From a36b53c1a541120ba5112dd81198830987799f1c Mon Sep 17 00:00:00 2001 From: pinguinfuss Date: Thu, 6 Oct 2022 21:07:23 +0200 Subject: [PATCH] Write a error message if we cannot locate the CredentialStoreItem in the Store. Fix string quotation --- src/Item/Set-CredentialStoreItem.ps1 | 50 +++++++++++++++++++++------- 1 file changed, 38 insertions(+), 12 deletions(-) diff --git a/src/Item/Set-CredentialStoreItem.ps1 b/src/Item/Set-CredentialStoreItem.ps1 index 5a821a7..553853b 100644 --- a/src/Item/Set-CredentialStoreItem.ps1 +++ b/src/Item/Set-CredentialStoreItem.ps1 @@ -13,7 +13,7 @@ function Set-CredentialStoreItem { Specify the host you for which you would like to change the credentials. .PARAMETER Identifier - Defaults to "". Specify a string, which separates two CredentialStoreItems for the + Defaults to ''. Specify a string, which separates two CredentialStoreItems for the same hostname. .PARAMETER Shared @@ -30,10 +30,10 @@ function Set-CredentialStoreItem { [None] .EXAMPLE - Set-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local" + Set-CredentialStoreItem -Path 'C:\TMP\mystore.json' -RemoteHost 'esx01.myside.local' .EXAMPLE - Set-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local" -Identifier svc + Set-CredentialStoreItem -Path 'C:\TMP\mystore.json' -RemoteHost 'esx01.myside.local' -Identifier svc #> [CmdletBinding(DefaultParameterSetName = 'Private')] @@ -65,7 +65,7 @@ function Set-CredentialStoreItem { begin { # Set the CredentialStore for private, shared or custom mode. - Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName) + Write-Debug ('ParameterSetName: {0}' -f $PSCmdlet.ParameterSetName) if ($PSCmdlet.ParameterSetName -eq 'Private') { $Path = Get-DefaultCredentialStorePath } @@ -77,32 +77,49 @@ function Set-CredentialStoreItem { } process { - # Lets do a quick test on the given CredentialStore. - if (-not(Test-CredentialStore -Shared -Path $Path)) { + # Define the default splatting. + $DefaultSplatting = @{ + Path = $Path + } + + # Check if the user passed -Shared. If he added -Shared, we'll pass it into the splatting + if ($PSCmdlet.ParameterSetName -eq 'Shared') { + $DefaultSplatting.Add('Shared', $true) + } + + # Now lets check the given CredentialStore. + if (-not(Test-CredentialStore @DefaultSplatting)) { $MessageParams = @{ - Message = 'Could not add anything into the given CredentailStore.' + Message = ('The given CredentialStore ({0}) does no exist.' -f $Path) ErrorAction = 'Stop' } Write-Error @MessageParams } # Read the file content based on the given ParameterSetName - $CSContent = Get-CredentialStore -Shared -Path $Path + $CSContent = Get-CredentialStore @DefaultSplatting + # Get a formatted current date for the last update time of the Item. $CurrentDate = Get-Date -Format 'u' - if ($Identifier -ne "") { - $CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost + # Check if the user supplied an identifier. If so, we need to mangle the CredentialName, as that's where + # the identifier is actually added. + if ($Identifier -ne '') { + $CredentialName = $RemoteHost = '{0}/{1}' -f $Identifier, $RemoteHost } else { $CredentialName = $RemoteHost } + # If the user didn't supply a CredentialObject, we need to prompt for it. if (-not($Credential)) { $Credential = Get-Credential -Message $CredentialName } - if ($Credential.UserName) { + # If the username isn't empty, we ca go ahead and update the entry. + if ($null -ne $Credential.UserName -and -not [string]::IsNullOrWhiteSpace($Credential.UserName)) { + # Check if the path to the PfxCertificate is stored in the CredentialStore. If so load the certificate. + # If not, load try loading the certificate from the Filepath of the CredentialStore. if ($null -eq $CSContent.PfxCertificate) { $Cert = Get-CSCertificate -Type $CSContent.Type -Thumbprint $CSContent.Thumbprint } @@ -110,13 +127,17 @@ function Set-CredentialStoreItem { $Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop } + # Now locate the Item. if (Get-Member -InputObject $CSContent -Name $CredentialName -MemberType Properties) { + # Get a random AES key for the entry. $RSAKey = Get-RandomAESKey $CSContent.$CredentialName.User = $Credential.UserName $ConvertParams = @{ SecureString = $Credential.Password Key = $RSAKey } + + # Now create a updated item containing the updated credentials. $CSContent.$CredentialName.Password = ConvertFrom-SecureString @ConvertParams $CSContent.$CredentialName.LastChange = $CurrentDate $CSContent.$CredentialName.EncryptedKey = [Convert]::ToBase64String( @@ -125,10 +146,15 @@ function Set-CredentialStoreItem { [System.Security.Cryptography.RSAEncryptionPadding]::Pkcs1 ) ) + + # Convert the CredentialStore back into JSON and save it to the file. ConvertTo-Json -InputObject $CSContent -Depth 5 | Out-File -FilePath $Path -Encoding utf8 } + else { + Write-Warning -Message ('Unable to locate CredentialStoreItem for {0}' -f $CredentialName) + } } - Else { + else { $MessageParams = @{ Message = 'Please Provide at least a valid user!' ErrorAction = 'Stop'