Merge pull request #178 from szymonos/dev

refactor(ps): vagrant self-signed certs fix

.assets/scripts/vg_cacert_fix.ps1

@@ -7,37 +7,65 @@ Fix self signed certificate error in Vagrant by installing certificates from cha
 .assets/scripts/vg_cacert_fix.ps1
 #>
 
-$ErrorActionPreference = 'Stop'
-
-# get Vagrant\embedded folder
-try {
-    $vgRoot = Split-Path (Split-Path (Get-Command 'vagrant.exe').Source)
-    $embeddedDir = Join-Path $vgRoot -ChildPath 'embedded'
-} catch [System.Management.Automation.CommandNotFoundException] {
-    $embeddedDir = 'C:\HashiCorp\Vagrant\embedded'
-    if (-not (Test-Path $embeddedDir -PathType Containe)) {
-        Write-Warning 'Vagrant path not found.'
-        break
-    }
-} catch {
-    Write-Verbose $_.Exception.GetType().FullName
-    Write-Error $_
+begin {
+    $ErrorActionPreference = 'Stop'
+
+    # set location to workspace folder
+    Push-Location "$PSScriptRoot/../.."
+
+    # import SetupUtils for the Set-WslConf function
+    Import-Module (Convert-Path './modules/SetupUtils') -Force
 }
 
-# intercept certificates from chain
-$chain = .assets/tools/cert_chain_pem.ps1 -Uri 'gems.hashicorp.com'
-
-# build cacert.pem with all intercepted certificates
-$builder = [System.Text.StringBuilder]::new()
-foreach ($cert in $chain) {
-    $builder.AppendLine("# Issuer: $($cert.Issuer)") | Out-Null
-    $builder.AppendLine("# Subject: $($cert.Subject)") | Out-Null
-    $builder.AppendLine("# Label: $($cert.Label)") | Out-Null
-    $builder.AppendLine("# Serial: $($cert.SerialNumber)") | Out-Null
-    $builder.AppendLine("# SHA1 Fingerprint: $($cert.Thumbprint)") | Out-Null
-    $builder.AppendLine($cert.PEM) | Out-Null
+process {
+    # determine the Vagrant\embedded folder
+    try {
+        $vgRoot = Split-Path (Split-Path (Get-Command 'vagrant.exe').Source)
+        $embeddedDir = Join-Path $vgRoot -ChildPath 'embedded'
+    } catch [System.Management.Automation.CommandNotFoundException] {
+        $embeddedDir = 'C:\HashiCorp\Vagrant\embedded'
+        if (-not (Test-Path $embeddedDir -PathType Container)) {
+            Write-Warning 'Vagrant path not found.'
+            break
+        }
+    } catch {
+        Write-Verbose $_.Exception.GetType().FullName
+        Write-Error $_
+    }
+
+    # get existing certificates in the vagrant cacert.pem file
+    $cacertPath = [System.IO.Path]::Combine($embeddedDir, 'cacert.pem')
+    if (Test-Path $cacertPath) {
+        $cacert = ConvertFrom-PEM -Path $cacertPath
+    } else {
+        New-Item -Path $cacertPath -ItemType File -Force | Out-Null
+        $cacert = [System.Collections.Generic.List[System.Security.Cryptography.X509Certificates.X509Certificate2]]::new()
+    }
+
+    # intercept certificates from chain and filter out existing ones
+    $chain = Get-Certificate -Uri 'gems.hashicorp.com' -BuildChain | Select-Object -Skip 1 | Where-Object {
+        $_.Thumbprint -notin $cacert.Thumbprint
+    }
+
+    # build cacert.pem with all intercepted certificates
+    if ($chain) {
+        $builder = [System.Text.StringBuilder]::new()
+        foreach ($cert in $chain) {
+            $pem = $cert | ConvertTo-PEM -AddHeader
+            $builder.AppendLine($pem) | Out-Null
+        }
+        # add intercepted certificates to the cacert.pem file
+        [System.IO.File]::AppendAllText($cacertPath, $builder.ToString().Trim())
+
+        # display added certificates
+        $cnList = $chain.ForEach({ $([regex]::Match($_.Subject, '(?<=CN=)(.)+?(?=,|$)').Value) }) | Join-String -Separator ', ' -DoubleQuote
+        Write-Host "Added certificates for $cnList to $cacertPath"
+    } else {
+        Write-Host 'No new certificates to add.'
+    }
 }
 
-# save cacert.pem to the Vagrant\embedded folder
-$cacertPath = [System.IO.Path]::Combine($embeddedDir, 'cacert.pem')
-[System.IO.File]::WriteAllText($cacertPath, $builder.ToString().Trim())
+end {
+    # return to the original location
+    Pop-Location
+}

.assets/scripts/vg_certs_add.ps1

@@ -2,7 +2,8 @@
 #Requires -PSEdition Core
 <#
 .SYNOPSIS
-Script synopsis.
+Creates bash script to install certificates from chain in the vagrant box
+and adds the script invocation into the specified Vagrantfile.
 
 .PARAMETER Path
 Path to the Vagrantfile.
@@ -11,7 +12,6 @@ Path to the Vagrantfile.
 $Path = 'vagrant/hyperv/fedora/Vagrantfile'
 .assets/scripts/vg_certs_add.ps1 -p $Path
 #>
-
 [CmdletBinding()]
 [OutputType([System.Void])]
 param (
@@ -20,6 +20,14 @@ param (
     [string]$Path
 )
 
+$ErrorActionPreference = 'Stop'
+
+# set location to workspace folder
+Push-Location "$PSScriptRoot/../.."
+
+# import SetupUtils for the Set-WslConf function
+Import-Module (Convert-Path './modules/SetupUtils') -Force
+
 function Get-SshInstallScript ([string]$CertSaveStr) {
     $script = [string]::Join("`n",
         "#!/usr/bin/env bash`n",
@@ -39,7 +47,7 @@ function Get-SshInstallScript ([string]$CertSaveStr) {
         "esac`n",
         '# write certificate in CERT_PATH',
         "$CertSaveStr",
-        "# update certificates",
+        '# update certificates',
         'case $SYS_ID in',
         'arch)',
         "  trust extract-compat`n  ;;",
@@ -58,14 +66,17 @@ $scriptInstallRootCA = [IO.Path]::Combine($PWD, '.tmp', 'script_install_crt_chai
 $Path = Resolve-Path $Path
 $content = [IO.File]::ReadAllLines($Path)
 
+# intercept certificates from chain and filter out existing ones
+$chain = Get-Certificate -Uri 'gems.hashicorp.com' -BuildChain | Select-Object -Skip 1
+
 # create installation script
 New-Item (Split-Path $scriptInstallRootCA) -ItemType Directory -ErrorAction SilentlyContinue | Out-Null
-$chain = .assets/tools/cert_chain_pem.ps1
-
+# instantiate string builder to store the certificates
 $builder = [System.Text.StringBuilder]::new()
 foreach ($cert in $chain) {
+    $pem = $cert | ConvertTo-PEM
     $builder.AppendLine("cat <<EOF >`"`$CERT_PATH/$($cert.Thumbprint).crt`"") | Out-Null
-    $builder.AppendLine($cert.PEM.Trim()) | Out-Null
+    $builder.AppendLine($pem.Trim()) | Out-Null
     $builder.AppendLine('EOF') | Out-Null
 }
 # save certificate installation file