From 858dfde93734c8a2e145ee8d1099408468f4056f Mon Sep 17 00:00:00 2001 From: OCram85 Date: Wed, 27 Mar 2019 10:56:14 +0100 Subject: [PATCH 01/25] adds certificate store location --- src/Item/Get-CredentialStoreItem.ps1 | 21 ++++++++++++++++++++- src/Item/New-CredentialStoreItem.ps1 | 9 ++++++++- src/Item/Set-CredentialStoreItem.ps1 | 14 +++++++++++--- src/Store/New-CredentialStore.ps1 | 22 ++++++++++++++++------ 4 files changed, 55 insertions(+), 11 deletions(-) diff --git a/src/Item/Get-CredentialStoreItem.ps1 b/src/Item/Get-CredentialStoreItem.ps1 index dda05b2..c20bdb9 100644 --- a/src/Item/Get-CredentialStoreItem.ps1 +++ b/src/Item/Get-CredentialStoreItem.ps1 @@ -87,7 +87,26 @@ function Get-CredentialStoreItem { $CSMembers = Get-Member -InputObject $CS # Let's first check if the given remote host exists as object property if (($CSMembers.MemberType -eq "NoteProperty") -and ($CSMembers.Name -contains $CredentialName)) { - $Cert = Get-PfxCertificate -FilePath $CS.PfXCertificate -ErrorAction Stop + try { + if ($null -eq $CS.PfxCertificate) { + $Cert = Get-ChildItem -Recurse -Path 'Cert:' | Where-Object { + $_.Thumbprint -eq $CS.Thumbprint + } | Select-Object -First 1 + } + else { + $Cert = Get-PfxCertificate -FilePath $CS.PfxCertificate -ErrorAction Stop + } + } + catch { + $_.Exception.Message | Write-Error + $ErrorParams = @{ + ErrorAction = 'Stop' + Exception = [System.Security.Cryptography.CryptographicException]::new( + 'Could not read the given PFX certificate.' + ) + } + Write-Error @ErrorParams + } $DecryptedKey = $Cert.PrivateKey.Decrypt( [Convert]::FromBase64String($CS.$CredentialName.EncryptedKey), [System.Security.Cryptography.RSAEncryptionPadding]::Pkcs1 diff --git a/src/Item/New-CredentialStoreItem.ps1 b/src/Item/New-CredentialStoreItem.ps1 index 56d23c5..5cd5c01 100644 --- a/src/Item/New-CredentialStoreItem.ps1 +++ b/src/Item/New-CredentialStoreItem.ps1 @@ -117,7 +117,14 @@ function New-CredentialStoreItem { if ($Credential.UserName) { try { - $Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop + if ($null -eq $CSContent.PfxCertificate) { + $Cert = Get-ChildItem -Recurse -Path 'Cert:' | Where-Object { + $_.Thumbprint -eq $CSContent.Thumbprint + } | Select-Object -First 1 + } + else { + $Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop + } } catch { $_.Exception.Message | Write-Error diff --git a/src/Item/Set-CredentialStoreItem.ps1 b/src/Item/Set-CredentialStoreItem.ps1 index 9b3418e..a340e93 100644 --- a/src/Item/Set-CredentialStoreItem.ps1 +++ b/src/Item/Set-CredentialStoreItem.ps1 @@ -103,14 +103,22 @@ function Set-CredentialStoreItem { if ($Credential.UserName) { try { - $Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop + if ($null -eq $CSContent.PfxCertificate) { + $Cert = Get-ChildItem -Recurse -Path 'Cert:' | Where-Object { + $_.Thumbprint -eq $CSContent.Thumbprint + } | Select-Object -First 1 + } + else { + $Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop + } } catch { $_.Exception.Message | Write-Error $ErrorParams = @{ - Message = 'Could not read the given PFX certificate.' ErrorAction = 'Stop' - Exception = [System.Security.Cryptography.CryptographicException]::new() + Exception = [System.Security.Cryptography.CryptographicException]::new( + 'Could not read the given PFX certificate.' + ) } Write-Error @ErrorParams } diff --git a/src/Store/New-CredentialStore.ps1 b/src/Store/New-CredentialStore.ps1 index 9eb773e..bcd7864 100644 --- a/src/Store/New-CredentialStore.ps1 +++ b/src/Store/New-CredentialStore.ps1 @@ -63,15 +63,19 @@ function New-CredentialStore { [Parameter(Mandatory = $false, ParameterSetName = "Private")] [Parameter(Mandatory = $false, ParameterSetName = "Shared")] - [switch]$Force, + [Switch]$Force, [Parameter(Mandatory = $false, ParameterSetName = "Private")] [Parameter(Mandatory = $false, ParameterSetName = "Shared")] - [switch]$PassThru, + [Switch]$PassThru, [Parameter(Mandatory = $false, ParameterSetName = "Private")] [Parameter(Mandatory = $false, ParameterSetName = "Shared")] - [Switch]$SkipPFXCertCreation + [Switch]$SkipPFXCertCreation, + + [Parameter(Mandatory = $false, ParameterSetName = "Private")] + [Parameter(Mandatory = $false, ParameterSetName = "Shared")] + [Switch]$UseCertStore ) begin { @@ -112,8 +116,8 @@ function New-CredentialStore { State = 'PSCredentialStore' City = 'PSCredentialStore' Organization = 'PSCredentialStore' - OrganizationalUnitName = ' ' - CommonName = 'PrivateStore' + OrganizationalUnitName = $PSCmdlet.ParameterSetName + CommonName = 'PSCredentialStore' } $CRTAttribute = New-CRTAttribute @CRTParams @@ -176,8 +180,14 @@ function New-CredentialStore { Type = $null } if (! $SkipPFXCertCreation.IsPresent) { - $ObjProperties.PfXCertificate = $PfxParams.CertName $ObjProperties.Thumbprint = $FreshCert.Thumbprint + + if (!$UseCertStore.IsPresent) { + $ObjProperties.PfxCertificate = $PfxParams.CertName + } + else { + Write-Warning -Message ("New certificate {0} created. Please import it into your certificate store manually!" -f $PfxParams.CertName) + } } if ($PSCmdlet.ParameterSetName -eq "Shared") { -- 2.40.1 From 1ecf52b48aebe60434c9e5bdbac68ec95a90e0ec Mon Sep 17 00:00:00 2001 From: OCram85 Date: Wed, 27 Mar 2019 11:08:00 +0100 Subject: [PATCH 02/25] add additional certificate store tests --- tests/Store/02_New-CredentialStore.Tests.ps1 | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/Store/02_New-CredentialStore.Tests.ps1 b/tests/Store/02_New-CredentialStore.Tests.ps1 index f822940..2d25e24 100644 --- a/tests/Store/02_New-CredentialStore.Tests.ps1 +++ b/tests/Store/02_New-CredentialStore.Tests.ps1 @@ -74,6 +74,20 @@ Describe "New-CredentialStore" { { New-CredentialStore -Path (Join-Path -Path (Get-TempDir) -ChildPath '/dummy.json') -Shared -Confirm:$false} | Should -Throw } } + Context "Tests for Windows certificate store" { + It "Create new private store and skipt certificate linkin" { + { New-CredentialStore -UseCertStore -Force } | Should -Not -Throw + $CS = Get-CredentialStore + $CS.PfxCertificate | Should -Be $null + $CS.Thumbprint | Should -Not -Be $null + } + It "Create new shared store and skipt certificate linkin" { + { New-CredentialStore -Shared -UseCertStore -Force } | Should -Not -Throw + $CS = Get-CredentialStore -Shared + $CS.PfxCertificate | Should -Be $null + $CS.Thumbprint | Should -Not -Be $null + } + } } # Cleanup test stores and restore existing ones. -- 2.40.1 From 3ab629d17da8886ddcfc07fcf819de473e4ae1cc Mon Sep 17 00:00:00 2001 From: OCram85 Date: Thu, 28 Mar 2019 10:45:15 +0100 Subject: [PATCH 03/25] add cert store tests for New-CredentialStoreItem --- .../Item/03_New-CredentialStoreItem.Tests.ps1 | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/tests/Item/03_New-CredentialStoreItem.Tests.ps1 b/tests/Item/03_New-CredentialStoreItem.Tests.ps1 index 8c1dad6..d02883f 100644 --- a/tests/Item/03_New-CredentialStoreItem.Tests.ps1 +++ b/tests/Item/03_New-CredentialStoreItem.Tests.ps1 @@ -81,5 +81,25 @@ Describe "New-CredentialStoreItem" { (Get-CredentialStoreItem -RemoteHost 'PipeHost').UserName | Should -Be 'pipeUser' } } + Context "Testing items with certficiate store" { + It "Create item in new store with cert store link" { + { New-CredentialStore -UseCertStore -Force } | Should -Not -Throw + $Path = Get-DefaultCredentialStorePath + $StoreHome = Split-Path -Path $Path -Parent + $CertFile = Join-Path -Path $StoreHome -ChildPath 'PSCredentialStore.pfx' + certutil.exe -Importpfx -user MY $CertFile "NoProtect, NoRoot" + function global:Get-Credential ([string]$Message) { + $UserName = 'testuser' + $Password = ConvertTo-SecureString -String "mypasswd" -AsPlainText -Force + return [PSCredential]::new($UserName, $Password) + } + New-CredentialStoreItem -RemoteHost 'foobarcerts' + Remove-Item -Path 'Function:\Get-Credential' + + $writtenItem = Get-CredentialStoreItem -Path $tmpCS -Shared -RemoteHost 'foobarcerts' + $writtenItem.UserName | Should -Be "testuser" + $writtenItem.GetNetworkCredential().Password | Should -Be 'mypasswd' + } + } } -- 2.40.1 From ab8811b7d5d856aa3b3e46c9924c5df2c8145460 Mon Sep 17 00:00:00 2001 From: OCram85 Date: Thu, 28 Mar 2019 10:52:22 +0100 Subject: [PATCH 04/25] fix test --- src/Item/New-CredentialStoreItem.ps1 | 9 ++++++ .../Item/03_New-CredentialStoreItem.Tests.ps1 | 28 +++++++++++-------- 2 files changed, 25 insertions(+), 12 deletions(-) diff --git a/src/Item/New-CredentialStoreItem.ps1 b/src/Item/New-CredentialStoreItem.ps1 index 5cd5c01..37d0f3d 100644 --- a/src/Item/New-CredentialStoreItem.ps1 +++ b/src/Item/New-CredentialStoreItem.ps1 @@ -121,6 +121,15 @@ function New-CredentialStoreItem { $Cert = Get-ChildItem -Recurse -Path 'Cert:' | Where-Object { $_.Thumbprint -eq $CSContent.Thumbprint } | Select-Object -First 1 + if ($null -eq $Cert) { + $ErrorParams = @{ + ErrorAction = 'Stop' + Exception = [System.Exception]::new( + ('Could not find the linked certificate with thumbprint {0}' -f $CSContent.Thumbprint) + ) + } + Write-Error @ErrorParams + } } else { $Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop diff --git a/tests/Item/03_New-CredentialStoreItem.Tests.ps1 b/tests/Item/03_New-CredentialStoreItem.Tests.ps1 index d02883f..56ce83b 100644 --- a/tests/Item/03_New-CredentialStoreItem.Tests.ps1 +++ b/tests/Item/03_New-CredentialStoreItem.Tests.ps1 @@ -4,7 +4,7 @@ Describe "New-CredentialStoreItem" { # Creat a fresh CredentialStore first New-CredentialStore -Force - [String]$tmp = (65..90) + (97..122) | Get-Random -Count 5 | % {[char]$_} + [String]$tmp = (65..90) + (97..122) | Get-Random -Count 5 | ForEach-Object { [char]$_ } $tmp = $tmp.Replace(' ', '') $tmpUser = "MyUser" $tmpPwd = "fooobarysdfsfs" | ConvertTo-SecureString -AsPlainText -Force @@ -65,7 +65,7 @@ Describe "New-CredentialStoreItem" { } Context "General Exception handling" { - Mock Test-CredentialStore {return $false} + Mock Test-CredentialStore { return $false } It "Missing CredentialStore should throw" { { New-CredentialStoreItem -Shared -Path 'C:\missingStore.json' -RemoteHost 'notrelevant' } | Should -Throw "Could not add anything" } @@ -83,20 +83,24 @@ Describe "New-CredentialStoreItem" { } Context "Testing items with certficiate store" { It "Create item in new store with cert store link" { - { New-CredentialStore -UseCertStore -Force } | Should -Not -Throw + New-CredentialStore -UseCertStore -Force + $Path = Get-DefaultCredentialStorePath $StoreHome = Split-Path -Path $Path -Parent $CertFile = Join-Path -Path $StoreHome -ChildPath 'PSCredentialStore.pfx' - certutil.exe -Importpfx -user MY $CertFile "NoProtect, NoRoot" - function global:Get-Credential ([string]$Message) { - $UserName = 'testuser' - $Password = ConvertTo-SecureString -String "mypasswd" -AsPlainText -Force - return [PSCredential]::new($UserName, $Password) - } - New-CredentialStoreItem -RemoteHost 'foobarcerts' - Remove-Item -Path 'Function:\Get-Credential' + $Cert = Get-PfxCertificate -FilePath $CertFile - $writtenItem = Get-CredentialStoreItem -Path $tmpCS -Shared -RemoteHost 'foobarcerts' + $myStore = [System.Security.Cryptography.X509Certificates.X509Store]::new('My') + $myStore.Open("ReadWrite") + $myStore.Add($Cert) + $MyStore.Close() + + $UserName = 'testuser' + $Password = ConvertTo-SecureString -String "mypasswd" -AsPlainText -Force + + [PSCredential]::new($UserName, $Password) | New-CredentialStoreItem -RemoteHost 'foobarcerts' + + $writtenItem = Get-CredentialStoreItem -RemoteHost 'foobarcerts' $writtenItem.UserName | Should -Be "testuser" $writtenItem.GetNetworkCredential().Password | Should -Be 'mypasswd' } -- 2.40.1 From 35616fa56432de1c91df010f6ae1ae18a713bcc1 Mon Sep 17 00:00:00 2001 From: OCram85 Date: Wed, 3 Apr 2019 11:41:13 +0200 Subject: [PATCH 05/25] add error handling for credential store path --- src/Store/New-CredentialStore.ps1 | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/Store/New-CredentialStore.ps1 b/src/Store/New-CredentialStore.ps1 index bcd7864..ae25b99 100644 --- a/src/Store/New-CredentialStore.ps1 +++ b/src/Store/New-CredentialStore.ps1 @@ -59,7 +59,20 @@ function New-CredentialStore { [Parameter(Mandatory = $false, ParameterSetName = "Shared")] [ValidateNotNullOrEmpty()] - [string]$Path, + [ValidateScript( + { + if ($_.Attributes -contains 'Directory') { + throw 'Please provide a full path containing the credential store file name with the .json extension!' + } + elseif ( ($null -eq $_.Extension) -or ($_.Extension -ne '*.json')) { + throw 'Your provided path does not conain the required file extension .json !' + } + else { + $true + } + } + )] + [System.IO.FileInfo]$Path, [Parameter(Mandatory = $false, ParameterSetName = "Private")] [Parameter(Mandatory = $false, ParameterSetName = "Shared")] -- 2.40.1 From cce898d61da3dd601aa96e348443177b86aad6d4 Mon Sep 17 00:00:00 2001 From: OCram85 Date: Wed, 3 Apr 2019 13:29:47 +0200 Subject: [PATCH 06/25] add Import-CSCertificate helper function --- src/Private/Import-CSCertificate.ps1 | 78 ++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 src/Private/Import-CSCertificate.ps1 diff --git a/src/Private/Import-CSCertificate.ps1 b/src/Private/Import-CSCertificate.ps1 new file mode 100644 index 0000000..bd15035 --- /dev/null +++ b/src/Private/Import-CSCertificate.ps1 @@ -0,0 +1,78 @@ +function Import-CSCertificate { + <# + .SYNOPSIS + adds a given pfx certificate file to current uerers personal certificate store. + + .DESCRIPTION + This function is used to import existing pfx certificate files. The Import-PFXCertificate cmdle from the + PKI module imports the certficate into a deprecated store. Thus you can't read the private key afterwards or + using it for decrypting data. + + .PARAMETER Path + Path to an existing *.pfx certificate file. + + .PARAMETER StoreName + Additionally you change change the store where you want the certificate into + + .INPUTS + [None] + + .OUTPUTS + [None] + + .EXAMPLE + Import-CSCertificate -Path (Join-Path -Path $Env:APPDATA -ChildPath '/PSCredentialStore.pfx') + + .NOTES + File Name : Import-CSCertificate.ps1 + Author : Marco Blessing - marco.blessing@googlemail.com + Requires : + + .LINK + https://github.com/OCram85/PSCredentialStore + #> + [CmdletBinding()] + [OutputType()] + param( + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [string]$Path, + + [Parameter(Mandatory = $false)] + [ValidateNotNullOrEmpty()] + [ValidateSet( + 'AddressBook', + 'AuthRoot', + 'CertificateAuthority', + 'Disallowed', + 'My', + 'Root', + 'TrustedPeople', + 'TrustedPublisher' + )] + [string]$StoreName = 'My' + ) + begin { + $Store = [System.Security.Cryptography.X509Certificates.X509Store]::new('My') + $Store.Open('ReadWrite') + } + process { + try { + $cert = Get-PfxCertificate -FilePath $Path -ErrorAction Stop + $Store.Add($cert) + } + catch { + $_.Exception.Message | Write-Error + $ErrorParams = @{ + ErrorAction = 'Stop' + Exception = [System.Security.Cryptography.Exception]::new( + 'Could not read or add the pfx certificate!' + ) + } + Write-Error @ErrorParams + } + } + end { + $Store.Close() + } +} -- 2.40.1 From e547db8cf71013d2118349777a6f1e7bcfe4b4a3 Mon Sep 17 00:00:00 2001 From: OCram85 Date: Wed, 3 Apr 2019 13:30:47 +0200 Subject: [PATCH 07/25] Import new certificate if param is given --- src/Store/New-CredentialStore.ps1 | 38 +++++++++++++++++++------------ 1 file changed, 24 insertions(+), 14 deletions(-) diff --git a/src/Store/New-CredentialStore.ps1 b/src/Store/New-CredentialStore.ps1 index ae25b99..d932db6 100644 --- a/src/Store/New-CredentialStore.ps1 +++ b/src/Store/New-CredentialStore.ps1 @@ -59,19 +59,6 @@ function New-CredentialStore { [Parameter(Mandatory = $false, ParameterSetName = "Shared")] [ValidateNotNullOrEmpty()] - [ValidateScript( - { - if ($_.Attributes -contains 'Directory') { - throw 'Please provide a full path containing the credential store file name with the .json extension!' - } - elseif ( ($null -eq $_.Extension) -or ($_.Extension -ne '*.json')) { - throw 'Your provided path does not conain the required file extension .json !' - } - else { - $true - } - } - )] [System.IO.FileInfo]$Path, [Parameter(Mandatory = $false, ParameterSetName = "Private")] @@ -97,6 +84,28 @@ function New-CredentialStore { # Set latest Credential Store version # Set-Variable -Name "CSVersion" -Value "2.0.0" -Option Constant -Scope + + # test if the path input is a valid file path + if ($PSCmdlet.MyInvocation.BoundParameters.ContainsKey('Path')) { + if ($Path.Attributes -contains 'Directory') { + $ErrorParams = @{ + ErrorAction = 'Stop' + Exception = [System.IO.InvalidDataException]::new( + 'Please provide a full path containing the credential store file name with the .json extension!' + ) + } + Write-Error @ErrorParams + } + elseif ( ($null -eq $Path.Extension) -or ($Path.Extension -ne '*.json')) { + $ErrorParams = @{ + ErrorAction = 'Stop' + Exception = [System.IO.InvalidDataException]::new( + 'Your provided path does not conain the required file extension .json !' + ) + } + Write-Error @ErrorParams + } + } } process { @@ -199,7 +208,8 @@ function New-CredentialStore { $ObjProperties.PfxCertificate = $PfxParams.CertName } else { - Write-Warning -Message ("New certificate {0} created. Please import it into your certificate store manually!" -f $PfxParams.CertName) + Write-Verbose 'Importing new PFX certifiate file' + Import-CSCertificate -Path $PfxParams.CertName } } -- 2.40.1 From 84a89eb64041de7ce7e5f7c3ef0ff5610520bd01 Mon Sep 17 00:00:00 2001 From: OCram85 Date: Wed, 3 Apr 2019 13:37:46 +0200 Subject: [PATCH 08/25] fix extension filter --- src/Store/New-CredentialStore.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Store/New-CredentialStore.ps1 b/src/Store/New-CredentialStore.ps1 index d932db6..f166181 100644 --- a/src/Store/New-CredentialStore.ps1 +++ b/src/Store/New-CredentialStore.ps1 @@ -96,7 +96,7 @@ function New-CredentialStore { } Write-Error @ErrorParams } - elseif ( ($null -eq $Path.Extension) -or ($Path.Extension -ne '*.json')) { + elseif ( ($null -eq $Path.Extension) -or ($Path.Extension -ne '.json')) { $ErrorParams = @{ ErrorAction = 'Stop' Exception = [System.IO.InvalidDataException]::new( -- 2.40.1 From dd17ac4feda85e5a56d4a2fa6005f99ef60939a0 Mon Sep 17 00:00:00 2001 From: OCram85 Date: Wed, 3 Apr 2019 14:28:25 +0200 Subject: [PATCH 09/25] add linux error message --- src/Item/New-CredentialStoreItem.ps1 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/Item/New-CredentialStoreItem.ps1 b/src/Item/New-CredentialStoreItem.ps1 index 37d0f3d..4119aab 100644 --- a/src/Item/New-CredentialStoreItem.ps1 +++ b/src/Item/New-CredentialStoreItem.ps1 @@ -122,6 +122,9 @@ function New-CredentialStoreItem { $_.Thumbprint -eq $CSContent.Thumbprint } | Select-Object -First 1 if ($null -eq $Cert) { + if ($isLinux) { + throw "There is no windows certificate store on linux systems!" + } $ErrorParams = @{ ErrorAction = 'Stop' Exception = [System.Exception]::new( -- 2.40.1 From 006b9b6b5fa5ba3110343d58ec1c9bc64321fb97 Mon Sep 17 00:00:00 2001 From: OCram85 Date: Wed, 3 Apr 2019 14:29:41 +0200 Subject: [PATCH 10/25] fix pester test for linux --- tests/Store/02_New-CredentialStore.Tests.ps1 | 42 ++++++++++++-------- 1 file changed, 26 insertions(+), 16 deletions(-) diff --git a/tests/Store/02_New-CredentialStore.Tests.ps1 b/tests/Store/02_New-CredentialStore.Tests.ps1 index 2d25e24..ea1fc02 100644 --- a/tests/Store/02_New-CredentialStore.Tests.ps1 +++ b/tests/Store/02_New-CredentialStore.Tests.ps1 @@ -46,7 +46,7 @@ Describe "New-CredentialStore" { Test-Path -Path $sCS | Should -Be $true } It "Test2: Try to override existing shared CS" { - {New-CredentialStore -Shared -Confirm:$false} | Should -Throw + { New-CredentialStore -Shared -Confirm:$false } | Should -Throw } It "Test3: Reset shared CredentialStore" { $now = Get-Date @@ -59,33 +59,43 @@ Describe "New-CredentialStore" { Context "Custom Shared CS tests" { $cCS = Join-Path -Path (Get-TempDir) -ChildPath "CredentialStore.json" It "Test1: Create new custom shared" { - {New-CredentialStore -Path $cCS -Shared -Confirm:$false} | Should -Not -Throw + { New-CredentialStore -Path $cCS -Shared -Confirm:$false } | Should -Not -Throw } It "Test2: Try to override exiting one" { - {New-CredentialStore -Path $cCS -Shared -Confirm:$false} | Should -Throw + { New-CredentialStore -Path $cCS -Shared -Confirm:$false } | Should -Throw } It "Test3: Reset existing custom CredentialStore" { - {New-CredentialStore -Path $cCS -Shared -Force -Confirm:$false} | Should -Not -Throw + { New-CredentialStore -Path $cCS -Shared -Force -Confirm:$false } | Should -Not -Throw } } Context "Test exception handling" { - Mock Out-File {throw "foobar exception"} + Mock Out-File { throw "foobar exception" } It "JSON Conversion should fail and throw" { - { New-CredentialStore -Path (Join-Path -Path (Get-TempDir) -ChildPath '/dummy.json') -Shared -Confirm:$false} | Should -Throw + { New-CredentialStore -Path (Join-Path -Path (Get-TempDir) -ChildPath '/dummy.json') -Shared -Confirm:$false } | Should -Throw } } Context "Tests for Windows certificate store" { - It "Create new private store and skipt certificate linkin" { - { New-CredentialStore -UseCertStore -Force } | Should -Not -Throw - $CS = Get-CredentialStore - $CS.PfxCertificate | Should -Be $null - $CS.Thumbprint | Should -Not -Be $null + It "Create new private store and skip certificate linking" { + if (! $isLinux) { + { New-CredentialStore -UseCertStore -Force } | Should -Not -Throw + $CS = Get-CredentialStore + $CS.PfxCertificate | Should -Be $null + $CS.Thumbprint | Should -Not -Be $null + } + else { + { New-CredentialStore -UseCertStore -Force } | Should -Throw + } } - It "Create new shared store and skipt certificate linkin" { - { New-CredentialStore -Shared -UseCertStore -Force } | Should -Not -Throw - $CS = Get-CredentialStore -Shared - $CS.PfxCertificate | Should -Be $null - $CS.Thumbprint | Should -Not -Be $null + It "Create new shared store and skipt certificate linking" { + if (! $isLinux) { + { New-CredentialStore -Shared -UseCertStore -Force } | Should -Not -Throw + $CS = Get-CredentialStore -Shared + $CS.PfxCertificate | Should -Be $null + $CS.Thumbprint | Should -Not -Be $null + } + else { + { New-CredentialStore -Shared -UseCertStore -Force } | Should -Throw + } } } } -- 2.40.1 From 36b4ee31bbe4c87f7b49096284fbc11ee3a18543 Mon Sep 17 00:00:00 2001 From: OCram85 Date: Thu, 4 Apr 2019 15:40:55 +0200 Subject: [PATCH 11/25] update cert helper functions --- src/Certificate/Get-CSCertificate.ps1 | 81 +++++++++++++++++ .../Import-CSCertificate.ps1 | 49 +++++++++-- src/Certificate/Test-CSCertificate.ps1 | 86 +++++++++++++++++++ 3 files changed, 209 insertions(+), 7 deletions(-) create mode 100644 src/Certificate/Get-CSCertificate.ps1 rename src/{Private => Certificate}/Import-CSCertificate.ps1 (56%) create mode 100644 src/Certificate/Test-CSCertificate.ps1 diff --git a/src/Certificate/Get-CSCertificate.ps1 b/src/Certificate/Get-CSCertificate.ps1 new file mode 100644 index 0000000..0e2cd6e --- /dev/null +++ b/src/Certificate/Get-CSCertificate.ps1 @@ -0,0 +1,81 @@ +function Get-CSCertificate { + <# + .SYNOPSIS + Returns the certificate object given by thumbprint. + + .DESCRIPTION + You can use this function to get a stored certificate. Search for the object by its unique thumbprint. + + .PARAMETER Thumbprint + Provide one or more thumprints. + + .PARAMETER StoreName + Select the store name in which you want to search the certificates. + + .PARAMETER StoreLocation + Select between the both available locations CurrentUser odr LocalMachine. + + .INPUTS + [string] + + .OUTPUTS + [System.Security.Cryptography.X509Certificates.X509Certificate2[]] + + .EXAMPLE + Get-CSCertificate -Thumbprint '12345678' -StoreName 'My' -StoreLocation 'CurrentUser' + + .NOTES + File Name : Get-CSCertificate.ps1 + Author : Marco Blessing - marco.blessing@googlemail.com + Requires : + + .LINK + https://github.com/OCram85/PSCredentialStore + #> + [CmdletBinding()] + [OutputType([System.Security.Cryptography.X509Certificates.X509Certificate2])] + param( + [Parameter(Mandatory = $true, ValueFromPipeline = $true)] + [ValidateNotNullOrEmpty()] + [string[]]$Thumbprint, + + [Parameter(Mandatory = $false)] + [ValidateSet( + 'AddressBook', + 'AuthRoot', + 'CertificateAuthority', + 'Disallowed', + 'My', + 'Root', + 'TrustedPeople', + 'TrustedPublisher' + )] + [string]$StoreName = 'My', + + [Parameter(Mandatory = $false)] + [ValidateSet( + 'CurrentUser', + 'LocalMachine' + )] + [string]$StoreLocation = 'CurrentUser' + ) + + begin { + $Store = [System.Security.Cryptography.X509Certificates.X509Store]::New($StoreName, $StoreLocation) + try { + $Store.Open('ReadOnly') + } + catch { + $_.Exception.Message | Write-Error -ErrorAction Stop + } + } + + process { + foreach ($Thumb in $Thumbprint) { + Write-Output $Store.Certificates | Where-Object { $_.Thumbprint -eq $Thumb } + } + } + end { + $Store.Close() + } +} diff --git a/src/Private/Import-CSCertificate.ps1 b/src/Certificate/Import-CSCertificate.ps1 similarity index 56% rename from src/Private/Import-CSCertificate.ps1 rename to src/Certificate/Import-CSCertificate.ps1 index bd15035..0274a88 100644 --- a/src/Private/Import-CSCertificate.ps1 +++ b/src/Certificate/Import-CSCertificate.ps1 @@ -12,7 +12,7 @@ function Import-CSCertificate { Path to an existing *.pfx certificate file. .PARAMETER StoreName - Additionally you change change the store where you want the certificate into + Additionally you change change the store where you want the certificate into. .INPUTS [None] @@ -39,7 +39,6 @@ function Import-CSCertificate { [string]$Path, [Parameter(Mandatory = $false)] - [ValidateNotNullOrEmpty()] [ValidateSet( 'AddressBook', 'AuthRoot', @@ -50,16 +49,52 @@ function Import-CSCertificate { 'TrustedPeople', 'TrustedPublisher' )] - [string]$StoreName = 'My' + [string]$StoreName = 'My', + + [Parameter(Mandatory = $false)] + [ValidateSet( + 'CurrentUser', + 'LocalMachine' + )] + [string]$StoreLocation = 'CurrentUser', + + [Parameter(Mandatory = $false)] + [ValidateSet( + 'ReadOnly', + 'ReadWrite', + 'MaxAllowed', + 'OpenExistingOnly', + 'InclueArchived' + )] + [string]$OpenFlags = 'ReadWrite' ) begin { - $Store = [System.Security.Cryptography.X509Certificates.X509Store]::new('My') - $Store.Open('ReadWrite') + $Store = [System.Security.Cryptography.X509Certificates.X509Store]::new($StoreName, $StoreLocation) + try { + $Store.Open($OpenFlags) + } + catch { + $_.Exception.Message | Write-Error -ErrorAction Stop + } } process { try { - $cert = Get-PfxCertificate -FilePath $Path -ErrorAction Stop - $Store.Add($cert) + $cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new() + $cert.Import( + $Path, + $null, + ( + [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable -bor + [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet + ) + ) + + if (Test-CSCertificate -Thumbprint $cert.Thumbprint) { + Write-Warning -Message ('The certificate with thumbprint {0} is already present!' -f $cert.Thumbprint) + } + else { + $Store.Add($cert) + } } catch { $_.Exception.Message | Write-Error diff --git a/src/Certificate/Test-CSCertificate.ps1 b/src/Certificate/Test-CSCertificate.ps1 new file mode 100644 index 0000000..eef6f28 --- /dev/null +++ b/src/Certificate/Test-CSCertificate.ps1 @@ -0,0 +1,86 @@ +function Test-CSCertificate { + <# + .SYNOPSIS + Tests if the given certificate exists in a store. + + .DESCRIPTION + Use this function to ensure if a certificate is already imported into a given store. + + .PARAMETER Thumbprint + Provide one or more thumprints. + + .PARAMETER StoreName + Select the store name in which you want to search the certificates. + + .PARAMETER StoreLocation + Select between the both available locations CurrentUser odr LocalMachine. + + .INPUTS + [None] + + .OUTPUTS + [bool] + + .EXAMPLE + Test-CSCertificate -Thumbprint '12345678' -StoreName 'My' -StoreLocation 'CurrentUser' + + .NOTES + File Name : Test-CSCertificate.ps1 + Author : Marco Blessing - marco.blessing@googlemail.com + Requires : + + .LINK + https://github.com/OCram85/PSCredentialStore + #> + [CmdletBinding()] + [OutputType([bool])] + param( + [Parameter(Mandatory = $true, ValueFromPipeline = $true)] + [ValidateNotNullOrEmpty()] + [string]$Thumbprint, + + [Parameter(Mandatory = $false)] + [ValidateSet( + 'AddressBook', + 'AuthRoot', + 'CertificateAuthority', + 'Disallowed', + 'My', + 'Root', + 'TrustedPeople', + 'TrustedPublisher' + )] + [string]$StoreName = 'My', + + [Parameter(Mandatory = $false)] + [ValidateSet( + 'CurrentUser', + 'LocalMachine' + )] + [string]$StoreLocation = 'CurrentUser' + ) + + begin { + $Store = [System.Security.Cryptography.X509Certificates.X509Store]::New($StoreName, $StoreLocation) + try { + $Store.Open('ReadOnly') + } + catch { + $_.Exception.Message | Write-Error -ErrorAction Stop + } + } + + process { + $Cert = $Store.Certificates | Where-Object { $_.Thumbprint -eq $Thumb } + + if ($null -eq $Cert) { + return $false + } + else { + return $true + } + } + end { + $Store.Close() + } +} -- 2.40.1 From ec004c4f03ae5604dd534dd1f92e355f065e298c Mon Sep 17 00:00:00 2001 From: OCram85 Date: Thu, 4 Apr 2019 15:41:10 +0200 Subject: [PATCH 12/25] export helper functions --- src/PSCredentialStore.psd1 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/PSCredentialStore.psd1 b/src/PSCredentialStore.psd1 index 6ecd6e6..bc4c09a 100644 --- a/src/PSCredentialStore.psd1 +++ b/src/PSCredentialStore.psd1 @@ -63,8 +63,11 @@ # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export. FunctionsToExport = @( # Certificate + 'Get-CSCertificate', + 'Import-CSCertificate', 'New-CRTAttribute', 'New-PfxCertificate', + 'Test-CSCertificate', 'Use-PfxCertificate', # Connection 'Connect-To', -- 2.40.1 From b787342b694108a1f2d85aa346474ef173e2f407 Mon Sep 17 00:00:00 2001 From: OCram85 Date: Thu, 4 Apr 2019 15:51:08 +0200 Subject: [PATCH 13/25] fix cs cert import --- src/Store/New-CredentialStore.ps1 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/Store/New-CredentialStore.ps1 b/src/Store/New-CredentialStore.ps1 index f166181..b172e28 100644 --- a/src/Store/New-CredentialStore.ps1 +++ b/src/Store/New-CredentialStore.ps1 @@ -159,6 +159,7 @@ function New-CredentialStore { Confirm = $false } + # test if there is already a cert if ((Test-Path $PfxParams.CertName) -and (! $Force.IsPresent)) { $ErrorParams = @{ Exception = [System.IO.InvalidDataException]::new( @@ -208,8 +209,8 @@ function New-CredentialStore { $ObjProperties.PfxCertificate = $PfxParams.CertName } else { - Write-Verbose 'Importing new PFX certifiate file' - Import-CSCertificate -Path $PfxParams.CertName + Write-Verbose 'Importing new PFX certificate file...' + Import-CSCertificate -Path $PfxParams.CertName -StoreName My -StoreLocation CurrentUser } } -- 2.40.1 From fe6a687e14292052c4c8023ba1eed73979a7346c Mon Sep 17 00:00:00 2001 From: OCram85 Date: Thu, 4 Apr 2019 15:52:01 +0200 Subject: [PATCH 14/25] simplify cs cret lookup --- src/Item/New-CredentialStoreItem.ps1 | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/src/Item/New-CredentialStoreItem.ps1 b/src/Item/New-CredentialStoreItem.ps1 index 4119aab..81a3524 100644 --- a/src/Item/New-CredentialStoreItem.ps1 +++ b/src/Item/New-CredentialStoreItem.ps1 @@ -118,16 +118,11 @@ function New-CredentialStoreItem { if ($Credential.UserName) { try { if ($null -eq $CSContent.PfxCertificate) { - $Cert = Get-ChildItem -Recurse -Path 'Cert:' | Where-Object { - $_.Thumbprint -eq $CSContent.Thumbprint - } | Select-Object -First 1 + $Cert = Get-CSCertificate -Thumbprint $CSContent.Thumbprint if ($null -eq $Cert) { - if ($isLinux) { - throw "There is no windows certificate store on linux systems!" - } $ErrorParams = @{ ErrorAction = 'Stop' - Exception = [System.Exception]::new( + Exception = [System.Security.Cryptography.X509Certificates.FileNotFoundException]::new( ('Could not find the linked certificate with thumbprint {0}' -f $CSContent.Thumbprint) ) } -- 2.40.1 From 191fb4e8d873ea4158065eda18e96d0d6fa2b1c7 Mon Sep 17 00:00:00 2001 From: OCram85 Date: Thu, 4 Apr 2019 15:52:21 +0200 Subject: [PATCH 15/25] remove obsolete functions --- src/Store/Update-CredentialStore.ps1 | 140 --------------------------- 1 file changed, 140 deletions(-) delete mode 100644 src/Store/Update-CredentialStore.ps1 diff --git a/src/Store/Update-CredentialStore.ps1 b/src/Store/Update-CredentialStore.ps1 deleted file mode 100644 index e85d7e7..0000000 --- a/src/Store/Update-CredentialStore.ps1 +++ /dev/null @@ -1,140 +0,0 @@ -function Update-CredentialStore { - <# - .SYNOPSIS - A brief description of the function or script. - - .DESCRIPTION - Describe the function of the script using a single sentence or more. - - .PARAMETER One - Description of the Parameter (what it does) - - .INPUTS - Describe the script input parameters (if any), otherwise it may also list the word "[None]". - - .OUTPUTS - Describe the script output parameters (if any), otherwise it may also list the word "[None]". - - .EXAMPLE - .\Remove-Some-Script.ps1 -One content - - .NOTES - File Name : Update-CredentialStore.ps1 - Author : Marco Blessing - marco.blessing@googlemail.com - Requires : - - .LINK - https://github.com/OCram85/PSCredentialStore - #> - [CmdletBinding()] - [OutputType()] - param( - [Parameter(Mandatory = $false)] - [ValidateNotNullOrEmpty()] - [Version]$From = '1.2.0', - - [Parameter(Mandatory = $false)] - [ValidateNotNullOrEmpty()] - [Version]$To = '2.0.0', - - [Parameter(Mandatory = $true)] - [ValidateNotNullOrEmpty()] - [string]$Path, - - [Parameter(Mandatory = $true)] - [ValidateNotNullOrEmpty()] - [string]$PfxCertificate - - ) - begin { - } - process { - if (Test-Path -Path $Path) { - $CSOld = Get-CredentialStore -Shared -Path $Path -ErrorAction Stop - if ($CSOld.Version -ne $From) { - $ErrorParams = @{ - Message = 'Can not migrate CredentialStore from version {0} to {1}' -f $From, $To - ErrorAction = 'Stop' - Exception = [System.Exception]::new() - } - Write-Error @ErrorParams - } - - $CSNew = [PSCustomObject]@{ - PSTypeName = 'PSCredentialStore.Store' - Version = $To - Created = $CurrentDate - PfxCertificate = $null - Thumbprint = $null - Type = $null - } - - if ($PWD -eq (Get-DefaultCredentialStorePath)) { - $CSNew.Type = 'Private' - } - elseif ($PWD -eq (Get-DefaultCredentialStorePath -Shared)) { - $CSNew.Type = 'Shared' - } - else { - $ErrorParams = @{ - Message = 'Can not determine a valid CredentialStore Type!' - ErrorAction = 'Stop' - Exception = [System.Exception]::new() - } - Write-Error @ErrorParams - } - $Cert = Get-PfxCertificate -FilePath $PfxCertificate -ErrorAction Stop - - $CSNew.PfxCertificate = Join-Path -Path $PfxCertificate - $CSNew.Thumbprint = $Cert.Thumbprint - - - $CredentialItems = $CSOld | Get-Member -MemberType NoteProperty | Where-Object { - $_.Definition -like "*.PSCustomObject*" - } | Select-Object -ExpandProperty Name - - # iterate through all existing items - foreach ($Item in $CredentialItems) { - - $CurrentDate = Get-Date -UFormat "%Y-%m-%d %H:%M:%S" - $RSAKey = Get-RandomAESKey - - $CredentialObj = [PSCustomObject]@{ - User = $Item.UserName - Password = $null - Created = $CurrentDate - LastChange = $null - EncryptedKey = [Convert]::ToBase64String( - $Cert.PublicKey.Key.Encrypt( - $RSAKey, - [System.Security.Cryptography.RSAEncryptionPadding]::Pkcs1 - ) - ) - } - if ($CSOld.Type -eq 'Private') { - $CredentialObject.Password = ConvertTo-SecureString -SecureString $Item.Password | ConvertFrom-SecureString -Key $RSAKey - } - elseif ($CSNew.Type -eq 'Shared') { - $ChallengeKey = [io.file]::ReadAllBytes((Join-Path -Path $PWD -ChildPath '/Challenge.bin')) - $CredentialObject.Password = ConvertTo-SecureString -SecureString $Item.Password -Key $ChallengeKey | ConvertFrom-SecureString -Key $RSAKey - } - Add-Member -InputObject $CSNew -Name ( - ($Item | Get-Variable).Name - ) -MemberType NoteProperty -Value $CredentialObj - } - $CSNew | ConvertTo-Json -Depth 5 | Out-File -LiteralPath ( - Join-Path -Path $PWD -ChildPath './CredentialStore.json' - ) -Encoding utf8 -Confirm:$true - } - else { - $ErrorParams = @{ - Message = 'Could not find the given CredentialStore path!' - ErrorAction = 'Stop' - Exception = [System.IO.FileNotFoundException]::new() - } - Write-Error @ErrorParams - } - } - end { - } -} -- 2.40.1 From 8bc8135775a6720e825ccc065468aae7d4e1a0d0 Mon Sep 17 00:00:00 2001 From: OCram85 Date: Thu, 4 Apr 2019 15:52:32 +0200 Subject: [PATCH 16/25] fix pester test for linux --- tests/Store/02_New-CredentialStore.Tests.ps1 | 33 +++++++++----------- 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/tests/Store/02_New-CredentialStore.Tests.ps1 b/tests/Store/02_New-CredentialStore.Tests.ps1 index ea1fc02..4400798 100644 --- a/tests/Store/02_New-CredentialStore.Tests.ps1 +++ b/tests/Store/02_New-CredentialStore.Tests.ps1 @@ -76,26 +76,23 @@ Describe "New-CredentialStore" { } Context "Tests for Windows certificate store" { It "Create new private store and skip certificate linking" { - if (! $isLinux) { - { New-CredentialStore -UseCertStore -Force } | Should -Not -Throw - $CS = Get-CredentialStore - $CS.PfxCertificate | Should -Be $null - $CS.Thumbprint | Should -Not -Be $null - } - else { - { New-CredentialStore -UseCertStore -Force } | Should -Throw - } + { New-CredentialStore -UseCertStore -Force } | Should -Not -Throw + $CS = Get-CredentialStore + $CS.PfxCertificate | Should -Be $null + $CS.Thumbprint | Should -Not -Be $null + $res = Test-CSCertificate -Thumbprint $CS.Thumbprint -StoreName My -StoreLocation CurrentUser + Write-Verbose -Message ('res: {0}' -f $res) -Verbose + $res | Should -Be $true + } It "Create new shared store and skipt certificate linking" { - if (! $isLinux) { - { New-CredentialStore -Shared -UseCertStore -Force } | Should -Not -Throw - $CS = Get-CredentialStore -Shared - $CS.PfxCertificate | Should -Be $null - $CS.Thumbprint | Should -Not -Be $null - } - else { - { New-CredentialStore -Shared -UseCertStore -Force } | Should -Throw - } + { New-CredentialStore -Shared -UseCertStore -Force } | Should -Not -Throw + $CS = Get-CredentialStore -Shared + $CS.PfxCertificate | Should -Be $null + $CS.Thumbprint | Should -Not -Be $null + Test-CSCertificate -Thumbprint $CS.Thumbprint -StoreName My -StoreLocation CurrentUser + Write-Verbose -Message ('res: {0}' -f $res) -Verbose + $res | Should -Be $true } } } -- 2.40.1 From ec72c1bf13c17989b2eabeb0b7fdf0d020ac1f61 Mon Sep 17 00:00:00 2001 From: OCram85 Date: Thu, 4 Apr 2019 16:04:59 +0200 Subject: [PATCH 17/25] fix error type for linux --- src/Certificate/Import-CSCertificate.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Certificate/Import-CSCertificate.ps1 b/src/Certificate/Import-CSCertificate.ps1 index 0274a88..ce3c18a 100644 --- a/src/Certificate/Import-CSCertificate.ps1 +++ b/src/Certificate/Import-CSCertificate.ps1 @@ -100,7 +100,7 @@ function Import-CSCertificate { $_.Exception.Message | Write-Error $ErrorParams = @{ ErrorAction = 'Stop' - Exception = [System.Security.Cryptography.Exception]::new( + Exception = [System.Exception]::new( 'Could not read or add the pfx certificate!' ) } -- 2.40.1 From 4b9b1383dca9a930ac42aaa7b2b36cc25bd27e93 Mon Sep 17 00:00:00 2001 From: OCram85 Date: Thu, 4 Apr 2019 16:08:31 +0200 Subject: [PATCH 18/25] fix var name --- src/Certificate/Test-CSCertificate.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Certificate/Test-CSCertificate.ps1 b/src/Certificate/Test-CSCertificate.ps1 index eef6f28..7a6c97f 100644 --- a/src/Certificate/Test-CSCertificate.ps1 +++ b/src/Certificate/Test-CSCertificate.ps1 @@ -71,7 +71,7 @@ function Test-CSCertificate { } process { - $Cert = $Store.Certificates | Where-Object { $_.Thumbprint -eq $Thumb } + $Cert = $Store.Certificates | Where-Object { $_.Thumbprint -eq $Thumbprint } if ($null -eq $Cert) { return $false -- 2.40.1 From 8b1c26f08b12c6e44d8b9a8c6d8b2f48015856aa Mon Sep 17 00:00:00 2001 From: OCram85 Date: Thu, 4 Apr 2019 16:08:57 +0200 Subject: [PATCH 19/25] fix pester test --- tests/Store/02_New-CredentialStore.Tests.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/Store/02_New-CredentialStore.Tests.ps1 b/tests/Store/02_New-CredentialStore.Tests.ps1 index 4400798..028504d 100644 --- a/tests/Store/02_New-CredentialStore.Tests.ps1 +++ b/tests/Store/02_New-CredentialStore.Tests.ps1 @@ -81,7 +81,7 @@ Describe "New-CredentialStore" { $CS.PfxCertificate | Should -Be $null $CS.Thumbprint | Should -Not -Be $null $res = Test-CSCertificate -Thumbprint $CS.Thumbprint -StoreName My -StoreLocation CurrentUser - Write-Verbose -Message ('res: {0}' -f $res) -Verbose + #Write-Verbose -Message ('res: {0}' -f $res) -Verbose $res | Should -Be $true } @@ -90,8 +90,8 @@ Describe "New-CredentialStore" { $CS = Get-CredentialStore -Shared $CS.PfxCertificate | Should -Be $null $CS.Thumbprint | Should -Not -Be $null - Test-CSCertificate -Thumbprint $CS.Thumbprint -StoreName My -StoreLocation CurrentUser - Write-Verbose -Message ('res: {0}' -f $res) -Verbose + $res = Test-CSCertificate -Thumbprint $CS.Thumbprint -StoreName My -StoreLocation CurrentUser + #Write-Verbose -Message ('res: {0}' -f $res) -Verbose $res | Should -Be $true } } -- 2.40.1 From 9b6a3047fc9e9a8eed673f2233802ef4f0275ca3 Mon Sep 17 00:00:00 2001 From: OCram85 Date: Thu, 4 Apr 2019 16:10:10 +0200 Subject: [PATCH 20/25] disable travis artifact upload --- .travis.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index cf9fb42..2a043d4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -20,10 +20,9 @@ matrix: fast_finish: true -addons: - artifacts: - #paths: $(ls ./../dist/PowerShellGet.zip | tr "\n" ":") - paths: ./dist/PowerShellGet.zip +#addons: +# artifacts: +# paths: ./dist/PowerShellGet.zip install: -- 2.40.1 From 67894417580bae7d870e37736491c573259593ef Mon Sep 17 00:00:00 2001 From: OCram85 Date: Thu, 4 Apr 2019 16:14:24 +0200 Subject: [PATCH 21/25] update cert lookup for item functions --- src/Item/Get-CredentialStoreItem.ps1 | 4 +--- src/Item/Set-CredentialStoreItem.ps1 | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/src/Item/Get-CredentialStoreItem.ps1 b/src/Item/Get-CredentialStoreItem.ps1 index c20bdb9..f82f581 100644 --- a/src/Item/Get-CredentialStoreItem.ps1 +++ b/src/Item/Get-CredentialStoreItem.ps1 @@ -89,9 +89,7 @@ function Get-CredentialStoreItem { if (($CSMembers.MemberType -eq "NoteProperty") -and ($CSMembers.Name -contains $CredentialName)) { try { if ($null -eq $CS.PfxCertificate) { - $Cert = Get-ChildItem -Recurse -Path 'Cert:' | Where-Object { - $_.Thumbprint -eq $CS.Thumbprint - } | Select-Object -First 1 + $Cert = Get-CSCertificate -Thumbprint $CS.Thumbprint } else { $Cert = Get-PfxCertificate -FilePath $CS.PfxCertificate -ErrorAction Stop diff --git a/src/Item/Set-CredentialStoreItem.ps1 b/src/Item/Set-CredentialStoreItem.ps1 index a340e93..313857e 100644 --- a/src/Item/Set-CredentialStoreItem.ps1 +++ b/src/Item/Set-CredentialStoreItem.ps1 @@ -104,9 +104,7 @@ function Set-CredentialStoreItem { if ($Credential.UserName) { try { if ($null -eq $CSContent.PfxCertificate) { - $Cert = Get-ChildItem -Recurse -Path 'Cert:' | Where-Object { - $_.Thumbprint -eq $CSContent.Thumbprint - } | Select-Object -First 1 + $Cert = Get-CSCertificate -Thumbprint $CSContent.Thumbprint } else { $Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop -- 2.40.1 From 4ea71a2bba0ddc82cbcb4fa8113bc3b15ae533a0 Mon Sep 17 00:00:00 2001 From: OCram85 Date: Thu, 4 Apr 2019 16:21:48 +0200 Subject: [PATCH 22/25] debug build error --- src/Certificate/Import-CSCertificate.ps1 | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/Certificate/Import-CSCertificate.ps1 b/src/Certificate/Import-CSCertificate.ps1 index ce3c18a..c309e17 100644 --- a/src/Certificate/Import-CSCertificate.ps1 +++ b/src/Certificate/Import-CSCertificate.ps1 @@ -97,14 +97,14 @@ function Import-CSCertificate { } } catch { - $_.Exception.Message | Write-Error - $ErrorParams = @{ - ErrorAction = 'Stop' - Exception = [System.Exception]::new( - 'Could not read or add the pfx certificate!' - ) - } - Write-Error @ErrorParams + $_.Exception.Message | Write-Error -ErrorAction Stop + #$ErrorParams = @{ + # ErrorAction = 'Stop' + # Exception = [System.Exception]::new( + # 'Could not read or add the pfx certificate!' + # ) + #} + #Write-Error @ErrorParams } } end { -- 2.40.1 From 4386f0dfd632cbc03fd845934b77ae54648d27bf Mon Sep 17 00:00:00 2001 From: OCram85 Date: Thu, 4 Apr 2019 16:44:32 +0200 Subject: [PATCH 23/25] use cert instance constructor for linux --- src/Certificate/Import-CSCertificate.ps1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/Certificate/Import-CSCertificate.ps1 b/src/Certificate/Import-CSCertificate.ps1 index c309e17..219ef32 100644 --- a/src/Certificate/Import-CSCertificate.ps1 +++ b/src/Certificate/Import-CSCertificate.ps1 @@ -79,8 +79,7 @@ function Import-CSCertificate { } process { try { - $cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new() - $cert.Import( + $cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new( $Path, $null, ( -- 2.40.1 From 7a56f2ff619dc95bf2aa2764a3cd4c6274d8f661 Mon Sep 17 00:00:00 2001 From: OCram85 Date: Thu, 4 Apr 2019 16:54:36 +0200 Subject: [PATCH 24/25] disable debug output --- src/Certificate/Import-CSCertificate.ps1 | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/Certificate/Import-CSCertificate.ps1 b/src/Certificate/Import-CSCertificate.ps1 index 219ef32..6738036 100644 --- a/src/Certificate/Import-CSCertificate.ps1 +++ b/src/Certificate/Import-CSCertificate.ps1 @@ -97,13 +97,13 @@ function Import-CSCertificate { } catch { $_.Exception.Message | Write-Error -ErrorAction Stop - #$ErrorParams = @{ - # ErrorAction = 'Stop' - # Exception = [System.Exception]::new( - # 'Could not read or add the pfx certificate!' - # ) - #} - #Write-Error @ErrorParams + $ErrorParams = @{ + ErrorAction = 'Stop' + Exception = [System.Exception]::new( + 'Could not read or add the pfx certificate!' + ) + } + Write-Error @ErrorParams } } end { -- 2.40.1 From 0fb868ef7752b33fabda39514fbc673e72b9fe6f Mon Sep 17 00:00:00 2001 From: OCram85 Date: Thu, 4 Apr 2019 16:55:23 +0200 Subject: [PATCH 25/25] remove obsolete exports --- src/PSCredentialStore.psd1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/PSCredentialStore.psd1 b/src/PSCredentialStore.psd1 index bc4c09a..190a725 100644 --- a/src/PSCredentialStore.psd1 +++ b/src/PSCredentialStore.psd1 @@ -82,8 +82,7 @@ # Store 'Get-CredentialStore', 'New-CredentialStore', - 'Test-CredentialStore', - 'Update-CredentialStore' + 'Test-CredentialStore' ) # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export. -- 2.40.1