DSCClassResources/KeyExchangeAlgorithm/KeyExchangeAlgorithm.psm1
|
$resourceModuleRootPath = Split-Path -Path (Split-Path $PSScriptRoot -Parent) -Parent $modulesRootPath = Join-Path -Path $resourceModuleRootPath -ChildPath 'Modules' Import-Module -Name (Join-Path -Path $modulesRootPath -ChildPath 'SchannelResourceHelper\SchannelResourceHelper.psm1') -Force enum Ensure { Absent Present } enum Enabled { Yes No } [DscResource()] class KeyExchangeAlgorithm { [DscProperty(Key)] [ValidateSet('Diffie-Hellman','ECDH','PKCS')] [string] $KeyExchangeAlgorithm [DscProperty()] [Ensure] $Ensure = [Ensure]::Present [DscProperty(NotConfigurable)] [Enabled] $Enabled [KeyExchangeAlgorithm] Get() { $RootKey = 'HKLM:SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms' $Key = $RootKey + "\" + $this.KeyExchangeAlgorithm if(Test-SchannelItem -ItemKey $Key -Enable $true) { $this.Enabled = [Enabled]::Yes } elseif(Test-SchannelItem -ItemKey $Key -Enable $false) { $this.Enabled = [Enabled]::No } else { #This depends on the kex, but we'll assume Yes for now $this.Enabled = [Enabled]::Yes } return $this } [void] Set() { $RootKey = 'HKLM:SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms' $Key = $RootKey + "\" + $this.KeyExchangeAlgorithm if($this.Ensure -eq [Ensure]::Present) { Switch-SchannelItem -ItemKey $Key -Enable $true } else { Switch-SchannelItem -ItemKey $Key -Enable $false } } [bool] Test() { $RootKey = 'HKLM:SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms' $Key = $RootKey + "\" + $this.KeyExchangeAlgorithm if($this.Ensure -eq [Ensure]::Present) { if(Test-SchannelItem -ItemKey $Key -Enable $true) { return $true } else { return $false } } else { if(Test-SchannelItem -ItemKey $Key -Enable $false) { return $true } else { return $false } } } } |