From 5d132527dfa620cfd981ee764b60a6c4e567ad4f Mon Sep 17 00:00:00 2001
From: Junjie Gao <junjiegao@microsoft.com>
Date: Thu, 13 Jul 2023 11:24:17 +0800
Subject: [PATCH] fix: update doc and test

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>
---
 .../Command/GenerateSignatureTests.cs         | 25 ++++++++-----------
 docs/ca-signed-workflow.md                    |  2 +-
 docs/self-signed-workflow.md                  |  2 +-
 3 files changed, 13 insertions(+), 16 deletions(-)

diff --git a/Notation.Plugin.AzureKeyVault.Tests/Command/GenerateSignatureTests.cs b/Notation.Plugin.AzureKeyVault.Tests/Command/GenerateSignatureTests.cs
index 7619a414..d200a890 100644
--- a/Notation.Plugin.AzureKeyVault.Tests/Command/GenerateSignatureTests.cs
+++ b/Notation.Plugin.AzureKeyVault.Tests/Command/GenerateSignatureTests.cs
@@ -20,13 +20,13 @@ public async Task RunAsync_SelfSigned_ReturnsValidGenerateSignatureResponseAsync
             // Arrange
             var keyId = "https://testvault.vault.azure.net/keys/testkey/123";
             var expectedKeySpec = "RSA-2048";
-            var mockCert = new X509Certificate2(Path.Combine(Directory.GetCurrentDirectory(), "TestData", "rsa_2048.crt"));
             var mockSignature = new byte[] { 0x01, 0x02, 0x03, 0x04 };
-
             var mockKeyVaultClient = new Mock<IKeyVaultClient>();
-            // mock GetCertificateAsync
-            mockKeyVaultClient.Setup(client => client.GetCertificateAsync())
-                              .ReturnsAsync(mockCert);
+
+            // mock GetCertificateChainAsync
+            var mockCertChain = CertificateBundle.Create(Path.Combine(Directory.GetCurrentDirectory(), "TestData", "rsa_2048.crt"));
+            mockKeyVaultClient.Setup(client => client.GetCertificateChainAsync())
+                              .ReturnsAsync(mockCertChain);
 
             // mock SignAsync
             mockKeyVaultClient.Setup(client => client.SignAsync(It.IsAny<SignatureAlgorithm>(), It.IsAny<byte[]>()))
@@ -54,7 +54,7 @@ public async Task RunAsync_SelfSigned_ReturnsValidGenerateSignatureResponseAsync
             Assert.Equal("RSASSA-PSS-SHA-256", response.SigningAlgorithm);
             Assert.Equal(mockSignature, response.Signature);
             Assert.Single(response.CertificateChain);
-            Assert.Equal(mockCert.RawData, response.CertificateChain[0]);
+            Assert.Equal(mockCertChain[0].RawData, response.CertificateChain[0]);
         }
 
         [Fact]
@@ -106,16 +106,16 @@ public async Task RunAsync_ca_certs_ReturnsValidGenerateSignatureResponseAsync()
         }
 
         [Fact]
-        public async Task RunAsync_as_secret_ReturnsValidGenerateSignatureResponseAsync()
+        public async Task RunAsync_default_ReturnsValidGenerateSignatureResponseAsync()
         {
             // Arrange
             var keyId = "https://testvault.vault.azure.net/keys/testkey/123";
             var expectedKeySpec = "RSA-2048";
             var mockSignature = new byte[] { 0x01, 0x02, 0x03, 0x04 };
-            var mockCertChain = CertificateBundle.Create(Path.Combine(Directory.GetCurrentDirectory(), "TestData", "cert_chain.pem"));
-
             var mockKeyVaultClient = new Mock<IKeyVaultClient>();
-            // mock GetCertificateAsync
+
+            // mock GetCertificateChainAsync
+            var mockCertChain = CertificateBundle.Create(Path.Combine(Directory.GetCurrentDirectory(), "TestData", "cert_chain.pem"));
             mockKeyVaultClient.Setup(client => client.GetCertificateChainAsync())
                               .ReturnsAsync(mockCertChain);
 
@@ -126,10 +126,7 @@ public async Task RunAsync_as_secret_ReturnsValidGenerateSignatureResponseAsync(
             var request = new GenerateSignatureRequest(
                 contractVersion: "1.0",
                 keyId: keyId,
-                pluginConfig: new Dictionary<string, string>()
-                {
-                    ["as_secret"] = "true"
-                },
+                pluginConfig: new Dictionary<string, string>(){},
                 keySpec: expectedKeySpec,
                 hashAlgorithm: "SHA-256",
                 payload: Encoding.UTF8.GetBytes("Cg=="));
diff --git a/docs/ca-signed-workflow.md b/docs/ca-signed-workflow.md
index a9c5a6e9..6de3ff0b 100644
--- a/docs/ca-signed-workflow.md
+++ b/docs/ca-signed-workflow.md
@@ -1,7 +1,7 @@
 # Sign and verify an artifact with a certificate signed by a trusted CA in Azure Key Vault
 > **Note** The following guide can be executed on Linux bash, macOS Zsh and Windows WSL
 1. [Install the Azure CLI](https://learn.microsoft.com/cli/azure/install-azure-cli)
-2. Log in to Azure with Azure CLI, set the subscription and make sure the `GetCertificate` and `Sign` permission have been granted to your role:
+2. Log in to Azure with Azure CLI, set the subscription and make sure the `GetCertificates`, `GetSecrets` and `Sign` permission for Azure Key Vault have been granted to your role:
    ```sh
    az login
    az account set --subscription $subscriptionID
diff --git a/docs/self-signed-workflow.md b/docs/self-signed-workflow.md
index 41006b31..914aaba6 100644
--- a/docs/self-signed-workflow.md
+++ b/docs/self-signed-workflow.md
@@ -3,7 +3,7 @@
 
 > **Note** The following guide can be executed on Linux bash, macOS Zsh and Windows WSL
 1. [Install the Azure CLI](https://learn.microsoft.com/cli/azure/install-azure-cli)
-2. Log in using the Azure CLI, set the subscription, and confirm the `GetCertificate` and `Sign` permission have been granted to your role:
+2. Log in using the Azure CLI, set the subscription, and confirm the `GetCertificates`, `GetSecrets` and `Sign` permission for Azure Key Vault have been granted to your role:
    ```sh
    az login
    az account set --subscription $subscriptionID