OCram85/PSCredentialStore
OCram85/PSCredentialStore
1
0
Fork 1
Code Issues 1 Pull Requests 2 Releases 26 Activity

split cert functions

Browse Source
This commit is contained in:
OCram85 2019-04-05 11:14:18 +02:00
parent aecc452362
commit c26fc7d43d
11 changed files with 423 additions and 194 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
src/Certificate/Get-CSCertificate.ps1
View File

@ -1,28 +1,25 @@
function Get-CSCertificate { function Get-CSCertificate {
<# <#
.SYNOPSIS .SYNOPSIS
Returns the certificate object given by thumbprint. Returns the current used valid PfX Certificate.
.DESCRIPTION .DESCRIPTION
You can use this function to get a stored certificate. Search for the object by its unique thumbprint. Use this function to get the available pfx certficate respecting the config hierarchy.
.PARAMETER Type
Select the current credential store type.
.PARAMETER Thumbprint .PARAMETER Thumbprint
Provide one or more thumprints. Provice the crednetials thumbprint for the search.
.PARAMETER StoreName
Select the store name in which you want to search the certificates.
.PARAMETER StoreLocation
Select between the both available locations CurrentUser odr LocalMachine.
.INPUTS .INPUTS
[string] [None]
.OUTPUTS .OUTPUTS
[System.Security.Cryptography.X509Certificates.X509Certificate2[]] [System.Security.Cryptography.X509Certificates.X509Certificate2]
.EXAMPLE .EXAMPLE
Get-CSCertificate -Thumbprint '12345678' -StoreName 'My' -StoreLocation 'CurrentUser' Get-CSCertificate -Type 'Shared' -Thumbprint '12334456'
.NOTES .NOTES
File Name : Get-CSCertificate.ps1 File Name : Get-CSCertificate.ps1
@ -35,47 +32,43 @@ function Get-CSCertificate {
[CmdletBinding()] [CmdletBinding()]
[OutputType([System.Security.Cryptography.X509Certificates.X509Certificate2])] [OutputType([System.Security.Cryptography.X509Certificates.X509Certificate2])]
param( param(
[Parameter(Mandatory = $true, ValueFromPipeline = $true)] [Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()] [ValidateNotNullOrEmpty()]
[string[]]$Thumbprint, [ValidateSet('Private', 'Shared')]
[string]$Type,
[Parameter(Mandatory = $false)] [Parameter(Mandatory = $true)]
[ValidateSet( [ValidateNotNullOrEmpty()]
'AddressBook', [string]$Thumbprint
'AuthRoot',
'CertificateAuthority',
'Disallowed',
'My',
'Root',
'TrustedPeople',
'TrustedPublisher'
)]
[string]$StoreName = 'My',
[Parameter(Mandatory = $false)]
[ValidateSet(
'CurrentUser',
'LocalMachine'
)]
[string]$StoreLocation = 'CurrentUser'
) )
begin { begin {
$Store = [System.Security.Cryptography.X509Certificates.X509Store]::New($StoreName, $StoreLocation)
try {
$Store.Open('ReadOnly')
} }
catch {
$_.Exception.Message | Write-Error -ErrorAction Stop
}
}
process { process {
foreach ($Thumb in $Thumbprint) { if ($Type -eq 'Private') {
Write-Output $Store.Certificates | Where-Object { $_.Thumbprint -eq $Thumb } Get-CSPfXCertificate -Thumbprint $Thumbprint -StoreName 'My' -StoreLocation 'CurrentUser'
}
elseif ($Type -eq 'Shared') {
if ( $isLinux) {
$cert = Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'My' -StoreLocation 'CurrentUser'
if ($null -eq $cert) {
Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'Root' -StoreLocation 'LocalMachine'
}
else {
Write-Output $cert
}
}
elseif ( (! $isLinux) -or ($isWindows) ) {
$cert = Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'My' -StoreLocation 'LocalMachine'
if ($null -eq $cert) {
Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'Root' -StoreLocation 'LocalMachine'
}
else {
Write-Output $cert
}
}
} }
} }
end { end {
$Store.Close()
} }
} }

81
src/Certificate/Get-CSPfxCertificate.ps1 Normal file
View File

@ -0,0 +1,81 @@
function Get-CSPfxCertificate {
<#
.SYNOPSIS
Returns the certificate object given by thumbprint.
.DESCRIPTION
You can use this function to get a stored certificate. Search for the object by its unique thumbprint.
.PARAMETER Thumbprint
Provide one or more thumprints.
.PARAMETER StoreName
Select the store name in which you want to search the certificates.
.PARAMETER StoreLocation
Select between the both available locations CurrentUser odr LocalMachine.
.INPUTS
[string]
.OUTPUTS
[System.Security.Cryptography.X509Certificates.X509Certificate2[]]
.EXAMPLE
Get-CSPfxCertificate -Thumbprint '12345678' -StoreName 'My' -StoreLocation 'CurrentUser'
.NOTES
File Name : Get-CSPfxCertificate.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
#>
[CmdletBinding()]
[OutputType([System.Security.Cryptography.X509Certificates.X509Certificate2])]
param(
[Parameter(Mandatory = $true, ValueFromPipeline = $true)]
[ValidateNotNullOrEmpty()]
[string[]]$Thumbprint,
[Parameter(Mandatory = $false)]
[ValidateSet(
'AddressBook',
'AuthRoot',
'CertificateAuthority',
'Disallowed',
'My',
'Root',
'TrustedPeople',
'TrustedPublisher'
)]
[string]$StoreName = 'My',
[Parameter(Mandatory = $false)]
[ValidateSet(
'CurrentUser',
'LocalMachine'
)]
[string]$StoreLocation = 'CurrentUser'
)
begin {
$Store = [System.Security.Cryptography.X509Certificates.X509Store]::New($StoreName, $StoreLocation)
try {
$Store.Open('ReadOnly')
}
catch {
$_.Exception.Message | Write-Error -ErrorAction Stop
}
}
process {
foreach ($Thumb in $Thumbprint) {
Write-Output $Store.Certificates | Where-Object { $_.Thumbprint -eq $Thumb }
}
}
end {
$Store.Close()
}
}

102
src/Certificate/Import-CSCertificate.ps1
View File

@ -1,32 +1,27 @@
function Import-CSCertificate { function Import-CSCertificate {
<# <#
.SYNOPSIS .SYNOPSIS
adds a given pfx certificate file to current uerers personal certificate store. A brief description of the function or script.
.DESCRIPTION .DESCRIPTION
This function is used to import existing pfx certificate files. The Import-PFXCertificate cmdle from the Describe the function of the script using a single sentence or more.
PKI module imports the certficate into a deprecated store. Thus you can't read the private key afterwards or
using it for decrypting data.
.PARAMETER Path .PARAMETER One
Path to an existing *.pfx certificate file. Description of the Parameter (what it does)
.PARAMETER StoreName
Additionally you change change the store where you want the certificate into.
.INPUTS .INPUTS
[None] Describe the script input parameters (if any), otherwise it may also list the word "[None]".
.OUTPUTS .OUTPUTS
[None] Describe the script output parameters (if any), otherwise it may also list the word "[None]".
.EXAMPLE .EXAMPLE
Import-CSCertificate -Path (Join-Path -Path $Env:APPDATA -ChildPath '/PSCredentialStore.pfx') .\Remove-Some-Script.ps1 -One content
.NOTES .NOTES
File Name : Import-CSCertificate.ps1 File Name : Import-CSCertificate.ps1
Author : Marco Blessing - marco.blessing@googlemail.com Author : fullname - mail
Requires : Requires : ModuleNames
.LINK .LINK
https://github.com/OCram85/PSCredentialStore https://github.com/OCram85/PSCredentialStore
@ -36,77 +31,38 @@ function Import-CSCertificate {
param( param(
[Parameter(Mandatory = $true)] [Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()] [ValidateNotNullOrEmpty()]
[string]$Path, [ValidateSet('Private', 'Shared')]
[string]$Type,
[Parameter(Mandatory = $false)] [Parameter(Mandatory = $true)]
[ValidateSet( [ValidateNotNullOrEmpty()]
'AddressBook', [System.IO.FileInfo]$Path
'AuthRoot',
'CertificateAuthority',
'Disallowed',
'My',
'Root',
'TrustedPeople',
'TrustedPublisher'
)]
[string]$StoreName = 'My',
[Parameter(Mandatory = $false)]
[ValidateSet(
'CurrentUser',
'LocalMachine'
)]
[string]$StoreLocation = 'CurrentUser',
[Parameter(Mandatory = $false)]
[ValidateSet(
'ReadOnly',
'ReadWrite',
'MaxAllowed',
'OpenExistingOnly',
'InclueArchived'
)]
[string]$OpenFlags = 'ReadWrite'
) )
begin { begin {
$Store = [System.Security.Cryptography.X509Certificates.X509Store]::new($StoreName, $StoreLocation) if (! (Test-Path -Path $Path)) {
try {
$Store.Open($OpenFlags)
}
catch {
$_.Exception.Message | Write-Error -ErrorAction Stop
}
}
process {
try {
$cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new(
$Path,
$null,
(
[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable -bor
[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet
)
)
if (Test-CSCertificate -Thumbprint $cert.Thumbprint) {
Write-Warning -Message ('The certificate with thumbprint {0} is already present!' -f $cert.Thumbprint)
}
else {
$Store.Add($cert)
}
}
catch {
$_.Exception.Message | Write-Error -ErrorAction Stop
$ErrorParams = @{ $ErrorParams = @{
ErrorAction = 'Stop' ErrorAction = 'Stop'
Exception = [System.Exception]::new( Exception = [System.Exception]::new(
'Could not read or add the pfx certificate!' ('File {0} not found!') -f $Path
) )
} }
Write-Error @ErrorParams Write-Error @ErrorParams
} }
} }
process {
# Import to CurrentUser\My stor for windows and linux
if ($Type -eq 'Private') {
Import-CSPfxCertificate -Path $Path -StoreName 'My' -StoreLocation 'CurrentUser' -OpenFlags 'ReadWrite'
}
elseif ( (! $isLinux ) -and ($Type -eq 'Shared') ) {
Import-CSPfxCertificate -Path $Path -StoreName 'My' -StoreLocation 'CurrentUser' -OpenFlags 'ReadWrite'
}
elseif ( ($isLinux) -and ($Type -eq 'Shared') ) {
Import-CSPfxCertificate -Path $Path -StoreName 'My' -StoreLocation 'LocalMachine' -OpenFlags 'ReadWrite'
}
}
end { end {
$Store.Close()
} }
} }

112
src/Certificate/Import-CSPfxCertificate.ps1 Normal file
View File

@ -0,0 +1,112 @@
function Import-CSPfxCertificate {
<#
.SYNOPSIS
adds a given pfx certificate file to current uerers personal certificate store.
.DESCRIPTION
This function is used to import existing pfx certificate files. The Import-PFXCertificate cmdle from the
PKI module imports the certficate into a deprecated store. Thus you can't read the private key afterwards or
using it for decrypting data.
.PARAMETER Path
Path to an existing *.pfx certificate file.
.PARAMETER StoreName
Additionally you change change the store where you want the certificate into.
.INPUTS
[None]
.OUTPUTS
[None]
.EXAMPLE
Import-CSPfxCertificate -Path (Join-Path -Path $Env:APPDATA -ChildPath '/PSCredentialStore.pfx')
.NOTES
File Name : Import-CSPfxCertificate.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
#>
[CmdletBinding()]
[OutputType()]
param(
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[string]$Path,
[Parameter(Mandatory = $false)]
[ValidateSet(
'AddressBook',
'AuthRoot',
'CertificateAuthority',
'Disallowed',
'My',
'Root',
'TrustedPeople',
'TrustedPublisher'
)]
[string]$StoreName = 'My',
[Parameter(Mandatory = $false)]
[ValidateSet(
'CurrentUser',
'LocalMachine'
)]
[string]$StoreLocation = 'CurrentUser',
[Parameter(Mandatory = $false)]
[ValidateSet(
'ReadOnly',
'ReadWrite',
'MaxAllowed',
'OpenExistingOnly',
'InclueArchived'
)]
[string]$OpenFlags = 'ReadWrite'
)
begin {
$Store = [System.Security.Cryptography.X509Certificates.X509Store]::new($StoreName, $StoreLocation)
try {
$Store.Open($OpenFlags)
}
catch {
$_.Exception.Message | Write-Error -ErrorAction Stop
}
}
process {
try {
$cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new(
$Path,
$null,
(
[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable -bor
[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet
)
)
if (Test-CSCertificate -Thumbprint $cert.Thumbprint) {
Write-Warning -Message ('The certificate with thumbprint {0} is already present!' -f $cert.Thumbprint)
}
else {
$Store.Add($cert)
}
}
catch {
$_.Exception.Message | Write-Error -ErrorAction Stop
$ErrorParams = @{
ErrorAction = 'Stop'
Exception = [System.Exception]::new(
'Could not read or add the pfx certificate!'
)
}
Write-Error @ErrorParams
}
}
end {
$Store.Close()
}
}

6
src/Certificate/New-CRTAttribute.ps1 → src/Certificate/New-CSCertAttribute.ps1
View File

@ -1,4 +1,4 @@
function New-CRTAttribute { function New-CSCertAttribute {
<# <#
.SYNOPSIS .SYNOPSIS
Create required data for a certificate signing request. Create required data for a certificate signing request.
@ -35,10 +35,10 @@ function New-CRTAttribute {
['PSCredentialStore.Certificate.CSRDetails'] ['PSCredentialStore.Certificate.CSRDetails']
.EXAMPLE .EXAMPLE
New-CRTAttribute -CSRSubject @{Country = 'DE'; State = 'BW'; City = 'Karlsruhe'; Organization = 'AwesomeIT'; OrganizationalUnitName = '';CommonName = 'MyPrivateCert'} New-CSCertAttribute -CSRSubject @{Country = 'DE'; State = 'BW'; City = 'Karlsruhe'; Organization = 'AwesomeIT'; OrganizationalUnitName = '';CommonName = 'MyPrivateCert'}
.NOTES .NOTES
File Name : New-CSRDetails.ps1 File Name : New-CSCertAttribute.ps1
Author : Marco Blessing - marco.blessing@googlemail.com Author : Marco Blessing - marco.blessing@googlemail.com
Requires : Requires :

8
src/Certificate/New-PfxCertificate.ps1 → src/Certificate/New-CSCertificate.ps1
View File

@ -1,7 +1,7 @@
function New-PfxCertificate { function New-CSCertificate {
<# <#
.SYNOPSIS .SYNOPSIS
Creates new PFX certificate for the CredentialStore encryption. Creates a new PFX certificate for the CredentialStore encryption.
.DESCRIPTION .DESCRIPTION
Use this function to create a custom self signed certificate used by the PSCredentialStore module. Use this function to create a custom self signed certificate used by the PSCredentialStore module.
@ -22,10 +22,10 @@ function New-PfxCertificate {
[None] [None]
.EXAMPLE .EXAMPLE
New-PfxCertificate -CRTAttribute $CRTAttribute -KeyName './myprivate.key' -CertName './mycert.pfx' New-CSCertificate -CRTAttribute $CRTAttribute -KeyName './myprivate.key' -CertName './mycert.pfx'
.NOTES .NOTES
File Name : New-PfxCertificate.ps1 File Name : New-CSCertificate.ps1
Author : Marco Blessing - marco.blessing@googlemail.com Author : Marco Blessing - marco.blessing@googlemail.com
Requires : Requires :

78
src/Certificate/Test-CSCertificate.ps1
View File

@ -1,19 +1,13 @@
function Test-CSCertificate { function Test-CSCertificate {
<# <#
.SYNOPSIS .SYNOPSIS
Tests if the given certificate exists in a store. Tests if the linked certificate is stor ein the specified cert stores.
.DESCRIPTION .DESCRIPTION
Use this function to ensure if a certificate is already imported into a given store. Test-CSCertficate should be an easy high level test for the linked certificate.
.PARAMETER Thumbprint .PARAMETER Type
Provide one or more thumprints. Select between 'Private' or 'Shared'.
.PARAMETER StoreName
Select the store name in which you want to search the certificates.
.PARAMETER StoreLocation
Select between the both available locations CurrentUser odr LocalMachine.
.INPUTS .INPUTS
[None] [None]
@ -22,11 +16,11 @@ function Test-CSCertificate {
[bool] [bool]
.EXAMPLE .EXAMPLE
Test-CSCertificate -Thumbprint '12345678' -StoreName 'My' -StoreLocation 'CurrentUser' .\Remove-Some-Script.ps1 -One content
.NOTES .NOTES
File Name : Test-CSCertificate.ps1 File Name : Test-CSCertificate.ps1
Author : Marco Blessing - marco.blessing@googlemail.com Author : Marco Blessin - marco.blessing@googlemail.com
Requires : Requires :
.LINK .LINK
@ -35,45 +29,42 @@ function Test-CSCertificate {
[CmdletBinding()] [CmdletBinding()]
[OutputType([bool])] [OutputType([bool])]
param( param(
[Parameter(Mandatory = $true, ValueFromPipeline = $true)] [Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()] [ValidateNotNullOrEmpty()]
[string]$Thumbprint, [ValidateSet('Private', 'Shared')]
[string]$Type
[Parameter(Mandatory = $false)]
[ValidateSet(
'AddressBook',
'AuthRoot',
'CertificateAuthority',
'Disallowed',
'My',
'Root',
'TrustedPeople',
'TrustedPublisher'
)]
[string]$StoreName = 'My',
[Parameter(Mandatory = $false)]
[ValidateSet(
'CurrentUser',
'LocalMachine'
)]
[string]$StoreLocation = 'CurrentUser'
) )
begin { begin {
$Store = [System.Security.Cryptography.X509Certificates.X509Store]::New($StoreName, $StoreLocation) if ($Type -eq 'Private') {
try { $CS = Get-CredentialStore
$Store.Open('ReadOnly')
} }
catch { elseif ($Type -eq 'Shared') {
$_.Exception.Message | Write-Error -ErrorAction Stop $CS = Get-CredentialStore -Shared
} }
if ($null -ne $CS.PfxCertificate) {
Write-Warning 'There is a Pfx certificate file linked in the store. Certifcates saved in the Cert store will be ignored!'
} }
}
process { process {
$Cert = $Store.Certificates | Where-Object { $_.Thumbprint -eq $Thumbprint } if ($Type -eq 'Private') {
$cert = Get-CSPfXCertificate -Thumbprint $Thumbprint -StoreName 'My' -StoreLocation 'CurrentUser'
if ($null -eq $Cert) { }
elseif ($Type -eq 'Shared') {
if ( $isLinux) {
$cert = Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'My' -StoreLocation 'CurrentUser'
if ($null -eq $cert) {
$cert = Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'Root' -StoreLocation 'LocalMachine'
}
}
elseif ( (! $isLinux) -or ($isWindows) ) {
$cert = Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'My' -StoreLocation 'LocalMachine'
if ($null -eq $cert) {
$cert = Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'Root' -StoreLocation 'LocalMachine'
}
}
}
if ($null -eq $cert) {
return $false return $false
} }
else { else {
@ -81,6 +72,5 @@ function Test-CSCertificate {
} }
} }
end { end {
$Store.Close()
} }
} }

86
src/Certificate/Test-CSPfxCertificate.ps1 Normal file
View File

@ -0,0 +1,86 @@
function Test-CSPfxCertificate {
<#
.SYNOPSIS
Tests if the given certificate exists in a store.
.DESCRIPTION
Use this function to ensure if a certificate is already imported into a given store.
.PARAMETER Thumbprint
Provide one or more thumprints.
.PARAMETER StoreName
Select the store name in which you want to search the certificates.
.PARAMETER StoreLocation
Select between the both available locations CurrentUser odr LocalMachine.
.INPUTS
[None]
.OUTPUTS
[bool]
.EXAMPLE
Test-CSPfxCertificat -Thumbprint '12345678' -StoreName 'My' -StoreLocation 'CurrentUser'
.NOTES
File Name : Test-CSPfxCertificat.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
#>
[CmdletBinding()]
[OutputType([bool])]
param(
[Parameter(Mandatory = $true, ValueFromPipeline = $true)]
[ValidateNotNullOrEmpty()]
[string]$Thumbprint,
[Parameter(Mandatory = $false)]
[ValidateSet(
'AddressBook',
'AuthRoot',
'CertificateAuthority',
'Disallowed',
'My',
'Root',
'TrustedPeople',
'TrustedPublisher'
)]
[string]$StoreName = 'My',
[Parameter(Mandatory = $false)]
[ValidateSet(
'CurrentUser',
'LocalMachine'
)]
[string]$StoreLocation = 'CurrentUser'
)
begin {
$Store = [System.Security.Cryptography.X509Certificates.X509Store]::New($StoreName, $StoreLocation)
try {
$Store.Open('ReadOnly')
}
catch {
$_.Exception.Message | Write-Error -ErrorAction Stop
}
}
process {
$Cert = $Store.Certificates | Where-Object { $_.Thumbprint -eq $Thumbprint }
if ($null -eq $Cert) {
return $false
}
else {
return $true
}
}
end {
$Store.Close()
}
}

18
src/Certificate/Use-PfxCertificate.ps1 → src/Certificate/Use-CSCertificate.ps1
View File

@ -1,4 +1,4 @@
function Use-PfxCertificate { function Use-CSCertificate {
<# <#
.SYNOPSIS .SYNOPSIS
Links an existing PFX Certifiacte to a CredentialStore. Links an existing PFX Certifiacte to a CredentialStore.
@ -19,7 +19,7 @@ function Use-PfxCertificate {
.NOTES .NOTES
File Name : Use-PfxCertificate.ps1 File Name : Use-CSCertificate.ps1
Author : Marco Blessing - marco.blessing@googlemail.com Author : Marco Blessing - marco.blessing@googlemail.com
Requires : Requires :
@ -40,7 +40,11 @@ function Use-PfxCertificate {
[string]$CredentialStore, [string]$CredentialStore,
[Parameter(Mandatory = $true, ParameterSetName = "Shared")] [Parameter(Mandatory = $true, ParameterSetName = "Shared")]
[switch]$Shared [switch]$Shared,
[Parameter(Mandatory = $true, ParameterSetName = "Private")]
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
[Switch]$UseCertStore
) )
begin { } begin { }
@ -93,8 +97,14 @@ Make sure you used the same AES keys for encrypting!
"@ "@
} }
$CS.PfxCertificate = $validPath.Path if ($UseCertStore) {
Import-CSCertificate -Type ($PSCmdlet.ParameterSetName -eq "Private") -Path $Path
$CS.Thumbprint = $PfxCertificate.Thumbprint $CS.Thumbprint = $PfxCertificate.Thumbprint
$CS.PfxCertificate = $null
}
else {
$CS.PfxCertificate = $validPath.Path
}
$CS | ConvertTo-Json -Depth 5 | Out-File -FilePath $StorePath -Force -Encoding utf8 $CS | ConvertTo-Json -Depth 5 | Out-File -FilePath $StorePath -Force -Encoding utf8
} }

7
src/PSCredentialStore.psd1
View File

@ -64,10 +64,13 @@
FunctionsToExport = @( FunctionsToExport = @(
# Certificate # Certificate
'Get-CSCertificate', 'Get-CSCertificate',
'Get-CSPfxCertificate',
'Import-CSCertificate', 'Import-CSCertificate',
'New-CRTAttribute', 'Import-CSPfxCertificate',
'New-PfxCertificate', 'New-CSCertAttribute',
'New-CSCertificate',
'Test-CSCertificate', 'Test-CSCertificate',
'Test-CSPfxCertificate',
'Use-PfxCertificate', 'Use-PfxCertificate',
# Connection # Connection
'Connect-To', 'Connect-To',

30
src/Store/New-CredentialStore.ps1
View File

@ -202,22 +202,6 @@ function New-CredentialStore {
Thumbprint = $null Thumbprint = $null
Type = $null Type = $null
} }
if (! $SkipPFXCertCreation.IsPresent) {
$ObjProperties.Thumbprint = $FreshCert.Thumbprint
if (!$UseCertStore.IsPresent) {
$ObjProperties.PfxCertificate = $PfxParams.CertName
}
else {
Write-Verbose 'Importing new PFX certificate file...'
if ($PSCmdlet.ParameterSetName -eq 'Private') {
Import-CSCertificate -Path $PfxParams.CertName -StoreName My -StoreLocation CurrentUser -ErrorAction Stop
}
elseif ($PSCmdlet.ParameterSetName -eq 'Shared') {
Import-CSCertificate -Path $PfxParams.CertName -StoreName My -StoreLocation LocalMachine -ErrorAction Stop
}
}
}
if ($PSCmdlet.ParameterSetName -eq "Shared") { if ($PSCmdlet.ParameterSetName -eq "Shared") {
$ObjProperties.Type = "Shared" $ObjProperties.Type = "Shared"
@ -226,6 +210,20 @@ function New-CredentialStore {
$ObjProperties.Type = "Private" $ObjProperties.Type = "Private"
} }
if (! $SkipPFXCertCreation.IsPresent) {
$ObjProperties.Thumbprint = $FreshCert.Thumbprint
if ($UseCertStore.IsPresent) {
Write-Verbose 'Importing new PFX certificate file...'
Import-CSCertificate -Type $ObjProperties.Type -Path $PfxParams.CertName
}
else {
$ObjProperties.PfxCertificate = $PfxParams.CertName
}
}
$CredentialStoreObj = [PSCustomObject]$ObjProperties $CredentialStoreObj = [PSCustomObject]$ObjProperties
try { try {
$JSON = ConvertTo-Json -InputObject $CredentialStoreObj -ErrorAction Stop $JSON = ConvertTo-Json -InputObject $CredentialStoreObj -ErrorAction Stop