OCram85/PSCredentialStore
1
0
Fork 1
Code Issues 1 Pull Requests 2 Releases 26 Activity

Publish version 1.0.x (#45)

Browse Source 
## About

## Content (Micro Commits)

* fixes #38 
* fixes #44 
* Implement precise lookup hierarchy (fixes #43)
* align pester test with #43 logic
* split cert functions
* use new cert functions for save an lookup
* fix pester tests
* [wip]
* fix var name ref
* fix exports
* fix cert store location for windows shared mode
* fix mandatory params
* fix accidentially removed code block
* add basic cert pester pests
* remove old docs
* update cbh blocks
* update cbh blocks
* update docs
* move .net wrapper forpfx files
* do not export .net wrapper functions
* update docs
* rename tests
* fix private functions location
* - fixes #44: FTP connection
* add link to reference
* add format files
* add preview version shield
* update markdown help files (platyps)
* add emoji images in captions
* fix typos
* fix typos
* fix typo
* prepare version numbers
This commit is contained in:
OCram85
2019-04-29 16:05:43 +02:00
committed by GitHub
parent d92d963979
commit fdc6651588
55 changed files with 1594 additions and 671 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
src/Certificate/Get-CSCertificate.ps1
View File

@ -1,33 +1,30 @@
function Get-CSCertificate {
<#
.SYNOPSIS
Returns the certificate object given by thumbprint.
Returns the current used valid PfX certificate.
.DESCRIPTION
You can use this function to get a stored certificate. Search for the object by its unique thumbprint.
Use this function to get the available pfx certificate respecting the config hierarchy.
.PARAMETER Type
Select the current credential store type.
.PARAMETER Thumbprint
Provide one or more thumprints.
.PARAMETER StoreName
Select the store name in which you want to search the certificates.
.PARAMETER StoreLocation
Select between the both available locations CurrentUser odr LocalMachine.
Provide the credentials thumbprint for the search.
.INPUTS
[string]
[None]
.OUTPUTS
[System.Security.Cryptography.X509Certificates.X509Certificate2[]]
[System.Security.Cryptography.X509Certificates.X509Certificate2]
.EXAMPLE
Get-CSCertificate -Thumbprint '12345678' -StoreName 'My' -StoreLocation 'CurrentUser'
Get-CSCertificate -Type 'Shared' -Thumbprint '12334456'
.NOTES
File Name : Get-CSCertificate.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
- File Name : Get-CSCertificate.ps1
- Author : Marco Blessing - marco.blessing@googlemail.com
- Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
@ -35,47 +32,43 @@ function Get-CSCertificate {
[CmdletBinding()]
[OutputType([System.Security.Cryptography.X509Certificates.X509Certificate2])]
param(
[Parameter(Mandatory = $true, ValueFromPipeline = $true)]
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[string[]]$Thumbprint,
[ValidateSet('Private', 'Shared')]
[string]$Type,
[Parameter(Mandatory = $false)]
[ValidateSet(
'AddressBook',
'AuthRoot',
'CertificateAuthority',
'Disallowed',
'My',
'Root',
'TrustedPeople',
'TrustedPublisher'
)]
[string]$StoreName = 'My',
[Parameter(Mandatory = $false)]
[ValidateSet(
'CurrentUser',
'LocalMachine'
)]
[string]$StoreLocation = 'CurrentUser'
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[string]$Thumbprint
)
begin {
$Store = [System.Security.Cryptography.X509Certificates.X509Store]::New($StoreName, $StoreLocation)
try {
$Store.Open('ReadOnly')
}
catch {
$_.Exception.Message | Write-Error -ErrorAction Stop
}
}
process {
foreach ($Thumb in $Thumbprint) {
Write-Output $Store.Certificates | Where-Object { $_.Thumbprint -eq $Thumb }
if ($Type -eq 'Private') {
Get-CSPfXCertificate -Thumbprint $Thumbprint -StoreName 'My' -StoreLocation 'CurrentUser'
}
elseif ($Type -eq 'Shared') {
if ( $isLinux) {
$cert = Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'My' -StoreLocation 'CurrentUser'
if ($null -eq $cert) {
Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'Root' -StoreLocation 'LocalMachine'
}
else {
Write-Output $cert
}
}
elseif ( (! $isLinux) -or ($isWindows) ) {
$cert = Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'My' -StoreLocation 'LocalMachine'
if ($null -eq $cert) {
Get-CSPfxCertificate -Thumbprint $Thumbprint -StoreName 'Root' -StoreLocation 'LocalMachine'
}
else {
Write-Output $cert
}
}
}
}
end {
$Store.Close()
}
}

102
src/Certificate/Import-CSCertificate.ps1
View File

@ -1,18 +1,17 @@
function Import-CSCertificate {
<#
.SYNOPSIS
adds a given pfx certificate file to current uerers personal certificate store.
Imports a linked certificate to the valid store location.
.DESCRIPTION
This function is used to import existing pfx certificate files. The Import-PFXCertificate cmdle from the
PKI module imports the certficate into a deprecated store. Thus you can't read the private key afterwards or
using it for decrypting data.
Import-CSCertificate takes a pfx certificate file and imports it to the supposed certificate store for
private and shared credential stores.
.PARAMETER Type
Select between the a private and shared credential store.
.PARAMETER Path
Path to an existing *.pfx certificate file.
.PARAMETER StoreName
Additionally you change change the store where you want the certificate into.
Provide a valid path to pfx certificate file.
.INPUTS
[None]
@ -21,12 +20,12 @@ function Import-CSCertificate {
[None]
.EXAMPLE
Import-CSCertificate -Path (Join-Path -Path $Env:APPDATA -ChildPath '/PSCredentialStore.pfx')
Import-CSCertificate -Type 'Private' -Path (Join-Path -Path $Env:APPDATA -ChildItem 'PfxCertificate.pfx')
.NOTES
File Name : Import-CSCertificate.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
- File Name : Import-CSCertificate.ps1
- Author : Marco Blessing - marco.blessing@googlemail.com
- Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
@ -36,77 +35,38 @@ function Import-CSCertificate {
param(
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[string]$Path,
[ValidateSet('Private', 'Shared')]
[string]$Type,
[Parameter(Mandatory = $false)]
[ValidateSet(
'AddressBook',
'AuthRoot',
'CertificateAuthority',
'Disallowed',
'My',
'Root',
'TrustedPeople',
'TrustedPublisher'
)]
[string]$StoreName = 'My',
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[System.IO.FileInfo]$Path
[Parameter(Mandatory = $false)]
[ValidateSet(
'CurrentUser',
'LocalMachine'
)]
[string]$StoreLocation = 'CurrentUser',
[Parameter(Mandatory = $false)]
[ValidateSet(
'ReadOnly',
'ReadWrite',
'MaxAllowed',
'OpenExistingOnly',
'InclueArchived'
)]
[string]$OpenFlags = 'ReadWrite'
)
begin {
$Store = [System.Security.Cryptography.X509Certificates.X509Store]::new($StoreName, $StoreLocation)
try {
$Store.Open($OpenFlags)
}
catch {
$_.Exception.Message | Write-Error -ErrorAction Stop
}
}
process {
try {
$cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new(
$Path,
$null,
(
[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable -bor
[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet
)
)
if (Test-CSCertificate -Thumbprint $cert.Thumbprint) {
Write-Warning -Message ('The certificate with thumbprint {0} is already present!' -f $cert.Thumbprint)
}
else {
$Store.Add($cert)
}
}
catch {
$_.Exception.Message | Write-Error -ErrorAction Stop
if (! (Test-Path -Path $Path)) {
$ErrorParams = @{
ErrorAction = 'Stop'
Exception = [System.Exception]::new(
'Could not read or add the pfx certificate!'
('File {0} not found!') -f $Path
)
}
Write-Error @ErrorParams
}
}
process {
# Import to CurrentUser\My store for windows and linux
if ($Type -eq 'Private') {
Import-CSPfxCertificate -Path $Path -StoreName 'My' -StoreLocation 'CurrentUser' -OpenFlags 'ReadWrite'
}
elseif ( (! $isLinux ) -and ($Type -eq 'Shared') ) {
Import-CSPfxCertificate -Path $Path -StoreName 'My' -StoreLocation 'LocalMachine' -OpenFlags 'ReadWrite'
}
elseif ( ($isLinux) -and ($Type -eq 'Shared') ) {
Import-CSPfxCertificate -Path $Path -StoreName 'My' -StoreLocation 'CurrentUser' -OpenFlags 'ReadWrite'
}
}
end {
$Store.Close()
}
}

21
src/Certificate/New-CRTAttribute.ps1 → src/Certificate/New-CSCertAttribute.ps1
View File

@ -1,13 +1,13 @@
function New-CRTAttribute {
function New-CSCertAttribute {
<#
.SYNOPSIS
Create required data for a certificate signing request.
Creates required data for a certificate signing request.
.DESCRIPTION
Defines the certificate related properties for an upcoming New-PfxCertificate execution.
.PARAMETER Country
Provide a two letter country code.
County code like EN, DE, IT, FR...
.PARAMETER State
Certificate state value.
@ -24,23 +24,22 @@ function New-CRTAttribute {
.PARAMETER CommonName
The certificate common name.
.PARAMETER CSRSubject
you can provide the needed certificate properties with in one hashtable. This hashtable has to contain the
following keys: 'Country', 'State', 'City', 'Organization', 'OrganizationalUnitName', 'CommonName'.
.PARAMETER Days
The validation time itself.
.INPUTS
[None]
.OUTPUTS
['PSCredentialStore.Certificate.CSRDetails']
[PSCredentialStore.Certificate.CSRDetails]
.EXAMPLE
New-CRTAttribute -CSRSubject @{Country = 'DE'; State = 'BW'; City = 'Karlsruhe'; Organization = 'AwesomeIT'; OrganizationalUnitName = '';CommonName = 'MyPrivateCert'}
New-CSCertAttribute -Country 'DE' -State 'BW' -City 'Karlsruhe' -Organization 'AwesomeIT' -OrganizationalUnitName '' -CommonName 'MyPrivateCert'
.NOTES
File Name : New-CSRDetails.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
- File Name : New-CSCertAttribute.ps1
- Author : Marco Blessing - marco.blessing@googlemail.com
- Requires :
.LINK
https://github.com/OCram85/PSCredentialStore

12
src/Certificate/New-PfxCertificate.ps1 → src/Certificate/New-CSCertificate.ps1
View File

@ -1,7 +1,7 @@
function New-PfxCertificate {
function New-CSCertificate {
<#
.SYNOPSIS
Creates new PFX certificate for the CredentialStore encryption.
Creates a new PFX certificate for the CredentialStore encryption.
.DESCRIPTION
Use this function to create a custom self signed certificate used by the PSCredentialStore module.
@ -22,12 +22,12 @@ function New-PfxCertificate {
[None]
.EXAMPLE
New-PfxCertificate -CRTAttribute $CRTAttribute -KeyName './myprivate.key' -CertName './mycert.pfx'
New-CSCertificate -CRTAttribute $CRTAttribute -KeyName './myprivate.key' -CertName './mycert.pfx'
.NOTES
File Name : New-PfxCertificate.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
- File Name : New-CSCertificate.ps1
- Author : Marco Blessing - marco.blessing@googlemail.com
- Requires :
.LINK
https://github.com/OCram85/PSCredentialStore

84
src/Certificate/Test-CSCertificate.ps1
View File

@ -1,19 +1,13 @@
function Test-CSCertificate {
<#
.SYNOPSIS
Tests if the given certificate exists in a store.
Tests if the linked certificate is store ein the specified cert stores.
.DESCRIPTION
Use this function to ensure if a certificate is already imported into a given store.
Test-CSCertificate should be an easy high level test for the linked certificate.
.PARAMETER Thumbprint
Provide one or more thumprints.
.PARAMETER StoreName
Select the store name in which you want to search the certificates.
.PARAMETER StoreLocation
Select between the both available locations CurrentUser odr LocalMachine.
.PARAMETER Type
Select between 'Private' or 'Shared'.
.INPUTS
[None]
@ -22,12 +16,12 @@ function Test-CSCertificate {
[bool]
.EXAMPLE
Test-CSCertificate -Thumbprint '12345678' -StoreName 'My' -StoreLocation 'CurrentUser'
Test-CSCertificate -Type 'Shared'
.NOTES
File Name : Test-CSCertificate.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
- File Name : Test-CSCertificate.ps1
- Author : Marco Blessing - marco.blessing@googlemail.com
- Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
@ -35,45 +29,42 @@ function Test-CSCertificate {
[CmdletBinding()]
[OutputType([bool])]
param(
[Parameter(Mandatory = $true, ValueFromPipeline = $true)]
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[string]$Thumbprint,
[Parameter(Mandatory = $false)]
[ValidateSet(
'AddressBook',
'AuthRoot',
'CertificateAuthority',
'Disallowed',
'My',
'Root',
'TrustedPeople',
'TrustedPublisher'
)]
[string]$StoreName = 'My',
[Parameter(Mandatory = $false)]
[ValidateSet(
'CurrentUser',
'LocalMachine'
)]
[string]$StoreLocation = 'CurrentUser'
[ValidateSet('Private', 'Shared')]
[string]$Type
)
begin {
$Store = [System.Security.Cryptography.X509Certificates.X509Store]::New($StoreName, $StoreLocation)
try {
$Store.Open('ReadOnly')
if ($Type -eq 'Private') {
$CS = Get-CredentialStore
}
catch {
$_.Exception.Message | Write-Error -ErrorAction Stop
elseif ($Type -eq 'Shared') {
$CS = Get-CredentialStore -Shared
}
if ($null -ne $CS.PfxCertificate) {
Write-Warning 'There is a Pfx certificate file linked in the store. Certificates saved in the Cert store will be ignored!'
}
}
process {
$Cert = $Store.Certificates | Where-Object { $_.Thumbprint -eq $Thumbprint }
if ($null -eq $Cert) {
if ($Type -eq 'Private') {
$cert = Get-CSPfXCertificate -Thumbprint $CS.Thumbprint -StoreName 'My' -StoreLocation 'CurrentUser'
}
elseif ($Type -eq 'Shared') {
if ( $isLinux) {
$cert = Get-CSPfxCertificate -Thumbprint $CS.Thumbprint -StoreName 'My' -StoreLocation 'CurrentUser'
if ($null -eq $cert) {
$cert = Get-CSPfxCertificate -Thumbprint $CS.Thumbprint -StoreName 'Root' -StoreLocation 'LocalMachine'
}
}
elseif ( (! $isLinux) -or ($isWindows) ) {
$cert = Get-CSPfxCertificate -Thumbprint $CS.Thumbprint -StoreName 'My' -StoreLocation 'LocalMachine'
if ($null -eq $cert) {
$cert = Get-CSPfxCertificate -Thumbprint $CS.Thumbprint -StoreName 'Root' -StoreLocation 'LocalMachine'
}
}
}
if ($null -eq $cert) {
return $false
}
else {
@ -81,6 +72,5 @@ function Test-CSCertificate {
}
}
end {
$Store.Close()
}
}

37
src/Certificate/Use-PfxCertificate.ps1 → src/Certificate/Use-CSCertificate.ps1
View File

@ -1,7 +1,7 @@
function Use-PfxCertificate {
function Use-CSCertificate {
<#
.SYNOPSIS
Links an existing PFX Certifiacte to a CredentialStore.
Links an existing PFX Certificate to a CredentialStore.
.DESCRIPTION
Linking a certificate is needed if you plan to use the same CredentialStore in cross platform scenarios.
@ -9,6 +9,15 @@ function Use-PfxCertificate {
.PARAMETER Path
Specify the path to the PFX Certificate you want to link for usage.
.PARAMETER CredentialStore
Specify a custom path for a shared credential store.
.PARAMETER Shared
Use the credential store in shared mode.
.PARAMETER UseCertStore
Use the given certificate and import it into the corresponding certificate store.
.INPUTS
[None]
@ -16,10 +25,10 @@ function Use-PfxCertificate {
[None]
.EXAMPLE
Use-CSCertificate -Path 'C:\cert.pfx'
.NOTES
File Name : Use-PfxCertificate.ps1
File Name : Use-CSCertificate.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
@ -40,9 +49,13 @@ function Use-PfxCertificate {
[string]$CredentialStore,
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
[switch]$Shared
[switch]$Shared,
[Parameter(Mandatory = $false, ParameterSetName = "Private")]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[Switch]$UseCertStore
)
begin {}
begin { }
process {
try {
@ -93,10 +106,16 @@ Make sure you used the same AES keys for encrypting!
"@
}
$CS.PfxCertificate = $validPath.Path
$CS.Thumbprint = $PfxCertificate.Thumbprint
if ($UseCertStore) {
Import-CSCertificate -Type $PSCmdlet.ParameterSetName -Path $Path
$CS.Thumbprint = $PfxCertificate.Thumbprint
$CS.PfxCertificate = $null
}
else {
$CS.PfxCertificate = $validPath.Path
}
$CS | ConvertTo-Json -Depth 5 | Out-File -FilePath $StorePath -Force -Encoding utf8
}
end {}
end { }
}

11
src/Connection/Connect-To.ps1
View File

@ -29,6 +29,9 @@ function Connect-To {
Switch to shared mode with this param. This enforces the command to work with a shared CredentialStore which
can be decrypted across systems.
.PARAMETER PassThru
Returns the value from the underlying connection type function.
.INPUTS
[None]
@ -57,9 +60,9 @@ function Connect-To {
Connect-To -RemoteHost "exchange01.myside.local" -Type ExchangeHTTPS
.NOTES
File Name : Connect-To.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
- File Name : Connect-To.ps1
- Author : Marco Blessing - marco.blessing@googlemail.com
- Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
@ -194,7 +197,7 @@ function Connect-To {
}
try {
$FTPSessionOption = New-WinSCPSessionOption @WinSCPConParams
$Global:WinSCPSession = New-WinSCPSession @FTPSessionOption
$Global:WinSCPSession = New-WinSCPSession -SessionOption $FTPSessionOption
}
catch {
throw "Could not connect to {0} using {1} protocol!" -f $RemoteHost, $Type

24
src/Connection/Disconnect-From.ps1
View File

@ -51,9 +51,9 @@ function Disconnect-From {
Disconnect-From -RemoteHost "exchange01.myside.local" -Type ExchangeHTTPS
.NOTES
File Name : Disconnect-From.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
- File Name : Disconnect-From.ps1
- Author : Marco Blessing - marco.blessing@googlemail.com
- Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
@ -95,7 +95,7 @@ function Disconnect-From {
catch {
# Write a error message to the log.
$MessageParams = @{
Message = "Unable to disconnect from {0} using Type {1}." -f $RemoteHost, $Type
Message = "Unable to disconnect from {0} using Type {1}." -f $RemoteHost, $Type
ErrorAction = "Stop"
}
Write-Error @MessageParams
@ -114,7 +114,7 @@ function Disconnect-From {
catch {
# Write a error message to the log.
$MessageParams = @{
Message = "Unable to disconnect from {0} using Type {1}." -f $RemoteHost, $Type
Message = "Unable to disconnect from {0} using Type {1}." -f $RemoteHost, $Type
ErrorAction = "Stop"
}
Write-Error @MessageParams
@ -127,7 +127,7 @@ function Disconnect-From {
}
else {
$MessageParams = @{
Message = "There is no open WinSCP Session"
Message = "There is no open WinSCP Session"
ErrorAction = "Stop"
}
Write-Error @MessageParams
@ -138,7 +138,7 @@ function Disconnect-From {
"NetAppFAS" {
try {
$MessageParams = @{
Message = "Setting {0} to `$null, which will disconnect NetAppFAS" -f $Global:CurrentNcController
Message = "Setting {0} to `$null, which will disconnect NetAppFAS" -f $Global:CurrentNcController
ErrorAction = "Continue"
}
Write-Verbose @MessageParams
@ -148,7 +148,7 @@ function Disconnect-From {
catch {
# Write a error message to the log.
$MessageParams = @{
Message = "Unable to disconnect from {0} using Type {1}." -f $RemoteHost, $Type
Message = "Unable to disconnect from {0} using Type {1}." -f $RemoteHost, $Type
ErrorAction = "Stop"
}
Write-Error @MessageParams
@ -163,7 +163,7 @@ function Disconnect-From {
catch {
# Write a error message to the log.
$MessageParams = @{
Message = "Unable to disconnect from {0} using Type {1}." -f $RemoteHost, $Type
Message = "Unable to disconnect from {0} using Type {1}." -f $RemoteHost, $Type
ErrorAction = "Stop"
}
Write-Error @MessageParams
@ -176,7 +176,7 @@ function Disconnect-From {
}
catch {
$MessageParams = @{
Message = "Unable to disconnect from {0} using Type {1}." -f $RemoteHost, $Type
Message = "Unable to disconnect from {0} using Type {1}." -f $RemoteHost, $Type
ErrorAction = "Stop"
}
Write-Error @MessageParams
@ -188,7 +188,7 @@ function Disconnect-From {
}
else {
$MessageParams = @{
Message = "There is no open WinSCP Session"
Message = "There is no open WinSCP Session"
ErrorAction = "Stop"
}
Write-Error @MessageParams
@ -197,7 +197,7 @@ function Disconnect-From {
default {
# Write a error message to the log.
$MessageParams = @{
Message = "Unable to disconnect from {0} using Type {1}." -f $RemoteHost, $Type
Message = "Unable to disconnect from {0} using Type {1}." -f $RemoteHost, $Type
ErrorAction = "Stop"
}
Write-Error @MessageParams

20
src/Connection/Test-CSConnection.ps1
View File

@ -17,22 +17,22 @@ function Test-CSConnection {
[None]
.OUTPUTS
[Boolean]
[bool]
.EXAMPLE
.\Test-CMConnection -RemoteHost "r0-i01-vcr01.p0r.kivbf-cloud.net" -Type VMware
Test-CMConnection -RemoteHost "vcr01.internal.net" -Type VMware
.NOTES
File Name : Test-CSConnection.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
- File Name : Test-CSConnection.ps1
- Author : Marco Blessing - marco.blessing@googlemail.com
- Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
#>
[CmdletBinding()]
[OutputType([boolean])]
[OutputType([bool])]
param(
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
@ -77,7 +77,7 @@ function Test-CSConnection {
'CiscoUcs' {
$MsgParams = @{
ErrorAction = "Stop"
Message = "CiscoUCS connection test is not implemented yet!"
Message = "CiscoUCS connection test is not implemented yet!"
}
Write-Error @MsgParams
return $false
@ -86,7 +86,7 @@ function Test-CSConnection {
'FTP' {
$MsgParams = @{
ErrorAction = "Stop"
Message = "FTP connection test is not implemented yet!"
Message = "FTP connection test is not implemented yet!"
}
Write-Error @MsgParams
return $false
@ -95,7 +95,7 @@ function Test-CSConnection {
'NetAppFAS' {
$MsgParams = @{
ErrorAction = "Stop"
Message = "NetAppFAS connection test is not implemented yet!"
Message = "NetAppFAS connection test is not implemented yet!"
}
Write-Error @MsgParams
return $false
@ -105,7 +105,7 @@ function Test-CSConnection {
Default {
$MsgParams = @{
ErrorAction = "Stop"
Message = "Panic: There is an invalid type value! This error should never be thrown."
Message = "Panic: There is an invalid type value! This error should never be thrown."
}
Write-Error @MsgParams
return $false

35
src/Formats/PSCredential.Store.Format.ps1xml Normal file
View File

@ -0,0 +1,35 @@
<?xml version="1.0" encoding="utf-8" ?>
<Configuration>
<ViewDefinitions>
<View>
<Name>PSCredentialStore.Store</Name>
<ViewSelectedBy>
<TypeName>PSCredentialStore.Store</TypeName>
</ViewSelectedBy>
<ListControl>
<ListEntries>
<ListEntry>
<ListItems>
<ListItem>
<PropertyName>Version</PropertyName>
</ListItem>
<ListItem>
<PropertyName>Created</PropertyName>
</ListItem>
<ListItem>
<Label>PfxCertificate</Label>
<ScriptBlock>$_.PfxCertificate | Split-Path -Leaf</ScriptBlock>
</ListItem>
<ListItem>
<PropertyName>Thumbprint</PropertyName>
</ListItem>
<ListItem>
<PropertyName>Type</PropertyName>
</ListItem>
</ListItems>
</ListEntry>
</ListEntries>
</ListControl>
</View>
</ViewDefinitions>
</Configuration>

37
src/Formats/PSCredentialStore.Certificate.Attribute.ps1xml Normal file
View File

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="utf-8" ?>
<Configuration>
<ViewDefinitions>
<View>
<Name>PSCredentialStore.Certificate.Attribute</Name>
<ViewSelectedBy>
<TypeName>PSCredentialStore.Certificate.Attribute</TypeName>
</ViewSelectedBy>
<ListControl>
<ListEntries>
<ListEntry>
<ListItems>
<ListItem>
<PropertyName>Country</PropertyName>
</ListItem>
<ListItem>
<PropertyName>State</PropertyName>
</ListItem>
<ListItem>
<PropertyName>City</PropertyName>
</ListItem>
<ListItem>
<PropertyName>Organization</PropertyName>
</ListItem>
<ListItem>
<PropertyName>OrganizationalUnitName</PropertyName>
</ListItem>
<ListItem>
<PropertyName>CommonName</PropertyName>
</ListItem>
</ListItems>
</ListEntry>
</ListEntries>
</ListControl>
</View>
</ViewDefinitions>
</Configuration>

29
src/Item/Get-CredentialStoreItem.ps1
View File

@ -31,11 +31,10 @@ function Get-CredentialStoreItem {
$myCreds = Get-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local"
.NOTES
```
File Name : Get-CredentialStoreItem.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
```
- File Name : Get-CredentialStoreItem.ps1
- Author : Messing - marco.blessing@googlemail.com
- Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
#>
@ -87,23 +86,11 @@ function Get-CredentialStoreItem {
$CSMembers = Get-Member -InputObject $CS
# Let's first check if the given remote host exists as object property
if (($CSMembers.MemberType -eq "NoteProperty") -and ($CSMembers.Name -contains $CredentialName)) {
try {
if ($null -eq $CS.PfxCertificate) {
$Cert = Get-CSCertificate -Thumbprint $CS.Thumbprint
}
else {
$Cert = Get-PfxCertificate -FilePath $CS.PfxCertificate -ErrorAction Stop
}
if ($null -eq $CS.PfxCertificate) {
$Cert = Get-CSCertificate -Type $CS.Type -Thumbprint $CS.Thumbprint
}
catch {
$_.Exception.Message | Write-Error
$ErrorParams = @{
ErrorAction = 'Stop'
Exception = [System.Security.Cryptography.CryptographicException]::new(
'Could not read the given PFX certificate.'
)
}
Write-Error @ErrorParams
else {
$Cert = Get-PfxCertificate -FilePath $CS.PfxCertificate -ErrorAction Stop
}
$DecryptedKey = $Cert.PrivateKey.Decrypt(
[Convert]::FromBase64String($CS.$CredentialName.EncryptedKey),

51
src/Item/New-CredentialStoreItem.ps1
View File

@ -21,6 +21,10 @@ function New-CredentialStoreItem {
.PARAMETER Credential
You can provide credentials optionally as pre existing pscredential object.
.PARAMETER Shared
Define the CredentialStore where you want to add the new item. Default is always personal but can be
changed to shared, or even shared with custom path.
.INPUTS
[None]
@ -31,11 +35,10 @@ function New-CredentialStoreItem {
New-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local"
.NOTES
```
File Name : New-CredentialStoreItem.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
```
- File Name : New-CredentialStoreItem.ps1
- Author : Marco Blessing - marco.blessing@googlemail.com
- Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
#>
@ -91,15 +94,6 @@ function New-CredentialStoreItem {
Write-Error @MessageParams
}
# Read the file content based on the given ParameterSetName
<#
if ($PSCmdlet.ParameterSetName -eq 'Private') {
$CSContent = Get-CredentialStore
}
elseif ($PSCmdlet.ParameterSetName -eq 'Shared') {
$CSContent = Get-CredentialStore -Shared -Path $Path
}
#>
$CSContent = Get-CredentialStore -Shared -Path $Path
$CurrentDate = Get-Date -UFormat "%Y-%m-%d %H:%M:%S"
@ -116,32 +110,11 @@ function New-CredentialStoreItem {
}
if ($Credential.UserName) {
try {
if ($null -eq $CSContent.PfxCertificate) {
$Cert = Get-CSCertificate -Thumbprint $CSContent.Thumbprint
if ($null -eq $Cert) {
$ErrorParams = @{
ErrorAction = 'Stop'
Exception = [System.Security.Cryptography.X509Certificates.FileNotFoundException]::new(
('Could not find the linked certificate with thumbprint {0}' -f $CSContent.Thumbprint)
)
}
Write-Error @ErrorParams
}
}
else {
$Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop
}
if ($null -eq $CSContent.PfxCertificate) {
$Cert = Get-CSCertificate -Type $CSContent.Type -Thumbprint $CSContent.Thumbprint
}
catch {
$_.Exception.Message | Write-Error
$ErrorParams = @{
ErrorAction = 'Stop'
Exception = [System.Security.Cryptography.CryptographicException]::new(
'Could not read the given PFX certificate.'
)
}
Write-Error @ErrorParams
else {
$Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop
}
if (Get-Member -InputObject $CSContent -Name $CredentialName -Membertype Properties) {

8
src/Item/Remove-CredentialStoreItem.ps1
View File

@ -39,11 +39,9 @@ function Remove-CredentialStoreItem {
Remove-CredentialStoreItem -RemoteHost "esx01.myside.local" -Identifier svc
.NOTES
```
File Name : Remove-CredentialStoreItem.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
```
- File Name : Remove-CredentialStoreItem.ps1
- Author : Marco Blessing - marco.blessing@googlemail.com
- Requires :
.LINK
https://github.com/OCram85/PSCredentialStore

34
src/Item/Set-CredentialStoreItem.ps1
View File

@ -4,6 +4,7 @@ function Set-CredentialStoreItem {
Changes the credentials for the given remote host in the store.
.DESCRIPTION
Use this function to update your already stored RemoteHost items.
.PARAMETER Path
Define the store in which your given host entry already exists.
@ -19,6 +20,9 @@ function Set-CredentialStoreItem {
Switch to shared mode with this param. This enforces the command to work with a shared CredentialStore which
can be decrypted across systems.
.PARAMETER Credential
Provided the new credentials you want to update inside the RemoteHost item.
.INPUTS
[None]
@ -27,14 +31,14 @@ function Set-CredentialStoreItem {
.EXAMPLE
Set-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local"
.EXAMPLE
Set-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local" -Identifier svc
.NOTES
```
File Name : Set-CredentialStoreItem.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
```
- File Name : Set-CredentialStoreItem.ps1
- Author : Marco Blessing - marco.blessing@googlemail.com
- Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
@ -102,23 +106,11 @@ function Set-CredentialStoreItem {
}
if ($Credential.UserName) {
try {
if ($null -eq $CSContent.PfxCertificate) {
$Cert = Get-CSCertificate -Thumbprint $CSContent.Thumbprint
}
else {
$Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop
}
if ($null -eq $CSContent.PfxCertificate) {
$Cert = Get-CSCertificate -Type $CSContent.Type -Thumbprint $CSContent.Thumbprint
}
catch {
$_.Exception.Message | Write-Error
$ErrorParams = @{
ErrorAction = 'Stop'
Exception = [System.Security.Cryptography.CryptographicException]::new(
'Could not read the given PFX certificate.'
)
}
Write-Error @ErrorParams
else {
$Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop
}
if (Get-Member -InputObject $CSContent -Name $CredentialName -Membertype Properties) {

8
src/Item/Test-CredentialStoreItem.ps1
View File

@ -37,11 +37,9 @@ function Test-CredentialStoreItem {
}
.NOTES
```
File Name : Test-CredentialStoreItem.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
```
- File Name : Test-CredentialStoreItem.ps1
- Author : Marco Blessing - marco.blessing@googlemail.com
- Requires :
.LINK
https://github.com/OCram85/PSCredentialStore

19
src/PSCredentialStore.psd1
View File

@ -55,7 +55,10 @@
# TypesToProcess = @()
# Format files (.ps1xml) to be loaded when importing this module
# FormatsToProcess = @()
FormatsToProcess = @(
'Formats/PSCredential.Store.Format.ps1xml',
'Formats/PSCredentialStore.Certificate.Attribute.ps1xml'
)
# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
# NestedModules = @()
@ -65,10 +68,14 @@
# Certificate
'Get-CSCertificate',
'Import-CSCertificate',
'New-CRTAttribute',
'New-PfxCertificate',
'New-CSCertAttribute',
'New-CSCertificate',
'Test-CSCertificate',
'Use-PfxCertificate',
'Use-CSCertificate',
# Pfx Certificate
# 'Get-CSPfxCertificate',
# 'Import-CSPfxCertificate',
# 'Test-CSPfxCertificate',
# Connection
'Connect-To',
'Disconnect-From',
@ -121,10 +128,10 @@
IconUri = 'https://raw.githubusercontent.com/OCram85/PSCredentialStore/master/assets/logo256.png'
# ReleaseNotes of this module
ReleaseNotes = 'This is a pre-release version!. Do not use in production!'
ReleaseNotes = 'See https://github.com/OCram85/PSCredentialStore/releases page for details.'
# Prerelease string of this module
Prerelease = 'preview'
#Prerelease = 'preview'
# Flag to indicate whether the module requires explicit user acceptance for install/update
# RequireLicenseAcceptance = $false

81
src/Private/Get-CSPfxCertificate.ps1 Normal file
View File

@ -0,0 +1,81 @@
function Get-CSPfxCertificate {
<#
.SYNOPSIS
Returns the certificate object given by thumbprint.
.DESCRIPTION
You can use this function to get a stored certificate. Search for the object by its unique thumbprint.
.PARAMETER Thumbprint
Provide one or more thumbprints.
.PARAMETER StoreName
Select the store name in which you want to search the certificates.
.PARAMETER StoreLocation
Select between the both available locations CurrentUser odr LocalMachine.
.INPUTS
[string]
.OUTPUTS
[System.Security.Cryptography.X509Certificates.X509Certificate2[]]
.EXAMPLE
Get-CSPfxCertificate -Thumbprint '12345678' -StoreName 'My' -StoreLocation 'CurrentUser'
.NOTES
- File Name : Get-CSPfxCertificate.ps1
- Author : Marco Blessing - marco.blessing@googlemail.com
- Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
#>
[CmdletBinding()]
[OutputType([System.Security.Cryptography.X509Certificates.X509Certificate2])]
param(
[Parameter(Mandatory = $true, ValueFromPipeline = $true)]
[ValidateNotNullOrEmpty()]
[string[]]$Thumbprint,
[Parameter(Mandatory = $false)]
[ValidateSet(
'AddressBook',
'AuthRoot',
'CertificateAuthority',
'Disallowed',
'My',
'Root',
'TrustedPeople',
'TrustedPublisher'
)]
[string]$StoreName = 'My',
[Parameter(Mandatory = $false)]
[ValidateSet(
'CurrentUser',
'LocalMachine'
)]
[string]$StoreLocation = 'CurrentUser'
)
begin {
$Store = [System.Security.Cryptography.X509Certificates.X509Store]::New($StoreName, $StoreLocation)
try {
$Store.Open('ReadOnly')
}
catch {
$_.Exception.Message | Write-Error -ErrorAction Stop
}
}
process {
foreach ($Thumb in $Thumbprint) {
Write-Output $Store.Certificates | Where-Object { $_.Thumbprint -eq $Thumb }
}
}
end {
$Store.Close()
}
}

10
src/Private/Get-DefaultCredentialStorePath.ps1
View File

@ -16,9 +16,9 @@ function Get-DefaultCredentialStorePath {
$Path = Get-DefaultCredentialStorePath
.NOTES
File Name : Get-DefaultCredentialStorePath.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
- File Name : Get-DefaultCredentialStorePath.ps1
- Author : Marco Blessing - marco.blessing@googlemail.com
- Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
@ -30,7 +30,7 @@ function Get-DefaultCredentialStorePath {
[switch]$Shared
)
begin {}
begin { }
process {
if ($Shared.IsPresent) {
@ -57,5 +57,5 @@ function Get-DefaultCredentialStorePath {
}
}
end {}
end { }
}

10
src/Private/Get-ModuleBase.ps1
View File

@ -11,9 +11,9 @@ function Get-ModuleBase {
Returns the base path as string
.NOTES
File Name : Get-ModuleBase.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
- File Name : Get-ModuleBase.ps1
- Author : Marco Blessing - marco.blessing@googlemail.com
- Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
@ -21,9 +21,9 @@ function Get-ModuleBase {
[CmdletBinding()]
[OutputType()]
param()
begin {}
begin { }
process {
return $MyInvocation.MyCommand.Module.ModuleBase
}
end {}
end { }
}

10
src/Private/Get-RandomAESKey.ps1
View File

@ -16,9 +16,9 @@ function Get-RandomAESKey {
.\Get-RandomAESKey
.NOTES
File Name : Get-RandomAESKey.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
- File Name : Get-RandomAESKey.ps1
- Author : Marco Blessing - marco.blessing@googlemail.com
- Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
@ -28,7 +28,7 @@ function Get-RandomAESKey {
[OutputType([byte[]])]
param()
begin {}
begin { }
process {
$key = [byte[]]::new(32)
@ -40,5 +40,5 @@ function Get-RandomAESKey {
}
}
end {}
end { }
}

6
src/Private/Get-TempDir.ps1
View File

@ -15,9 +15,9 @@ function Get-TempDir {
Get-TempDir
.NOTES
File Name : Get-TempDir.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
- File Name : Get-TempDir.ps1
- Author : Marco Blessing - marco.blessing@googlemail.com
- Requires :
.LINK
https://github.com/OCram85/PSCredentialStore

112
src/Private/Import-CSPfxCertificate.ps1 Normal file
View File

@ -0,0 +1,112 @@
function Import-CSPfxCertificate {
<#
.SYNOPSIS
Adds a given pfx certificate file to current user's personal certificate store.
.DESCRIPTION
This function is used to import existing pfx certificate files. The Import-PFXCertificate cmdlet from the
PKI module imports the certificate into a deprecated store. Thus you can't read the private key afterwards or
using it for decrypting data.
.PARAMETER Path
Path to an existing *.pfx certificate file.
.PARAMETER StoreName
Additionally you change change the store where you want the certificate into.
.INPUTS
[None]
.OUTPUTS
[None]
.EXAMPLE
Import-CSPfxCertificate -Path (Join-Path -Path $Env:APPDATA -ChildPath '/PSCredentialStore.pfx')
.NOTES
File Name : Import-CSPfxCertificate.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
#>
[CmdletBinding()]
[OutputType()]
param(
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[string]$Path,
[Parameter(Mandatory = $false)]
[ValidateSet(
'AddressBook',
'AuthRoot',
'CertificateAuthority',
'Disallowed',
'My',
'Root',
'TrustedPeople',
'TrustedPublisher'
)]
[string]$StoreName = 'My',
[Parameter(Mandatory = $false)]
[ValidateSet(
'CurrentUser',
'LocalMachine'
)]
[string]$StoreLocation = 'CurrentUser',
[Parameter(Mandatory = $false)]
[ValidateSet(
'ReadOnly',
'ReadWrite',
'MaxAllowed',
'OpenExistingOnly',
'IncludeArchived'
)]
[string]$OpenFlags = 'ReadWrite'
)
begin {
$Store = [System.Security.Cryptography.X509Certificates.X509Store]::new($StoreName, $StoreLocation)
try {
$Store.Open($OpenFlags)
}
catch {
$_.Exception.Message | Write-Error -ErrorAction Stop
}
}
process {
try {
$cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new(
$Path,
$null,
(
[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable -bor
[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet
)
)
if (Test-CSPfxCertificate -Thumbprint $cert.Thumbprint) {
Write-Warning -Message ('The certificate with thumbprint {0} is already present!' -f $cert.Thumbprint)
}
else {
$Store.Add($cert)
}
}
catch {
$_.Exception.Message | Write-Error -ErrorAction Stop
$ErrorParams = @{
ErrorAction = 'Stop'
Exception = [System.Exception]::new(
'Could not read or add the pfx certificate!'
)
}
Write-Error @ErrorParams
}
}
end {
$Store.Close()
}
}

10
src/Private/Resolve-Dependency.ps1
View File

@ -40,11 +40,9 @@ function Resolve-Dependency {
}
.NOTES
```
File Name : ResolveDependency.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
```
- File Name : ResolveDependency.ps1
- Author : Marco Blessing - marco.blessing@googlemail.com
- Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
@ -69,7 +67,7 @@ function Resolve-Dependency {
}
process {
$SelectedDependency = $Dependency.Optional | Where-Object {$_.Name -match $Name}
$SelectedDependency = $Dependency.Optional | Where-Object { $_.Name -match $Name }
# return true if there is no dependency defined
if ($null -eq $SelectedDependency) {
return $true

86
src/Private/Test-CSPfxCertificate.ps1 Normal file
View File

@ -0,0 +1,86 @@
function Test-CSPfxCertificate {
<#
.SYNOPSIS
Tests if the given certificate exists in a store.
.DESCRIPTION
Use this function to ensure if a certificate is already imported into a given store.
.PARAMETER Thumbprint
Provide one or more thumbprints.
.PARAMETER StoreName
Select the store name in which you want to search the certificates.
.PARAMETER StoreLocation
Select between the both available locations CurrentUser odr LocalMachine.
.INPUTS
[None]
.OUTPUTS
[bool]
.EXAMPLE
Test-CSPfxCertificate -Thumbprint '12345678' -StoreName 'My' -StoreLocation 'CurrentUser'
.NOTES
File Name : Test-CSPfxCertificate.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
#>
[CmdletBinding()]
[OutputType([bool])]
param(
[Parameter(Mandatory = $true, ValueFromPipeline = $true)]
[ValidateNotNullOrEmpty()]
[string]$Thumbprint,
[Parameter(Mandatory = $false)]
[ValidateSet(
'AddressBook',
'AuthRoot',
'CertificateAuthority',
'Disallowed',
'My',
'Root',
'TrustedPeople',
'TrustedPublisher'
)]
[string]$StoreName = 'My',
[Parameter(Mandatory = $false)]
[ValidateSet(
'CurrentUser',
'LocalMachine'
)]
[string]$StoreLocation = 'CurrentUser'
)
begin {
$Store = [System.Security.Cryptography.X509Certificates.X509Store]::New($StoreName, $StoreLocation)
try {
$Store.Open('ReadOnly')
}
catch {
$_.Exception.Message | Write-Error -ErrorAction Stop
}
}
process {
$Cert = $Store.Certificates | Where-Object { $_.Thumbprint -eq $Thumbprint }
if ($null -eq $Cert) {
return $false
}
else {
return $true
}
}
end {
$Store.Close()
}
}

12
src/Private/Test-Module.ps1
View File

@ -34,11 +34,9 @@ function Test-Module {
.\Test-Dependency -Name 'VMware.PowerCLI' -Type 'Module' -StopIfFails
.NOTES
```
File Name : Test-Module.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
```
- File Name : Test-Module.ps1
- Author : Marco Blessing - marco.blessing@googlemail.com
- Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
@ -58,7 +56,7 @@ Could not find the required {0} called {1}. Please install the required {0} to r
[Parameter(Mandatory = $false)]
[switch]$StopIfFails
)
begin {}
begin { }
process {
$Message = $MessagePattern -f $Type, $Name
@ -75,5 +73,5 @@ Could not find the required {0} called {1}. Please install the required {0} to r
}
}
end {}
end { }
}

12
src/Store/Get-CredentialStore.ps1
View File

@ -25,11 +25,9 @@ function Get-CredentialStore {
$CSContent = Get-CredentialStore -Path "C:\TMP\mystore.json"
.NOTES
```
File Name : Get-CredentialStore.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
```
- File Name : Get-CredentialStore.ps1
- Author : Marco Blessing - marco.blessing@googlemail.com
- Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
#>
@ -45,7 +43,7 @@ function Get-CredentialStore {
[switch]$Shared
)
begin {}
begin { }
process {
# Set the CredentialStore for private, shared or custom mode.
@ -83,6 +81,6 @@ function Get-CredentialStore {
}
}
end {}
end { }
}

49
src/Store/New-CredentialStore.ps1
View File

@ -18,6 +18,15 @@ function New-CredentialStore {
.PARAMETER Force
Use this switch to reset an existing store. The complete content will be wiped.
.PARAMETER SkipPFXCertCreation
You can skip the pfx certificate creation process. This makes sense if you have a previously created cert or want to
import a cert in cross-platform environments.
.Parameter UseCertStore
Instead of using a plain pfx file beside your CredentialStore file you can import it into the user or machine
certificate store. In this case the system itself secures the cert and you don't hat to set custom NTFS
permissions so secure your shared certificate.
.INPUTS
[None]
@ -42,11 +51,10 @@ function New-CredentialStore {
# Creates a new shared CredentialStore in the given location.
.NOTES
```
File Name : New-CredentialStore.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
```
- File Name : New-CredentialStore.ps1
- Author : Marco Blessing - marco.blessing@googlemail.com
- Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
#>
@ -100,7 +108,7 @@ function New-CredentialStore {
$ErrorParams = @{
ErrorAction = 'Stop'
Exception = [System.IO.InvalidDataException]::new(
'Your provided path does not conain the required file extension .json !'
'Your provided path does not contain the required file extension .json !'
)
}
Write-Error @ErrorParams
@ -141,7 +149,7 @@ function New-CredentialStore {
OrganizationalUnitName = $PSCmdlet.ParameterSetName
CommonName = 'PSCredentialStore'
}
$CRTAttribute = New-CRTAttribute @CRTParams
$CRTAttribute = New-CSCertAttribute @CRTParams
# If we are working with a ne shared store we have to create the location first.
# Otherwise openssl fails with unknown path
@ -171,7 +179,7 @@ function New-CredentialStore {
}
try {
New-PfxCertificate @PfxParams
New-CSCertificate @PfxParams
}
catch {
$_.Exception.Message | Write-Error
@ -202,17 +210,6 @@ function New-CredentialStore {
Thumbprint = $null
Type = $null
}
if (! $SkipPFXCertCreation.IsPresent) {
$ObjProperties.Thumbprint = $FreshCert.Thumbprint
if (!$UseCertStore.IsPresent) {
$ObjProperties.PfxCertificate = $PfxParams.CertName
}
else {
Write-Verbose 'Importing new PFX certificate file...'
Import-CSCertificate -Path $PfxParams.CertName -StoreName My -StoreLocation CurrentUser
}
}
if ($PSCmdlet.ParameterSetName -eq "Shared") {
$ObjProperties.Type = "Shared"
@ -221,6 +218,20 @@ function New-CredentialStore {
$ObjProperties.Type = "Private"
}
if (! $SkipPFXCertCreation.IsPresent) {
$ObjProperties.Thumbprint = $FreshCert.Thumbprint
if ($UseCertStore.IsPresent) {
Write-Verbose 'Importing new PFX certificate file...'
Import-CSCertificate -Type $ObjProperties.Type -Path $PfxParams.CertName
}
else {
$ObjProperties.PfxCertificate = $PfxParams.CertName
}
}
$CredentialStoreObj = [PSCustomObject]$ObjProperties
try {
$JSON = ConvertTo-Json -InputObject $CredentialStoreObj -ErrorAction Stop

14
src/Store/Test-CredentialStore.ps1
View File

@ -14,12 +14,14 @@ function Test-CredentialStore {
Switch to shared mode with this param. This enforces the command to work with a shared CredentialStore which
can be decrypted across systems.
.EXAMPLE
Test-CredentialStore -eq $true
.NOTES
```
File Name : Test-CredentialStore.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
```
- File Name : Test-CredentialStore.ps1
- Author : Marco Blessing - marco.blessing@googlemail.com
- Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
#>
@ -60,6 +62,6 @@ function Test-CredentialStore {
}
}
end {}
end { }
}