Fix Set-CredentialStoreItem #76

Merged
OCram85 merged 7 commits from pinguinfuss/PSCredentialStore:Fix-Set-CredentialStoreItem into master 2022-10-10 10:05:08 +02:00
Showing only changes of commit a36b53c1a5 - Show all commits

View File

@ -13,7 +13,7 @@ function Set-CredentialStoreItem {
Specify the host you for which you would like to change the credentials. Specify the host you for which you would like to change the credentials.
.PARAMETER Identifier .PARAMETER Identifier
Defaults to "". Specify a string, which separates two CredentialStoreItems for the Defaults to ''. Specify a string, which separates two CredentialStoreItems for the
same hostname. same hostname.
.PARAMETER Shared .PARAMETER Shared
@ -30,10 +30,10 @@ function Set-CredentialStoreItem {
[None] [None]
.EXAMPLE .EXAMPLE
Set-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local" Set-CredentialStoreItem -Path 'C:\TMP\mystore.json' -RemoteHost 'esx01.myside.local'
.EXAMPLE .EXAMPLE
Set-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local" -Identifier svc Set-CredentialStoreItem -Path 'C:\TMP\mystore.json' -RemoteHost 'esx01.myside.local' -Identifier svc
#> #>
[CmdletBinding(DefaultParameterSetName = 'Private')] [CmdletBinding(DefaultParameterSetName = 'Private')]
@ -65,7 +65,7 @@ function Set-CredentialStoreItem {
begin { begin {
# Set the CredentialStore for private, shared or custom mode. # Set the CredentialStore for private, shared or custom mode.
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName) Write-Debug ('ParameterSetName: {0}' -f $PSCmdlet.ParameterSetName)
if ($PSCmdlet.ParameterSetName -eq 'Private') { if ($PSCmdlet.ParameterSetName -eq 'Private') {
$Path = Get-DefaultCredentialStorePath $Path = Get-DefaultCredentialStorePath
} }
@ -77,32 +77,49 @@ function Set-CredentialStoreItem {
} }
process { process {
# Lets do a quick test on the given CredentialStore. # Define the default splatting.
if (-not(Test-CredentialStore -Shared -Path $Path)) { $DefaultSplatting = @{
Path = $Path
}
# Check if the user passed -Shared. If he added -Shared, we'll pass it into the splatting
if ($PSCmdlet.ParameterSetName -eq 'Shared') {
$DefaultSplatting.Add('Shared', $true)
}
# Now lets check the given CredentialStore.
if (-not(Test-CredentialStore @DefaultSplatting)) {
$MessageParams = @{ $MessageParams = @{
Message = 'Could not add anything into the given CredentailStore.' Message = ('The given CredentialStore ({0}) does no exist.' -f $Path)
ErrorAction = 'Stop' ErrorAction = 'Stop'
} }
Write-Error @MessageParams Write-Error @MessageParams
} }
# Read the file content based on the given ParameterSetName # Read the file content based on the given ParameterSetName
$CSContent = Get-CredentialStore -Shared -Path $Path $CSContent = Get-CredentialStore @DefaultSplatting
# Get a formatted current date for the last update time of the Item.
$CurrentDate = Get-Date -Format 'u' $CurrentDate = Get-Date -Format 'u'
if ($Identifier -ne "") { # Check if the user supplied an identifier. If so, we need to mangle the CredentialName, as that's where
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost # the identifier is actually added.
if ($Identifier -ne '') {
$CredentialName = $RemoteHost = '{0}/{1}' -f $Identifier, $RemoteHost
} }
else { else {
$CredentialName = $RemoteHost $CredentialName = $RemoteHost
} }
# If the user didn't supply a CredentialObject, we need to prompt for it.
if (-not($Credential)) { if (-not($Credential)) {
$Credential = Get-Credential -Message $CredentialName $Credential = Get-Credential -Message $CredentialName
} }
if ($Credential.UserName) { # If the username isn't empty, we ca go ahead and update the entry.
if ($null -ne $Credential.UserName -and -not [string]::IsNullOrWhiteSpace($Credential.UserName)) {
# Check if the path to the PfxCertificate is stored in the CredentialStore. If so load the certificate.
# If not, load try loading the certificate from the Filepath of the CredentialStore.
if ($null -eq $CSContent.PfxCertificate) { if ($null -eq $CSContent.PfxCertificate) {
$Cert = Get-CSCertificate -Type $CSContent.Type -Thumbprint $CSContent.Thumbprint $Cert = Get-CSCertificate -Type $CSContent.Type -Thumbprint $CSContent.Thumbprint
} }
@ -110,13 +127,17 @@ function Set-CredentialStoreItem {
$Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop $Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop
} }
# Now locate the Item.
if (Get-Member -InputObject $CSContent -Name $CredentialName -MemberType Properties) { if (Get-Member -InputObject $CSContent -Name $CredentialName -MemberType Properties) {
# Get a random AES key for the entry.
$RSAKey = Get-RandomAESKey $RSAKey = Get-RandomAESKey
$CSContent.$CredentialName.User = $Credential.UserName $CSContent.$CredentialName.User = $Credential.UserName
$ConvertParams = @{ $ConvertParams = @{
SecureString = $Credential.Password SecureString = $Credential.Password
Key = $RSAKey Key = $RSAKey
} }
# Now create a updated item containing the updated credentials.
$CSContent.$CredentialName.Password = ConvertFrom-SecureString @ConvertParams $CSContent.$CredentialName.Password = ConvertFrom-SecureString @ConvertParams
$CSContent.$CredentialName.LastChange = $CurrentDate $CSContent.$CredentialName.LastChange = $CurrentDate
$CSContent.$CredentialName.EncryptedKey = [Convert]::ToBase64String( $CSContent.$CredentialName.EncryptedKey = [Convert]::ToBase64String(
@ -125,10 +146,15 @@ function Set-CredentialStoreItem {
[System.Security.Cryptography.RSAEncryptionPadding]::Pkcs1 [System.Security.Cryptography.RSAEncryptionPadding]::Pkcs1
) )
) )
# Convert the CredentialStore back into JSON and save it to the file.
ConvertTo-Json -InputObject $CSContent -Depth 5 | Out-File -FilePath $Path -Encoding utf8 ConvertTo-Json -InputObject $CSContent -Depth 5 | Out-File -FilePath $Path -Encoding utf8
} }
else {
Write-Warning -Message ('Unable to locate CredentialStoreItem for {0}' -f $CredentialName)
} }
Else { }
else {
$MessageParams = @{ $MessageParams = @{
Message = 'Please Provide at least a valid user!' Message = 'Please Provide at least a valid user!'
ErrorAction = 'Stop' ErrorAction = 'Stop'