Hard-code DuoNic addresses into Server certificates. (#2583)

2022-03-30 09:47:21 -07:00 · 2022-03-30 09:47:21 -07:00 · c1352ff47b
--- a/.azure/azure-pipelines.ci.yml
+++ b/.azure/azure-pipelines.ci.yml
@ -612,8 +612,8 @@ stages:
      logProfile: Full.Light
      extraArtifactDir: '_Xdp'
      extraPrepareArgs: -InstallDuoNic -InstallXdpDriver
-      # TODO: reenable these testcases: *RebindAddr*:*RebindPort*:*Unreachable*:*DrillInitialPacket*:*WithHandshakeArgs*:CredValidation.ConnectValidServerCertificate
-      extraTestArgs: -DuoNic -Filter -*ValidateConfiguration:*ValidAlpnLengths:*ResumeRejection*:*ClientCertificate*:*LoadBalanced*:*Tcp*:*RebindAddr*:*RebindPort*:*Unreachable*:*DrillInitialPacket*:*WithHandshakeArgs*:CredValidation.ConnectValidServerCertificate -ExtraArtifactDir Xdp
+      # TODO: reenable these testcases: *RebindAddr*:*RebindPort*:*Unreachable*:*DrillInitialPacket*:*WithHandshakeArgs*
+      extraTestArgs: -DuoNic -Filter -*ValidateConfiguration:*ValidAlpnLengths:*ResumeRejection*:*ClientCertificate*:*LoadBalanced*:*Tcp*:*RebindAddr*:*RebindPort*:*Unreachable*:*DrillInitialPacket*:*WithHandshakeArgs* -ExtraArtifactDir Xdp
  - template: ./templates/run-bvt.yml
    parameters:
      image: windows-2019
--- a/scripts/prepare-machine.ps1
+++ b/scripts/prepare-machine.ps1
@ -335,6 +335,7 @@ function Install-SigningCertificate {
 # Creates and installs certificates used for testing.
 function Install-TestCertificates {
    if (!$IsWindows -or !(Win-SupportsCerts)) { return } # Windows only
+    $DnsNames = $env:computername,"localhost","127.0.0.1","::1","192.168.1.11","192.168.1.12","fc00::1:11","fc00::1:12"
    $NewRoot = $false
    Write-Host "Searching for MsQuicTestRoot certificate..."
    $RootCert = Get-ChildItem -path Cert:\LocalMachine\Root\* -Recurse | Where-Object {$_.Subject -eq "CN=MsQuicTestRoot"}
@ -355,7 +356,7 @@ function Install-TestCertificates {
    $ServerCert = Get-ChildItem -path Cert:\LocalMachine\My\* -Recurse | Where-Object {$_.Subject -eq "CN=MsQuicTestServer"}
    if (!$ServerCert) {
        Write-Host "MsQuicTestServer not found! Creating new MsQuicTestServer certificate..."
-        $ServerCert = New-SelfSignedCertificate -Subject "CN=MsQuicTestServer" -DnsName $env:computername,localhost,"127.0.0.1","::1" -FriendlyName MsQuicTestServer -KeyUsageProperty Sign -KeyUsage DigitalSignature -CertStoreLocation cert:\CurrentUser\My -HashAlgorithm SHA256 -Provider "Microsoft Software Key Storage Provider" -KeyExportPolicy Exportable -KeyAlgorithm ECDSA_nistP256 -CurveExport CurveName -NotAfter(Get-Date).AddYears(5) -TextExtension @("2.5.29.19 = {text}","2.5.29.37 = {text}1.3.6.1.5.5.7.3.1") -Signer $RootCert
+        $ServerCert = New-SelfSignedCertificate -Subject "CN=MsQuicTestServer" -DnsName $DnsNames -FriendlyName MsQuicTestServer -KeyUsageProperty Sign -KeyUsage DigitalSignature -CertStoreLocation cert:\CurrentUser\My -HashAlgorithm SHA256 -Provider "Microsoft Software Key Storage Provider" -KeyExportPolicy Exportable -KeyAlgorithm ECDSA_nistP256 -CurveExport CurveName -NotAfter(Get-Date).AddYears(5) -TextExtension @("2.5.29.19 = {text}","2.5.29.37 = {text}1.3.6.1.5.5.7.3.1") -Signer $RootCert
        $TempServerPath = Join-Path $Env:TEMP "MsQuicTestServerCert.pfx"
        Export-PfxCertificate -Cert $ServerCert -Password $PfxPassword -FilePath $TempServerPath
        Import-PfxCertificate -FilePath $TempServerPath -Password $PfxPassword -Exportable -CertStoreLocation Cert:\LocalMachine\My
@ -369,7 +370,7 @@ function Install-TestCertificates {
    $ExpiredServerCert = Get-ChildItem -path Cert:\LocalMachine\My\* -Recurse | Where-Object {$_.Subject -eq "CN=MsQuicTestExpiredServer"}
    if (!$ExpiredServerCert) {
        Write-Host "MsQuicTestExpiredServer not found! Creating new MsQuicTestExpiredServer certificate..."
-        $ExpiredServerCert = New-SelfSignedCertificate -Subject "CN=MsQuicTestExpiredServer" -DnsName $env:computername,localhost,"127.0.0.1","::1" -FriendlyName MsQuicTestExpiredServer -KeyUsageProperty Sign -KeyUsage DigitalSignature -CertStoreLocation cert:\CurrentUser\My -HashAlgorithm SHA256 -Provider "Microsoft Software Key Storage Provider" -KeyExportPolicy Exportable -KeyAlgorithm ECDSA_nistP256 -CurveExport CurveName -NotBefore (Get-Date).AddYears(-2) -NotAfter(Get-Date).AddYears(-1) -TextExtension @("2.5.29.19 = {text}","2.5.29.37 = {text}1.3.6.1.5.5.7.3.1") -Signer $RootCert
+        $ExpiredServerCert = New-SelfSignedCertificate -Subject "CN=MsQuicTestExpiredServer" -DnsName $DnsNames -FriendlyName MsQuicTestExpiredServer -KeyUsageProperty Sign -KeyUsage DigitalSignature -CertStoreLocation cert:\CurrentUser\My -HashAlgorithm SHA256 -Provider "Microsoft Software Key Storage Provider" -KeyExportPolicy Exportable -KeyAlgorithm ECDSA_nistP256 -CurveExport CurveName -NotBefore (Get-Date).AddYears(-2) -NotAfter(Get-Date).AddYears(-1) -TextExtension @("2.5.29.19 = {text}","2.5.29.37 = {text}1.3.6.1.5.5.7.3.1") -Signer $RootCert
        $TempExpiredServerPath = Join-Path $Env:TEMP "MsQuicTestExpiredServerCert.pfx"
        Export-PfxCertificate -Cert $ExpiredServerCert -Password $PfxPassword -FilePath $TempExpiredServerPath
        Import-PfxCertificate -FilePath $TempExpiredServerPath -Password $PfxPassword -Exportable -CertStoreLocation Cert:\LocalMachine\My