CertificateDsc: Add content parameter to ImportPFX and ImportCertific…

…ate resources (#242) * Updated reosurce and unit tests to support content prop * Update integration test * Update comment * Update example * Fix example * Fixed duplicate guid * Update test * Update integration test * Update integration test to work with Pwsh 5.1+ * Update to import byte array directly to the certificate object * Merge branch 'main' into AddContentParameter * Updates for comments * Removed Description tag * Added return of Content parameter value with Get-TargetResource * Merge branch 'main' into AddContentParameter * Merge branch 'main' into AddContentParameter * Update DSC_CertificateImport.psm1 * Update DSC_PfxImport.psm1 * Updates for comments * Fix integration test * Fix integration test
dsccommunity · Feb 19, 2021 · 6fdb097 · 6fdb097
1 parent 57f817a
commit 6fdb097
Show file tree

Hide file tree

Showing 16 changed files with 1,350 additions and 65 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+
+### Added
+
+- PfxImport:
+ - Added Base64Content parameter to specify the content of a PFX file that can be included in the configuration MOF - Fixes [Issue #241](https://github.com/dsccommunity/CertificateDsc/issues/241).
+- CertificateImport:
+ - Added Base64Content parameter to specify the content of a certificate file that can be included in the configuration MOF - Fixes [Issue #241](https://github.com/dsccommunity/CertificateDsc/issues/241).
+
 ### Changed
 
 - Renamed `master` branch to `main` - Fixes [Issue #237](https://github.com/dsccommunity/CertificateDsc/issues/237).

diff --git a/source/DSCResources/DSC_CertificateImport/DSC_CertificateImport.psm1 b/source/DSCResources/DSC_CertificateImport/DSC_CertificateImport.psm1
@@ -23,6 +23,10 @@ $script:localizedData = Get-LocalizedData -DefaultUICulture 'en-US'
  The path to the CER file you want to import.
  This parameter is ignored.
 
+ .PARAMETER Content
+ The base64 encoded content of the CER file you want to import.
+ This parameter is ignored.
+
  .PARAMETER Location
  The Windows Certificate Store Location to import the certificate to.
 
@@ -48,10 +52,14 @@ function Get-TargetResource
  [System.String]
  $Thumbprint,
 
- [Parameter(Mandatory = $true)]
+ [Parameter()]
  [System.String]
  $Path,
 
+ [Parameter()]
+ [System.String]
+ $Content,
+
  [Parameter(Mandatory = $true)]
  [ValidateSet('CurrentUser', 'LocalMachine')]
  [System.String]
@@ -95,6 +103,7 @@ function Get-TargetResource
  return @{
  Thumbprint = $Thumbprint
  Path = $Path
+ Content = $Content
  Location = $Location
  Store = $Store
  Ensure = $Ensure
@@ -112,6 +121,9 @@ function Get-TargetResource
  .PARAMETER Path
  The path to the CER file you want to import.
 
+ .PARAMETER Content
+ The base64 encoded content of the CER file you want to import.
+
  .PARAMETER Location
  The Windows Certificate Store Location to import the certificate to.
 
@@ -135,10 +147,14 @@ function Test-TargetResource
  [System.String]
  $Thumbprint,
 
- [Parameter(Mandatory = $true)]
+ [Parameter()]
  [System.String]
  $Path,
 
+ [Parameter()]
+ [System.String]
+ $Content,
+
  [Parameter(Mandatory = $true)]
  [ValidateSet('CurrentUser', 'LocalMachine')]
  [System.String]
@@ -165,6 +181,8 @@ function Test-TargetResource
  $($script:localizedData.TestingCertificateStatusMessage -f $Thumbprint, $Location, $Store)
  ) -join '' )
 
+ Assert-ResourceProperty @PSBoundParameters
+
  $currentState = Get-TargetResource @PSBoundParameters
 
  if ($Ensure -ne $currentState.Ensure)
@@ -198,6 +216,9 @@ function Test-TargetResource
  .PARAMETER Path
  The path to the CER file you want to import.
 
+ .PARAMETER Content
+ The base64 encoded content of the CER file you want to import.
+
  .PARAMETER Location
  The Windows Certificate Store Location to import the certificate to.
 
@@ -220,10 +241,14 @@ function Set-TargetResource
  [System.String]
  $Thumbprint,
 
- [Parameter(Mandatory = $true)]
+ [Parameter()]
  [System.String]
  $Path,
 
+ [Parameter()]
+ [System.String]
+ $Content,
+
  [Parameter(Mandatory = $true)]
  [ValidateSet('CurrentUser', 'LocalMachine')]
  [System.String]
@@ -250,6 +275,8 @@ function Set-TargetResource
  $($script:localizedData.SettingCertificateStatusMessage -f $Thumbprint, $Location, $Store)
  ) -join '' )
 
+ Assert-ResourceProperty @PSBoundParameters
+
  if ($Ensure -ieq 'Present')
  {
  $currentState = Get-TargetResource @PSBoundParameters
@@ -262,14 +289,6 @@ function Set-TargetResource
  $($script:localizedData.ImportingCertficateMessage -f $Path, $Location, $Store)
  ) -join '' )
 
- # Check that the certificate file exists before trying to import
- if (-not (Test-Path -Path $Path))
- {
- New-InvalidArgumentException `
- -Message ($script:localizedData.CertificateFileNotFoundError -f $Path) `
- -ArgumentName 'Path'
- }
-
  $getCertificateStorePathParameters = @{
  Location = $Location
  Store = $Store
@@ -278,15 +297,29 @@ function Set-TargetResource
 
  $importCertificateParameters = @{
  CertStoreLocation = $certificateStore
- FilePath = $Path
  Verbose = $VerbosePreference
  }
 
- <#
- Using Import-CertificateEx instead of Import-Certificate due to the following issue:
- https://github.com/dsccommunity/CertificateDsc/issues/161
- #>
- Import-CertificateEx @importCertificateParameters
+ if ($PSBoundParameters.ContainsKey('Content'))
+ {
+ Import-CertificateEx @importCertificateParameters -Base64Content $Content
+ }
+ else
+ {
+ # Check that the certificate file exists before trying to import
+ if (-not (Test-Path -Path $Path))
+ {
+ New-InvalidArgumentException `
+ -Message ($script:localizedData.CertificateFileNotFoundError -f $Path) `
+ -ArgumentName 'Path'
+ }
+
+ <#
+ Using Import-CertificateEx instead of Import-Certificate due to the following issue:
+ https://github.com/dsccommunity/CertificateDsc/issues/161
+ #>
+ Import-CertificateEx @importCertificateParameters -FilePath $Path
+ }
  }
 
  if ($PSBoundParameters.ContainsKey('FriendlyName') `
@@ -319,6 +352,46 @@ function Set-TargetResource
  -Location $Location `
  -Store $Store
  }
-} # end function Test-TargetResource
+} # end function Set-TargetResource
+
+function Assert-ResourceProperty
+{
+ [CmdletBinding()]
+ param
+ (
+ [Parameter()]
+ [System.String]
+ $Path,
+
+ [Parameter()]
+ [System.String]
+ $Content,
+
+ [Parameter()]
+ [ValidateSet('Present', 'Absent')]
+ [System.String]
+ $Ensure = 'Present',
+
+ [Parameter(ValueFromRemainingArguments)]
+ $RemainingParameters
+ )
+
+ if ($Ensure -ieq 'Present')
+ {
+ if ([System.String]::IsNullOrWhiteSpace($Content) -band [System.String]::IsNullOrWhiteSpace($Path))
+ {
+ New-InvalidArgumentException `
+ -Message ($script:localizedData.ContentAndPathParametersAreNull) `
+ -ArgumentName 'Path|Content'
+ }
+
+ if ($PSBoundParameters.ContainsKey('Content') -and $PSBoundParameters.ContainsKey('Path'))
+ {
+ New-InvalidArgumentException `
+ -Message ($script:localizedData.ContentAndPathParametersAreSet) `
+ -ArgumentName 'Path|Content'
+ }
+ }
+}
 
 Export-ModuleMember -Function *-TargetResource
diff --git a/source/DSCResources/DSC_CertificateImport/DSC_CertificateImport.schema.mof b/source/DSCResources/DSC_CertificateImport/DSC_CertificateImport.schema.mof
@@ -2,7 +2,8 @@
 class DSC_CertificateImport : OMI_BaseResource
 {
  [Key,Description("The thumbprint (unique identifier) of the certificate you're importing.")] string Thumbprint;
- [Required,Description("The path to the CER file you want to import.")] string Path;
+ [Write,Description("The path to the CER file you want to import.")] string Path;
+ [Write,Description("The base64 encoded content of the CER file you want to import.")] string Content;
  [Key,Description("The Windows Certificate Store Location to import the certificate to."),ValueMap{"LocalMachine", "CurrentUser"},Values{"LocalMachine", "CurrentUser"}] string Location;
  [Key,Description("The Windows Certificate Store Name to import the certificate to.")] string Store;
  [Write,Description("Specifies whether the certificate should be present or absent."),ValueMap{"Present", "Absent"},Values{"Present", "Absent"}] string Ensure;

diff --git a/source/DSCResources/DSC_CertificateImport/en-US/DSC_CertificateImport.strings.psd1 b/source/DSCResources/DSC_CertificateImport/en-US/DSC_CertificateImport.strings.psd1
@@ -7,4 +7,6 @@ ConvertFrom-StringData @'
  CertificateFileNotFoundError = Certificate Pfx file '{0}' not found. (CI0006)
  SettingCertficateFriendlyNameMessage = Setting Certificate '{0}' from '{1}' store '{2}' friendly name to '{3}'. (CI0007)
  CertificateFriendlyNameMismatchMessage = The Fiendly Name of Certificate '{0}' from '{1}' store '{2}' is set to '{3}', but should be '{4}'. (CI0008)
+ ContentAndPathParametersAreNull = A non-null or non-empty value must be supplied for the Path or Content parameter. (CI0009)
+ ContentAndPathParametersAreSet = The use of both Path and Content parameters is not supported. (CI0010)
 '@