From 381d0abf7dd73796fd517e9a91829b2dea61db53 Mon Sep 17 00:00:00 2001 From: OCram85 Date: Fri, 5 Apr 2019 11:21:25 +0200 Subject: [PATCH] use new cert functions for save an lookup --- src/Item/Get-CredentialStoreItem.ps1 | 38 +--------------------------- src/Item/New-CredentialStoreItem.ps1 | 38 +--------------------------- src/Item/Set-CredentialStoreItem.ps1 | 38 +--------------------------- src/Store/New-CredentialStore.ps1 | 4 +-- 4 files changed, 5 insertions(+), 113 deletions(-) diff --git a/src/Item/Get-CredentialStoreItem.ps1 b/src/Item/Get-CredentialStoreItem.ps1 index 4494a34..5f529fa 100644 --- a/src/Item/Get-CredentialStoreItem.ps1 +++ b/src/Item/Get-CredentialStoreItem.ps1 @@ -87,43 +87,7 @@ function Get-CredentialStoreItem { $CSMembers = Get-Member -InputObject $CS # Let's first check if the given remote host exists as object property if (($CSMembers.MemberType -eq "NoteProperty") -and ($CSMembers.Name -contains $CredentialName)) { - try { - if ($null -eq $CS.PfxCertificate) { - if ($CS.Type -eq 'Private') { - $Cert = Get-CSCertificate -Thumbprint $CS.Thumbprint - } - elseif ($CS.Type -eq 'Shard') { - if (Test-CSCertificate -Thumbprint $CS.Thumbprint -StoreName My -StoreLocation LocalMachine) { - $Cert = Get-CSCertificate -Thumbprint $CS.Thumbprint -StoreName My -StoreLocation LocalMachine - } - elseif (Test-CSCertificate -Thumbprint $CS.Thumbprint -StoreName Root -StoreLocation LocalMachine) { - $Cert = Get-CSCertificate -Thumbprint $CS.Thumbprint -StoreName Root -StoreLocation LocalMachine - } - else { - $ErrorParams = @{ - ErrorAction = 'Stop' - Exception = [System.Exception]::new( - ('Could not find any certificate with thumbprint {0}' -f $CS.Thumbprint) - ) - } - Write-Error @ErrorParams - } - } - } - else { - $Cert = Get-PfxCertificate -FilePath $CS.PfxCertificate -ErrorAction Stop - } - } - catch { - $_.Exception.Message | Write-Error - $ErrorParams = @{ - ErrorAction = 'Stop' - Exception = [System.Security.Cryptography.CryptographicException]::new( - 'Could not read the given PFX certificate.' - ) - } - Write-Error @ErrorParams - } + $Cert = Get-CSCertificate -Type $CS.Type -Thumbprint $CS.Thumbprint $DecryptedKey = $Cert.PrivateKey.Decrypt( [Convert]::FromBase64String($CS.$CredentialName.EncryptedKey), [System.Security.Cryptography.RSAEncryptionPadding]::Pkcs1 diff --git a/src/Item/New-CredentialStoreItem.ps1 b/src/Item/New-CredentialStoreItem.ps1 index 14f6f4a..a52c1b9 100644 --- a/src/Item/New-CredentialStoreItem.ps1 +++ b/src/Item/New-CredentialStoreItem.ps1 @@ -116,43 +116,7 @@ function New-CredentialStoreItem { } if ($Credential.UserName) { - try { - if ($null -eq $CSContent.PfxCertificate) { - if ($CSContent.Type -eq 'Private') { - $Cert = Get-CSCertificate -Thumbprint $CSContent.Thumbprint - } - elseif ($CSContent.Type -eq 'Shard') { - if (Test-CSCertificate -Thumbprint $CSContent.Thumbprint -StoreName My -StoreLocation LocalMachine) { - $Cert = Get-CSCertificate -Thumbprint $CSContent.Thumbprint -StoreName My -StoreLocation LocalMachine - } - elseif (Test-CSCertificate -Thumbprint $CSContent.Thumbprint -StoreName Root -StoreLocation LocalMachine) { - $Cert = Get-CSCertificate -Thumbprint $CSContent.Thumbprint -StoreName Root -StoreLocation LocalMachine - } - else { - $ErrorParams = @{ - ErrorAction = 'Stop' - Exception = [System.Exception]::new( - ('Could not find any certificate with thumbprint {0}' -f $CSContent.Thumbprint) - ) - } - Write-Error @ErrorParams - } - } - } - else { - $Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop - } - } - catch { - $_.Exception.Message | Write-Error - $ErrorParams = @{ - ErrorAction = 'Stop' - Exception = [System.Security.Cryptography.CryptographicException]::new( - 'Could not read the given PFX certificate.' - ) - } - Write-Error @ErrorParams - } + $Cert = Get-CSCertificate -Type $CSContent.Type -Thumbprint $CSContent.Thumbprint if (Get-Member -InputObject $CSContent -Name $CredentialName -Membertype Properties) { $MessageParams = @{ diff --git a/src/Item/Set-CredentialStoreItem.ps1 b/src/Item/Set-CredentialStoreItem.ps1 index 0fa13d6..7df7845 100644 --- a/src/Item/Set-CredentialStoreItem.ps1 +++ b/src/Item/Set-CredentialStoreItem.ps1 @@ -102,43 +102,7 @@ function Set-CredentialStoreItem { } if ($Credential.UserName) { - try { - if ($null -eq $CSContent.PfxCertificate) { - if ($CSContent.Type -eq 'Private') { - $Cert = Get-CSCertificate -Thumbprint $CSContent.Thumbprint - } - elseif ($CSContent.Type -eq 'Shard') { - if (Test-CSCertificate -Thumbprint $CSContent.Thumbprint -StoreName My -StoreLocation LocalMachine) { - $Cert = Get-CSCertificate -Thumbprint $CSContent.Thumbprint -StoreName My -StoreLocation LocalMachine - } - elseif (Test-CSCertificate -Thumbprint $CSContent.Thumbprint -StoreName Root -StoreLocation LocalMachine) { - $Cert = Get-CSCertificate -Thumbprint $CSContent.Thumbprint -StoreName Root -StoreLocation LocalMachine - } - else { - $ErrorParams = @{ - ErrorAction = 'Stop' - Exception = [System.Exception]::new( - ('Could not find any certificate with thumbprint {0}' -f $CSContent.Thumbprint) - ) - } - Write-Error @ErrorParams - } - } - } - else { - $Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop - } - } - catch { - $_.Exception.Message | Write-Error - $ErrorParams = @{ - ErrorAction = 'Stop' - Exception = [System.Security.Cryptography.CryptographicException]::new( - 'Could not read the given PFX certificate.' - ) - } - Write-Error @ErrorParams - } + $Cert = Get-CSCertificate -Type $CSContent.Type -Thumbprint $CSContent.Thumbprint if (Get-Member -InputObject $CSContent -Name $CredentialName -Membertype Properties) { $RSAKey = Get-RandomAESKey diff --git a/src/Store/New-CredentialStore.ps1 b/src/Store/New-CredentialStore.ps1 index 8f8963a..d3b462e 100644 --- a/src/Store/New-CredentialStore.ps1 +++ b/src/Store/New-CredentialStore.ps1 @@ -141,7 +141,7 @@ function New-CredentialStore { OrganizationalUnitName = $PSCmdlet.ParameterSetName CommonName = 'PSCredentialStore' } - $CRTAttribute = New-CRTAttribute @CRTParams + $CRTAttribute = New-CSCertAttribute @CRTParams # If we are working with a ne shared store we have to create the location first. # Otherwise openssl fails with unknown path @@ -171,7 +171,7 @@ function New-CredentialStore { } try { - New-PfxCertificate @PfxParams + New-CSCertificate @PfxParams } catch { $_.Exception.Message | Write-Error