PSCredentialStore/src/Store/New-CredentialStore.ps1

248 lines
9.3 KiB
PowerShell
Raw Normal View History

function New-CredentialStore {
<#
.SYNOPSIS
Creates a new credential store File
.DESCRIPTION
You need to run this script first to create a new credential store before you try to
save new credentials with New-CredentialStoreItem.
.PARAMETER Path
Define a location for the new shared CredentialStore. The default store will be created in
$Env:ProgramData\PSCredentialStore dir.
.PARAMETER Shared
Creates a CredentialStore in the Shared mode. This enables you to read the CredentialStore Items on
different systems or profiles. In addition you can optionally provide a custom path wit the -Path parameter.
.PARAMETER Force
Use this switch to reset an existing store. The complete content will be wiped.
.PARAMETER SkipPFXCertCreation
You can skip the pfx certificate creation process. This makes sense if you have a previously created cert
or want to import a cert in cross-platform environments.
.Parameter UseCertStore
Instead of using a plain pfx file beside your CredentialStore file you can import it into the user or
machine certificate store. In this case the system itself secures the cert and you don't hat to set custom
NTFS permissions so secure your shared certificate.
.INPUTS
[None]
.OUTPUTS
['PSCredentialStore.Store'] Returns the recently created CredentialStore object if the -PassThru parameter
was given.
.EXAMPLE
New-CredentialStore
# Creates a new private CredentialStore
.EXAMPLE
New-CredentialStore -Force
# Resets an existing private CredentialStore
.EXAMPLE
New-CredentialStore -Shared
# Creates a new shared CredentialStore
.EXAMPLE
New-CredentialStore -Shared -Path "C:\TMP\CredentialStore.json"
# Creates a new shared CredentialStore in the given location.
#>
[CmdletBinding(SupportsShouldProcess = $true, DefaultParameterSetName = 'Private')]
[OutputType('PSCredentialStore.Store')]
param (
[Parameter(Mandatory = $true, ParameterSetName = 'Shared')]
[switch]$Shared,
[Parameter(Mandatory = $false, ParameterSetName = 'Shared')]
[ValidateNotNullOrEmpty()]
[System.IO.FileInfo]$Path,
[Parameter(Mandatory = $false, ParameterSetName = 'Private')]
[Parameter(Mandatory = $false, ParameterSetName = 'Shared')]
[switch]$Force,
[Parameter(Mandatory = $false, ParameterSetName = 'Private')]
[Parameter(Mandatory = $false, ParameterSetName = 'Shared')]
[switch]$PassThru,
[Parameter(Mandatory = $false, ParameterSetName = 'Private')]
[Parameter(Mandatory = $false, ParameterSetName = 'Shared')]
[switch]$SkipPFXCertCreation,
[Parameter(Mandatory = $false, ParameterSetName = 'Private')]
[Parameter(Mandatory = $false, ParameterSetName = 'Shared')]
[switch]$UseCertStore
)
begin {
# Lets get the current Date in a human readable format.
$CurrentDate = Get-Date -Format 'u'
# test if the path input is a valid file path
if ($PSCmdlet.MyInvocation.BoundParameters.ContainsKey('Path')) {
if ($Path.Attributes -contains 'Directory') {
$ErrorParams = @{
ErrorAction = 'Stop'
Exception = [System.IO.InvalidDataException]::new(
'Please provide a full path containing the ' +
'credential store file name with the .json extension!'
)
}
Write-Error @ErrorParams
}
elseif ( ($null -eq $Path.Extension) -or ($Path.Extension -ne '.json')) {
$ErrorParams = @{
ErrorAction = 'Stop'
Exception = [System.IO.InvalidDataException]::new(
'Your provided path does not contain the required file extension .json!'
)
}
Write-Error @ErrorParams
}
}
}
process {
# Set the CredentialStore for private, shared or custom mode.
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName)
if ($PSCmdlet.ParameterSetName -eq 'Private') {
$Path = Get-DefaultCredentialStorePath
}
elseif ($PSCmdlet.ParameterSetName -eq 'Shared') {
if (!($PSBoundParameters.ContainsKey('Path'))) {
$Path = Get-DefaultCredentialStorePath -Shared
}
}
# Test if in the CredentialStore already exists.
Write-Verbose 'Test if there is already a credential store.'
if ((Test-Path -Path $Path) -and ($Force -ne $true)) {
$ErrorParams = @{
ErrorAction = 'Stop'
Exception = [System.InvalidOperationException]::new(
'The given file already exists. Use the -Force switch to override the existing store.'
)
}
Write-Error @ErrorParams
}
if (! $SkipPFXCertCreation.IsPresent) {
$CRTParams = @{
Country = 'DE'
State = 'PSCredentialStore'
City = 'PSCredentialStore'
Organization = 'PSCredentialStore'
OrganizationalUnitName = $PSCmdlet.ParameterSetName
CommonName = 'PSCredentialStore'
}
$CRTAttribute = New-CSCertAttribute @CRTParams
# If we are working with a ne shared store we have to create the location first.
# Otherwise openssl fails with unknown path
$StoreHome = Split-Path -Path $Path -Parent
if (! (Test-Path -Path $StoreHome)) {
New-Item -ItemType Directory -Path $StoreHome -ErrorAction Stop
}
$PfxParams = @{
CRTAttribute = $CRTAttribute
KeyName = Join-Path -Path $StoreHome -ChildPath 'private.key'
CertName = Join-Path -Path $StoreHome -ChildPath 'PSCredentialStore.pfx'
ErrorAction = 'Stop'
Confirm = $false
}
# test if there is already a cert
if ((Test-Path $PfxParams.CertName) -and (! $Force.IsPresent)) {
$ErrorParams = @{
Exception = [System.IO.InvalidDataException]::new(
'There is already a PfxCertificate for a private CredentialStore!'
)
ErrorAction = 'Stop'
}
Write-Error @ErrorParams
}
try {
New-CSCertificate @PfxParams
}
catch {
$_.Exception.Message | Write-Error
$ErrorParams = @{
ErrorAction = 'Stop'
Exception = [System.Exception]::new(
'Could not create the private PfXCertificate!'
)
}
Write-Error @ErrorParams
}
try {
$FreshCert = Get-PfxCertificate -FilePath $PfxParams.CertName -ErrorAction Stop
}
catch [System.Management.Automation.ItemNotFoundException] {
$_.Exception.Message | Write-Error
Write-Error -Message 'Could not read the new PfxCertificate.' -ErrorAction Stop
}
}
# We need to use the IDictionary to keep the property sorting in the object.
$ObjProperties = [ordered]@{
PSTypeName = 'PSCredentialStore.Store'
Version = $CSVersion
Created = $CurrentDate
PfxCertificate = $null
Thumbprint = $null
Type = $null
}
if ($PSCmdlet.ParameterSetName -eq 'Shared') {
$ObjProperties.Type = 'Shared'
}
else {
$ObjProperties.Type = 'Private'
}
if (! $SkipPFXCertCreation.IsPresent) {
$ObjProperties.Thumbprint = $FreshCert.Thumbprint
if ($UseCertStore.IsPresent) {
Write-Verbose 'Importing new PFX certificate file...'
Import-CSCertificate -Type $ObjProperties.Type -Path $PfxParams.CertName
}
else {
$ObjProperties.PfxCertificate = $PfxParams.CertName
}
}
$CredentialStoreObj = [PSCustomObject]$ObjProperties
try {
$JSON = ConvertTo-Json -InputObject $CredentialStoreObj -ErrorAction Stop
$JSON | Out-File -FilePath $Path -ErrorAction Stop -Force
}
catch {
$_.Exception.Message | Write-Error
$ErrorParams = @{
ErrorAction = 'Stop'
Exception = [System.IO.IOException]::new(
'Unable to convert or write the CredentialStore'
)
}
Write-Error @ErrorParams
}
if ($PassThru.IsPresent) {
return $CredentialStoreObj
}
}
end {}
}