From 0afdf28c1ff0522b534cdc325cfc84bda97436a0 Mon Sep 17 00:00:00 2001
From: Nimesh-Msys <nimesh.patni@msystechnologies.com>
Date: Tue, 12 Feb 2019 15:57:15 +0530
Subject: Windows Certificate: Add support to import Base 64 encoded CER
 certificates

- Till now, cer certificates were only considered to be in binary format (DER)
- They can also be base-64 encoded(PEM)
- We should only append "inform DER" only if it is a binary certificate, otherwise, default ("inform PEM") would support base64 encoded certificates.
- Added test caes
- Ensured Chef style

Signed-off-by: Nimesh-Msys <nimesh.patni@msystechnologies.com>
---
 lib/chef/resource/windows_certificate.rb           |  9 ++++++++-
 spec/data/windows_certificates/base64_test.cer     | 22 ++++++++++++++++++++++
 .../resource/windows_certificate_spec.rb           | 16 ++++++++++++++++
 3 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 spec/data/windows_certificates/base64_test.cer

diff --git a/lib/chef/resource/windows_certificate.rb b/lib/chef/resource/windows_certificate.rb
index a4225583e8..252fa24fcd 100644
--- a/lib/chef/resource/windows_certificate.rb
+++ b/lib/chef/resource/windows_certificate.rb
@@ -277,7 +277,9 @@ class Chef
         def convert_pem(ext)
           out = case ext
                 when ".crt", ".cer", ".der"
-                  powershell_out("openssl x509 -text -inform DER -in #{new_resource.source} -outform PEM")
+                  command = "openssl x509 -text -in #{new_resource.source} -outform PEM"
+                  command += " -inform DER" if binary_cert?
+                  powershell_out(command)
                 when ".pfx"
                   powershell_out("openssl pkcs12 -in #{new_resource.source} -nodes -passin pass:'#{new_resource.pfx_password}'")
                 when ".p7b"
@@ -299,6 +301,11 @@ class Chef
           end_cert = "-----END CERTIFICATE-----"
           begin_cert + out[/#{begin_cert}(.*?)#{end_cert}/m, 1] + end_cert
         end
+
+        # Checks if the certificate is binary encoded or not
+        def binary_cert?
+          powershell_out("file -b --mime-encoding #{new_resource.source}").stdout.strip == "binary"
+        end
       end
 
     end
diff --git a/spec/data/windows_certificates/base64_test.cer b/spec/data/windows_certificates/base64_test.cer
new file mode 100644
index 0000000000..0d90bf81e3
--- /dev/null
+++ b/spec/data/windows_certificates/base64_test.cer
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIQNH6iXZnEKbFOEQ7D9f9iCTANBgkqhkiG9w0BAQsFADBK
+MSMwIQYDVQQDDBpBIEJhc2U2NCBEdW1teSBDZXJ0aWZpY2F0ZTEjMCEGCSqGSIb3
+DQEJARYUdGVzdGJ5cnNwZWNAY2hlZi5jb20wHhcNMTkwMjEyMDk1ODM2WhcNMjAw
+MjEyMTAxODM2WjBKMSMwIQYDVQQDDBpBIEJhc2U2NCBEdW1teSBDZXJ0aWZpY2F0
+ZTEjMCEGCSqGSIb3DQEJARYUdGVzdGJ5cnNwZWNAY2hlZi5jb20wggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSy2Qlf2k1X3y/YgEjnvD0K8NeKgXKKi62
+RHRMTJ2+6KSg+I1MqHZC+BVrfzehuJVby5kM7tGLF8FvM3q7X/5oSPg8pvLZzIV0
+pBrpVPCTYw8fnlmFKBt/+m2XOqsWyL59yP+p66SHAKmoLYTGu8dkGvgJn3dwKNen
+VFmwadteVfKs2wFW/ZwUxH4aLloCa8KSyqstIXrYQmdqqFOSuEgkynalD19dozSv
+QtkQ9FZPuFGDwNpdO7OrcjE1lTUlzuth7CqV/pj4GYJhK/PPtO8Ing/BtwZm5XB8
+2yvvLVnL7Y/hikg2ENKA9fOYk52zR/kkd7d8qoJva7WlYEXTZvpdAgMBAAGjcDBu
+MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEw
+HgYDVR0RBBcwFYITd3d3LnRlc3RieXJzcGVjLmNvbTAdBgNVHQ4EFgQUuL1l247K
+h+cVH9LehmQgXuV8F6MwDQYJKoZIhvcNAQELBQADggEBAMTJW5tSZ/g2AP45EUwj
+PLDnDLY4YnsJDQ7Jo58EAY6givUc+ZnKRWxYAYNBOKcqDM5E4pXi3Fa1lKYR1vMu
+5AThPaDXhv18ljGAs21MYt9hl7PqdzbfX4ejF+jCD4UrE8bGtxuDc1WQ2HbeJtdj
+0j7BPPNXfcvPAIyX3BEOQFUPgvVAqzWMQLpdUKg+sNUJZijqKQv11xVALGHtxqGB
+1MFrdl6D/idODfhcdo2n1tBMyOGhHwEOBLqB1PTH72g5J4BVx4iwH/gh8PRmMy0P
+eJkNspgOBGPOhNpe7bhmK45MBuJpmjyl/CYCqtQvaEdpbuRQIgc2e+YRMfR71qYp
+Em8=
+-----END CERTIFICATE-----
diff --git a/spec/functional/resource/windows_certificate_spec.rb b/spec/functional/resource/windows_certificate_spec.rb
index f60b63ade9..a9ed99d318 100644
--- a/spec/functional/resource/windows_certificate_spec.rb
+++ b/spec/functional/resource/windows_certificate_spec.rb
@@ -60,6 +60,7 @@ describe Chef::Resource::WindowsCertificate, :windows_only, :appveyor_only do
   let(:store) { "Chef-Functional-Test" }
   let(:certificate_path) { File.expand_path(File.join(CHEF_SPEC_DATA, "windows_certificates")) }
   let(:cer_path) { File.join(certificate_path, "test.cer") }
+  let(:base64_path) { File.join(certificate_path, "base64_test.cer") }
   let(:pem_path) { File.join(certificate_path, "test.pem") }
   let(:pfx_path) { File.join(certificate_path, "test.pfx") }
   let(:out_path) { File.join(certificate_path, "testout.pem") }
@@ -174,6 +175,21 @@ describe Chef::Resource::WindowsCertificate, :windows_only, :appveyor_only do
       end
     end
 
+    context "Adds Base64 Encoded CER" do
+      before do
+        win_certificate.source = base64_path
+        win_certificate.run_action(:create)
+      end
+      it "Imports certificate into store" do
+        expect(no_of_certificates).to eq(1)
+      end
+      it "Idempotent: Does not converge while adding again" do
+        win_certificate.run_action(:create)
+        expect(no_of_certificates).to eq(1)
+        expect(win_certificate).not_to be_updated_by_last_action
+      end
+    end
+
     context "Adds PEM" do
       before do
         win_certificate.source = pem_path
-- 
cgit v1.2.1