Publish preview version (#42)

* adds certificate store location

* add additional certificate store tests

* add cert store tests for New-CredentialStoreItem

* fix test

* add error handling for credential store path

* add Import-CSCertificate helper function

* Import new certificate if param is given

* fix extension filter

* add linux error message

* fix pester test for linux

* update cert helper functions

* export helper functions

* fix cs cert import

* simplify cs cret lookup

* remove obsolete functions

* fix pester test for linux

* fix error type for linux

* fix var name

* fix pester test

* disable travis artifact upload

* update cert lookup for item functions

* debug build error

* use cert instance constructor for linux

* disable debug output

* remove obsolete exports

.travis.yml

@@ -20,10 +20,9 @@ matrix:
   fast_finish: true
 
 
-addons:
-  artifacts:
-    #paths: $(ls ./../dist/PowerShellGet.zip | tr "\n" ":")
-    paths: ./dist/PowerShellGet.zip
+#addons:
+#  artifacts:
+#    paths: ./dist/PowerShellGet.zip
 
 
 install:

src/Certificate/Get-CSCertificate.ps1

@@ -0,0 +1,81 @@
+function Get-CSCertificate {
+    <#
+    .SYNOPSIS
+        Returns the certificate object given by thumbprint.
+
+    .DESCRIPTION
+        You can use this function to get a stored certificate. Search for the object by its unique thumbprint.
+
+    .PARAMETER Thumbprint
+        Provide one or more thumprints.
+
+    .PARAMETER StoreName
+        Select the store name in which you want to search the certificates.
+
+    .PARAMETER StoreLocation
+        Select between the both available locations CurrentUser odr LocalMachine.
+
+    .INPUTS
+        [string]
+
+    .OUTPUTS
+        [System.Security.Cryptography.X509Certificates.X509Certificate2[]]
+
+    .EXAMPLE
+        Get-CSCertificate -Thumbprint '12345678' -StoreName 'My' -StoreLocation 'CurrentUser'
+
+    .NOTES
+        File Name   : Get-CSCertificate.ps1
+        Author      : Marco Blessing - [email protected]
+        Requires    :
+
+    .LINK
+        https://github.com/OCram85/PSCredentialStore
+    #>
+    [CmdletBinding()]
+    [OutputType([System.Security.Cryptography.X509Certificates.X509Certificate2])]
+    param(
+        [Parameter(Mandatory = $true, ValueFromPipeline = $true)]
+        [ValidateNotNullOrEmpty()]
+        [string[]]$Thumbprint,
+
+        [Parameter(Mandatory = $false)]
+        [ValidateSet(
+            'AddressBook',
+            'AuthRoot',
+            'CertificateAuthority',
+            'Disallowed',
+            'My',
+            'Root',
+            'TrustedPeople',
+            'TrustedPublisher'
+        )]
+        [string]$StoreName = 'My',
+
+        [Parameter(Mandatory = $false)]
+        [ValidateSet(
+            'CurrentUser',
+            'LocalMachine'
+        )]
+        [string]$StoreLocation = 'CurrentUser'
+    )
+
+    begin {
+        $Store = [System.Security.Cryptography.X509Certificates.X509Store]::New($StoreName, $StoreLocation)
+        try {
+            $Store.Open('ReadOnly')
+        }
+        catch {
+            $_.Exception.Message | Write-Error -ErrorAction Stop
+        }
+    }
+
+    process {
+        foreach ($Thumb in $Thumbprint) {
+            Write-Output $Store.Certificates | Where-Object { $_.Thumbprint -eq $Thumb }
+        }
+    }
+    end {
+        $Store.Close()
+    }
+}

src/Certificate/Import-CSCertificate.ps1

@@ -0,0 +1,112 @@
+function Import-CSCertificate {
+    <#
+    .SYNOPSIS
+        adds a given pfx certificate file to current uerers personal certificate store.
+
+    .DESCRIPTION
+        This function is used to import existing pfx certificate files. The Import-PFXCertificate cmdle from the
+        PKI module imports the certficate into a deprecated store. Thus you can't read the private key afterwards or
+        using it for decrypting data.
+
+    .PARAMETER Path
+        Path to an existing *.pfx certificate file.
+
+    .PARAMETER StoreName
+        Additionally you change change the store where you want the certificate into.
+
+    .INPUTS
+        [None]
+
+    .OUTPUTS
+        [None]
+
+    .EXAMPLE
+        Import-CSCertificate -Path (Join-Path -Path $Env:APPDATA -ChildPath '/PSCredentialStore.pfx')
+
+    .NOTES
+        File Name   : Import-CSCertificate.ps1
+        Author      : Marco Blessing - [email protected]
+        Requires    :
+
+    .LINK
+        https://github.com/OCram85/PSCredentialStore
+    #>
+    [CmdletBinding()]
+    [OutputType()]
+    param(
+        [Parameter(Mandatory = $true)]
+        [ValidateNotNullOrEmpty()]
+        [string]$Path,
+
+        [Parameter(Mandatory = $false)]
+        [ValidateSet(
+            'AddressBook',
+            'AuthRoot',
+            'CertificateAuthority',
+            'Disallowed',
+            'My',
+            'Root',
+            'TrustedPeople',
+            'TrustedPublisher'
+        )]
+        [string]$StoreName = 'My',
+
+        [Parameter(Mandatory = $false)]
+        [ValidateSet(
+            'CurrentUser',
+            'LocalMachine'
+        )]
+        [string]$StoreLocation = 'CurrentUser',
+
+        [Parameter(Mandatory = $false)]
+        [ValidateSet(
+            'ReadOnly',
+            'ReadWrite',
+            'MaxAllowed',
+            'OpenExistingOnly',
+            'InclueArchived'
+        )]
+        [string]$OpenFlags = 'ReadWrite'
+    )
+    begin {
+        $Store = [System.Security.Cryptography.X509Certificates.X509Store]::new($StoreName, $StoreLocation)
+        try {
+            $Store.Open($OpenFlags)
+        }
+        catch {
+            $_.Exception.Message | Write-Error -ErrorAction Stop
+        }
+    }
+    process {
+        try {
+            $cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new(
+                $Path,
+                $null,
+                (
+                    [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable -bor
+                    [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet
+                )
+            )
+
+            if (Test-CSCertificate -Thumbprint $cert.Thumbprint) {
+                Write-Warning -Message ('The certificate with thumbprint {0} is already present!' -f $cert.Thumbprint)
+            }
+            else {
+                $Store.Add($cert)
+            }
+        }
+        catch {
+            $_.Exception.Message | Write-Error -ErrorAction Stop
+            $ErrorParams = @{
+                ErrorAction = 'Stop'
+                Exception   = [System.Exception]::new(
+                    'Could not read or add the pfx certificate!'
+                )
+            }
+            Write-Error @ErrorParams
+        }
+    }
+    end {
+        $Store.Close()
+    }
+}

src/Certificate/Test-CSCertificate.ps1

@@ -0,0 +1,86 @@
+function Test-CSCertificate {
+    <#
+    .SYNOPSIS
+        Tests if the given certificate exists in a store.
+
+    .DESCRIPTION
+        Use this function to ensure if a certificate is already imported into a given store.
+
+    .PARAMETER Thumbprint
+        Provide one or more thumprints.
+
+    .PARAMETER StoreName
+        Select the store name in which you want to search the certificates.
+
+    .PARAMETER StoreLocation
+        Select between the both available locations CurrentUser odr LocalMachine.
+
+    .INPUTS
+        [None]
+
+    .OUTPUTS
+        [bool]
+
+    .EXAMPLE
+        Test-CSCertificate -Thumbprint '12345678' -StoreName 'My' -StoreLocation 'CurrentUser'
+
+    .NOTES
+        File Name   : Test-CSCertificate.ps1
+        Author      : Marco Blessing - [email protected]
+        Requires    :
+
+    .LINK
+        https://github.com/OCram85/PSCredentialStore
+    #>
+    [CmdletBinding()]
+    [OutputType([bool])]
+    param(
+        [Parameter(Mandatory = $true, ValueFromPipeline = $true)]
+        [ValidateNotNullOrEmpty()]
+        [string]$Thumbprint,
+
+        [Parameter(Mandatory = $false)]
+        [ValidateSet(
+            'AddressBook',
+            'AuthRoot',
+            'CertificateAuthority',
+            'Disallowed',
+            'My',
+            'Root',
+            'TrustedPeople',
+            'TrustedPublisher'
+        )]
+        [string]$StoreName = 'My',
+
+        [Parameter(Mandatory = $false)]
+        [ValidateSet(
+            'CurrentUser',
+            'LocalMachine'
+        )]
+        [string]$StoreLocation = 'CurrentUser'
+    )
+
+    begin {
+        $Store = [System.Security.Cryptography.X509Certificates.X509Store]::New($StoreName, $StoreLocation)
+        try {
+            $Store.Open('ReadOnly')
+        }
+        catch {
+            $_.Exception.Message | Write-Error -ErrorAction Stop
+        }
+    }
+
+    process {
+        $Cert = $Store.Certificates | Where-Object { $_.Thumbprint -eq $Thumbprint }
+
+        if ($null -eq $Cert) {
+            return $false
+        }
+        else {
+            return $true
+        }
+    }
+    end {
+        $Store.Close()
+    }
+}

src/Item/Get-CredentialStoreItem.ps1

@@ -87,7 +87,24 @@ function Get-CredentialStoreItem {
             $CSMembers = Get-Member -InputObject $CS
             # Let's first check if the given remote host exists as object property
             if (($CSMembers.MemberType -eq "NoteProperty") -and ($CSMembers.Name -contains $CredentialName)) {
-                $Cert = Get-PfxCertificate -FilePath $CS.PfXCertificate -ErrorAction Stop
+                try {
+                    if ($null -eq $CS.PfxCertificate) {
+                        $Cert = Get-CSCertificate -Thumbprint $CS.Thumbprint
+                    }
+                    else {
+                        $Cert = Get-PfxCertificate -FilePath $CS.PfxCertificate -ErrorAction Stop
+                    }
+                }
+                catch {
+                    $_.Exception.Message | Write-Error
+                    $ErrorParams = @{
+                        ErrorAction = 'Stop'
+                        Exception   = [System.Security.Cryptography.CryptographicException]::new(
+                            'Could not read the given PFX certificate.'
+                        )
+                    }
+                    Write-Error @ErrorParams
+                }
                 $DecryptedKey = $Cert.PrivateKey.Decrypt(
                     [Convert]::FromBase64String($CS.$CredentialName.EncryptedKey),
                     [System.Security.Cryptography.RSAEncryptionPadding]::Pkcs1

src/Item/New-CredentialStoreItem.ps1

@@ -117,7 +117,21 @@ function New-CredentialStoreItem {
 
         if ($Credential.UserName) {
             try {
-                $Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop
+                if ($null -eq $CSContent.PfxCertificate) {
+                    $Cert = Get-CSCertificate -Thumbprint $CSContent.Thumbprint
+                    if ($null -eq $Cert) {
+                        $ErrorParams = @{
+                            ErrorAction = 'Stop'
+                            Exception   = [System.Security.Cryptography.X509Certificates.FileNotFoundException]::new(
+                                ('Could not find the linked certificate with thumbprint {0}' -f $CSContent.Thumbprint)
+                            )
+                        }
+                        Write-Error @ErrorParams
+                    }
+                }
+                else {
+                    $Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop
+                }
             }
             catch {
                 $_.Exception.Message | Write-Error

src/Item/Set-CredentialStoreItem.ps1

@@ -103,14 +103,20 @@ function Set-CredentialStoreItem {
 
         if ($Credential.UserName) {
             try {
-                $Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop
+                if ($null -eq $CSContent.PfxCertificate) {
+                    $Cert = Get-CSCertificate -Thumbprint $CSContent.Thumbprint
+                }
+                else {
+                    $Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop
+                }
             }
             catch {
                 $_.Exception.Message | Write-Error
                 $ErrorParams = @{
-                    Message     = 'Could not read the given PFX certificate.'
                     ErrorAction = 'Stop'
-                    Exception   = [System.Security.Cryptography.CryptographicException]::new()
+                    Exception   = [System.Security.Cryptography.CryptographicException]::new(
+                        'Could not read the given PFX certificate.'
+                    )
                 }
                 Write-Error @ErrorParams
             }

src/PSCredentialStore.psd1

@@ -63,8 +63,11 @@
     # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
     FunctionsToExport    = @(
         # Certificate
+        'Get-CSCertificate',
+        'Import-CSCertificate',
         'New-CRTAttribute',
         'New-PfxCertificate',
+        'Test-CSCertificate',
         'Use-PfxCertificate',
         # Connection
         'Connect-To',
@@ -79,8 +82,7 @@
         # Store
         'Get-CredentialStore',
         'New-CredentialStore',
-        'Test-CredentialStore',
-        'Update-CredentialStore'
+        'Test-CredentialStore'
     )
 
     # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.