VenafiPS

4.2.0

Public/Get-TppCredential.ps1

                                <#

.SYNOPSIS

Get credential details

.DESCRIPTION

Get credential details.

Object returned will depend on the credential type.

.PARAMETER Path

The full path to the credential object

.PARAMETER VenafiSession

Session object created from New-VenafiSession method.  The value defaults to the script session object $VenafiSession.

.INPUTS

Path

.OUTPUTS

Password/UsernamePassword Credential - PSCredential

Certificate Credential - X509Certificate2

.EXAMPLE

Get-TppCredential -Path '\VED\Policy\MySecureCred'

Get a credential

.LINK

http://VenafiPS.readthedocs.io/en/latest/functions/Get-TppCredential/

.LINK

https://github.com/Venafi/VenafiPS/blob/main/VenafiPS/Public/Get-TppCredential.ps1

#>

function Get-TppCredential {

    [CmdletBinding()]

    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingConvertToSecureStringWithPlainText', '', Justification = 'Generating cred from api call response data')]

    param (

        [Parameter(Mandatory, ValueFromPipeline, ValueFromPipelineByPropertyName)]

        [ValidateNotNullOrEmpty()]

        [ValidateScript( {

                if ( $_ | Test-TppDnPath ) {

                    $true

                }

                else {

                    throw "'$_' is not a valid DN path"

                }

            })]

        [String] $Path,

        [Parameter()]

        [VenafiSession] $VenafiSession = $script:VenafiSession

    )

    begin {

        $VenafiSession.Validate('TPP')

        $params = @{

            VenafiSession = $VenafiSession

            Method        = 'Post'

            UriLeaf       = 'Credentials/Retrieve'

            Body          = @{}

        }

    }

    process {

        $params.Body.CredentialPath = $Path

        $response = Invoke-VenafiRestMethod @params

        if ( -not $response ) {

            continue

        }

        switch ($response.Classname) {

            'Password Credential' {

                $pw = $response.Values | Where-Object { $_.Name -eq 'Password' } | Select-Object -ExpandProperty Value

                New-Object System.Management.Automation.PSCredential((Split-Path -Path $Path -Leaf), ($pw | ConvertTo-SecureString -AsPlainText -Force))

            }

            'Username Password Credential' {

                $un = $response.Values | Where-Object { $_.Name -eq 'Username' } | Select-Object -ExpandProperty Value

                $pw = $response.Values | Where-Object { $_.Name -eq 'Password' } | Select-Object -ExpandProperty Value

                New-Object System.Management.Automation.PSCredential($un, ($pw | ConvertTo-SecureString -AsPlainText -Force))

            }

            'Certificate Credential' {

                $cert = $response.Values | Where-Object { $_.Name -eq 'Certificate' } | Select-Object -ExpandProperty Value

                $pw = $response.Values | Where-Object { $_.Name -eq 'Password' } | Select-Object -ExpandProperty Value

                [System.Security.Cryptography.X509Certificates.X509Certificate2]::new([system.convert]::FromBase64String($cert), $pw)

            }

            Default {

                throw "Credential type '$_' is not supported yet.  Submit an enhancement request."

            }

        }

    }

}