From cfced5c5762c095d5b777d158cdbad663815ef9e Mon Sep 17 00:00:00 2001 From: Joe-Rennert <159470310+Joe-Rennert@users.noreply.github.com> Date: Wed, 22 May 2024 14:22:30 -0500 Subject: [PATCH] Website: Choosing certificate with longest remaining validity (#633) --- CHANGELOG.md | 11 +++++++---- source/DSCResources/DSC_WebSite/DSC_WebSite.psm1 | 3 ++- tests/Unit/DSC_Website.Tests.ps1 | 13 +++++++++++++ 3 files changed, 22 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 487a10a1..6162ab0a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,11 +18,14 @@ For older change log history see the [historic changelog](HISTORIC_CHANGELOG.md) - Website - Add Ensure to LogCustomFieldInformation. ([issue #571](https://github.com/dsccommunity/WebAdministrationDsc/issues/571)) + - Added code to ensure certificate selected has longest time until expiration when multiple matching certificates are found ([issue #578](https://github.com/dsccommunity/WebAdministrationDsc/issues/578)) ### Fixed - IisLogging - Can now remove all LogCustomFields using Ensure. ([issue #571](https://github.com/dsccommunity/WebAdministrationDsc/issues/571)) +- WebSite + - Added code to ensure certificate has private key. ([issue #578](https://github.com/dsccommunity/WebAdministrationDsc/issues/578)) ## [4.1.0] - 2023-01-03 @@ -39,11 +42,11 @@ For older change log history see the [historic changelog](HISTORIC_CHANGELOG.md) In WebVirtualDirectory WebApplication '' and '/' can now be used interchangeably. - Fixed Add WebVirtualDirectory when WebApplication = '/'. - Fixed Remove WebVirtualDirectory when WebApplication = ''. -- CommonTestHelper - Added `Invoke-UnitTestCleanup` to get consistent cleanup of stubs. - Gives correct execution of integration tests when run in same PowerShell session as unit tests (no longer calling stubs). +- CommonTestHelper + Added `Invoke-UnitTestCleanup` to get consistent cleanup of stubs. + Gives correct execution of integration tests when run in same PowerShell session as unit tests (no longer calling stubs). Gives correct `Restore-WebConfiguration` after integration tests when run in same PowerShell session as unit tests (no longer calling stub). -- MockWebAdministrationWindowsFeature +- MockWebAdministrationWindowsFeature [Issue #351](https://github.com/dsccommunity/WebAdministrationDsc/issues/351) Stubs now throw StubNotImplemented when they are called in order to show when a cmdlet is not mocked correctly. diff --git a/source/DSCResources/DSC_WebSite/DSC_WebSite.psm1 b/source/DSCResources/DSC_WebSite/DSC_WebSite.psm1 index 253d7f81..466c8a87 100644 --- a/source/DSCResources/DSC_WebSite/DSC_WebSite.psm1 +++ b/source/DSCResources/DSC_WebSite/DSC_WebSite.psm1 @@ -1474,7 +1474,8 @@ function ConvertTo-WebBinding if ($FindCertificateSplat) { $FindCertificateSplat.Add('Store',$CertificateStoreName) - $Certificate = Find-Certificate @FindCertificateSplat | Select-Object -First 1 + $Certificate = Find-Certificate @FindCertificateSplat | Where-Object {$_.HasPrivateKey -eq $true} | ` + Sort-Object -Property NotAfter -Descending | Select-Object -First 1 if ($Certificate) { $certificateHash = $Certificate.Thumbprint diff --git a/tests/Unit/DSC_Website.Tests.ps1 b/tests/Unit/DSC_Website.Tests.ps1 index bf9848c0..4e4a1006 100644 --- a/tests/Unit/DSC_Website.Tests.ps1 +++ b/tests/Unit/DSC_Website.Tests.ps1 @@ -2521,6 +2521,8 @@ try Mock Find-Certificate -MockWith { return [PSCustomObject]@{ Thumbprint = 'C65CE51E20C523DEDCE979B9922A0294602D9D5C' + HasPrivateKey = $true + NotAfter = (Get-Date).AddDays(50) } } @@ -2549,6 +2551,8 @@ try Mock Find-Certificate -MockWith { return [PSCustomObject]@{ Thumbprint = 'C65CE51E20C523DEDCE979B9922A0294602D9D5C' + HasPrivateKey = $true + NotAfter = (Get-Date).AddDays(50) } } @@ -2576,11 +2580,20 @@ try Mock Find-Certificate -MockWith { return @( + [PSCustomObject]@{ + Thumbprint = 'AFD927459B4ACD3CAFBAD7DFD9317B740A7D8122' + HasPrivateKey = $true + NotAfter = (Get-Date).AddDays(15) + } [PSCustomObject]@{ Thumbprint = 'C65CE51E20C523DEDCE979B9922A0294602D9D5C' + HasPrivateKey = $true + NotAfter = (Get-Date).AddDays(50) }, [PSCustomObject]@{ Thumbprint = '28B88504F609F685B9A49C8F0EC49EDA1337CAFE' + HasPrivateKey = $true + NotAfter = (Get-Date).AddDays(25) } ) }