New-AzureRmADAppCredential EndDate parameter value not used when creating new certificate credential

[AndyHerb]

Description

Creating a new application certificate credential with any end date value creates a new application certificate credential with a one-year expiry. EndDate parameter value is ignored.

I believe this is a mirror issue of #6505, albeit when using a certificate instead of a password.

Script/Steps for Reproduction

$DisplayName = 'My AAD App'
$DomainName = $DisplayName.Replace(' ', '.')

$Date = Get-Date
# Create new self-signed certificate
$Cert = New-SelfSignedCertificate -CertStoreLocation 'Cert:\LocalMachine\My' `
            -Subject "CN=$DomainName" `
            -KeySpec KeyExchange `
            -NotBefore $Date `
            -NotAfter $Date.AddYears(5)

$DomainName = "http://$DomainName"

# Create new AAD Application
$AADApp = New-AzureRmADApplication -DisplayName $DisplayName -HomePage $DomainName -IdentifierUris $DomainName

# Get cert content for uploading to AAD Application
$keyValue = [System.Convert]::ToBase64String($cert.GetRawCertData())

# Add certificate for AAD Application authentication
$AADApp | New-AzureRmADAppCredential -CertValue $keyValue -EndDate $cert.NotAfter -StartDate $cert.NotBefore

Module Version

ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Script     6.3.0      AzureRM

Environment Data

Name                           Value
----                           -----
PSVersion                      5.1.17134.112
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.17134.112
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Debug Output

DEBUG: 13:31:04 - NewAzureADAppCredentialCommand begin processing without ParameterSet.
DEBUG: 13:31:04 - using account id 'xxxx.xxxx@xxxx.com'...
DEBUG: [Common.Authentication]: Authenticating using Account: 'xxxx.xxxx@xxxx.com', environment: 'AzureCloud', tenant: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/29/2018 12:31:04: bbe73a69-daf4-4a16-8155-1dd530bf6f4d - AcquireTokenHandlerBase: === Token Acquisition started:
	Authority: https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/
	Resource: https://graph.windows.net/
	ClientId: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
	CacheType: Microsoft.Azure.Commands.Common.Authentication.ProtectedFileTokenCache (8 items)
	Authentication Target: User
	

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/29/2018 12:31:04:  - TokenCache: Deserialized 8 items to token cache.

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : 
DEBUG: 06/29/2018 12:31:04: bbe73a69-daf4-4a16-8155-1dd530bf6f4d - TokenCache: Looking up cache for a token...

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/29/2018 12:31:04: bbe73a69-daf4-4a16-8155-1dd530bf6f4d - TokenCache: An item matching the requested resource was found in the cache

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : 
DEBUG: 06/29/2018 12:31:04: bbe73a69-daf4-4a16-8155-1dd530bf6f4d - TokenCache: 30.8217571766667 minutes left until token in cache expires

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/29/2018 12:31:04: bbe73a69-daf4-4a16-8155-1dd530bf6f4d - TokenCache: A matching item (access token or refresh token or both) was found in the cache

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/29/2018 12:31:04: bbe73a69-daf4-4a16-8155-1dd530bf6f4d - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
	Access Token Hash: x0wgUn9TbDxJUHsEBec1GfeXjGK/2isDTP14QXkSMTs=
	Refresh Token Hash: lE1/EMz8lXtckW0fFJxAlvQLNUO82jhsHm1Ivp68zw8=
	Expiration Time: 06/29/2018 13:01:54 +00:00
	User Hash: gQYp4zUllSp1v1dUgUvDB/plk2q2PLf3GG4DzK6tgng=
	

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/29/2018 12:31:04: 14af7599-1f2e-4de6-b018-b58f2a46ac34 - AcquireTokenHandlerBase: === Token Acquisition started:
	Authority: https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/
	Resource: https://graph.windows.net/
	ClientId: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
	CacheType: Microsoft.Azure.Commands.Common.Authentication.ProtectedFileTokenCache (8 items)
	Authentication Target: User
	

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/29/2018 12:31:04:  - TokenCache: Deserialized 8 items to token cache.

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : 
DEBUG: 06/29/2018 12:31:04: 14af7599-1f2e-4de6-b018-b58f2a46ac34 - TokenCache: Looking up cache for a token...

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/29/2018 12:31:04: 14af7599-1f2e-4de6-b018-b58f2a46ac34 - TokenCache: An item matching the requested resource was found in the cache

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : 
DEBUG: 06/29/2018 12:31:04: 14af7599-1f2e-4de6-b018-b58f2a46ac34 - TokenCache: 30.8216574366667 minutes left until token in cache expires

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/29/2018 12:31:04: 14af7599-1f2e-4de6-b018-b58f2a46ac34 - TokenCache: A matching item (access token or refresh token or both) was found in the cache

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/29/2018 12:31:04: 14af7599-1f2e-4de6-b018-b58f2a46ac34 - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
	Access Token Hash: x0wgUn9TbDxJUHsEBec1GfeXjGK/2isDTP14QXkSMTs=
	Refresh Token Hash: lE1/EMz8lXtckW0fFJxAlvQLNUO82jhsHm1Ivp68zw8=
	Expiration Time: 06/29/2018 13:01:54 +00:00
	User Hash: gQYp4zUllSp1v1dUgUvDB/plk2q2PLf3GG4DzK6tgng=
	

DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://graph.windows.net/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/applications/f7f2530d-b44e-4950-b59c-430f93bd13c5/keyCredentials?api-version=1.6

Headers:
x-ms-client-request-id        : c483fbd9-5774-4831-ae25-dd25217fa8aa
accept-language               : en-US

Body:



DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Pragma                        : no-cache
ocp-aad-diagnostics-server-name: h41duery3CPm5kxowuKN7pvEekwLyNG/wkcjkTUIbY0=
request-id                    : 73ca1db6-be5d-4fd6-9638-a31ec1d76864
client-request-id             : 0eb96dcd-f993-43c1-9f70-b697a48c49d0
x-ms-dirapi-data-contract-version: 1.6
ocp-aad-session-key           : f8pX468HernJpSURiA4QsJ3O6s7LnEeClKSiMeblr6g10nxCADMFUv-gZ-nWonSpWg5flrjCcq7gb1bjG8-tzpNR3bgxo7suU94iR3cGfih1z4KVZ-6rmLcoEXaAoZNVL3IOGUlXTGvjZyXsbAIqQA.5QRDI630KoDsE_kLf_iP9ub7-nLP4ABGB752zNqWR
qc
X-Content-Type-Options        : nosniff
DataServiceVersion            : 3.0;
Strict-Transport-Security     : max-age=31536000; includeSubDomains
Access-Control-Allow-Origin   : *
Duration                      : 1990292
Cache-Control                 : no-cache
Server                        : Microsoft-IIS/10.0
X-AspNet-Version              : 4.0.30319
X-Powered-By                  : ASP.NET,ASP.NET
Date                          : Fri, 29 Jun 2018 12:31:02 GMT

Body:
{
  "odata.metadata": "https://graph.windows.net/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/$metadata#Collection(Microsoft.DirectoryServices.KeyCredential)",
  "value": []
}


DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/29/2018 12:31:05: 465fad3f-1d63-414d-ab1f-ab1ee9de1aef - AcquireTokenHandlerBase: === Token Acquisition started:
	Authority: https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/
	Resource: https://graph.windows.net/
	ClientId: 1950a258-227b-4e31-a9cf-717495945fc2
	CacheType: Microsoft.Azure.Commands.Common.Authentication.ProtectedFileTokenCache (8 items)
	Authentication Target: User
	

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/29/2018 12:31:05:  - TokenCache: Deserialized 8 items to token cache.

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : 
DEBUG: 06/29/2018 12:31:05: 465fad3f-1d63-414d-ab1f-ab1ee9de1aef - TokenCache: Looking up cache for a token...

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/29/2018 12:31:05: 465fad3f-1d63-414d-ab1f-ab1ee9de1aef - TokenCache: An item matching the requested resource was found in the cache

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : 
DEBUG: 06/29/2018 12:31:05: 465fad3f-1d63-414d-ab1f-ab1ee9de1aef - TokenCache: 30.8163615833333 minutes left until token in cache expires

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/29/2018 12:31:05: 465fad3f-1d63-414d-ab1f-ab1ee9de1aef - TokenCache: A matching item (access token or refresh token or both) was found in the cache

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/29/2018 12:31:05: 465fad3f-1d63-414d-ab1f-ab1ee9de1aef - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
	Access Token Hash: x0wgUn9TbDxJUHsEBec1GfeXjGK/2isDTP14QXkSMTs=
	Refresh Token Hash: lE1/EMz8lXtckW0fFJxAlvQLNUO82jhsHm1Ivp68zw8=
	Expiration Time: 06/29/2018 13:01:54 +00:00
	User Hash: gQYp4zUllSp1v1dUgUvDB/plk2q2PLf3GG4DzK6tgng=
	

DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
PATCH

Absolute Uri:
https://graph.windows.net/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/applications/f7f2530d-b44e-4950-b59c-430f93bd13c5/keyCredentials?api-version=1.6

Headers:
x-ms-client-request-id        : 6ff13b5d-7240-4eb1-bd82-54711697ed2e
accept-language               : en-US

Body:
{
  "value": [
    {
      "startDate": "2018-06-29T12:28:23Z",
      "endDate": "2019-06-29T12:28:23Z",
      "value": "MIIDBDCCAeygAwIBAgIQIMNIEHSy4Y9DJLOX7+zxEDANBgkqhkiG9w0BAQUFADAVMRMwEQYDVQQDDApNeS5BQUQuQXBwMB4XDTE4MDYyOTEyMjgyM1oXDTIzMDYyOTEyMjgyM1owFTETMBEGA1UEAwwKTXkuQUFELkFwcDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
ALuyRpmzDxBZNRB71U/rD+Em2erCUn77hKDYTccdQeN7kx7dZL6akLi7xqujkLSGTlYa79OL2LeHelqMiPr+pTi08m5siQrk/TU+j9qJTZo8gO0vojJuCGmokpXx+NacOcltqz3YZMermG8vDWy6atCtvzahJ3px3K6hkJvRT3DIEbK1zK9prfZxekVB1REnASDgx2mvo0UJ+4KUaQvohfnVPVTKPaZP
xPrGVsQcx7OWGDM5HNLoQy0qW7W++UjNU+3IsrxoGVFIAZybwxwA+DC2bMyDxTZFxo6H3nuJvEEemgGZ+p3Phm0BlhY22YENjy4b5RAeDQBbf76nF7qeYhUCAwEAAaNQME4wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAdBgNVHQ4EFgQUvHTz5/Gmvgcidxou
9THd97aog5cwDQYJKoZIhvcNAQEFBQADggEBABvxfUWNKD7SKxulLA6VGXVajdAz0sWvFIdRwEp7Z2DxQeG4KTsPMGH0IsV6SqfiJuTKXiyKLae7lSviKr4PR4M2bvxKNxsPj7URkdFL43Tgtk/d5sks/zltBhsXKVfPR0VrOZpyt94sj572yprK/Vzdp4T4Qf1BrSIWcIKdftP87VlOjWt+JLsBOy3n
vWkUpuzZWshW8ohdeZ/FU0pZcGD2txgMjwJ44//sWwMfE8ulnTYsK2RN1JY4PorQ8O7kz1mtOQRKF/tlF6L7WIEvoxCF7FZ2dBE77NpN1831o7CBtGMtHNFQTponPd/3s9/u84jqlRM+jE2HrqI95f5zNgI=",
      "keyId": "36edc6b3-4726-468e-aa76-8aa5ea476229",
      "usage": "Verify",
      "type": "AsymmetricX509Cert"
    }
  ]
}


DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
NoContent

Headers:
Pragma                        : no-cache
ocp-aad-diagnostics-server-name: 7Tp4SeZmHVWpitsft4pblwtoFkhCl6ghSATSpneLCJI=
request-id                    : 245d1939-271c-47a6-9cfc-b887a527467b
client-request-id             : beb72ee1-2e4e-4e0d-b5f4-9928d9c23dad
x-ms-dirapi-data-contract-version: 1.6
ocp-aad-session-key           : Wx0STOs9oEig55C5a1mA9EisEACB3ZQEM3KG5HhrUPrPErxhfNce2Qrk-Dym4O5ZSwpV26ymgrW69uCMMnpETyE_c-BLfYDSGEiAmnkYPOx7LIJYS1Tqod20-u72dNvw5DCKsnOC9Vy-HXwZ0vs7HA.QtIHz_FJh8aq6Y_9HJ0OiC7sfN4tMK9D7Sh8DL0W0
d4
X-Content-Type-Options        : nosniff
DataServiceVersion            : 1.0;
Strict-Transport-Security     : max-age=31536000; includeSubDomains
Access-Control-Allow-Origin   : *
Duration                      : 10896775
Cache-Control                 : no-cache
Server                        : Microsoft-IIS/10.0
X-AspNet-Version              : 4.0.30319
X-Powered-By                  : ASP.NET,ASP.NET
Date                          : Fri, 29 Jun 2018 12:31:04 GMT

Body:




DEBUG: AzureQoSEvent: CommandName - New-AzureRmADAppCredential; IsSuccess - True; Duration - 00:00:01.5882632; Exception - ;
DEBUG: Finish sending metric.
DEBUG: 13:31:06 - NewAzureADAppCredentialCommand end processing.
DEBUG: 13:31:06 - NewAzureADAppCredentialCommand end processing.
StartDate           EndDate             KeyId                                Type              
---------           -------             -----                                ----              
29/06/2018 13:28:23 29/06/2019 13:28:23 36edc6b3-4726-468e-aa76-8aa5ea476229 AsymmetricX509Cert

[AndyHerb]

This may already be fixed in #6527 - but I wanted to raise it just in case so that it doesn't get lost if it's a separate issue

[cormacpayne]

@AndyHerb Hey Andy, this appears to be related to the issue you linked in the original description, so it will be fixed in the upcoming release of AzureRM (which will be available on July 3rd). Please let us know if you have any other questions!