PowerShell 6 Core Support (#35)
## About This pull request reflects all changes done in the `linuxsupport` branch. ## Content - Enable PowerShell 6 Core support - Use PFX Certificate for encryption ( fixes #32 ) - Updates CI / CD pipeline ( fixes #31 ) - uses portable libressl ( fixes #34 ) - adds `-PassThru` switch for returning current `VIServer` session in `Connect-To` ( fixes #34 ) - adds git lfs for embedded libressl files - restructured internal functions into `Private` dir - added certificate related functions - adds travis build pipeline for tests
This commit is contained in:
100
src/Certificate/New-CRTAttribute.ps1
Normal file
100
src/Certificate/New-CRTAttribute.ps1
Normal file
@ -0,0 +1,100 @@
|
||||
function New-CRTAttribute {
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Create required data for a certificate signing request.
|
||||
|
||||
.DESCRIPTION
|
||||
Defines the certificate related properties for an upcoming New-PfxCertificate execution.
|
||||
|
||||
.PARAMETER Country
|
||||
Provide a two letter country code.
|
||||
|
||||
.PARAMETER State
|
||||
Certificate state value.
|
||||
|
||||
.PARAMETER City
|
||||
Certificate city value.
|
||||
|
||||
.PARAMETER Organization
|
||||
Certificate organization value.
|
||||
|
||||
.PARAMETER OrganizationalUnitName
|
||||
Certificate OrganizationalUnitName value.
|
||||
|
||||
.PARAMETER CommonName
|
||||
The certificate common name.
|
||||
|
||||
.PARAMETER CSRSubject
|
||||
you can provide the needed certificate properties with in one hashtable. This hashtable has to contain the
|
||||
following keys: 'Country', 'State', 'City', 'Organization', 'OrganizationalUnitName', 'CommonName'.
|
||||
|
||||
.INPUTS
|
||||
[None]
|
||||
|
||||
.OUTPUTS
|
||||
['PSCredentialStore.Certificate.CSRDetails']
|
||||
|
||||
.EXAMPLE
|
||||
New-CRTAttribute -CSRSubject @{Country = 'DE'; State = 'BW'; City = 'Karlsruhe'; Organization = 'AwesomeIT'; OrganizationalUnitName = '';CommonName = 'MyPrivateCert'}
|
||||
|
||||
.NOTES
|
||||
File Name : New-CSRDetails.ps1
|
||||
Author : Marco Blessing - marco.blessing@googlemail.com
|
||||
Requires :
|
||||
|
||||
.LINK
|
||||
https://github.com/OCram85/PSCredentialStore
|
||||
#>
|
||||
[CmdletBinding()]
|
||||
[OutputType('PSCredentialStore.Certificate.Attribute')]
|
||||
param(
|
||||
[Parameter(Mandatory = $true)]
|
||||
[ValidateLength(2, 2)]
|
||||
[ValidateNotNull()]
|
||||
[string]$Country,
|
||||
|
||||
[Parameter(Mandatory = $true)]
|
||||
[ValidateNotNull()]
|
||||
[string]$State,
|
||||
|
||||
[Parameter(Mandatory = $true)]
|
||||
[ValidateNotNull()]
|
||||
[string]$City,
|
||||
|
||||
[Parameter(Mandatory = $true)]
|
||||
[ValidateNotNull()]
|
||||
[string]$Organization,
|
||||
|
||||
[Parameter(Mandatory = $true)]
|
||||
[ValidateNotNull()]
|
||||
[string]$OrganizationalUnitName,
|
||||
|
||||
[Parameter(Mandatory = $true)]
|
||||
[ValidateNotNull()]
|
||||
[string]$CommonName,
|
||||
|
||||
[Parameter(Mandatory = $false)]
|
||||
[ValidateNotNull()]
|
||||
[int]$Days = 365
|
||||
)
|
||||
begin {
|
||||
|
||||
}
|
||||
process {
|
||||
return [PSCustomObject]@{
|
||||
PSTypeName = 'PSCredentialStore.Certificate.Attribute'
|
||||
Subject = [PSCustomObject]@{
|
||||
PSTypeName = 'PSCredentialStore.Certificate.Attribute.Subject'
|
||||
Country = $Country
|
||||
State = $State
|
||||
City = $City
|
||||
Organization = $Organization
|
||||
OrganizationalUnitName = $OrganizationalUnitName
|
||||
CommonName = $CommonName
|
||||
}
|
||||
Days = $Days
|
||||
}
|
||||
}
|
||||
end {
|
||||
}
|
||||
}
|
142
src/Certificate/New-PfxCertificate.ps1
Normal file
142
src/Certificate/New-PfxCertificate.ps1
Normal file
@ -0,0 +1,142 @@
|
||||
function New-PfxCertificate {
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Creates new PFX certificate for the CredentialStore encryption.
|
||||
|
||||
.DESCRIPTION
|
||||
Use this function to create a custom self signed certificate used by the PSCredentialStore module.
|
||||
|
||||
.PARAMETER CRTAttribute
|
||||
Provide certificate related attributes provided by function New-CRTAttribute.
|
||||
|
||||
.PARAMETER KeyName
|
||||
Provide a custom full path and name for the private key. The file extension has to be `*.key`.
|
||||
|
||||
.PARAMETER CertName
|
||||
Provide a custom full path and name for the PFX certificate file. The file extension has to be `*.pfx`
|
||||
|
||||
.INPUTS
|
||||
[PSCredentialStore.Certificate.Attribute]
|
||||
|
||||
.OUTPUTS
|
||||
[None]
|
||||
|
||||
.EXAMPLE
|
||||
New-PfxCertificate -CRTAttribute $CRTAttribute -KeyName './myprivate.key' -CertName './mycert.pfx'
|
||||
|
||||
.NOTES
|
||||
File Name : New-PfxCertificate.ps1
|
||||
Author : Marco Blessing - marco.blessing@googlemail.com
|
||||
Requires :
|
||||
|
||||
.LINK
|
||||
https://github.com/OCram85/PSCredentialStore
|
||||
#>
|
||||
[CmdletBinding(SupportsShouldProcess = $true)]
|
||||
[OutputType()]
|
||||
param(
|
||||
[Parameter(Mandatory = $true, ValueFromPipeline = $true)]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[PSTypeName('PSCredentialStore.Certificate.Attribute')]$CRTAttribute,
|
||||
|
||||
[Parameter(Mandatory = $false)]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$KeyName = './private.key',
|
||||
|
||||
[Parameter(Mandatory = $false)]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$CertName = './certificate.pfx'
|
||||
)
|
||||
|
||||
begin {
|
||||
$ModuleBase = Get-ModuleBase
|
||||
if ($isLinux -or $isMacOS) {
|
||||
try {
|
||||
$openssl = Get-Command -Name 'openssl' -ErrorAction Stop
|
||||
}
|
||||
catch {
|
||||
$_.Exception.Message | Write-Error
|
||||
$ErrorParams = @{
|
||||
Message = 'Can not find the openssl binary!'
|
||||
ErrorAction = 'Stop'
|
||||
Exception = [System.IO.FileNotFoundException]::new()
|
||||
}
|
||||
Write-Error @ErrorParams
|
||||
}
|
||||
}
|
||||
elseif (($PSVersionTable.PSEdition -eq 'Desktop' -and $PSVersionTable.PSVersion.Major -lt 6) -or ($IsWindows -eq $true)) {
|
||||
$openssl = Join-Path -Path $ModuleBase -ChildPath '/Vendor/libressl255/openssl.exe'
|
||||
}
|
||||
|
||||
$Env:OPENSSL_CONF = Join-Path $ModuleBase -ChildPath '/openssl.conf'
|
||||
}
|
||||
process {
|
||||
$SubjPattern = "/C={0}/ST={1}/L={2}/O={3}/OU={4}/CN={5}"
|
||||
$SubjValues = @(
|
||||
$CRTAttribute.Subject.Country,
|
||||
$CRTAttribute.Subject.State,
|
||||
$CRTAttribute.Subject.City,
|
||||
$CRTAttribute.Subject.Organization,
|
||||
$CRTAttribute.Subject.OrganizationalUnitName,
|
||||
$CRTAttribute.Subject.CommonName
|
||||
)
|
||||
$Subj = $SubjPattern -f $SubjValues
|
||||
|
||||
$PEMCertName = $CertName -replace '.pfx', '.crt'
|
||||
$ExpPattern = '& ''{0}'' req -x509 -sha256 -nodes -days {1} -newkey rsa:2048 -keyout {2} -out {3} -subj "{4}" *>$null'
|
||||
$ExpValues = @(
|
||||
$openssl,
|
||||
$CRTAttribute.Days
|
||||
$KeyName,
|
||||
$PEMCertName,
|
||||
$Subj
|
||||
)
|
||||
$PEMExp = $ExpPattern -f $ExpValues
|
||||
|
||||
Write-Verbose -Message ( 'Expr string is: {0}' -f $PEMExp)
|
||||
|
||||
# Edit the Error action for the openSLL command to make the redirect *>$null work.
|
||||
# There is always a stderr and stdout stream!
|
||||
$EAP = $ErrorActionPreference
|
||||
$ErrorActionPreference = 'Continue'
|
||||
Invoke-Expression -Command $PEMExp
|
||||
$ErrorActionPreference = $EAP
|
||||
|
||||
# manually testing the openssl command results
|
||||
|
||||
if (! (Test-Path -Path $KeyName)) {
|
||||
$ErrorParams = @{
|
||||
Message = 'Could not create the private key ${0}' -f $KeyName
|
||||
ErrorAction = 'Stop'
|
||||
Exception = [System.UnauthorizedAccessException]::new()
|
||||
}
|
||||
Write-Error @ErrorParams
|
||||
}
|
||||
if (! (Test-Path -Path $PEMCertName)) {
|
||||
$ErrorParams = @{
|
||||
Message = 'Could not create the PEM certificate ${0}' -f $PEMCertName
|
||||
ErrorAction = 'Stop'
|
||||
Exception = [System.Exception]::new()
|
||||
}
|
||||
Write-Error @ErrorParams
|
||||
}
|
||||
|
||||
$PfxPattern = '& ''{0}'' pkcs12 -export -out {1} -inkey {2} -in {3} -passout pass:'
|
||||
$PfxValues = @(
|
||||
$openssl,
|
||||
$CertName,
|
||||
$KeyName,
|
||||
($CertName -replace '.pfx', '.crt')
|
||||
)
|
||||
$PfxExp = $PfxPattern -f $PfxValues
|
||||
Write-Verbose -Message ( 'PfxExp string is: {0}' -f $PfxExp)
|
||||
Invoke-Expression -Command $PfxExp
|
||||
|
||||
# Remove private key and crt file. Always ask user
|
||||
Remove-Item -Path $KeyName
|
||||
Remove-Item -Path ($CertName -replace '.pfx', '.crt')
|
||||
}
|
||||
end {
|
||||
Remove-Item Env:\OPENSSL_CONF -Confirm:$False -Force -ErrorAction SilentlyContinue
|
||||
}
|
||||
}
|
102
src/Certificate/Use-PfxCertificate.ps1
Normal file
102
src/Certificate/Use-PfxCertificate.ps1
Normal file
@ -0,0 +1,102 @@
|
||||
function Use-PfxCertificate {
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Links an existing PFX Certifiacte to a CredentialStore.
|
||||
|
||||
.DESCRIPTION
|
||||
Linking a certificate is needed if you plan to use the same CredentialStore in cross platform scenarios.
|
||||
|
||||
.PARAMETER Path
|
||||
Specify the path to the PFX Certificate you want to link for usage.
|
||||
|
||||
.INPUTS
|
||||
[None]
|
||||
|
||||
.OUTPUTS
|
||||
[None]
|
||||
|
||||
.EXAMPLE
|
||||
|
||||
|
||||
.NOTES
|
||||
File Name : Use-PfxCertificate.ps1
|
||||
Author : Marco Blessing - marco.blessing@googlemail.com
|
||||
Requires :
|
||||
|
||||
.LINK
|
||||
https://github.com/OCram85/PSCredentialStore
|
||||
#>
|
||||
[CmdletBinding(DefaultParameterSetName = "Private")]
|
||||
[OutputType()]
|
||||
[System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingPlainTextForPassword", "")]
|
||||
param(
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Private")]
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$Path,
|
||||
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$CredentialStore,
|
||||
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
|
||||
[switch]$Shared
|
||||
)
|
||||
begin {}
|
||||
|
||||
process {
|
||||
try {
|
||||
# We need to resolve the path to make sure it has the correct platform specific syntax.
|
||||
# And it should also exist.
|
||||
$validPath = Resolve-Path -Path $Path -ErrorAction Stop
|
||||
$PfxCertificate = Get-PfxCertificate -FilePath $validPath -ErrorAction Stop
|
||||
}
|
||||
catch {
|
||||
$_.Exception.Error | Write-Error
|
||||
$ErrorParams = @{
|
||||
Message = 'The given PFX certificate does not exist!'
|
||||
ErrorAction = 'Stop'
|
||||
}
|
||||
Write-Error @ErrorParams
|
||||
}
|
||||
|
||||
try {
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$StorePath = Get-DefaultCredentialStorePath
|
||||
$CS = Get-CredentialStore
|
||||
}
|
||||
elseif ($PSCmdlet.ParameterSetName -eq "Shared" ) {
|
||||
if (!($PSBoundParameters.ContainsKey('CredentialStore'))) {
|
||||
$StorePath = Get-DefaultCredentialStorePath -Shared
|
||||
$CS = Get-CredentialStore -Shared
|
||||
}
|
||||
else {
|
||||
$StorePath = $CredentialStore
|
||||
$CS = Get-CredentialStore -Shared -Path $CredentialStore
|
||||
}
|
||||
}
|
||||
}
|
||||
catch {
|
||||
$_.Exception.Error | Write-Error
|
||||
$ErrorParams = @{
|
||||
Message = 'The given CredentialStore does not exist!'
|
||||
ErrorAction = 'Stop'
|
||||
}
|
||||
Write-Error @ErrorParams
|
||||
}
|
||||
|
||||
# Lets first check if the thumbprint matches
|
||||
if (($CS.Thumbprint -notmatch $PfxCertificate.Thumbprint) -and ($CS.Thumbprint.Length -ne 0)) {
|
||||
Write-Warning @"
|
||||
You are trying to map an unknown certificate.
|
||||
Make sure you used the same AES keys for encrypting!
|
||||
"@
|
||||
}
|
||||
|
||||
$CS.PfxCertificate = $validPath.Path
|
||||
$CS.Thumbprint = $PfxCertificate.Thumbprint
|
||||
$CS | ConvertTo-Json -Depth 5 | Out-File -FilePath $StorePath -Force -Encoding utf8
|
||||
}
|
||||
|
||||
end {}
|
||||
}
|
@ -1,45 +0,0 @@
|
||||
function Get-ChallengeFile {
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Reads the challenge file as binary content.
|
||||
|
||||
.DESCRIPTION
|
||||
Use this function to tread a challenge file. Returns a [Byte[]] Array.
|
||||
|
||||
.PARAMETER Path
|
||||
Specify a file to read.
|
||||
|
||||
.INPUTS
|
||||
[None]
|
||||
|
||||
.OUTPUTS
|
||||
[Byte[]]
|
||||
|
||||
.EXAMPLE
|
||||
.\Get-RandomKey -Path "C:\TMP\Challenge.bin"
|
||||
|
||||
.NOTES
|
||||
```
|
||||
File Name : Get-ChallengeFile.ps1
|
||||
Author : Marco Blessing - marco.blessing@googlemail.com
|
||||
Requires :
|
||||
```
|
||||
.LINK
|
||||
https://github.com/OCram85/PSCredentialStore
|
||||
#>
|
||||
|
||||
[CmdletBinding()]
|
||||
param(
|
||||
[Parameter(Mandatory = $false)]
|
||||
[string]$Path = "{0}\PSCredentialStore\Challenge.bin" -f $env:ProgramData
|
||||
)
|
||||
|
||||
if (Test-Path $Path) {
|
||||
try {
|
||||
[io.file]::ReadAllBytes($Path)
|
||||
}
|
||||
catch {
|
||||
Write-Error ("Could not read file {0}." -f $Path) -ErrorAction Stop
|
||||
}
|
||||
}
|
||||
}
|
@ -1,72 +0,0 @@
|
||||
Function Set-ChallengeFile() {
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Writes the given key into the challenge file
|
||||
|
||||
.DESCRIPTION
|
||||
You can use the file content for ConvertTo-SecureString operations.
|
||||
|
||||
.PARAMETER Path
|
||||
The file you wish to create.
|
||||
|
||||
.PARAMETER KeySize
|
||||
Specify the key size for the encryption key.
|
||||
|
||||
.PARAMETER Force
|
||||
Use this switch to override an older file version.
|
||||
|
||||
.INPUTS
|
||||
[None]
|
||||
|
||||
.OUTPUTS
|
||||
[None]
|
||||
|
||||
.EXAMPLE
|
||||
.\Set-ChallengeFile -Path "C:\TMP\myfile.json" -Force
|
||||
|
||||
.NOTES
|
||||
File Name : Set-ChallengeFile.ps1
|
||||
Author : Marco Blessing - marco.blessing@googlemail.com
|
||||
Requires :
|
||||
|
||||
.LINK
|
||||
https://github.com/OCram85/PSCredentialStore
|
||||
#>
|
||||
|
||||
[CmdletBinding()]
|
||||
param(
|
||||
[Parameter(Mandatory = $false)]
|
||||
[string]$Path = "{0}\PSCredentialStore\Challenge.bin" -f $env:ProgramData,
|
||||
|
||||
[Parameter(Mandatory = $false)]
|
||||
[ValidateSet(16, 24, 32)]
|
||||
[string]$KeySize = "24",
|
||||
|
||||
[switch]$Force
|
||||
)
|
||||
|
||||
if ((Test-Path -Path $Path)) {
|
||||
if ($Force -eq $true) {
|
||||
Remove-Item -Path $Path -Confirm:$false -Force
|
||||
}
|
||||
else {
|
||||
Write-Error "The given file already exists!. Use the -Force switch to override it." -ErrorAction Stop
|
||||
}
|
||||
}
|
||||
$PSCredentialStoreDataDir = Split-Path -Path $Path -Parent
|
||||
if (-not (Test-Path $PSCredentialStoreDataDir)) {
|
||||
try {
|
||||
New-Item -ItemType Directory -Path $PSCredentialStoreDataDir
|
||||
}
|
||||
catch {
|
||||
Write-Error ("Could not create the parent data dir {0}" -f $PSCredentialDataDir) -ErrorAction Stop
|
||||
}
|
||||
}
|
||||
try {
|
||||
$Keys = Get-RandomKey -Size $KeySize
|
||||
[io.file]::WriteAllBytes($Path, $Keys)
|
||||
}
|
||||
catch {
|
||||
$_.Exception | Format-List -Force | Out-String | Write-Error -ErrorAction Stop
|
||||
}
|
||||
}
|
@ -1,48 +0,0 @@
|
||||
function Test-ChallengeFile {
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Simple path check for challenge file needed by the CredentialStores.
|
||||
|
||||
.DESCRIPTION
|
||||
This is supposed to be a internal function to check the existence for a challenge file.
|
||||
|
||||
.PARAMETER Path
|
||||
Specify the path to the challenge file.
|
||||
|
||||
.INPUTS
|
||||
[None]
|
||||
|
||||
.OUTPUTS
|
||||
[Bool].
|
||||
|
||||
.EXAMPLE
|
||||
If (Test-ChallengeFile) {
|
||||
Write-Host "The file exists."
|
||||
}
|
||||
Else {
|
||||
Write-Warning "Couldn't find the given file!"
|
||||
}
|
||||
|
||||
.NOTES
|
||||
File Name : Test-ChallengeFile.ps1
|
||||
Author : Marco Blessing - marco.blessing@googlemail.com
|
||||
Requires :
|
||||
|
||||
.LINK
|
||||
https://github.com/OCram85/PSCredentialStore
|
||||
#>
|
||||
|
||||
[CmdletBinding()]
|
||||
param(
|
||||
[Parameter(Mandatory = $false)]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[String]$Path = "{0}\PSCredentialStore\Challenge.bin" -f $env:ProgramData
|
||||
)
|
||||
|
||||
if (Test-Path $Path) {
|
||||
$true
|
||||
}
|
||||
else {
|
||||
$false
|
||||
}
|
||||
}
|
@ -93,15 +93,30 @@ function Connect-To {
|
||||
[Parameter(Mandatory = $False, ParameterSetName = "Private")]
|
||||
[PSCredential]$Credentials,
|
||||
|
||||
[Parameter(Mandatory = $true, ParameterSetNAme = "Shared")]
|
||||
[switch]$Shared,
|
||||
|
||||
[Parameter(Mandatory = $False, ParameterSetName = "Shared")]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
|
||||
[string]$Path,
|
||||
|
||||
[Parameter(Mandatory = $false, ParameterSetNAme = "Shared")]
|
||||
[switch]$Shared
|
||||
[Parameter(Mandatory = $False, ParameterSetName = "Private")]
|
||||
[Parameter(Mandatory = $False, ParameterSetName = "Shared")]
|
||||
[switch]$PassThru
|
||||
)
|
||||
|
||||
begin {
|
||||
# Set the CredentialStore for private, shared or custom mode.
|
||||
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName)
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = Get-DefaultCredentialStorePath
|
||||
}
|
||||
elseif ($PSCmdlet.ParameterSetName -eq "Shared") {
|
||||
if (!($PSBoundParameters.ContainsKey('Path'))) {
|
||||
$Path = Get-DefaultCredentialStorePath -Shared
|
||||
}
|
||||
}
|
||||
|
||||
# First check the optional modules
|
||||
if (-not (Resolve-Dependency -Name $Type)) {
|
||||
Write-Error -Message ("Could not resolve the optional dependencies defined for {0}" -f $Type) -ErrorAction 'Stop'
|
||||
@ -118,10 +133,6 @@ function Connect-To {
|
||||
}
|
||||
|
||||
process {
|
||||
# Set the correct CredentialStore Path depending on the used ParameterSetName
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = "{0}\CredentialStore.json" -f $env:APPDATA
|
||||
}
|
||||
if (-not ($Credentials)) {
|
||||
# Load the credential from the CredentialStore. If the credential doesn't exist, we need to
|
||||
# return 1, so a calling if statement can handle the failure detection.
|
||||
@ -131,16 +142,16 @@ function Connect-To {
|
||||
try {
|
||||
if ($Identifier -ne "") {
|
||||
$RemoteHostIdentifier = "{0}/{1}" -f $Identifier, $RemoteHost
|
||||
$creds = Get-CredentialStoreItem -RemoteHost $RemoteHostIdentifier -Path $Path
|
||||
$creds = Get-CredentialStoreItem -Shared -RemoteHost $RemoteHostIdentifier -Path $Path
|
||||
}
|
||||
else {
|
||||
$creds = Get-CredentialStoreItem -RemoteHost $RemoteHost -Path $Path
|
||||
$creds = Get-CredentialStoreItem -Shared -RemoteHost $RemoteHost -Path $Path
|
||||
}
|
||||
}
|
||||
|
||||
catch {
|
||||
$MessageParams = @{
|
||||
Message = "Unable to look up credential store item for RemoteHost {0}/Identifier {1}!" -f $RemoteHost, $Identifier
|
||||
Message = "Unable to look up credential store item for RemoteHost {0}/Identifier {1}!" -f $RemoteHost, $Identifier
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
@ -152,7 +163,7 @@ function Connect-To {
|
||||
|
||||
if ($creds.UserName -eq "" -or $creds.Password.GetType().Name -ne "SecureString") {
|
||||
$MessageParams = @{
|
||||
Message = "Please provide valid credentials for RemoteHost {0}!" -f $RemoteHost
|
||||
Message = "Please provide valid credentials for RemoteHost {0}!" -f $RemoteHost
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
@ -167,7 +178,7 @@ function Connect-To {
|
||||
|
||||
catch {
|
||||
$MessageParams = @{
|
||||
Message = "Unable to connect to {0} using Type {1}." -f $RemoteHost, $Type
|
||||
Message = "Unable to connect to {0} using Type {1}." -f $RemoteHost, $Type
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
@ -177,9 +188,9 @@ function Connect-To {
|
||||
# First establish the FTP session
|
||||
$WinSCPConParams = @{
|
||||
Credential = $creds
|
||||
Hostname = $RemoteHost
|
||||
Protocol = 'Ftp'
|
||||
FtpMode = 'Passive'
|
||||
Hostname = $RemoteHost
|
||||
Protocol = 'Ftp'
|
||||
FtpMode = 'Passive'
|
||||
}
|
||||
try {
|
||||
$FTPSessionOption = New-WinSCPSessionOption @WinSCPConParams
|
||||
@ -192,7 +203,7 @@ function Connect-To {
|
||||
if (!($WinSCPSession.Opened)) {
|
||||
# Check the connection state and find out if the session is still open.
|
||||
$MessageParams = @{
|
||||
Message = "Connection to {0} using Type {1} was established. But now it seems to be lost!" -f $RemoteHost, $Type
|
||||
Message = "Connection to {0} using Type {1} was established. But now it seems to be lost!" -f $RemoteHost, $Type
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
@ -206,7 +217,7 @@ function Connect-To {
|
||||
catch {
|
||||
# Write a error message to the log.
|
||||
$MessageParams = @{
|
||||
Message = "Unable to connect to {0} using Type {1}." -f $RemoteHost, $Type
|
||||
Message = "Unable to connect to {0} using Type {1}." -f $RemoteHost, $Type
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
@ -220,7 +231,7 @@ function Connect-To {
|
||||
catch {
|
||||
# Write a error message to the log.
|
||||
$MessageParams = @{
|
||||
Message = "Unable to connect to {0} using Type {1}." -f $RemoteHost, $Type
|
||||
Message = "Unable to connect to {0} using Type {1}." -f $RemoteHost, $Type
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
@ -228,13 +239,19 @@ function Connect-To {
|
||||
}
|
||||
"CisServer" {
|
||||
try {
|
||||
Connect-CisServer -Server $RemoteHost -Credential $creds -ErrorAction Stop | Out-Null
|
||||
if ($PassThru.IsPresent) {
|
||||
Connect-CisServer -Server $RemoteHost -Credential $creds -ErrorAction Stop
|
||||
}
|
||||
else {
|
||||
Connect-CisServer -Server $RemoteHost -Credential $creds -ErrorAction Stop | Out-Null
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
catch {
|
||||
# Write a error message to the log.
|
||||
$MessageParams = @{
|
||||
Message = "Unable to connect to {0} using Type {1}." -f $RemoteHost, $Type
|
||||
Message = "Unable to connect to {0} using Type {1}." -f $RemoteHost, $Type
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
@ -243,17 +260,17 @@ function Connect-To {
|
||||
"ExchangeHTTP" {
|
||||
try {
|
||||
$ConnectionParams = @{
|
||||
ConnectionURI = "http://{0}/powershell" -f $RemoteHost
|
||||
ConnectionURI = "http://{0}/powershell" -f $RemoteHost
|
||||
ConfigurationName = 'Microsoft.Exchange'
|
||||
Credential = $creds
|
||||
ErrorAction = 'Stop'
|
||||
Credential = $creds
|
||||
ErrorAction = 'Stop'
|
||||
}
|
||||
$Global:PSExchangeRemote = New-PSSession @ConnectionParams
|
||||
}
|
||||
catch {
|
||||
# Write a error message to the log.
|
||||
$MessageParams = @{
|
||||
Message = "Unable to connect to {0} using Type {1}." -f $RemoteHost, $Type
|
||||
Message = "Unable to connect to {0} using Type {1}." -f $RemoteHost, $Type
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
@ -262,17 +279,17 @@ function Connect-To {
|
||||
"ExchangeHTTPS" {
|
||||
try {
|
||||
$ConnectionParams = @{
|
||||
ConnectionURI = "https://{0}/powershell" -f $RemoteHost
|
||||
ConnectionURI = "https://{0}/powershell" -f $RemoteHost
|
||||
ConfigurationName = 'Microsoft.Exchange'
|
||||
Credential = $creds
|
||||
ErrorAction = 'Stop'
|
||||
Credential = $creds
|
||||
ErrorAction = 'Stop'
|
||||
}
|
||||
$Global:PSExchangeRemote = New-PSSession @ConnectionParams
|
||||
}
|
||||
catch {
|
||||
# Write a error message to the log.
|
||||
$MessageParams = @{
|
||||
Message = "Unable to connect to {0} using Type {1}." -f $RemoteHost, $Type
|
||||
Message = "Unable to connect to {0} using Type {1}." -f $RemoteHost, $Type
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
@ -280,9 +297,9 @@ function Connect-To {
|
||||
}
|
||||
"SCP" {
|
||||
$WinSCPSessionParams = @{
|
||||
Credential = $creds
|
||||
Hostname = $RemoteHost
|
||||
Protocol = 'Scp'
|
||||
Credential = $creds
|
||||
Hostname = $RemoteHost
|
||||
Protocol = 'Scp'
|
||||
GiveUpSecurityAndAcceptAnySshHostKey = $True
|
||||
}
|
||||
try {
|
||||
@ -293,7 +310,7 @@ function Connect-To {
|
||||
catch {
|
||||
# Write a error message to the log.
|
||||
$MessageParams = @{
|
||||
Message = "Unable to connect to {0} using Type {1}." -f $RemoteHost, $Type
|
||||
Message = "Unable to connect to {0} using Type {1}." -f $RemoteHost, $Type
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
@ -302,7 +319,7 @@ function Connect-To {
|
||||
if (!($WinSCPSession.Opened)) {
|
||||
# Check the connection state and find out if the session is still open.
|
||||
$MessageParams = @{
|
||||
Message = "Connection to {0} using Type {1} was established. But now it seems to be lost!" -f $RemoteHost, $Type
|
||||
Message = "Connection to {0} using Type {1} was established. But now it seems to be lost!" -f $RemoteHost, $Type
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
@ -311,7 +328,7 @@ function Connect-To {
|
||||
default {
|
||||
# Write a error message to the log.
|
||||
$MessageParams = @{
|
||||
Message = "Unable to connect to {0} using Type {1}." -f $RemoteHost, $Type
|
||||
Message = "Unable to connect to {0} using Type {1}." -f $RemoteHost, $Type
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
|
@ -1,50 +0,0 @@
|
||||
function Get-RandomKey {
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Returns a random key
|
||||
|
||||
.DESCRIPTION
|
||||
You can use the key for further use with SecureStrings.
|
||||
|
||||
.PARAMETER Size
|
||||
Define the key size. You can choose between 16, 24 and 32
|
||||
|
||||
.INPUTS
|
||||
[None]
|
||||
|
||||
.OUTPUTS
|
||||
Returns a Random key as [Byte[]] array.
|
||||
|
||||
.EXAMPLE
|
||||
.\Get-RandomKey -Size 24
|
||||
|
||||
.NOTES
|
||||
```
|
||||
File Name : Get-RandomKey.ps1
|
||||
Author : Marco Blessing - marco.blessing@googlemail.com
|
||||
Requires :
|
||||
```
|
||||
|
||||
.LINK
|
||||
https://github.com/OCram85/PSCredentialStore
|
||||
#>
|
||||
|
||||
[CmdletBinding()]
|
||||
param(
|
||||
[Parameter(Mandatory = $true)]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[ValidateSet(16, 24, 32)]
|
||||
[string]$size
|
||||
)
|
||||
# Init the vars
|
||||
[Byte[]]$Key = @()
|
||||
$i = 0
|
||||
|
||||
while ($i -ne $size) {
|
||||
$element = Get-Random -Minimum 0 -Maximum 255
|
||||
Write-Debug ("The current element is {0}." -f $element)
|
||||
$Key += $element
|
||||
$i++
|
||||
}
|
||||
$Key
|
||||
}
|
@ -41,11 +41,8 @@ function Get-CredentialStoreItem {
|
||||
#>
|
||||
|
||||
[CmdletBinding(DefaultParameterSetName = "Private")]
|
||||
[OutputType([System.Management.Automation.PSCredential])]
|
||||
[OutputType([PSCredential])]
|
||||
param(
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
|
||||
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Private")]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
@ -56,55 +53,72 @@ function Get-CredentialStoreItem {
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$Identifier,
|
||||
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
|
||||
[switch]$Shared,
|
||||
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[switch]$Shared
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$Path
|
||||
)
|
||||
|
||||
# First set a constand path for private CredentialStore mode.
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = "{0}\CredentialStore.json" -f $env:APPDATA
|
||||
begin {
|
||||
# Set the CredentialStore for private, shared or custom mode.
|
||||
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName)
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = Get-DefaultCredentialStorePath
|
||||
}
|
||||
elseif ($PSCmdlet.ParameterSetName -eq "Shared") {
|
||||
if (!($PSBoundParameters.ContainsKey('Path'))) {
|
||||
$Path = Get-DefaultCredentialStorePath -Shared
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($Identifier -ne "") {
|
||||
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
|
||||
}
|
||||
else {
|
||||
$CredentialName = $RemoteHost
|
||||
}
|
||||
process {
|
||||
if ($Identifier -ne "") {
|
||||
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
|
||||
}
|
||||
else {
|
||||
$CredentialName = $RemoteHost
|
||||
}
|
||||
|
||||
if (Test-CredentialStore -Path $Path) {
|
||||
$CS = Get-CredentialStore -Path $Path
|
||||
$CSMembers = Get-Member -InputObject $CS
|
||||
# Let`s first check if the given remote host exists as object property
|
||||
if (($CSMembers.MemberType -eq "NoteProperty") -and ($CSMembers.Name -eq $CredentialName)) {
|
||||
if ($CS.Type -eq "Private") {
|
||||
$CSItem = [ordered]@{
|
||||
User = $CS.$CredentialName.User
|
||||
Password = ConvertTo-SecureString -String $CS.$CredentialName.Password
|
||||
if (Test-CredentialStore -Shared -Path $Path) {
|
||||
$CS = Get-CredentialStore -Shared -Path $Path
|
||||
$CSMembers = Get-Member -InputObject $CS
|
||||
# Let's first check if the given remote host exists as object property
|
||||
if (($CSMembers.MemberType -eq "NoteProperty") -and ($CSMembers.Name -contains $CredentialName)) {
|
||||
$Cert = Get-PfxCertificate -FilePath $CS.PfXCertificate -ErrorAction Stop
|
||||
$DecryptedKey = $Cert.PrivateKey.Decrypt(
|
||||
[Convert]::FromBase64String($CS.$CredentialName.EncryptedKey),
|
||||
[System.Security.Cryptography.RSAEncryptionPadding]::Pkcs1
|
||||
)
|
||||
|
||||
if (! $ExpandOutput.isPresent) {
|
||||
[PSCredential]::new(
|
||||
$CS.$CredentialName.User,
|
||||
($CS.$CredentialName.Password | ConvertTo-SecureString -Key $DecryptedKey)
|
||||
)
|
||||
}
|
||||
}
|
||||
else {
|
||||
$Key = Get-ChallengeFile
|
||||
$CSItem = [ordered]@{
|
||||
User = $CS.$CredentialName.User
|
||||
Password = ConvertTo-SecureString -String $CS.$CredentialName.Password -Key $Key
|
||||
$MsgParams = @{
|
||||
ErrorAction = "Stop"
|
||||
Message = "Could not find credentials for the given remote host: {0}" -f $RemoteHost
|
||||
}
|
||||
Write-Error @MsgParams
|
||||
}
|
||||
New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $CSItem.User, $CSItem.Password
|
||||
}
|
||||
else {
|
||||
$MsgParams = @{
|
||||
ErrorAction = "Stop"
|
||||
Message = "Could not find credentials for the given remote host: {0}" -f $RemoteHost
|
||||
Message = "The given credential store ({0}) does not exist!" -f $Path
|
||||
}
|
||||
Write-Error @MsgParams
|
||||
}
|
||||
}
|
||||
else {
|
||||
$MsgParams = @{
|
||||
ErrorAction = "Stop"
|
||||
Message = "The given credential store ({0}) does not exist!" -f $Path
|
||||
}
|
||||
Write-Error @MsgParams
|
||||
|
||||
end {
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -42,9 +42,6 @@ function New-CredentialStoreItem {
|
||||
|
||||
[CmdletBinding(DefaultParameterSetName = "Private")]
|
||||
param(
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
|
||||
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Private")]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
@ -59,78 +56,120 @@ function New-CredentialStoreItem {
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[PSCredential]$Credential,
|
||||
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
|
||||
[switch]$Shared,
|
||||
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[switch]$Shared
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$Path
|
||||
|
||||
|
||||
)
|
||||
|
||||
# First set a constand path for private CredentialStore mode.
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = "{0}\CredentialStore.json" -f $env:APPDATA
|
||||
}
|
||||
|
||||
# Lets do a quick test on the given CredentialStore.
|
||||
if (-not(Test-CredentialStore -Path $Path)) {
|
||||
$MessageParams = @{
|
||||
Message = "Could not add anything into the given CredentailStore."
|
||||
ErrorAction = "Stop"
|
||||
begin {
|
||||
# Set the CredentialStore for private, shared or custom mode.
|
||||
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName)
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = Get-DefaultCredentialStorePath
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
}
|
||||
|
||||
# Read the file content based on the given ParameterSetName
|
||||
$CSContent = Get-CredentialStore -Path $Path
|
||||
|
||||
$CurrentDate = Get-Date -UFormat "%Y-%m-%d %H:%M:%S"
|
||||
|
||||
if ($Identifier -ne "") {
|
||||
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
|
||||
}
|
||||
else {
|
||||
$CredentialName = $RemoteHost
|
||||
}
|
||||
|
||||
if (-not($Credential)) {
|
||||
$Credential = Get-Credential -Message $CredentialName
|
||||
}
|
||||
|
||||
if ($Credential.UserName) {
|
||||
if ($CSContent.Type -eq "Shared") {
|
||||
$Key = Get-ChallengeFile
|
||||
$encypted = ConvertFrom-SecureString -SecureString $Credential.Password -Key $Key
|
||||
elseif ($PSCmdlet.ParameterSetName -eq "Shared") {
|
||||
if (!($PSBoundParameters.ContainsKey('Path'))) {
|
||||
$Path = Get-DefaultCredentialStorePath -Shared
|
||||
}
|
||||
}
|
||||
else {
|
||||
$encypted = ConvertFrom-SecureString -SecureString $Credential.Password
|
||||
}
|
||||
if (Get-Member -InputObject $CSContent -Name $CredentialName -Membertype Properties) {
|
||||
}
|
||||
|
||||
process {
|
||||
# Lets do a quick test on the given CredentialStore.
|
||||
if (-not(Test-CredentialStore -Shared -Path $Path)) {
|
||||
$MessageParams = @{
|
||||
Message = "The given host already exists. Nothing to do here."
|
||||
Exception = [System.IO.FileNotFoundException]::new(
|
||||
'Could not add anything into the given CredentialStore.'
|
||||
)
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Warning @MessageParams
|
||||
Write-Error @MessageParams
|
||||
}
|
||||
|
||||
# Read the file content based on the given ParameterSetName
|
||||
<#
|
||||
if ($PSCmdlet.ParameterSetName -eq 'Private') {
|
||||
$CSContent = Get-CredentialStore
|
||||
}
|
||||
elseif ($PSCmdlet.ParameterSetName -eq 'Shared') {
|
||||
$CSContent = Get-CredentialStore -Shared -Path $Path
|
||||
}
|
||||
#>
|
||||
$CSContent = Get-CredentialStore -Shared -Path $Path
|
||||
|
||||
$CurrentDate = Get-Date -UFormat "%Y-%m-%d %H:%M:%S"
|
||||
|
||||
if ($Identifier -ne "") {
|
||||
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
|
||||
}
|
||||
else {
|
||||
$CredentialHash = [ordered]@{
|
||||
User = $Credential.UserName
|
||||
Password = $encypted
|
||||
Creation = $CurrentDate
|
||||
}
|
||||
Add-Member -InputObject $CSContent -Name $CredentialName -MemberType NoteProperty -Value $CredentialHash
|
||||
$CredentialName = $RemoteHost
|
||||
}
|
||||
|
||||
if (-not($Credential)) {
|
||||
$Credential = Get-Credential -Message $CredentialName
|
||||
}
|
||||
|
||||
if ($Credential.UserName) {
|
||||
try {
|
||||
ConvertTo-Json -InputObject $CSContent | Out-File -FilePath $Path
|
||||
$Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop
|
||||
}
|
||||
catch [System.Exception] {
|
||||
$MessageParams = @{
|
||||
Message = "Couldn't add item into credential store!"
|
||||
ErrorAction = "Stop"
|
||||
catch {
|
||||
$_.Exception.Message | Write-Error
|
||||
$ErrorParams = @{
|
||||
ErrorAction = 'Stop'
|
||||
Exception = [System.Security.Cryptography.CryptographicException]::new(
|
||||
'Could not read the given PFX certificate.'
|
||||
)
|
||||
}
|
||||
Write-Error @ErrorParams
|
||||
}
|
||||
|
||||
if (Get-Member -InputObject $CSContent -Name $CredentialName -Membertype Properties) {
|
||||
$MessageParams = @{
|
||||
Message = "The given host already exists. Nothing to do here."
|
||||
}
|
||||
Write-Warning @MessageParams
|
||||
}
|
||||
else {
|
||||
$RSAKey = Get-RandomAESKey
|
||||
|
||||
$CredentialHash = [ordered]@{
|
||||
User = $Credential.UserName
|
||||
Password = ConvertFrom-SecureString -SecureString $Credential.Password -Key $RSAKey
|
||||
Created = $CurrentDate
|
||||
LastChange = $null
|
||||
EncryptedKey = [Convert]::ToBase64String($Cert.PublicKey.Key.Encrypt($RSAKey, [System.Security.Cryptography.RSAEncryptionPadding]::Pkcs1))
|
||||
}
|
||||
Add-Member -InputObject $CSContent -Name $CredentialName -MemberType NoteProperty -Value $CredentialHash
|
||||
try {
|
||||
ConvertTo-Json -InputObject $CSContent | Out-File -FilePath $Path
|
||||
}
|
||||
catch {
|
||||
$MessageParams = @{
|
||||
Message = "Couldn't add item into credential store!"
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
$MessageParams = @{
|
||||
Message = "Please Provide at least a valid user!"
|
||||
ErrorAction = "Stop"
|
||||
else {
|
||||
$MessageParams = @{
|
||||
Message = "Please Provide at least a valid user!"
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
}
|
||||
|
||||
end {
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -27,8 +27,16 @@ function Remove-CredentialStoreItem {
|
||||
[None]
|
||||
|
||||
.EXAMPLE
|
||||
Remove-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local"
|
||||
Remove-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local" -Identifier svc
|
||||
Remove-CredentialStoreItem -RemoteHost "esx01.myside.local"
|
||||
|
||||
.EXAMPLE
|
||||
Remove-CredentialStoreItem -Shared -RemoteHost "esx01.myside.local"
|
||||
|
||||
.EXAMPLE
|
||||
Remove-CredentialStoreItem -Shared -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local"
|
||||
|
||||
.EXAMPLE
|
||||
Remove-CredentialStoreItem -RemoteHost "esx01.myside.local" -Identifier svc
|
||||
|
||||
.NOTES
|
||||
```
|
||||
@ -43,9 +51,6 @@ function Remove-CredentialStoreItem {
|
||||
|
||||
[CmdletBinding(DefaultParameterSetName = "Private")]
|
||||
param(
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
|
||||
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Private")]
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
|
||||
[string]$RemoteHost,
|
||||
@ -54,43 +59,62 @@ function Remove-CredentialStoreItem {
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[string]$Identifier,
|
||||
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
|
||||
[switch]$Shared,
|
||||
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[switch]$Shared
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$Path
|
||||
)
|
||||
|
||||
# First set a constand path for private CredentialStore mode.
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = "{0}\CredentialStore.json" -f $env:APPDATA
|
||||
}
|
||||
|
||||
# Lets do a quick test on the given CredentialStore.
|
||||
if (-not(Test-CredentialStore -Path $Path)) {
|
||||
$MessageParams = @{
|
||||
Message = "Could not add anything into the given CredentailStore."
|
||||
ErrorAction = "Stop"
|
||||
begin {
|
||||
# Set the CredentialStore for private, shared or custom mode.
|
||||
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName)
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = Get-DefaultCredentialStorePath
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
}
|
||||
|
||||
# Read the file content based on the given ParameterSetName
|
||||
$CSContent = Get-CredentialStore -Path $Path
|
||||
|
||||
if ($Identifier -ne "") {
|
||||
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
|
||||
}
|
||||
else {
|
||||
$CredentialName = $RemoteHost
|
||||
}
|
||||
|
||||
if (Get-Member -InputObject $CSContent -Name $CredentialName -Membertype Properties) {
|
||||
# We need to use the .NET Method because there is no easier way in PowerShell.
|
||||
$CSContent.PSObject.Properties.Remove($CredentialName)
|
||||
ConvertTo-Json -InputObject $CSContent | Out-File -FilePath $Path
|
||||
}
|
||||
else {
|
||||
$MessageParams = @{
|
||||
Message = "The given CredentailStoreItem does not exist."
|
||||
elseif ($PSCmdlet.ParameterSetName -eq "Shared") {
|
||||
if (!($PSBoundParameters.ContainsKey('Path'))) {
|
||||
$Path = Get-DefaultCredentialStorePath -Shared
|
||||
}
|
||||
}
|
||||
Write-Warning @MessageParams
|
||||
}
|
||||
|
||||
process {
|
||||
# Lets do a quick test on the given CredentialStore.
|
||||
if (-not(Test-CredentialStore -Shared -Path $Path)) {
|
||||
$MessageParams = @{
|
||||
Message = "Could not add anything into the given CredentialStore."
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
}
|
||||
|
||||
# Read the file content based on the given ParameterSetName
|
||||
$CSContent = Get-CredentialStore -Shared -Path $Path
|
||||
|
||||
if ($Identifier -ne "") {
|
||||
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
|
||||
}
|
||||
else {
|
||||
$CredentialName = $RemoteHost
|
||||
}
|
||||
|
||||
if (Get-Member -InputObject $CSContent -Name $CredentialName -Membertype NoteProperty) {
|
||||
# We need to use the .NET Method because there is no easier way in PowerShell.
|
||||
$CSContent.PSObject.Properties.Remove($CredentialName)
|
||||
ConvertTo-Json -InputObject $CSContent -Depth 5 | Out-File -FilePath $Path -Encoding utf8
|
||||
}
|
||||
else {
|
||||
$MessageParams = @{
|
||||
Message = "The given CredentialStoreItem does not exist."
|
||||
}
|
||||
Write-Warning @MessageParams
|
||||
}
|
||||
}
|
||||
|
||||
end {
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -42,9 +42,6 @@ function Set-CredentialStoreItem {
|
||||
|
||||
[CmdletBinding(DefaultParameterSetName = "Private")]
|
||||
param(
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
|
||||
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Private")]
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
|
||||
[string]$RemoteHost,
|
||||
@ -57,66 +54,91 @@ function Set-CredentialStoreItem {
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[PSCredential]$Credential,
|
||||
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
|
||||
[switch]$Shared,
|
||||
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[switch]$Shared
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$Path
|
||||
)
|
||||
|
||||
# First set a constant path for private CredentialStore mode.
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = "{0}\CredentialStore.json" -f $env:APPDATA
|
||||
}
|
||||
|
||||
# Lets do a quick test on the given CredentialStore.
|
||||
if (-not(Test-CredentialStore -Path $Path)) {
|
||||
$MessageParams = @{
|
||||
Message = "Could not add anything into the given CredentailStore."
|
||||
ErrorAction = "Stop"
|
||||
begin {
|
||||
# Set the CredentialStore for private, shared or custom mode.
|
||||
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName)
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = Get-DefaultCredentialStorePath
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
}
|
||||
|
||||
# Read the file content based on the given ParameterSetName
|
||||
$CSContent = Get-CredentialStore -Path $Path
|
||||
|
||||
$CurrentDate = Get-Date -UFormat "%Y-%m-%d %H:%M:%S"
|
||||
|
||||
if ($Identifier -ne "") {
|
||||
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
|
||||
}
|
||||
else {
|
||||
$CredentialName = $RemoteHost
|
||||
}
|
||||
|
||||
if (-not($Credential)) {
|
||||
$Credential = Get-Credential -Message $CredentialName
|
||||
}
|
||||
|
||||
if ($Credential.UserName) {
|
||||
if ($CSContent.Type -eq "Shared") {
|
||||
$Key = Get-ChallengeFile
|
||||
$encypted = ConvertFrom-SecureString -SecureString $Credential.Password -Key $Key
|
||||
}
|
||||
else {
|
||||
$encypted = ConvertFrom-SecureString -SecureString $Credential.Password
|
||||
}
|
||||
if (Get-Member -InputObject $CSContent -Name $CredentialName -Membertype Properties) {
|
||||
$CSContent.$CredentialName.User = $Credential.UserName
|
||||
$CSContent.$CredentialName.Password = $encypted
|
||||
$CSContent.$CredentialName.Creation = $CurrentDate
|
||||
ConvertTo-Json -InputObject $CSContent | Out-File -FilePath $Path
|
||||
}
|
||||
else {
|
||||
$MessageParams = @{
|
||||
Message = "The given CredentailStoreItem does not exist."
|
||||
elseif ($PSCmdlet.ParameterSetName -eq "Shared") {
|
||||
if (!($PSBoundParameters.ContainsKey('Path'))) {
|
||||
$Path = Get-DefaultCredentialStorePath -Shared
|
||||
}
|
||||
Write-Warning @MessageParams
|
||||
}
|
||||
}
|
||||
Else {
|
||||
$MessageParams = @{
|
||||
Message = "Please Provide at least a valid user!"
|
||||
ErrorAction = "Stop"
|
||||
|
||||
process {
|
||||
# Lets do a quick test on the given CredentialStore.
|
||||
if (-not(Test-CredentialStore -Shared -Path $Path)) {
|
||||
$MessageParams = @{
|
||||
Message = "Could not add anything into the given CredentailStore."
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
|
||||
# Read the file content based on the given ParameterSetName
|
||||
$CSContent = Get-CredentialStore -Shared -Path $Path
|
||||
|
||||
$CurrentDate = Get-Date -UFormat "%Y-%m-%d %H:%M:%S"
|
||||
|
||||
if ($Identifier -ne "") {
|
||||
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
|
||||
}
|
||||
else {
|
||||
$CredentialName = $RemoteHost
|
||||
}
|
||||
|
||||
if (-not($Credential)) {
|
||||
$Credential = Get-Credential -Message $CredentialName
|
||||
}
|
||||
|
||||
if ($Credential.UserName) {
|
||||
try {
|
||||
$Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop
|
||||
}
|
||||
catch {
|
||||
$_.Exception.Message | Write-Error
|
||||
$ErrorParams = @{
|
||||
Message = 'Could not read the given PFX certificate.'
|
||||
ErrorAction = 'Stop'
|
||||
Exception = [System.Security.Cryptography.CryptographicException]::new()
|
||||
}
|
||||
Write-Error @ErrorParams
|
||||
}
|
||||
|
||||
if (Get-Member -InputObject $CSContent -Name $CredentialName -Membertype Properties) {
|
||||
$RSAKey = Get-RandomAESKey
|
||||
$CSContent.$CredentialName.User = $Credential.UserName
|
||||
$CSContent.$CredentialName.Password = ConvertFrom-SecureString -SecureString $Credential.Password -Key $RSAKey
|
||||
$CSContent.$CredentialName.LastChange = $CurrentDate
|
||||
$CSContent.$CredentialName.EncryptedKey = [Convert]::ToBase64String(
|
||||
$Cert.PublicKey.Key.Encrypt(
|
||||
$RSAKey,
|
||||
[System.Security.Cryptography.RSAEncryptionPadding]::Pkcs1
|
||||
)
|
||||
)
|
||||
ConvertTo-Json -InputObject $CSContent -Depth 5 | Out-File -FilePath $Path -Encoding utf8
|
||||
}
|
||||
}
|
||||
Else {
|
||||
$MessageParams = @{
|
||||
Message = "Please Provide at least a valid user!"
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
}
|
||||
}
|
||||
|
||||
end {
|
||||
|
||||
}
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
function Test-CredentialStoreItem() {
|
||||
function Test-CredentialStoreItem {
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Checks if the given RemoteHost identifier combination exists in the credential store.
|
||||
@ -64,32 +64,48 @@ function Test-CredentialStoreItem() {
|
||||
[switch]$Shared
|
||||
)
|
||||
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = "{0}\CredentialStore.json" -f $env:APPDATA
|
||||
begin {
|
||||
# Set the CredentialStore for private, shared or custom mode.
|
||||
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName)
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = Get-DefaultCredentialStorePath
|
||||
}
|
||||
elseif ($PSCmdlet.ParameterSetName -eq "Shared") {
|
||||
if (!($PSBoundParameters.ContainsKey('Path'))) {
|
||||
$Path = Get-DefaultCredentialStorePath -Shared
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($Identifier -ne "") {
|
||||
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
|
||||
}
|
||||
else {
|
||||
$CredentialName = $RemoteHost
|
||||
}
|
||||
|
||||
if (Test-CredentialStore -Path $Path) {
|
||||
$CS = Get-CredentialStore -Path $Path
|
||||
$CSMembers = Get-Member -InputObject $CS
|
||||
if (($CSMembers.MemberType -eq "NoteProperty") -and ($CSMembers.Name -eq $CredentialName)) {
|
||||
return $true
|
||||
process {
|
||||
if ($Identifier -ne "") {
|
||||
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
|
||||
}
|
||||
else {
|
||||
return $false
|
||||
$CredentialName = $RemoteHost
|
||||
}
|
||||
|
||||
if (Test-CredentialStore -Shared -Path $Path) {
|
||||
$CS = Get-CredentialStore -Shared -Path $Path
|
||||
$CSMembers = Get-Member -InputObject $CS
|
||||
if (($CSMembers.MemberType -eq "NoteProperty") -and ($CSMembers.Name -contains $CredentialName)) {
|
||||
return $true
|
||||
}
|
||||
else {
|
||||
return $false
|
||||
}
|
||||
}
|
||||
else {
|
||||
$MsgParams = @{
|
||||
ErrorAction = "Stop"
|
||||
Message = "The given credential store ({0}) does not exist!" -f $Path
|
||||
}
|
||||
Write-Error @MsgParams
|
||||
}
|
||||
}
|
||||
else {
|
||||
$MsgParams = @{
|
||||
ErrorAction = "Stop"
|
||||
Message = "The given credential store ({0}) does not exist!" -f $Path
|
||||
}
|
||||
Write-Error @MsgParams
|
||||
|
||||
end {
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -1,45 +1,36 @@
|
||||
#
|
||||
# Module manifest for module 'PSCredentialStore'
|
||||
#
|
||||
# Generated by: OCram85
|
||||
#
|
||||
# Generated on: 27.07.2017
|
||||
#
|
||||
|
||||
@{
|
||||
|
||||
# Script module or binary module file associated with this manifest.
|
||||
RootModule = 'PSCredentialStore'
|
||||
RootModule = 'PSCredentialStore.psm1'
|
||||
|
||||
# Version number of this module.
|
||||
# Do not touch the version number. It gets replaced in the build process.
|
||||
ModuleVersion = '0.0.0.9999'
|
||||
ModuleVersion = '0.0.9999'
|
||||
|
||||
# Supported PSEditions
|
||||
# CompatiblePSEditions = @()
|
||||
CompatiblePSEditions = 'Desktop', 'Core'
|
||||
|
||||
# ID used to uniquely identify this module
|
||||
GUID = '6800e192-9df8-4e30-b253-eb2c799bbe84'
|
||||
GUID = '6800e192-9df8-4e30-b253-eb2c799bbe84'
|
||||
|
||||
# Author of this module
|
||||
Author = 'OCram85'
|
||||
Author = 'OCram85'
|
||||
|
||||
# Company or vendor of this module
|
||||
CompanyName = ''
|
||||
CompanyName = ''
|
||||
|
||||
# Copyright statement for this module
|
||||
Copyright = '(c) 2017 OCram85. All rights reserved.'
|
||||
Copyright = '(c) 2019 OCram85. All rights reserved.'
|
||||
|
||||
# Description of the functionality provided by this module
|
||||
Description = 'A simple credential manager to store and reuse multiple credential objects.'
|
||||
Description = 'A simple credential manager to store and reuse multiple credential objects.'
|
||||
|
||||
# Minimum version of the Windows PowerShell engine required by this module
|
||||
PowerShellVersion = '4.0'
|
||||
# Minimum version of the PowerShell engine required by this module
|
||||
PowerShellVersion = '5.1'
|
||||
|
||||
# Name of the Windows PowerShell host required by this module
|
||||
# Name of the PowerShell host required by this module
|
||||
# PowerShellHostName = ''
|
||||
|
||||
# Minimum version of the Windows PowerShell host required by this module
|
||||
# Minimum version of the PowerShell host required by this module
|
||||
# PowerShellHostVersion = ''
|
||||
|
||||
# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
|
||||
@ -70,32 +61,36 @@
|
||||
# NestedModules = @()
|
||||
|
||||
# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
|
||||
FunctionsToExport = @(
|
||||
# Connection Group
|
||||
FunctionsToExport = @(
|
||||
# Certificate
|
||||
'New-CRTAttribute',
|
||||
'New-PfxCertificate',
|
||||
'Use-PfxCertificate',
|
||||
# Connection
|
||||
'Connect-To',
|
||||
'Disconnect-From',
|
||||
'Test-CSConnection',
|
||||
# Item Group
|
||||
# Item
|
||||
'Get-CredentialStoreItem',
|
||||
'Set-CredentialStoreItem',
|
||||
'New-CredentialStoreItem',
|
||||
'Remove-CredentialStoreItem',
|
||||
'Set-CredentialStoreItem',
|
||||
'Test-CredentialStoreItem',
|
||||
# Store Group
|
||||
# Store
|
||||
'Get-CredentialStore',
|
||||
'New-CredentialStore',
|
||||
'Test-CredentialStore'
|
||||
|
||||
'Test-CredentialStore',
|
||||
'Update-CredentialStore'
|
||||
)
|
||||
|
||||
# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
|
||||
CmdletsToExport = @()
|
||||
CmdletsToExport = @()
|
||||
|
||||
# Variables to export from this module
|
||||
VariablesToExport = '*'
|
||||
VariablesToExport = '*'
|
||||
|
||||
# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
|
||||
AliasesToExport = @()
|
||||
AliasesToExport = @()
|
||||
|
||||
# DSC resources to export from this module
|
||||
# DscResourcesToExport = @()
|
||||
@ -107,33 +102,40 @@
|
||||
# FileList = @()
|
||||
|
||||
# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
|
||||
PrivateData = @{
|
||||
PrivateData = @{
|
||||
|
||||
PSData = @{
|
||||
|
||||
# Tags applied to this module. These help with module discovery in online galleries.
|
||||
Tags = @('CredentialStore',
|
||||
'CredentialManager'
|
||||
)
|
||||
Tags = 'CredentialStore', 'CredentialManager'
|
||||
|
||||
# A URL to the license for this module.
|
||||
LicenseUri = 'https://github.com/OCram85/PSCredentialStore/blob/master/LICENSE'
|
||||
LicenseUri = 'https://github.com/OCram85/PSCredentialStore/blob/master/LICENSE'
|
||||
|
||||
# A URL to the main website for this project.
|
||||
ProjectUri = 'https://github.com/OCram85/PSCredentialStore'
|
||||
ProjectUri = 'https://github.com/OCram85/PSCredentialStore'
|
||||
|
||||
# A URL to an icon representing this module.
|
||||
# IconUri = ''
|
||||
IconUri = 'https://raw.githubusercontent.com/OCram85/PSCredentialStore/master/assets/logo256.png'
|
||||
|
||||
# ReleaseNotes of this module
|
||||
ReleaseNotes = 'This is a pre-release version!. Do not use in production!'
|
||||
|
||||
# Prerelease string of this module
|
||||
Prerelease = 'alpha1'
|
||||
|
||||
# Flag to indicate whether the module requires explicit user acceptance for install/update
|
||||
# RequireLicenseAcceptance = $false
|
||||
|
||||
# External dependent modules of this module
|
||||
# ExternalModuleDependencies = @()
|
||||
|
||||
} # End of PSData hashtable
|
||||
|
||||
} # End of PrivateData hashtable
|
||||
|
||||
# HelpInfo URI of this module
|
||||
HelpInfoURI = 'https://github.com/OCram85/PSCredentialStore'
|
||||
HelpInfoURI = 'https://github.com/OCram85/PSCredentialStore'
|
||||
|
||||
# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
|
||||
# DefaultCommandPrefix = ''
|
||||
|
@ -1,10 +1,18 @@
|
||||
$Items = (Get-ChildItem -Path ("{0}\*.ps1" -f $PSScriptRoot ) -Recurse ).FullName | Where-Object {
|
||||
#region module-definition
|
||||
|
||||
#endregion module-definition
|
||||
Set-Variable -Name "CSVersion" -Value "2.0.0" -Option Constant -Scope 'Script' -ErrorAction Stop
|
||||
|
||||
|
||||
|
||||
#region dot-sourcing
|
||||
# dot-sourcing all module functions. The export is handled via manifest file.
|
||||
|
||||
$Items = (Get-ChildItem -Path (Join-Path -Path $PSScriptRoot -ChildPath '*.ps1') -Recurse ).FullName | Where-Object {
|
||||
$_ -notmatch "(Classes|Init)"
|
||||
}
|
||||
ForEach ($Item in $Items) {
|
||||
foreach ($Item in $Items) {
|
||||
# Write-Verbose ("dot sourcing file {0}" -f $Item)
|
||||
. $Item
|
||||
}
|
||||
|
||||
# Exports are now controlled by module manifest
|
||||
# Export-ModuleMember -Function *
|
||||
#endregion dot-sourcing
|
||||
|
61
src/Private/Get-DefaultCredentialStorePath.ps1
Normal file
61
src/Private/Get-DefaultCredentialStorePath.ps1
Normal file
@ -0,0 +1,61 @@
|
||||
function Get-DefaultCredentialStorePath {
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Returns the default CredentialStore path based on the current OS.
|
||||
|
||||
.DESCRIPTION
|
||||
This is a low level helper function.
|
||||
|
||||
.INPUTS
|
||||
[None]
|
||||
|
||||
.OUTPUTS
|
||||
[string]
|
||||
|
||||
.EXAMPLE
|
||||
$Path = Get-DefaultCredentialStorePath
|
||||
|
||||
.NOTES
|
||||
File Name : Get-DefaultCredentialStorePath.ps1
|
||||
Author : Marco Blessing - marco.blessing@googlemail.com
|
||||
Requires :
|
||||
|
||||
.LINK
|
||||
https://github.com/OCram85/PSCredentialStore
|
||||
#>
|
||||
[CmdletBinding()]
|
||||
[OutputType([string])]
|
||||
param(
|
||||
[Parameter(Mandatory = $false)]
|
||||
[switch]$Shared
|
||||
)
|
||||
|
||||
begin {}
|
||||
|
||||
process {
|
||||
if ($Shared.IsPresent) {
|
||||
if ($IsLinux) {
|
||||
return Join-Path -Path '/var/opt' -ChildPath 'PSCredentialStore/CredentialStore.json'
|
||||
}
|
||||
if ($IsMacOS) {
|
||||
return Join-Path -Path '/var/opt' -ChildPath 'PSCredentialStore/CredentialStore.json'
|
||||
}
|
||||
elseif (($isWindows) -or ($PSVersionTable.PSVersion.Major -lt 6) -or ($PSVersionTable.PSEdition -eq 'Desktop')) {
|
||||
return Join-Path -Path $env:ProgramData -ChildPath 'PSCredentialStore/CredentialStore.json'
|
||||
}
|
||||
}
|
||||
else {
|
||||
if ($IsLinux) {
|
||||
return Join-Path -Path $Env:HOME -ChildPath 'CredentialStore.json'
|
||||
}
|
||||
if ($IsMacOS) {
|
||||
return Join-Path -Path $Env:HOME -ChildPath 'CredentialStore.json'
|
||||
}
|
||||
elseif (($isWindows) -or ($PSVersionTable.PSVersion.Major -lt 6) -or ($PSVersionTable.PSEdition -eq 'Desktop')) {
|
||||
return Join-Path -Path $env:AppData -ChildPath 'CredentialStore.json'
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
end {}
|
||||
}
|
44
src/Private/Get-RandomAESKey.ps1
Normal file
44
src/Private/Get-RandomAESKey.ps1
Normal file
@ -0,0 +1,44 @@
|
||||
function Get-RandomAESKey {
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Generate a new 32-byte AES key.
|
||||
|
||||
.DESCRIPTION
|
||||
Uses the System.Security.Cryptography namespace for random aes key generation.
|
||||
|
||||
.INPUTS
|
||||
[None]
|
||||
|
||||
.OUTPUTS
|
||||
[byte[]]
|
||||
|
||||
.EXAMPLE
|
||||
.\Get-RandomAESKey
|
||||
|
||||
.NOTES
|
||||
File Name : Get-RandomAESKey.ps1
|
||||
Author : Marco Blessing - marco.blessing@googlemail.com
|
||||
Requires :
|
||||
|
||||
.LINK
|
||||
https://github.com/OCram85/PSCredentialStore
|
||||
#>
|
||||
|
||||
[CmdletBinding()]
|
||||
[OutputType([byte[]])]
|
||||
param()
|
||||
|
||||
begin {}
|
||||
|
||||
process {
|
||||
$key = [byte[]]::new(32)
|
||||
$rng = [System.Security.Cryptography.RNGCryptoServiceProvider]::Create()
|
||||
$rng.GetBytes($key)
|
||||
Write-Output $key
|
||||
if ($null -ne $key) {
|
||||
[array]::Clear($key, 0, $key.Length)
|
||||
}
|
||||
|
||||
}
|
||||
end {}
|
||||
}
|
44
src/Private/Get-TempDir.ps1
Normal file
44
src/Private/Get-TempDir.ps1
Normal file
@ -0,0 +1,44 @@
|
||||
function Get-TempDir {
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Returns the valid temp dir of the current OS
|
||||
|
||||
.DESCRIPTION
|
||||
Returns the valid temp dir of the current OS.
|
||||
|
||||
.INPUTS
|
||||
[None]
|
||||
.OUTPUTS
|
||||
[string]
|
||||
|
||||
.EXAMPLE
|
||||
Get-TempDir
|
||||
|
||||
.NOTES
|
||||
File Name : Get-TempDir.ps1
|
||||
Author : Marco Blessing - marco.blessing@googlemail.com
|
||||
Requires :
|
||||
|
||||
.LINK
|
||||
https://github.com/OCram85/PSCredentialStore
|
||||
#>
|
||||
[CmdletBinding()]
|
||||
[OutputType([string])]
|
||||
param()
|
||||
begin {
|
||||
|
||||
}
|
||||
process {
|
||||
if ($IsLinux) {
|
||||
return (Resolve-Path -Path '/tmp/').Path
|
||||
}
|
||||
if ($IsMacOS) {
|
||||
return (Resolve-Path -Path '/tmp/').Path
|
||||
}
|
||||
elseif (($isWindows) -or ($PSVersionTable.PSVersion.Major -lt 6) -or ($PSVersionTable.PSEdition -eq 'Desktop')) {
|
||||
return (Resolve-Path -Path $env:TEMP).Path
|
||||
}
|
||||
}
|
||||
end {
|
||||
}
|
||||
}
|
@ -35,7 +35,7 @@ function Test-Module {
|
||||
|
||||
.NOTES
|
||||
```
|
||||
File Name : Get-RandomKey.ps1
|
||||
File Name : Test-Module.ps1
|
||||
Author : Marco Blessing - marco.blessing@googlemail.com
|
||||
Requires :
|
||||
```
|
||||
@ -50,10 +50,6 @@ function Test-Module {
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$Name,
|
||||
|
||||
[Parameter(Mandatory = $false)]
|
||||
[ValidateSet('Module', 'PSSnapin', 'Custom')]
|
||||
[string]$Type = 'Module',
|
||||
|
||||
[Parameter(Mandatory = $false)]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$MessagePattern = @"
|
||||
@ -62,45 +58,22 @@ Could not find the required {0} called {1}. Please install the required {0} to r
|
||||
[Parameter(Mandatory = $false)]
|
||||
[switch]$StopIfFails
|
||||
)
|
||||
begin {
|
||||
|
||||
}
|
||||
begin {}
|
||||
|
||||
process {
|
||||
$Message = $MessagePattern -f $Type, $Name
|
||||
Write-Debug $Message
|
||||
switch ($Type) {
|
||||
'Module' {
|
||||
if (Get-Module -Name $Name -ListAvailable) {
|
||||
return $true
|
||||
}
|
||||
else {
|
||||
if ($StopIfFails) {
|
||||
Write-Error -Message $Message -ErrorAction Stop -Category NotInstalled
|
||||
}
|
||||
return $false
|
||||
}
|
||||
}
|
||||
|
||||
'PSSnapin' {
|
||||
if (Get-PSSnapin -Name $Name -Registered -ErrorAction SilentlyContinue) {
|
||||
return $true
|
||||
}
|
||||
else {
|
||||
if ($StopIfFails) {
|
||||
Write-Error -Message $Message -ErrorAction Stop -Category NotInstalled
|
||||
}
|
||||
return $false
|
||||
}
|
||||
}
|
||||
|
||||
'Custom' {
|
||||
Throw 'Custom tests are not implemented yet!'
|
||||
if (Get-Module -Name $Name -ListAvailable) {
|
||||
return $true
|
||||
}
|
||||
else {
|
||||
if ($StopIfFails) {
|
||||
Write-Error -Message $Message -ErrorAction Stop -Category NotInstalled
|
||||
}
|
||||
return $false
|
||||
}
|
||||
}
|
||||
|
||||
end {
|
||||
|
||||
}
|
||||
end {}
|
||||
}
|
@ -35,36 +35,54 @@ function Get-CredentialStore {
|
||||
#>
|
||||
|
||||
[CmdletBinding(DefaultParameterSetName = "Private")]
|
||||
[OutputType("PSCredentialStore.Store")]
|
||||
param(
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
|
||||
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[string]$Path,
|
||||
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
|
||||
[switch]$Shared
|
||||
)
|
||||
|
||||
if ($PSCmdlet.ParameterSetName -eq 'Private') {
|
||||
$Path = "{0}\CredentialStore.json" -f $env:APPDATA
|
||||
}
|
||||
begin {}
|
||||
|
||||
if (Test-CredentialStore -Path $Path) {
|
||||
try {
|
||||
$FileContent = Get-Content -Path $Path -Raw
|
||||
ConvertFrom-Json $FileContent
|
||||
process {
|
||||
# Set the CredentialStore for private, shared or custom mode.
|
||||
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName)
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = Get-DefaultCredentialStorePath
|
||||
}
|
||||
catch [System.Exception] {
|
||||
elseif ($PSCmdlet.ParameterSetName -eq "Shared") {
|
||||
if (!($PSBoundParameters.ContainsKey('Path'))) {
|
||||
$Path = Get-DefaultCredentialStorePath -Shared
|
||||
}
|
||||
}
|
||||
|
||||
if (Test-CredentialStore -Path $Path -Shared) {
|
||||
try {
|
||||
$FileContent = Get-Content -Path $Path -Raw
|
||||
$CS = ConvertFrom-Json $FileContent
|
||||
$CS.PSObject.TypeNames.Insert(0, "PSCredentialStore.Store")
|
||||
return $CS
|
||||
}
|
||||
catch [System.Exception] {
|
||||
$MessageParams = @{
|
||||
Message = "Unknown CredentialStore format. Invalid JSON file."
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
}
|
||||
}
|
||||
else {
|
||||
$MessageParams = @{
|
||||
Message = "Unknown CredentialStore format. Invalid JSON file."
|
||||
Message = "Could not find the CredentialStore."
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
}
|
||||
}
|
||||
else {
|
||||
$MessageParams = @{
|
||||
Message = "Could not find the CredentialStore."
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
}
|
||||
|
||||
end {}
|
||||
|
||||
}
|
||||
|
@ -22,7 +22,8 @@ function New-CredentialStore {
|
||||
[None]
|
||||
|
||||
.OUTPUTS
|
||||
[None]
|
||||
['PSCredentialStore.Store'] Returns the recently created CredentialStore object if the -PassThru parameter
|
||||
was given.
|
||||
|
||||
.EXAMPLE
|
||||
New-CredentialStore
|
||||
@ -50,63 +51,163 @@ function New-CredentialStore {
|
||||
https://github.com/OCram85/PSCredentialStore
|
||||
#>
|
||||
|
||||
[CmdletBinding(DefaultParameterSetName = "Private")]
|
||||
[CmdletBinding(SupportsShouldProcess = $true, DefaultParameterSetName = "Private")]
|
||||
[OutputType("PSCredentialStore.Store")]
|
||||
param(
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
|
||||
[switch]$Shared,
|
||||
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
|
||||
[string]$Path,
|
||||
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Private")]
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[switch]$Force
|
||||
[switch]$Force,
|
||||
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Private")]
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[switch]$PassThru,
|
||||
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Private")]
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[Switch]$SkipPFXCertCreation
|
||||
)
|
||||
|
||||
# Lets get the current Date in a human readable format.
|
||||
$CurrentDate = Get-Date -UFormat "%Y-%m-%d %H:%M:%S"
|
||||
begin {
|
||||
# Lets get the current Date in a human readable format.
|
||||
$CurrentDate = Get-Date -UFormat "%Y-%m-%d %H:%M:%S"
|
||||
|
||||
# Set latest Credential Store version
|
||||
Set-Variable -Name "CSVersion" -Value "1.2.0" -Option Constant
|
||||
|
||||
# Set the CredentialStore path for private mode.
|
||||
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName)
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = "{0}\CredentialStore.json" -f $Env:APPDATA
|
||||
# Set latest Credential Store version
|
||||
# Set-Variable -Name "CSVersion" -Value "2.0.0" -Option Constant -Scope
|
||||
}
|
||||
|
||||
# Test if in the given store already a CredentialStore exists.
|
||||
Write-Verbose "Test if there is already a credential store."
|
||||
if ((Test-CredentialStore -Path $Path) -and ($Force -ne $true)) {
|
||||
$MessageParam = @{
|
||||
Message = "The given file already exists. Use the 'Force' switch to override the existing store."
|
||||
ErrorAction = "Stop"
|
||||
process {
|
||||
# Set the CredentialStore for private, shared or custom mode.
|
||||
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName)
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = Get-DefaultCredentialStorePath
|
||||
}
|
||||
Write-Error @MessageParam
|
||||
}
|
||||
# We need to use the IDictionary to keep the property sorting in the object.
|
||||
$ObjProperties = [ordered]@{
|
||||
Version = $CSVersion
|
||||
Creation = $CurrentDate
|
||||
}
|
||||
if ($PSCmdlet.ParameterSetName -eq "Shared") {
|
||||
$ObjProperties.Type = "Shared"
|
||||
# Check if a ChallengeFile already exists. We don't want to overide it.
|
||||
# Otherwise previous created CredentialStores couln't be decrypted anymore.
|
||||
if (-not (Test-ChallengeFile)) {
|
||||
Set-ChallengeFile
|
||||
elseif ($PSCmdlet.ParameterSetName -eq "Shared") {
|
||||
if (!($PSBoundParameters.ContainsKey('Path'))) {
|
||||
$Path = Get-DefaultCredentialStorePath -Shared
|
||||
}
|
||||
}
|
||||
|
||||
# Test if in the CredentialStore already exists.
|
||||
Write-Verbose "Test if there is already a credential store."
|
||||
if ((Test-Path -Path $Path) -and ($Force -ne $true)) {
|
||||
$ErrorParams = @{
|
||||
ErrorAction = 'Stop'
|
||||
Exception = [System.InvalidOperationException]::new(
|
||||
'The given file already exists. Use the -Force switch to override the existing store.'
|
||||
)
|
||||
}
|
||||
Write-Error @ErrorParams
|
||||
}
|
||||
|
||||
if (! $SkipPFXCertCreation.IsPresent) {
|
||||
$CRTParams = @{
|
||||
Country = 'DE'
|
||||
State = 'PSCredentialStore'
|
||||
City = 'PSCredentialStore'
|
||||
Organization = 'PSCredentialStore'
|
||||
OrganizationalUnitName = ' '
|
||||
CommonName = 'PrivateStore'
|
||||
}
|
||||
$CRTAttribute = New-CRTAttribute @CRTParams
|
||||
|
||||
# If we are working with a ne shared store we have to create the location first.
|
||||
# Otherwise openssl fails with unknown path
|
||||
|
||||
$StoreHome = Split-Path -Path $Path -Parent
|
||||
if (! (Test-Path -Path $StoreHome)) {
|
||||
New-Item -ItemType Directory -Path $StoreHome -ErrorAction Stop
|
||||
}
|
||||
|
||||
$PfxParams = @{
|
||||
CRTAttribute = $CRTAttribute
|
||||
KeyName = Join-Path -Path $StoreHome -ChildPath 'private.key'
|
||||
CertName = Join-Path -Path $StoreHome -ChildPath 'PSCredentialStore.pfx'
|
||||
ErrorAction = 'Stop'
|
||||
Confirm = $false
|
||||
}
|
||||
|
||||
if ((Test-Path $PfxParams.CertName) -and (! $Force.IsPresent)) {
|
||||
$ErrorParams = @{
|
||||
Exception = [System.IO.InvalidDataException]::new(
|
||||
'There is already a PfxCertificate for a private CredentialStore!'
|
||||
)
|
||||
ErrorAction = 'Stop'
|
||||
}
|
||||
Write-Error @ErrorParams
|
||||
}
|
||||
|
||||
try {
|
||||
New-PfxCertificate @PfxParams
|
||||
}
|
||||
catch {
|
||||
$_.Exception.Message | Write-Error
|
||||
$ErrorParams = @{
|
||||
ErrorAction = 'Stop'
|
||||
Exception = [System.Exception]::new(
|
||||
'Could not create the private PfXCertificate!'
|
||||
)
|
||||
}
|
||||
Write-Error @ErrorParams
|
||||
}
|
||||
|
||||
try {
|
||||
$FreshCert = Get-PfxCertificate -FilePath $PfxParams.CertName -ErrorAction Stop
|
||||
}
|
||||
catch [System.Management.Automation.ItemNotFoundException] {
|
||||
$_.Exception.Message | Write-Error
|
||||
Write-Error -Message 'Could not read the new PfxCertificate.' -ErrorAction Stop
|
||||
}
|
||||
}
|
||||
|
||||
# We need to use the IDictionary to keep the property sorting in the object.
|
||||
$ObjProperties = [ordered]@{
|
||||
PSTypeName = 'PSCredentialStore.Store'
|
||||
Version = $CSVersion
|
||||
Created = $CurrentDate
|
||||
PfxCertificate = $null
|
||||
Thumbprint = $null
|
||||
Type = $null
|
||||
}
|
||||
if (! $SkipPFXCertCreation.IsPresent) {
|
||||
$ObjProperties.PfXCertificate = $PfxParams.CertName
|
||||
$ObjProperties.Thumbprint = $FreshCert.Thumbprint
|
||||
}
|
||||
|
||||
if ($PSCmdlet.ParameterSetName -eq "Shared") {
|
||||
$ObjProperties.Type = "Shared"
|
||||
}
|
||||
else {
|
||||
$ObjProperties.Type = "Private"
|
||||
}
|
||||
|
||||
$CredentialStoreObj = [PSCustomObject]$ObjProperties
|
||||
try {
|
||||
$JSON = ConvertTo-Json -InputObject $CredentialStoreObj -ErrorAction Stop
|
||||
$JSON | Out-File -FilePath $Path -ErrorAction Stop -Force
|
||||
}
|
||||
catch {
|
||||
$_.Exception.Message | Write-Error
|
||||
$ErrorParams = @{
|
||||
ErrorAction = 'Stop'
|
||||
Exception = [System.IO.IOException]::new(
|
||||
'Unable to convert or write the CredentialStore'
|
||||
)
|
||||
}
|
||||
Write-Error @ErrorParams
|
||||
}
|
||||
|
||||
if ($PassThru.IsPresent) {
|
||||
return $CredentialStoreObj
|
||||
}
|
||||
}
|
||||
else {
|
||||
$ObjProperties.Type = "Private"
|
||||
}
|
||||
# Create a new object for easy conversion into a json file
|
||||
$CredentialStoreObj = New-Object -TypeName psobject -Property $ObjProperties
|
||||
try {
|
||||
ConvertTo-Json -InputObject $CredentialStoreObj | Out-File -FilePath $Path
|
||||
}
|
||||
catch [System.Exception] {
|
||||
$_.Exception | Format-List -Force | Out-String | Write-Error -ErrorAction Stop
|
||||
|
||||
end {
|
||||
}
|
||||
}
|
||||
|
@ -26,37 +26,40 @@ function Test-CredentialStore {
|
||||
[CmdletBinding(DefaultParameterSetName = "Private")]
|
||||
param(
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
|
||||
[string]$Path,
|
||||
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
|
||||
[switch]$Shared
|
||||
)
|
||||
|
||||
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = "{0}\CredentialStore.json" -f $Env:APPDATA
|
||||
begin {
|
||||
# Set latest Credential Store version
|
||||
#Set-Variable -Name "CSVersion" -Value "2.0.0" -Option Constant
|
||||
}
|
||||
|
||||
# Set latest Credential Store version
|
||||
Set-Variable -Name "CSVersion" -Value "1.2.0" -Option Constant
|
||||
|
||||
if (Test-Path $Path) {
|
||||
Write-Verbose "CredentialStore in given path found."
|
||||
|
||||
# try tor read the store. Removed the Get-CredentialStore function to avoid recursive calls.
|
||||
try {
|
||||
$FileContent = Get-Content -Path $Path -Raw
|
||||
$CSContent = ConvertFrom-Json $FileContent
|
||||
process {
|
||||
# Set the CredentialStore for private, shared or custom mode.
|
||||
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName)
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = Get-DefaultCredentialStorePath
|
||||
}
|
||||
catch {
|
||||
Write-Warning "Could not read or convert the given CredentialStore."
|
||||
Return $False
|
||||
elseif ($PSCmdlet.ParameterSetName -eq "Shared") {
|
||||
if (!($PSBoundParameters.ContainsKey('Path'))) {
|
||||
$Path = Get-DefaultCredentialStorePath -Shared
|
||||
}
|
||||
}
|
||||
Return $True
|
||||
Write-Verbose -Message ("Path is: {0}" -f $Path)
|
||||
|
||||
if (Test-Path $Path) {
|
||||
Write-Verbose "CredentialStore in given path found."
|
||||
return $true
|
||||
}
|
||||
else {
|
||||
Write-Verbose "The given CredentialStore does not exist!"
|
||||
return $false
|
||||
}
|
||||
}
|
||||
Else {
|
||||
Write-Verbose "The given CredentialStore does not exist!"
|
||||
Return $False
|
||||
}
|
||||
|
||||
end {}
|
||||
|
||||
}
|
||||
|
140
src/Store/Update-CredentialStore.ps1
Normal file
140
src/Store/Update-CredentialStore.ps1
Normal file
@ -0,0 +1,140 @@
|
||||
function Update-CredentialStore {
|
||||
<#
|
||||
.SYNOPSIS
|
||||
A brief description of the function or script.
|
||||
|
||||
.DESCRIPTION
|
||||
Describe the function of the script using a single sentence or more.
|
||||
|
||||
.PARAMETER One
|
||||
Description of the Parameter (what it does)
|
||||
|
||||
.INPUTS
|
||||
Describe the script input parameters (if any), otherwise it may also list the word "[None]".
|
||||
|
||||
.OUTPUTS
|
||||
Describe the script output parameters (if any), otherwise it may also list the word "[None]".
|
||||
|
||||
.EXAMPLE
|
||||
.\Remove-Some-Script.ps1 -One content
|
||||
|
||||
.NOTES
|
||||
File Name : Update-CredentialStore.ps1
|
||||
Author : Marco Blessing - marco.blessing@googlemail.com
|
||||
Requires :
|
||||
|
||||
.LINK
|
||||
https://github.com/OCram85/PSCredentialStore
|
||||
#>
|
||||
[CmdletBinding()]
|
||||
[OutputType()]
|
||||
param(
|
||||
[Parameter(Mandatory = $false)]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[Version]$From = '1.2.0',
|
||||
|
||||
[Parameter(Mandatory = $false)]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[Version]$To = '2.0.0',
|
||||
|
||||
[Parameter(Mandatory = $true)]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$Path,
|
||||
|
||||
[Parameter(Mandatory = $true)]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$PfxCertificate
|
||||
|
||||
)
|
||||
begin {
|
||||
}
|
||||
process {
|
||||
if (Test-Path -Path $Path) {
|
||||
$CSOld = Get-CredentialStore -Shared -Path $Path -ErrorAction Stop
|
||||
if ($CSOld.Version -ne $From) {
|
||||
$ErrorParams = @{
|
||||
Message = 'Can not migrate CredentialStore from version {0} to {1}' -f $From, $To
|
||||
ErrorAction = 'Stop'
|
||||
Exception = [System.Exception]::new()
|
||||
}
|
||||
Write-Error @ErrorParams
|
||||
}
|
||||
|
||||
$CSNew = [PSCustomObject]@{
|
||||
PSTypeName = 'PSCredentialStore.Store'
|
||||
Version = $To
|
||||
Created = $CurrentDate
|
||||
PfxCertificate = $null
|
||||
Thumbprint = $null
|
||||
Type = $null
|
||||
}
|
||||
|
||||
if ($PWD -eq (Get-DefaultCredentialStorePath)) {
|
||||
$CSNew.Type = 'Private'
|
||||
}
|
||||
elseif ($PWD -eq (Get-DefaultCredentialStorePath -Shared)) {
|
||||
$CSNew.Type = 'Shared'
|
||||
}
|
||||
else {
|
||||
$ErrorParams = @{
|
||||
Message = 'Can not determine a valid CredentialStore Type!'
|
||||
ErrorAction = 'Stop'
|
||||
Exception = [System.Exception]::new()
|
||||
}
|
||||
Write-Error @ErrorParams
|
||||
}
|
||||
$Cert = Get-PfxCertificate -FilePath $PfxCertificate -ErrorAction Stop
|
||||
|
||||
$CSNew.PfxCertificate = Join-Path -Path $PfxCertificate
|
||||
$CSNew.Thumbprint = $Cert.Thumbprint
|
||||
|
||||
|
||||
$CredentialItems = $CSOld | Get-Member -MemberType NoteProperty | Where-Object {
|
||||
$_.Definition -like "*.PSCustomObject*"
|
||||
} | Select-Object -ExpandProperty Name
|
||||
|
||||
# iterate through all existing items
|
||||
foreach ($Item in $CredentialItems) {
|
||||
|
||||
$CurrentDate = Get-Date -UFormat "%Y-%m-%d %H:%M:%S"
|
||||
$RSAKey = Get-RandomAESKey
|
||||
|
||||
$CredentialObj = [PSCustomObject]@{
|
||||
User = $Item.UserName
|
||||
Password = $null
|
||||
Created = $CurrentDate
|
||||
LastChange = $null
|
||||
EncryptedKey = [Convert]::ToBase64String(
|
||||
$Cert.PublicKey.Key.Encrypt(
|
||||
$RSAKey,
|
||||
[System.Security.Cryptography.RSAEncryptionPadding]::Pkcs1
|
||||
)
|
||||
)
|
||||
}
|
||||
if ($CSOld.Type -eq 'Private') {
|
||||
$CredentialObject.Password = ConvertTo-SecureString -SecureString $Item.Password | ConvertFrom-SecureString -Key $RSAKey
|
||||
}
|
||||
elseif ($CSNew.Type -eq 'Shared') {
|
||||
$ChallengeKey = [io.file]::ReadAllBytes((Join-Path -Path $PWD -ChildPath '/Challenge.bin'))
|
||||
$CredentialObject.Password = ConvertTo-SecureString -SecureString $Item.Password -Key $ChallengeKey | ConvertFrom-SecureString -Key $RSAKey
|
||||
}
|
||||
Add-Member -InputObject $CSNew -Name (
|
||||
($Item | Get-Variable).Name
|
||||
) -MemberType NoteProperty -Value $CredentialObj
|
||||
}
|
||||
$CSNew | ConvertTo-Json -Depth 5 | Out-File -LiteralPath (
|
||||
Join-Path -Path $PWD -ChildPath './CredentialStore.json'
|
||||
) -Encoding utf8 -Confirm:$true
|
||||
}
|
||||
else {
|
||||
$ErrorParams = @{
|
||||
Message = 'Could not find the given CredentialStore path!'
|
||||
ErrorAction = 'Stop'
|
||||
Exception = [System.IO.FileNotFoundException]::new()
|
||||
}
|
||||
Write-Error @ErrorParams
|
||||
}
|
||||
}
|
||||
end {
|
||||
}
|
||||
}
|
BIN
src/Vendor/libressl255/LICENSE
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/LICENSE
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/libcrypto-41.dll
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/libcrypto-41.dll
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/libcrypto-41.exp
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/libcrypto-41.exp
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/libcrypto-41.lib
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/libcrypto-41.lib
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/libcrypto-41.pdb
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/libcrypto-41.pdb
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/libssl-43.dll
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/libssl-43.dll
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/libssl-43.exp
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/libssl-43.exp
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/libssl-43.lib
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/libssl-43.lib
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/libssl-43.pdb
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/libssl-43.pdb
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/libtls-15.dll
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/libtls-15.dll
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/libtls-15.exp
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/libtls-15.exp
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/libtls-15.lib
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/libtls-15.lib
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/libtls-15.pdb
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/libtls-15.pdb
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/ocspcheck.exe
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/ocspcheck.exe
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/openssl.exe
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/openssl.exe
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
245
src/openssl.conf
Normal file
245
src/openssl.conf
Normal file
@ -0,0 +1,245 @@
|
||||
#
|
||||
# OpenSSL example configuration file.
|
||||
# This is mostly being used for generation of certificate requests.
|
||||
#
|
||||
|
||||
# This definition stops the following lines choking if HOME isn't
|
||||
# defined.
|
||||
HOME = .
|
||||
RANDFILE = $ENV::HOME/.rnd
|
||||
|
||||
# Extra OBJECT IDENTIFIER info:
|
||||
#oid_file = $ENV::HOME/.oid
|
||||
oid_section = new_oids
|
||||
|
||||
# To use this configuration file with the "-extfile" option of the
|
||||
# "openssl x509" utility, name here the section containing the
|
||||
# X.509v3 extensions to use:
|
||||
# extensions =
|
||||
# (Alternatively, use a configuration file that has only
|
||||
# X.509v3 extensions in its main [= default] section.)
|
||||
|
||||
[ new_oids ]
|
||||
|
||||
# We can add new OIDs in here for use by 'ca' and 'req'.
|
||||
# Add a simple OID like this:
|
||||
# testoid1=1.2.3.4
|
||||
# Or use config file substitution like this:
|
||||
# testoid2=${testoid1}.5.6
|
||||
|
||||
####################################################################
|
||||
[ ca ]
|
||||
default_ca = CA_default # The default ca section
|
||||
|
||||
####################################################################
|
||||
[ CA_default ]
|
||||
|
||||
dir = ./demoCA # Where everything is kept
|
||||
certs = $dir/certs # Where the issued certs are kept
|
||||
crl_dir = $dir/crl # Where the issued crl are kept
|
||||
database = $dir/index.txt # database index file.
|
||||
new_certs_dir = $dir/newcerts # default place for new certs.
|
||||
|
||||
certificate = $dir/cacert.pem # The CA certificate
|
||||
serial = $dir/serial # The current serial number
|
||||
crl = $dir/crl.pem # The current CRL
|
||||
private_key = $dir/private/cakey.pem # The private key
|
||||
RANDFILE = $dir/private/.rand # private random number file
|
||||
|
||||
x509_extensions = usr_cert # The extentions to add to the cert
|
||||
|
||||
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
|
||||
# so this is commented out by default to leave a V1 CRL.
|
||||
# crl_extensions = crl_ext
|
||||
|
||||
default_days = 365 # how long to certify for
|
||||
default_crl_days = 30 # how long before next CRL
|
||||
default_md = md5 # which md to use.
|
||||
preserve = no # keep passed DN ordering
|
||||
|
||||
# A few difference way of specifying how similar the request should look
|
||||
# For type CA, the listed attributes must be the same, and the optional
|
||||
# and supplied fields are just that :-)
|
||||
policy = policy_match
|
||||
|
||||
# For the CA policy
|
||||
[ policy_match ]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
# For the 'anything' policy
|
||||
# At this point in time, you must list all acceptable 'object'
|
||||
# types.
|
||||
[ policy_anything ]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
####################################################################
|
||||
[ req ]
|
||||
default_bits = 2048
|
||||
default_keyfile = privkey.pem
|
||||
distinguished_name = req_distinguished_name
|
||||
attributes = req_attributes
|
||||
x509_extensions = v3_ca # The extentions to add to the self signed cert
|
||||
|
||||
# Passwords for private keys if not present they will be prompted for
|
||||
# input_password = secret
|
||||
# output_password = secret
|
||||
|
||||
# This sets a mask for permitted string types. There are several options.
|
||||
# default: PrintableString, T61String, BMPString.
|
||||
# pkix : PrintableString, BMPString.
|
||||
# utf8only: only UTF8Strings.
|
||||
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
|
||||
# MASK:XXXX a literal mask value.
|
||||
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
|
||||
# so use this option with caution!
|
||||
string_mask = nombstr
|
||||
|
||||
# req_extensions = v3_req # The extensions to add to a certificate request
|
||||
|
||||
[ req_distinguished_name ]
|
||||
countryName = Country Name (2 letter code)
|
||||
countryName_default = DE
|
||||
countryName_min = 2
|
||||
countryName_max = 2
|
||||
|
||||
stateOrProvinceName = State or Province Name (full name)
|
||||
stateOrProvinceName_default = BW
|
||||
|
||||
localityName = Locality Name (eg, city)
|
||||
localityName_default = PSCredentialStore
|
||||
|
||||
0.organizationName = Organization Name (eg, company)
|
||||
0.organizationName_default = PSCredentialStore
|
||||
|
||||
# we can do this but it is not needed normally :-)
|
||||
#1.organizationName = Second Organization Name (eg, company)
|
||||
#1.organizationName_default = World Wide Web Pty Ltd
|
||||
|
||||
organizationalUnitName = Organizational Unit Name (eg, section)
|
||||
#organizationalUnitName_default = PSCRedentialStore
|
||||
|
||||
commonName = Common Name (eg, YOUR name)
|
||||
commonName_max = 64
|
||||
|
||||
emailAddress = Email Address
|
||||
emailAddress_max = 40
|
||||
|
||||
# SET-ex3 = SET extension number 3
|
||||
|
||||
[ req_attributes ]
|
||||
challengePassword = A challenge password
|
||||
challengePassword_min = 0
|
||||
challengePassword_max = 20
|
||||
|
||||
unstructuredName = An optional company name
|
||||
|
||||
[ usr_cert ]
|
||||
|
||||
# These extensions are added when 'ca' signs a request.
|
||||
|
||||
# This goes against PKIX guidelines but some CAs do it and some software
|
||||
# requires this to avoid interpreting an end user certificate as a CA.
|
||||
|
||||
basicConstraints = CA:FALSE
|
||||
|
||||
# Here are some examples of the usage of nsCertType. If it is omitted
|
||||
# the certificate can be used for anything *except* object signing.
|
||||
|
||||
# This is OK for an SSL server.
|
||||
# nsCertType = server
|
||||
|
||||
# For an object signing certificate this would be used.
|
||||
# nsCertType = objsign
|
||||
|
||||
# For normal client use this is typical
|
||||
# nsCertType = client, email
|
||||
|
||||
# and for everything including object signing:
|
||||
# nsCertType = client, email, objsign
|
||||
|
||||
# This is typical in keyUsage for a client certificate.
|
||||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment, codeSigning
|
||||
|
||||
# This will be displayed in Netscape's comment listbox.
|
||||
nsComment = "OpenSSL Generated Certificate"
|
||||
|
||||
# PKIX recommendations harmless if included in all certificates.
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
|
||||
# This stuff is for subjectAltName and issuerAltname.
|
||||
# Import the email address.
|
||||
# subjectAltName=email:copy
|
||||
|
||||
# Copy subject details
|
||||
# issuerAltName=issuer:copy
|
||||
|
||||
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
|
||||
#nsBaseUrl
|
||||
#nsRevocationUrl
|
||||
#nsRenewalUrl
|
||||
#nsCaPolicyUrl
|
||||
#nsSslServerName
|
||||
|
||||
[ v3_req ]
|
||||
|
||||
# Extensions to add to a certificate request
|
||||
|
||||
basicConstraints = CA:FALSE
|
||||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment, codeSigning
|
||||
|
||||
[ v3_ca ]
|
||||
|
||||
|
||||
# Extensions for a typical CA
|
||||
|
||||
|
||||
# PKIX recommendation.
|
||||
|
||||
subjectKeyIdentifier=hash
|
||||
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
|
||||
# This is what PKIX recommends but some broken software chokes on critical
|
||||
# extensions.
|
||||
#basicConstraints = critical,CA:true
|
||||
# So we do this instead.
|
||||
basicConstraints = CA:true
|
||||
|
||||
# Key usage: this is typical for a CA certificate. However since it will
|
||||
# prevent it being used as an test self-signed certificate it is best
|
||||
# left out by default.
|
||||
# keyUsage = cRLSign, keyCertSign
|
||||
|
||||
# Some might want this also
|
||||
# nsCertType = sslCA, emailCA
|
||||
|
||||
# Include email address in subject alt name: another PKIX recommendation
|
||||
# subjectAltName=email:copy
|
||||
# Copy issuer details
|
||||
# issuerAltName=issuer:copy
|
||||
|
||||
# DER hex encoding of an extension: beware experts only!
|
||||
# obj=DER:02:03
|
||||
# Where 'obj' is a standard or added object
|
||||
# You can even override a supported extension:
|
||||
# basicConstraints= critical, DER:30:03:01:01:FF
|
||||
|
||||
[ crl_ext ]
|
||||
|
||||
# CRL extensions.
|
||||
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
|
||||
|
||||
# issuerAltName=issuer:copy
|
||||
authorityKeyIdentifier = keyid:always,issuer:always
|
Reference in New Issue
Block a user