From 858dfde93734c8a2e145ee8d1099408468f4056f Mon Sep 17 00:00:00 2001 From: OCram85 Date: Wed, 27 Mar 2019 10:56:14 +0100 Subject: [PATCH] adds certificate store location --- src/Item/Get-CredentialStoreItem.ps1 | 21 ++++++++++++++++++++- src/Item/New-CredentialStoreItem.ps1 | 9 ++++++++- src/Item/Set-CredentialStoreItem.ps1 | 14 +++++++++++--- src/Store/New-CredentialStore.ps1 | 22 ++++++++++++++++------ 4 files changed, 55 insertions(+), 11 deletions(-) diff --git a/src/Item/Get-CredentialStoreItem.ps1 b/src/Item/Get-CredentialStoreItem.ps1 index dda05b2..c20bdb9 100644 --- a/src/Item/Get-CredentialStoreItem.ps1 +++ b/src/Item/Get-CredentialStoreItem.ps1 @@ -87,7 +87,26 @@ function Get-CredentialStoreItem { $CSMembers = Get-Member -InputObject $CS # Let's first check if the given remote host exists as object property if (($CSMembers.MemberType -eq "NoteProperty") -and ($CSMembers.Name -contains $CredentialName)) { - $Cert = Get-PfxCertificate -FilePath $CS.PfXCertificate -ErrorAction Stop + try { + if ($null -eq $CS.PfxCertificate) { + $Cert = Get-ChildItem -Recurse -Path 'Cert:' | Where-Object { + $_.Thumbprint -eq $CS.Thumbprint + } | Select-Object -First 1 + } + else { + $Cert = Get-PfxCertificate -FilePath $CS.PfxCertificate -ErrorAction Stop + } + } + catch { + $_.Exception.Message | Write-Error + $ErrorParams = @{ + ErrorAction = 'Stop' + Exception = [System.Security.Cryptography.CryptographicException]::new( + 'Could not read the given PFX certificate.' + ) + } + Write-Error @ErrorParams + } $DecryptedKey = $Cert.PrivateKey.Decrypt( [Convert]::FromBase64String($CS.$CredentialName.EncryptedKey), [System.Security.Cryptography.RSAEncryptionPadding]::Pkcs1 diff --git a/src/Item/New-CredentialStoreItem.ps1 b/src/Item/New-CredentialStoreItem.ps1 index 56d23c5..5cd5c01 100644 --- a/src/Item/New-CredentialStoreItem.ps1 +++ b/src/Item/New-CredentialStoreItem.ps1 @@ -117,7 +117,14 @@ function New-CredentialStoreItem { if ($Credential.UserName) { try { - $Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop + if ($null -eq $CSContent.PfxCertificate) { + $Cert = Get-ChildItem -Recurse -Path 'Cert:' | Where-Object { + $_.Thumbprint -eq $CSContent.Thumbprint + } | Select-Object -First 1 + } + else { + $Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop + } } catch { $_.Exception.Message | Write-Error diff --git a/src/Item/Set-CredentialStoreItem.ps1 b/src/Item/Set-CredentialStoreItem.ps1 index 9b3418e..a340e93 100644 --- a/src/Item/Set-CredentialStoreItem.ps1 +++ b/src/Item/Set-CredentialStoreItem.ps1 @@ -103,14 +103,22 @@ function Set-CredentialStoreItem { if ($Credential.UserName) { try { - $Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop + if ($null -eq $CSContent.PfxCertificate) { + $Cert = Get-ChildItem -Recurse -Path 'Cert:' | Where-Object { + $_.Thumbprint -eq $CSContent.Thumbprint + } | Select-Object -First 1 + } + else { + $Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop + } } catch { $_.Exception.Message | Write-Error $ErrorParams = @{ - Message = 'Could not read the given PFX certificate.' ErrorAction = 'Stop' - Exception = [System.Security.Cryptography.CryptographicException]::new() + Exception = [System.Security.Cryptography.CryptographicException]::new( + 'Could not read the given PFX certificate.' + ) } Write-Error @ErrorParams } diff --git a/src/Store/New-CredentialStore.ps1 b/src/Store/New-CredentialStore.ps1 index 9eb773e..bcd7864 100644 --- a/src/Store/New-CredentialStore.ps1 +++ b/src/Store/New-CredentialStore.ps1 @@ -63,15 +63,19 @@ function New-CredentialStore { [Parameter(Mandatory = $false, ParameterSetName = "Private")] [Parameter(Mandatory = $false, ParameterSetName = "Shared")] - [switch]$Force, + [Switch]$Force, [Parameter(Mandatory = $false, ParameterSetName = "Private")] [Parameter(Mandatory = $false, ParameterSetName = "Shared")] - [switch]$PassThru, + [Switch]$PassThru, [Parameter(Mandatory = $false, ParameterSetName = "Private")] [Parameter(Mandatory = $false, ParameterSetName = "Shared")] - [Switch]$SkipPFXCertCreation + [Switch]$SkipPFXCertCreation, + + [Parameter(Mandatory = $false, ParameterSetName = "Private")] + [Parameter(Mandatory = $false, ParameterSetName = "Shared")] + [Switch]$UseCertStore ) begin { @@ -112,8 +116,8 @@ function New-CredentialStore { State = 'PSCredentialStore' City = 'PSCredentialStore' Organization = 'PSCredentialStore' - OrganizationalUnitName = ' ' - CommonName = 'PrivateStore' + OrganizationalUnitName = $PSCmdlet.ParameterSetName + CommonName = 'PSCredentialStore' } $CRTAttribute = New-CRTAttribute @CRTParams @@ -176,8 +180,14 @@ function New-CredentialStore { Type = $null } if (! $SkipPFXCertCreation.IsPresent) { - $ObjProperties.PfXCertificate = $PfxParams.CertName $ObjProperties.Thumbprint = $FreshCert.Thumbprint + + if (!$UseCertStore.IsPresent) { + $ObjProperties.PfxCertificate = $PfxParams.CertName + } + else { + Write-Warning -Message ("New certificate {0} created. Please import it into your certificate store manually!" -f $PfxParams.CertName) + } } if ($PSCmdlet.ParameterSetName -eq "Shared") {