From e35978829017d1d73a4e8c6de6ce64a3f89546cb Mon Sep 17 00:00:00 2001 From: Brownstein Date: Tue, 14 Jan 2020 08:50:41 -0500 Subject: [PATCH 1/5] initial cut at import cert --- .../Code/Public/Import-TppCertificate.ps1 | 173 ++++++++++++++++++ VenafiTppPS/Code/VenafiTppPS.psd1 | 26 +-- 2 files changed, 186 insertions(+), 13 deletions(-) create mode 100644 VenafiTppPS/Code/Public/Import-TppCertificate.ps1 diff --git a/VenafiTppPS/Code/Public/Import-TppCertificate.ps1 b/VenafiTppPS/Code/Public/Import-TppCertificate.ps1 new file mode 100644 index 0000000..9b4156d --- /dev/null +++ b/VenafiTppPS/Code/Public/Import-TppCertificate.ps1 @@ -0,0 +1,173 @@ +<# +.SYNOPSIS +Import a certificate + +.DESCRIPTION +Import a certificate with or without private key. + +.PARAMETER CertificatePath +Policy path to import the certificate to + +.PARAMETER FilePath +Path to a certificate file. Provide either this or CertificateData. + +.PARAMETER CertificateData +Contents of a certificate to import. Provide either this or FilePath. + +.PARAMETER EnrollmentAttribute +A hashtable providing any CA attributes to store with the Certificate object, and then submit to the CA during enrollment + +.PARAMETER Name +Friendly name for the certificate object. Required if replacing an existing certificate. + +.PARAMETER PrivateKey +The private key data. Requires a Password. For a PEM certificate, the private key is in either the RSA or PKCS#8 format. If the CertificateData field contains a PKCS#12 formatted certificate, this parameter is ignored because only one private key is allowed. + +.PARAMETER Password +Password required when including a private key. + +.PARAMETER Overwrite +Import and replace, the default is to use the latest certificate with the most recent 'Valid From' date. +Import the certificate into the PolicyDN regardless of whether a past, future, or same version of the certificate exists. +Name must be provided. + +.PARAMETER PassThru +Return a TppObject representing the newly imported object. + +.PARAMETER TppSession +Session object created from New-TppSession method. The value defaults to the script session object $TppSession. + +.EXAMPLE +Import-TppCertificate -CertificatePath \ved\policy\mycerts -FilePath c:\www.venafitppps.com.cer +Import a certificate + +.EXAMPLE +Import-TppCertificate -CertificatePath \ved\policy\mycerts -FilePath c:\www.venafitppps.com.cer -Name www.venafitppps.com -Overwrite +Import a certificate with overwrite + +.INPUTS +None + +.OUTPUTS +TppObject, if PassThru provided + +.NOTES +Must have Master Admin permission or must have View, Read, Write, Create and Private Key Write permission to the Certificate object. +#> +function Import-TppCertificate { + [CmdletBinding(DefaultParameterSetName = 'ByFile')] + param ( + + [Parameter(Mandatory)] + [ValidateNotNullOrEmpty()] + [ValidateScript( { + if ( $_ | Test-TppDnPath ) { + $true + } + else { + throw "'$_' is not a valid DN path" + } + })] + [String] $CertificatePath, + + [Parameter(Mandatory, ParameterSetName = 'ByFile')] + [Parameter(Mandatory, ParameterSetName = 'ByFileWithPrivateKey')] + [ValidateNotNullOrEmpty()] + [ValidateScript( { + if ( $_ | Test-Path ) { + $true + } + else { + throw "'$_' is not a valid path" + } + })] + [String] $FilePath, + + [Parameter(Mandatory, ParameterSetName = 'ByData')] + [Parameter(Mandatory, ParameterSetName = 'ByDataWithPrivateKey')] + [String] $CertificateData, + + [Parameter()] + [String] $Name, + + [Parameter()] + [Hashtable] $EnrollmentAttribute, + + [Parameter(Mandatory, ParameterSetName = 'ByFileWithPrivateKey')] + [Parameter(Mandatory, ParameterSetName = 'ByDataWithPrivateKey')] + [String] $PrivateKey, + + [Parameter(Mandatory, ParameterSetName = 'ByFileWithPrivateKey')] + [Parameter(Mandatory, ParameterSetName = 'ByDataWithPrivateKey')] + [SecureString] $Password, + + [Parameter()] + [switch] $Overwrite, + + [Parameter()] + [switch] $PassThru, + + [Parameter()] + [TppSession] $TppSession = $Script:TppSession + ) + + begin { + + $TppSession.Validate() + + if ( $PSBoundParameters.ContainsKey('FilePath') ) { + # get cert data from file + $CertificateData = Get-Content -Path $FilePath -Raw + } + + $params = @{ + TppSession = $TppSession + Method = 'Post' + UriLeaf = 'certificates/import' + Body = @{ + PolicyDN = $CertificatePath + CertificateData = $CertificateData + Reconcile = 'true' + } + } + + if ( $PSBoundParameters.ContainsKey('EnrollmentAttribute') ) { + $updatedAttribute = @($EnrollmentAttribute.GetEnumerator() | ForEach-Object { @{'Name' = $_.name; 'Value' = $_.value } }) + $params.Body.CASpecificAttributes = $updatedAttribute + + } + + if ( $PSBoundParameters.ContainsKey('Overwrite') ) { + if (-not $PSBoundParameters.ContainsKey('Name') ) { + throw 'Name must be provided when using the Overwrite option' + } + $params.Body.Reconcile = 'false' + } + + if ( $PSBoundParameters.ContainsKey('Name') ) { + $params.Body.ObjectName = $Name + } + + if ( $PSBoundParameters.ContainsKey('PrivateKey') ) { + $params.Body.PrivateKeyData = $PrivateKey + $plainTextPassword = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password)) + $params.Body.Password = $plainTextPassword + } + + try { + + $response = Invoke-TppRestMethod @params + Write-Verbose ('Successfully imported certificate') + + if ( $PassThru ) { + $response.CertificateDN | Get-TppObject + } + } + catch { + throw $_ + } + } + + process { + } +} diff --git a/VenafiTppPS/Code/VenafiTppPS.psd1 b/VenafiTppPS/Code/VenafiTppPS.psd1 index 11e129f..dced6d4 100644 --- a/VenafiTppPS/Code/VenafiTppPS.psd1 +++ b/VenafiTppPS/Code/VenafiTppPS.psd1 @@ -69,19 +69,19 @@ PowerShellVersion = '5.0' # NestedModules = @() # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export. -FunctionsToExport = 'Add-TppCertificateAssociation', 'ConvertTo-TppGuid', - 'ConvertTo-TppPath', 'Find-TppCertificate', 'Find-TppIdentity', - 'Find-TppObject', 'Get-TppAttribute', 'Get-TppCertificate', - 'Get-TppCertificateDetail', 'Get-TppCustomField', - 'Get-TppIdentityAttribute', 'Get-TppObject', 'Get-TppPermission', - 'Get-TppSystemStatus', 'Get-TppVersion', 'Get-TppWorkflowTicket', - 'Invoke-TppCertificateRenewal', 'Move-TppObject', - 'New-TppCapiApplication', 'New-TppCertificate', 'New-TppDevice', - 'New-TppObject', 'New-TppPolicy', 'New-TppSession', 'Read-TppLog', - 'Remove-TppCertificate', 'Remove-TppCertificateAssociation', - 'Rename-TppObject', 'Revoke-TppCertificate', 'Set-TppAttribute', - 'Set-TppPermission', 'Set-TppWorkflowTicketStatus', - 'Test-TppIdentity', 'Test-TppObject', 'Write-TppLog' +FunctionsToExport = 'Add-TppCertificateAssociation', 'ConvertTo-TppGuid', + 'ConvertTo-TppPath', 'Find-TppCertificate', 'Find-TppIdentity', + 'Find-TppObject', 'Get-TppAttribute', 'Get-TppCertificate', + 'Get-TppCertificateDetail', 'Get-TppCustomField', + 'Get-TppIdentityAttribute', 'Get-TppObject', 'Get-TppPermission', + 'Get-TppSystemStatus', 'Get-TppVersion', 'Get-TppWorkflowTicket', + 'Invoke-TppCertificateRenewal', 'Move-TppObject', + 'New-TppCapiApplication', 'New-TppCertificate', 'New-TppDevice', + 'New-TppObject', 'New-TppPolicy', 'New-TppSession', 'Read-TppLog', + 'Remove-TppCertificate', 'Remove-TppCertificateAssociation', + 'Rename-TppObject', 'Revoke-TppCertificate', 'Set-TppAttribute', + 'Set-TppPermission', 'Set-TppWorkflowTicketStatus', + 'Test-TppIdentity', 'Test-TppObject', 'Write-TppLog', 'Import-TppCertificate' # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export. CmdletsToExport = @() From 6c355994eefda6a9a47fe9b2ef6637109c16c225 Mon Sep 17 00:00:00 2001 From: Brownstein Date: Thu, 18 Jun 2020 20:58:30 -0400 Subject: [PATCH 2/5] move rest method to public --- .../Invoke-TppRestMethod.ps1 | 292 +++++++++--------- 1 file changed, 151 insertions(+), 141 deletions(-) rename VenafiTppPS/Code/{Private => Public}/Invoke-TppRestMethod.ps1 (87%) diff --git a/VenafiTppPS/Code/Private/Invoke-TppRestMethod.ps1 b/VenafiTppPS/Code/Public/Invoke-TppRestMethod.ps1 similarity index 87% rename from VenafiTppPS/Code/Private/Invoke-TppRestMethod.ps1 rename to VenafiTppPS/Code/Public/Invoke-TppRestMethod.ps1 index 47e9d75..1aed7df 100644 --- a/VenafiTppPS/Code/Private/Invoke-TppRestMethod.ps1 +++ b/VenafiTppPS/Code/Public/Invoke-TppRestMethod.ps1 @@ -1,141 +1,151 @@ -<# -.SYNOPSIS -Generic REST call for Venafi - -.DESCRIPTION - -.PARAMETER TppSession - -.PARAMETER Method - -.PARAMETER UriLeaf - -.PARAMETER Header - -.PARAMETER Body - -.INPUTS - -.OUTPUTS - -.EXAMPLE - -#> -function Invoke-TppRestMethod { - [CmdletBinding(DefaultParameterSetName = 'Session')] - param ( - [Parameter(Mandatory, ParameterSetName = 'Session')] - [ValidateNotNullOrEmpty()] - [TppSession] $TppSession, - - [Parameter(Mandatory, ParameterSetName = 'URL')] - [ValidateNotNullOrEmpty()] - [String] $ServerUrl, - - [Parameter(ParameterSetName = 'URL')] - [switch] $UseDefaultCredentials, - - [Parameter(Mandatory)] - [ValidateSet("Get", "Post", "Patch", "Put", "Delete")] - [String] $Method, - - [Parameter()] - [String] $UriRoot = 'vedsdk', - - [Parameter(Mandatory)] - [ValidateNotNullOrEmpty()] - [String] $UriLeaf, - - [Parameter()] - [hashtable] $Header, - - [Parameter()] - [Hashtable] $Body, - - [Parameter()] - [switch] $UseWebRequest - ) - - # ensure this api is supported for the current version - # $supportedVersion = $TppSupportedVersion.Where{$_.UriLeaf -eq $UriLeaf} - # if ( $supportedVersion ) { - # if ( $TppSession.Version -lt ([Version] $supportedVersion.Version) ) { - # throw ("{0} is not a supported api call for this version (v{1}) of TPP" -f $UriLeaf, $TppSession.Version) - # } - # } - - if ( $PsCmdlet.ParameterSetName -eq 'Session' ) { - - $ServerUrl = $TppSession.ServerUrl - - if ( $TppSession.Key ) { - $hdr = @{ - "X-Venafi-Api-Key" = $TppSession.Key.ApiKey - } - } else { - # token - $hdr = @{ - 'Authorization' = 'Bearer {0}' -f $TppSession.Token.AccessToken - } - } - } - - $uri = '{0}/{1}/{2}' -f $ServerUrl, $UriRoot, $UriLeaf - - if ( $Header ) { - $hdr += $Header - } - - $params = @{ - Method = $Method - Uri = $uri - Headers = $hdr - ContentType = 'application/json' - } - - if ( $Body.Count -gt 0 ) { - $restBody = $Body - if ( $Method -ne 'Get' ) { - $restBody = ConvertTo-Json $Body -depth 5 - } - $params.Body = $restBody - } - - if ( $UseDefaultCredentials ) { - $params.Add('UseDefaultCredentials', $true) - } - - Write-Verbose ($params | ConvertTo-Json | Out-String) - - if ( $PSBoundParameters.ContainsKey('UseWebRequest') ) { - Write-Debug "Using Invoke-WebRequest" - try { - Invoke-WebRequest @params - } catch { - $_.Exception.Response - } - } else { - Write-Debug "Using Invoke-RestMethod" - try { - Invoke-RestMethod @params - } catch { - # try with trailing slash as some GETs return a 307/401 without it - if ( $Method -eq 'Get' -and (-not $uri.EndsWith('/')) ) { - - Write-Verbose 'GET call failed, trying again with a trailing slash' - - $params.Uri += '/' - - try { - Invoke-RestMethod @params - Write-Warning ('GET call requires a trailing slash, please create an issue at https://github.com/gdbarron/VenafiTppPS/issues and mention api endpoint {0}' -f ('{1}/{2}' -f $UriRoot, $UriLeaf)) - } catch { - throw ('"{0} {1}: {2}' -f $_.Exception.Response.StatusCode.value__, $_.Exception.Response.StatusDescription, $_ | Out-String ) - } - } else { - throw ('"{0} {1}: {2}' -f $_.Exception.Response.StatusCode.value__, $_.Exception.Response.StatusDescription, $_ | Out-String ) - } - } - } -} - +<# +.SYNOPSIS +Generic REST API call + +.DESCRIPTION +Generic REST API call + +.PARAMETER TppSession +TppSession object from New-TppSession. +For typical calls to New-TppSession, the object will be stored as a session object named $TppSession. +Otherwise, if -PassThru was used, provide the resulting object. + +.PARAMETER Method +API method, either get, post, patch, put or delete. + +.PARAMETER UriLeaf +Path to the api endpoint excluding the base url and site, eg. certificates/import + +.PARAMETER Header +Optional additional headers. The authorization header will be included automatically. + +.PARAMETER Body +Optional body to pass to the endpoint + +.INPUTS +None + +.OUTPUTS +PSCustomObject + +.EXAMPLE + +#> +function Invoke-TppRestMethod { + [CmdletBinding(DefaultParameterSetName = 'Session')] + param ( + [Parameter(Mandatory, ParameterSetName = 'Session')] + [ValidateNotNullOrEmpty()] + [TppSession] $TppSession, + + [Parameter(Mandatory, ParameterSetName = 'URL')] + [ValidateNotNullOrEmpty()] + [String] $ServerUrl, + + [Parameter(ParameterSetName = 'URL')] + [switch] $UseDefaultCredentials, + + [Parameter(Mandatory)] + [ValidateSet("Get", "Post", "Patch", "Put", "Delete")] + [String] $Method, + + [Parameter()] + [String] $UriRoot = 'vedsdk', + + [Parameter(Mandatory)] + [ValidateNotNullOrEmpty()] + [String] $UriLeaf, + + [Parameter()] + [hashtable] $Header, + + [Parameter()] + [Hashtable] $Body, + + [Parameter()] + [switch] $UseWebRequest + ) + + # ensure this api is supported for the current version + # $supportedVersion = $TppSupportedVersion.Where{$_.UriLeaf -eq $UriLeaf} + # if ( $supportedVersion ) { + # if ( $TppSession.Version -lt ([Version] $supportedVersion.Version) ) { + # throw ("{0} is not a supported api call for this version (v{1}) of TPP" -f $UriLeaf, $TppSession.Version) + # } + # } + + if ( $PsCmdlet.ParameterSetName -eq 'Session' ) { + + $ServerUrl = $TppSession.ServerUrl + + if ( $TppSession.Key ) { + $hdr = @{ + "X-Venafi-Api-Key" = $TppSession.Key.ApiKey + } + } else { + # token + $hdr = @{ + 'Authorization' = 'Bearer {0}' -f $TppSession.Token.AccessToken + } + } + } + + $uri = '{0}/{1}/{2}' -f $ServerUrl, $UriRoot, $UriLeaf + + if ( $Header ) { + $hdr += $Header + } + + $params = @{ + Method = $Method + Uri = $uri + Headers = $hdr + ContentType = 'application/json' + } + + if ( $Body.Count -gt 0 ) { + $restBody = $Body + if ( $Method -ne 'Get' ) { + $restBody = ConvertTo-Json $Body -depth 5 + } + $params.Body = $restBody + } + + if ( $UseDefaultCredentials ) { + $params.Add('UseDefaultCredentials', $true) + } + + Write-Verbose ($params | ConvertTo-Json | Out-String) + + if ( $PSBoundParameters.ContainsKey('UseWebRequest') ) { + Write-Debug "Using Invoke-WebRequest" + try { + Invoke-WebRequest @params + } catch { + $_.Exception.Response + } + } else { + Write-Debug "Using Invoke-RestMethod" + try { + Invoke-RestMethod @params + } catch { + # try with trailing slash as some GETs return a 307/401 without it + if ( $Method -eq 'Get' -and (-not $uri.EndsWith('/')) ) { + + Write-Verbose 'GET call failed, trying again with a trailing slash' + + $params.Uri += '/' + + try { + Invoke-RestMethod @params + Write-Warning ('GET call requires a trailing slash, please create an issue at https://github.com/gdbarron/VenafiTppPS/issues and mention api endpoint {0}' -f ('{1}/{2}' -f $UriRoot, $UriLeaf)) + } catch { + throw ('"{0} {1}: {2}' -f $_.Exception.Response.StatusCode.value__, $_.Exception.Response.StatusDescription, $_ | Out-String ) + } + } else { + throw ('"{0} {1}: {2}' -f $_.Exception.Response.StatusCode.value__, $_.Exception.Response.StatusDescription, $_ | Out-String ) + } + } + } +} + From ec428a264bb896e75f4eb39808ea0b09a7e75069 Mon Sep 17 00:00:00 2001 From: Brownstein Date: Thu, 18 Jun 2020 20:59:06 -0400 Subject: [PATCH 3/5] fix verbose being called incorrectly --- VenafiTppPS/Code/Public/New-TppSession.ps1 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/VenafiTppPS/Code/Public/New-TppSession.ps1 b/VenafiTppPS/Code/Public/New-TppSession.ps1 index 2371324..ef1209c 100644 --- a/VenafiTppPS/Code/Public/New-TppSession.ps1 +++ b/VenafiTppPS/Code/Public/New-TppSession.ps1 @@ -166,6 +166,8 @@ function New-TppSession { [switch] $PassThru ) + $isVerbose = if ($PSBoundParameters.Verbose -eq $true) { $true } else { $false } + $ServerUrl = $Server # add prefix if just server url was provided if ( $Server -notlike 'https://*') { @@ -218,7 +220,7 @@ function New-TppSession { $params.State = $State } - $token = New-TppToken @params -Verbose:$Verbose + $token = New-TppToken @params -Verbose:$isVerbose $newSession.Token = $token $newSession.Expires = $token.Expires } From 83744a3acca7a5e7cc0a805b1ba702af369fd5cf Mon Sep 17 00:00:00 2001 From: Brownstein Date: Thu, 18 Jun 2020 20:59:25 -0400 Subject: [PATCH 4/5] add import-tppcertificate --- .../Code/Public/Import-TppCertificate.ps1 | 72 +++++++++---------- VenafiTppPS/Code/VenafiTppPS.psd1 | 2 +- 2 files changed, 33 insertions(+), 41 deletions(-) diff --git a/VenafiTppPS/Code/Public/Import-TppCertificate.ps1 b/VenafiTppPS/Code/Public/Import-TppCertificate.ps1 index 9b4156d..3c5863a 100644 --- a/VenafiTppPS/Code/Public/Import-TppCertificate.ps1 +++ b/VenafiTppPS/Code/Public/Import-TppCertificate.ps1 @@ -5,20 +5,25 @@ Import a certificate .DESCRIPTION Import a certificate with or without private key. -.PARAMETER CertificatePath +.PARAMETER PolicyPath Policy path to import the certificate to -.PARAMETER FilePath +.PARAMETER CertificatePath Path to a certificate file. Provide either this or CertificateData. .PARAMETER CertificateData -Contents of a certificate to import. Provide either this or FilePath. +Contents of a certificate to import. Provide either this or CertificatePath. .PARAMETER EnrollmentAttribute A hashtable providing any CA attributes to store with the Certificate object, and then submit to the CA during enrollment .PARAMETER Name -Friendly name for the certificate object. Required if replacing an existing certificate. +Optional name for the certificate object. +If not provided, the certificate Common Name (CN) is used. +The derived certificate object name references an existing object (of any class). +If another certificate has the same CN, a dash (-) integer appends to the CertificateDN. For example, test.venafi.example - 3. +If not provided and the CN is also missing, the name becomes the first Domain Name System (DNS) Subject Alternative Name (SAN). +Finally, if none of the above are found, the serial number is used. .PARAMETER PrivateKey The private key data. Requires a Password. For a PEM certificate, the private key is in either the RSA or PKCS#8 format. If the CertificateData field contains a PKCS#12 formatted certificate, this parameter is ignored because only one private key is allowed. @@ -26,10 +31,13 @@ The private key data. Requires a Password. For a PEM certificate, the private ke .PARAMETER Password Password required when including a private key. -.PARAMETER Overwrite -Import and replace, the default is to use the latest certificate with the most recent 'Valid From' date. -Import the certificate into the PolicyDN regardless of whether a past, future, or same version of the certificate exists. -Name must be provided. +.PARAMETER Reconcile +Controls certificate and corresponding private key replacement. +By default, this function will import and replace the certificate regardless of whether a past, future, or same version of the certificate exists in Trust Protection Platform. +By using this parameter, this function will import, but use newest. Only import the certificate when no Certificate object exists with a past, present, or current version of the imported certificate. +If a match is found between the Certificate object and imported certificate, activate the certificate with the most current 'Valid From' date. +Archive the unused certificate, even if it is the imported certificate, to the History tab. +See https://github.com/gdbarron/VenafiTppPS/issues/88#issuecomment-600134145 for a flowchart of the reconciliation algorithm. .PARAMETER PassThru Return a TppObject representing the newly imported object. @@ -38,13 +46,9 @@ Return a TppObject representing the newly imported object. Session object created from New-TppSession method. The value defaults to the script session object $TppSession. .EXAMPLE -Import-TppCertificate -CertificatePath \ved\policy\mycerts -FilePath c:\www.venafitppps.com.cer +Import-TppCertificate -PolicyPath \ved\policy\mycerts -CertificatePath c:\www.venafitppps.com.cer Import a certificate -.EXAMPLE -Import-TppCertificate -CertificatePath \ved\policy\mycerts -FilePath c:\www.venafitppps.com.cer -Name www.venafitppps.com -Overwrite -Import a certificate with overwrite - .INPUTS None @@ -63,12 +67,11 @@ function Import-TppCertificate { [ValidateScript( { if ( $_ | Test-TppDnPath ) { $true - } - else { - throw "'$_' is not a valid DN path" + } else { + throw "'$_' is not a valid Policy path" } })] - [String] $CertificatePath, + [String] $PolicyPath, [Parameter(Mandatory, ParameterSetName = 'ByFile')] [Parameter(Mandatory, ParameterSetName = 'ByFileWithPrivateKey')] @@ -76,12 +79,11 @@ function Import-TppCertificate { [ValidateScript( { if ( $_ | Test-Path ) { $true - } - else { + } else { throw "'$_' is not a valid path" } })] - [String] $FilePath, + [String] $CertificatePath, [Parameter(Mandatory, ParameterSetName = 'ByData')] [Parameter(Mandatory, ParameterSetName = 'ByDataWithPrivateKey')] @@ -102,7 +104,7 @@ function Import-TppCertificate { [SecureString] $Password, [Parameter()] - [switch] $Overwrite, + [switch] $Reconcile, [Parameter()] [switch] $PassThru, @@ -115,9 +117,9 @@ function Import-TppCertificate { $TppSession.Validate() - if ( $PSBoundParameters.ContainsKey('FilePath') ) { + if ( $PSBoundParameters.ContainsKey('CertificatePath') ) { # get cert data from file - $CertificateData = Get-Content -Path $FilePath -Raw + $CertificateData = Get-Content -Path $CertificatePath -Raw } $params = @{ @@ -125,9 +127,8 @@ function Import-TppCertificate { Method = 'Post' UriLeaf = 'certificates/import' Body = @{ - PolicyDN = $CertificatePath + PolicyDN = $PolicyPath CertificateData = $CertificateData - Reconcile = 'true' } } @@ -137,11 +138,8 @@ function Import-TppCertificate { } - if ( $PSBoundParameters.ContainsKey('Overwrite') ) { - if (-not $PSBoundParameters.ContainsKey('Name') ) { - throw 'Name must be provided when using the Overwrite option' - } - $params.Body.Reconcile = 'false' + if ( $PSBoundParameters.ContainsKey('Reconcile') ) { + $params.Body.Reconcile = 'true' } if ( $PSBoundParameters.ContainsKey('Name') ) { @@ -154,17 +152,11 @@ function Import-TppCertificate { $params.Body.Password = $plainTextPassword } - try { + $response = Invoke-TppRestMethod @params + Write-Verbose ('Successfully imported certificate') - $response = Invoke-TppRestMethod @params - Write-Verbose ('Successfully imported certificate') - - if ( $PassThru ) { - $response.CertificateDN | Get-TppObject - } - } - catch { - throw $_ + if ( $PassThru ) { + $response.CertificateDN | Get-TppObject } } diff --git a/VenafiTppPS/Code/VenafiTppPS.psd1 b/VenafiTppPS/Code/VenafiTppPS.psd1 index 7d13830..b947c87 100644 --- a/VenafiTppPS/Code/VenafiTppPS.psd1 +++ b/VenafiTppPS/Code/VenafiTppPS.psd1 @@ -82,7 +82,7 @@ FunctionsToExport = 'Add-TppCertificateAssociation', 'ConvertTo-TppGuid', 'Remove-TppCertificateAssociation', 'Rename-TppObject', 'Revoke-TppCertificate', 'Revoke-TppToken', 'Set-TppAttribute', 'Set-TppPermission', 'Set-TppWorkflowTicketStatus', - 'Test-TppIdentity', 'Test-TppObject', 'Write-TppLog' + 'Test-TppIdentity', 'Test-TppObject', 'Write-TppLog', 'Import-TppCertificate', 'Invoke-TppRestMethod' # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export. CmdletsToExport = @() From 1de24451f402ea42c52ff57bcad1ad500657f35b Mon Sep 17 00:00:00 2001 From: Brownstein Date: Thu, 18 Jun 2020 21:03:12 -0400 Subject: [PATCH 5/5] update release notes --- RELEASE.md | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/RELEASE.md b/RELEASE.md index 8d19031..d1ba746 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,6 +1,3 @@ -- Add token-based authentication support, Integrated, OAuth, and Certificate. Tokens can be used in or out of this module. -- Add CertificateType option to New-TppCertificate -- Add support for GET api calls which require a trailing slash -- Fixes in multiple functions where .Add on a hashtable was called in the process block -- Fix issue #102, Base64 with private key not an available option -- Update formats which support IncludeChain \ No newline at end of file +- add Import-TppCertificate, #88 +- make Invoke-TppRestMethod accessible, #106 +- fix verbose being turned on incorrectly in New-TppSession when getting by token \ No newline at end of file