92 lines
4.9 KiB
PowerShell
92 lines
4.9 KiB
PowerShell
|
function Save-CertificatesToDisk {
|
||
|
|
<#
|
||
|
|
.SYNOPSIS
|
||
|
|
Saves Certificates to Disk.
|
||
|
|
#>
|
||
|
|
|
||
|
|
[CmdletBinding()]
|
||
|
|
Param(
|
||
|
|
[Alkami.Ops.SecretServer.Model.Certificate]$cert,
|
||
|
|
[ref]$savedCertificates,
|
||
|
|
[string]$downloadFolder
|
||
|
|
)
|
||
|
|
|
||
|
|
$logLead = (Get-LogLeadName);
|
||
|
|
|
||
|
|
$rootCertFolder = Join-Path $downloadFolder "ROOT"
|
||
|
|
$personalCertFolder = Join-Path $downloadFolder "Personal"
|
||
|
|
$trustedPeopleFolder = Join-Path $downloadFolder "TrustedPeople"
|
||
|
|
|
||
|
|
if (!([System.IO.Directory]::Exists($rootCertFolder))) {
|
||
|
|
Write-Verbose ("$logLead : Creating root cert folder {0}" -f $rootCertFolder)
|
||
|
|
New-Item $rootCertFolder -ItemType Directory -Force | Out-Null
|
||
|
|
}
|
||
|
|
|
||
|
|
if (!([System.IO.Directory]::Exists($personalCertFolder))) {
|
||
|
|
Write-Verbose ("$logLead : Creating personal cert folder {0}" -f $personalCertFolder)
|
||
|
|
New-Item $personalCertFolder -ItemType Directory -Force | Out-Null
|
||
|
|
}
|
||
|
|
|
||
|
|
if (!([System.IO.Directory]::Exists($trustedPeopleFolder))) {
|
||
|
|
Write-Verbose ("$logLead : Creating trusted people folder {0}" -f $trustedPeopleFolder)
|
||
|
|
New-Item $trustedPeopleFolder -ItemType Directory -Force | Out-Null
|
||
|
|
}
|
||
|
|
|
||
|
|
if ($cert.Name -like "*entrust*" -or $cert.Name -like "*identityguard*") {
|
||
|
|
# Entrust must go in to Trusted People and Root
|
||
|
|
Write-Verbose ("$logLead : Downloading Entrust certificate to {0}" -f $rootCertFolder)
|
||
|
|
$savedCertificates.Value += @{FileName = ($cert.SaveFileToDisk($rootCertFolder)); Password = ""; }
|
||
|
|
Write-Verbose ("$logLead : Downloading Entrust certificate to {0}" -f $trustedPeopleFolder)
|
||
|
|
$savedCertificates.Value += @{FileName = ($cert.SaveFileToDisk($trustedPeopleFolder)); Password = ""; }
|
||
|
|
}
|
||
|
|
elseif ($cert.Name -like "*root*") {
|
||
|
|
# If the certificate name contains "root" we will assume it's a root certificate
|
||
|
|
Write-Verbose ("$logLead : Downloading Root certificate to {0}" -f $rootCertFolder)
|
||
|
|
$savedCertificates.Value += @{FileName = ($cert.SaveFileToDisk($rootCertFolder)); Password = ""; }
|
||
|
|
}
|
||
|
|
elseif ($cert.FileName -match "Alkami.+(Issued|Mutual|RPSTS)") {
|
||
|
|
# Certs for Web <-> App Communication go in TrustedPeople and Personal
|
||
|
|
Write-Verbose ("$logLead : Downloading Alkami certificate {0} to {1}" -f $cert.FileName, $trustedPeopleFolder)
|
||
|
|
$savedCertificates.Value += @{FileName = ($cert.SaveFileToDisk($trustedPeopleFolder)); Password = $cert.Password; }
|
||
|
|
Write-Verbose ("$logLead : Downloading Alkami certificate {0} to {1}" -f $cert.FileName, $personalCertFolder)
|
||
|
|
$savedCertificates.Value += @{FileName = ($cert.SaveFileToDisk($personalCertFolder)); Password = $cert.Password; }
|
||
|
|
}
|
||
|
|
elseif ($cert.FileName.EndsWith(".zip")) {
|
||
|
|
# Client Certs are saved in Secret as ZIP files
|
||
|
|
# We need to unzip to Personal
|
||
|
|
Write-Verbose ("$logLead : Downloading certificate ZIP file {0} to {1}" -f $cert.FileName, $downloadFolder)
|
||
|
|
$downloadedZIP = $cert.SaveFileToDisk($downloadFolder)
|
||
|
|
|
||
|
|
$randomFolderName = [System.IO.Path]::GetRandomFileName().Split('.') | Select-Object -First 1
|
||
|
|
$unzipFolder = Join-Path $personalCertFolder $randomFolderName
|
||
|
|
|
||
|
|
if (!([System.IO.Directory]::Exists($unzipFolder))) {
|
||
|
|
Write-Verbose ("$logLead : Creating temporary unzip folder {0}" -f $unzipFolder)
|
||
|
|
New-Item $unzipFolder -ItemType Directory -Force | Out-Null
|
||
|
|
}
|
||
|
|
|
||
|
|
Write-Verbose ("$logLead : Unzipping ZIP file contents to {0}" -f $unzipFolder)
|
||
|
|
[System.IO.Compression.ZipFile]::ExtractToDirectory($downloadedZIP, $unzipFolder)
|
||
|
|
$savedCertificates.Value += @{FileName = (Get-ChildItem $unzipFolder -Recurse -Include *.PFX | Sort-Object -Property LastWriteTimeUtc -Descending | Select-Object -First 1 -ExpandProperty FullName); Password = $cert.Password; }
|
||
|
|
}
|
||
|
|
elseif ($cert.FileName -like "*trusted*") {
|
||
|
|
# If the filename contains "trusted" we will assume it's a trusted people certificate
|
||
|
|
Write-Verbose ("$logLead : Downloading certificate {0} to {1}" -f $cert.FileName, $trustedPeopleFolder)
|
||
|
|
$savedCertificates.Value += @{FileName = ($cert.SaveFileToDisk($trustedPeopleFolder)); Password = ""; }
|
||
|
|
}
|
||
|
|
elseif ($cert.FileName.EndsWith(".cer")) {
|
||
|
|
# Any other .CER files will be saved to ROOT
|
||
|
|
Write-Verbose ("$logLead : Downloading certificate {0} to {1}" -f $cert.FileName, $rootCertFolder)
|
||
|
|
$savedCertificates.Value += @{FileName = ($cert.SaveFileToDisk($rootCertFolder)); Password = ""; }
|
||
|
|
}
|
||
|
|
elseif ($cert.FileName.EndsWith(".pfx")) {
|
||
|
|
# All .PFX files will be saved to Personal
|
||
|
|
Write-Verbose ("$logLead : Downloading certificate with private key {0} to {1}" -f $cert.FileName, $personalCertFolder)
|
||
|
|
$savedCertificates.Value += @{FileName = ($cert.SaveFileToDisk($personalCertFolder)); Password = $cert.Password; }
|
||
|
|
}
|
||
|
|
else {
|
||
|
|
Write-Output ("$logLead : Unable to determine what to do with certificate {0} with SecretID {1}" -f $cert.FileName, $cert.Id)
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|