From b491a295a447dbdf80c5e3c0f54657c9885b1c02 Mon Sep 17 00:00:00 2001
From: Zhihui Xia <zhvxia@amazon.com>
Date: Fri, 2 Feb 2024 10:15:30 -0800
Subject: [PATCH 1/7] disable windows certi store key

---
 .../actions/setup_cross_ci_crt_environment.py | 26 +++++++++++--------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/builder/actions/setup_cross_ci_crt_environment.py b/builder/actions/setup_cross_ci_crt_environment.py
index bdd43a074..6aedaaa78 100644
--- a/builder/actions/setup_cross_ci_crt_environment.py
+++ b/builder/actions/setup_cross_ci_crt_environment.py
@@ -223,12 +223,14 @@ def _common_setup(self, env):
                             "s3://aws-crt-test-stuff/unit-test-key-pkcs12.pem")
             self._setenv(env, "AWS_TEST_MQTT5_IOT_CORE_PKCS12_KEY_PASSWORD", "PKCS12_KEY_PASSWORD")
 
-        # Windows Key Cert
-        if (self.is_windows == True):
-            self._setenv_s3(env, "AWS_TEST_MQTT5_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS",
-                            "s3://aws-crt-test-stuff/unit-test-pfx-no-password.pfx")
-            helpers.create_windows_cert_store(
-                env, "AWS_TEST_MQTT5_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS", "AWS_TEST_MQTT5_IOT_CORE_WINDOWS_CERT_STORE")
+        # TODO: The windows certificate env var is disabled as it is failing in CI. We will bring it back once
+        # it is fixed.
+        # # Windows Key Cert
+        # if (self.is_windows == True):
+        #     self._setenv_s3(env, "AWS_TEST_MQTT5_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS",
+        #                     "s3://aws-crt-test-stuff/unit-test-pfx-no-password.pfx")
+        #     helpers.create_windows_cert_store(
+        #         env, "AWS_TEST_MQTT5_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS", "AWS_TEST_MQTT5_IOT_CORE_WINDOWS_CERT_STORE")
 
         # X509
         self._setenv_secret(env, "AWS_TEST_MQTT5_IOT_CORE_X509_ENDPOINT", "ci/mqtt5/us/x509/endpoint")
@@ -311,12 +313,14 @@ def _common_setup(self, env):
                             "s3://aws-crt-test-stuff/unit-test-key-pkcs12.pem")
             self._setenv(env, "AWS_TEST_MQTT311_IOT_CORE_PKCS12_KEY_PASSWORD", "PKCS12_KEY_PASSWORD")
 
+        # TODO: The windows certificate env var is disabled as it is failing in CI. We will bring it back once
+        # it is fixed.
         # Windows Key Cert
-        if (self.is_windows == True):
-            self._setenv_s3(env, "AWS_TEST_MQTT311_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS",
-                            "s3://aws-crt-test-stuff/unit-test-pfx-no-password.pfx")
-            helpers.create_windows_cert_store(
-                env, "AWS_TEST_MQTT311_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS", "AWS_TEST_MQTT311_IOT_CORE_WINDOWS_CERT_STORE")
+        # if (self.is_windows == True):
+            # self._setenv_s3(env, "AWS_TEST_MQTT311_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS",
+            #                 "s3://aws-crt-test-stuff/unit-test-pfx-no-password.pfx")
+            # helpers.create_windows_cert_store(
+            #     env, "AWS_TEST_MQTT311_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS", "AWS_TEST_MQTT311_IOT_CORE_WINDOWS_CERT_STORE")
 
         # X509
         self._setenv_secret(env, "AWS_TEST_MQTT311_IOT_CORE_X509_ENDPOINT", "ci/mqtt5/us/x509/endpoint")

From 1f08386d372dcf608f1f1c185b40ae6a62b51870 Mon Sep 17 00:00:00 2001
From: Zhihui Xia <zhvxia@amazon.com>
Date: Fri, 2 Feb 2024 10:41:54 -0800
Subject: [PATCH 2/7] a quick test for windows modulePath

---
 .../actions/setup_cross_ci_crt_environment.py | 26 ++++++++-----------
 builder/actions/setup_cross_ci_helpers.py     |  3 +++
 2 files changed, 14 insertions(+), 15 deletions(-)

diff --git a/builder/actions/setup_cross_ci_crt_environment.py b/builder/actions/setup_cross_ci_crt_environment.py
index 6aedaaa78..bdd43a074 100644
--- a/builder/actions/setup_cross_ci_crt_environment.py
+++ b/builder/actions/setup_cross_ci_crt_environment.py
@@ -223,14 +223,12 @@ def _common_setup(self, env):
                             "s3://aws-crt-test-stuff/unit-test-key-pkcs12.pem")
             self._setenv(env, "AWS_TEST_MQTT5_IOT_CORE_PKCS12_KEY_PASSWORD", "PKCS12_KEY_PASSWORD")
 
-        # TODO: The windows certificate env var is disabled as it is failing in CI. We will bring it back once
-        # it is fixed.
-        # # Windows Key Cert
-        # if (self.is_windows == True):
-        #     self._setenv_s3(env, "AWS_TEST_MQTT5_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS",
-        #                     "s3://aws-crt-test-stuff/unit-test-pfx-no-password.pfx")
-        #     helpers.create_windows_cert_store(
-        #         env, "AWS_TEST_MQTT5_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS", "AWS_TEST_MQTT5_IOT_CORE_WINDOWS_CERT_STORE")
+        # Windows Key Cert
+        if (self.is_windows == True):
+            self._setenv_s3(env, "AWS_TEST_MQTT5_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS",
+                            "s3://aws-crt-test-stuff/unit-test-pfx-no-password.pfx")
+            helpers.create_windows_cert_store(
+                env, "AWS_TEST_MQTT5_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS", "AWS_TEST_MQTT5_IOT_CORE_WINDOWS_CERT_STORE")
 
         # X509
         self._setenv_secret(env, "AWS_TEST_MQTT5_IOT_CORE_X509_ENDPOINT", "ci/mqtt5/us/x509/endpoint")
@@ -313,14 +311,12 @@ def _common_setup(self, env):
                             "s3://aws-crt-test-stuff/unit-test-key-pkcs12.pem")
             self._setenv(env, "AWS_TEST_MQTT311_IOT_CORE_PKCS12_KEY_PASSWORD", "PKCS12_KEY_PASSWORD")
 
-        # TODO: The windows certificate env var is disabled as it is failing in CI. We will bring it back once
-        # it is fixed.
         # Windows Key Cert
-        # if (self.is_windows == True):
-            # self._setenv_s3(env, "AWS_TEST_MQTT311_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS",
-            #                 "s3://aws-crt-test-stuff/unit-test-pfx-no-password.pfx")
-            # helpers.create_windows_cert_store(
-            #     env, "AWS_TEST_MQTT311_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS", "AWS_TEST_MQTT311_IOT_CORE_WINDOWS_CERT_STORE")
+        if (self.is_windows == True):
+            self._setenv_s3(env, "AWS_TEST_MQTT311_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS",
+                            "s3://aws-crt-test-stuff/unit-test-pfx-no-password.pfx")
+            helpers.create_windows_cert_store(
+                env, "AWS_TEST_MQTT311_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS", "AWS_TEST_MQTT311_IOT_CORE_WINDOWS_CERT_STORE")
 
         # X509
         self._setenv_secret(env, "AWS_TEST_MQTT311_IOT_CORE_X509_ENDPOINT", "ci/mqtt5/us/x509/endpoint")
diff --git a/builder/actions/setup_cross_ci_helpers.py b/builder/actions/setup_cross_ci_helpers.py
index 968426028..846220fe8 100644
--- a/builder/actions/setup_cross_ci_helpers.py
+++ b/builder/actions/setup_cross_ci_helpers.py
@@ -20,6 +20,9 @@ def create_windows_cert_store(env, certificate_env, location_env):
         return
     pfx_cert_path = env.shell.getenv(certificate_env)
 
+    # quick test
+    env.shell.exec("powershell.exe",["$env:PSModulePath=[Environment]::GetEnvironmentVariable('PSModulePath', 'Machine')"], check=True)
+
     # Import the PFX into the Windows Certificate Store
     # (Passing '$mypwd' is required even though it is empty and our certificate has no password. It fails CI otherwise)
     import_pfx_arguments = [

From 3a22130871b0c28c1acd0b343fafdb977c49bfe0 Mon Sep 17 00:00:00 2001
From: Zhihui Xia <zhvxia@amazon.com>
Date: Fri, 2 Feb 2024 10:57:59 -0800
Subject: [PATCH 3/7] quick fix to create folder to import windows cert

---
 builder/actions/setup_cross_ci_helpers.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/builder/actions/setup_cross_ci_helpers.py b/builder/actions/setup_cross_ci_helpers.py
index 846220fe8..9ca492403 100644
--- a/builder/actions/setup_cross_ci_helpers.py
+++ b/builder/actions/setup_cross_ci_helpers.py
@@ -20,8 +20,16 @@ def create_windows_cert_store(env, certificate_env, location_env):
         return
     pfx_cert_path = env.shell.getenv(certificate_env)
 
-    # quick test
-    env.shell.exec("powershell.exe",["$env:PSModulePath=[Environment]::GetEnvironmentVariable('PSModulePath', 'Machine')"], check=True)
+    new_cert_folder_arguments = [
+        "New-Item",
+        windows_certificate_folder,
+        "-Name",
+        "test_folder",
+        "-ItemType",
+        "container"
+    ]
+
+    create_folder_result = env.shell.exec("powershell.exe", new_cert_folder_arguments, check=True)
 
     # Import the PFX into the Windows Certificate Store
     # (Passing '$mypwd' is required even though it is empty and our certificate has no password. It fails CI otherwise)

From 22efd78d73ae9c9a87888ce152dfdfb35ef51816 Mon Sep 17 00:00:00 2001
From: Zhihui Xia <zhvxia@amazon.com>
Date: Fri, 2 Feb 2024 10:58:16 -0800
Subject: [PATCH 4/7] quick fix to create folder to import windows cert

---
 builder/actions/setup_cross_ci_helpers.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/builder/actions/setup_cross_ci_helpers.py b/builder/actions/setup_cross_ci_helpers.py
index 9ca492403..84b49d981 100644
--- a/builder/actions/setup_cross_ci_helpers.py
+++ b/builder/actions/setup_cross_ci_helpers.py
@@ -29,7 +29,7 @@ def create_windows_cert_store(env, certificate_env, location_env):
         "container"
     ]
 
-    create_folder_result = env.shell.exec("powershell.exe", new_cert_folder_arguments, check=True)
+    env.shell.exec("powershell.exe", new_cert_folder_arguments, check=True)
 
     # Import the PFX into the Windows Certificate Store
     # (Passing '$mypwd' is required even though it is empty and our certificate has no password. It fails CI otherwise)

From 9234152c0a3acb0a01b69990ab47420ecba487d5 Mon Sep 17 00:00:00 2001
From: Zhihui Xia <zhvxia@amazon.com>
Date: Fri, 2 Feb 2024 11:11:02 -0800
Subject: [PATCH 5/7] disable windows cert store

---
 .../actions/setup_cross_ci_crt_environment.py | 24 +++++++++++--------
 builder/actions/setup_cross_ci_helpers.py     |  9 -------
 2 files changed, 14 insertions(+), 19 deletions(-)

diff --git a/builder/actions/setup_cross_ci_crt_environment.py b/builder/actions/setup_cross_ci_crt_environment.py
index bdd43a074..3f64d2e60 100644
--- a/builder/actions/setup_cross_ci_crt_environment.py
+++ b/builder/actions/setup_cross_ci_crt_environment.py
@@ -223,12 +223,14 @@ def _common_setup(self, env):
                             "s3://aws-crt-test-stuff/unit-test-key-pkcs12.pem")
             self._setenv(env, "AWS_TEST_MQTT5_IOT_CORE_PKCS12_KEY_PASSWORD", "PKCS12_KEY_PASSWORD")
 
+        # TODO: The windows certificate env var is disabled as it is failing in CI. We will bring it back once
+        # it is fixed.
         # Windows Key Cert
-        if (self.is_windows == True):
-            self._setenv_s3(env, "AWS_TEST_MQTT5_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS",
-                            "s3://aws-crt-test-stuff/unit-test-pfx-no-password.pfx")
-            helpers.create_windows_cert_store(
-                env, "AWS_TEST_MQTT5_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS", "AWS_TEST_MQTT5_IOT_CORE_WINDOWS_CERT_STORE")
+        # if (self.is_windows == True):
+        #     self._setenv_s3(env, "AWS_TEST_MQTT5_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS",
+        #                     "s3://aws-crt-test-stuff/unit-test-pfx-no-password.pfx")
+        #     helpers.create_windows_cert_store(
+        #         env, "AWS_TEST_MQTT5_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS", "AWS_TEST_MQTT5_IOT_CORE_WINDOWS_CERT_STORE")
 
         # X509
         self._setenv_secret(env, "AWS_TEST_MQTT5_IOT_CORE_X509_ENDPOINT", "ci/mqtt5/us/x509/endpoint")
@@ -311,12 +313,14 @@ def _common_setup(self, env):
                             "s3://aws-crt-test-stuff/unit-test-key-pkcs12.pem")
             self._setenv(env, "AWS_TEST_MQTT311_IOT_CORE_PKCS12_KEY_PASSWORD", "PKCS12_KEY_PASSWORD")
 
+        # TODO: The windows certificate env var is disabled as it is failing in CI. We will bring it back once
+        # it is fixed.
         # Windows Key Cert
-        if (self.is_windows == True):
-            self._setenv_s3(env, "AWS_TEST_MQTT311_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS",
-                            "s3://aws-crt-test-stuff/unit-test-pfx-no-password.pfx")
-            helpers.create_windows_cert_store(
-                env, "AWS_TEST_MQTT311_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS", "AWS_TEST_MQTT311_IOT_CORE_WINDOWS_CERT_STORE")
+        # if (self.is_windows == True):
+            # self._setenv_s3(env, "AWS_TEST_MQTT311_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS",
+            #                 "s3://aws-crt-test-stuff/unit-test-pfx-no-password.pfx")
+            # helpers.create_windows_cert_store(
+            #     env, "AWS_TEST_MQTT311_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS", "AWS_TEST_MQTT311_IOT_CORE_WINDOWS_CERT_STORE")
 
         # X509
         self._setenv_secret(env, "AWS_TEST_MQTT311_IOT_CORE_X509_ENDPOINT", "ci/mqtt5/us/x509/endpoint")
diff --git a/builder/actions/setup_cross_ci_helpers.py b/builder/actions/setup_cross_ci_helpers.py
index 84b49d981..3ac09db31 100644
--- a/builder/actions/setup_cross_ci_helpers.py
+++ b/builder/actions/setup_cross_ci_helpers.py
@@ -20,15 +20,6 @@ def create_windows_cert_store(env, certificate_env, location_env):
         return
     pfx_cert_path = env.shell.getenv(certificate_env)
 
-    new_cert_folder_arguments = [
-        "New-Item",
-        windows_certificate_folder,
-        "-Name",
-        "test_folder",
-        "-ItemType",
-        "container"
-    ]
-
     env.shell.exec("powershell.exe", new_cert_folder_arguments, check=True)
 
     # Import the PFX into the Windows Certificate Store

From 4e1551894d3e1a6400403377833e292c9cb086d3 Mon Sep 17 00:00:00 2001
From: Zhihui Xia <zhvxia@amazon.com>
Date: Fri, 2 Feb 2024 13:36:18 -0800
Subject: [PATCH 6/7] removce test function

---
 builder/actions/setup_cross_ci_helpers.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/builder/actions/setup_cross_ci_helpers.py b/builder/actions/setup_cross_ci_helpers.py
index 3ac09db31..968426028 100644
--- a/builder/actions/setup_cross_ci_helpers.py
+++ b/builder/actions/setup_cross_ci_helpers.py
@@ -20,8 +20,6 @@ def create_windows_cert_store(env, certificate_env, location_env):
         return
     pfx_cert_path = env.shell.getenv(certificate_env)
 
-    env.shell.exec("powershell.exe", new_cert_folder_arguments, check=True)
-
     # Import the PFX into the Windows Certificate Store
     # (Passing '$mypwd' is required even though it is empty and our certificate has no password. It fails CI otherwise)
     import_pfx_arguments = [

From 4beb71de82c433d2d8c8b25d8eede12638d7ce89 Mon Sep 17 00:00:00 2001
From: Zhihui Xia <zhvxia@amazon.com>
Date: Mon, 5 Feb 2024 14:58:33 -0800
Subject: [PATCH 7/7] Add var to disable windows cert store test

---
 .../actions/setup_cross_ci_crt_environment.py | 29 ++++++++++---------
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/builder/actions/setup_cross_ci_crt_environment.py b/builder/actions/setup_cross_ci_crt_environment.py
index 3f64d2e60..cb4c9c2bd 100644
--- a/builder/actions/setup_cross_ci_crt_environment.py
+++ b/builder/actions/setup_cross_ci_crt_environment.py
@@ -14,6 +14,10 @@
 environment variables, secrets, files, etc. that is used to build up the testing environment.
 """
 
+# TODO: The variable is used to disable the windows certificate store test to unblock a CI failure.
+# The variable should be set to TRUE after the CI is fixed.
+ENABLE_WINDOWS_CERT_STORE_TEST = False
+
 
 class SetupCrossCICrtEnvironment(Action):
 
@@ -145,6 +149,12 @@ def _setenv_profile_file(self, env, profile_env_name, config_env_name, access_ke
             print("[ERROR]: Could not get create profile with name: " + str(profile_env_name))
             raise ValueError("Exception occurred trying to create profile")
 
+    def _setup_windows_cert_store_test(self, env, certificate_env_name, cerfiticate_s3_path, store_location_env_name):
+        if (self.is_windows == True and ENABLE_WINDOWS_CERT_STORE_TEST == True):
+            self._setenv_s3(env, certificate_env_name, cerfiticate_s3_path)
+            helpers.create_windows_cert_store(
+                env, certificate_env_name, store_location_env_name)
+
     def _common_setup(self, env):
 
         ################################################
@@ -223,14 +233,9 @@ def _common_setup(self, env):
                             "s3://aws-crt-test-stuff/unit-test-key-pkcs12.pem")
             self._setenv(env, "AWS_TEST_MQTT5_IOT_CORE_PKCS12_KEY_PASSWORD", "PKCS12_KEY_PASSWORD")
 
-        # TODO: The windows certificate env var is disabled as it is failing in CI. We will bring it back once
-        # it is fixed.
         # Windows Key Cert
-        # if (self.is_windows == True):
-        #     self._setenv_s3(env, "AWS_TEST_MQTT5_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS",
-        #                     "s3://aws-crt-test-stuff/unit-test-pfx-no-password.pfx")
-        #     helpers.create_windows_cert_store(
-        #         env, "AWS_TEST_MQTT5_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS", "AWS_TEST_MQTT5_IOT_CORE_WINDOWS_CERT_STORE")
+        self._setup_windows_cert_store_test(env, "AWS_TEST_MQTT5_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS",
+                                            "s3://aws-crt-test-stuff/unit-test-pfx-no-password.pfx", "AWS_TEST_MQTT5_IOT_CORE_WINDOWS_CERT_STORE")
 
         # X509
         self._setenv_secret(env, "AWS_TEST_MQTT5_IOT_CORE_X509_ENDPOINT", "ci/mqtt5/us/x509/endpoint")
@@ -313,14 +318,10 @@ def _common_setup(self, env):
                             "s3://aws-crt-test-stuff/unit-test-key-pkcs12.pem")
             self._setenv(env, "AWS_TEST_MQTT311_IOT_CORE_PKCS12_KEY_PASSWORD", "PKCS12_KEY_PASSWORD")
 
-        # TODO: The windows certificate env var is disabled as it is failing in CI. We will bring it back once
-        # it is fixed.
         # Windows Key Cert
-        # if (self.is_windows == True):
-            # self._setenv_s3(env, "AWS_TEST_MQTT311_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS",
-            #                 "s3://aws-crt-test-stuff/unit-test-pfx-no-password.pfx")
-            # helpers.create_windows_cert_store(
-            #     env, "AWS_TEST_MQTT311_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS", "AWS_TEST_MQTT311_IOT_CORE_WINDOWS_CERT_STORE")
+        self._setup_windows_cert_store_test(env, "AWS_TEST_MQTT311_IOT_CORE_WINDOWS_PFX_CERT_NO_PASS",
+                                            "s3://aws-crt-test-stuff/unit-test-pfx-no-password.pfx",
+                                            "AWS_TEST_MQTT311_IOT_CORE_WINDOWS_CERT_STORE")
 
         # X509
         self._setenv_secret(env, "AWS_TEST_MQTT311_IOT_CORE_X509_ENDPOINT", "ci/mqtt5/us/x509/endpoint")