Remove tests

PowerShell · May 21, 2024 · 0ac9b91 · 0ac9b91
1 parent b9eba26
commit 0ac9b91
Showing 1 changed file with 28 additions and 205 deletions.
diff --git a/test/powershell/engine/Security/FileSignature.Tests.ps1 b/test/powershell/engine/Security/FileSignature.Tests.ps1
@@ -30,137 +30,11 @@ Describe "Windows file content signatures" -Tags @('Feature', 'RequireAdminOnWin
             return
         }
 
-        Add-Type -TypeDefinition @'
-using System;
-using System.ComponentModel;
-using System.Runtime.InteropServices;
-
-namespace FileSignatureTests;
-
-public static class Wintrust
-{
-    public static readonly Guid DRIVER_ACTION_VERIFY = new Guid("F750E6C3-38EE-11d1-85E5-00C04FC295EE");
-
-    [DllImport(
-        "Wintrust.dll",
-        EntryPoint = nameof(CryptCATAdminAcquireContext),
-        SetLastError = true)]
-    [return: MarshalAs(UnmanagedType.Bool)]
-    private static extern bool CryptCATAdminAcquireContextInternal(
-        out nint phCatAdmin,
-        ref Guid pbSubsystem,
-        int dwFlags);
-
-    public static nint CryptCATAdminAcquireContext(
-        Guid subsystem,
-        int flags)
-    {
-        if (!CryptCATAdminAcquireContextInternal(
-                out nint catAdmin,
-                ref subsystem,
-                flags))
-        {
-            throw new Win32Exception();
-        }
-
-        return catAdmin;
-    }
-
-    [DllImport(
-        "Wintrust.dll",
-        CharSet = CharSet.Unicode,
-        EntryPoint = nameof(CryptCATAdminAddCatalog),
-        SetLastError = true)]
-    private static extern nint CryptCATAdminAddCatalogInternal(
-        nint hCatAdmin,
-        string pwszCatalogFile,
-        string pwszSelectBaseName,
-        int dwFlags);
-
-    public static nint CryptCATAdminAddCatalog(
-        nint catAdmin,
-        string file,
-        string baseName,
-        int flags)
-    {
-        nint res = CryptCATAdminAddCatalogInternal(
-            catAdmin,
-            file,
-            baseName,
-            flags);
-
-        if (res == IntPtr.Zero)
-        {
-            throw new Win32Exception();
-        }
-
-        return res;
-    }
-
-    [DllImport(
-        "Wintrust.dll",
-        EntryPoint = nameof(CryptCATAdminReleaseCatalogContext),
-        SetLastError = true)]
-    [return: MarshalAs(UnmanagedType.Bool)]
-    private static extern bool CryptCATAdminReleaseCatalogContextInternal(
-        nint hCatAdmin,
-        nint hCatInfo,
-        int dwFlags);
-
-    public static void CryptCATAdminReleaseCatalogContext(nint catAdmin, nint catInfo, int flags)
-    {
-        if (!CryptCATAdminReleaseCatalogContextInternal(catAdmin, catInfo, flags))
-        {
-            throw new Win32Exception();
-        }
-    }
-
-    [DllImport(
-        "Wintrust.dll",
-        EntryPoint = nameof(CryptCATAdminReleaseContext),
-        SetLastError = true)]
-    [return: MarshalAs(UnmanagedType.Bool)]
-    private static extern bool CryptCATAdminReleaseContextInternal(
-        nint hCatAdmin,
-        int flags);
-
-    public static void CryptCATAdminReleaseContext(nint catAdmin, int flags)
-    {
-        if (!CryptCATAdminReleaseContextInternal(catAdmin, flags))
-        {
-            throw new Win32Exception();
-        }
-    }
-
-    [DllImport(
-        "Wintrust.dll",
-        CharSet = CharSet.Unicode,
-        EntryPoint = nameof(CryptCATAdminRemoveCatalog),
-        SetLastError = true)]
-    [return: MarshalAs(UnmanagedType.Bool)]
-    private static extern bool CryptCATAdminRemoveCatalogInternal(
-        nint hCatAdmin,
-        string pwszCatalogFile,
-        int dwFlags);
-
-    public static void CryptCATAdminRemoveCatalog(
-        nint catAdmin,
-        string catalogFile,
-        int flags)
-    {
-        if (!CryptCATAdminRemoveCatalogInternal(catAdmin, catalogFile, flags))
-        {
-            throw new Win32Exception();
-        }
-    }
-}
-'@
-
         $session = New-PSSession -UseWindowsPowerShell
         try {
             # New-SelfSignedCertificate runs in implicit remoting so do all the
             # setup work over there
-            $caRootThumbprint, $signingThumbprint1, $signingThumbprint2 = Invoke-Command -Session $session -ScriptBlock {
+            $caRootThumbprint, $signingThumbprint = Invoke-Command -Session $session -ScriptBlock {
                 $testPrefix = 'SelfSignedTest'
 
                 $enhancedKeyUsage = [Security.Cryptography.OidCollection]::new()
@@ -177,7 +51,6 @@ public static class Wintrust
                     Type              = 'Custom'
                 }
                 $caRoot = PKI\New-SelfSignedCertificate @caParams -Subject "CN=$testPrefix-CA"
-                $caRoot.Thumbprint
 
                 $rootStore = Get-Item -Path Cert:\LocalMachine\Root
                 $rootStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
@@ -187,56 +60,31 @@ public static class Wintrust
                     $rootStore.Close()
                 }
 
-                "Signed1", "Signed2" | ForEach-Object -Process {
-                    $certParams = @{
-                        CertStoreLocation = 'Cert:\CurrentUser\My'
-                        KeyUsage          = 'DigitalSignature'
-                        TextExtension     = @("2.5.29.37={text}1.3.6.1.5.5.7.3.3", "2.5.29.19={text}")
-                        Type              = 'Custom'
-                    }
-                    $certificate = PKI\New-SelfSignedCertificate @certParams -Subject "CN=$testPrefix-$_" -Signer $caRoot
-                    $certificate.Thumbprint
-
-                    $publisherStore = Get-Item -Path Cert:\LocalMachine\TrustedPublisher
-                    $publisherStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
-                    try {
-                        $publisherStore.Add([System.Security.Cryptography.X509Certificates.X509Certificate2]::new($certificate.RawData))
-                    } finally {
-                        $publisherStore.Close()
-                    }
+                $certParams = @{
+                    CertStoreLocation = 'Cert:\CurrentUser\My'
+                    KeyUsage          = 'DigitalSignature'
+                    TextExtension     = @("2.5.29.37={text}1.3.6.1.5.5.7.3.3", "2.5.29.19={text}")
+                    Type              = 'Custom'
+                }
+                $certificate = PKI\New-SelfSignedCertificate @certParams -Subject "CN=$testPrefix-Signed" -Signer $caRoot
+
+                $publisherStore = Get-Item -Path Cert:\LocalMachine\TrustedPublisher
+                $publisherStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
+                try {
+                    $publisherStore.Add([System.Security.Cryptography.X509Certificates.X509Certificate2]::new($certificate.RawData))
+                } finally {
+                    $publisherStore.Close()
                 }
 
                 $caRoot | Remove-Item
+
+                $caRoot.Thumbprint, $certificate.Thumbprint
             }
         } finally {
             $session | Remove-PSSession
         }
 
-        $certificate1 = Get-Item -Path Cert:\CurrentUser\My\$signingThumbprint1
-        $certificate2 = Get-Item -Path Cert:\CurrentUser\My\$signingThumbprint2
-
-        $scriptPath = $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath('temp:\script-with-cat.ps1')
-        Set-Content -Path $scriptPath -Value 'Write-Output "Hello World!"'
-        $scriptPath = (Get-Item -LiteralPath temp:\script-with-cat.ps1).FullName
-        $null = Set-AuthenticodeSignature -FilePath $scriptPath -Certificate $certificate1
-
-        $catPath = $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath('temp:\script-with-cat.cat')
-        $null = New-FileCatalog -CatalogVersion 2.0 -CatalogFilePath $catPath -Path $scriptPath
-        $null = Set-AuthenticodeSignature -FilePath $catPath -Certificate $certificate2
-
-        $catHandle = [FileSignatureTests.Wintrust]::CryptCATAdminAcquireContext([FileSignatureTests.Wintrust]::DRIVER_ACTION_VERIFY, 0)
-        try {
-            $catFileGuid = [Guid]::NewGuid.Guid
-            $catFileHandle = [FileSignatureTests.Wintrust]::CryptCATAdminAddCatalog(
-                $catHandle,
-                $catPath,
-                $catFileGuid,
-                0)
-            [FileSignatureTests.Wintrust]::CryptCATAdminReleaseCatalogContext($catHandle, $catFileHandle, 0)
-        }
-        finally {
-            [FileSignatureTests.Wintrust]::CryptCATAdminReleaseContext($catHandle, 0)
-        }
+        $certificate = Get-Item -Path Cert:\CurrentUser\My\$signingThumbprint
     }
 
     AfterAll {
@@ -246,10 +94,8 @@ public static class Wintrust
 
         $paths = @(
             "Cert:\LocalMachine\Root\$caRootThumbprint"
-            "Cert:\LocalMachine\TrustedPublisher\$signingThumbprint1"
-            "Cert:\LocalMachine\TrustedPublisher\$signingThumbprint2"
-            "Cert:\CurrentUser\My\$signingThumbprint1"
-            "Cert:\CurrentUser\My\$signingThumbprint2"
+            "Cert:\LocalMachine\TrustedPublisher\$signingThumbprint"
+            "Cert:\CurrentUser\My\$signingThumbprint"
         )
 
         foreach($path in $paths) {
@@ -258,19 +104,6 @@ public static class Wintrust
                 Remove-Item -Force -Path $path -ErrorAction Ignore
             }
         }
-
-        if ($catFileGuid) {
-            $catHandle = [FileSignatureTests.Wintrust]::CryptCATAdminAcquireContext([FileSignatureTests.Wintrust]::DRIVER_ACTION_VERIFY, 0)
-            try {
-                $catFileHandle = [FileSignatureTests.Wintrust]::CryptCATAdminRemoveCatalog(
-                    $catHandle,
-                    $catFileGuid,
-                    0)
-            }
-            finally {
-                [FileSignatureTests.Wintrust]::CryptCATAdminReleaseContext($catHandle, 0)
-            }
-        }
     }
 
     It "Validates signature using path on even char count with Encoding <Encoding>" -TestCases @(
@@ -284,11 +117,11 @@ public static class Wintrust
         Set-Content -Path testdrive:\test.ps1 -Value 'Write-Output "Hello World"' -Encoding $Encoding
 
         $scriptPath = Join-Path $TestDrive test.ps1
-        $status = Set-AuthenticodeSignature -FilePath $scriptPath -Certificate $certificate1
+        $status = Set-AuthenticodeSignature -FilePath $scriptPath -Certificate $certificate
         $status.Status | Should -Be 'Valid'
 
         $actual = Get-AuthenticodeSignature -FilePath $scriptPath
-        $actual.SignerCertificate.Thumbprint | Should -Be $certificate1.Thumbprint
+        $actual.SignerCertificate.Thumbprint | Should -Be $certificate.Thumbprint
         $actual.Status | Should -Be 'Valid'
     }
 
@@ -303,11 +136,11 @@ public static class Wintrust
         Set-Content -Path testdrive:\test.ps1 -Value 'Write-Output "Hello World!"' -Encoding $Encoding
 
         $scriptPath = Join-Path $TestDrive test.ps1
-        $status = Set-AuthenticodeSignature -FilePath $scriptPath -Certificate $certificate1
+        $status = Set-AuthenticodeSignature -FilePath $scriptPath -Certificate $certificate
         $status.Status | Should -Be 'Valid'
 
         $actual = Get-AuthenticodeSignature -FilePath $scriptPath
-        $actual.SignerCertificate.Thumbprint | Should -Be $certificate1.Thumbprint
+        $actual.SignerCertificate.Thumbprint | Should -Be $certificate.Thumbprint
         $actual.Status | Should -Be 'Valid'
     }
 
@@ -322,13 +155,13 @@ public static class Wintrust
         Set-Content -Path testdrive:\test.ps1 -Value 'Write-Output "Hello World"' -Encoding $Encoding
 
         $scriptPath = Join-Path $TestDrive test.ps1
-        $status = Set-AuthenticodeSignature -FilePath $scriptPath -Certificate $certificate1
+        $status = Set-AuthenticodeSignature -FilePath $scriptPath -Certificate $certificate
         $status.Status | Should -Be 'Valid'
 
         $fileBytes = Get-Content -Path testdrive:\test.ps1 -AsByteStream
 
         $actual = Get-AuthenticodeSignature -Content $fileBytes -SourcePathOrExtension .ps1
-        $actual.SignerCertificate.Thumbprint | Should -Be $certificate1.Thumbprint
+        $actual.SignerCertificate.Thumbprint | Should -Be $certificate.Thumbprint
         $actual.Status | Should -Be 'Valid'
     }
 
@@ -343,23 +176,13 @@ public static class Wintrust
         Set-Content -Path testdrive:\test.ps1 -Value 'Write-Output "Hello World!"' -Encoding $Encoding
 
         $scriptPath = Join-Path $TestDrive test.ps1
-        $status = Set-AuthenticodeSignature -FilePath $scriptPath -Certificate $certificate1
+        $status = Set-AuthenticodeSignature -FilePath $scriptPath -Certificate $certificate
         $status.Status | Should -Be 'Valid'
 
         $fileBytes = Get-Content -Path testdrive:\test.ps1 -AsByteStream
 
         $actual = Get-AuthenticodeSignature -Content $fileBytes -SourcePathOrExtension .ps1
-        $actual.SignerCertificate.Thumbprint | Should -Be $certificate1.Thumbprint
+        $actual.SignerCertificate.Thumbprint | Should -Be $certificate.Thumbprint
         $actual.Status | Should -Be 'Valid'
     }
-
-    It "Gets signature from catalog overriding embedded signature" {
-        $actual = Get-AuthenticodeSignature -FilePath $scriptPath
-        $actual.Thumbprint | Should -Be $certificate2.Thumbprint
-    }
-
-    It "Gets signature from embedded signature only" {
-        $actual = Get-AuthenticodeSignature -FilePath $scriptPath -EmbeddedSignature
-        $actual.Thumbprint | Should -Be $certificate1.Thumbprint
-    }
 }