Merge pull request #31 from webmd-health-services/bugfix/convert-prov…

…ider-returns-value-when-does-no-work

3.1.3  Convert-CCertificateProvider returns value when it does no work

CHANGELOG.md

@@ -1,14 +1,26 @@
-<!-- markdownlint-disable MD024 (no-duplicate-heading/no-duplicate-header) -->
+<!-- markdownlint-disable MD024 no-duplicate-heading/no-duplicate-header -->
+<!-- markdownlint-disable MD012 no-multiple-blanks -->
 
-# 3.1.2
+# Carbon.Cryptography Changelog
+
+## 3.1.3
+
+> Released 26 Apr 2023
+
+Fixed: `Convert-CCertificateProvider` returns a value even when it performs no conversion.
+
+
+## 3.1.2
 
 Fixed: `Convert-CCertificateProvider` fails on Windows Server 2012 R2 when a certificate isn't password-protected.
 
-# 3.1.1
+
+## 3.1.1
 
 Fixed: `Find-CCertificate` fails if a certificate's subject alternate name is `null` or has a `null` value.
 
-# 3.1.0
+
+## 3.1.0
 
 * The `New-CRsaKeyPair` function can now generate a key pair that uses a specific
 [Cryptographic Service Provider](https://learn.microsoft.com/en-us/windows/win32/seccrypto/microsoft-cryptographic-service-providers).
@@ -17,11 +29,12 @@ default provider is "Microsoft Enhanced RSA and AES Cryptographic Provider" (i.e
 Provider").
 * Function `Convert-CCertificateProvider` to convert the provider of a certificate's private key.
 
-# 3.0.0
 
-## Upgrade Instructions
+## 3.0.0
+
+### Upgrade Instructions
 
-### From Previous Versions of Carbon.Cryptography
+#### From Previous Versions of Carbon.Cryptography
 
 It turns out, PowerShell doesn't find and auto-load modules that use the `DefaultCommandPrefix` setting. So, we've
 removed `Carbon.Cryptography` module's `DefaultCommandPrefix` and explicitly added a `C` prefix to all commands.
@@ -39,7 +52,7 @@ you would change it to:
 If you have automation that installs modules with `Install-Module`, you may need to add the `-AllowClobber` switch if
 you've got previous versions of Carbon.Cryptography or Carbon installed.
 
-### From Carbon
+#### From Carbon
 
 Add a `-KeyUsage DocumentEncryption` argument to usages of `New-CRsaKeyPair`. The `KeyUsage` parameter was added and if
 not given, `New-CRsaKeyPair` generates a key pair with no key usages or enhanced key usages. To create a key pair for
@@ -51,15 +64,15 @@ Remove all usages of the `New-CRsaKeyPair` function's `ValidFrom` and `Authority
 `New-CRsaKeyPair` used to return two `[IO.FileInfo]` objects: the generated public key and private key. It now returns
 one object that has `PublicKeyFile` and `PrivateKeyFile` properties instead. Update usages.
 
-## Added
+### Added
 
 * Copied the `New-CRsaKeyPair` function from Carbon. This function generates a public/private key pair suitable for
 document encryption, including in DSC resources and PowerShell's CMS message cmdlets.
 * Added anew `KeyUsage` parameter to `New-CRsaKeyPair`. When not given, certificates with no key usages or enhanced key
 usages are created. Pass the key's usages to this parameter. Valid usages are `ClientAuthentication`, `CodeSigning`,
 `DocumentEncryption`, `DocumentSigning`, and `ServerAuthentication`.
 
-## Changes
+### Changes
 
 * Added a `C` prefix to each command and removed the `DefaultCommandPrefix`. PowerShell won't auto-load a module that uses
 a default command prefix and you call the command with the prefix.
@@ -70,22 +83,25 @@ versions created a key pair for document encryption. To get previous default beh
 Instead, it returns an object with `PrivateKeyFile` and `PublicKeyFile` properties, which are `[IO.FileInfo]` objects
 for the public and private key, respectively.
 
-## Fixes
+### Fixes
 
 * Fixed: `New-CRsaKeyPair` function fails when public/private key files already exist, even if using the `-Force`
 parameter.
 
-# 2.3.0
+
+## 2.3.0
 
 * Added `Find-CCertificate` function for finding certificates by searching subjects, start/end dates, private keys,
   hostnames, key usages, and whether or not they are trusted.
 
-# 2.2.1
+
+## 2.2.1
 
 * Fixed: `Install-CCertificate` fails when loading a certificate from a file and when adding a certificate to a store.
 * Fixed: `Get-CCertificate` fails when using the `KeyStorageFlags` parameter.
 
-# 2.2.0
+
+## 2.2.0
 
 * Fixed: `Uninstall-CCertificate` and `Install-CCertificate` can fail if the module's default prefix is changed.
 * Fixed: `Get-CCertificate` didn't fail when the user can't open or read a certificate store.
@@ -97,17 +113,19 @@ parameter.
 * Added `LiteralFriendlyName` parameter to `Get-CCertificate` to search for certificates that have wildcard characters
   in their friendly names (Windows only).
 
-# 2.1.0
+
+## 2.1.0
 
 * `Install-CCertificate` now works on Linux and macOS.
 * `Uninstall-CCertificate` now works on Linux and macOS.
 * Fixed: `Get-CCertificate` only returns one instance of a certificate even if that certificate exists in multiple
   stores and/or locations.
 * `Uninstall-CCertificate` no longer opens a store for writing if the certificate to delete isn't installed.
 
-# 2.0.0
 
-## Upgrade Instructions
+## 2.0.0
+
+### Upgrade Instructions
 
 `Carbon.Cryptography` now uses the `DefaultCommandPrefix` module manifest metadata to add the `C` prefix to its
 commands. If you're using the `Import-Module` cmdlet's `-Function` parameter when importing `Carbon.Cryptography`,
@@ -118,14 +136,15 @@ The `Get-LocalCertificate` function was removed. Replace any usages of `Get-Loca
 The `Remove-Certificate` alias was removed. Replace usages of the `Remove-Certificate` alias with
 `Uninstall-CCertificatte`.
 
-## Changes
+### Changes
 
 * `Carbon.Cryptography` now uses the `DefaultCommandPrefix` module manifest metadata to add the `C` prefix to its
   commands.
 * Removed `Get-LocalCertificate` function (it was an internal function that was accidentally exported from the module).
 * Removed `Remove-Certificate` alias to `Uninstall-CCertificate`.
 
-# 1.1.0
+
+## 1.1.0
 
 * Added `Find-CTlsCertificate` function that finds an HTTPS certificate that matches a given hostname, searching the My
   store for the local machine or current user.
@@ -136,30 +155,35 @@ The `Remove-Certificate` alias was removed. Replace usages of the `Remove-Certif
   parameters now act as filters for what certificates to return. A certificate must match *all* filters to be returned.
 * Added a `Subject` parameter to `Get-CCertificate` to find certificates by subject.
 
-# 1.0.4
+
+## 1.0.4
 
 * Fixed: `Unprotect-CString` sometimes fails to decrypt a secret if the decryption key certificate is installed in
   multiple certificate stores but some of those times without the private key.
 
-# 1.0.3
+
+## 1.0.3
 
 * Fixed: When installing certificates with private keys, the `Install-CCertificate` function causes Windows API to write
   extra files to the directories where private keys are saved.
 * Fixed: In some situations, the `Install-CCertificate` function, when passed a certificate object to install with a
   private key, would fail to install the private key.
 
-# 1.0.2
+
+## 1.0.2
 
 * Fixed: `Unprotect-CString` error handling fails when encryption fails.
 
-# 1.0.1
+
+## 1.0.1
 
 * Fixed: `Protect-CString` incorrectly marked as a filter instead of a function.
 * Fixed: `Protect-CString` and `Unprotect-CString` failed to handle encryption exceptions.
 
-# 1.0.0
 
-## Upgrade Instructions
+## 1.0.0
+
+### Upgrade Instructions
 
 If upgrading from Carbon 2, you should do the following:
 
@@ -173,7 +197,7 @@ If upgrading from Carbon 2, you should do the following:
   and get back a plain text string. Remove the `-AsSecureString` parameter if you were previously requesting a secure
   string.
 
-## Changes
+### Changes
 
 * Migrated `Convert-CSecureStringToString` from Carbon.
 * `Convert-CSecureStringToString` now accepts piping in secure strings.

Carbon.Cryptography/Carbon.Cryptography.psd1

@@ -17,7 +17,7 @@
     RootModule = 'Carbon.Cryptography.psm1'
 
     # Version number of this module.
-    ModuleVersion = '3.1.2'
+    ModuleVersion = '3.1.3'
 
     # ID used to uniquely identify this module
     GUID = '225b9f63-3e3e-406c-87a0-33d34f30cd8e'

Carbon.Cryptography/Functions/Convert-CCertificateProvider.ps1

@@ -10,7 +10,7 @@ function Convert-CCertificateProvider
     the certificate file to the `FilePath` parameter, and the new provider name to the `ProviderName` parameter. If the
     certificate file is password-protected, pass the password to the `Password` parameter.
 
-    If the private key's provider is already the value passed to the function, nothing happens.
+    If the private key's provider is already the value passed to the function, nothing happens and nothing is returned.
 
     The function uses the `certutil` command to import the certificate with its private key into a "Temp" store for the
     current user using the new provider. This command actually does the conversion process. Then,
@@ -106,12 +106,6 @@ function Convert-CCertificateProvider
 
     if ($pkProviderName -eq $ProviderName)
     {
-        return [pscustomobject]@{
-            Path = $FilePath;
-            OldProviderName = $pkProviderName;
-            NewProviderName = $ProviderName;
-            NewCertificateBase64Encoded = ([IO.File]::ReadAllBytes($FilePath) | ConvertTo-CBase64);
-        }
         return
     }
 

Tests/Convert-CCertificateProvider.Tests.ps1

@@ -100,9 +100,16 @@ BeforeAll {
     function ThenReturned
     {
         param(
+            [Parameter(ParameterSetName='Certificate', Position=0)]
             $Name,
+
+            [Parameter(ParameterSetName='Certificate')]
             $WithOldProvider,
+
+            [Parameter(ParameterSetName='Certificate')]
             $WithNewProvider,
+
+            [Parameter(Mandatory, ParameterSetName='Nothing')]
             [switch] $Nothing
         )
 
@@ -166,7 +173,7 @@ Describe 'Convert-CCertificateProvider' {
         WhenConverting 'open.pfx' -WithArgs @{ ProviderName = $script:oldProviderName }
         ThenNoError
         ThenCertificate 'open.pfx' -HasProvider $script:oldProviderName -IsIdenticalTo $script:sourceCertPathUnprotected
-        ThenReturned 'open.pfx' -WithOldProvider $script:oldProviderName -WithNewProvider $script:oldProviderName
+        ThenReturned -Nothing
     }
 
     It 'should validate file path' {