adds certificate store location

This commit is contained in:
OCram85 2019-03-27 10:56:14 +01:00
parent 5a68527061
commit 858dfde937
4 changed files with 55 additions and 11 deletions

View File

@ -87,7 +87,26 @@ function Get-CredentialStoreItem {
$CSMembers = Get-Member -InputObject $CS $CSMembers = Get-Member -InputObject $CS
# Let's first check if the given remote host exists as object property # Let's first check if the given remote host exists as object property
if (($CSMembers.MemberType -eq "NoteProperty") -and ($CSMembers.Name -contains $CredentialName)) { if (($CSMembers.MemberType -eq "NoteProperty") -and ($CSMembers.Name -contains $CredentialName)) {
$Cert = Get-PfxCertificate -FilePath $CS.PfXCertificate -ErrorAction Stop try {
if ($null -eq $CS.PfxCertificate) {
$Cert = Get-ChildItem -Recurse -Path 'Cert:' | Where-Object {
$_.Thumbprint -eq $CS.Thumbprint
} | Select-Object -First 1
}
else {
$Cert = Get-PfxCertificate -FilePath $CS.PfxCertificate -ErrorAction Stop
}
}
catch {
$_.Exception.Message | Write-Error
$ErrorParams = @{
ErrorAction = 'Stop'
Exception = [System.Security.Cryptography.CryptographicException]::new(
'Could not read the given PFX certificate.'
)
}
Write-Error @ErrorParams
}
$DecryptedKey = $Cert.PrivateKey.Decrypt( $DecryptedKey = $Cert.PrivateKey.Decrypt(
[Convert]::FromBase64String($CS.$CredentialName.EncryptedKey), [Convert]::FromBase64String($CS.$CredentialName.EncryptedKey),
[System.Security.Cryptography.RSAEncryptionPadding]::Pkcs1 [System.Security.Cryptography.RSAEncryptionPadding]::Pkcs1

View File

@ -117,7 +117,14 @@ function New-CredentialStoreItem {
if ($Credential.UserName) { if ($Credential.UserName) {
try { try {
$Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop if ($null -eq $CSContent.PfxCertificate) {
$Cert = Get-ChildItem -Recurse -Path 'Cert:' | Where-Object {
$_.Thumbprint -eq $CSContent.Thumbprint
} | Select-Object -First 1
}
else {
$Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop
}
} }
catch { catch {
$_.Exception.Message | Write-Error $_.Exception.Message | Write-Error

View File

@ -103,14 +103,22 @@ function Set-CredentialStoreItem {
if ($Credential.UserName) { if ($Credential.UserName) {
try { try {
$Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop if ($null -eq $CSContent.PfxCertificate) {
$Cert = Get-ChildItem -Recurse -Path 'Cert:' | Where-Object {
$_.Thumbprint -eq $CSContent.Thumbprint
} | Select-Object -First 1
}
else {
$Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop
}
} }
catch { catch {
$_.Exception.Message | Write-Error $_.Exception.Message | Write-Error
$ErrorParams = @{ $ErrorParams = @{
Message = 'Could not read the given PFX certificate.'
ErrorAction = 'Stop' ErrorAction = 'Stop'
Exception = [System.Security.Cryptography.CryptographicException]::new() Exception = [System.Security.Cryptography.CryptographicException]::new(
'Could not read the given PFX certificate.'
)
} }
Write-Error @ErrorParams Write-Error @ErrorParams
} }

View File

@ -63,15 +63,19 @@ function New-CredentialStore {
[Parameter(Mandatory = $false, ParameterSetName = "Private")] [Parameter(Mandatory = $false, ParameterSetName = "Private")]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")] [Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[switch]$Force, [Switch]$Force,
[Parameter(Mandatory = $false, ParameterSetName = "Private")] [Parameter(Mandatory = $false, ParameterSetName = "Private")]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")] [Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[switch]$PassThru, [Switch]$PassThru,
[Parameter(Mandatory = $false, ParameterSetName = "Private")] [Parameter(Mandatory = $false, ParameterSetName = "Private")]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")] [Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[Switch]$SkipPFXCertCreation [Switch]$SkipPFXCertCreation,
[Parameter(Mandatory = $false, ParameterSetName = "Private")]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[Switch]$UseCertStore
) )
begin { begin {
@ -112,8 +116,8 @@ function New-CredentialStore {
State = 'PSCredentialStore' State = 'PSCredentialStore'
City = 'PSCredentialStore' City = 'PSCredentialStore'
Organization = 'PSCredentialStore' Organization = 'PSCredentialStore'
OrganizationalUnitName = ' ' OrganizationalUnitName = $PSCmdlet.ParameterSetName
CommonName = 'PrivateStore' CommonName = 'PSCredentialStore'
} }
$CRTAttribute = New-CRTAttribute @CRTParams $CRTAttribute = New-CRTAttribute @CRTParams
@ -176,8 +180,14 @@ function New-CredentialStore {
Type = $null Type = $null
} }
if (! $SkipPFXCertCreation.IsPresent) { if (! $SkipPFXCertCreation.IsPresent) {
$ObjProperties.PfXCertificate = $PfxParams.CertName
$ObjProperties.Thumbprint = $FreshCert.Thumbprint $ObjProperties.Thumbprint = $FreshCert.Thumbprint
if (!$UseCertStore.IsPresent) {
$ObjProperties.PfxCertificate = $PfxParams.CertName
}
else {
Write-Warning -Message ("New certificate {0} created. Please import it into your certificate store manually!" -f $PfxParams.CertName)
}
} }
if ($PSCmdlet.ParameterSetName -eq "Shared") { if ($PSCmdlet.ParameterSetName -eq "Shared") {