split cert functions
This commit is contained in:
parent
aecc452362
commit
c26fc7d43d
@ -1,28 +1,25 @@
|
||||
function Get-CSCertificate {
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Returns the certificate object given by thumbprint.
|
||||
Returns the current used valid PfX Certificate.
|
||||
|
||||
.DESCRIPTION
|
||||
You can use this function to get a stored certificate. Search for the object by its unique thumbprint.
|
||||
Use this function to get the available pfx certficate respecting the config hierarchy.
|
||||
|
||||
.PARAMETER Type
|
||||
Select the current credential store type.
|
||||
|
||||
.PARAMETER Thumbprint
|
||||
Provide one or more thumprints.
|
||||
|
||||
.PARAMETER StoreName
|
||||
Select the store name in which you want to search the certificates.
|
||||
|
||||
.PARAMETER StoreLocation
|
||||
Select between the both available locations CurrentUser odr LocalMachine.
|
||||
Provice the crednetials thumbprint for the search.
|
||||
|
||||
.INPUTS
|
||||
[string]
|
||||
[None]
|
||||
|
||||
.OUTPUTS
|
||||
[System.Security.Cryptography.X509Certificates.X509Certificate2[]]
|
||||
[System.Security.Cryptography.X509Certificates.X509Certificate2]
|
||||
|
||||
.EXAMPLE
|
||||
Get-CSCertificate -Thumbprint '12345678' -StoreName 'My' -StoreLocation 'CurrentUser'
|
||||
Get-CSCertificate -Type 'Shared' -Thumbprint '12334456'
|
||||
|
||||
.NOTES
|
||||
File Name : Get-CSCertificate.ps1
|
||||
@ -35,47 +32,43 @@ function Get-CSCertificate {
|
||||
[CmdletBinding()]
|
||||
[OutputType([System.Security.Cryptography.X509Certificates.X509Certificate2])]
|
||||
param(
|
||||
[Parameter(Mandatory = $true, ValueFromPipeline = $true)]
|
||||
[Parameter(Mandatory = $true)]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string[]]$Thumbprint,
|
||||
[ValidateSet('Private', 'Shared')]
|
||||
[string]$Type,
|
||||
|
||||
[Parameter(Mandatory = $false)]
|
||||
[ValidateSet(
|
||||
'AddressBook',
|
||||
'AuthRoot',
|
||||
'CertificateAuthority',
|
||||
'Disallowed',
|
||||
'My',
|
||||
'Root',
|
||||
'TrustedPeople',
|
||||
'TrustedPublisher'
|
||||
)]
|
||||
[string]$StoreName = 'My',
|
||||
|
||||
[Parameter(Mandatory = $false)]
|
||||
[ValidateSet(
|
||||
'CurrentUser',
|
||||
'LocalMachine'
|
||||
)]
|
||||
[string]$StoreLocation = 'CurrentUser'
|
||||
[Parameter(Mandatory = $true)]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$Thumbprint
|
||||
)
|
||||
|
||||
begin {
|
||||
$Store = [System.Security.Cryptography.X509Certificates.X509Store]::New($StoreName, $StoreLocation)
|
||||
try {
|
||||
$Store.Open('ReadOnly')
|
||||
}
|
||||
catch {
|
||||
$_.Exception.Message | Write-Error -ErrorAction Stop
|
||||
}
|
||||
}
|
||||
|
||||
process {
|
||||
foreach ($Thumb in $Thumbprint) {
|
||||
Write-Output $Store.Certificates | Where-Object { $_.Thumbprint -eq $Thumb }
|
||||
if ($Type -eq 'Private') {
|
||||
Get-CSPfXCertificate -Thumbprint $Thumbprint -StoreName 'My' -StoreLocation 'CurrentUser'
|
||||
}
|
||||
elseif ($Type -eq 'Shared') {
|
||||
if ( $isLinux) {
|
||||
$cert = Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'My' -StoreLocation 'CurrentUser'
|
||||
if ($null -eq $cert) {
|
||||
Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'Root' -StoreLocation 'LocalMachine'
|
||||
}
|
||||
else {
|
||||
Write-Output $cert
|
||||
}
|
||||
}
|
||||
elseif ( (! $isLinux) -or ($isWindows) ) {
|
||||
$cert = Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'My' -StoreLocation 'LocalMachine'
|
||||
if ($null -eq $cert) {
|
||||
Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'Root' -StoreLocation 'LocalMachine'
|
||||
}
|
||||
else {
|
||||
Write-Output $cert
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
end {
|
||||
$Store.Close()
|
||||
}
|
||||
}
|
||||
|
81
src/Certificate/Get-CSPfxCertificate.ps1
Normal file
81
src/Certificate/Get-CSPfxCertificate.ps1
Normal file
@ -0,0 +1,81 @@
|
||||
function Get-CSPfxCertificate {
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Returns the certificate object given by thumbprint.
|
||||
|
||||
.DESCRIPTION
|
||||
You can use this function to get a stored certificate. Search for the object by its unique thumbprint.
|
||||
|
||||
.PARAMETER Thumbprint
|
||||
Provide one or more thumprints.
|
||||
|
||||
.PARAMETER StoreName
|
||||
Select the store name in which you want to search the certificates.
|
||||
|
||||
.PARAMETER StoreLocation
|
||||
Select between the both available locations CurrentUser odr LocalMachine.
|
||||
|
||||
.INPUTS
|
||||
[string]
|
||||
|
||||
.OUTPUTS
|
||||
[System.Security.Cryptography.X509Certificates.X509Certificate2[]]
|
||||
|
||||
.EXAMPLE
|
||||
Get-CSPfxCertificate -Thumbprint '12345678' -StoreName 'My' -StoreLocation 'CurrentUser'
|
||||
|
||||
.NOTES
|
||||
File Name : Get-CSPfxCertificate.ps1
|
||||
Author : Marco Blessing - marco.blessing@googlemail.com
|
||||
Requires :
|
||||
|
||||
.LINK
|
||||
https://github.com/OCram85/PSCredentialStore
|
||||
#>
|
||||
[CmdletBinding()]
|
||||
[OutputType([System.Security.Cryptography.X509Certificates.X509Certificate2])]
|
||||
param(
|
||||
[Parameter(Mandatory = $true, ValueFromPipeline = $true)]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string[]]$Thumbprint,
|
||||
|
||||
[Parameter(Mandatory = $false)]
|
||||
[ValidateSet(
|
||||
'AddressBook',
|
||||
'AuthRoot',
|
||||
'CertificateAuthority',
|
||||
'Disallowed',
|
||||
'My',
|
||||
'Root',
|
||||
'TrustedPeople',
|
||||
'TrustedPublisher'
|
||||
)]
|
||||
[string]$StoreName = 'My',
|
||||
|
||||
[Parameter(Mandatory = $false)]
|
||||
[ValidateSet(
|
||||
'CurrentUser',
|
||||
'LocalMachine'
|
||||
)]
|
||||
[string]$StoreLocation = 'CurrentUser'
|
||||
)
|
||||
|
||||
begin {
|
||||
$Store = [System.Security.Cryptography.X509Certificates.X509Store]::New($StoreName, $StoreLocation)
|
||||
try {
|
||||
$Store.Open('ReadOnly')
|
||||
}
|
||||
catch {
|
||||
$_.Exception.Message | Write-Error -ErrorAction Stop
|
||||
}
|
||||
}
|
||||
|
||||
process {
|
||||
foreach ($Thumb in $Thumbprint) {
|
||||
Write-Output $Store.Certificates | Where-Object { $_.Thumbprint -eq $Thumb }
|
||||
}
|
||||
}
|
||||
end {
|
||||
$Store.Close()
|
||||
}
|
||||
}
|
@ -1,32 +1,27 @@
|
||||
function Import-CSCertificate {
|
||||
<#
|
||||
.SYNOPSIS
|
||||
adds a given pfx certificate file to current uerers personal certificate store.
|
||||
A brief description of the function or script.
|
||||
|
||||
.DESCRIPTION
|
||||
This function is used to import existing pfx certificate files. The Import-PFXCertificate cmdle from the
|
||||
PKI module imports the certficate into a deprecated store. Thus you can't read the private key afterwards or
|
||||
using it for decrypting data.
|
||||
Describe the function of the script using a single sentence or more.
|
||||
|
||||
.PARAMETER Path
|
||||
Path to an existing *.pfx certificate file.
|
||||
|
||||
.PARAMETER StoreName
|
||||
Additionally you change change the store where you want the certificate into.
|
||||
.PARAMETER One
|
||||
Description of the Parameter (what it does)
|
||||
|
||||
.INPUTS
|
||||
[None]
|
||||
Describe the script input parameters (if any), otherwise it may also list the word "[None]".
|
||||
|
||||
.OUTPUTS
|
||||
[None]
|
||||
Describe the script output parameters (if any), otherwise it may also list the word "[None]".
|
||||
|
||||
.EXAMPLE
|
||||
Import-CSCertificate -Path (Join-Path -Path $Env:APPDATA -ChildPath '/PSCredentialStore.pfx')
|
||||
.\Remove-Some-Script.ps1 -One content
|
||||
|
||||
.NOTES
|
||||
File Name : Import-CSCertificate.ps1
|
||||
Author : Marco Blessing - marco.blessing@googlemail.com
|
||||
Requires :
|
||||
Author : fullname - mail
|
||||
Requires : ModuleNames
|
||||
|
||||
.LINK
|
||||
https://github.com/OCram85/PSCredentialStore
|
||||
@ -36,77 +31,38 @@ function Import-CSCertificate {
|
||||
param(
|
||||
[Parameter(Mandatory = $true)]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$Path,
|
||||
[ValidateSet('Private', 'Shared')]
|
||||
[string]$Type,
|
||||
|
||||
[Parameter(Mandatory = $false)]
|
||||
[ValidateSet(
|
||||
'AddressBook',
|
||||
'AuthRoot',
|
||||
'CertificateAuthority',
|
||||
'Disallowed',
|
||||
'My',
|
||||
'Root',
|
||||
'TrustedPeople',
|
||||
'TrustedPublisher'
|
||||
)]
|
||||
[string]$StoreName = 'My',
|
||||
[Parameter(Mandatory = $true)]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[System.IO.FileInfo]$Path
|
||||
|
||||
[Parameter(Mandatory = $false)]
|
||||
[ValidateSet(
|
||||
'CurrentUser',
|
||||
'LocalMachine'
|
||||
)]
|
||||
[string]$StoreLocation = 'CurrentUser',
|
||||
|
||||
[Parameter(Mandatory = $false)]
|
||||
[ValidateSet(
|
||||
'ReadOnly',
|
||||
'ReadWrite',
|
||||
'MaxAllowed',
|
||||
'OpenExistingOnly',
|
||||
'InclueArchived'
|
||||
)]
|
||||
[string]$OpenFlags = 'ReadWrite'
|
||||
)
|
||||
begin {
|
||||
$Store = [System.Security.Cryptography.X509Certificates.X509Store]::new($StoreName, $StoreLocation)
|
||||
try {
|
||||
$Store.Open($OpenFlags)
|
||||
}
|
||||
catch {
|
||||
$_.Exception.Message | Write-Error -ErrorAction Stop
|
||||
}
|
||||
}
|
||||
process {
|
||||
try {
|
||||
$cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new(
|
||||
$Path,
|
||||
$null,
|
||||
(
|
||||
[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable -bor
|
||||
[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet
|
||||
)
|
||||
)
|
||||
|
||||
if (Test-CSCertificate -Thumbprint $cert.Thumbprint) {
|
||||
Write-Warning -Message ('The certificate with thumbprint {0} is already present!' -f $cert.Thumbprint)
|
||||
}
|
||||
else {
|
||||
$Store.Add($cert)
|
||||
}
|
||||
}
|
||||
catch {
|
||||
$_.Exception.Message | Write-Error -ErrorAction Stop
|
||||
if (! (Test-Path -Path $Path)) {
|
||||
$ErrorParams = @{
|
||||
ErrorAction = 'Stop'
|
||||
Exception = [System.Exception]::new(
|
||||
'Could not read or add the pfx certificate!'
|
||||
('File {0} not found!') -f $Path
|
||||
)
|
||||
}
|
||||
Write-Error @ErrorParams
|
||||
}
|
||||
}
|
||||
|
||||
process {
|
||||
# Import to CurrentUser\My stor for windows and linux
|
||||
if ($Type -eq 'Private') {
|
||||
Import-CSPfxCertificate -Path $Path -StoreName 'My' -StoreLocation 'CurrentUser' -OpenFlags 'ReadWrite'
|
||||
}
|
||||
elseif ( (! $isLinux ) -and ($Type -eq 'Shared') ) {
|
||||
Import-CSPfxCertificate -Path $Path -StoreName 'My' -StoreLocation 'CurrentUser' -OpenFlags 'ReadWrite'
|
||||
}
|
||||
elseif ( ($isLinux) -and ($Type -eq 'Shared') ) {
|
||||
Import-CSPfxCertificate -Path $Path -StoreName 'My' -StoreLocation 'LocalMachine' -OpenFlags 'ReadWrite'
|
||||
}
|
||||
}
|
||||
end {
|
||||
$Store.Close()
|
||||
}
|
||||
}
|
||||
|
112
src/Certificate/Import-CSPfxCertificate.ps1
Normal file
112
src/Certificate/Import-CSPfxCertificate.ps1
Normal file
@ -0,0 +1,112 @@
|
||||
function Import-CSPfxCertificate {
|
||||
<#
|
||||
.SYNOPSIS
|
||||
adds a given pfx certificate file to current uerers personal certificate store.
|
||||
|
||||
.DESCRIPTION
|
||||
This function is used to import existing pfx certificate files. The Import-PFXCertificate cmdle from the
|
||||
PKI module imports the certficate into a deprecated store. Thus you can't read the private key afterwards or
|
||||
using it for decrypting data.
|
||||
|
||||
.PARAMETER Path
|
||||
Path to an existing *.pfx certificate file.
|
||||
|
||||
.PARAMETER StoreName
|
||||
Additionally you change change the store where you want the certificate into.
|
||||
|
||||
.INPUTS
|
||||
[None]
|
||||
|
||||
.OUTPUTS
|
||||
[None]
|
||||
|
||||
.EXAMPLE
|
||||
Import-CSPfxCertificate -Path (Join-Path -Path $Env:APPDATA -ChildPath '/PSCredentialStore.pfx')
|
||||
|
||||
.NOTES
|
||||
File Name : Import-CSPfxCertificate.ps1
|
||||
Author : Marco Blessing - marco.blessing@googlemail.com
|
||||
Requires :
|
||||
|
||||
.LINK
|
||||
https://github.com/OCram85/PSCredentialStore
|
||||
#>
|
||||
[CmdletBinding()]
|
||||
[OutputType()]
|
||||
param(
|
||||
[Parameter(Mandatory = $true)]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$Path,
|
||||
|
||||
[Parameter(Mandatory = $false)]
|
||||
[ValidateSet(
|
||||
'AddressBook',
|
||||
'AuthRoot',
|
||||
'CertificateAuthority',
|
||||
'Disallowed',
|
||||
'My',
|
||||
'Root',
|
||||
'TrustedPeople',
|
||||
'TrustedPublisher'
|
||||
)]
|
||||
[string]$StoreName = 'My',
|
||||
|
||||
[Parameter(Mandatory = $false)]
|
||||
[ValidateSet(
|
||||
'CurrentUser',
|
||||
'LocalMachine'
|
||||
)]
|
||||
[string]$StoreLocation = 'CurrentUser',
|
||||
|
||||
[Parameter(Mandatory = $false)]
|
||||
[ValidateSet(
|
||||
'ReadOnly',
|
||||
'ReadWrite',
|
||||
'MaxAllowed',
|
||||
'OpenExistingOnly',
|
||||
'InclueArchived'
|
||||
)]
|
||||
[string]$OpenFlags = 'ReadWrite'
|
||||
)
|
||||
begin {
|
||||
$Store = [System.Security.Cryptography.X509Certificates.X509Store]::new($StoreName, $StoreLocation)
|
||||
try {
|
||||
$Store.Open($OpenFlags)
|
||||
}
|
||||
catch {
|
||||
$_.Exception.Message | Write-Error -ErrorAction Stop
|
||||
}
|
||||
}
|
||||
process {
|
||||
try {
|
||||
$cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new(
|
||||
$Path,
|
||||
$null,
|
||||
(
|
||||
[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable -bor
|
||||
[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet
|
||||
)
|
||||
)
|
||||
|
||||
if (Test-CSCertificate -Thumbprint $cert.Thumbprint) {
|
||||
Write-Warning -Message ('The certificate with thumbprint {0} is already present!' -f $cert.Thumbprint)
|
||||
}
|
||||
else {
|
||||
$Store.Add($cert)
|
||||
}
|
||||
}
|
||||
catch {
|
||||
$_.Exception.Message | Write-Error -ErrorAction Stop
|
||||
$ErrorParams = @{
|
||||
ErrorAction = 'Stop'
|
||||
Exception = [System.Exception]::new(
|
||||
'Could not read or add the pfx certificate!'
|
||||
)
|
||||
}
|
||||
Write-Error @ErrorParams
|
||||
}
|
||||
}
|
||||
end {
|
||||
$Store.Close()
|
||||
}
|
||||
}
|
@ -1,4 +1,4 @@
|
||||
function New-CRTAttribute {
|
||||
function New-CSCertAttribute {
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Create required data for a certificate signing request.
|
||||
@ -35,10 +35,10 @@ function New-CRTAttribute {
|
||||
['PSCredentialStore.Certificate.CSRDetails']
|
||||
|
||||
.EXAMPLE
|
||||
New-CRTAttribute -CSRSubject @{Country = 'DE'; State = 'BW'; City = 'Karlsruhe'; Organization = 'AwesomeIT'; OrganizationalUnitName = '';CommonName = 'MyPrivateCert'}
|
||||
New-CSCertAttribute -CSRSubject @{Country = 'DE'; State = 'BW'; City = 'Karlsruhe'; Organization = 'AwesomeIT'; OrganizationalUnitName = '';CommonName = 'MyPrivateCert'}
|
||||
|
||||
.NOTES
|
||||
File Name : New-CSRDetails.ps1
|
||||
File Name : New-CSCertAttribute.ps1
|
||||
Author : Marco Blessing - marco.blessing@googlemail.com
|
||||
Requires :
|
||||
|
@ -1,7 +1,7 @@
|
||||
function New-PfxCertificate {
|
||||
function New-CSCertificate {
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Creates new PFX certificate for the CredentialStore encryption.
|
||||
Creates a new PFX certificate for the CredentialStore encryption.
|
||||
|
||||
.DESCRIPTION
|
||||
Use this function to create a custom self signed certificate used by the PSCredentialStore module.
|
||||
@ -22,10 +22,10 @@ function New-PfxCertificate {
|
||||
[None]
|
||||
|
||||
.EXAMPLE
|
||||
New-PfxCertificate -CRTAttribute $CRTAttribute -KeyName './myprivate.key' -CertName './mycert.pfx'
|
||||
New-CSCertificate -CRTAttribute $CRTAttribute -KeyName './myprivate.key' -CertName './mycert.pfx'
|
||||
|
||||
.NOTES
|
||||
File Name : New-PfxCertificate.ps1
|
||||
File Name : New-CSCertificate.ps1
|
||||
Author : Marco Blessing - marco.blessing@googlemail.com
|
||||
Requires :
|
||||
|
@ -1,19 +1,13 @@
|
||||
function Test-CSCertificate {
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Tests if the given certificate exists in a store.
|
||||
Tests if the linked certificate is stor ein the specified cert stores.
|
||||
|
||||
.DESCRIPTION
|
||||
Use this function to ensure if a certificate is already imported into a given store.
|
||||
Test-CSCertficate should be an easy high level test for the linked certificate.
|
||||
|
||||
.PARAMETER Thumbprint
|
||||
Provide one or more thumprints.
|
||||
|
||||
.PARAMETER StoreName
|
||||
Select the store name in which you want to search the certificates.
|
||||
|
||||
.PARAMETER StoreLocation
|
||||
Select between the both available locations CurrentUser odr LocalMachine.
|
||||
.PARAMETER Type
|
||||
Select between 'Private' or 'Shared'.
|
||||
|
||||
.INPUTS
|
||||
[None]
|
||||
@ -22,11 +16,11 @@ function Test-CSCertificate {
|
||||
[bool]
|
||||
|
||||
.EXAMPLE
|
||||
Test-CSCertificate -Thumbprint '12345678' -StoreName 'My' -StoreLocation 'CurrentUser'
|
||||
.\Remove-Some-Script.ps1 -One content
|
||||
|
||||
.NOTES
|
||||
File Name : Test-CSCertificate.ps1
|
||||
Author : Marco Blessing - marco.blessing@googlemail.com
|
||||
Author : Marco Blessin - marco.blessing@googlemail.com
|
||||
Requires :
|
||||
|
||||
.LINK
|
||||
@ -35,45 +29,42 @@ function Test-CSCertificate {
|
||||
[CmdletBinding()]
|
||||
[OutputType([bool])]
|
||||
param(
|
||||
[Parameter(Mandatory = $true, ValueFromPipeline = $true)]
|
||||
[Parameter(Mandatory = $true)]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$Thumbprint,
|
||||
|
||||
[Parameter(Mandatory = $false)]
|
||||
[ValidateSet(
|
||||
'AddressBook',
|
||||
'AuthRoot',
|
||||
'CertificateAuthority',
|
||||
'Disallowed',
|
||||
'My',
|
||||
'Root',
|
||||
'TrustedPeople',
|
||||
'TrustedPublisher'
|
||||
)]
|
||||
[string]$StoreName = 'My',
|
||||
|
||||
[Parameter(Mandatory = $false)]
|
||||
[ValidateSet(
|
||||
'CurrentUser',
|
||||
'LocalMachine'
|
||||
)]
|
||||
[string]$StoreLocation = 'CurrentUser'
|
||||
[ValidateSet('Private', 'Shared')]
|
||||
[string]$Type
|
||||
)
|
||||
|
||||
begin {
|
||||
$Store = [System.Security.Cryptography.X509Certificates.X509Store]::New($StoreName, $StoreLocation)
|
||||
try {
|
||||
$Store.Open('ReadOnly')
|
||||
if ($Type -eq 'Private') {
|
||||
$CS = Get-CredentialStore
|
||||
}
|
||||
catch {
|
||||
$_.Exception.Message | Write-Error -ErrorAction Stop
|
||||
elseif ($Type -eq 'Shared') {
|
||||
$CS = Get-CredentialStore -Shared
|
||||
}
|
||||
if ($null -ne $CS.PfxCertificate) {
|
||||
Write-Warning 'There is a Pfx certificate file linked in the store. Certifcates saved in the Cert store will be ignored!'
|
||||
}
|
||||
|
||||
}
|
||||
process {
|
||||
$Cert = $Store.Certificates | Where-Object { $_.Thumbprint -eq $Thumbprint }
|
||||
|
||||
if ($null -eq $Cert) {
|
||||
if ($Type -eq 'Private') {
|
||||
$cert = Get-CSPfXCertificate -Thumbprint $Thumbprint -StoreName 'My' -StoreLocation 'CurrentUser'
|
||||
}
|
||||
elseif ($Type -eq 'Shared') {
|
||||
if ( $isLinux) {
|
||||
$cert = Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'My' -StoreLocation 'CurrentUser'
|
||||
if ($null -eq $cert) {
|
||||
$cert = Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'Root' -StoreLocation 'LocalMachine'
|
||||
}
|
||||
}
|
||||
elseif ( (! $isLinux) -or ($isWindows) ) {
|
||||
$cert = Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'My' -StoreLocation 'LocalMachine'
|
||||
if ($null -eq $cert) {
|
||||
$cert = Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'Root' -StoreLocation 'LocalMachine'
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($null -eq $cert) {
|
||||
return $false
|
||||
}
|
||||
else {
|
||||
@ -81,6 +72,5 @@ function Test-CSCertificate {
|
||||
}
|
||||
}
|
||||
end {
|
||||
$Store.Close()
|
||||
}
|
||||
}
|
||||
|
86
src/Certificate/Test-CSPfxCertificate.ps1
Normal file
86
src/Certificate/Test-CSPfxCertificate.ps1
Normal file
@ -0,0 +1,86 @@
|
||||
function Test-CSPfxCertificate {
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Tests if the given certificate exists in a store.
|
||||
|
||||
.DESCRIPTION
|
||||
Use this function to ensure if a certificate is already imported into a given store.
|
||||
|
||||
.PARAMETER Thumbprint
|
||||
Provide one or more thumprints.
|
||||
|
||||
.PARAMETER StoreName
|
||||
Select the store name in which you want to search the certificates.
|
||||
|
||||
.PARAMETER StoreLocation
|
||||
Select between the both available locations CurrentUser odr LocalMachine.
|
||||
|
||||
.INPUTS
|
||||
[None]
|
||||
|
||||
.OUTPUTS
|
||||
[bool]
|
||||
|
||||
.EXAMPLE
|
||||
Test-CSPfxCertificat -Thumbprint '12345678' -StoreName 'My' -StoreLocation 'CurrentUser'
|
||||
|
||||
.NOTES
|
||||
File Name : Test-CSPfxCertificat.ps1
|
||||
Author : Marco Blessing - marco.blessing@googlemail.com
|
||||
Requires :
|
||||
|
||||
.LINK
|
||||
https://github.com/OCram85/PSCredentialStore
|
||||
#>
|
||||
[CmdletBinding()]
|
||||
[OutputType([bool])]
|
||||
param(
|
||||
[Parameter(Mandatory = $true, ValueFromPipeline = $true)]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$Thumbprint,
|
||||
|
||||
[Parameter(Mandatory = $false)]
|
||||
[ValidateSet(
|
||||
'AddressBook',
|
||||
'AuthRoot',
|
||||
'CertificateAuthority',
|
||||
'Disallowed',
|
||||
'My',
|
||||
'Root',
|
||||
'TrustedPeople',
|
||||
'TrustedPublisher'
|
||||
)]
|
||||
[string]$StoreName = 'My',
|
||||
|
||||
[Parameter(Mandatory = $false)]
|
||||
[ValidateSet(
|
||||
'CurrentUser',
|
||||
'LocalMachine'
|
||||
)]
|
||||
[string]$StoreLocation = 'CurrentUser'
|
||||
)
|
||||
|
||||
begin {
|
||||
$Store = [System.Security.Cryptography.X509Certificates.X509Store]::New($StoreName, $StoreLocation)
|
||||
try {
|
||||
$Store.Open('ReadOnly')
|
||||
}
|
||||
catch {
|
||||
$_.Exception.Message | Write-Error -ErrorAction Stop
|
||||
}
|
||||
}
|
||||
|
||||
process {
|
||||
$Cert = $Store.Certificates | Where-Object { $_.Thumbprint -eq $Thumbprint }
|
||||
|
||||
if ($null -eq $Cert) {
|
||||
return $false
|
||||
}
|
||||
else {
|
||||
return $true
|
||||
}
|
||||
}
|
||||
end {
|
||||
$Store.Close()
|
||||
}
|
||||
}
|
@ -1,4 +1,4 @@
|
||||
function Use-PfxCertificate {
|
||||
function Use-CSCertificate {
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Links an existing PFX Certifiacte to a CredentialStore.
|
||||
@ -19,7 +19,7 @@ function Use-PfxCertificate {
|
||||
|
||||
|
||||
.NOTES
|
||||
File Name : Use-PfxCertificate.ps1
|
||||
File Name : Use-CSCertificate.ps1
|
||||
Author : Marco Blessing - marco.blessing@googlemail.com
|
||||
Requires :
|
||||
|
||||
@ -40,7 +40,11 @@ function Use-PfxCertificate {
|
||||
[string]$CredentialStore,
|
||||
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
|
||||
[switch]$Shared
|
||||
[switch]$Shared,
|
||||
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Private")]
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
|
||||
[Switch]$UseCertStore
|
||||
)
|
||||
begin { }
|
||||
|
||||
@ -93,8 +97,14 @@ Make sure you used the same AES keys for encrypting!
|
||||
"@
|
||||
}
|
||||
|
||||
$CS.PfxCertificate = $validPath.Path
|
||||
if ($UseCertStore) {
|
||||
Import-CSCertificate -Type ($PSCmdlet.ParameterSetName -eq "Private") -Path $Path
|
||||
$CS.Thumbprint = $PfxCertificate.Thumbprint
|
||||
$CS.PfxCertificate = $null
|
||||
}
|
||||
else {
|
||||
$CS.PfxCertificate = $validPath.Path
|
||||
}
|
||||
$CS | ConvertTo-Json -Depth 5 | Out-File -FilePath $StorePath -Force -Encoding utf8
|
||||
}
|
||||
|
@ -64,10 +64,13 @@
|
||||
FunctionsToExport = @(
|
||||
# Certificate
|
||||
'Get-CSCertificate',
|
||||
'Get-CSPfxCertificate',
|
||||
'Import-CSCertificate',
|
||||
'New-CRTAttribute',
|
||||
'New-PfxCertificate',
|
||||
'Import-CSPfxCertificate',
|
||||
'New-CSCertAttribute',
|
||||
'New-CSCertificate',
|
||||
'Test-CSCertificate',
|
||||
'Test-CSPfxCertificate',
|
||||
'Use-PfxCertificate',
|
||||
# Connection
|
||||
'Connect-To',
|
||||
|
@ -202,22 +202,6 @@ function New-CredentialStore {
|
||||
Thumbprint = $null
|
||||
Type = $null
|
||||
}
|
||||
if (! $SkipPFXCertCreation.IsPresent) {
|
||||
$ObjProperties.Thumbprint = $FreshCert.Thumbprint
|
||||
|
||||
if (!$UseCertStore.IsPresent) {
|
||||
$ObjProperties.PfxCertificate = $PfxParams.CertName
|
||||
}
|
||||
else {
|
||||
Write-Verbose 'Importing new PFX certificate file...'
|
||||
if ($PSCmdlet.ParameterSetName -eq 'Private') {
|
||||
Import-CSCertificate -Path $PfxParams.CertName -StoreName My -StoreLocation CurrentUser -ErrorAction Stop
|
||||
}
|
||||
elseif ($PSCmdlet.ParameterSetName -eq 'Shared') {
|
||||
Import-CSCertificate -Path $PfxParams.CertName -StoreName My -StoreLocation LocalMachine -ErrorAction Stop
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($PSCmdlet.ParameterSetName -eq "Shared") {
|
||||
$ObjProperties.Type = "Shared"
|
||||
@ -226,6 +210,20 @@ function New-CredentialStore {
|
||||
$ObjProperties.Type = "Private"
|
||||
}
|
||||
|
||||
if (! $SkipPFXCertCreation.IsPresent) {
|
||||
$ObjProperties.Thumbprint = $FreshCert.Thumbprint
|
||||
|
||||
if ($UseCertStore.IsPresent) {
|
||||
Write-Verbose 'Importing new PFX certificate file...'
|
||||
Import-CSCertificate -Type $ObjProperties.Type -Path $PfxParams.CertName
|
||||
}
|
||||
else {
|
||||
$ObjProperties.PfxCertificate = $PfxParams.CertName
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
$CredentialStoreObj = [PSCustomObject]$ObjProperties
|
||||
try {
|
||||
$JSON = ConvertTo-Json -InputObject $CredentialStoreObj -ErrorAction Stop
|
||||
|
Loading…
Reference in New Issue
Block a user