Merge pull request #5 from rsWinAutomationSupport/issue3

Removed makecert.exe dependency
rsWinAutomationSupport · Nov 6, 2015 · 70fb04f · 70fb04f
2 parents d00194e + 88cb65c
commit 70fb04f
Show file tree

Hide file tree

Showing 4 changed files with 447 additions and 10 deletions.
diff --git a/DSCResources/RS_rsGetPublicCert/RS_rsGetPublicCert.psm1 b/DSCResources/RS_rsGetPublicCert/RS_rsGetPublicCert.psm1
@@ -91,7 +91,7 @@ Function Get-TargetResource {
         $PullServerAddress = $nodeinfo.PullServerAddress 
     }
     if(!($PullServerPort)){ 
-        $PullServerAddress = $nodeinfo.PullServerPort 
+        $PullServerPort = $nodeinfo.PullServerPort 
     }  
 
     return @{

diff --git a/DSCResources/RS_rsPullCert/RS_rsPullCert.psm1 b/DSCResources/RS_rsPullCert/RS_rsPullCert.psm1
@@ -25,15 +25,60 @@ Function Set-TargetResource {
   param (
     [parameter(Mandatory = $true)][string]$Name
   )
+  # Import extra functions for use in the resource
+  Get-Item (Join-Path -Path $PSScriptRoot -ChildPath 'helper_scripts\*.ps1') | 
+    ForEach-Object {
+        Write-Verbose ("Importing " -f $_.FullName)
+        . $_.FullName
+    }
+
   $d = Get-Content $(Join-Path ([Environment]::GetEnvironmentVariable('defaultPath','Machine')) 'secrets.json') -Raw | ConvertFrom-Json
-  $yesterday = (Get-Date).AddDays(-1) | Get-Date -Format MM/dd/yyyy
-  Get-ChildItem -Path Cert:\LocalMachine\My\ | Where-Object -FilterScript {$_.Subject -eq $('CN=', $d.PullServerAddress -join '')} | Remove-Item
-  & makecert.exe -b $yesterday -r -pe -n $('CN=', $d.PullServerAddress -join ''), -ss my, -sr localmachine, -len 2048
-  Get-ChildItem -Path Cert:\LocalMachine\Root\ | Where-Object -FilterScript {$_.Subject -eq $('CN=', $d.PullServerAddress -join '')} | Remove-Item
-  $store = Get-Item Cert:\LocalMachine\Root
-  $store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]'ReadWrite')
-  $store.Add( $(New-Object System.Security.Cryptography.X509Certificates.X509Certificate -ArgumentList @(,(Get-ChildItem Cert:\LocalMachine\My | ? Subject -eq "CN=$d.PullServerAddress").RawData)) )
-  $store.Close()
+
+  # Check if a self-signed Pull server certificate already exists - create it if it is not present
+  $PullCertThumbprint = (Get-ChildItem -Path Cert:\LocalMachine\My\ | Where-Object -FilterScript {$_.Subject -eq $('CN=', $d.PullServerAddress -join '')}).Thumbprint
+  if ($PullCertThumbprint -eq $null)
+  {
+    $EndDate = (Get-Date).AddYears(25) | Get-Date -Format MM/dd/yyyy
+    New-SelfSignedCertificateEx -Subject $('CN=', $d.PullServerAddress -join '') `
+                                -NotAfter $EndDate `
+                                -StoreLocation LocalMachine `
+                                -StoreName My `
+                                -Exportable `
+                                -KeyLength 2048
+    $PullCertThumbprint = (Get-ChildItem -Path Cert:\LocalMachine\My\ | Where-Object -FilterScript {$_.Subject -eq $('CN=', $d.PullServerAddress -join '')}).Thumbprint
+  }
+
+  # Replace pull certificate in root store if it does not match one in system personal store
+  $RootPullCertThumbprint = (Get-ChildItem -Path Cert:\LocalMachine\Root\ | Where-Object -FilterScript {$_.Subject -eq $('CN=', $d.PullServerAddress -join '')}).Thumbprint
+
+  if ( -not ($PullCertThumbprint -eq $RootPullCertThumbprint))
+  {
+    if ($RootPullCertThumbprint -ne $null)
+    {
+      Get-ChildItem -Path Cert:\LocalMachine\Root\ | Where-Object -FilterScript {$_.thumbprint -eq $RootPullCertThumbprint} | Remove-Item
+    }
+
+    Write-Verbose "Copying Pull server certificate to the root store"
+    $SourceStoreScope = 'LocalMachine'
+    $SourceStorename = 'My'
+
+    $SourceStore = New-Object  -TypeName System.Security.Cryptography.X509Certificates.X509Store  -ArgumentList $SourceStorename, $SourceStoreScope
+    $SourceStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)
+    $PullCertObj = $SourceStore.Certificates | 
+                    Where-Object -FilterScript {
+                        $_.Thumbprint -eq $PullCertThumbprint
+                    }
+
+    $DestStoreScope = 'LocalMachine'
+    $DestStoreName = 'root'
+
+    $DestStore = New-Object  -TypeName System.Security.Cryptography.X509Certificates.X509Store  -ArgumentList $DestStoreName, $DestStoreScope
+    $DestStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
+    $DestStore.Add($PullCertObj)
+
+    $SourceStore.Close()
+    $DestStore.Close()
+  }
 }
 
 Export-ModuleMember -Function *-TargetResource