41 lines
1.9 KiB
PowerShell
41 lines
1.9 KiB
PowerShell
|
function Repair-SDKAlkamiDeveloperCertificatePermissions {
|
||
|
[CmdletBinding()]
|
||
|
param(
|
||
|
[Parameter(Mandatory = $true)]
|
||
|
[ValidateNotNullOrEmpty()]
|
||
|
[string[]]$PermittedIdentities
|
||
|
)
|
||
|
|
||
|
$logLead = Get-LogLeadName
|
||
|
|
||
|
$certs = Get-ChildItem Cert:\LocalMachine\my\ | Where-Object { $_.FriendlyName -match 'Alkami' }
|
||
|
$certGroups = $certs | Group-Object -Property FriendlyName
|
||
|
$shouldExit = $false
|
||
|
|
||
|
foreach ($group in $certGroups) {
|
||
|
if ($group.Count -gt 1) {
|
||
|
Write-Warning "$logLead : You have too many certificates locally with the friendly name [$($group.Name)]"
|
||
|
$shouldExit = $true
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if ($shouldExit) {
|
||
|
return
|
||
|
}
|
||
|
|
||
|
$expectedCerts = @()
|
||
|
$expectedCerts += Find-CertificateByName -CommonName "*.dev.alkamitech.com" -StoreLocation LocalMachine -StoreName My
|
||
|
$expectedCerts += Find-CertificateByName -CommonName "Alkami Issued Token" -StoreLocation LocalMachine -StoreName My
|
||
|
$expectedCerts += Find-CertificateByName -CommonName "Alkami RPSTS" -StoreLocation LocalMachine -StoreName My
|
||
|
$expectedCerts += Find-CertificateByName -CommonName "Alkami Mutual Client" -StoreLocation LocalMachine -StoreName My
|
||
|
$expectedCerts += Find-CertificateByName -CommonName (Get-FullyQualifiedServerName) -StoreLocation LocalMachine -StoreName My
|
||
|
$expectedCerts += Find-CertificateByName -CommonName "Alkami Mutual Service" -StoreLocation LocalMachine -StoreName My
|
||
|
|
||
|
foreach ($cert in $expectedCerts) {
|
||
|
Write-Host "Updating [$($cert.FriendlyName)] for [$($PermittedIdentities)]"
|
||
|
foreach ($identity in $PermittedIdentities) {
|
||
|
Set-AclOnCert -Thumbprint $cert.Thumbprint -Identity $identity -FileSystemRights "FullControl" -Type "Allow" -StoreName "My"
|
||
|
Set-AclOnCert -Thumbprint $cert.Thumbprint -Identity $identity -FileSystemRights "FullControl" -Type "Allow" -StoreName "TrustedPeople" -ErrorAction SilentlyContinue
|
||
|
}
|
||
|
}
|
||
|
}
|