From 6625b771a459ad5863d38c2f5dc8b9a1e455cd90 Mon Sep 17 00:00:00 2001 From: Johan Allansson Date: Tue, 2 Jun 2015 14:57:01 +0200 Subject: [PATCH] Specify the type of certificate to import Certificates can be exported in Windows using 4 different formats: PKCS12, PKCS7, DER encoded X509 and Base64 encoded X509. The Import-PfxCertificate only supports PKCS12/PFX, for all other types it is necessary to use the Import-Certificate method instead. I added an additional parameter to the CertificateStore specifying the format of the certificate, allowing the user to choose from PKCS12 (default), PKCS7 and X509 (both DER and Base64), and implemented a check to determine which method to use while importing. --- .../StackExchange_CertificateStore.psm1 | 28 ++++++++++++++++--- .../StackExchange_CertificateStore.schema.mof | 1 + 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/DSCResources/StackExchange_CertificateStore/StackExchange_CertificateStore.psm1 b/DSCResources/StackExchange_CertificateStore/StackExchange_CertificateStore.psm1 index 4f063fd..639b10b 100644 --- a/DSCResources/StackExchange_CertificateStore/StackExchange_CertificateStore.psm1 +++ b/DSCResources/StackExchange_CertificateStore/StackExchange_CertificateStore.psm1 @@ -22,7 +22,11 @@ function Get-TargetResource [parameter()] [ValidateSet('Present','Absent')] [string] - $Ensure = 'Present' + $Ensure = 'Present', + [parameter()] + [ValidateSet('PKCS12','PKCS7','X509')] + [string] + $Format = 'PKCS12' ) #Needs to return a hashtable that returns the current @@ -70,7 +74,11 @@ function Set-TargetResource [parameter()] [ValidateSet('Present','Absent')] [string] - $Ensure = 'Present' + $Ensure = 'Present', + [parameter()] + [ValidateSet('PKCS12','PKCS7','X509')] + [string] + $Format = 'PKCS12' ) $CertificateBaseLocation = "cert:\$Location\$Store" @@ -78,7 +86,15 @@ function Set-TargetResource if ($Ensure -like 'Present') { Write-Verbose "Adding $path to $CertificateBaseLocation." - Import-PfxCertificate -CertStoreLocation $CertificateBaseLocation -FilePath $Path + + if ($Format -eq 'PKCS12') + { + Import-PfxCertificate -CertStoreLocation $CertificateBaseLocation -FilePath $Path + } + else + { + Import-Certificate -CertStoreLocation $CertificateBaseLocation -FilePath $Path + } } else { @@ -110,7 +126,11 @@ function Test-TargetResource [parameter()] [ValidateSet('Present','Absent')] [string] - $Ensure = 'Present' + $Ensure = 'Present', + [parameter()] + [ValidateSet('PKCS12','PKCS7','X509')] + [string] + $Format = 'PKCS12' ) $IsValid = $false diff --git a/DSCResources/StackExchange_CertificateStore/StackExchange_CertificateStore.schema.mof b/DSCResources/StackExchange_CertificateStore/StackExchange_CertificateStore.schema.mof index b08023e..faaf8c2 100644 --- a/DSCResources/StackExchange_CertificateStore/StackExchange_CertificateStore.schema.mof +++ b/DSCResources/StackExchange_CertificateStore/StackExchange_CertificateStore.schema.mof @@ -6,6 +6,7 @@ class StackExchange_CertificateStore : OMI_BaseResource [write,ValueMap{"LocalMachine", "CurrentUser"},Values{"LocalMachine", "CurrentUser"}] string Location; [write] string Store; [write,ValueMap{"Present", "Absent"},Values{"Present", "Absent"}] string Ensure; +[write,ValueMap{"PKCS12", "PKCS7", "X509"},Values{"PKCS12", "PKCS7", "X509"}] string Format; };