From c26fc7d43d7f744f9a8bbf1cfd7570d2381ac7fb Mon Sep 17 00:00:00 2001 From: OCram85 Date: Fri, 5 Apr 2019 11:14:18 +0200 Subject: [PATCH] split cert functions --- src/Certificate/Get-CSCertificate.ps1 | 81 ++++++------- src/Certificate/Get-CSPfxCertificate.ps1 | 81 +++++++++++++ src/Certificate/Import-CSCertificate.ps1 | 102 +++++----------- src/Certificate/Import-CSPfxCertificate.ps1 | 112 ++++++++++++++++++ ...TAttribute.ps1 => New-CSCertAttribute.ps1} | 6 +- ...xCertificate.ps1 => New-CSCertificate.ps1} | 8 +- src/Certificate/Test-CSCertificate.ps1 | 80 ++++++------- src/Certificate/Test-CSPfxCertificate.ps1 | 86 ++++++++++++++ ...xCertificate.ps1 => Use-CSCertificate.ps1} | 24 ++-- src/PSCredentialStore.psd1 | 7 +- src/Store/New-CredentialStore.ps1 | 30 +++-- 11 files changed, 423 insertions(+), 194 deletions(-) create mode 100644 src/Certificate/Get-CSPfxCertificate.ps1 create mode 100644 src/Certificate/Import-CSPfxCertificate.ps1 rename src/Certificate/{New-CRTAttribute.ps1 => New-CSCertAttribute.ps1} (87%) rename src/Certificate/{New-PfxCertificate.ps1 => New-CSCertificate.ps1} (92%) create mode 100644 src/Certificate/Test-CSPfxCertificate.ps1 rename src/Certificate/{Use-PfxCertificate.ps1 => Use-CSCertificate.ps1} (81%) diff --git a/src/Certificate/Get-CSCertificate.ps1 b/src/Certificate/Get-CSCertificate.ps1 index 0e2cd6e..fdff236 100644 --- a/src/Certificate/Get-CSCertificate.ps1 +++ b/src/Certificate/Get-CSCertificate.ps1 @@ -1,28 +1,25 @@ function Get-CSCertificate { <# .SYNOPSIS - Returns the certificate object given by thumbprint. + Returns the current used valid PfX Certificate. .DESCRIPTION - You can use this function to get a stored certificate. Search for the object by its unique thumbprint. + Use this function to get the available pfx certficate respecting the config hierarchy. + + .PARAMETER Type + Select the current credential store type. .PARAMETER Thumbprint - Provide one or more thumprints. - - .PARAMETER StoreName - Select the store name in which you want to search the certificates. - - .PARAMETER StoreLocation - Select between the both available locations CurrentUser odr LocalMachine. + Provice the crednetials thumbprint for the search. .INPUTS - [string] + [None] .OUTPUTS - [System.Security.Cryptography.X509Certificates.X509Certificate2[]] + [System.Security.Cryptography.X509Certificates.X509Certificate2] .EXAMPLE - Get-CSCertificate -Thumbprint '12345678' -StoreName 'My' -StoreLocation 'CurrentUser' + Get-CSCertificate -Type 'Shared' -Thumbprint '12334456' .NOTES File Name : Get-CSCertificate.ps1 @@ -35,47 +32,43 @@ function Get-CSCertificate { [CmdletBinding()] [OutputType([System.Security.Cryptography.X509Certificates.X509Certificate2])] param( - [Parameter(Mandatory = $true, ValueFromPipeline = $true)] + [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] - [string[]]$Thumbprint, + [ValidateSet('Private', 'Shared')] + [string]$Type, - [Parameter(Mandatory = $false)] - [ValidateSet( - 'AddressBook', - 'AuthRoot', - 'CertificateAuthority', - 'Disallowed', - 'My', - 'Root', - 'TrustedPeople', - 'TrustedPublisher' - )] - [string]$StoreName = 'My', - - [Parameter(Mandatory = $false)] - [ValidateSet( - 'CurrentUser', - 'LocalMachine' - )] - [string]$StoreLocation = 'CurrentUser' + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [string]$Thumbprint ) begin { - $Store = [System.Security.Cryptography.X509Certificates.X509Store]::New($StoreName, $StoreLocation) - try { - $Store.Open('ReadOnly') - } - catch { - $_.Exception.Message | Write-Error -ErrorAction Stop - } } - process { - foreach ($Thumb in $Thumbprint) { - Write-Output $Store.Certificates | Where-Object { $_.Thumbprint -eq $Thumb } + if ($Type -eq 'Private') { + Get-CSPfXCertificate -Thumbprint $Thumbprint -StoreName 'My' -StoreLocation 'CurrentUser' + } + elseif ($Type -eq 'Shared') { + if ( $isLinux) { + $cert = Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'My' -StoreLocation 'CurrentUser' + if ($null -eq $cert) { + Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'Root' -StoreLocation 'LocalMachine' + } + else { + Write-Output $cert + } + } + elseif ( (! $isLinux) -or ($isWindows) ) { + $cert = Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'My' -StoreLocation 'LocalMachine' + if ($null -eq $cert) { + Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'Root' -StoreLocation 'LocalMachine' + } + else { + Write-Output $cert + } + } } } end { - $Store.Close() } } diff --git a/src/Certificate/Get-CSPfxCertificate.ps1 b/src/Certificate/Get-CSPfxCertificate.ps1 new file mode 100644 index 0000000..be1d0ef --- /dev/null +++ b/src/Certificate/Get-CSPfxCertificate.ps1 @@ -0,0 +1,81 @@ +function Get-CSPfxCertificate { + <# + .SYNOPSIS + Returns the certificate object given by thumbprint. + + .DESCRIPTION + You can use this function to get a stored certificate. Search for the object by its unique thumbprint. + + .PARAMETER Thumbprint + Provide one or more thumprints. + + .PARAMETER StoreName + Select the store name in which you want to search the certificates. + + .PARAMETER StoreLocation + Select between the both available locations CurrentUser odr LocalMachine. + + .INPUTS + [string] + + .OUTPUTS + [System.Security.Cryptography.X509Certificates.X509Certificate2[]] + + .EXAMPLE + Get-CSPfxCertificate -Thumbprint '12345678' -StoreName 'My' -StoreLocation 'CurrentUser' + + .NOTES + File Name : Get-CSPfxCertificate.ps1 + Author : Marco Blessing - marco.blessing@googlemail.com + Requires : + + .LINK + https://github.com/OCram85/PSCredentialStore + #> + [CmdletBinding()] + [OutputType([System.Security.Cryptography.X509Certificates.X509Certificate2])] + param( + [Parameter(Mandatory = $true, ValueFromPipeline = $true)] + [ValidateNotNullOrEmpty()] + [string[]]$Thumbprint, + + [Parameter(Mandatory = $false)] + [ValidateSet( + 'AddressBook', + 'AuthRoot', + 'CertificateAuthority', + 'Disallowed', + 'My', + 'Root', + 'TrustedPeople', + 'TrustedPublisher' + )] + [string]$StoreName = 'My', + + [Parameter(Mandatory = $false)] + [ValidateSet( + 'CurrentUser', + 'LocalMachine' + )] + [string]$StoreLocation = 'CurrentUser' + ) + + begin { + $Store = [System.Security.Cryptography.X509Certificates.X509Store]::New($StoreName, $StoreLocation) + try { + $Store.Open('ReadOnly') + } + catch { + $_.Exception.Message | Write-Error -ErrorAction Stop + } + } + + process { + foreach ($Thumb in $Thumbprint) { + Write-Output $Store.Certificates | Where-Object { $_.Thumbprint -eq $Thumb } + } + } + end { + $Store.Close() + } +} diff --git a/src/Certificate/Import-CSCertificate.ps1 b/src/Certificate/Import-CSCertificate.ps1 index 6738036..9d0fcb0 100644 --- a/src/Certificate/Import-CSCertificate.ps1 +++ b/src/Certificate/Import-CSCertificate.ps1 @@ -1,32 +1,27 @@ function Import-CSCertificate { <# .SYNOPSIS - adds a given pfx certificate file to current uerers personal certificate store. + A brief description of the function or script. .DESCRIPTION - This function is used to import existing pfx certificate files. The Import-PFXCertificate cmdle from the - PKI module imports the certficate into a deprecated store. Thus you can't read the private key afterwards or - using it for decrypting data. + Describe the function of the script using a single sentence or more. - .PARAMETER Path - Path to an existing *.pfx certificate file. - - .PARAMETER StoreName - Additionally you change change the store where you want the certificate into. + .PARAMETER One + Description of the Parameter (what it does) .INPUTS - [None] + Describe the script input parameters (if any), otherwise it may also list the word "[None]". .OUTPUTS - [None] + Describe the script output parameters (if any), otherwise it may also list the word "[None]". .EXAMPLE - Import-CSCertificate -Path (Join-Path -Path $Env:APPDATA -ChildPath '/PSCredentialStore.pfx') + .\Remove-Some-Script.ps1 -One content .NOTES File Name : Import-CSCertificate.ps1 - Author : Marco Blessing - marco.blessing@googlemail.com - Requires : + Author : fullname - mail + Requires : ModuleNames .LINK https://github.com/OCram85/PSCredentialStore @@ -36,77 +31,38 @@ function Import-CSCertificate { param( [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] - [string]$Path, + [ValidateSet('Private', 'Shared')] + [string]$Type, - [Parameter(Mandatory = $false)] - [ValidateSet( - 'AddressBook', - 'AuthRoot', - 'CertificateAuthority', - 'Disallowed', - 'My', - 'Root', - 'TrustedPeople', - 'TrustedPublisher' - )] - [string]$StoreName = 'My', + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.IO.FileInfo]$Path - [Parameter(Mandatory = $false)] - [ValidateSet( - 'CurrentUser', - 'LocalMachine' - )] - [string]$StoreLocation = 'CurrentUser', - - [Parameter(Mandatory = $false)] - [ValidateSet( - 'ReadOnly', - 'ReadWrite', - 'MaxAllowed', - 'OpenExistingOnly', - 'InclueArchived' - )] - [string]$OpenFlags = 'ReadWrite' ) begin { - $Store = [System.Security.Cryptography.X509Certificates.X509Store]::new($StoreName, $StoreLocation) - try { - $Store.Open($OpenFlags) - } - catch { - $_.Exception.Message | Write-Error -ErrorAction Stop - } - } - process { - try { - $cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new( - $Path, - $null, - ( - [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable -bor - [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet - ) - ) - - if (Test-CSCertificate -Thumbprint $cert.Thumbprint) { - Write-Warning -Message ('The certificate with thumbprint {0} is already present!' -f $cert.Thumbprint) - } - else { - $Store.Add($cert) - } - } - catch { - $_.Exception.Message | Write-Error -ErrorAction Stop + if (! (Test-Path -Path $Path)) { $ErrorParams = @{ ErrorAction = 'Stop' Exception = [System.Exception]::new( - 'Could not read or add the pfx certificate!' + ('File {0} not found!') -f $Path ) } Write-Error @ErrorParams } } + + process { + # Import to CurrentUser\My stor for windows and linux + if ($Type -eq 'Private') { + Import-CSPfxCertificate -Path $Path -StoreName 'My' -StoreLocation 'CurrentUser' -OpenFlags 'ReadWrite' + } + elseif ( (! $isLinux ) -and ($Type -eq 'Shared') ) { + Import-CSPfxCertificate -Path $Path -StoreName 'My' -StoreLocation 'CurrentUser' -OpenFlags 'ReadWrite' + } + elseif ( ($isLinux) -and ($Type -eq 'Shared') ) { + Import-CSPfxCertificate -Path $Path -StoreName 'My' -StoreLocation 'LocalMachine' -OpenFlags 'ReadWrite' + } + } end { - $Store.Close() } } diff --git a/src/Certificate/Import-CSPfxCertificate.ps1 b/src/Certificate/Import-CSPfxCertificate.ps1 new file mode 100644 index 0000000..464c419 --- /dev/null +++ b/src/Certificate/Import-CSPfxCertificate.ps1 @@ -0,0 +1,112 @@ +function Import-CSPfxCertificate { + <# + .SYNOPSIS + adds a given pfx certificate file to current uerers personal certificate store. + + .DESCRIPTION + This function is used to import existing pfx certificate files. The Import-PFXCertificate cmdle from the + PKI module imports the certficate into a deprecated store. Thus you can't read the private key afterwards or + using it for decrypting data. + + .PARAMETER Path + Path to an existing *.pfx certificate file. + + .PARAMETER StoreName + Additionally you change change the store where you want the certificate into. + + .INPUTS + [None] + + .OUTPUTS + [None] + + .EXAMPLE + Import-CSPfxCertificate -Path (Join-Path -Path $Env:APPDATA -ChildPath '/PSCredentialStore.pfx') + + .NOTES + File Name : Import-CSPfxCertificate.ps1 + Author : Marco Blessing - marco.blessing@googlemail.com + Requires : + + .LINK + https://github.com/OCram85/PSCredentialStore + #> + [CmdletBinding()] + [OutputType()] + param( + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [string]$Path, + + [Parameter(Mandatory = $false)] + [ValidateSet( + 'AddressBook', + 'AuthRoot', + 'CertificateAuthority', + 'Disallowed', + 'My', + 'Root', + 'TrustedPeople', + 'TrustedPublisher' + )] + [string]$StoreName = 'My', + + [Parameter(Mandatory = $false)] + [ValidateSet( + 'CurrentUser', + 'LocalMachine' + )] + [string]$StoreLocation = 'CurrentUser', + + [Parameter(Mandatory = $false)] + [ValidateSet( + 'ReadOnly', + 'ReadWrite', + 'MaxAllowed', + 'OpenExistingOnly', + 'InclueArchived' + )] + [string]$OpenFlags = 'ReadWrite' + ) + begin { + $Store = [System.Security.Cryptography.X509Certificates.X509Store]::new($StoreName, $StoreLocation) + try { + $Store.Open($OpenFlags) + } + catch { + $_.Exception.Message | Write-Error -ErrorAction Stop + } + } + process { + try { + $cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new( + $Path, + $null, + ( + [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable -bor + [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet + ) + ) + + if (Test-CSCertificate -Thumbprint $cert.Thumbprint) { + Write-Warning -Message ('The certificate with thumbprint {0} is already present!' -f $cert.Thumbprint) + } + else { + $Store.Add($cert) + } + } + catch { + $_.Exception.Message | Write-Error -ErrorAction Stop + $ErrorParams = @{ + ErrorAction = 'Stop' + Exception = [System.Exception]::new( + 'Could not read or add the pfx certificate!' + ) + } + Write-Error @ErrorParams + } + } + end { + $Store.Close() + } +} diff --git a/src/Certificate/New-CRTAttribute.ps1 b/src/Certificate/New-CSCertAttribute.ps1 similarity index 87% rename from src/Certificate/New-CRTAttribute.ps1 rename to src/Certificate/New-CSCertAttribute.ps1 index 30d76dc..484a0c5 100644 --- a/src/Certificate/New-CRTAttribute.ps1 +++ b/src/Certificate/New-CSCertAttribute.ps1 @@ -1,4 +1,4 @@ -function New-CRTAttribute { +function New-CSCertAttribute { <# .SYNOPSIS Create required data for a certificate signing request. @@ -35,10 +35,10 @@ function New-CRTAttribute { ['PSCredentialStore.Certificate.CSRDetails'] .EXAMPLE - New-CRTAttribute -CSRSubject @{Country = 'DE'; State = 'BW'; City = 'Karlsruhe'; Organization = 'AwesomeIT'; OrganizationalUnitName = '';CommonName = 'MyPrivateCert'} + New-CSCertAttribute -CSRSubject @{Country = 'DE'; State = 'BW'; City = 'Karlsruhe'; Organization = 'AwesomeIT'; OrganizationalUnitName = '';CommonName = 'MyPrivateCert'} .NOTES - File Name : New-CSRDetails.ps1 + File Name : New-CSCertAttribute.ps1 Author : Marco Blessing - marco.blessing@googlemail.com Requires : diff --git a/src/Certificate/New-PfxCertificate.ps1 b/src/Certificate/New-CSCertificate.ps1 similarity index 92% rename from src/Certificate/New-PfxCertificate.ps1 rename to src/Certificate/New-CSCertificate.ps1 index 4fb7a40..a4ed69d 100644 --- a/src/Certificate/New-PfxCertificate.ps1 +++ b/src/Certificate/New-CSCertificate.ps1 @@ -1,7 +1,7 @@ -function New-PfxCertificate { +function New-CSCertificate { <# .SYNOPSIS - Creates new PFX certificate for the CredentialStore encryption. + Creates a new PFX certificate for the CredentialStore encryption. .DESCRIPTION Use this function to create a custom self signed certificate used by the PSCredentialStore module. @@ -22,10 +22,10 @@ function New-PfxCertificate { [None] .EXAMPLE - New-PfxCertificate -CRTAttribute $CRTAttribute -KeyName './myprivate.key' -CertName './mycert.pfx' + New-CSCertificate -CRTAttribute $CRTAttribute -KeyName './myprivate.key' -CertName './mycert.pfx' .NOTES - File Name : New-PfxCertificate.ps1 + File Name : New-CSCertificate.ps1 Author : Marco Blessing - marco.blessing@googlemail.com Requires : diff --git a/src/Certificate/Test-CSCertificate.ps1 b/src/Certificate/Test-CSCertificate.ps1 index 7a6c97f..3bee1f0 100644 --- a/src/Certificate/Test-CSCertificate.ps1 +++ b/src/Certificate/Test-CSCertificate.ps1 @@ -1,19 +1,13 @@ function Test-CSCertificate { <# .SYNOPSIS - Tests if the given certificate exists in a store. + Tests if the linked certificate is stor ein the specified cert stores. .DESCRIPTION - Use this function to ensure if a certificate is already imported into a given store. + Test-CSCertficate should be an easy high level test for the linked certificate. - .PARAMETER Thumbprint - Provide one or more thumprints. - - .PARAMETER StoreName - Select the store name in which you want to search the certificates. - - .PARAMETER StoreLocation - Select between the both available locations CurrentUser odr LocalMachine. + .PARAMETER Type + Select between 'Private' or 'Shared'. .INPUTS [None] @@ -22,11 +16,11 @@ function Test-CSCertificate { [bool] .EXAMPLE - Test-CSCertificate -Thumbprint '12345678' -StoreName 'My' -StoreLocation 'CurrentUser' + .\Remove-Some-Script.ps1 -One content .NOTES File Name : Test-CSCertificate.ps1 - Author : Marco Blessing - marco.blessing@googlemail.com + Author : Marco Blessin - marco.blessing@googlemail.com Requires : .LINK @@ -35,45 +29,42 @@ function Test-CSCertificate { [CmdletBinding()] [OutputType([bool])] param( - [Parameter(Mandatory = $true, ValueFromPipeline = $true)] + [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] - [string]$Thumbprint, - - [Parameter(Mandatory = $false)] - [ValidateSet( - 'AddressBook', - 'AuthRoot', - 'CertificateAuthority', - 'Disallowed', - 'My', - 'Root', - 'TrustedPeople', - 'TrustedPublisher' - )] - [string]$StoreName = 'My', - - [Parameter(Mandatory = $false)] - [ValidateSet( - 'CurrentUser', - 'LocalMachine' - )] - [string]$StoreLocation = 'CurrentUser' + [ValidateSet('Private', 'Shared')] + [string]$Type ) - begin { - $Store = [System.Security.Cryptography.X509Certificates.X509Store]::New($StoreName, $StoreLocation) - try { - $Store.Open('ReadOnly') + if ($Type -eq 'Private') { + $CS = Get-CredentialStore } - catch { - $_.Exception.Message | Write-Error -ErrorAction Stop + elseif ($Type -eq 'Shared') { + $CS = Get-CredentialStore -Shared } + if ($null -ne $CS.PfxCertificate) { + Write-Warning 'There is a Pfx certificate file linked in the store. Certifcates saved in the Cert store will be ignored!' + } + } - process { - $Cert = $Store.Certificates | Where-Object { $_.Thumbprint -eq $Thumbprint } - - if ($null -eq $Cert) { + if ($Type -eq 'Private') { + $cert = Get-CSPfXCertificate -Thumbprint $Thumbprint -StoreName 'My' -StoreLocation 'CurrentUser' + } + elseif ($Type -eq 'Shared') { + if ( $isLinux) { + $cert = Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'My' -StoreLocation 'CurrentUser' + if ($null -eq $cert) { + $cert = Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'Root' -StoreLocation 'LocalMachine' + } + } + elseif ( (! $isLinux) -or ($isWindows) ) { + $cert = Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'My' -StoreLocation 'LocalMachine' + if ($null -eq $cert) { + $cert = Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'Root' -StoreLocation 'LocalMachine' + } + } + } + if ($null -eq $cert) { return $false } else { @@ -81,6 +72,5 @@ function Test-CSCertificate { } } end { - $Store.Close() } } diff --git a/src/Certificate/Test-CSPfxCertificate.ps1 b/src/Certificate/Test-CSPfxCertificate.ps1 new file mode 100644 index 0000000..a621931 --- /dev/null +++ b/src/Certificate/Test-CSPfxCertificate.ps1 @@ -0,0 +1,86 @@ +function Test-CSPfxCertificate { + <# + .SYNOPSIS + Tests if the given certificate exists in a store. + + .DESCRIPTION + Use this function to ensure if a certificate is already imported into a given store. + + .PARAMETER Thumbprint + Provide one or more thumprints. + + .PARAMETER StoreName + Select the store name in which you want to search the certificates. + + .PARAMETER StoreLocation + Select between the both available locations CurrentUser odr LocalMachine. + + .INPUTS + [None] + + .OUTPUTS + [bool] + + .EXAMPLE + Test-CSPfxCertificat -Thumbprint '12345678' -StoreName 'My' -StoreLocation 'CurrentUser' + + .NOTES + File Name : Test-CSPfxCertificat.ps1 + Author : Marco Blessing - marco.blessing@googlemail.com + Requires : + + .LINK + https://github.com/OCram85/PSCredentialStore + #> + [CmdletBinding()] + [OutputType([bool])] + param( + [Parameter(Mandatory = $true, ValueFromPipeline = $true)] + [ValidateNotNullOrEmpty()] + [string]$Thumbprint, + + [Parameter(Mandatory = $false)] + [ValidateSet( + 'AddressBook', + 'AuthRoot', + 'CertificateAuthority', + 'Disallowed', + 'My', + 'Root', + 'TrustedPeople', + 'TrustedPublisher' + )] + [string]$StoreName = 'My', + + [Parameter(Mandatory = $false)] + [ValidateSet( + 'CurrentUser', + 'LocalMachine' + )] + [string]$StoreLocation = 'CurrentUser' + ) + + begin { + $Store = [System.Security.Cryptography.X509Certificates.X509Store]::New($StoreName, $StoreLocation) + try { + $Store.Open('ReadOnly') + } + catch { + $_.Exception.Message | Write-Error -ErrorAction Stop + } + } + + process { + $Cert = $Store.Certificates | Where-Object { $_.Thumbprint -eq $Thumbprint } + + if ($null -eq $Cert) { + return $false + } + else { + return $true + } + } + end { + $Store.Close() + } +} diff --git a/src/Certificate/Use-PfxCertificate.ps1 b/src/Certificate/Use-CSCertificate.ps1 similarity index 81% rename from src/Certificate/Use-PfxCertificate.ps1 rename to src/Certificate/Use-CSCertificate.ps1 index e1802d7..4298bf7 100644 --- a/src/Certificate/Use-PfxCertificate.ps1 +++ b/src/Certificate/Use-CSCertificate.ps1 @@ -1,4 +1,4 @@ -function Use-PfxCertificate { +function Use-CSCertificate { <# .SYNOPSIS Links an existing PFX Certifiacte to a CredentialStore. @@ -19,7 +19,7 @@ function Use-PfxCertificate { .NOTES - File Name : Use-PfxCertificate.ps1 + File Name : Use-CSCertificate.ps1 Author : Marco Blessing - marco.blessing@googlemail.com Requires : @@ -40,9 +40,13 @@ function Use-PfxCertificate { [string]$CredentialStore, [Parameter(Mandatory = $true, ParameterSetName = "Shared")] - [switch]$Shared + [switch]$Shared, + + [Parameter(Mandatory = $true, ParameterSetName = "Private")] + [Parameter(Mandatory = $true, ParameterSetName = "Shared")] + [Switch]$UseCertStore ) - begin {} + begin { } process { try { @@ -93,10 +97,16 @@ Make sure you used the same AES keys for encrypting! "@ } - $CS.PfxCertificate = $validPath.Path - $CS.Thumbprint = $PfxCertificate.Thumbprint + if ($UseCertStore) { + Import-CSCertificate -Type ($PSCmdlet.ParameterSetName -eq "Private") -Path $Path + $CS.Thumbprint = $PfxCertificate.Thumbprint + $CS.PfxCertificate = $null + } + else { + $CS.PfxCertificate = $validPath.Path + } $CS | ConvertTo-Json -Depth 5 | Out-File -FilePath $StorePath -Force -Encoding utf8 } - end {} + end { } } diff --git a/src/PSCredentialStore.psd1 b/src/PSCredentialStore.psd1 index 190a725..147038a 100644 --- a/src/PSCredentialStore.psd1 +++ b/src/PSCredentialStore.psd1 @@ -64,10 +64,13 @@ FunctionsToExport = @( # Certificate 'Get-CSCertificate', + 'Get-CSPfxCertificate', 'Import-CSCertificate', - 'New-CRTAttribute', - 'New-PfxCertificate', + 'Import-CSPfxCertificate', + 'New-CSCertAttribute', + 'New-CSCertificate', 'Test-CSCertificate', + 'Test-CSPfxCertificate', 'Use-PfxCertificate', # Connection 'Connect-To', diff --git a/src/Store/New-CredentialStore.ps1 b/src/Store/New-CredentialStore.ps1 index 7d42885..8f8963a 100644 --- a/src/Store/New-CredentialStore.ps1 +++ b/src/Store/New-CredentialStore.ps1 @@ -202,22 +202,6 @@ function New-CredentialStore { Thumbprint = $null Type = $null } - if (! $SkipPFXCertCreation.IsPresent) { - $ObjProperties.Thumbprint = $FreshCert.Thumbprint - - if (!$UseCertStore.IsPresent) { - $ObjProperties.PfxCertificate = $PfxParams.CertName - } - else { - Write-Verbose 'Importing new PFX certificate file...' - if ($PSCmdlet.ParameterSetName -eq 'Private') { - Import-CSCertificate -Path $PfxParams.CertName -StoreName My -StoreLocation CurrentUser -ErrorAction Stop - } - elseif ($PSCmdlet.ParameterSetName -eq 'Shared') { - Import-CSCertificate -Path $PfxParams.CertName -StoreName My -StoreLocation LocalMachine -ErrorAction Stop - } - } - } if ($PSCmdlet.ParameterSetName -eq "Shared") { $ObjProperties.Type = "Shared" @@ -226,6 +210,20 @@ function New-CredentialStore { $ObjProperties.Type = "Private" } + if (! $SkipPFXCertCreation.IsPresent) { + $ObjProperties.Thumbprint = $FreshCert.Thumbprint + + if ($UseCertStore.IsPresent) { + Write-Verbose 'Importing new PFX certificate file...' + Import-CSCertificate -Type $ObjProperties.Type -Path $PfxParams.CertName + } + else { + $ObjProperties.PfxCertificate = $PfxParams.CertName + + } + } + + $CredentialStoreObj = [PSCustomObject]$ObjProperties try { $JSON = ConvertTo-Json -InputObject $CredentialStoreObj -ErrorAction Stop