Fortytwo.CheckID.PasswordAgent

1.1.0

Private/Receive-CheckIDPasswordAgentRequests.ps1

                                function Receive-CheckIDPasswordAgentRequests {

    [CmdletBinding()]

    Param()

    Process {

        if (!$Script:Hostname) {

            Write-Error -Message "Hostname is not set. Please run Connect-CheckIDPasswordAgent first."

            return

        }

        try {

            $Request = Invoke-RestMethod -Uri "https://$($Script:Hostname)/checkid/beta/password-request/agent/$($Script:AgentID)" -Headers (Get-EntraIDAccessTokenHeader)

            if ($Request.data) {

                $Request.data | ForEach-Object {

                    $item = $_

                    Write-EventLog -LogName "Application" -Source "CheckIDPasswordAgent" -EventId 1104 -EntryType Information -Message "Received request for user $($item.userPrincipalName) with ID $($item.id) - decrypting password" -ErrorAction Continue

                    Write-Verbose "Received request for user $($item.userPrincipalName) with ID $($item.id) - decrypting password"

                    $encryptedBytes = [Convert]::FromBase64String($item.password)

                    $decryptedBytes = $Script:Certificate.Decrypt($encryptedBytes, [System.Security.Cryptography.RSAEncryptionPadding]::Pkcs1)

                    $decryptedMessage = [System.Text.Encoding]::UTF8.GetString($decryptedBytes)

                    if ([string]::IsNullOrEmpty($item.id)) {

                        Write-Warning "Received request with empty ID"

                        Write-EventLog -LogName "Application" -Source "CheckIDPasswordAgent" -EventId 1202 -EntryType Warning -Message "Received request with empty ID" -ErrorAction Continue

                    }

                    else {

                        @{

                            id                           = $item.id

                            clientConnectionId           = $item.clientConnectionId

                            userPrincipalName            = $item.userPrincipalName

                            onPremisesSecurityIdentifier = $item.onPremisesSecurityIdentifier

                            password                     = $decryptedMessage

                        }

                    }

                }

            }

            else {

                Write-Verbose "No requests found for agent $($Script:AgentID)"

            }

        }

        catch {

            Write-EventLog -LogName "Application" -Source "CheckIDPasswordAgent" -EventId 1200 -EntryType Error -Message "Failed to receive requests: $_" -ErrorAction Continue

            Write-Error -Message "Failed to receive requests: $_"

        }

    }

}