forked from OCram85/PSCredentialStore
PowerShell 6 Core Support (#35)
## About This pull request reflects all changes done in the `linuxsupport` branch. ## Content - Enable PowerShell 6 Core support - Use PFX Certificate for encryption ( fixes #32 ) - Updates CI / CD pipeline ( fixes #31 ) - uses portable libressl ( fixes #34 ) - adds `-PassThru` switch for returning current `VIServer` session in `Connect-To` ( fixes #34 ) - adds git lfs for embedded libressl files - restructured internal functions into `Private` dir - added certificate related functions - adds travis build pipeline for tests
This commit is contained in:
GitHub
@ -41,11 +41,8 @@ function Get-CredentialStoreItem {
|
||||
#>
|
||||
|
||||
[CmdletBinding(DefaultParameterSetName = "Private")]
|
||||
[OutputType([System.Management.Automation.PSCredential])]
|
||||
[OutputType([PSCredential])]
|
||||
param(
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
|
||||
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Private")]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
@ -56,55 +53,72 @@ function Get-CredentialStoreItem {
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$Identifier,
|
||||
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
|
||||
[switch]$Shared,
|
||||
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[switch]$Shared
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$Path
|
||||
)
|
||||
|
||||
# First set a constand path for private CredentialStore mode.
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = "{0}\CredentialStore.json" -f $env:APPDATA
|
||||
begin {
|
||||
# Set the CredentialStore for private, shared or custom mode.
|
||||
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName)
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = Get-DefaultCredentialStorePath
|
||||
}
|
||||
elseif ($PSCmdlet.ParameterSetName -eq "Shared") {
|
||||
if (!($PSBoundParameters.ContainsKey('Path'))) {
|
||||
$Path = Get-DefaultCredentialStorePath -Shared
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($Identifier -ne "") {
|
||||
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
|
||||
}
|
||||
else {
|
||||
$CredentialName = $RemoteHost
|
||||
}
|
||||
process {
|
||||
if ($Identifier -ne "") {
|
||||
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
|
||||
}
|
||||
else {
|
||||
$CredentialName = $RemoteHost
|
||||
}
|
||||
|
||||
if (Test-CredentialStore -Path $Path) {
|
||||
$CS = Get-CredentialStore -Path $Path
|
||||
$CSMembers = Get-Member -InputObject $CS
|
||||
# Let`s first check if the given remote host exists as object property
|
||||
if (($CSMembers.MemberType -eq "NoteProperty") -and ($CSMembers.Name -eq $CredentialName)) {
|
||||
if ($CS.Type -eq "Private") {
|
||||
$CSItem = [ordered]@{
|
||||
User = $CS.$CredentialName.User
|
||||
Password = ConvertTo-SecureString -String $CS.$CredentialName.Password
|
||||
if (Test-CredentialStore -Shared -Path $Path) {
|
||||
$CS = Get-CredentialStore -Shared -Path $Path
|
||||
$CSMembers = Get-Member -InputObject $CS
|
||||
# Let's first check if the given remote host exists as object property
|
||||
if (($CSMembers.MemberType -eq "NoteProperty") -and ($CSMembers.Name -contains $CredentialName)) {
|
||||
$Cert = Get-PfxCertificate -FilePath $CS.PfXCertificate -ErrorAction Stop
|
||||
$DecryptedKey = $Cert.PrivateKey.Decrypt(
|
||||
[Convert]::FromBase64String($CS.$CredentialName.EncryptedKey),
|
||||
[System.Security.Cryptography.RSAEncryptionPadding]::Pkcs1
|
||||
)
|
||||
|
||||
if (! $ExpandOutput.isPresent) {
|
||||
[PSCredential]::new(
|
||||
$CS.$CredentialName.User,
|
||||
($CS.$CredentialName.Password | ConvertTo-SecureString -Key $DecryptedKey)
|
||||
)
|
||||
}
|
||||
}
|
||||
else {
|
||||
$Key = Get-ChallengeFile
|
||||
$CSItem = [ordered]@{
|
||||
User = $CS.$CredentialName.User
|
||||
Password = ConvertTo-SecureString -String $CS.$CredentialName.Password -Key $Key
|
||||
$MsgParams = @{
|
||||
ErrorAction = "Stop"
|
||||
Message = "Could not find credentials for the given remote host: {0}" -f $RemoteHost
|
||||
}
|
||||
Write-Error @MsgParams
|
||||
}
|
||||
New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $CSItem.User, $CSItem.Password
|
||||
}
|
||||
else {
|
||||
$MsgParams = @{
|
||||
ErrorAction = "Stop"
|
||||
Message = "Could not find credentials for the given remote host: {0}" -f $RemoteHost
|
||||
Message = "The given credential store ({0}) does not exist!" -f $Path
|
||||
}
|
||||
Write-Error @MsgParams
|
||||
}
|
||||
}
|
||||
else {
|
||||
$MsgParams = @{
|
||||
ErrorAction = "Stop"
|
||||
Message = "The given credential store ({0}) does not exist!" -f $Path
|
||||
}
|
||||
Write-Error @MsgParams
|
||||
|
||||
end {
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -42,9 +42,6 @@ function New-CredentialStoreItem {
|
||||
|
||||
[CmdletBinding(DefaultParameterSetName = "Private")]
|
||||
param(
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
|
||||
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Private")]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
@ -59,78 +56,120 @@ function New-CredentialStoreItem {
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[PSCredential]$Credential,
|
||||
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
|
||||
[switch]$Shared,
|
||||
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[switch]$Shared
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$Path
|
||||
|
||||
|
||||
)
|
||||
|
||||
# First set a constand path for private CredentialStore mode.
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = "{0}\CredentialStore.json" -f $env:APPDATA
|
||||
}
|
||||
|
||||
# Lets do a quick test on the given CredentialStore.
|
||||
if (-not(Test-CredentialStore -Path $Path)) {
|
||||
$MessageParams = @{
|
||||
Message = "Could not add anything into the given CredentailStore."
|
||||
ErrorAction = "Stop"
|
||||
begin {
|
||||
# Set the CredentialStore for private, shared or custom mode.
|
||||
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName)
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = Get-DefaultCredentialStorePath
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
}
|
||||
|
||||
# Read the file content based on the given ParameterSetName
|
||||
$CSContent = Get-CredentialStore -Path $Path
|
||||
|
||||
$CurrentDate = Get-Date -UFormat "%Y-%m-%d %H:%M:%S"
|
||||
|
||||
if ($Identifier -ne "") {
|
||||
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
|
||||
}
|
||||
else {
|
||||
$CredentialName = $RemoteHost
|
||||
}
|
||||
|
||||
if (-not($Credential)) {
|
||||
$Credential = Get-Credential -Message $CredentialName
|
||||
}
|
||||
|
||||
if ($Credential.UserName) {
|
||||
if ($CSContent.Type -eq "Shared") {
|
||||
$Key = Get-ChallengeFile
|
||||
$encypted = ConvertFrom-SecureString -SecureString $Credential.Password -Key $Key
|
||||
elseif ($PSCmdlet.ParameterSetName -eq "Shared") {
|
||||
if (!($PSBoundParameters.ContainsKey('Path'))) {
|
||||
$Path = Get-DefaultCredentialStorePath -Shared
|
||||
}
|
||||
}
|
||||
else {
|
||||
$encypted = ConvertFrom-SecureString -SecureString $Credential.Password
|
||||
}
|
||||
if (Get-Member -InputObject $CSContent -Name $CredentialName -Membertype Properties) {
|
||||
}
|
||||
|
||||
process {
|
||||
# Lets do a quick test on the given CredentialStore.
|
||||
if (-not(Test-CredentialStore -Shared -Path $Path)) {
|
||||
$MessageParams = @{
|
||||
Message = "The given host already exists. Nothing to do here."
|
||||
Exception = [System.IO.FileNotFoundException]::new(
|
||||
'Could not add anything into the given CredentialStore.'
|
||||
)
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Warning @MessageParams
|
||||
Write-Error @MessageParams
|
||||
}
|
||||
|
||||
# Read the file content based on the given ParameterSetName
|
||||
<#
|
||||
if ($PSCmdlet.ParameterSetName -eq 'Private') {
|
||||
$CSContent = Get-CredentialStore
|
||||
}
|
||||
elseif ($PSCmdlet.ParameterSetName -eq 'Shared') {
|
||||
$CSContent = Get-CredentialStore -Shared -Path $Path
|
||||
}
|
||||
#>
|
||||
$CSContent = Get-CredentialStore -Shared -Path $Path
|
||||
|
||||
$CurrentDate = Get-Date -UFormat "%Y-%m-%d %H:%M:%S"
|
||||
|
||||
if ($Identifier -ne "") {
|
||||
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
|
||||
}
|
||||
else {
|
||||
$CredentialHash = [ordered]@{
|
||||
User = $Credential.UserName
|
||||
Password = $encypted
|
||||
Creation = $CurrentDate
|
||||
}
|
||||
Add-Member -InputObject $CSContent -Name $CredentialName -MemberType NoteProperty -Value $CredentialHash
|
||||
$CredentialName = $RemoteHost
|
||||
}
|
||||
|
||||
if (-not($Credential)) {
|
||||
$Credential = Get-Credential -Message $CredentialName
|
||||
}
|
||||
|
||||
if ($Credential.UserName) {
|
||||
try {
|
||||
ConvertTo-Json -InputObject $CSContent | Out-File -FilePath $Path
|
||||
$Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop
|
||||
}
|
||||
catch [System.Exception] {
|
||||
$MessageParams = @{
|
||||
Message = "Couldn't add item into credential store!"
|
||||
ErrorAction = "Stop"
|
||||
catch {
|
||||
$_.Exception.Message | Write-Error
|
||||
$ErrorParams = @{
|
||||
ErrorAction = 'Stop'
|
||||
Exception = [System.Security.Cryptography.CryptographicException]::new(
|
||||
'Could not read the given PFX certificate.'
|
||||
)
|
||||
}
|
||||
Write-Error @ErrorParams
|
||||
}
|
||||
|
||||
if (Get-Member -InputObject $CSContent -Name $CredentialName -Membertype Properties) {
|
||||
$MessageParams = @{
|
||||
Message = "The given host already exists. Nothing to do here."
|
||||
}
|
||||
Write-Warning @MessageParams
|
||||
}
|
||||
else {
|
||||
$RSAKey = Get-RandomAESKey
|
||||
|
||||
$CredentialHash = [ordered]@{
|
||||
User = $Credential.UserName
|
||||
Password = ConvertFrom-SecureString -SecureString $Credential.Password -Key $RSAKey
|
||||
Created = $CurrentDate
|
||||
LastChange = $null
|
||||
EncryptedKey = [Convert]::ToBase64String($Cert.PublicKey.Key.Encrypt($RSAKey, [System.Security.Cryptography.RSAEncryptionPadding]::Pkcs1))
|
||||
}
|
||||
Add-Member -InputObject $CSContent -Name $CredentialName -MemberType NoteProperty -Value $CredentialHash
|
||||
try {
|
||||
ConvertTo-Json -InputObject $CSContent | Out-File -FilePath $Path
|
||||
}
|
||||
catch {
|
||||
$MessageParams = @{
|
||||
Message = "Couldn't add item into credential store!"
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
$MessageParams = @{
|
||||
Message = "Please Provide at least a valid user!"
|
||||
ErrorAction = "Stop"
|
||||
else {
|
||||
$MessageParams = @{
|
||||
Message = "Please Provide at least a valid user!"
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
}
|
||||
|
||||
end {
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -27,8 +27,16 @@ function Remove-CredentialStoreItem {
|
||||
[None]
|
||||
|
||||
.EXAMPLE
|
||||
Remove-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local"
|
||||
Remove-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local" -Identifier svc
|
||||
Remove-CredentialStoreItem -RemoteHost "esx01.myside.local"
|
||||
|
||||
.EXAMPLE
|
||||
Remove-CredentialStoreItem -Shared -RemoteHost "esx01.myside.local"
|
||||
|
||||
.EXAMPLE
|
||||
Remove-CredentialStoreItem -Shared -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local"
|
||||
|
||||
.EXAMPLE
|
||||
Remove-CredentialStoreItem -RemoteHost "esx01.myside.local" -Identifier svc
|
||||
|
||||
.NOTES
|
||||
```
|
||||
@ -43,9 +51,6 @@ function Remove-CredentialStoreItem {
|
||||
|
||||
[CmdletBinding(DefaultParameterSetName = "Private")]
|
||||
param(
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
|
||||
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Private")]
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
|
||||
[string]$RemoteHost,
|
||||
@ -54,43 +59,62 @@ function Remove-CredentialStoreItem {
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[string]$Identifier,
|
||||
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
|
||||
[switch]$Shared,
|
||||
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[switch]$Shared
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$Path
|
||||
)
|
||||
|
||||
# First set a constand path for private CredentialStore mode.
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = "{0}\CredentialStore.json" -f $env:APPDATA
|
||||
}
|
||||
|
||||
# Lets do a quick test on the given CredentialStore.
|
||||
if (-not(Test-CredentialStore -Path $Path)) {
|
||||
$MessageParams = @{
|
||||
Message = "Could not add anything into the given CredentailStore."
|
||||
ErrorAction = "Stop"
|
||||
begin {
|
||||
# Set the CredentialStore for private, shared or custom mode.
|
||||
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName)
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = Get-DefaultCredentialStorePath
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
}
|
||||
|
||||
# Read the file content based on the given ParameterSetName
|
||||
$CSContent = Get-CredentialStore -Path $Path
|
||||
|
||||
if ($Identifier -ne "") {
|
||||
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
|
||||
}
|
||||
else {
|
||||
$CredentialName = $RemoteHost
|
||||
}
|
||||
|
||||
if (Get-Member -InputObject $CSContent -Name $CredentialName -Membertype Properties) {
|
||||
# We need to use the .NET Method because there is no easier way in PowerShell.
|
||||
$CSContent.PSObject.Properties.Remove($CredentialName)
|
||||
ConvertTo-Json -InputObject $CSContent | Out-File -FilePath $Path
|
||||
}
|
||||
else {
|
||||
$MessageParams = @{
|
||||
Message = "The given CredentailStoreItem does not exist."
|
||||
elseif ($PSCmdlet.ParameterSetName -eq "Shared") {
|
||||
if (!($PSBoundParameters.ContainsKey('Path'))) {
|
||||
$Path = Get-DefaultCredentialStorePath -Shared
|
||||
}
|
||||
}
|
||||
Write-Warning @MessageParams
|
||||
}
|
||||
|
||||
process {
|
||||
# Lets do a quick test on the given CredentialStore.
|
||||
if (-not(Test-CredentialStore -Shared -Path $Path)) {
|
||||
$MessageParams = @{
|
||||
Message = "Could not add anything into the given CredentialStore."
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
}
|
||||
|
||||
# Read the file content based on the given ParameterSetName
|
||||
$CSContent = Get-CredentialStore -Shared -Path $Path
|
||||
|
||||
if ($Identifier -ne "") {
|
||||
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
|
||||
}
|
||||
else {
|
||||
$CredentialName = $RemoteHost
|
||||
}
|
||||
|
||||
if (Get-Member -InputObject $CSContent -Name $CredentialName -Membertype NoteProperty) {
|
||||
# We need to use the .NET Method because there is no easier way in PowerShell.
|
||||
$CSContent.PSObject.Properties.Remove($CredentialName)
|
||||
ConvertTo-Json -InputObject $CSContent -Depth 5 | Out-File -FilePath $Path -Encoding utf8
|
||||
}
|
||||
else {
|
||||
$MessageParams = @{
|
||||
Message = "The given CredentialStoreItem does not exist."
|
||||
}
|
||||
Write-Warning @MessageParams
|
||||
}
|
||||
}
|
||||
|
||||
end {
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -42,9 +42,6 @@ function Set-CredentialStoreItem {
|
||||
|
||||
[CmdletBinding(DefaultParameterSetName = "Private")]
|
||||
param(
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
|
||||
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Private")]
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
|
||||
[string]$RemoteHost,
|
||||
@ -57,66 +54,91 @@ function Set-CredentialStoreItem {
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[PSCredential]$Credential,
|
||||
|
||||
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
|
||||
[switch]$Shared,
|
||||
|
||||
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
|
||||
[switch]$Shared
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$Path
|
||||
)
|
||||
|
||||
# First set a constant path for private CredentialStore mode.
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = "{0}\CredentialStore.json" -f $env:APPDATA
|
||||
}
|
||||
|
||||
# Lets do a quick test on the given CredentialStore.
|
||||
if (-not(Test-CredentialStore -Path $Path)) {
|
||||
$MessageParams = @{
|
||||
Message = "Could not add anything into the given CredentailStore."
|
||||
ErrorAction = "Stop"
|
||||
begin {
|
||||
# Set the CredentialStore for private, shared or custom mode.
|
||||
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName)
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = Get-DefaultCredentialStorePath
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
}
|
||||
|
||||
# Read the file content based on the given ParameterSetName
|
||||
$CSContent = Get-CredentialStore -Path $Path
|
||||
|
||||
$CurrentDate = Get-Date -UFormat "%Y-%m-%d %H:%M:%S"
|
||||
|
||||
if ($Identifier -ne "") {
|
||||
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
|
||||
}
|
||||
else {
|
||||
$CredentialName = $RemoteHost
|
||||
}
|
||||
|
||||
if (-not($Credential)) {
|
||||
$Credential = Get-Credential -Message $CredentialName
|
||||
}
|
||||
|
||||
if ($Credential.UserName) {
|
||||
if ($CSContent.Type -eq "Shared") {
|
||||
$Key = Get-ChallengeFile
|
||||
$encypted = ConvertFrom-SecureString -SecureString $Credential.Password -Key $Key
|
||||
}
|
||||
else {
|
||||
$encypted = ConvertFrom-SecureString -SecureString $Credential.Password
|
||||
}
|
||||
if (Get-Member -InputObject $CSContent -Name $CredentialName -Membertype Properties) {
|
||||
$CSContent.$CredentialName.User = $Credential.UserName
|
||||
$CSContent.$CredentialName.Password = $encypted
|
||||
$CSContent.$CredentialName.Creation = $CurrentDate
|
||||
ConvertTo-Json -InputObject $CSContent | Out-File -FilePath $Path
|
||||
}
|
||||
else {
|
||||
$MessageParams = @{
|
||||
Message = "The given CredentailStoreItem does not exist."
|
||||
elseif ($PSCmdlet.ParameterSetName -eq "Shared") {
|
||||
if (!($PSBoundParameters.ContainsKey('Path'))) {
|
||||
$Path = Get-DefaultCredentialStorePath -Shared
|
||||
}
|
||||
Write-Warning @MessageParams
|
||||
}
|
||||
}
|
||||
Else {
|
||||
$MessageParams = @{
|
||||
Message = "Please Provide at least a valid user!"
|
||||
ErrorAction = "Stop"
|
||||
|
||||
process {
|
||||
# Lets do a quick test on the given CredentialStore.
|
||||
if (-not(Test-CredentialStore -Shared -Path $Path)) {
|
||||
$MessageParams = @{
|
||||
Message = "Could not add anything into the given CredentailStore."
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
|
||||
# Read the file content based on the given ParameterSetName
|
||||
$CSContent = Get-CredentialStore -Shared -Path $Path
|
||||
|
||||
$CurrentDate = Get-Date -UFormat "%Y-%m-%d %H:%M:%S"
|
||||
|
||||
if ($Identifier -ne "") {
|
||||
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
|
||||
}
|
||||
else {
|
||||
$CredentialName = $RemoteHost
|
||||
}
|
||||
|
||||
if (-not($Credential)) {
|
||||
$Credential = Get-Credential -Message $CredentialName
|
||||
}
|
||||
|
||||
if ($Credential.UserName) {
|
||||
try {
|
||||
$Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop
|
||||
}
|
||||
catch {
|
||||
$_.Exception.Message | Write-Error
|
||||
$ErrorParams = @{
|
||||
Message = 'Could not read the given PFX certificate.'
|
||||
ErrorAction = 'Stop'
|
||||
Exception = [System.Security.Cryptography.CryptographicException]::new()
|
||||
}
|
||||
Write-Error @ErrorParams
|
||||
}
|
||||
|
||||
if (Get-Member -InputObject $CSContent -Name $CredentialName -Membertype Properties) {
|
||||
$RSAKey = Get-RandomAESKey
|
||||
$CSContent.$CredentialName.User = $Credential.UserName
|
||||
$CSContent.$CredentialName.Password = ConvertFrom-SecureString -SecureString $Credential.Password -Key $RSAKey
|
||||
$CSContent.$CredentialName.LastChange = $CurrentDate
|
||||
$CSContent.$CredentialName.EncryptedKey = [Convert]::ToBase64String(
|
||||
$Cert.PublicKey.Key.Encrypt(
|
||||
$RSAKey,
|
||||
[System.Security.Cryptography.RSAEncryptionPadding]::Pkcs1
|
||||
)
|
||||
)
|
||||
ConvertTo-Json -InputObject $CSContent -Depth 5 | Out-File -FilePath $Path -Encoding utf8
|
||||
}
|
||||
}
|
||||
Else {
|
||||
$MessageParams = @{
|
||||
Message = "Please Provide at least a valid user!"
|
||||
ErrorAction = "Stop"
|
||||
}
|
||||
Write-Error @MessageParams
|
||||
}
|
||||
}
|
||||
|
||||
end {
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
function Test-CredentialStoreItem() {
|
||||
function Test-CredentialStoreItem {
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Checks if the given RemoteHost identifier combination exists in the credential store.
|
||||
@ -64,32 +64,48 @@ function Test-CredentialStoreItem() {
|
||||
[switch]$Shared
|
||||
)
|
||||
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = "{0}\CredentialStore.json" -f $env:APPDATA
|
||||
begin {
|
||||
# Set the CredentialStore for private, shared or custom mode.
|
||||
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName)
|
||||
if ($PSCmdlet.ParameterSetName -eq "Private") {
|
||||
$Path = Get-DefaultCredentialStorePath
|
||||
}
|
||||
elseif ($PSCmdlet.ParameterSetName -eq "Shared") {
|
||||
if (!($PSBoundParameters.ContainsKey('Path'))) {
|
||||
$Path = Get-DefaultCredentialStorePath -Shared
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($Identifier -ne "") {
|
||||
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
|
||||
}
|
||||
else {
|
||||
$CredentialName = $RemoteHost
|
||||
}
|
||||
|
||||
if (Test-CredentialStore -Path $Path) {
|
||||
$CS = Get-CredentialStore -Path $Path
|
||||
$CSMembers = Get-Member -InputObject $CS
|
||||
if (($CSMembers.MemberType -eq "NoteProperty") -and ($CSMembers.Name -eq $CredentialName)) {
|
||||
return $true
|
||||
process {
|
||||
if ($Identifier -ne "") {
|
||||
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
|
||||
}
|
||||
else {
|
||||
return $false
|
||||
$CredentialName = $RemoteHost
|
||||
}
|
||||
|
||||
if (Test-CredentialStore -Shared -Path $Path) {
|
||||
$CS = Get-CredentialStore -Shared -Path $Path
|
||||
$CSMembers = Get-Member -InputObject $CS
|
||||
if (($CSMembers.MemberType -eq "NoteProperty") -and ($CSMembers.Name -contains $CredentialName)) {
|
||||
return $true
|
||||
}
|
||||
else {
|
||||
return $false
|
||||
}
|
||||
}
|
||||
else {
|
||||
$MsgParams = @{
|
||||
ErrorAction = "Stop"
|
||||
Message = "The given credential store ({0}) does not exist!" -f $Path
|
||||
}
|
||||
Write-Error @MsgParams
|
||||
}
|
||||
}
|
||||
else {
|
||||
$MsgParams = @{
|
||||
ErrorAction = "Stop"
|
||||
Message = "The given credential store ({0}) does not exist!" -f $Path
|
||||
}
|
||||
Write-Error @MsgParams
|
||||
|
||||
end {
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user