removing common change

microsoft · Nov 19, 2019 · ad743fd · ad743fd
1 parent 31fd4de
commit ad743fd
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 2 deletions.
diff --git a/Tasks/Common/VstsAzureHelpers_/InitializeAzModuleFunctions.ps1 b/Tasks/Common/VstsAzureHelpers_/InitializeAzModuleFunctions.ps1
@@ -99,7 +99,7 @@ function Initialize-AzSubscription {
     if ($Endpoint.Auth.Scheme -eq 'ServicePrincipal') {
         try {
             if ($Endpoint.Auth.Parameters.AuthenticationType -eq 'SPNCertificate') {
-                $servicePrincipalCertificate = Add-Certificate -Endpoint $Endpoint -ServicePrincipal
+                $servicePrincipalCertificate = Add-CertificateForAz -Endpoint $Endpoint
 
                 Write-Host "##[command]Connect-AzAccount -ServicePrincipal -Tenant $($Endpoint.Auth.Parameters.TenantId) -CertificateThumbprint ****** -ApplicationId $($Endpoint.Auth.Parameters.ServicePrincipalId) -Environment $environmentName"
                 $null = Connect-AzAccount -ServicePrincipal -Tenant $Endpoint.Auth.Parameters.TenantId `

diff --git a/Tasks/Common/VstsAzureHelpers_/Utility.ps1 b/Tasks/Common/VstsAzureHelpers_/Utility.ps1
@@ -12,7 +12,7 @@
         $pemFileContent = $Endpoint.Auth.Parameters.ServicePrincipalCertificate
         $pfxFilePath, $pfxFilePassword = ConvertTo-Pfx -pemFileContent $pemFileContent
 
-        $certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($pfxFilePath, $pfxFilePassword, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet)
+        $certificate.Import($pfxFilePath, $pfxFilePassword, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet)
     }
     else {
         $bytes = [System.Convert]::FromBase64String($Endpoint.Auth.Parameters.Certificate)
@@ -32,6 +32,31 @@
     return $certificate
 }
 
+function Add-CertificateForAz {
+    [CmdletBinding()]
+    param(
+        [Parameter(Mandatory=$true)] $Endpoint
+    )
+
+    $pemFileContent = $Endpoint.Auth.Parameters.ServicePrincipalCertificate
+    $pfxFilePath, $pfxFilePassword = ConvertTo-Pfx -pemFileContent $pemFileContent
+
+    # Add the certificate to the cert store.
+    $certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($pfxFilePath, $pfxFilePassword, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet)
+
+    $store = New-Object System.Security.Cryptography.X509Certificates.X509Store(
+            ([System.Security.Cryptography.X509Certificates.StoreName]::My),
+            ([System.Security.Cryptography.X509Certificates.StoreLocation]::CurrentUser))
+    $store.Open(([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite))
+    $store.Add($certificate)
+    $store.Close()
+
+    #store the thumbprint in a global variable which will be used to remove the certificate later on
+    $script:Endpoint_Authentication_Certificate = $certificate.Thumbprint
+    Write-Verbose "Added certificate to the certificate store."
+    return $certificate
+}
+
 function Format-Splat {
     [CmdletBinding()]
     param([Parameter(Mandatory = $true)][hashtable]$Hashtable)