wastoresh
diff --git a/‎.gitignore
Lines changed: 2 additions & 0 deletions b/‎.gitignore
Lines changed: 2 additions & 0 deletions
diff --git a/‎AzurePowershell.Test.targets
Lines changed: 568 additions & 529 deletions b/‎AzurePowershell.Test.targets
Lines changed: 568 additions & 529 deletions
diff --git a/‎appveyor.yml
Lines changed: 7 additions & 7 deletions b/‎appveyor.yml
Lines changed: 7 additions & 7 deletions
diff --git a/‎build.proj
Lines changed: 134 additions & 92 deletions b/‎build.proj
Lines changed: 134 additions & 92 deletions
diff --git a/‎src/ServiceManagement/ManagedCache/Commands.ManagedCache.Test/MSSharedLibKey.snk renamed to ‎setup/PowerShellSetup.Test/MSSharedLibKey.snk b/‎src/ServiceManagement/ManagedCache/Commands.ManagedCache.Test/MSSharedLibKey.snk renamed to ‎setup/PowerShellSetup.Test/MSSharedLibKey.snk
diff --git a/‎setup/PowerShellSetup.Test/MsiLayoutTests.cs
Lines changed: 274 additions & 0 deletions b/‎setup/PowerShellSetup.Test/MsiLayoutTests.cs
Lines changed: 274 additions & 0 deletions
@@ -29,6 +29,8 @@ x64/
 build/
 bld/
 src/*/[Bb]in/
+setup/**/*/[Bb]in/
+setup/[Bb]in/
 [Oo]bj/
 
 # Roslyn cache directories
 
@@ -8,13 +8,13 @@ environment:
 build_script:
   - ps: |
       $ErrorActionPreference = "Stop"
-      $response = Invoke-WebRequest ("https://api.github.com/repos/" + $env:APPVEYOR_REPO_NAME + "/releases/tags/" + $env:APPVEYOR_REPO_TAG_NAME) -Timeout 10
+      $response = Invoke-WebRequest ("https://api.github.com/repos/" + $env:APPVEYOR_REPO_NAME + "/releases/latest") -Timeout 10
       if($response -ne $null -and $response.StatusCode -ne 200)
       {
         $host.SetShouldExit(1)
       }
 
-      $unzip_path = "C:\projects\azure-powershell-release"
+      $unzip_path = "C:\projects\release"
       $unzip_file = $unzip_path + "zip"
       Invoke-WebRequest ($response.Content | ConvertFrom-Json).zipball_url -OutFile $unzip_file
       7z x $unzip_file -o"$unzip_path"
@@ -38,7 +38,7 @@ build_script:
           {
             continue
           }
-          if((gc $psd1 | Out-String) -notmatch "ModuleVersion\s*=\s*$pattern")
+          if((gc $psd1 | Out-String) -notmatch "ModuleVersion\s*=\s*'$pattern'")
           {
             continue
           }
@@ -48,12 +48,12 @@ build_script:
 test: off
 shallow_clone: true
 on_success:
-  - git clone -q --branch=%target_branch% %content_repo% %TEMP%\Azure
-  - cd %TEMP%\Azure
-  - ps: ls $global:output -dir | % { copy $_.FullName (ls -dir | select -First 1) -Recurse -Force }
   - git config --global credential.helper store
   - ps: ac "$env:USERPROFILE\.git-credentials" "https://$($env:github_access_token):[email protected]`n"
   - git config --global user.email %email%
   - git config --global user.name %name%
+  - git clone -q --branch=%target_branch% %content_repo% %TEMP%\Azure
+  - cd %TEMP%\Azure
+  - ps: ls $global:output -dir | % { copy $_.FullName (ls -dir | select -First 1) -Recurse -Force }
   - git add -A
-  - git diff --quiet --exit-code --cached || git commit -m "Sync docs from source code repo to content repo." && git push origin %target_branch% && appveyor AddMessage "Content Updated"
+  - git diff --quiet --exit-code --cached || git commit -m "Sync docs from source code repo to content repo." && git push origin %target_branch% && appveyor AddMessage "Content Updated"
@@ -0,0 +1,274 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+namespace PowerShellSetup.Tests
+{
+    using System;
+    using System.Collections.Generic;
+    using System.Diagnostics;
+    using System.IO;
+    using System.Linq;
+    using System.Management.Automation;
+    using System.Threading.Tasks;
+    using Xunit;
+    using Xunit.Abstractions;
+
+    /// <summary>
+    /// Set of tests to run against MSI
+    /// These set of tests are especially for scenario like:
+    ///     1) Layout errors, things getting copied to the wrong location
+    ///     2) Checking if files in the MSI including the MSI are signed
+    ///     3) Checking if files included in MSI uses right signing alogirthm
+    /// 
+    /// </summary>
+    public class MsiLayoutTests: MsiTestBase
+    {
+        const string MSI_NAME = "AzurePowerShell.msi";
+        const string MSI_EXTRACT_DIR_NAME = "msiContents";
+        string _procOutput;
+        string _procErr;
+
+        public MsiLayoutTests(ITestOutputHelper testOutput) : base(testOutput)
+        {
+            _procOutput = string.Empty;
+            _procErr = string.Empty;
+        }
+
+        [Fact]
+        [Trait("AcceptanceType", "CheckIn")]
+        public void VerifyMsiExecExists()
+        {
+            ProcessStartInfo psi = GetInitializedPSI();
+            psi.FileName = "Msiexec.exe";
+            psi.Arguments = "/qn /x:1234";
+
+            this.ExecuteShellCmd(psi, out _procOutput, out _procErr);
+            Assert.NotEmpty(_procOutput);
+        }
+        
+        //[Fact]
+        //[Trait("AcceptanceType", "CheckIn")]
+        //public void VerifyNoJavaScriptFiles()
+        //{
+        //    string procErr = string.Empty;
+        //    string msiContentsDirPath = ExtractMsiContents(out procErr);
+        //    IEnumerable<string> msiFiles = Directory.EnumerateFiles(msiContentsDirPath, "*.js", SearchOption.AllDirectories);
+        //    TestLog.WriteLine("Expecting no *.js files in MSI");            
+        //    foreach (string unsigFile in msiFiles)
+        //    {
+        //        TestLog.WriteLine(unsigFile);
+        //    }
+        //    Assert.Equal(0, msiFiles.Count<string>());
+        //}
+
+        //[Fact]
+        //[Trait("AcceptanceType", "CheckIn")]
+        //public void VerifyNoJsonFiles()
+        //{
+        //    string procErr = string.Empty;
+        //    string msiContentsDirPath = ExtractMsiContents(out procErr);
+        //    IEnumerable<string> msiFiles = Directory.EnumerateFiles(msiContentsDirPath, "*.json", SearchOption.AllDirectories);
+        //    TestLog.WriteLine("Expecting no *.json files in MSI");
+        //    foreach (string unsigFile in msiFiles)
+        //    {
+        //        TestLog.WriteLine(unsigFile);
+        //    }
+        //    Assert.Equal(0, msiFiles.Count<string>());
+        //}
+        
+        [Fact]
+        [Trait("SignedBuild", "BVT")]
+        public void VerifyFilesAreSigned()
+        {
+            string SHA1 = "sha1RSA";
+            string SHA2 = "sha256RSA";
+
+            List<string> expectedSignatureAlgos = new List<string>() { SHA1, SHA2 };
+            string msiContentsDir = this.ExtractMsiContents(out _procErr);
+            Assert.True(Directory.Exists(msiContentsDir));
+            Assert.True(string.IsNullOrEmpty(_procErr));
+
+            IEnumerable<string> msiFiles = Directory.EnumerateFiles(msiContentsDir, "*", SearchOption.AllDirectories);
+            //Ignore Newtonsoft, .xml, .msi (need to find out why unsigned msi get's packaged inside the MSI)
+            IEnumerable<string> exceptionFiles = Directory.EnumerateFiles(msiContentsDir, "*.xml", SearchOption.AllDirectories)
+                .Union<string>(Directory.EnumerateFiles(msiContentsDir, "newtonsoft*.dll", SearchOption.AllDirectories))
+                .Union<string>(Directory.EnumerateFiles(msiContentsDir, "automapper*.dll", SearchOption.AllDirectories))
+                .Union<string>(Directory.EnumerateFiles(msiContentsDir, "security*.dll", SearchOption.AllDirectories))
+                .Union<string>(Directory.EnumerateFiles(msiContentsDir, "bouncy*.dll", SearchOption.AllDirectories))
+                .Union<string>(Directory.EnumerateFiles(msiContentsDir, "*.psd1", SearchOption.AllDirectories))
+                .Union<string>(Directory.EnumerateFiles(msiContentsDir, "*.json", SearchOption.AllDirectories))
+                .Union<string>(Directory.EnumerateFiles(msiContentsDir, "*.cscfg", SearchOption.AllDirectories))
+                .Union<string>(Directory.EnumerateFiles(msiContentsDir, "*.csdef", SearchOption.AllDirectories))
+                .Union<string>(Directory.EnumerateFiles(msiContentsDir, "*.cmd", SearchOption.AllDirectories))
+                .Union<string>(Directory.EnumerateFiles(msiContentsDir, "*.config", SearchOption.AllDirectories))
+                .Union<string>(Directory.EnumerateFiles(msiContentsDir, "*.php", SearchOption.AllDirectories))
+                .Union<string>(Directory.EnumerateFiles(msiContentsDir, "*.yml", SearchOption.AllDirectories))
+                .Union<string>(Directory.EnumerateFiles(msiContentsDir, "*.gitignore", SearchOption.AllDirectories))
+                .Union<string>(Directory.EnumerateFiles(msiContentsDir, "*.js", SearchOption.AllDirectories))   // We are doing this because Get-AuthenticodeSignature cannot verify .js files
+                .Union<string>(Directory.EnumerateFiles(msiContentsDir, "*.msi", SearchOption.AllDirectories));
+
+            Assert.NotNull(msiFiles);
+            IEnumerable<string> filesToVerify = msiFiles.Except<string>(exceptionFiles);
+
+            #region
+            // Make sure filesToVerify do not have any of the files that are either external to MS 
+            // or are not signed (which are expected not to be signed eg. psd1 files)
+            List<string> noXmlFiles = filesToVerify.Where<string>((fl) => fl.EndsWith(".xml")).ToList<string>();
+            //TestLog.WriteLine("Verifying no .xml files are in the verify list of files");
+            Assert.True(noXmlFiles.Count == 0);
+
+            List<string> noNewtonsoftFiles = filesToVerify.Where<string>((fl) => fl.Contains("newtonsoft")).ToList<string>();
+            //TestLog.WriteLine("Verifying no 'Newtonsoft*.dll' files are in the verify list of files");
+            Assert.True(noNewtonsoftFiles.Count == 0);
+
+            List<string> noMsiFiles = filesToVerify.Where<string>((fl) => fl.EndsWith(".msi")).ToList<string>();
+            //TestLog.WriteLine("Verifying no '*.msi' files are in the verify list of files");
+            Assert.True(noMsiFiles.Count == 0);
+            #endregion
+
+            List<string> noPsd1Files = filesToVerify.Where<string>((fl) => fl.EndsWith(".psd1")).ToList<string>();
+            //TestLog.WriteLine("Verifying no '*.psd1' files are in the verify list of files");
+            Assert.True(noPsd1Files.Count == 0);
+            
+            // Now extract each category of files and verify if they matched to the algorithm they are expected to be signed
+            IEnumerable<string> dllFiles = filesToVerify.Where<string>((fl) => fl.EndsWith(".dll")).ToList<string>();
+            IEnumerable<string> scriptFiles = filesToVerify.Where<string>((fl) => fl.EndsWith(".ps1"))
+                .Union<string>(filesToVerify.Where<string>((fl) => fl.EndsWith(".psm1")))
+                //.Union<string>(filesToVerify.Where<string>((fl) => fl.EndsWith(".js")))   // We are doing this because Get-AuthenticodeSignature cannot verify .js files
+                .Union<string>(filesToVerify.Where<string>((fl) => fl.EndsWith(".ps1xml")));
+
+            IEnumerable<string> dllScriptCombined = dllFiles.Union<string>(scriptFiles);
+            IEnumerable<string> diff = filesToVerify.Except<string>(dllScriptCombined);
+
+            TestLog.WriteLine("Verify number of dlls, script files match");
+            foreach(string fl in diff)
+            {
+                TestLog.WriteLine(fl);
+            }
+            Assert.Equal(dllScriptCombined.Count(), filesToVerify.Count());
+
+            List<string> unsignedDlls = GetUnsignedFiles(dllFiles, expectedSignatureAlgos);
+            TestLog.WriteLine("Verifying if DLLs are properly signed");
+            unsignedDlls.ForEach((unsigDll) => TestLog.WriteLine(unsigDll));
+            Assert.Equal(unsignedDlls.Count, 0);
+
+            List<string> unsignedScripts = GetUnsignedFiles(scriptFiles, SHA2);
+            TestLog.WriteLine("Verifying if SCRIPTS are properly signed");
+            unsignedScripts.ForEach((unsigScript) => TestLog.WriteLine(unsigScript));
+            Assert.Equal(unsignedScripts.Count, 0);
+            
+            // We do this because, we sign MSI as SHA2 with SHA1 hash.
+            // Verifying msi under windows --> Rightclick --> Properties will show SHA1
+            // Verifying msi with Get-AuthenticodeSignature will return as SHA2
+            List<string> unsignedMsi = GetUnsignedFiles(new List<string>() { this.GetAzurePSMsiPath() }, SHA2);
+            TestLog.WriteLine("Verifying if MSI is properly signed");
+            unsignedMsi.ForEach((unsigMsi) => TestLog.WriteLine(unsigMsi));
+            Assert.Equal(unsignedMsi.Count, 0);
+        }
+
+        #region Private Functions
+        private List<string> GetUnsignedFiles(IEnumerable<string> signedFiles, string expectedAlgorithm)
+        {
+            List<string> unsignedFiles = new List<string>();
+            string unsignedFileStatusFormat = "Expected signature '{0}', Actual '{1}' signature ::: {2}";
+
+            Parallel.ForEach<string>(signedFiles, (providedFilePath) =>
+            {
+                string sigAlgo = GetFileSignature(providedFilePath);
+
+                if(string.IsNullOrEmpty(sigAlgo))
+                {
+                    unsignedFiles.Add(string.Format(unsignedFileStatusFormat, expectedAlgorithm, sigAlgo, providedFilePath));
+                }
+                else if(!sigAlgo.Equals(expectedAlgorithm, StringComparison.OrdinalIgnoreCase))
+                {
+                    unsignedFiles.Add(string.Format(unsignedFileStatusFormat, expectedAlgorithm, sigAlgo, providedFilePath));
+                }
+            });
+
+            return unsignedFiles;
+        }
+
+        private List<string> GetUnsignedFiles(IEnumerable<string> signedFiles, List<string> expectedSignatureAlgorithmList)
+        {
+            List<string> unsignedFiles = new List<string>();
+            string algoList = string.Join("/", expectedSignatureAlgorithmList);
+            string unsignedFileStatusFormat = "Expected signature '{0}', Actual '{1}' signature ::: {2}";
+
+            Parallel.ForEach<string>(signedFiles, (providedFilePath) =>
+            {
+                string sigAlgo = GetFileSignature(providedFilePath);
+
+                if (string.IsNullOrEmpty(sigAlgo))
+                {
+                    unsignedFiles.Add(string.Format(unsignedFileStatusFormat, algoList, sigAlgo, providedFilePath));
+                }
+                else 
+                {
+                    string match = expectedSignatureAlgorithmList.Find((pn) => pn.Equals(sigAlgo, System.StringComparison.OrdinalIgnoreCase));
+                    if (string.IsNullOrEmpty(match))
+                    {
+                        unsignedFiles.Add(string.Format(unsignedFileStatusFormat, algoList, sigAlgo, providedFilePath));
+                    }
+                }
+            });
+
+            return unsignedFiles;
+        }
+
+        private List<string> GetUnsignedFilesSync(IEnumerable<string> signedFiles, string expectedAlgorithm)
+        {
+            List<string> unsignedFiles = new List<string>();
+            string unsignedFileStatusFormat = "Expected signature '{0}', Actual '{1}' signature ::: {2}";
+
+            foreach(string providedFilePath in signedFiles)
+            {
+                string sigAlgo = GetFileSignature(providedFilePath);
+
+                if (string.IsNullOrEmpty(sigAlgo))
+                {
+                    unsignedFiles.Add(string.Format(unsignedFileStatusFormat, expectedAlgorithm, sigAlgo, providedFilePath));
+                }
+                else if (!sigAlgo.Equals(expectedAlgorithm, StringComparison.OrdinalIgnoreCase))
+                {
+                    unsignedFiles.Add(string.Format(unsignedFileStatusFormat, expectedAlgorithm, sigAlgo, providedFilePath));
+                }
+            }
+
+            return unsignedFiles;
+        }
+
+        /// <summary>
+        /// Checks if a file is signed and returns the friendly alogrithm name of the file
+        /// Returns the friendly algorithm name of a file
+        /// </summary>
+        /// <param name="providedFilePath">Full file path for which Signature has to be verified</param>
+        /// <returns>Friendly Algorithm name, String.empty if not signed</returns>
+        private string GetFileSignature(string providedFilePath)
+        {
+            string friendlyAlgorithmName = string.Empty;
+            if (File.Exists(providedFilePath))
+            {
+                using (PowerShell ps = PowerShell.Create())
+                {
+                    ps.AddCommand("Get-AuthenticodeSignature", true);
+                    ps.AddParameter("FilePath", providedFilePath);
+                    var cmdLetResults = ps.Invoke();
+
+                    foreach (PSObject result in cmdLetResults)
+                    {
+                        Signature sig = (Signature)result.BaseObject;
+                        if(sig.Status.Equals(SignatureStatus.Valid))
+                        {
+                            friendlyAlgorithmName = sig.SignerCertificate.SignatureAlgorithm.FriendlyName;
+                        }
+                        break;
+                    }
+                }
+            }
+
+            return friendlyAlgorithmName;
+        }
+        #endregion
+    }
+}