedData -DefaultUICulture 'en-US'

<#
.SYNOPSIS
Returns the current state of the certificate that may need to be requested.
Returns the current state of the certificate that may need to be requested.
.PARAMETER Subject
Provide the text string to use as the subject of the certificate.
Provide the text string to use as the subject of the certificate.
.PARAMETER CAServerFQDN
The FQDN of the Active Directory Certificate Authority on the local area network.
The FQDN of the Active Directory Certificate Authority on the local area network.
.PARAMETER CARootName
The name of the certificate authority, by default this will be in format domain-servername-ca.
The name of the certificate authority, by default this will be in format domain-servername-ca.
.PARAMETER KeyLength
The bit length of the encryption key to be used.
The bit length of the encryption key to be used.
.PARAMETER Exportable
The option to allow the certificate to be exportable, by default it will be true.
The option to allow the certificate to be exportable, by default it will be true.
.PARAMETER ProviderName
The selection of provider for the type of encryption to be used.
The selection of provider for the type of encryption to be used.
.PARAMETER OID
The Object Identifier that is used to name the object.
The Object Identifier that is used to name the object.
.PARAMETER KeyUsage
The Keyusage is a restriction method that determines what a certificate can be used for.
The Keyusage is a restriction method that determines what a certificate can be used for.
.PARAMETER CertificateTemplate
The template used for the definiton of the certificate.
The template used for the definiton of the certificate.
.PARAMETER SubjectAltName
The subject alternative name used to creat ethe certificate.
The subject alternative name used to creat ethe certificate.
.PARAMETER Credential
The `PSCredential` object containing the credentials that will be used to access the template in the Certificate Authority.
The `PSCredential` object containing the credentials that will be used to access the template in the Certificate Authority.
.PARAMETER AutoRenew
Determines if the resource will also renew a certificate within 7 days of expiration.
Determines if the resource will also renew a certificate within 7 days of expiration.
.PARAMETER CAType
The type of CA in use, Standalone/Enterprise.
The type of CA in use, Standalone/Enterprise.
.PARAMETER CepURL
The URL to the Certification Enrollment Policy Service.
The URL to the Certification Enrollment Policy Service.
.PARAMETER CesURL
The URL to the Certification Enrollment Service.
The URL to the Certification Enrollment Service.
.PARAMETER UseMachineContext
Determines if the machine should be impersonated for a request. Used for templates like Domain Controller Authentication
Determines if the machine should be impersonated for a request. Used for templates like Domain Controller Authentication
.PARAMETER FriendlyName
Specifies a friendly name for the certificate.
Specifies a friendly name for the certificate.
.PARAMETER KeyType
Specifies if the key type should be RSA or ECDH, defaults to RSA.
Specifies if the key type should be RSA or ECDH, defaults to RSA.
.PARAMETER RequestType
Specified if the request type should be CMC or PKCS10, deafults to CMC.
Specified if the request type should be CMC or PKCS10, deafults to CMC.
#>
function Get-TargetResource
{
Expand Down Expand Up @@ -239,64 +239,64 @@ function Get-TargetResource

<#
.SYNOPSIS
Requests a new certificate based on the parameters provided.
Requests a new certificate based on the parameters provided.
.PARAMETER Subject
Provide the text string to use as the subject of the certificate.
Provide the text string to use as the subject of the certificate.
.PARAMETER CAServerFQDN
The FQDN of the Active Directory Certificate Authority on the local area network.
The FQDN of the Active Directory Certificate Authority on the local area network.
.PARAMETER CARootName
The name of the certificate authority, by default this will be in format domain-servername-ca.
The name of the certificate authority, by default this will be in format domain-servername-ca.
.PARAMETER KeyLength
The bit length of the encryption key to be used.
The bit length of the encryption key to be used.
.PARAMETER Exportable
The option to allow the certificate to be exportable, by default it will be true.
The option to allow the certificate to be exportable, by default it will be true.
.PARAMETER ProviderName
The selection of provider for the type of encryption to be used.
The selection of provider for the type of encryption to be used.
.PARAMETER OID
The Object Identifier that is used to name the object.
The Object Identifier that is used to name the object.
.PARAMETER KeyUsage
The Keyusage is a restriction method that determines what a certificate can be used for.
The Keyusage is a restriction method that determines what a certificate can be used for.
.PARAMETER CertificateTemplate
The template used for the definiton of the certificate.
The template used for the definiton of the certificate.
.PARAMETER SubjectAltName
The subject alternative name used to create the certificate.
The subject alternative name used to creat ethe certificate.
.PARAMETER Credential
The `PSCredential` object containing the credentials that will be used to access the template in the Certificate Authority.
The `PSCredential` object containing the credentials that will be used to access the template in the Certificate Authority.
.PARAMETER AutoRenew
Determines if the resource will also renew a certificate within 7 days of expiration.
Determines if the resource will also renew a certificate within 7 days of expiration.
.PARAMETER CAType
The type of CA in use, Standalone/Enterprise.
The type of CA in use, Standalone/Enterprise.
.PARAMETER CepURL
The URL to the Certification Enrollment Policy Service.
The URL to the Certification Enrollment Policy Service.
.PARAMETER CesURL
The URL to the Certification Enrollment Service.
The URL to the Certification Enrollment Service.
.PARAMETER UseMachineContext
Determines if the machine should be impersonated for a request. Used for templates like Domain Controller Authentication
Determines if the machine should be impersonated for a request. Used for templates like Domain Controller Authentication
.PARAMETER FriendlyName
Specifies a friendly name for the certificate.
Specifies a friendly name for the certificate.
.PARAMETER KeyType
Specifies if the key type should be RSA or ECDH, defaults to RSA.
Specifies if the key type should be RSA or ECDH, defaults to RSA.
.PARAMETER RequestType
Specified if the request type should be CMC or PKCS10, deafults to CMC.
Specified if the request type should be CMC or PKCS10, deafults to CMC.
#>
function Set-TargetResource
{
Expand Down Expand Up @@ -696,64 +696,64 @@ CertificateTemplate = "$CertificateTemplate"

<#
.SYNOPSIS
Tests if a new certificate should be requested.
Tests if a new certificate should be requested.
.PARAMETER Subject
Provide the text string to use as the subject of the certificate.
Provide the text string to use as the subject of the certificate.
.PARAMETER CAServerFQDN
The FQDN of the Active Directory Certificate Authority on the local area network.
The FQDN of the Active Directory Certificate Authority on the local area network.
.PARAMETER CARootName
The name of the certificate authority, by default this will be in format domain-servername-ca.
The name of the certificate authority, by default this will be in format domain-servername-ca.
.PARAMETER KeyLength
The bit length of the encryption key to be used.
The bit length of the encryption key to be used.
.PARAMETER Exportable
The option to allow the certificate to be exportable, by default it will be true.
The option to allow the certificate to be exportable, by default it will be true.
.PARAMETER ProviderName
The selection of provider for the type of encryption to be used.
The selection of provider for the type of encryption to be used.
.PARAMETER OID
The Object Identifier that is used to name the object.
The Object Identifier that is used to name the object.
.PARAMETER KeyUsage
The Keyusage is a restriction method that determines what a certificate can be used for.
The Keyusage is a restriction method that determines what a certificate can be used for.
.PARAMETER CertificateTemplate
The template used for the definiton of the certificate.
The template used for the definiton of the certificate.
.PARAMETER SubjectAltName
The subject alternative name used to create the certificate.
The subject alternative name used to creat ethe certificate.
.PARAMETER Credential
The `PSCredential` object containing the credentials that will be used to access the template in the Certificate Authority.
The `PSCredential` object containing the credentials that will be used to access the template in the Certificate Authority.
.PARAMETER AutoRenew
Determines if the resource will also renew a certificate within 7 days of expiration.
Determines if the resource will also renew a certificate within 7 days of expiration.
.PARAMETER CAType
The type of CA in use, Standalone/Enterprise.
The type of CA in use, Standalone/Enterprise.
.PARAMETER CepURL
The URL to the Certification Enrollment Policy Service.
The URL to the Certification Enrollment Policy Service.
.PARAMETER CesURL
The URL to the Certification Enrollment Service.
The URL to the Certification Enrollment Service.
.PARAMETER UseMachineContext
Determines if the machine should be impersonated for a request. Used for templates like Domain Controller Authentication
Determines if the machine should be impersonated for a request. Used for templates like Domain Controller Authentication
.PARAMETER FriendlyName
Specifies a friendly name for the certificate.
Specifies a friendly name for the certificate.
.PARAMETER KeyType
Specifies if the key type should be RSA or ECDH, defaults to RSA.
Specifies if the key type should be RSA or ECDH, defaults to RSA.
.PARAMETER RequestType
Specified if the request type should be CMC or PKCS10, deafults to CMC.
Specified if the request type should be CMC or PKCS10, deafults to CMC.
#>
function Test-TargetResource
{
Expand Down Expand Up @@ -1009,13 +1009,14 @@ function Test-TargetResource

<#
.SYNOPSIS
This function will check and ensure the right key length was choosen for the key type that was intended to be used
This function will check and ensure the right key length was choosen
for the key type that was intended to be used.
.PARAMETER KeyLength
The bit length of the encryption key to be used.
The bit length of the encryption key to be used.
.PARAMETER KeyType
Specifies if the key type should be RSA or ECDH, defaults to RSA.
Specifies if the key type should be RSA or ECDH, defaults to RSA.
#>
function Assert-ResourceProperty
{
Expand All @@ -1042,14 +1043,14 @@ function Assert-ResourceProperty

<#
.SYNOPSIS
Compares two certificate subjects.
Compares two certificate subjects.
.PARAMETER ReferenceSubject
The certificate subject to compare. If the ReferenceSubject
is null the function will return False.
The certificate subject to compare. If the ReferenceSubject
is null the function will return False.
.PARAMETER DifferenceSubject
The certificate subject to compare with the ReferenceSubject.
The certificate subject to compare with the ReferenceSubject.
#>
function Compare-CertificateSubject
{
Expand Down Expand Up @@ -1085,13 +1086,13 @@ function Compare-CertificateSubject

<#
.SYNOPSIS
Checks if the Certificate Issuer matches the CA Root Name.
Checks if the Certificate Issuer matches the CA Root Name.
.PARAMETER Issuer
The Certificate Issuer.
The Certificate Issuer.
.PARAMETER CARootName
The CA Root Name to compare with the Certificate Issuer.
The CA Root Name to compare with the Certificate Issuer.
#>
function Compare-CertificateIssuer
{
Expand All @@ -1115,10 +1116,10 @@ function Compare-CertificateIssuer

<#
.SYNOPSIS
Ensures a string is enclosed in dobule quotes.
Ensures a string is enclosed in dobule quotes.
.PARAMETER Value
The string to ensure is enclosed in double quotes.
The string to ensure is enclosed in double quotes.
#>
function ConvertTo-StringEnclosedInDoubleQuotes
{
Expand All @@ -1145,10 +1146,10 @@ function ConvertTo-StringEnclosedInDoubleQuotes

<#
.SYNOPSIS
Finds the Common Name in a X500 Distinguished Name.
Finds the Common Name in a X500 Distinguished Name.
.PARAMETER DistinguishedName
The X500 Distinguished Name.
The X500 Distinguished Name.
#>
function Get-CertificateCommonName
{
Expand Down
Loading

0 comments on commit 57f817a

Please sign in to comment.