DSCResources/MSFT_xCertificateImport/MSFT_xCertificateImport.psm1
|
#Requires -Version 4.0 <# .SYNOPSIS Validates the existence of a file at a specific path. .PARAMETER Path The location of the file. Supports any path that Test-Path supports. .PARAMETER Quiet Returns $false if the file does not exist. By default this function throws an exception if the file is missing. .EXAMPLE Validate-CertificatePath -Path '\\server\share\Certificates\mycert.cer' .EXAMPLE Validate-CertificatePath -Path 'C:\certs\my_missing.cer' -Quiet .EXAMPLE 'D:\CertRepo\a_cert.cer' | Validate-CertificatePath .EXAMPLE Get-ChildItem D:\CertRepo\*.cer | Validate-CertificatePath #> function Validate-CertificatePath { [CmdletBinding()] param( [Parameter( Mandatory, ValueFromPipeline )] [String[]] $Path , [Parameter()] [Switch] $Quiet ) Process { foreach($p in $Path) { if ($p | Test-Path -PathType Leaf) { $true } elseif ($Quiet) { $false } else { throw [System.ArgumentException]"File '$p' not found." } } } } <# .SYNOPSIS Validates whether a given certificate is valid based on the hash algoritms available on the system. .PARAMETER Thumbprint One or more thumbprints to validate. .PARAMETER Quiet Returns $false if the thumbprint is not valid. By default this function throws an exception if validation fails. .EXAMPLE Validate-Thumbprint fd94e3a5a7991cb6ed3cd5dd01045edf7e2284de .EXAMPLE Validate-Thumbprint fd94e3a5a7991cb6ed3cd5dd01045edf7e2284de,0000e3a5a7991cb6ed3cd5dd01045edf7e220000 -Quiet .EXAMPLE gci Cert:\LocalMachine -Recurse | ? { $_.Thumbprint } | select -exp Thumbprint | Validate-Thumbprint -Verbose #> function Validate-Thumbprint { [CmdletBinding()] param( [Parameter( Mandatory, ValueFromPipeline )] [ValidateNotNullOrEmpty()] [String[]] $Thumbprint , [Parameter()] [Switch] $Quiet ) Begin { $validHashes = [System.AppDomain]::CurrentDomain.GetAssemblies().GetTypes() | Where-Object -FilterScript { $_.BaseType.BaseType -eq [System.Security.Cryptography.HashAlgorithm] -and ($_.Name -cmatch 'Managed$' -or $_.Name -cmatch 'Provider$') } | ForEach-Object -Process { New-Object -TypeName PSObject -Property @{ Hash = $_.BaseType.Name BitSize = (New-Object $_).HashSize } | Add-Member -MemberType ScriptProperty -Name HexLength -Value { $this.BitSize / 4 } -PassThru } } Process { foreach($hash in $Thumbprint) { $isValid = $false foreach($algorithm in $validHashes) { if ($hash -cmatch "^[a-fA-F0-9]{$($algorithm.HexLength)}$") { Write-Verbose -Message "'$hash' is a valid $($algorithm.Hash) hash." $isValid = $true } } if ($Quiet -or $isValid) { $isValid } else { throw [System.ArgumentException]"'$hash' is not a valid hash." } } } } function Get-TargetResource { [CmdletBinding()] [OutputType([Hashtable])] param( [Parameter(Mandatory)] [ValidateScript( {$_ | Validate-Thumbprint} )] [String] $Thumbprint , [Parameter(Mandatory)] [ValidateScript( {$_ | Validate-CertificatePath} )] [String] $Path , [Parameter(Mandatory)] [ValidateSet('CurrentUser', 'LocalMachine')] [String] $Location = 'LocalMachine' , [Parameter(Mandatory)] [System.String] $Store = 'My', [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] $Ensure = 'Present' ) $CertificateStore = 'Cert:' | Join-Path -ChildPath $Location | Join-Path -ChildPath $Store if ((Test-Path $CertificateStore) -eq $false) { throw [System.ArgumentException]"Certificate Store '$Store' not found." } $CheckEnsure = [Bool]( $CertificateStore | Get-ChildItem | Where-Object -FilterScript {$_.Thumbprint -ieq $Thumbprint} ) if ($CheckEnsure){$Ensure = 'Present'} else {$Ensure = 'Absent'} @{ Thumbprint = $Thumbprint Path = $Path Ensure = $Ensure } } function Test-TargetResource { [CmdletBinding()] [OutputType([Bool])] param( [Parameter(Mandatory)] [ValidateScript( {$_ | Validate-Thumbprint} )] [String] $Thumbprint , [Parameter(Mandatory)] [ValidateScript( {$_ | Validate-CertificatePath} )] [String] $Path , [Parameter(Mandatory)] [ValidateSet('CurrentUser', 'LocalMachine')] [String] $Location = 'LocalMachine' , [Parameter(Mandatory)] [System.String] $Store = 'My', [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] $Ensure = 'Present' ) $result = @(Get-TargetResource @PSBoundParameters) if ($Ensure -ne $result.Ensure) { return $false } elseif ($Ensure -eq 'Present' -and ($result.Target -ne $Target)) { return $false } return $true } function Set-TargetResource { [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory)] [ValidateScript( {$_ | Validate-Thumbprint} )] [String] $Thumbprint , [Parameter(Mandatory)] [ValidateScript( {$_ | Validate-CertificatePath} )] [String] $Path , [Parameter(Mandatory)] [ValidateSet('CurrentUser', 'LocalMachine')] [String] $Location = 'LocalMachine' , [Parameter(Mandatory)] [System.String] $Store = 'My', [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] $Ensure = 'Present' ) $certPath = 'Cert:' | Join-Path -ChildPath $Location | Join-Path -ChildPath $Store if ($Ensure -ieq 'Present') { if ($PSCmdlet.ShouldProcess("Importing certificate '$Path' into '$certPath'")) { $param = @{ CertStoreLocation = $certPath FilePath = $Path Verbose = $VerbosePreference } Import-Certificate @param } } elseif ($Ensure -ieq 'Absent') { Get-ChildItem -Path $certPath | Where-Object {$_.Thumbprint -ieq $thumbprint} | Remove-Item -Force } } Export-ModuleMember -Function *-TargetResource |