Compare commits

..

4 Commits

3 changed files with 179 additions and 20 deletions

View File

@ -0,0 +1,130 @@
[Diagnostics.CodeAnalysis.SuppressMessageAttribute(
'PSAvoidUsingConvertToSecureStringWithPlainText',
'',
Justification = 'just used in pester tests.'
)]
[Diagnostics.CodeAnalysis.SuppressMessageAttribute(
'PSProvideCommentHelp',
'',
Justification = 'no need in internal pester helpers.'
)]
param ()
BeforeAll {
$ManifestFile = (Get-Item -Path "./src/*.psd1").FullName
Import-Module $ManifestFile -Force
$PrivateFunctions = (Get-ChildItem -Path "./src/Private/*.ps1" | Where-Object {
$_.BaseName -notmatch '.Tests'
}
).FullName
foreach ( $func in $PrivateFunctions) {
. $func
}
# Backup existing credential stores
$VerbosePreference = "Continue"
Write-Verbose "Backup private Credential Store..."
$CSPath = Get-DefaultCredentialStorePath
$BackupFile = "{0}.back" -f $CSPath
if (Test-Path -Path $CSPath) {
Move-Item -Path $CSPath -Destination $BackupFile
}
Write-Verbose "Backup shared CredentialStore..."
$CSShared = Get-DefaultCredentialStorePath -Shared
$BackupSharedFile = "{0}.back" -f $CSShared
if (Test-Path -Path $CSShared) {
Move-Item -Path $CSShared -Destination $BackupSharedFile
}
Write-Verbose "Remove old CredentialStore in Temp dir"
$CSTemp = Join-Path -Path (Get-TempDir) -ChildPath '/CredentialStore.json'
if (Test-Path -Path $CSTemp) {
Remove-Item -Path $CSTemp
}
$VerbosePreference = "SilentlyContinue"
}
Describe 'New-CredentialStoreItem' {
Context 'Private Credential Store tests' {
It 'Add entry to a private store.' {
# Create a fresh CredentialStore first
New-CredentialStore -Force
# Define the content of the CredentialStoreItem.
$RemoteHost = 'barfoo'
$UserName = 'MyUser'
$Password = 'fooobarysdfsfs' | ConvertTo-SecureString -AsPlainText -Force
# Form the CredentialObject.
$creds = [PSCredential]::new($UserName, $Password)
# Create the CredentialStoreItem.
New-CredentialStoreItem -RemoteHost $RemoteHost -Credential $creds
# Formulate an update to the CredentialStoreItem.
$ClearPassword = 'fooobaryadfafa'
$Password = $ClearPassword | ConvertTo-SecureString -AsPlainText -Force
$creds = [PSCredential]::new($UserName, $Password)
{
Set-CredentialStoreItem -RemoteHost $RemoteHost -Credential $creds
} | Should -Not -Throw
# Control the content of the CredentialStore.
$content = Get-CredentialStoreItem -RemoteHost $RemoteHost
$content.GetNetworkCredential().Password | Should -Be $ClearPassword
}
}
Context 'Shared Credential Store tests' {
It 'Add entry to a shared store.' {
# Create a fresh CredentialStore first
$tmpCS = Join-Path -Path (Get-TempDir) -ChildPath '/CredentialStore.json'
New-CredentialStore -Path $tmpCS -Force -Shared
# Define the content of the CredentialStoreItem.
$RemoteHost = 'barfoo'
$UserName = 'MyUser'
$Password = 'fooobarysdfsfs' | ConvertTo-SecureString -AsPlainText -Force
# Form the CredentialObject.
$creds = [PSCredential]::new($UserName, $Password)
# Create the CredentialStoreItem.
New-CredentialStoreItem -RemoteHost $RemoteHost -Credential $creds -Path $tmpCS -Shared
# Formulate an update to the CredentialStoreItem.
$ClearPassword = 'fooobaryadfafa'
$Password = $ClearPassword | ConvertTo-SecureString -AsPlainText -Force
$creds = [PSCredential]::new($UserName, $Password)
{
Set-CredentialStoreItem -RemoteHost $RemoteHost -Credential $creds -Path $tmpCS -Shared
} | Should -Not -Throw
# Control the content of the CredentialStore.
$content = Get-CredentialStoreItem -RemoteHost $RemoteHost -Path $tmpCS -Shared
$content.GetNetworkCredential().Password | Should -Be $ClearPassword
}
}
}
AfterAll {
# Cleanup test stores and restore existing ones.
$VerbosePreference = "Continue"
Write-Verbose "Restoring private CredentialStore"
If (Test-Path -Path $BackupFile) {
If (Test-Path -Path $CSPath) {
Remove-Item -Path $CSPath
Move-Item -Path $BackupFile -Destination $CSPath
}
}
Write-Verbose "Restoring shared CredentialStore"
If (Test-Path -Path $BackupSharedFile) {
If (Test-Path -Path $CSShared) {
Remove-Item -Path $CSShared
Move-Item -Path $BackupSharedFile -Destination $CSShared
}
}
$VerbosePreference = "SilentlyContinue"
}

View File

@ -13,7 +13,7 @@ function Set-CredentialStoreItem {
Specify the host you for which you would like to change the credentials.
.PARAMETER Identifier
Defaults to "". Specify a string, which separates two CredentialStoreItems for the
Defaults to ''. Specify a string, which separates two CredentialStoreItems for the
same hostname.
.PARAMETER Shared
@ -30,10 +30,10 @@ function Set-CredentialStoreItem {
[None]
.EXAMPLE
Set-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local"
Set-CredentialStoreItem -Path 'C:\TMP\mystore.json' -RemoteHost 'esx01.myside.local'
.EXAMPLE
Set-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local" -Identifier svc
Set-CredentialStoreItem -Path 'C:\TMP\mystore.json' -RemoteHost 'esx01.myside.local' -Identifier svc
#>
[CmdletBinding(DefaultParameterSetName = 'Private')]
@ -65,7 +65,7 @@ function Set-CredentialStoreItem {
begin {
# Set the CredentialStore for private, shared or custom mode.
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName)
Write-Debug ('ParameterSetName: {0}' -f $PSCmdlet.ParameterSetName)
if ($PSCmdlet.ParameterSetName -eq 'Private') {
$Path = Get-DefaultCredentialStorePath
}
@ -77,32 +77,52 @@ function Set-CredentialStoreItem {
}
process {
# Lets do a quick test on the given CredentialStore.
if (-not(Test-CredentialStore -Shared -Path $Path)) {
# Define the default splatting.
$DefaultSplatting = @{
Path = $Path
}
# Check if the user passed -Shared. If he added -Shared, we'll pass it into the splatting
if ($PSBoundParameters.ContainsKey('Shared')) {
$DefaultSplatting.Add('Shared', $true)
}
else {
$DefaultSplatting.Add('Shared', $false)
}
# Now lets check the given CredentialStore.
if (-not(Test-CredentialStore @DefaultSplatting)) {
$MessageParams = @{
Message = 'Could not add anything into the given CredentailStore.'
Message = ('The given CredentialStore ({0}) does no exist.' -f $Path)
ErrorAction = 'Stop'
}
Write-Error @MessageParams
}
# Read the file content based on the given ParameterSetName
$CSContent = Get-CredentialStore -Shared -Path $Path
$CSContent = Get-CredentialStore @DefaultSplatting
# Get a formatted current date for the last update time of the Item.
$CurrentDate = Get-Date -Format 'u'
if ($Identifier -ne "") {
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
# Check if the user supplied an identifier. If so, we need to mangle the CredentialName, as that's where
# the identifier is actually added.
if ($Identifier -ne '') {
$CredentialName = $RemoteHost = '{0}/{1}' -f $Identifier, $RemoteHost
}
else {
$CredentialName = $RemoteHost
}
# If the user didn't supply a CredentialObject, we need to prompt for it.
if (-not($Credential)) {
$Credential = Get-Credential -Message $CredentialName
}
if ($Credential.UserName) {
# If the username isn't empty, we ca go ahead and update the entry.
if ($null -ne $Credential.UserName -and -not [string]::IsNullOrWhiteSpace($Credential.UserName)) {
# Check if the path to the PfxCertificate is stored in the CredentialStore. If so load the certificate.
# If not, load try loading the certificate from the Filepath of the CredentialStore.
if ($null -eq $CSContent.PfxCertificate) {
$Cert = Get-CSCertificate -Type $CSContent.Type -Thumbprint $CSContent.Thumbprint
}
@ -110,13 +130,17 @@ function Set-CredentialStoreItem {
$Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop
}
# Now locate the Item.
if (Get-Member -InputObject $CSContent -Name $CredentialName -MemberType Properties) {
# Get a random AES key for the entry.
$RSAKey = Get-RandomAESKey
$CSContent.$CredentialName.User = $Credential.UserName
$ConvertParams = @{
SecureString = $Credential.Password
Key = $RSAKey
}
# Now create a updated item containing the updated credentials.
$CSContent.$CredentialName.Password = ConvertFrom-SecureString @ConvertParams
$CSContent.$CredentialName.LastChange = $CurrentDate
$CSContent.$CredentialName.EncryptedKey = [Convert]::ToBase64String(
@ -125,10 +149,15 @@ function Set-CredentialStoreItem {
[System.Security.Cryptography.RSAEncryptionPadding]::Pkcs1
)
)
# Convert the CredentialStore back into JSON and save it to the file.
ConvertTo-Json -InputObject $CSContent -Depth 5 | Out-File -FilePath $Path -Encoding utf8
}
else {
Write-Warning -Message ('Unable to locate CredentialStoreItem for {0}' -f $CredentialName)
}
Else {
}
else {
$MessageParams = @{
Message = 'Please Provide at least a valid user!'
ErrorAction = 'Stop'

View File

@ -33,11 +33,11 @@ function Test-CredentialStoreItem {
[None]
.EXAMPLE
if (Test-CredentialStoreItem -RemoteHost "Default") {
Get-CredentialStoreItem -RemoteHost "Default"
if (Test-CredentialStoreItem -RemoteHost 'Default') {
Get-CredentialStoreItem -RemoteHost 'Default'
}
else {
Write-Warning ("The given Remote Host {0} does not exist in the credential Store!" -f $RemoteHost)
Write-Warning ('The given Remote Host {0} does not exist in the credential Store!' -f $RemoteHost)
}
#>
@ -45,7 +45,7 @@ function Test-CredentialStoreItem {
[OutputType([bool])]
param (
[Parameter(Mandatory = $false, ParameterSetName = 'Shared')]
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
[string]$Path = '{0}\PSCredentialStore\CredentialStore.json' -f $env:ProgramData,
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
@ -61,7 +61,7 @@ function Test-CredentialStoreItem {
begin {
# Set the CredentialStore for private, shared or custom mode.
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName)
Write-Debug ('ParameterSetName: {0}' -f $PSCmdlet.ParameterSetName)
if ($PSCmdlet.ParameterSetName -eq 'Private') {
$Path = Get-DefaultCredentialStorePath
}
@ -73,8 +73,8 @@ function Test-CredentialStoreItem {
}
process {
if ($Identifier -ne "") {
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
if ($Identifier -ne '') {
$CredentialName = $RemoteHost = '{0}/{1}' -f $Identifier, $RemoteHost
}
else {
$CredentialName = $RemoteHost
@ -92,7 +92,7 @@ function Test-CredentialStoreItem {
}
else {
$MsgParams = @{
Message = "The given credential store ({0}) does not exist!" -f $Path
Message = 'The given credential store ({0}) does not exist!' -f $Path
}
Write-Warning @MsgParams
return $false