DSCResources/MSFT_SPTrustedRootAuthority/MSFT_SPTrustedRootAuthority.psm1
|
function Get-TargetResource { [CmdletBinding()] [OutputType([System.Collections.Hashtable])] param ( [Parameter(Mandatory = $true)] [System.String] $Name, [Parameter()] [System.String] $CertificateThumbprint, [Parameter()] [String] $CertificateFilePath, [Parameter()] [ValidateSet("Present", "Absent")] [System.String] $Ensure = "Present" ) Write-Verbose "Getting Trusted Root Authority with name '$Name'" if (-not ($PSBoundParameters.ContainsKey("CertificateThumbprint")) -and ` -not($PSBoundParameters.ContainsKey("CertificateFilePath"))) { Write-Verbose -Message ("At least one of the following parameters must be specified: " + ` "CertificateThumbprint, CertificateFilePath.") } if ($PSBoundParameters.ContainsKey("CertificateFilePath") -and ` -not ($PSBoundParameters.ContainsKey("CertificateThumbprint"))) { if (-not (Test-Path -Path $CertificateFilePath)) { $message = ("Specified CertificateFilePath does not exist: $CertificateFilePath") Add-SPDscEvent -Message $message ` -EntryType 'Error' ` -EventID 100 ` -Source $MyInvocation.MyCommand.Source throw $message } } $result = Invoke-SPDscCommand -Arguments $PSBoundParameters ` -ScriptBlock { $params = $args[0] $rootCert = Get-SPTrustedRootAuthority -Identity $params.Name -ErrorAction SilentlyContinue $ensure = "Absent" if ($null -eq $rootCert) { return @{ Name = $params.Name CertificateThumbprint = [string]::Empty CertificateFilePath = "" Ensure = $ensure } } else { $ensure = "Present" return @{ Name = $params.Name CertificateThumbprint = $rootCert.Certificate.Thumbprint CertificateFilePath = "" Ensure = $ensure } } } return $result } function Set-TargetResource { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [System.String] $Name, [Parameter()] [System.String] $CertificateThumbprint, [Parameter()] [String] $CertificateFilePath, [Parameter()] [ValidateSet("Present", "Absent")] [System.String] $Ensure = "Present" ) Write-Verbose -Message "Setting SPTrustedRootAuthority '$Name'" if (-not ($PSBoundParameters.ContainsKey("CertificateThumbprint")) -and ` -not($PSBoundParameters.ContainsKey("CertificateFilePath"))) { $message = ("At least one of the following parameters must be specified: " + ` "CertificateThumbprint, CertificateFilePath.") Add-SPDscEvent -Message $message ` -EntryType 'Error' ` -EventID 100 ` -Source $MyInvocation.MyCommand.Source throw $message } if ($PSBoundParameters.ContainsKey("CertificateFilePath") -and ` -not ($PSBoundParameters.ContainsKey("CertificateThumbprint"))) { if (-not (Test-Path -Path $CertificateFilePath)) { $message = ("Specified CertificateFilePath does not exist: $CertificateFilePath") Add-SPDscEvent -Message $message ` -EntryType 'Error' ` -EventID 100 ` -Source $MyInvocation.MyCommand.Source throw $message } } $CurrentValues = Get-TargetResource @PSBoundParameters if ($Ensure -eq "Present" -and $CurrentValues.Ensure -eq "Present") { Write-Verbose -Message "Updating SPTrustedRootAuthority '$Name'" $null = Invoke-SPDscCommand -Arguments @($PSBoundParameters, $MyInvocation.MyCommand.Source) ` -ScriptBlock { $params = $args[0] $eventSource = $args[1] if ($params.ContainsKey("CertificateFilePath")) { Write-Verbose -Message "Importing certificate from CertificateFilePath" try { $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $cert.Import($params.CertificateFilePath) } catch { $message = "An error occured: $($_.Exception.Message)" Add-SPDscEvent -Message $message ` -EntryType 'Error' ` -EventID 100 ` -Source $eventSource throw $message } if ($null -eq $cert) { $message = "Import of certificate failed." Add-SPDscEvent -Message $message ` -EntryType 'Error' ` -EventID 100 ` -Source $eventSource throw $message } if ($params.ContainsKey("CertificateThumbprint")) { if (-not $params.CertificateThumbprint.Equals($cert.Thumbprint)) { $message = "Imported certificate thumbprint ($($cert.Thumbprint)) does not match expected thumbprint ($($params.CertificateThumbprint))." Add-SPDscEvent -Message $message ` -EntryType 'Error' ` -EventID 100 ` -Source $eventSource throw $message } } } else { Write-Verbose -Message "Importing certificate from CertificateThumbprint" $cert = Get-ChildItem -Path "Cert:\LocalMachine\*$($params.CertificateThumbprint)" -Recurse ` -ErrorAction SilentlyContinue | ` Sort-Object -Property PSParentPath -Descending | ` Select-Object -First 1 if ($null -eq $cert) { $message = "Certificate not found in the local Certificate Store" Add-SPDscEvent -Message $message ` -EntryType 'Error' ` -EventID 100 ` -Source $eventSource throw $message } } if ($cert.HasPrivateKey) { Write-Verbose -Message "Certificate has private key. Removing private key." $pubKeyBytes = $cert.Export("cert") $cert2 = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $cert2.Import($pubKeyBytes) $cert = $cert2 } Write-Verbose -Message "Updating Root Authority" Set-SPTrustedRootAuthority -Identity $params.Name -Certificate $cert } } if ($Ensure -eq "Present" -and $CurrentValues.Ensure -eq "Absent") { Write-Verbose -Message "Adding SPTrustedRootAuthority '$Name'" $null = Invoke-SPDscCommand -Arguments @($PSBoundParameters, $MyInvocation.MyCommand.Source) ` -ScriptBlock { $params = $args[0] $eventSource = $args[1] if ($params.ContainsKey("CertificateFilePath")) { Write-Verbose -Message "Importing certificate from CertificateFilePath" try { $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $cert.Import($params.CertificateFilePath) } catch { $message = "An error occured: $($_.Exception.Message)" Add-SPDscEvent -Message $message ` -EntryType 'Error' ` -EventID 100 ` -Source $eventSource throw $message } if ($null -eq $cert) { $message = "Import of certificate failed." Add-SPDscEvent -Message $message ` -EntryType 'Error' ` -EventID 100 ` -Source $eventSource throw $message } if ($params.ContainsKey("CertificateThumbprint")) { if (-not $params.CertificateThumbprint.Equals($cert.Thumbprint)) { $message = "Imported certificate thumbprint ($($cert.Thumbprint)) does not match expected thumbprint ($($params.CertificateThumbprint))." Add-SPDscEvent -Message $message ` -EntryType 'Error' ` -EventID 100 ` -Source $eventSource throw $message } } } else { Write-Verbose -Message "Importing certificate from CertificateThumbprint" $cert = Get-ChildItem -Path "Cert:\LocalMachine\*$($params.CertificateThumbprint)" -Recurse ` -ErrorAction SilentlyContinue | ` Sort-Object -Property PSParentPath -Descending | ` Select-Object -First 1 if ($null -eq $cert) { $message = "Certificate not found in the local Certificate Store" Add-SPDscEvent -Message $message ` -EntryType 'Error' ` -EventID 100 ` -Source $eventSource throw $message } } if ($cert.HasPrivateKey) { Write-Verbose -Message "Certificate has private key. Removing private key." $pubKeyBytes = $cert.Export("cert") $cert2 = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $cert2.Import($pubKeyBytes) $cert = $cert2 } Write-Verbose -Message "Creating Root Authority" New-SPTrustedRootAuthority -Name $params.Name -Certificate $cert } } if ($Ensure -eq "Absent") { Write-Verbose -Message "Removing SPTrustedRootAuthority '$Name'" $null = Invoke-SPDscCommand -Arguments $PSBoundParameters ` -ScriptBlock { $params = $args[0] Remove-SPTrustedRootAuthority -Identity $params.Name ` -ErrorAction SilentlyContinue } } } function Test-TargetResource { [CmdletBinding()] [OutputType([System.Boolean])] param ( [Parameter(Mandatory = $true)] [System.String] $Name, [Parameter()] [System.String] $CertificateThumbprint, [Parameter()] [String] $CertificateFilePath, [Parameter()] [ValidateSet("Present", "Absent")] [System.String] $Ensure = "Present" ) Write-Verbose -Message "Testing SPTrustedRootAuthority '$Name'" if (-not ($PSBoundParameters.ContainsKey("CertificateThumbprint")) -and ` -not($PSBoundParameters.ContainsKey("CertificateFilePath"))) { $message = ("At least one of the following parameters must be specified: " + ` "CertificateThumbprint, CertificateFilePath.") Add-SPDscEvent -Message $message ` -EntryType 'Error' ` -EventID 100 ` -Source $MyInvocation.MyCommand.Source throw $message } if ($PSBoundParameters.ContainsKey("CertificateFilePath") -and ` -not ($PSBoundParameters.ContainsKey("CertificateThumbprint"))) { if (-not (Test-Path -Path $CertificateFilePath)) { $message = ("Specified CertificateFilePath does not exist: $CertificateFilePath") Add-SPDscEvent -Message $message ` -EntryType 'Error' ` -EventID 100 ` -Source $MyInvocation.MyCommand.Source throw $message } } $CurrentValues = Get-TargetResource @PSBoundParameters Write-Verbose -Message "Current Values: $(Convert-SPDscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-SPDscHashtableToString -Hashtable $PSBoundParameters)" if ($PSBoundParameters.ContainsKey("CertificateFilePath") -and ` -not ($PSBoundParameters.ContainsKey("CertificateThumbprint"))) { Write-Verbose "Retrieving thumbprint of CertificateFilePath" $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $cert.Import($CertificateFilePath) Write-Verbose "Thumbprint is $($cert.Thumbprint)" $PSBoundParameters.CertificateThumbprint = $cert.Thumbprint } if ($Ensure -eq "Present") { $result = Test-SPDscParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` -ValuesToCheck @("Name", "CertificateThumbprint", "Ensure") } else { $result = Test-SPDscParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` -ValuesToCheck @("Name", "Ensure") } Write-Verbose -Message "Test-TargetResource returned $result" return $result } Export-ModuleMember -Function *-TargetResource |