ps/Modules/Alkami.DevOps.Certificates/Public/Update-CertBindings.tests.ps1

. $PSScriptRoot\..\..\Load-PesterModules.ps1
$here = Split-Path -Parent $MyInvocation.MyCommand.Path
$sut = (Split-Path -Leaf $MyInvocation.MyCommand.Path) -replace '\.tests\.', '.'
$functionPath = Join-Path -Path $here -ChildPath $sut
Write-Host "Overriding SUT: $functionPath"
Import-Module $functionPath -Force
$moduleForMock = ""

$exportPassword = "Test"
$exportPath = "c:\temp\CertificateTest"

Remove-Item $exportPath -Force -Recurse -ErrorAction SilentlyContinue | Out-Null
New-Item -ItemType Directory $exportPath -Force | Out-Null

Describe "Update-CertBindings" {

    BeforeEach {

        Mock -ModuleName $moduleForMock Get-ChildItem { return @{ PsParentPath="Microsoft.PowerShell.Security\Certificate::LocalMachine\My" }} -ParameterFilter { $Path -and $Path -eq "CERT:\\LocalMachine\My\0102030405" }
        Mock -ModuleName $moduleForMock Get-ChildItem { return @{ PsParentPath="Microsoft.PowerShell.Security\Certificate::LocalMachine\My" }} -ParameterFilter { $Path -and $Path -eq "CERT:\\LocalMachine\My\1011121314" }
        Mock -ModuleName $moduleForMock Get-ChildItem { return $null} -ParameterFilter { $PsParentPath -and !$PsParentPath -eq "CERT:\\0102030405" }
        Mock -ModuleName $moduleForMock Save-IISServerManagerChanges {}
    }

    Context "When there are bad inputs when calling Update-CertBindings" {

        It "Throws Exception if all skip flags set" {
            { Update-CertBindings '' "thumbprint" } | Should Throw
        }

        It "Throws Exception if path doesn't exist" {
            { Update-CertBindings "thumbprint" '' } | Should Throw
        }
    }

    Context "When the inputs are valid and the certificates are missing" {

        It "Throws Exception when existing cert not found" {
            { Update-CertBindings "99 99 99 99 99" '01 02 03 04 05' } | Should Throw "9999999999"
        }

        It "Throws Exception when replacement cert not found" {
            { Update-CertBindings "01 02 03 04 05" '99 99 99 99 99' } | Should Throw "9999999999"
        }
    }

    Context "When the inputs are valid and the certificates exist" {

        It "Updates Certificate Hash with new certificate hash when the site is valid and matches existing cert" {
            Mock -ModuleName $moduleForMock New-Object {
                @{

                    Sites = @{
                        Name = "Test Site"
                        Bindings = @{
                            CertificateHash = "01 02 03 04 05".Split(" ") | ForEach-Object { [CONVERT]::toint16($_,16)}
                        }

                    }
                }
            } -ParameterFilter { $TypeName -and $TypeName -eq "Microsoft.Web.Administration.ServerManager"}

             Update-CertBindings "01 02 03 04 05" "10 11 12 13 14"

             Assert-MockCalled -ModuleName $moduleForMock Save-IISServerManagerChanges -Times 1 -Exactly -Scope It
        }

        It "Does not Update Certificate Hash when there are no sites" {

            Mock -ModuleName $moduleForMock New-Object { } -ParameterFilter { $TypeName -and $TypeName -eq "Microsoft.Web.Administration.ServerManager"}

            Update-CertBindings "01 02 03 04 05" "10 11 12 13 14"

            Assert-MockCalled -ModuleName $moduleForMock Save-IISServerManagerChanges -Times 0 -Exactly -Scope It
        }

        It "Does not Update Certificate Hash when no sites have a certificate binding" {

            Mock -ModuleName $moduleForMock New-Object {
                @{

                    Sites = @{
                        Name = "Test Site"
                        Bindings = $null

                    }
                }
            } -ParameterFilter { $TypeName -and $TypeName -eq "Microsoft.Web.Administration.ServerManager"}

            Update-CertBindings "01 02 03 04 05" "10 11 12 13 14"

            Assert-MockCalled -ModuleName $moduleForMock Save-IISServerManagerChanges -Times 0 -Exactly -Scope It
        }

        It "Does not update hash when sites hash matches new cert hash" {
            Mock -ModuleName $moduleForMock New-Object {
                @{

                    Sites = @{
                        Name = "Test Site"
                        Bindings = @{
                            CertificateHash = "10 11 12 13 14".Split(" ") | ForEach-Object { [CONVERT]::toint16($_,16)}
                        }

                    }
                }
            } -ParameterFilter { $TypeName -and $TypeName -eq "Microsoft.Web.Administration.ServerManager"}

             Update-CertBindings "01 02 03 04 05" "10 11 12 13 14"

             Assert-MockCalled -ModuleName $moduleForMock Save-IISServerManagerChanges -Times 0 -Exactly -Scope It
        }

        It "Does not update hash when sites hash does not match existing certificate" {
            Mock -ModuleName $moduleForMock New-Object {
                @{

                    Sites = @{
                        Name = "Test Site"
                        Bindings = @{
                            CertificateHash = "03 04 02 01".Split(" ") | ForEach-Object { [CONVERT]::toint16($_,16)}
                        }

                    }
                }
            } -ParameterFilter { $TypeName -and $TypeName -eq "Microsoft.Web.Administration.ServerManager"}

             Update-CertBindings "01 02 03 04 05" "10 11 12 13 14"

             Assert-MockCalled -ModuleName $moduleForMock Save-IISServerManagerChanges -Times 0 -Exactly -Scope It
        }
    }
}