From 36b4ee31bbe4c87f7b49096284fbc11ee3a18543 Mon Sep 17 00:00:00 2001 From: OCram85 Date: Thu, 4 Apr 2019 15:40:55 +0200 Subject: [PATCH] update cert helper functions --- src/Certificate/Get-CSCertificate.ps1 | 81 +++++++++++++++++ .../Import-CSCertificate.ps1 | 49 +++++++++-- src/Certificate/Test-CSCertificate.ps1 | 86 +++++++++++++++++++ 3 files changed, 209 insertions(+), 7 deletions(-) create mode 100644 src/Certificate/Get-CSCertificate.ps1 rename src/{Private => Certificate}/Import-CSCertificate.ps1 (56%) create mode 100644 src/Certificate/Test-CSCertificate.ps1 diff --git a/src/Certificate/Get-CSCertificate.ps1 b/src/Certificate/Get-CSCertificate.ps1 new file mode 100644 index 0000000..0e2cd6e --- /dev/null +++ b/src/Certificate/Get-CSCertificate.ps1 @@ -0,0 +1,81 @@ +function Get-CSCertificate { + <# + .SYNOPSIS + Returns the certificate object given by thumbprint. + + .DESCRIPTION + You can use this function to get a stored certificate. Search for the object by its unique thumbprint. + + .PARAMETER Thumbprint + Provide one or more thumprints. + + .PARAMETER StoreName + Select the store name in which you want to search the certificates. + + .PARAMETER StoreLocation + Select between the both available locations CurrentUser odr LocalMachine. + + .INPUTS + [string] + + .OUTPUTS + [System.Security.Cryptography.X509Certificates.X509Certificate2[]] + + .EXAMPLE + Get-CSCertificate -Thumbprint '12345678' -StoreName 'My' -StoreLocation 'CurrentUser' + + .NOTES + File Name : Get-CSCertificate.ps1 + Author : Marco Blessing - marco.blessing@googlemail.com + Requires : + + .LINK + https://github.com/OCram85/PSCredentialStore + #> + [CmdletBinding()] + [OutputType([System.Security.Cryptography.X509Certificates.X509Certificate2])] + param( + [Parameter(Mandatory = $true, ValueFromPipeline = $true)] + [ValidateNotNullOrEmpty()] + [string[]]$Thumbprint, + + [Parameter(Mandatory = $false)] + [ValidateSet( + 'AddressBook', + 'AuthRoot', + 'CertificateAuthority', + 'Disallowed', + 'My', + 'Root', + 'TrustedPeople', + 'TrustedPublisher' + )] + [string]$StoreName = 'My', + + [Parameter(Mandatory = $false)] + [ValidateSet( + 'CurrentUser', + 'LocalMachine' + )] + [string]$StoreLocation = 'CurrentUser' + ) + + begin { + $Store = [System.Security.Cryptography.X509Certificates.X509Store]::New($StoreName, $StoreLocation) + try { + $Store.Open('ReadOnly') + } + catch { + $_.Exception.Message | Write-Error -ErrorAction Stop + } + } + + process { + foreach ($Thumb in $Thumbprint) { + Write-Output $Store.Certificates | Where-Object { $_.Thumbprint -eq $Thumb } + } + } + end { + $Store.Close() + } +} diff --git a/src/Private/Import-CSCertificate.ps1 b/src/Certificate/Import-CSCertificate.ps1 similarity index 56% rename from src/Private/Import-CSCertificate.ps1 rename to src/Certificate/Import-CSCertificate.ps1 index bd15035..0274a88 100644 --- a/src/Private/Import-CSCertificate.ps1 +++ b/src/Certificate/Import-CSCertificate.ps1 @@ -12,7 +12,7 @@ function Import-CSCertificate { Path to an existing *.pfx certificate file. .PARAMETER StoreName - Additionally you change change the store where you want the certificate into + Additionally you change change the store where you want the certificate into. .INPUTS [None] @@ -39,7 +39,6 @@ function Import-CSCertificate { [string]$Path, [Parameter(Mandatory = $false)] - [ValidateNotNullOrEmpty()] [ValidateSet( 'AddressBook', 'AuthRoot', @@ -50,16 +49,52 @@ function Import-CSCertificate { 'TrustedPeople', 'TrustedPublisher' )] - [string]$StoreName = 'My' + [string]$StoreName = 'My', + + [Parameter(Mandatory = $false)] + [ValidateSet( + 'CurrentUser', + 'LocalMachine' + )] + [string]$StoreLocation = 'CurrentUser', + + [Parameter(Mandatory = $false)] + [ValidateSet( + 'ReadOnly', + 'ReadWrite', + 'MaxAllowed', + 'OpenExistingOnly', + 'InclueArchived' + )] + [string]$OpenFlags = 'ReadWrite' ) begin { - $Store = [System.Security.Cryptography.X509Certificates.X509Store]::new('My') - $Store.Open('ReadWrite') + $Store = [System.Security.Cryptography.X509Certificates.X509Store]::new($StoreName, $StoreLocation) + try { + $Store.Open($OpenFlags) + } + catch { + $_.Exception.Message | Write-Error -ErrorAction Stop + } } process { try { - $cert = Get-PfxCertificate -FilePath $Path -ErrorAction Stop - $Store.Add($cert) + $cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new() + $cert.Import( + $Path, + $null, + ( + [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable -bor + [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet + ) + ) + + if (Test-CSCertificate -Thumbprint $cert.Thumbprint) { + Write-Warning -Message ('The certificate with thumbprint {0} is already present!' -f $cert.Thumbprint) + } + else { + $Store.Add($cert) + } } catch { $_.Exception.Message | Write-Error diff --git a/src/Certificate/Test-CSCertificate.ps1 b/src/Certificate/Test-CSCertificate.ps1 new file mode 100644 index 0000000..eef6f28 --- /dev/null +++ b/src/Certificate/Test-CSCertificate.ps1 @@ -0,0 +1,86 @@ +function Test-CSCertificate { + <# + .SYNOPSIS + Tests if the given certificate exists in a store. + + .DESCRIPTION + Use this function to ensure if a certificate is already imported into a given store. + + .PARAMETER Thumbprint + Provide one or more thumprints. + + .PARAMETER StoreName + Select the store name in which you want to search the certificates. + + .PARAMETER StoreLocation + Select between the both available locations CurrentUser odr LocalMachine. + + .INPUTS + [None] + + .OUTPUTS + [bool] + + .EXAMPLE + Test-CSCertificate -Thumbprint '12345678' -StoreName 'My' -StoreLocation 'CurrentUser' + + .NOTES + File Name : Test-CSCertificate.ps1 + Author : Marco Blessing - marco.blessing@googlemail.com + Requires : + + .LINK + https://github.com/OCram85/PSCredentialStore + #> + [CmdletBinding()] + [OutputType([bool])] + param( + [Parameter(Mandatory = $true, ValueFromPipeline = $true)] + [ValidateNotNullOrEmpty()] + [string]$Thumbprint, + + [Parameter(Mandatory = $false)] + [ValidateSet( + 'AddressBook', + 'AuthRoot', + 'CertificateAuthority', + 'Disallowed', + 'My', + 'Root', + 'TrustedPeople', + 'TrustedPublisher' + )] + [string]$StoreName = 'My', + + [Parameter(Mandatory = $false)] + [ValidateSet( + 'CurrentUser', + 'LocalMachine' + )] + [string]$StoreLocation = 'CurrentUser' + ) + + begin { + $Store = [System.Security.Cryptography.X509Certificates.X509Store]::New($StoreName, $StoreLocation) + try { + $Store.Open('ReadOnly') + } + catch { + $_.Exception.Message | Write-Error -ErrorAction Stop + } + } + + process { + $Cert = $Store.Certificates | Where-Object { $_.Thumbprint -eq $Thumb } + + if ($null -eq $Cert) { + return $false + } + else { + return $true + } + } + end { + $Store.Close() + } +}