Tests/Public/Search-PWSHCertutilCerts.Tests.ps1

BeforeAll {
    Import-Module (Resolve-Path "$PSScriptRoot\..\..\Posh-Certutil.psd1") -Force

    $testJson = @'
{
  "version": "1.0",
  "profiles": {
    "test-profile": {
      "description": "Test",
      "remoting": { "useTls": true, "port": 5986, "maxSessionsPerCA": 2 },
      "cas": [{ "fqdn": "ca01.test.local", "displayName": "CA01" }],
      "certutilView": {
        "restrict": { "search": "{DYNAMIC}" },
        "out": { "search": ["RequestID","CommonName","RequesterName"] }
      },
      "syncState": {
        "lastSync": "2026-01-01T00:00:00Z",
        "fieldNameMap": {
          "RequestID": "RequestID",
          "CommonName": "CommonName",
          "RequesterName": "RequesterName"
        }
      }
    }
  }
}
'@

    $script:TestConfigPath = [IO.Path]::GetTempFileName()
    Set-Content -Path $script:TestConfigPath -Value $testJson -Encoding UTF8
    InModuleScope Posh-Certutil -Parameters @{ ConfigPath = $script:TestConfigPath } {
        param($ConfigPath)
        $script:ConfigPath = $ConfigPath
    }

    $fakeSession = New-MockObject -Type System.Management.Automation.Runspaces.PSSession
    $emptyCsv    = @('"RequestID","CommonName","RequesterName"')
}

AfterAll {
    Remove-Item -Path $script:TestConfigPath -ErrorAction SilentlyContinue
    Remove-Module Posh-Certutil -ErrorAction SilentlyContinue
}

Describe 'Search-PWSHCertutilCerts' -Tag Unit {
    BeforeEach {
        Mock -ModuleName Posh-Certutil Get-CASession      { $fakeSession }
        Mock -ModuleName Posh-Certutil Invoke-CertutilView { $emptyCsv }
    }

    It 'Uses GeneralFlags=0 as restrict when no filters are supplied' {
        Search-PWSHCertutilCerts -Profile 'test-profile' | Out-Null
        Should -Invoke -ModuleName Posh-Certutil Invoke-CertutilView `
            -ParameterFilter { $Restrict -eq 'GeneralFlags=0' } -Times 1
    }

    It 'Includes Disposition=20 for -Type Issued' {
        Search-PWSHCertutilCerts -Profile 'test-profile' -Type Issued | Out-Null
        Should -Invoke -ModuleName Posh-Certutil Invoke-CertutilView `
            -ParameterFilter { $Restrict -like '*Disposition=20*' } -Times 1
    }

    It 'Includes Disposition=21 for -Type Revoked' {
        Search-PWSHCertutilCerts -Profile 'test-profile' -Type Revoked | Out-Null
        Should -Invoke -ModuleName Posh-Certutil Invoke-CertutilView `
            -ParameterFilter { $Restrict -like '*Disposition=21*' } -Times 1
    }

    It 'Joins multiple -Requester values with pipe (OR)' {
        Search-PWSHCertutilCerts -Profile 'test-profile' -Requester 'CORP\user1','CORP\user2' | Out-Null
        Should -Invoke -ModuleName Posh-Certutil Invoke-CertutilView `
            -ParameterFilter { $Restrict -like '*RequesterName=CORP\user1|RequesterName=CORP\user2*' } -Times 1
    }

    It 'Includes both Disposition and Subject filters when both are specified' {
        Search-PWSHCertutilCerts -Profile 'test-profile' -Type Issued -Subject 'server01' | Out-Null
        Should -Invoke -ModuleName Posh-Certutil Invoke-CertutilView `
            -ParameterFilter { $Restrict -like '*Disposition=20*' -and $Restrict -like '*CommonName=server01*' } -Times 1
    }

    It 'Formats -NotAfter as MM/dd/yyyy in restrict' {
        $date = [datetime]'2025-12-31'
        Search-PWSHCertutilCerts -Profile 'test-profile' -NotAfter $date | Out-Null
        Should -Invoke -ModuleName Posh-Certutil Invoke-CertutilView `
            -ParameterFilter { $Restrict -like '*NotAfter<=12/31/2025*' } -Times 1
    }
}