From a36b53c1a541120ba5112dd81198830987799f1c Mon Sep 17 00:00:00 2001 From: pinguinfuss Date: Thu, 6 Oct 2022 21:07:23 +0200 Subject: [PATCH 1/5] Write a error message if we cannot locate the CredentialStoreItem in the Store. Fix string quotation --- src/Item/Set-CredentialStoreItem.ps1 | 50 +++++++++++++++++++++------- 1 file changed, 38 insertions(+), 12 deletions(-) diff --git a/src/Item/Set-CredentialStoreItem.ps1 b/src/Item/Set-CredentialStoreItem.ps1 index 5a821a7..553853b 100644 --- a/src/Item/Set-CredentialStoreItem.ps1 +++ b/src/Item/Set-CredentialStoreItem.ps1 @@ -13,7 +13,7 @@ function Set-CredentialStoreItem { Specify the host you for which you would like to change the credentials. .PARAMETER Identifier - Defaults to "". Specify a string, which separates two CredentialStoreItems for the + Defaults to ''. Specify a string, which separates two CredentialStoreItems for the same hostname. .PARAMETER Shared @@ -30,10 +30,10 @@ function Set-CredentialStoreItem { [None] .EXAMPLE - Set-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local" + Set-CredentialStoreItem -Path 'C:\TMP\mystore.json' -RemoteHost 'esx01.myside.local' .EXAMPLE - Set-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local" -Identifier svc + Set-CredentialStoreItem -Path 'C:\TMP\mystore.json' -RemoteHost 'esx01.myside.local' -Identifier svc #> [CmdletBinding(DefaultParameterSetName = 'Private')] @@ -65,7 +65,7 @@ function Set-CredentialStoreItem { begin { # Set the CredentialStore for private, shared or custom mode. - Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName) + Write-Debug ('ParameterSetName: {0}' -f $PSCmdlet.ParameterSetName) if ($PSCmdlet.ParameterSetName -eq 'Private') { $Path = Get-DefaultCredentialStorePath } @@ -77,32 +77,49 @@ function Set-CredentialStoreItem { } process { - # Lets do a quick test on the given CredentialStore. - if (-not(Test-CredentialStore -Shared -Path $Path)) { + # Define the default splatting. + $DefaultSplatting = @{ + Path = $Path + } + + # Check if the user passed -Shared. If he added -Shared, we'll pass it into the splatting + if ($PSCmdlet.ParameterSetName -eq 'Shared') { + $DefaultSplatting.Add('Shared', $true) + } + + # Now lets check the given CredentialStore. + if (-not(Test-CredentialStore @DefaultSplatting)) { $MessageParams = @{ - Message = 'Could not add anything into the given CredentailStore.' + Message = ('The given CredentialStore ({0}) does no exist.' -f $Path) ErrorAction = 'Stop' } Write-Error @MessageParams } # Read the file content based on the given ParameterSetName - $CSContent = Get-CredentialStore -Shared -Path $Path + $CSContent = Get-CredentialStore @DefaultSplatting + # Get a formatted current date for the last update time of the Item. $CurrentDate = Get-Date -Format 'u' - if ($Identifier -ne "") { - $CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost + # Check if the user supplied an identifier. If so, we need to mangle the CredentialName, as that's where + # the identifier is actually added. + if ($Identifier -ne '') { + $CredentialName = $RemoteHost = '{0}/{1}' -f $Identifier, $RemoteHost } else { $CredentialName = $RemoteHost } + # If the user didn't supply a CredentialObject, we need to prompt for it. if (-not($Credential)) { $Credential = Get-Credential -Message $CredentialName } - if ($Credential.UserName) { + # If the username isn't empty, we ca go ahead and update the entry. + if ($null -ne $Credential.UserName -and -not [string]::IsNullOrWhiteSpace($Credential.UserName)) { + # Check if the path to the PfxCertificate is stored in the CredentialStore. If so load the certificate. + # If not, load try loading the certificate from the Filepath of the CredentialStore. if ($null -eq $CSContent.PfxCertificate) { $Cert = Get-CSCertificate -Type $CSContent.Type -Thumbprint $CSContent.Thumbprint } @@ -110,13 +127,17 @@ function Set-CredentialStoreItem { $Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop } + # Now locate the Item. if (Get-Member -InputObject $CSContent -Name $CredentialName -MemberType Properties) { + # Get a random AES key for the entry. $RSAKey = Get-RandomAESKey $CSContent.$CredentialName.User = $Credential.UserName $ConvertParams = @{ SecureString = $Credential.Password Key = $RSAKey } + + # Now create a updated item containing the updated credentials. $CSContent.$CredentialName.Password = ConvertFrom-SecureString @ConvertParams $CSContent.$CredentialName.LastChange = $CurrentDate $CSContent.$CredentialName.EncryptedKey = [Convert]::ToBase64String( @@ -125,10 +146,15 @@ function Set-CredentialStoreItem { [System.Security.Cryptography.RSAEncryptionPadding]::Pkcs1 ) ) + + # Convert the CredentialStore back into JSON and save it to the file. ConvertTo-Json -InputObject $CSContent -Depth 5 | Out-File -FilePath $Path -Encoding utf8 } + else { + Write-Warning -Message ('Unable to locate CredentialStoreItem for {0}' -f $CredentialName) + } } - Else { + else { $MessageParams = @{ Message = 'Please Provide at least a valid user!' ErrorAction = 'Stop' -- 2.40.1 From c0860152722a1292883901604c6e090c98e8cdfd Mon Sep 17 00:00:00 2001 From: pinguinfuss Date: Thu, 6 Oct 2022 21:07:41 +0200 Subject: [PATCH 2/5] Fix string quotation --- src/Item/Test-CredentialStoreItem.ps1 | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/Item/Test-CredentialStoreItem.ps1 b/src/Item/Test-CredentialStoreItem.ps1 index 66269e6..ec77438 100644 --- a/src/Item/Test-CredentialStoreItem.ps1 +++ b/src/Item/Test-CredentialStoreItem.ps1 @@ -33,11 +33,11 @@ function Test-CredentialStoreItem { [None] .EXAMPLE - if (Test-CredentialStoreItem -RemoteHost "Default") { - Get-CredentialStoreItem -RemoteHost "Default" + if (Test-CredentialStoreItem -RemoteHost 'Default') { + Get-CredentialStoreItem -RemoteHost 'Default' } else { - Write-Warning ("The given Remote Host {0} does not exist in the credential Store!" -f $RemoteHost) + Write-Warning ('The given Remote Host {0} does not exist in the credential Store!' -f $RemoteHost) } #> @@ -45,7 +45,7 @@ function Test-CredentialStoreItem { [OutputType([bool])] param ( [Parameter(Mandatory = $false, ParameterSetName = 'Shared')] - [string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData, + [string]$Path = '{0}\PSCredentialStore\CredentialStore.json' -f $env:ProgramData, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] @@ -61,7 +61,7 @@ function Test-CredentialStoreItem { begin { # Set the CredentialStore for private, shared or custom mode. - Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName) + Write-Debug ('ParameterSetName: {0}' -f $PSCmdlet.ParameterSetName) if ($PSCmdlet.ParameterSetName -eq 'Private') { $Path = Get-DefaultCredentialStorePath } @@ -73,8 +73,8 @@ function Test-CredentialStoreItem { } process { - if ($Identifier -ne "") { - $CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost + if ($Identifier -ne '') { + $CredentialName = $RemoteHost = '{0}/{1}' -f $Identifier, $RemoteHost } else { $CredentialName = $RemoteHost @@ -92,7 +92,7 @@ function Test-CredentialStoreItem { } else { $MsgParams = @{ - Message = "The given credential store ({0}) does not exist!" -f $Path + Message = 'The given credential store ({0}) does not exist!' -f $Path } Write-Warning @MsgParams return $false -- 2.40.1 From 90f82b137d39e420385fae04e0f7d83eed2f01d6 Mon Sep 17 00:00:00 2001 From: pinguinfuss Date: Thu, 6 Oct 2022 21:42:50 +0200 Subject: [PATCH 3/5] We need to always set -Shared (even if we have to set it to $false) --- src/Item/Set-CredentialStoreItem.ps1 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/Item/Set-CredentialStoreItem.ps1 b/src/Item/Set-CredentialStoreItem.ps1 index 553853b..26ede48 100644 --- a/src/Item/Set-CredentialStoreItem.ps1 +++ b/src/Item/Set-CredentialStoreItem.ps1 @@ -83,9 +83,12 @@ function Set-CredentialStoreItem { } # Check if the user passed -Shared. If he added -Shared, we'll pass it into the splatting - if ($PSCmdlet.ParameterSetName -eq 'Shared') { + if ($PSBoundParameters.ContainsKey('Shared')) { $DefaultSplatting.Add('Shared', $true) } + else { + $DefaultSplatting.Add('Shared', $false) + } # Now lets check the given CredentialStore. if (-not(Test-CredentialStore @DefaultSplatting)) { -- 2.40.1 From 025f18725bb0ac2f92ea049e2408697d4c3a896d Mon Sep 17 00:00:00 2001 From: pinguinfuss Date: Thu, 6 Oct 2022 21:43:14 +0200 Subject: [PATCH 4/5] Add unit tests for Set-CredentialStoreItem --- src/Item/Set-CredentialStoreItem.Tests.ps1 | 130 +++++++++++++++++++++ 1 file changed, 130 insertions(+) create mode 100644 src/Item/Set-CredentialStoreItem.Tests.ps1 diff --git a/src/Item/Set-CredentialStoreItem.Tests.ps1 b/src/Item/Set-CredentialStoreItem.Tests.ps1 new file mode 100644 index 0000000..218b812 --- /dev/null +++ b/src/Item/Set-CredentialStoreItem.Tests.ps1 @@ -0,0 +1,130 @@ +[Diagnostics.CodeAnalysis.SuppressMessageAttribute( + 'PSAvoidUsingConvertToSecureStringWithPlainText', + '', + Justification = 'just used in pester tests.' +)] +[Diagnostics.CodeAnalysis.SuppressMessageAttribute( + 'PSProvideCommentHelp', + '', + Justification = 'no need in internal pester helpers.' +)] +param () + +BeforeAll { + $ManifestFile = (Get-Item -Path "./src/*.psd1").FullName + Import-Module $ManifestFile -Force + + $PrivateFunctions = (Get-ChildItem -Path "./src/Private/*.ps1" | Where-Object { + $_.BaseName -notmatch '.Tests' + } + ).FullName + foreach ( $func in $PrivateFunctions) { + . $func + } + + # Backup existing credential stores + $VerbosePreference = "Continue" + Write-Verbose "Backup private Credential Store..." + $CSPath = Get-DefaultCredentialStorePath + $BackupFile = "{0}.back" -f $CSPath + if (Test-Path -Path $CSPath) { + Move-Item -Path $CSPath -Destination $BackupFile + } + Write-Verbose "Backup shared CredentialStore..." + $CSShared = Get-DefaultCredentialStorePath -Shared + $BackupSharedFile = "{0}.back" -f $CSShared + if (Test-Path -Path $CSShared) { + Move-Item -Path $CSShared -Destination $BackupSharedFile + } + Write-Verbose "Remove old CredentialStore in Temp dir" + $CSTemp = Join-Path -Path (Get-TempDir) -ChildPath '/CredentialStore.json' + if (Test-Path -Path $CSTemp) { + Remove-Item -Path $CSTemp + } + $VerbosePreference = "SilentlyContinue" +} + +Describe 'New-CredentialStoreItem' { + Context 'Private Credential Store tests' { + It 'Add entry to a private store.' { + # Create a fresh CredentialStore first + New-CredentialStore -Force + + # Define the content of the CredentialStoreItem. + $RemoteHost = 'barfoo' + $UserName = 'MyUser' + $Password = 'fooobarysdfsfs' | ConvertTo-SecureString -AsPlainText -Force + + # Form the CredentialObject. + $creds = [PSCredential]::new($UserName, $Password) + + # Create the CredentialStoreItem. + New-CredentialStoreItem -RemoteHost $RemoteHost -Credential $creds + + # Formulate an update to the CredentialStoreItem. + $ClearPassword = 'fooobaryadfafa' + $Password = $ClearPassword | ConvertTo-SecureString -AsPlainText -Force + $creds = [PSCredential]::new($UserName, $Password) + { + Set-CredentialStoreItem -RemoteHost $RemoteHost -Credential $creds + } | Should -Not -Throw + + # Control the content of the CredentialStore. + $content = Get-CredentialStoreItem -RemoteHost $RemoteHost + $content.GetNetworkCredential().Password | Should -Be $ClearPassword + } + } + Context 'Shared Credential Store tests' { + It 'Add entry to a shared store.' { + # Create a fresh CredentialStore first + $tmpCS = Join-Path -Path (Get-TempDir) -ChildPath '/CredentialStore.json' + New-CredentialStore -Path $tmpCS -Force -Shared + + # Define the content of the CredentialStoreItem. + $RemoteHost = 'barfoo' + $UserName = 'MyUser' + $Password = 'fooobarysdfsfs' | ConvertTo-SecureString -AsPlainText -Force + + # Form the CredentialObject. + $creds = [PSCredential]::new($UserName, $Password) + + # Create the CredentialStoreItem. + New-CredentialStoreItem -RemoteHost $RemoteHost -Credential $creds -Path $tmpCS -Shared + + # Formulate an update to the CredentialStoreItem. + $ClearPassword = 'fooobaryadfafa' + $Password = $ClearPassword | ConvertTo-SecureString -AsPlainText -Force + $creds = [PSCredential]::new($UserName, $Password) + + { + Set-CredentialStoreItem -RemoteHost $RemoteHost -Credential $creds -Path $tmpCS -Shared + } | Should -Not -Throw + + # Control the content of the CredentialStore. + $content = Get-CredentialStoreItem -RemoteHost $RemoteHost -Path $tmpCS -Shared + $content.GetNetworkCredential().Password | Should -Be $ClearPassword + } + } +} + +AfterAll { + # Cleanup test stores and restore existing ones. + $VerbosePreference = "Continue" + Write-Verbose "Restoring private CredentialStore" + If (Test-Path -Path $BackupFile) { + If (Test-Path -Path $CSPath) { + Remove-Item -Path $CSPath + Move-Item -Path $BackupFile -Destination $CSPath + } + } + + Write-Verbose "Restoring shared CredentialStore" + If (Test-Path -Path $BackupSharedFile) { + If (Test-Path -Path $CSShared) { + Remove-Item -Path $CSShared + Move-Item -Path $BackupSharedFile -Destination $CSShared + } + } + $VerbosePreference = "SilentlyContinue" + +} -- 2.40.1 From d19278c99d90fa9bcdd43ff30aae90e115a14724 Mon Sep 17 00:00:00 2001 From: pinguinfuss Date: Thu, 6 Oct 2022 21:51:24 +0200 Subject: [PATCH 5/5] Fix quotation --- src/Item/Set-CredentialStoreItem.Tests.ps1 | 26 +++++++++++----------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/src/Item/Set-CredentialStoreItem.Tests.ps1 b/src/Item/Set-CredentialStoreItem.Tests.ps1 index 218b812..c65b3b1 100644 --- a/src/Item/Set-CredentialStoreItem.Tests.ps1 +++ b/src/Item/Set-CredentialStoreItem.Tests.ps1 @@ -11,10 +11,10 @@ param () BeforeAll { - $ManifestFile = (Get-Item -Path "./src/*.psd1").FullName + $ManifestFile = (Get-Item -Path './src/*.psd1').FullName Import-Module $ManifestFile -Force - $PrivateFunctions = (Get-ChildItem -Path "./src/Private/*.ps1" | Where-Object { + $PrivateFunctions = (Get-ChildItem -Path './src/Private/*.ps1' | Where-Object { $_.BaseName -notmatch '.Tests' } ).FullName @@ -23,25 +23,25 @@ BeforeAll { } # Backup existing credential stores - $VerbosePreference = "Continue" - Write-Verbose "Backup private Credential Store..." + $VerbosePreference = 'Continue' + Write-Verbose -Message 'Backup private Credential Store...' $CSPath = Get-DefaultCredentialStorePath - $BackupFile = "{0}.back" -f $CSPath + $BackupFile = '{0}.back' -f $CSPath if (Test-Path -Path $CSPath) { Move-Item -Path $CSPath -Destination $BackupFile } - Write-Verbose "Backup shared CredentialStore..." + Write-Verbose -Message 'Backup shared CredentialStore...' $CSShared = Get-DefaultCredentialStorePath -Shared - $BackupSharedFile = "{0}.back" -f $CSShared + $BackupSharedFile = '{0}.back' -f $CSShared if (Test-Path -Path $CSShared) { Move-Item -Path $CSShared -Destination $BackupSharedFile } - Write-Verbose "Remove old CredentialStore in Temp dir" + Write-Verbose -Message 'Remove old CredentialStore in Temp dir' $CSTemp = Join-Path -Path (Get-TempDir) -ChildPath '/CredentialStore.json' if (Test-Path -Path $CSTemp) { Remove-Item -Path $CSTemp } - $VerbosePreference = "SilentlyContinue" + $VerbosePreference = 'SilentlyContinue' } Describe 'New-CredentialStoreItem' { @@ -109,8 +109,8 @@ Describe 'New-CredentialStoreItem' { AfterAll { # Cleanup test stores and restore existing ones. - $VerbosePreference = "Continue" - Write-Verbose "Restoring private CredentialStore" + $VerbosePreference = 'Continue' + Write-Verbose -Message 'Restoring private CredentialStore' If (Test-Path -Path $BackupFile) { If (Test-Path -Path $CSPath) { Remove-Item -Path $CSPath @@ -118,13 +118,13 @@ AfterAll { } } - Write-Verbose "Restoring shared CredentialStore" + Write-Verbose -Message 'Restoring shared CredentialStore' If (Test-Path -Path $BackupSharedFile) { If (Test-Path -Path $CSShared) { Remove-Item -Path $CSShared Move-Item -Path $BackupSharedFile -Destination $CSShared } } - $VerbosePreference = "SilentlyContinue" + $VerbosePreference = 'SilentlyContinue' } -- 2.40.1