From e3ce8cddd94126f3cc4fb865a98c052055461f11 Mon Sep 17 00:00:00 2001
From: Junjie Gao <junjiegao@microsoft.com>
Date: Thu, 13 Jul 2023 11:24:17 +0800
Subject: [PATCH] fix: update doc and test

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>
---
 .../Command/GenerateSignatureTests.cs            | 16 +++++++---------
 docs/ca-signed-workflow.md                       |  2 +-
 docs/self-signed-workflow.md                     |  2 +-
 3 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/Notation.Plugin.AzureKeyVault.Tests/Command/GenerateSignatureTests.cs b/Notation.Plugin.AzureKeyVault.Tests/Command/GenerateSignatureTests.cs
index 7619a414..47980e3e 100644
--- a/Notation.Plugin.AzureKeyVault.Tests/Command/GenerateSignatureTests.cs
+++ b/Notation.Plugin.AzureKeyVault.Tests/Command/GenerateSignatureTests.cs
@@ -20,13 +20,14 @@ public async Task RunAsync_SelfSigned_ReturnsValidGenerateSignatureResponseAsync
             // Arrange
             var keyId = "https://testvault.vault.azure.net/keys/testkey/123";
             var expectedKeySpec = "RSA-2048";
-            var mockCert = new X509Certificate2(Path.Combine(Directory.GetCurrentDirectory(), "TestData", "rsa_2048.crt"));
             var mockSignature = new byte[] { 0x01, 0x02, 0x03, 0x04 };
 
             var mockKeyVaultClient = new Mock<IKeyVaultClient>();
+
             // mock GetCertificateAsync
-            mockKeyVaultClient.Setup(client => client.GetCertificateAsync())
-                              .ReturnsAsync(mockCert);
+            var mockCertChain = CertificateBundle.Create(Path.Combine(Directory.GetCurrentDirectory(), "TestData", "rsa_2048.crt"));
+            mockKeyVaultClient.Setup(client => client.GetCertificateChainAsync())
+                              .ReturnsAsync(mockCertChain);
 
             // mock SignAsync
             mockKeyVaultClient.Setup(client => client.SignAsync(It.IsAny<SignatureAlgorithm>(), It.IsAny<byte[]>()))
@@ -54,7 +55,7 @@ public async Task RunAsync_SelfSigned_ReturnsValidGenerateSignatureResponseAsync
             Assert.Equal("RSASSA-PSS-SHA-256", response.SigningAlgorithm);
             Assert.Equal(mockSignature, response.Signature);
             Assert.Single(response.CertificateChain);
-            Assert.Equal(mockCert.RawData, response.CertificateChain[0]);
+            Assert.Equal(mockCertChain[0].RawData, response.CertificateChain[0]);
         }
 
         [Fact]
@@ -106,7 +107,7 @@ public async Task RunAsync_ca_certs_ReturnsValidGenerateSignatureResponseAsync()
         }
 
         [Fact]
-        public async Task RunAsync_as_secret_ReturnsValidGenerateSignatureResponseAsync()
+        public async Task RunAsync_default_ReturnsValidGenerateSignatureResponseAsync()
         {
             // Arrange
             var keyId = "https://testvault.vault.azure.net/keys/testkey/123";
@@ -126,10 +127,7 @@ public async Task RunAsync_as_secret_ReturnsValidGenerateSignatureResponseAsync(
             var request = new GenerateSignatureRequest(
                 contractVersion: "1.0",
                 keyId: keyId,
-                pluginConfig: new Dictionary<string, string>()
-                {
-                    ["as_secret"] = "true"
-                },
+                pluginConfig: new Dictionary<string, string>(){},
                 keySpec: expectedKeySpec,
                 hashAlgorithm: "SHA-256",
                 payload: Encoding.UTF8.GetBytes("Cg=="));
diff --git a/docs/ca-signed-workflow.md b/docs/ca-signed-workflow.md
index a9c5a6e9..cc68b001 100644
--- a/docs/ca-signed-workflow.md
+++ b/docs/ca-signed-workflow.md
@@ -1,7 +1,7 @@
 # Sign and verify an artifact with a certificate signed by a trusted CA in Azure Key Vault
 > **Note** The following guide can be executed on Linux bash, macOS Zsh and Windows WSL
 1. [Install the Azure CLI](https://learn.microsoft.com/cli/azure/install-azure-cli)
-2. Log in to Azure with Azure CLI, set the subscription and make sure the `GetCertificate` and `Sign` permission have been granted to your role:
+2. Log in to Azure with Azure CLI, set the subscription and make sure the `GetCertificates`, `GetSecerts` and `Sign` permission for Azure Key Vault have been granted to your role:
    ```sh
    az login
    az account set --subscription $subscriptionID
diff --git a/docs/self-signed-workflow.md b/docs/self-signed-workflow.md
index 41006b31..914aaba6 100644
--- a/docs/self-signed-workflow.md
+++ b/docs/self-signed-workflow.md
@@ -3,7 +3,7 @@
 
 > **Note** The following guide can be executed on Linux bash, macOS Zsh and Windows WSL
 1. [Install the Azure CLI](https://learn.microsoft.com/cli/azure/install-azure-cli)
-2. Log in using the Azure CLI, set the subscription, and confirm the `GetCertificate` and `Sign` permission have been granted to your role:
+2. Log in using the Azure CLI, set the subscription, and confirm the `GetCertificates`, `GetSecrets` and `Sign` permission for Azure Key Vault have been granted to your role:
    ```sh
    az login
    az account set --subscription $subscriptionID