Public/Get-VenafiCertificate.ps1

function Get-VenafiCertificate {
    <#
    .SYNOPSIS
    Get certificate information

    .DESCRIPTION
    Get certificate information, either all available to the api key provided or by id or zone.

    .PARAMETER CertificateId
    Certificate identifier.
    For Venafi as a Service, this is the unique guid.
    For TPP, use the path or guid. \ved\policy will be automatically applied if a full path isn't provided.

    .PARAMETER IncludeTppPreviousVersions
    Returns details about previous (historical) versions of a certificate (only from TPP).
    This option will add a property named PreviousVersions to the returned object.

    .PARAMETER ExcludeExpired
    Omits expired versions of the previous (historical) versions of a certificate (only from TPP).
    Can only be used with the IncludePreviousVersions parameter.

    .PARAMETER ExcludeRevoked
    Omits revoked versions of the previous (historical) versions of a certificate (only from TPP).
    Can only be used with the IncludePreviousVersions parameter.

    .PARAMETER IncludeVaasOwner
    Retrieve detailed user/team owner info, only for VaaS.
    This will cause additional api calls to be made and take longer.

    .PARAMETER All
    Retrieve all certificates

    .PARAMETER VenafiSession
    Authentication for the function.
    The value defaults to the script session object $VenafiSession created by New-VenafiSession.
    A TPP token or VaaS key can also provided.
    If providing a TPP token, an environment variable named TPP_SERVER must also be set.

    .INPUTS
    CertificateId

    .OUTPUTS
    PSCustomObject

    .EXAMPLE
    Get-VenafiCertificate -CertificateId 'ca7ff555-88d2-4bfc-9efa-2630ac44c1f2'

    Get certificate info for a specific cert on Venafi as a Serivce

    .EXAMPLE
    Get-VenafiCertificate -CertificateId '\ved\policy\mycert.com'

    Get certificate info for a specific cert on TPP

    .EXAMPLE
    Get-VenafiCertificate -All

    Get certificate info for all certs in either TPP or VaaS

    .EXAMPLE
    Get-VenafiCertificate -CertificateId '\ved\policy\mycert.com' -IncludeTppPreviousVersions

    Get certificate info for a specific cert on TPP, including historical versions of the certificate.

    .EXAMPLE
    Get-VenafiCertificate -CertificateId '\ved\policy\mycert.com' -IncludeTppPreviousVersions -ExcludeRevoked -ExcludeExpired

    Get certificate info for a specific cert on TPP, including historical versions of the certificate that are not revoked or expired.

    .EXAMPLE
    Get-VenafiCertificate -CertificateId 'ca7ff555-88d2-4bfc-9efa-2630ac44c1f2' -IncludeVaasOwner

    In addition to certificate info, get user and team owner info as well

    .LINK
    https://docs.venafi.com/Docs/current/TopNav/Content/SDK/WebSDK/r-SDK-GET-Certificates-guid.php
    #>


    [CmdletBinding(DefaultParameterSetName = 'Id')]
    [Alias('Get-TppCertificateDetail')]

    param (

        [Parameter(ParameterSetName = 'Id', Mandatory, ValueFromPipelineByPropertyName)]
        [Parameter(ParameterSetName = 'VaasId', Mandatory, ValueFromPipelineByPropertyName)]
        [Parameter(ParameterSetName = 'TppId', Mandatory, ValueFromPipelineByPropertyName)]
        [Alias('Guid', 'Path', 'id')]
        [string] $CertificateId,

        [Parameter(Mandatory, ParameterSetName = 'All')]
        [Parameter(Mandatory, ParameterSetName = 'VaasAll')]
        [Parameter(Mandatory, ParameterSetName = 'TppAll')]
        [Switch] $All,

        [Parameter(Mandatory, ParameterSetName = 'TppId')]
        [Parameter(Mandatory, ParameterSetName = 'TppAll')]
        [Alias('IncludePreviousVersions')]
        [switch] $IncludeTppPreviousVersions,

        [Parameter(ParameterSetName = 'TppId')]
        [Parameter(ParameterSetName = 'TppAll')]
        [switch] $ExcludeExpired,

        [Parameter(ParameterSetName = 'TppId')]
        [Parameter(ParameterSetName = 'TppAll')]
        [switch] $ExcludeRevoked,

        [Parameter(Mandatory, ParameterSetName = 'VaasId')]
        [Parameter(Mandatory, ParameterSetName = 'VaasAll')]
        [Switch] $IncludeVaasOwner,

        [Parameter()]
        [ValidateNotNullOrEmpty()]
        [psobject] $VenafiSession = $script:VenafiSession
    )

    begin {

        $platform = Test-VenafiSession -VenafiSession $VenafiSession -PassThru

        # paramset Id and All are applicable to either platform
        if ( $PsCmdlet.ParameterSetName -notin 'Id', 'All' -and $PsCmdlet.ParameterSetName -notmatch "^$platform" ) {
            throw "The parameters selected are not applicable to $platform"
        }

        $params = @{
            VenafiSession = $VenafiSession
            Method        = 'Get'
        }

        $selectProps = @{
            Property        =
            @{
                n = 'Name'
                e = { $_.Name }
            },
            @{
                n = 'TypeName'
                e = { $_.SchemaClass }
            },
            @{
                n = 'Path'
                e = { $_.DN }
            }, @{
                n = 'Guid'
                e = { [guid]$_.guid }
            }, @{
                n = 'ParentPath'
                e = { $_.ParentDN }
            }, @{
                n = 'CreatedOn'
                e = { [datetime]$_.CreatedOn }
            },
            '*'
            ExcludeProperty = 'DN', 'GUID', 'ParentDn', 'SchemaClass', 'Name', 'CreatedOn'
        }

        $appOwners = [System.Collections.Generic.List[object]]::new()

    }

    process {

        switch ($platform) {
            'VaaS' {

                if ( $All ) {
                    return (Find-VenafiCertificate -IncludeTotalCount -IncludeVaasOwner:$IncludeVaasOwner -VenafiSession $VenafiSession)
                }

                $params.UriRoot = 'outagedetection/v1'
                $params.UriLeaf = "certificates"

                if ( $PSBoundParameters.ContainsKey('CertificateId') ) {
                    $params.UriLeaf += "/$CertificateId"
                }

                $params.UriLeaf += "?ownershipTree=true"

                $response = Invoke-VenafiRestMethod @params

                if ( $response.PSObject.Properties.Name -contains 'certificates' ) {
                    $certs = $response | Select-Object -ExpandProperty certificates
                } else {
                    $certs = $response
                }

                $certs | Select-Object @{
                    'n' = 'certificateId'
                    'e' = {
                        $_.Id
                    }
                },
                @{
                    'n' = 'application'
                    'e' = {
                        $_.applicationIds | Get-VaasApplication -VenafiSession $VenafiSession | Select-Object -Property * -ExcludeProperty ownerIdsAndTypes, ownership
                    }
                },
                @{
                    'n' = 'owner'
                    'e' = {
                        if ( $IncludeVaasOwner ) {

                            # this scriptblock requires ?ownershipTree=true be part of the url
                            foreach ( $thisOwner in $_.ownership.owningContainers.owningUsers ) {
                                $thisOwnerDetail = $appOwners | Where-Object { $_.id -eq $thisOwner }
                                if ( -not $thisOwnerDetail ) {
                                    $thisOwnerDetail = Get-VenafiIdentity -ID $thisOwner -VenafiSession $VenafiSession | Select-Object firstName, lastName, emailAddress,
                                    @{
                                        'n' = 'status'
                                        'e' = { $_.userStatus }
                                    },
                                    @{
                                        'n' = 'role'
                                        'e' = { $_.systemRoles }
                                    },
                                    @{
                                        'n' = 'type'
                                        'e' = { 'USER' }
                                    },
                                    @{
                                        'n' = 'userId'
                                        'e' = { $_.id }
                                    }

                                    $appOwners.Add($thisOwnerDetail)

                                }
                                $thisOwnerDetail
                            }

                            foreach ($thisOwner in $_.ownership.owningContainers.owningTeams) {
                                $thisOwnerDetail = $appOwners | Where-Object { $_.id -eq $thisOwner }
                                if ( -not $thisOwnerDetail ) {
                                    $thisOwnerDetail = Get-VenafiTeam -ID $thisOwner -VenafiSession $VenafiSession | Select-Object name, role, members,
                                    @{
                                        'n' = 'type'
                                        'e' = { 'TEAM' }
                                    },
                                    @{
                                        'n' = 'teamId'
                                        'e' = { $_.id }
                                    }

                                    $appOwners.Add($thisOwnerDetail)
                                }
                                $thisOwnerDetail
                            }
                        } else {
                            $_.ownership.owningContainers | Select-Object owningUsers, owningTeams
                        }
                    }
                },
                @{
                    'n' = 'instance'
                    'e' = { $_.instances }
                },
                * -ExcludeProperty Id, applicationIds, instances, totalInstanceCount, ownership
            }

            Default {

                if ( $All ) {
                    return (Find-VenafiCertificate -Path '\ved' -Recursive -IncludeTotalCount -VenafiSession $VenafiSession |
                        Get-VenafiCertificate -IncludeTppPreviousVersions:$IncludeTppPreviousVersions -ExcludeExpired:$ExcludeExpired -ExcludeRevoked:$ExcludeRevoked -VenafiSession $VenafiSession)
                }

                if ( [guid]::TryParse($CertificateId, $([ref][guid]::Empty)) ) {
                    $thisGuid = ([guid] $CertificateId).ToString()
                } else {
                    # a path was provided
                    $thisGuid = $CertificateId | ConvertTo-TppFullPath | ConvertTo-TppGuid -VenafiSession $VenafiSession
                }

                $params.UriLeaf = [System.Web.HttpUtility]::HtmlEncode("certificates/{$thisGuid}")

                $response = Invoke-VenafiRestMethod @params

                if ( $IncludeTppPreviousVersions ) {
                    $params.UriLeaf = [System.Web.HttpUtility]::HtmlEncode("certificates/{$thisGuid}/PreviousVersions")
                    $params.Body = @{}

                    if ( $ExcludeExpired.IsPresent ) {
                        $params.Body.ExcludeExpired = $ExcludeExpired
                    }
                    if ( $ExcludeRevoked.IsPresent ) {
                        $params.Body.ExcludeRevoked = $ExcludeRevoked
                    }

                    $previous = Invoke-VenafiRestMethod @params

                    if ( $previous.PreviousVersions ) {
                        $previous.PreviousVersions.CertificateDetails | ForEach-Object {
                            $_.StoreAdded = [datetime]$_.StoreAdded
                            $_.ValidFrom = [datetime]$_.ValidFrom
                            $_.ValidTo = [datetime]$_.ValidTo
                        }
                    }

                    $response | Add-Member @{'PreviousVersions' = $previous.PreviousVersions }
                }

                # object transformations
                # put in try/catch in case datetime conversion fails
                try {
                    $response.CertificateDetails.StoreAdded = [datetime]$response.CertificateDetails.StoreAdded
                    $response.CertificateDetails.ValidFrom = [datetime]$response.CertificateDetails.ValidFrom
                    $response.CertificateDetails.ValidTo = [datetime]$response.CertificateDetails.ValidTo
                } catch {

                }
                $response | Select-Object @selectProps

            }
        }
    }
}