ps/Modules/Alkami.DevOps.Certificates/Private/Set-CertPermissions.ps1

function Set-CertPermissions {
<#
.SYNOPSIS
    Assigns Certificate Permissions for a user.
#>

    [CmdletBinding()]
    Param(

        [Parameter(Mandatory=$true)]
        [string]$certThumprint,

        [Parameter(Mandatory=$true)]
        [string]$user
    )

    $logLead = Get-LogLeadName

    $certObj = Get-ChildItem "Cert:\LocalMachine\my\$certThumprint"
    $rsaCert = [System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPrivateKey($CertObj)

    if ($rsaCert.key -and $rsaCert.key.UniqueName) {
        $fileName = $rsaCert.key.UniqueName
        $directoryRsaMachineKeys = Join-Path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\" $fileName
        $directoryCryptoKeys = Join-Path "C:\ProgramData\Microsoft\Crypto\Keys\" $fileName

        if (Test-Path $directoryRsaMachineKeys) {
            $path = $directoryRsaMachineKeys
        } elseif (Test-Path $directoryCryptoKeys) {
            $path = $directoryCryptoKeys
        } else {
            Write-Error "$logLead : Did not find an associated ACL File for $certThumbprint."
        }
    } else {
        Write-Error "$logLead : Unable to determine Unique Key Name for $certThumprint"
    }

    $permissions = Get-Acl -Path $path
    $rule = New-Object Security.AccessControl.FileSystemAccessRule $user, "FullControl", Allow
    $permissions.AddAccessRule($rule)
    Set-Acl -Path $path -AclObject $permissions
}
First full commit 2023-05-30 22:51:22 -07:00			`function Set-CertPermissions {`
			`<#`
			`.SYNOPSIS`
			`Assigns Certificate Permissions for a user.`
			`#>`

			`[CmdletBinding()]`
			`Param(`

			`[Parameter(Mandatory=$true)]`
			`[string]$certThumprint,`

			`[Parameter(Mandatory=$true)]`
			`[string]$user`
			`)`

			`$logLead = Get-LogLeadName`

			`$certObj = Get-ChildItem "Cert:\LocalMachine\my\$certThumprint"`
			`$rsaCert = [System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPrivateKey($CertObj)`

			`if ($rsaCert.key -and $rsaCert.key.UniqueName) {`
			`$fileName = $rsaCert.key.UniqueName`
			`$directoryRsaMachineKeys = Join-Path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\" $fileName`
			`$directoryCryptoKeys = Join-Path "C:\ProgramData\Microsoft\Crypto\Keys\" $fileName`

			`if (Test-Path $directoryRsaMachineKeys) {`
			`$path = $directoryRsaMachineKeys`
			`} elseif (Test-Path $directoryCryptoKeys) {`
			`$path = $directoryCryptoKeys`
			`} else {`
			`Write-Error "$logLead : Did not find an associated ACL File for $certThumbprint."`
			`}`
			`} else {`
			`Write-Error "$logLead : Unable to determine Unique Key Name for $certThumprint"`
			`}`

			`$permissions = Get-Acl -Path $path`
			`$rule = New-Object Security.AccessControl.FileSystemAccessRule $user, "FullControl", Allow`
			`$permissions.AddAccessRule($rule)`
			`Set-Acl -Path $path -AclObject $permissions`
			`}`