updating gemlock files

Signed-off-by: John McCrae <john.mccrae@progress.com>

9 files changed, 194 insertions, 132 deletions

diff --git a/Gemfile.lock b/Gemfile.lock
index 6a4dc6579e..d937910dfd 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -493,8 +493,8 @@ GEM
 
 PLATFORMS
   ruby
-  x64-mingw-ucrt
   x64-mingw32
+  x64-unknown
   x86-mingw32
 
 DEPENDENCIES
diff --git a/cspell.json b/cspell.json
index 9ca21c7297..767e66fffd 100644
--- a/cspell.json
+++ b/cspell.json
@@ -120,6 +120,7 @@
     "borat",
     "bsearch",
     "bsevn",
+    "BSTR",
     "bufptr",
     "bufsize",
     "bugfixing",
diff --git a/docs/dev/how_to/building_chef_client_and_related_gems.md b/docs/dev/how_to/building_chef_client_and_related_gems.md
index 621de2a19f..e8eafb2b55 100644
--- a/docs/dev/how_to/building_chef_client_and_related_gems.md
+++ b/docs/dev/how_to/building_chef_client_and_related_gems.md
@@ -23,9 +23,9 @@ This page endeavors to explain the vagaries of building out Chef Client and its
 
 **What to do**:
 
-When you peruse the repo you’ll note that there are a number of directories here. You will need to manage the accompanying .NET code bases in addition to the chef-powershell code itself. 
+When you peruse the repo you’ll note that there are a number of directories here. You will need to manage the accompanying .NET code bases in addition to the chef-powershell code itself.
 
-There are 2 ways to use this pipeline. The first is to merely merge your PR back into main once all the tests pass. This triggers an automated Github Actions pipeline that will push a compiled gem to RubyGems.org. The second way is to manually build and test the gem and then manually push it to Rubygems.org. You will need access to the RubyGems - chef-powershell repo via API key to do a manual upload. **NOTE**: This code base is entirely windows based. Meaning, you will compile and test on Windows and the gem will only run on a Windows device. The code supports PowerShell Core but the gcc libraries needed to run on Mac/Linux have not been built out yet. 
+There are 2 ways to use this pipeline. The first is to merely merge your PR back into main once all the tests pass. This triggers an automated Github Actions pipeline that will push a compiled gem to RubyGems.org. The second way is to manually build and test the gem and then manually push it to Rubygems.org. You will need access to the RubyGems - chef-powershell repo via API key to do a manual upload. **NOTE**: This code base is entirely windows based. Meaning, you will compile and test on Windows and the gem will only run on a Windows device. The code supports PowerShell Core but the gcc libraries needed to run on Mac/Linux have not been built out yet.
 
 
 
@@ -35,9 +35,9 @@ There are 2 ways to use this pipeline. The first is to merely merge your PR back
 
 **What to do**:
 
-The Win32-Certstore code provides an FFI/Win32 based gem used to manage certificates on a Windows node. 
+The Win32-Certstore code provides an FFI/Win32 based gem used to manage certificates on a Windows node.
 
-This one is a bit gnarly, see the notes below. Chef Infra team has backlogged issues to add functionality to the C++ libraries. If you have some spare cycles, we need the help. 
+This one is a bit gnarly, see the notes below. Chef Infra team has backlogged issues to add functionality to the C++ libraries. If you have some spare cycles, we need the help.
 
 To start `git checkout -b`There are 2 parts of the code here. You’ll need to do your thing in C++ and then make sure the corresponding FFI/Ruby interfaces and methods are all working. Then push your branch back to main and open a PR. Once your code is green and merged, you’re done .   **NOTE:** This code base is Windows based and contains C++ code. You’ll need a windows machine to test on. You can probably get away with developing on Mac or Linux.
 
@@ -51,12 +51,12 @@ To start `git checkout -b`There are 2 parts of the code here. You’ll need to d
 
 **What to do**:
 
-There are a few steps in performing a release. They are documented here : https://github.com/chef/chef/blob/main/docs/dev/how_to/releasing_chef_infra.md 
+There are a few steps in performing a release. They are documented here : https://github.com/chef/chef/blob/main/docs/dev/how_to/releasing_chef_infra.md
 
 In Essence:
 
 1. Is your current build clean - no random errors, no busted tests?
-2. Have you documented all the changes in this build? This is a critical step to help customers and partner understand the changes we’re releasing. 
+2. Have you documented all the changes in this build? This is a critical step to help customers and partner understand the changes we’re releasing.
 3. Promote the build
 4. Announce the build in Slack to #sous-chefs and #general
 5. Update Homebrew
@@ -64,7 +64,7 @@ In Essence:
 7. Backport to Chef 17 and Chef 16 as appropriate
    1. Git Pull Chef
    2. git checkout chef17
-   3. git checkout -b mybranch_based_on_chef17
+   3. git checkout -b my_branch_based_on_chef17
    4. Do my work on chef17 branch
    5. Merge it back to Chef17
 
@@ -90,7 +90,7 @@ You have a feature or a bug you just fixed. Now what? Write your tests and, run
 
 **What to do**:
 
-You have some code that may or may not really dodgy and you kinda need/want to see where the possible problems are with it. You can do an ad-hoc build against your branch to give it a go. To do that, you do this: There are 2 paths you can follow for a build. Chef stand-alone and Chef as part of the Chef Workstation product.  
+You have some code that may or may not really dodgy and you kinda need/want to see where the possible problems are with it. You can do an ad-hoc build against your branch to give it a go. To do that, you do this: There are 2 paths you can follow for a build. Chef stand-alone and Chef as part of the Chef Workstation product.
 
 [Chef Client Ad-Hoc Build Site](https://buildkite.com/chef/chef-chef-master-omnibus-adhoc/)
 
@@ -110,4 +110,4 @@ Steps:
    OMNIBUS_BUILD_FILTER=windows*
    ```
 
-   
+
diff --git a/lib/chef/api_client_v1.rb b/lib/chef/api_client_v1.rb
index f7a41cdb5b..b61efa9857 100644
--- a/lib/chef/api_client_v1.rb
+++ b/lib/chef/api_client_v1.rb
@@ -299,10 +299,10 @@ class Chef
 
         # the new method only gets called when migrating keys to the certificate store.
         new_client = if Chef::Config[:migrate_key_to_keystore] == true
-                chef_rest_v1_with_validator.post("clients", payload)
-              else
-                chef_rest_v1.post("clients", payload)
-              end
+                       chef_rest_v1_with_validator.post("clients", payload)
+                     else
+                       chef_rest_v1.post("clients", payload)
+                     end
 
         # get the private_key out of the chef_key hash if it exists
         if new_client["chef_key"]
diff --git a/lib/chef/client.rb b/lib/chef/client.rb
index 29eaf3df83..c3b62a60c3 100644
--- a/lib/chef/client.rb
+++ b/lib/chef/client.rb
@@ -52,12 +52,11 @@ Chef.autoload :PolicyBuilder, File.expand_path("policy_builder", __dir__)
 require_relative "request_id"
 require_relative "platform/rebooter"
 require_relative "mixin/deprecation"
-# require_relative "mixin/powershell_exec"
 require "chef-utils" unless defined?(ChefUtils::CANARY)
 require "ohai" unless defined?(Ohai::System)
 require "rbconfig" unless defined?(RbConfig)
 require "forwardable" unless defined?(Forwardable)
-require "singleton"
+require "singleton" unless defined?(Singleton)
 
 require_relative "compliance/runner"
 
@@ -663,7 +662,6 @@ class Chef
           logger.trace("Client key #{config[:client_key]} is present in Certificate Store - skipping registration")
         else
           move_key_and_register(cert_name)
-          KeyMigration.instance.key_migrated = false
           logger.trace("Client key #{config[:client_key]} moved to the Certificate Store - skipping registration")
         end
         events.skipping_registration(client_name, config)
@@ -694,10 +692,6 @@ class Chef
       win32certstore.search("#{cert_name}")
     end
 
-    # def generate_pfx_package(cert_name)
-    #   self.generate_pfx_package(cert_name)
-    # end
-
     def generate_pfx_package(cert_name, date = nil)
       require_relative "mixin/powershell_exec"
       extend Chef::Mixin::PowershellExec
@@ -723,37 +717,32 @@ class Chef
     end
 
     def move_key_and_register(cert_name)
-      require 'time'
+      require "time" unless defined?(Time)
       autoload :URI, "uri"
 
-      base_url = "https://" +  URI.parse(Chef::Config[:chef_server_url]).host
-      client = Chef::ServerAPI.new(base_url, client_name: Chef::Config[:validation_client_name], signing_key_filename: Chef::Config[:validation_key])
-
       KeyMigration.instance.key_migrated = true
 
       node = Chef::Config[:node_name]
       d = Time.now
       end_date = Time.new(d.year, d.month + 3, d.day, d.hour, d.min, d.sec).utc.iso8601
-      public_key = get_public_key(cert_name)
 
       payload = {
         name: node,
         clientname: node,
-        public_key: public_key,
-        expiration_date: end_date
+        public_key: "",
+        expiration_date: end_date,
       }
 
-      generate_pfx_package(cert_name,end_date)
-
-      body = { "name": "#{node}" }
-      client.post("/organizations/cheftest2/nodes", body)
-      client.post("/organizations/cheftest2/clients", payload)
-
+      generate_pfx_package(cert_name, end_date)
+      payload[:public_key] = get_public_key(cert_name)
+      base_url = "#{Chef::Config[:chef_server_url]}"
+      client = Chef::ServerAPI.new(base_url, client_name: Chef::Config[:validation_client_name], signing_key_filename: Chef::Config[:validation_key])
+      client.post(base_url + "/clients", payload)
+      KeyMigration.instance.key_migrated = false
       Chef::Log.trace("Updated client data: #{client.inspect}")
     end
 
     def get_public_key(cert_name)
-      binding.pry
       password = ::Chef::HTTP::Authenticator.get_cert_password
       require_relative "mixin/powershell_exec"
       extend Chef::Mixin::PowershellExec
@@ -768,7 +757,7 @@ class Chef
       path = cert_file[1]
       p12 = OpenSSL::PKCS12.new(File.binread(path), password)
       File.delete(path)
-      return p12.key.public_to_pem
+      p12.key.public_to_pem
     end
 
     #
diff --git a/lib/chef/http/authenticator.rb b/lib/chef/http/authenticator.rb
index eaa5130647..641599972a 100644
--- a/lib/chef/http/authenticator.rb
+++ b/lib/chef/http/authenticator.rb
@@ -22,8 +22,6 @@ require_relative "../exceptions"
 require_relative "../win32/registry"
 autoload :OpenSSL, "openssl"
 
-require "pry"
-
 class Chef
   class HTTP
     class Authenticator
@@ -50,7 +48,6 @@ class Chef
         @auth_credentials = AuthCredentials.new(opts[:client_name], @key, use_ssh_agent: opts[:ssh_agent_signing])
         @version_class = opts[:version_class]
         @api_version = opts[:api_version]
-        @old_priv_key = nil
       end
 
       def handle_request(method, url, headers = {}, data = false)
@@ -103,6 +100,18 @@ class Chef
         self.class.retrieve_certificate_key(client_name)
       end
 
+      def get_cert_password
+        self.class.get_cert_password
+      end
+
+      def encrypt_pfx_pass
+        self.class.encrypt_pfx_pass
+      end
+
+      def decrypt_pfx_pass
+        self.class.decrypt_pfx_pass
+      end
+
       # Detects if a private key exists in a certificate repository like Keychain (macOS) or Certificate Store (Windows)
       #
       # @param client_name - we're using the node name to store and retrieve any keys
@@ -130,17 +139,14 @@ class Chef
       end
 
       def load_signing_key(key_file, raw_key = nil)
-        results = if !!Chef::Client::KeyMigration.instance.old_priv_key
-                    Chef::Client::KeyMigration.instance.old_priv_key
-                  else
-                    retrieve_certificate_key(Chef::Config[:node_name])
-                  end
-        if key_file == nil? && raw_key == nil?
-          puts "\nNo key detected\n"
+        results = retrieve_certificate_key(Chef::Config[:node_name])
+
+        if ::Chef::Config[:migrate_key_to_keystore] == true && ::Chef::Client::KeyMigration.instance.key_migrated == true
+          @raw_key = IO.read(Chef::Config[:validation_key]).strip
         elsif !!results
           @raw_key = results
-        elsif ::Chef::Config[:migrate_key_to_keystore] == true && Chef::Client::KeyMigration.instance.key_migrated == true
-          @raw_key = IO.read(Chef::Config[:validation_key]).strip
+        elsif key_file == nil? && raw_key == nil?
+          puts "\nNo key detected\n"
         elsif !!key_file
           @raw_key = IO.read(key_file).strip
         elsif !!raw_key
@@ -193,14 +199,6 @@ class Chef
         password
       end
 
-      def get_cert_password
-        self.get_cert_password
-      end
-
-      def encrypt_pfx_pass
-        self.ncrypt_pfx_pass
-      end
-
       def self.encrypt_pfx_pass(password)
         powershell_code = <<~CODE
           $encrypted_string = ConvertTo-SecureString "#{password}" -AsPlainText -Force
@@ -259,49 +257,6 @@ class Chef
         CODE
       end
 
-      def self.is_certificate_expiring(pkcs)
-        require 'time'
-        cert_date = DateTime.parse(pkcs.certificate.not_after.iso8601)
-        today = DateTime.parse(Time.now.iso8601)
-        client_name = "chef-#{Chef::Config[:node_name]}"
-        if cert_date.mjd - today.mjd <= 7
-          Chef::Client::KeyMigration.instance.old_priv_key = pkcs.key.private_to_pem
-          create_new_pfx_in_keystore(client_name)
-        end
-      end
-
-      def self.create_new_pfx_in_keystore(client_name)
-        require 'time'
-        node = Chef::Config[:node_name]
-        delete_old_pfx(client_name)
-        new_client = Chef::Client.new
-        d = Time.now
-        end_date = Time.new(d.year, d.month + 3, d.day, d.hour, d.min, d.sec).utc.iso8601
-        new_client.generate_pfx_package(client_name, end_date)
-        new_public_key = new_client.get_public_key(client_name)
-        base_url = "https://" +  URI.parse(Chef::Config[:chef_server_url]).host
-        client = Chef::ServerAPI.new(base_url, client_name: Chef::Config[:client_name], signing_key_filename: "cert://#{client_name}")
-
-        payload = {
-          name: "default",
-          public_key: new_public_key,
-          expiration_date: end_date
-        }
-        client.put("/organizations/cheftest2/clients/#{node}/keys/default", payload)
-      end
-
-      def self.delete_old_pfx(cert_name)
-        powershell_code = <<~CODE
-          Try{
-            Get-ChildItem Cert:\\LocalMachine\\My | Where-Object { $_.Subject -match "#{cert_name}$" } -ErrorAction Stop | Remove-Item;
-          }
-          Catch{
-            return $false
-          }
-        CODE
-        powershell_exec!(powershell_code).result
-      end
-
       def authentication_headers(method, url, json_body = nil, headers = nil)
         request_params = {
           http_method: method,
diff --git a/spec/integration/client/client_spec.rb b/spec/integration/client/client_spec.rb
index 9bf7497a9e..3960123acd 100644
--- a/spec/integration/client/client_spec.rb
+++ b/spec/integration/client/client_spec.rb
@@ -35,21 +35,22 @@ describe "chef-client" do
     @server = @api = nil
   end
 
-  def install_certificate_in_store
+  def install_certificate_in_store(client_name)
     if ChefUtils.windows?
       powershell_exec!("New-SelfSignedCertificate -certstorelocation cert:\\localmachine\\my -Subject #{client_name} -FriendlyName #{client_name} -KeyExportPolicy Exportable")
     end
   end
 
   def create_registry_key
-    @win32registry = Chef::Win32::Registry.new
-    path = "HKEY_LOCAL_MACHINE\\Software\\Progress\\Authentication"
-    unless @win32registry.key_exists?(path)
-      @win32registry.create_key(path, true)
-    end
-    password = SOME_CHARS.sample(1 + rand(SOME_CHARS.count)).join[0...14]
-    values = { name: "PfxPass", type: :string, data: password }
-    @win32registry.set_value(path, values)
+    ::Chef::HTTP::Authenticator.get_cert_password
+    # @win32registry = Chef::Win32::Registry.new
+    # path = "HKEY_LOCAL_MACHINE\\Software\\Progress\\Authentication"
+    # unless @win32registry.key_exists?(path)
+    #   @win32registry.create_key(path, true)
+    # end
+    # password = SOME_CHARS.sample(1 + rand(SOME_CHARS.count)).join[0...14]
+    # values = { name: "PfxPass", type: :string, data: password }
+    # @win32registry.set_value(path, values)
   end
 
   def remove_certificate_from_store
@@ -59,7 +60,7 @@ describe "chef-client" do
   end
 
   def remove_registry_key
-    powershell_exec!("Remove-Item -Path HKLM:\\SOFTWARE\\Progress -Recurse")
+    powershell_exec!("Remove-ItemProperty -Path HKLM:\\SOFTWARE\\Progress\\Authentication -Name 'PfxPass' ")
   end
 
   def verify_export_password_exists
@@ -92,6 +93,7 @@ describe "chef-client" do
   let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
   let(:chef_solo) { "bundle exec #{ChefUtils::Dist::Solo::EXEC} --legacy-mode --minimal-ohai --always-dump-stacktrace" }
   let(:client_name) { "chef-973334" }
+  let(:hostname) { "973334" }
 
   context "when validation.pem in current Directory" do
     let(:validation_path) { "" }
@@ -178,7 +180,6 @@ describe "chef-client" do
         # FATAL: Configuration error NoMethodError: undefined method `xxx' for nil:NilClass
         expect(result.stdout).to include("xxx")
       end
-
     end
 
     it "should complete with success" do
@@ -194,19 +195,17 @@ describe "chef-client" do
     if ChefUtils.windows?
       context "and the private key is in the Windows CertStore" do
         before do
-          # install the p12/pfx and make sure the key and password are stored in the registry
-          install_certificate_in_store
+          install_certificate_in_store(client_name)
           create_registry_key
         end
 
         after do
-          # remove the p12/pfx and remove the registry key
           remove_certificate_from_store
           remove_registry_key
         end
 
         it "should verify that the cert is loaded in the LocalMachine\\My" do
-          expect(Chef::HTTP::Authenticator.check_certstore_for_key(client_name)).to eq(true)
+          expect(Chef::HTTP::Authenticator.check_certstore_for_key(hostname)).to eq(true)
         end
 
         it "should verify that the export password for the pfx is loaded in the Registry" do
@@ -214,7 +213,7 @@ describe "chef-client" do
         end
 
         it "should verify that a private key is returned to me" do
-          expect(Chef::HTTP::Authenticator.retrieve_certificate_key(client_name)).not_to be_falsey
+          expect(Chef::HTTP::Authenticator.retrieve_certificate_key(client_name)).not_to be nil
         end
       end
     end
diff --git a/spec/unit/client_spec.rb b/spec/unit/client_spec.rb
index 1e835ae398..1b8775e0d8 100644
--- a/spec/unit/client_spec.rb
+++ b/spec/unit/client_spec.rb
@@ -23,6 +23,11 @@ require "chef/run_context"
 require "chef/server_api"
 require "rbconfig"
 
+begin
+  require "chef-powershell"
+rescue LoadError
+end
+
 class FooError < RuntimeError
 end
 
@@ -282,6 +287,52 @@ shared_examples "a failed run" do
   end
 end
 
+describe Chef::Client, :windows_only do
+  let(:hostname) { "test" }
+  let(:my_client) { Chef::Client.new }
+  let(:cert_name) { "chef-#{hostname}" }
+  let(:end_date) do
+    d = Time.now
+    end_date = Time.new(d.year, d.month + 3, d.day, d.hour, d.min, d.sec).utc.iso8601
+  end
+  # include_context "client"
+  before(:each) do
+    Chef::Config[:migrate_key_to_keystore] = true
+  end
+
+  after(:each) do
+    delete_certificate(cert_name)
+  end
+
+  context "when the client intially boots the first time" do
+    it "created a new pfx object" do
+      expect(my_client.generate_pfx_package(cert_name, end_date)).to be_truthy
+    end
+
+    it "verfies that a certificate correctly exists in the Cert Store" do
+      my_client.generate_pfx_package(cert_name, end_date)
+      expect(my_client.check_certstore_for_key(cert_name)).not_to be false
+    end
+
+    it "correctly returns a new Publc Key" do
+      my_client.generate_pfx_package(cert_name, end_date)
+      public_key = my_client.get_public_key(cert_name)
+      cert_object = OpenSSL::PKey::RSA.new(public_key)
+      expect(cert_object.to_s).to match(/PUBLIC KEY/)
+    end
+
+  end
+
+  def delete_certificate(cert_name)
+    require "chef/mixin/powershell_exec"
+    extend Chef::Mixin::PowershellExec
+    powershell_code = <<~CODE
+      Get-ChildItem -path cert:\\LocalMachine\\My -Recurse -Force  | Where-Object { $_.Subject -Match "#{cert_name}" } | Remove-item
+    CODE
+    powershell_exec!(powershell_code)
+  end
+end
+
 describe Chef::Client do
   include_context "client"
 
diff --git a/spec/unit/http/authenticator_spec.rb b/spec/unit/http/authenticator_spec.rb
index 28bcc23677..0bb81b8ca5 100644
--- a/spec/unit/http/authenticator_spec.rb
+++ b/spec/unit/http/authenticator_spec.rb
@@ -19,6 +19,86 @@
 require "spec_helper"
 require "chef/http/authenticator"
 
+describe Chef::HTTP::Authenticator, :windows_only do
+  let(:class_instance) { Chef::HTTP::Authenticator.new(client_name: "test") }
+  let(:method) { "GET" }
+  let(:url) { URI("https://chef.example.com/organizations/test") }
+  let(:headers) { {} }
+  let(:data) { "" }
+  let(:node_name) { "test" }
+  let(:passwrd) { "some_insecure_password" }
+
+  before(:each) do
+    ::Chef::Config[:node_name] = "test"
+    cert_name = "chef-#{node_name}"
+    d = Time.now
+    end_date = Time.new(d.year, d.month + 3, d.day, d.hour, d.min, d.sec).utc.iso8601
+
+    my_client = Chef::Client.new
+    my_client.generate_pfx_package(cert_name, end_date)
+  end
+
+  after(:each) do
+    require "chef/mixin/powershell_exec"
+    extend Chef::Mixin::PowershellExec
+    cert_name = "chef-#{node_name}"
+    delete_certificate(cert_name)
+  end
+
+  context "when retrieving a certificate from the certificate store" do
+    it "retrieves a certificate password from the registry when the hive does not already exist" do
+      delete_registry_hive
+      expect { class_instance.get_cert_password }.not_to raise_error
+    end
+
+    it "should return a password of at least 14 characters in length" do
+      password = class_instance.get_cert_password
+      expect(password.length).to eql(14)
+    end
+
+    it "retrieves a certificate password from the registry when the hive exists" do
+      set_registry_hive
+      expect { class_instance.get_cert_password }.not_to raise_error
+    end
+
+    it "correctly retrieves a private key from the certstore" do
+      cert_name = "chef-#{node_name}"
+      expect { class_instance.retrieve_certificate_key(cert_name) }.not_to raise_error
+    end
+
+    it "correctly retrieves a valid certificate in pem format from the certstore" do
+      require "openssl"
+      certificate = class_instance.retrieve_certificate_key(node_name)
+      cert_object = OpenSSL::PKey::RSA.new(certificate)
+      expect(cert_object.to_s).to match(/BEGIN RSA PRIVATE KEY/)
+    end
+
+    # does retrieving a cert work
+    # is the password at least 14 characters
+    # is the pem a proper cert object
+  end
+
+  def delete_certificate(cert_name)
+    powershell_code = <<~CODE
+      Get-ChildItem -path cert:\\LocalMachine\\My -Recurse -Force  | Where-Object { $_.Subject -Match "#{cert_name}" } | Remove-item
+    CODE
+    powershell_exec!(powershell_code)
+  end
+
+  def delete_registry_hive
+    @win32registry = Chef::Win32::Registry.new
+    path = "HKEY_LOCAL_MACHINE\\Software\\Progress\\Authentication"
+    present = @win32registry.get_values(path)
+    unless present.nil? || present.empty?
+      @win32registry.delete_key(path, true)
+    end
+  end
+
+  def set_registry_hive
+    class_instance.get_cert_password
+  end
+end
+
 describe Chef::HTTP::Authenticator do
   let(:class_instance) { Chef::HTTP::Authenticator.new(client_name: "test") }
   let(:method) { "GET" }
@@ -26,6 +106,10 @@ describe Chef::HTTP::Authenticator do
   let(:headers) { {} }
   let(:data) { "" }
 
+  before do
+    ::Chef::Config[:node_name] = "foo"
+  end
+
   context "when handle_request is called" do
     shared_examples_for "merging the server API version into the headers" do
       before do
@@ -68,23 +152,6 @@ describe Chef::HTTP::Authenticator do
       end
     end
 
-    context "when retrieving a certificate from the certificate store" :windows_only do
-      before each do
-      end
-      after each do
-      end
-      it "retrieves a certificate password from the registry" do
-        expect(class_instance.get_cert_password).not_to raise_error
-      end
-      # get a password when it does not already exist in the registry
-      # get a password that DOES already exist in the registry
-      # does retrieving a cert work
-      # does the password decrypt correctly
-      # does it encrypt correctly.
-      # is the decrypted password at least 14 characters
-      # does delete old pfx actually delete shit?
-    end
-
     context "when !sign_requests?" do
       before do
         allow(class_instance).to receive(:sign_requests?).and_return(false)