Skip to content

Commit

Permalink
Export-VenafiCertificate doesn't report when using params for the wro…
Browse files Browse the repository at this point in the history 
…ng platform

Fixes #149
  • Loading branch information
@gdbarron
gdbarron committed Oct 26, 2022
1 parent 15fdd5d commit 0441194
Showing 1 changed file with 17 additions and 10 deletions.
27 changes: 17 additions & 10 deletions VenafiPS/Public/Export-VenafiCertificate.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ function Export-VenafiCertificate {
.PARAMETER Format
Certificate format.
For Venafi as a Service, you can provide either PEM, DER, or JKS.
For TPP, Base64, Base64 (PKCS#8), DER, JKS, PKCS #7, or PKCS #12.
For TPP, you can provide Base64, Base64 (PKCS#8), DER, JKS, PKCS #7, or PKCS #12.
.PARAMETER OutPath
Folder path to save the certificate to. The name of the file will be determined automatically. TPP Only...for now.
Expand All @@ -24,7 +24,7 @@ function Export-VenafiCertificate {
Label or alias to use. Permitted with Base64 and PKCS #12 formats. Required when Format is JKS. TPP Only.
.PARAMETER IncludePrivateKey
DEPRECATED. Provide a value for -PrivateKeyPassword.
DEPRECATED. Provide a value for -PrivateKeyPassword. TPP only.
.PARAMETER PrivateKeyPassword
Password required to include the private key. Not supported with DER or PKCS #7 formats. TPP Only.
Expand Down Expand Up @@ -80,7 +80,7 @@ function Export-VenafiCertificate {
#>

[CmdletBinding(DefaultParameterSetName = 'Vaas')]
[CmdletBinding(DefaultParameterSetName = 'All')]
[Alias('Get-TppCertificate', 'Export-TppCertificate', 'Export-VaasCertificate')]

param (
Expand All @@ -89,7 +89,8 @@ function Export-VenafiCertificate {
[Alias('Path', 'id')]
[string] $CertificateId,

[Parameter(Mandatory)]
[Parameter(Mandatory, ParameterSetName = 'All')]
[Parameter(Mandatory, ParameterSetName = 'Tpp')]
[ValidateSet("Base64", "Base64 (PKCS #8)", "DER", "JKS", "PKCS #7", "PKCS #12", "PEM")]
[string] $Format,

Expand Down Expand Up @@ -130,6 +131,10 @@ function Export-VenafiCertificate {
begin {
$platform = Test-VenafiSession -VenafiSession $VenafiSession -PassThru

if ( $PsCmdlet.ParameterSetName -ne 'All' -and $PsCmdlet.ParameterSetName -notmatch "^$platform" ) {
throw "The parameters selected are not applicable to $platform"
}

$params = @{
VenafiSession = $VenafiSession
Body = @{
Expand All @@ -140,10 +145,15 @@ function Export-VenafiCertificate {
if ( $platform -eq 'VaaS' ) {

if ( $Format -notin 'PEM', 'DER', 'JKS') {
throw "Venafi as a Service does not support the format $Format"
throw 'VaaS supports format PEM, DER, and JKS'
}

} else {

if ( $Format -eq 'PEM') {
throw 'TPP supports format Base64, Base64 (PKCS #8), DER, JKS, PKCS #7, and PKCS #12'
}

if ($PrivateKeyPassword) {

# validate format to be able to export the private key
Expand All @@ -163,9 +173,6 @@ function Export-VenafiCertificate {
}

if ( $KeystorePassword ) {
if ( $Format -and $Format -ne 'JKS' ) {
Write-Warning "Changing format from $Format to JKS as KeystorePassword was provided"
}
$params.Body.Format = 'JKS'
$plainTextPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringUni([System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($KeystorePassword))
$params.Body.KeystorePassword = $plainTextPassword
Expand All @@ -184,7 +191,7 @@ function Export-VenafiCertificate {
}

if ($IncludePrivateKey) {
Write-Warning "IncludePrivateKey is DEPRECATED. Provide a value for -PrivateKeyPassword instead."
Write-Warning "IncludePrivateKey is DEPRECATED. Provide a value for just -PrivateKeyPassword instead."
}
}
}
Expand All @@ -205,7 +212,7 @@ function Export-VenafiCertificate {
$params.Method = 'Post'
$params.UriLeaf = 'certificates/retrieve'

$params.Body.CertificateDN = $CertificateId
$params.Body.CertificateDN = $CertificateId | ConvertTo-TppFullPath

$response = Invoke-VenafiRestMethod @params

Expand Down

0 comments on commit 0441194

Please sign in to comment.