Merge pull request #188 from PKISolutions/PSPKI-vNext

merge PSPKI vNext
PKISolutions · Jun 9, 2023 · 34ccea8 · 34ccea8
2 parents 4522ee4 + d105381
commit 34ccea8
Show file tree

Hide file tree

Showing 127 changed files with 1,726 additions and 26,876 deletions.
diff --git a/PSPKI/Client/Add-AdCertificateRevocationList.ps1 b/PSPKI/Client/Add-AdCertificateRevocationList.ps1
@@ -9,7 +9,7 @@ function Add-AdCertificateRevocationList {
         [SysadminsLV.PKI.Management.ActiveDirectory.DsCDPContainer]$CdpContainer,
         [Parameter(Mandatory = $true)]
         [Alias('CRL')]
-        [Security.Cryptography.X509Certificates.X509CRL2]$CertificateRevocationList,
+        [SysadminsLV.PKI.Cryptography.X509Certificates.X509CRL2]$CertificateRevocationList,
         [string]$HostName,        
         [switch]$Dispose
     )

diff --git a/PSPKI/Client/Convert-PemToPfx.ps1 b/PSPKI/Client/Convert-PemToPfx.ps1
@@ -9,7 +9,7 @@
         [string]$InputPath,
         [string]$KeyPath,
         [string]$OutputPath,
-        [Security.Cryptography.X509Certificates.X509KeySpecFlags]$KeySpec = "AT_KEYEXCHANGE",
+        [SysadminsLV.PKI.Cryptography.X509Certificates.X509KeySpecFlags]$KeySpec = "AT_KEYEXCHANGE",
         [Security.SecureString]$Password,
         [string]$ProviderName = "Microsoft Enhanced RSA and AES Cryptographic Provider",
         [Security.Cryptography.X509Certificates.StoreLocation]$StoreLocation = "CurrentUser",

diff --git a/PSPKI/Client/Convert-PfxToPem.ps1 b/PSPKI/Client/Convert-PfxToPem.ps1
@@ -15,7 +15,7 @@
         [Parameter(Position = 3)]
         [ValidateSet("Pkcs1","Pkcs8")]
         [string]$OutputType = "Pkcs8",
-		[switch]$IncludeChain
+        [switch]$IncludeChain
     )
 $signature = @"
 [DllImport("crypt32.dll", CharSet=CharSet.Auto, SetLastError=true)]
@@ -97,18 +97,18 @@ public struct PUBKEYBLOBHEADERS {
             }
             # just check whether input file is valid PKCS#12/PFX file.
             if ([PKI.PfxTools]::PFXIsPFXBlob($pfx)) {
-				$certs = New-Object Security.Cryptography.X509Certificates.X509Certificate2Collection
-				try {
-					$certs.Import(
-						$bytes,
-						[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password)),
-						"Exportable"
-					)
-					$Certificate = ($certs | Where-Object {$_.HasPrivateKey})[0]
-				} catch {
-					throw $_
-					return
-				} finally {
+                $certs = New-Object Security.Cryptography.X509Certificates.X509Certificate2Collection
+                try {
+                    $certs.Import(
+                        $bytes,
+                        [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password)),
+                        "Exportable"
+                    )
+                    $Certificate = ($certs | Where-Object {$_.HasPrivateKey})[0]
+                } catch {
+                    throw $_
+                    return
+                } finally {
                     [Runtime.InteropServices.Marshal]::FreeHGlobal($ptr)
                     Remove-Variable bytes, ptr, pfx -Force
                 }
@@ -127,9 +127,9 @@ public struct PUBKEYBLOBHEADERS {
 #endregion
 
 #region constants
-	$CRYPT_ACQUIRE_SILENT_FLAG = 0x40
-	$PRIVATEKEYBLOB = 0x7
-	$CRYPT_OAEP = 0x40
+    $CRYPT_ACQUIRE_SILENT_FLAG = 0x40
+    $PRIVATEKEYBLOB            = 0x7
+    $CRYPT_OAEP                = 0x40
 #endregion
 
 #region private key export routine
@@ -138,25 +138,25 @@ public struct PUBKEYBLOBHEADERS {
     $pfCallerFreeProv = $false
     # attempt to acquire private key container
     if (![PKI.PfxTools]::CryptAcquireCertificatePrivateKey($Certificate.Handle,$CRYPT_ACQUIRE_SILENT_FLAG,0,[ref]$phCryptProv,[ref]$pdwKeySpec,[ref]$pfCallerFreeProv)) {
-		throw New-Object ComponentModel.Win32Exception ([Runtime.InteropServices.Marshal]::GetLastWin32Error())
-		return
-	}
-	$phUserKey = [IntPtr]::Zero
-	# attempt to acquire private key handle
-	if (![PKI.PfxTools]::CryptGetUserKey($phCryptProv,$pdwKeySpec,[ref]$phUserKey)) {
-		throw New-Object ComponentModel.Win32Exception ([Runtime.InteropServices.Marshal]::GetLastWin32Error())
-		return
-	}
-	$pdwDataLen = 0
-	# attempt to export private key. This method fails if certificate has non-exportable private key.
-	if (![PKI.PfxTools]::CryptExportKey($phUserKey,0,$PRIVATEKEYBLOB,$CRYPT_OAEP,$null,[ref]$pdwDataLen)) {
-		throw New-Object ComponentModel.Win32Exception ([Runtime.InteropServices.Marshal]::GetLastWin32Error())
-		return
-	}
-	$pbytes = New-Object byte[] -ArgumentList $pdwDataLen
-	[void][PKI.PfxTools]::CryptExportKey($phUserKey,0,$PRIVATEKEYBLOB,$CRYPT_OAEP,$pbytes,[ref]$pdwDataLen)
-	# release private key handle
-	[void][PKI.PfxTools]::CryptDestroyKey($phUserKey)
+        throw New-Object ComponentModel.Win32Exception ([Runtime.InteropServices.Marshal]::GetLastWin32Error())
+        return
+    }
+    $phUserKey = [IntPtr]::Zero
+    # attempt to acquire private key handle
+    if (![PKI.PfxTools]::CryptGetUserKey($phCryptProv,$pdwKeySpec,[ref]$phUserKey)) {
+        throw New-Object ComponentModel.Win32Exception ([Runtime.InteropServices.Marshal]::GetLastWin32Error())
+        return
+    }
+    $pdwDataLen = 0
+    # attempt to export private key. This method fails if certificate has non-exportable private key.
+    if (![PKI.PfxTools]::CryptExportKey($phUserKey,0,$PRIVATEKEYBLOB,$CRYPT_OAEP,$null,[ref]$pdwDataLen)) {
+        throw New-Object ComponentModel.Win32Exception ([Runtime.InteropServices.Marshal]::GetLastWin32Error())
+        return
+    }
+    $pbytes = New-Object byte[] -ArgumentList $pdwDataLen
+    [void][PKI.PfxTools]::CryptExportKey($phUserKey,0,$PRIVATEKEYBLOB,$CRYPT_OAEP,$pbytes,[ref]$pdwDataLen)
+    # release private key handle
+    [void][PKI.PfxTools]::CryptDestroyKey($phUserKey)
 #endregion
 
 #region private key blob splitter
@@ -203,39 +203,39 @@ public struct PUBKEYBLOBHEADERS {
     $asnblob = [SysadminsLV.Asn1Parser.Asn1Utils]::Encode($asnblob, 48)
     # $out variable just holds output file. The file will contain private key and public certificate
     # each will be enclosed with header and footer.
-	$out = New-Object Text.StringBuilder
+    $out = New-Object Text.StringBuilder
     if ($OutputType -eq "Pkcs8") {
         $asnblob = [SysadminsLV.Asn1Parser.Asn1Utils]::Encode($asnblob, 4)
         $algid = [Security.Cryptography.CryptoConfig]::EncodeOID("1.2.840.113549.1.1.1") + 5,0
         $algid = [SysadminsLV.Asn1Parser.Asn1Utils]::Encode($algid, 48)
         $asnblob = 2,1,0 + $algid + $asnblob
         $asnblob = [SysadminsLV.Asn1Parser.Asn1Utils]::Encode($asnblob, 48)
-		$base64 = [SysadminsLV.Asn1Parser.AsnFormatter]::BinaryToString($asnblob,"Base64").Trim()
-		[void]$out.AppendFormat("{0}{1}", "-----BEGIN PRIVATE KEY-----", [Environment]::NewLine)
-		[void]$out.AppendFormat("{0}{1}", $base64, [Environment]::NewLine)
-		[void]$out.AppendFormat("{0}{1}", "-----END PRIVATE KEY-----", [Environment]::NewLine)
+        $base64 = [SysadminsLV.Asn1Parser.AsnFormatter]::BinaryToString($asnblob,"Base64").Trim()
+        [void]$out.AppendFormat("{0}{1}", "-----BEGIN PRIVATE KEY-----", [Environment]::NewLine)
+        [void]$out.AppendFormat("{0}{1}", $base64, [Environment]::NewLine)
+        [void]$out.AppendFormat("{0}{1}", "-----END PRIVATE KEY-----", [Environment]::NewLine)
     } else {
         # PKCS#1 requires RSA identifier in the header.
         # PKCS#1 is an inner structure of PKCS#8 message, therefore no additional encodings are required.
-		$base64 = [SysadminsLV.Asn1Parser.AsnFormatter]::BinaryToString($asnblob,"Base64").Trim()
-		[void]$out.AppendFormat("{0}{1}", "-----BEGIN RSA PRIVATE KEY-----", [Environment]::NewLine)
-		[void]$out.AppendFormat("{0}{1}", $base64, [Environment]::NewLine)
-		[void]$out.AppendFormat("{0}{1}", "-----END RSA PRIVATE KEY-----", [Environment]::NewLine)
+        $base64 = [SysadminsLV.Asn1Parser.AsnFormatter]::BinaryToString($asnblob,"Base64").Trim()
+        [void]$out.AppendFormat("{0}{1}", "-----BEGIN RSA PRIVATE KEY-----", [Environment]::NewLine)
+        [void]$out.AppendFormat("{0}{1}", $base64, [Environment]::NewLine)
+        [void]$out.AppendFormat("{0}{1}", "-----END RSA PRIVATE KEY-----", [Environment]::NewLine)
     }
     $base64 = [SysadminsLV.Asn1Parser.AsnFormatter]::BinaryToString($Certificate.RawData,"Base64Header")
-	$out.Append($base64)
-	if ($IncludeChain) {
-		$chain = New-Object Security.Cryptography.X509Certificates.X509Chain
-		$chain.ChainPolicy.RevocationMode = "NoCheck"
-		if ($certs) {
-			$chain.ChainPolicy.ExtraStore.AddRange($certs)
-		}
-		[void]$chain.Build($Certificate)
-		for ($n = 1; $n -lt $chain.ChainElements.Count; $n++) {
-			$base64 = [SysadminsLV.Asn1Parser.AsnFormatter]::BinaryToString($chain.ChainElements[$n].Certificate.RawData,"Base64Header")
-			$out.Append($base64)
-		}
-	}
+    $out.Append($base64)
+    if ($IncludeChain) {
+        $chain = New-Object Security.Cryptography.X509Certificates.X509Chain
+        $chain.ChainPolicy.RevocationMode = "NoCheck"
+        if ($certs) {
+            $chain.ChainPolicy.ExtraStore.AddRange($certs)
+        }
+        [void]$chain.Build($Certificate)
+        for ($n = 1; $n -lt $chain.ChainElements.Count; $n++) {
+            $base64 = [SysadminsLV.Asn1Parser.AsnFormatter]::BinaryToString($chain.ChainElements[$n].Certificate.RawData,"Base64Header")
+            $out.Append($base64)
+        }
+    }
     [IO.File]::WriteAllLines($OutputFile,$out.ToString())
 #endregion
 }
diff --git a/PSPKI/Client/Get-CertificateContextProperty.ps1 b/PSPKI/Client/Get-CertificateContextProperty.ps1
@@ -2,32 +2,32 @@ function Get-CertificateContextProperty {
 <#
 .ExternalHelp PSPKI.Help.xml
 #>
-[OutputType('System.Security.Cryptography.X509Certificates.X509CertificateContextProperty')]
-[OutputType('System.Security.Cryptography.X509Certificates.X509CertificateContextPropertyCollection')]
-[OutputType('System.Security.Cryptography.X509Certificates.X509CertificatePropertyType[]')]
+[OutputType('SysadminsLV.PKI.Cryptography.X509Certificates.X509CertificateContextProperty')]
+[OutputType('SysadminsLV.PKI.Cryptography.X509Certificates.X509CertificateContextPropertyCollection')]
+[OutputType('SysadminsLV.PKI.Cryptography.X509Certificates.X509CertificatePropertyType[]')]
 [CmdletBinding(DefaultParameterSetName = '__name')]
-	param(
-		[Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)]
-		[Security.Cryptography.X509Certificates.X509Certificate2]$Certificate,
-		[Parameter(ParameterSetName = '__name')]
-		[Security.Cryptography.X509Certificates.X509CertificatePropertyType]$PropertyName = "None",
-		[Parameter(ParameterSetName = '__list')]
-		[switch]$NameList
-	)
-	process {
-		foreach ($cert in $Certificate) {
-			switch ($PSCmdlet.ParameterSetName) {
-				"__name" {
-					if ($PropertyName -eq "None") {
-						[SysadminsLV.PKI.Utils.CLRExtensions.X509Certificate2Extensions]::GetCertificateContextProperties($cert)
-					} else {
-						[SysadminsLV.PKI.Utils.CLRExtensions.X509Certificate2Extensions]::GetCertificateContextProperty($cert, $PropertyName)
-					}
-				}
-				"__list" {
-					[SysadminsLV.PKI.Utils.CLRExtensions.X509Certificate2Extensions]::GetCertificateContextPropertyList($cert)
-				}
-			}
-		}
-	}
+    param(
+        [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)]
+        [Security.Cryptography.X509Certificates.X509Certificate2]$Certificate,
+        [Parameter(ParameterSetName = '__name')]
+        [SysadminsLV.PKI.Cryptography.X509Certificates.X509CertificatePropertyType]$PropertyName = "None",
+        [Parameter(ParameterSetName = '__list')]
+        [switch]$NameList
+    )
+    process {
+        foreach ($cert in $Certificate) {
+            switch ($PSCmdlet.ParameterSetName) {
+                "__name" {
+                    if ($PropertyName -eq "None") {
+                        [SysadminsLV.PKI.Utils.CLRExtensions.X509Certificate2Extensions]::GetCertificateContextProperties($cert)
+                    } else {
+                        [SysadminsLV.PKI.Utils.CLRExtensions.X509Certificate2Extensions]::GetCertificateContextProperty($cert, $PropertyName)
+                    }
+                }
+                "__list" {
+                    [SysadminsLV.PKI.Utils.CLRExtensions.X509Certificate2Extensions]::GetCertificateContextPropertyList($cert)
+                }
+            }
+        }
+    }
 }
diff --git a/PSPKI/Client/Get-CertificateRequest.ps1 b/PSPKI/Client/Get-CertificateRequest.ps1
@@ -2,24 +2,24 @@
 <#
 .ExternalHelp PSPKI.Help.xml
 #>
-[OutputType('System.Security.Cryptography.X509CertificateRequests.X509CertificateRequest')]
+[OutputType('SysadminsLV.PKI.Cryptography.X509Certificates.X509CertificateRequest')]
 [CmdletBinding(DefaultParameterSetName='__fileName')]
-	param(
-		[Parameter(ParameterSetName = "__fileName", Mandatory = $true, Position = 0, ValueFromPipeline = $true)]
-		[string]$Path,
-		[Parameter(ParameterSetName = "__rawData", Mandatory = $true, Position = 0)]
-		[Byte[]]$RawRequest
-	)
-	
+    param(
+        [Parameter(ParameterSetName = "__fileName", Mandatory = $true, Position = 0, ValueFromPipeline = $true)]
+        [string]$Path,
+        [Parameter(ParameterSetName = "__rawData", Mandatory = $true, Position = 0)]
+        [Byte[]]$RawRequest
+    )
+    
 #region content parser
-	switch ($PsCmdlet.ParameterSetName) {
-		"__fileName" {
-			if ($(Get-Item $Path -ErrorAction Stop).PSProvider.Name -ne "FileSystem") {
-				throw {"File either does not exist or not a file object"}
-			}
-			New-Object Security.Cryptography.X509CertificateRequests.X509CertificateRequest -ArgumentList (Resolve-Path $Path).ProviderPath
-		}
-		"__rawData" {New-Object Security.Cryptography.X509CertificateRequests.X509CertificateRequest -ArgumentList @(,$RawRequest)}
-	}
+    switch ($PsCmdlet.ParameterSetName) {
+        "__fileName" {
+            if ($(Get-Item $Path -ErrorAction Stop).PSProvider.Name -ne "FileSystem") {
+                throw {"File either does not exist or not a file object"}
+            }
+            New-Object SysadminsLV.PKI.Cryptography.X509Certificates.X509CertificateRequest -ArgumentList (Resolve-Path $Path).ProviderPath
+        }
+        "__rawData" {New-Object SysadminsLV.PKI.Cryptography.X509Certificates.X509CertificateRequest -ArgumentList @(,$RawRequest)}
+    }
 #endregion
 }
diff --git a/PSPKI/Client/Get-CertificateRevocationList.ps1 b/PSPKI/Client/Get-CertificateRevocationList.ps1
@@ -2,24 +2,24 @@
 <#
 .ExternalHelp PSPKI.Help.xml
 #>
-[OutputType('System.Security.Cryptography.X509Certificates.X509CRL2')]
+[OutputType('SysadminsLV.PKI.Cryptography.X509Certificates.X509CRL2')]
 [CmdletBinding(DefaultParameterSetName='FileName')]
-	param(
-		[Parameter(ParameterSetName = "FileName", Mandatory = $true, Position = 0, ValueFromPipeline = $true)]
-		[string]$Path,
-		[Parameter(ParameterSetName = "RawData", Mandatory = $true, Position = 0)]
-		[Byte[]]$RawCRL
-	)
-	
+    param(
+        [Parameter(ParameterSetName = "FileName", Mandatory = $true, Position = 0, ValueFromPipeline = $true)]
+        [string]$Path,
+        [Parameter(ParameterSetName = "RawData", Mandatory = $true, Position = 0)]
+        [Byte[]]$RawCRL
+    )
+    
 #region content parser
-	switch ($PsCmdlet.ParameterSetName) {
-		"FileName" {
-			if ($(Get-Item $Path -ErrorAction Stop).PSProvider.Name -ne "FileSystem") {
-				throw {"File either does not exist or not a file object"}
-			}
-			New-Object Security.Cryptography.X509Certificates.X509CRL2 -ArgumentList (Resolve-Path $Path).ProviderPath
-		}
-		"RawData" {New-Object Security.Cryptography.X509Certificates.X509CRL2 -ArgumentList @(,$RawCRL)}
-	}
+    switch ($PsCmdlet.ParameterSetName) {
+        "FileName" {
+            if ($(Get-Item $Path -ErrorAction Stop).PSProvider.Name -ne "FileSystem") {
+                throw {"File either does not exist or not a file object"}
+            }
+            New-Object SysadminsLV.PKI.Cryptography.X509Certificates.X509CRL2 -ArgumentList (Resolve-Path $Path).ProviderPath
+        }
+        "RawData" {New-Object SysadminsLV.PKI.Cryptography.X509Certificates.X509CRL2 -ArgumentList @(,$RawCRL)}
+    }
 #endregion
 }
diff --git a/PSPKI/Client/Get-CertificateTrustList.ps1 b/PSPKI/Client/Get-CertificateTrustList.ps1
@@ -4,21 +4,21 @@
 #>
 [OutputType('SysadminsLV.PKI.Cryptography.X509Certificates.X509CertificateTrustList')]
 [CmdletBinding(DefaultParameterSetName='__FileName')]
-	param(
-		[Parameter(ParameterSetName = "__FileName", Mandatory = $true, Position = 0, ValueFromPipeline = $true)]
-		[string]$Path,
-		[Parameter(ParameterSetName = "__RawData", Mandatory = $true, Position = 0)]
-		[Byte[]]$RawCTL
-	)
-	process {
-		switch ($PsCmdlet.ParameterSetName) {
-			"__FileName" {
-				if ($(Get-Item $Path -ErrorAction Stop).PSProvider.Name -ne "FileSystem") {
-					throw {"File either does not exist or is not a file object"}
-				}
-				New-Object SysadminsLV.PKI.Cryptography.X509Certificates.X509CertificateTrustList -ArgumentList (Resolve-Path $Path).ProviderPath
-			}
-			"__RawData" {New-Object SysadminsLV.PKI.Cryptography.X509Certificates.X509CertificateTrustList -ArgumentList @(,$RawCTL)}
-		}
-	}
+    param(
+        [Parameter(ParameterSetName = "__FileName", Mandatory = $true, Position = 0, ValueFromPipeline = $true)]
+        [string]$Path,
+        [Parameter(ParameterSetName = "__RawData", Mandatory = $true, Position = 0)]
+        [Byte[]]$RawCTL
+    )
+    process {
+        switch ($PsCmdlet.ParameterSetName) {
+            "__FileName" {
+                if ($(Get-Item $Path -ErrorAction Stop).PSProvider.Name -ne "FileSystem") {
+                    throw {"File either does not exist or is not a file object"}
+                }
+                New-Object SysadminsLV.PKI.Cryptography.X509Certificates.X509CertificateTrustList -ArgumentList (Resolve-Path $Path).ProviderPath
+            }
+            "__RawData" {New-Object SysadminsLV.PKI.Cryptography.X509Certificates.X509CertificateTrustList -ArgumentList @(,$RawCTL)}
+        }
+    }
 }
diff --git a/PSPKI/Client/Get-EnrollmentPolicyServerClient.ps1 b/PSPKI/Client/Get-EnrollmentPolicyServerClient.ps1
@@ -4,8 +4,8 @@
 #>
 [OutputType('PKI.Enrollment.Policy.PolicyServerClient[]')]
 [CmdletBinding()]
-	param(
-		[switch]$UserContext
-	)
-	[PKI.Enrollment.Autoenrollment]::GetPolicyServers($UserContext)
+    param(
+        [switch]$UserContext
+    )
+    [PKI.Enrollment.Autoenrollment]::GetPolicyServers($UserContext)
 }
diff --git a/PSPKI/Client/Get-ErrorMessage.ps1 b/PSPKI/Client/Get-ErrorMessage.ps1
@@ -4,9 +4,9 @@
 #>
 [OutputType('System.String')]
 [CmdletBinding()]
-	param(
-		[Parameter(Mandatory = $true)]
-		[int]$ErrorCode
-	)
-	[PKI.Utils.Error]::GetMessage($ErrorCode)
+    param(
+        [Parameter(Mandatory = $true)]
+        [int]$ErrorCode
+    )
+    [SysadminsLV.PKI.Utils.ErrorHelper]::GetMessage($ErrorCode)
 }