analysis/powershell/sample.psm1

*eeb7e5b3SAdam Hornáček# MIT License
*eeb7e5b3SAdam Hornáček#
*eeb7e5b3SAdam Hornáček# Copyright (c) 2016 Raimund Andée
*eeb7e5b3SAdam Hornáček#
*eeb7e5b3SAdam Hornáček# Permission is hereby granted, free of charge, to any person obtaining a copy
*eeb7e5b3SAdam Hornáček# of this software and associated documentation files (the "Software"), to deal
*eeb7e5b3SAdam Hornáček# in the Software without restriction, including without limitation the rights
*eeb7e5b3SAdam Hornáček# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
*eeb7e5b3SAdam Hornáček# copies of the Software, and to permit persons to whom the Software is
*eeb7e5b3SAdam Hornáček# furnished to do so, subject to the following conditions:
*eeb7e5b3SAdam Hornáček#
*eeb7e5b3SAdam Hornáček# The above copyright notice and this permission notice shall be included in all
*eeb7e5b3SAdam Hornáček# copies or substantial portions of the Software.
*eeb7e5b3SAdam Hornáček#
*eeb7e5b3SAdam Hornáček# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
*eeb7e5b3SAdam Hornáček# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
*eeb7e5b3SAdam Hornáček# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
*eeb7e5b3SAdam Hornáček# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
*eeb7e5b3SAdam Hornáček# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
*eeb7e5b3SAdam Hornáček# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
*eeb7e5b3SAdam Hornáček# SOFTWARE.
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček#region Internals
*eeb7e5b3SAdam Hornáček#region .net Types
*eeb7e5b3SAdam Hornáček$certStoreTypes = @'
*eeb7e5b3SAdam Hornáček...
*eeb7e5b3SAdam Hornáček'@
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček$pkiInternalsTypes = @'
*eeb7e5b3SAdam Hornáček...
*eeb7e5b3SAdam Hornáček    /// <summary>
*eeb7e5b3SAdam Hornáček    /// 2.28 msPKI-Certificate-Name-Flag Attribute
*eeb7e5b3SAdam Hornáček    /// https://msdn.microsoft.com/en-us/library/cc226548.aspx
*eeb7e5b3SAdam Hornáček    /// </summary>
*eeb7e5b3SAdam Hornáček...
*eeb7e5b3SAdam Hornáček'@
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček$gpoType = @'
*eeb7e5b3SAdam Hornáček...
*eeb7e5b3SAdam Hornáček'@
*eeb7e5b3SAdam Hornáček#endregion .net Types
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček$ApplicationPolicies = @{
*eeb7e5b3SAdam Hornáček    # Remote Desktop
*eeb7e5b3SAdam Hornáček    'Remote Desktop' = '1.3.6.1.4.1.311.54.1.2'
*eeb7e5b3SAdam Hornáček    # Windows Update
*eeb7e5b3SAdam Hornáček    'Windows Update' = '1.3.6.1.4.1.311.76.6.1'
*eeb7e5b3SAdam Hornáček    # Windows Third Party Applicaiton Component
*eeb7e5b3SAdam Hornáček    'Windows Third Party Application Component' = '1.3.6.1.4.1.311.10.3.25'
*eeb7e5b3SAdam Hornáček    # Windows TCB Component
*eeb7e5b3SAdam Hornáček    'Windows TCB Component' = '1.3.6.1.4.1.311.10.3.23'
*eeb7e5b3SAdam Hornáček    # Windows Store
*eeb7e5b3SAdam Hornáček    'Windows Store' = '1.3.6.1.4.1.311.76.3.1'
*eeb7e5b3SAdam Hornáček    #...
*eeb7e5b3SAdam Hornáček}
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček$ExtendedKeyUsages = @{
*eeb7e5b3SAdam Hornáček    OldAuthorityKeyIdentifier = '.29.1'
*eeb7e5b3SAdam Hornáček    OldPrimaryKeyAttributes = '2.5.29.2'
*eeb7e5b3SAdam Hornáček    #...
*eeb7e5b3SAdam Hornáček    X509version3CertificateExtensionInhibitAny = '2.5.29.54'
*eeb7e5b3SAdam Hornáček}
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček#endregion Internals
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček#region Get-LabCertificate
*eeb7e5b3SAdam Hornáčekfunction Get-LabCertificate
*eeb7e5b3SAdam Hornáček{
*eeb7e5b3SAdam Hornáček    # .ExternalHelp AutomatedLab.Help.xml
*eeb7e5b3SAdam Hornáček    [cmdletBinding(DefaultParameterSetName = 'Find')]
*eeb7e5b3SAdam Hornáček    param (
*eeb7e5b3SAdam Hornáček        [Parameter(Mandatory = $true, ParameterSetName = 'Find')]
*eeb7e5b3SAdam Hornáček        [string]$SearchString,
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        [Parameter(Mandatory = $true, ParameterSetName = 'Find')]
*eeb7e5b3SAdam Hornáček        [System.Security.Cryptography.X509Certificates.X509FindType]$FindType,
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        [System.Security.Cryptography.X509Certificates.CertStoreLocation]$Location,
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        [System.Security.Cryptography.X509Certificates.StoreName]$Store,
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        [string]$ServiceName,
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        [Parameter(Mandatory = $true, ParameterSetName = 'All')]
*eeb7e5b3SAdam Hornáček        [switch]$All,
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        [Parameter(ParameterSetName = 'All')]
*eeb7e5b3SAdam Hornáček        [switch]$IncludeServices,
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        [string]$Password = 'AL',
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        [Parameter(Mandatory)]
*eeb7e5b3SAdam Hornáček        [string[]]$ComputerName
*eeb7e5b3SAdam Hornáček    )
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    Write-LogFunctionEntry
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    $variables = Get-Variable -Name PSBoundParameters
*eeb7e5b3SAdam Hornáček    $functions = Get-Command -Name Get-Certificate2, Sync-Parameter
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    $x = $PSBoundParameters
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    foreach ($computer in $ComputerName)
*eeb7e5b3SAdam Hornáček    {
*eeb7e5b3SAdam Hornáček        Invoke-LabCommand -ActivityName 'Adding Cert Store Types' -ComputerName $ComputerName -ScriptBlock {
*eeb7e5b3SAdam Hornáček            Add-Type -TypeDefinition $args[0]
*eeb7e5b3SAdam Hornáček        } -ArgumentList $certStoreTypes -NoDisplay
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        Invoke-LabCommand -ActivityName 'Exporting certificates' -ComputerName $ComputerName -ScriptBlock {
*eeb7e5b3SAdam Hornáček			$variables['Password']  = $variables['Password'] | ConvertTo-SecureString -AsPlainText -Force
*eeb7e5b3SAdam Hornáček            Sync-Parameter -Command (Get-Command -Name Get-Certificate2)
*eeb7e5b3SAdam Hornáček            Get-Certificate2 @ALBoundParameters
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        } -Variable $variables -Function $functions -PassThru
*eeb7e5b3SAdam Hornáček    }
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    Write-LogFunctionExit
*eeb7e5b3SAdam Hornáček}
*eeb7e5b3SAdam Hornáček#endregion Get-LabCertificate
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček#region Add-LabCertificate
*eeb7e5b3SAdam Hornáčekfunction Add-LabCertificate
*eeb7e5b3SAdam Hornáček{
*eeb7e5b3SAdam Hornáček    # .ExternalHelp AutomatedLab.Help.xml
*eeb7e5b3SAdam Hornáček    [cmdletBinding(DefaultParameterSetName = 'ByteArray')]
*eeb7e5b3SAdam Hornáček    param(
*eeb7e5b3SAdam Hornáček        [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, ParameterSetName = 'File')]
*eeb7e5b3SAdam Hornáček        [string]$Path,
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, ParameterSetName = 'ByteArray')]
*eeb7e5b3SAdam Hornáček        [byte[]]$Cert,
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true)]
*eeb7e5b3SAdam Hornáček        [System.Security.Cryptography.X509Certificates.StoreName]$Store,
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true)]
*eeb7e5b3SAdam Hornáček        [System.Security.Cryptography.X509Certificates.CertStoreLocation]$Location,
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        [Parameter(ValueFromPipelineByPropertyName = $true)]
*eeb7e5b3SAdam Hornáček        [string]$ServiceName,
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        [Parameter(ValueFromPipelineByPropertyName = $true)]
*eeb7e5b3SAdam Hornáček        [ValidateSet('CER', 'PFX')]
*eeb7e5b3SAdam Hornáček        [string]$CertificateType = 'CER',
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        [string]$Password = 'AL',
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        [Parameter(Mandatory, ValueFromPipelineByPropertyName = $true)]
*eeb7e5b3SAdam Hornáček        [string[]]$ComputerName
*eeb7e5b3SAdam Hornáček    )
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    begin
*eeb7e5b3SAdam Hornáček    {
*eeb7e5b3SAdam Hornáček        Write-LogFunctionEntry
*eeb7e5b3SAdam Hornáček    }
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    process
*eeb7e5b3SAdam Hornáček    {
*eeb7e5b3SAdam Hornáček        $variables = Get-Variable -Name PSBoundParameters
*eeb7e5b3SAdam Hornáček        $functions = Get-Command -Name Add-Certificate2, Sync-Parameter
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        Invoke-LabCommand -ActivityName 'Adding Cert Store Types' -ComputerName $ComputerName -ScriptBlock {
*eeb7e5b3SAdam Hornáček            Add-Type -TypeDefinition $args[0]
*eeb7e5b3SAdam Hornáček        } -ArgumentList $certStoreTypes -NoDisplay
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        Invoke-LabCommand -ActivityName 'Storing certificate bytes on target machine' -ComputerName $ComputerName -ScriptBlock {
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček            $tempFile = [System.IO.Path]::GetTempFileName()
*eeb7e5b3SAdam Hornáček            [System.IO.File]::WriteAllBytes($tempFile, $args[0])
*eeb7e5b3SAdam Hornáček            Write-Verbose "Cert is written to '$tempFile'"
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        } -ArgumentList (,$Cert) -Variable $variables
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        Invoke-LabCommand -ActivityName 'Importing Cert file' -ComputerName $ComputerName -ScriptBlock {
*eeb7e5b3SAdam Hornáček			$variables['Password']  = $variables['Password'] | ConvertTo-SecureString -AsPlainText -Force
*eeb7e5b3SAdam Hornáček            Sync-Parameter -Command (Get-Command -Name Add-Certificate2)
*eeb7e5b3SAdam Hornáček            $ALBoundParameters.Add('Path', $tempFile)
*eeb7e5b3SAdam Hornáček            $ALBoundParameters.Remove('Cert')
*eeb7e5b3SAdam Hornáček            Add-Certificate2 @ALBoundParameters | Out-Null
*eeb7e5b3SAdam Hornáček            Remove-Item -Path $tempFile
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        } -Variable $variables -Function $functions -PassThru
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    }
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    end
*eeb7e5b3SAdam Hornáček    {
*eeb7e5b3SAdam Hornáček        Write-LogFunctionExit
*eeb7e5b3SAdam Hornáček    }
*eeb7e5b3SAdam Hornáček}
*eeb7e5b3SAdam Hornáček#endregion Add-LabCertificate
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček# ...
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček#region Install-LabCAMachine
*eeb7e5b3SAdam Hornáčekfunction Install-LabCAMachine
*eeb7e5b3SAdam Hornáček{
*eeb7e5b3SAdam Hornáček    # .ExternalHelp AutomatedLab.Help.xml
*eeb7e5b3SAdam Hornáček    [CmdletBinding()]
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    param (
*eeb7e5b3SAdam Hornáček        [Parameter(Mandatory)]
*eeb7e5b3SAdam Hornáček        [AutomatedLab.Machine]$Machine,
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        [int]$PreDelaySeconds,
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        [switch]$PassThru
*eeb7e5b3SAdam Hornáček    )
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    Write-LogFunctionEntry
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    Write-Verbose -Message '****************************************************'
*eeb7e5b3SAdam Hornáček    Write-Verbose -Message "Starting installation of machine: $($machine.name)"
*eeb7e5b3SAdam Hornáček    Write-Verbose -Message '****************************************************'
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    $role = $machine.Roles | Where-Object { $_.Name -eq ([AutomatedLab.Roles]::CaRoot) -or $_.Name -eq ([AutomatedLab.Roles]::CaSubordinate) }
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    $param = [ordered]@{ }
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    #region - Locate admin username and password for machine
*eeb7e5b3SAdam Hornáček    if ($machine.IsDomainJoined)
*eeb7e5b3SAdam Hornáček    {
*eeb7e5b3SAdam Hornáček        $domain = $lab.Domains | Where-Object { $_.Name -eq $machine.DomainName }
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        $param.Add('UserName', ('{0}\{1}' -f $domain.Name, $domain.Administrator.UserName))
*eeb7e5b3SAdam Hornáček        $param.Add('Password', $domain.Administrator.Password)
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        $rootDc = Get-LabMachine -Role RootDC | Where-Object DomainName -eq $machine.DomainName
*eeb7e5b3SAdam Hornáček        if ($rootDc) #if there is a root domain controller in the same domain as the machine
*eeb7e5b3SAdam Hornáček        {
*eeb7e5b3SAdam Hornáček            $rootDomain = (Get-Lab).Domains | Where-Object Name -eq $rootDc.DomainName
*eeb7e5b3SAdam Hornáček            $rootDomainNetBIOSName = ($rootDomain.Name -split '\.')[0]
*eeb7e5b3SAdam Hornáček        }
*eeb7e5b3SAdam Hornáček        else #else the machine is in a child domain and the parent domain need to be used for the query
*eeb7e5b3SAdam Hornáček        {
*eeb7e5b3SAdam Hornáček            $rootDomain = $lab.GetParentDomain($machine.DomainName)
*eeb7e5b3SAdam Hornáček            $rootDomainNetBIOSName = ($rootDomain.Name -split '\.')[0]
*eeb7e5b3SAdam Hornáček            $rootDc = Get-LabMachine -Role RootDC | Where-Object DomainName -eq $rootDomain
*eeb7e5b3SAdam Hornáček        }
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        $param.Add('ForestAdminUserName', ('{0}\{1}' -f $rootDomainNetBIOSName, $rootDomain.Administrator.UserName))
*eeb7e5b3SAdam Hornáček        $param.Add('ForestAdminPassword', $rootDomain.Administrator.Password)
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček        Write-Debug -Message "Machine                   : $($machine.name)"
*eeb7e5b3SAdam Hornáček        Write-Debug -Message "Machine Domain            : $($machine.DomainName)"
*eeb7e5b3SAdam Hornáček        Write-Debug -Message "Username for job          : $($param.username)"
*eeb7e5b3SAdam Hornáček        Write-Debug -Message "Password for job          : $($param.Password)"
*eeb7e5b3SAdam Hornáček        Write-Debug -Message "ForestAdmin Username      : $($param.ForestAdminUserName)"
*eeb7e5b3SAdam Hornáček        Write-Debug -Message "ForestAdmin Password      : $($param.ForestAdminPassword)"
*eeb7e5b3SAdam Hornáček    }
*eeb7e5b3SAdam Hornáček    else
*eeb7e5b3SAdam Hornáček    {
*eeb7e5b3SAdam Hornáček        $param.Add('UserName', ('{0}\{1}' -f $machine.Name, $machine.InstallationUser.UserName))
*eeb7e5b3SAdam Hornáček        $param.Add('Password', $machine.InstallationUser.Password)
*eeb7e5b3SAdam Hornáček    }
*eeb7e5b3SAdam Hornáček    $param.Add('ComputerName', $Machine.Name)
*eeb7e5b3SAdam Hornáček    #endregion
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    #region - Determine DNS name for machine. This is used when installing Enterprise CAs
*eeb7e5b3SAdam Hornáček    $caDNSName = $Machine.Name
*eeb7e5b3SAdam Hornáček    if ($Machine.DomainName) { $caDNSName += ('.' + $Machine.DomainName) }
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    if ($Machine.DomainName)
*eeb7e5b3SAdam Hornáček    {
*eeb7e5b3SAdam Hornáček        $param.Add('DomainName', $Machine.DomainName)
*eeb7e5b3SAdam Hornáček    }
*eeb7e5b3SAdam Hornáček    else
*eeb7e5b3SAdam Hornáček    {
*eeb7e5b3SAdam Hornáček        $param.Add('DomainName', '')
*eeb7e5b3SAdam Hornáček    }
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    if ($role.Name -eq 'CaSubordinate')
*eeb7e5b3SAdam Hornáček    {
*eeb7e5b3SAdam Hornáček        if (!($role.Properties.ContainsKey('ParentCA'))) { $param.Add('ParentCA', '<auto>') }
*eeb7e5b3SAdam Hornáček        else { $param.Add('ParentCA', $role.Properties.ParentCA) }
*eeb7e5b3SAdam Hornáček        if (!($role.Properties.ContainsKey('ParentCALogicalName'))) { $param.Add('ParentCALogicalName', '<auto>') }
*eeb7e5b3SAdam Hornáček        else { $param.Add('ParentCALogicalName', $role.Properties.ParentCALogicalName) }
*eeb7e5b3SAdam Hornáček    }
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    #...
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    if (!($role.Properties.ContainsKey('CPSURL'))) { $param.Add('CPSURL', 'http://' + $caDNSName + '/cps/cps.html') }
*eeb7e5b3SAdam Hornáček    else { $param.Add('CPSURL', $role.Properties.CPSURL) }
*eeb7e5b3SAdam Hornáček    if (!($role.Properties.ContainsKey('CPSText'))) { $param.Add('CPSText', 'Certification Practice Statement') }
*eeb7e5b3SAdam Hornáček    else { $param.Add('CPSText', $($role.Properties.CPSText)) }
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    if (!($role.Properties.ContainsKey('InstallOCSP'))) { $param.Add('InstallOCSP', '<auto>') }
*eeb7e5b3SAdam Hornáček    else { $param.Add('InstallOCSP', ($role.Properties.InstallOCSP -like '*Y*')) }
*eeb7e5b3SAdam Hornáček    if (!($role.Properties.ContainsKey('OCSPHTTPURL01'))) { $param.Add('OCSPHTTPURL01', '<auto>') }
*eeb7e5b3SAdam Hornáček    else { $param.Add('OCSPHTTPURL01', $role.Properties.OCSPHTTPURL01) }
*eeb7e5b3SAdam Hornáček    if (!($role.Properties.ContainsKey('OCSPHTTPURL02'))) { $param.Add('OCSPHTTPURL02', '<auto>') }
*eeb7e5b3SAdam Hornáček    else { $param.Add('OCSPHTTPURL02', $role.Properties.OCSPHTTPURL02) }
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    if (!($role.Properties.ContainsKey('DoNotLoadDefaultTemplates'))) { $param.Add('DoNotLoadDefaultTemplates', '<auto>') }
*eeb7e5b3SAdam Hornáček    else { $param.Add('DoNotLoadDefaultTemplates', $role.Properties.DoNotLoadDefaultTemplates -like '*Y*') }
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    #region - Check if any unknown parameter name was passed
*eeb7e5b3SAdam Hornáček    $knownParameters = @()
*eeb7e5b3SAdam Hornáček    $knownParameters += 'ParentCA (only valid for Subordinate CA. Ignored for Root CAs)'
*eeb7e5b3SAdam Hornáček    $knownParameters += 'ParentCALogicalName (only valid for Subordinate CAs. Ignored for Root CAs)'
*eeb7e5b3SAdam Hornáček    $knownParameters += 'CACommonName'
*eeb7e5b3SAdam Hornáček    $knownParameters += 'CAType'
*eeb7e5b3SAdam Hornáček    #...
*eeb7e5b3SAdam Hornáček    $knownParameters += 'DoNotLoadDefaultTemplates'
*eeb7e5b3SAdam Hornáček    $knownParameters += 'PreDelaySeconds'
*eeb7e5b3SAdam Hornáček    $unkownParFound = $false
*eeb7e5b3SAdam Hornáček    foreach ($keySet in $role.Properties.GetEnumerator())
*eeb7e5b3SAdam Hornáček    {
*eeb7e5b3SAdam Hornáček        if ($keySet.Key -cnotin $knownParameters)
*eeb7e5b3SAdam Hornáček        {
*eeb7e5b3SAdam Hornáček            Write-Warning -Message "Parameter name '$($keySet.Key)' is unknown/ignored)"
*eeb7e5b3SAdam Hornáček            $unkownParFound = $true
*eeb7e5b3SAdam Hornáček        }
*eeb7e5b3SAdam Hornáček    }
*eeb7e5b3SAdam Hornáček    if ($unkownParFound)
*eeb7e5b3SAdam Hornáček    {
*eeb7e5b3SAdam Hornáček        Write-Warning -Message 'Valid parameter names are:'
*eeb7e5b3SAdam Hornáček        Foreach ($name in ($knownParameters.GetEnumerator()))
*eeb7e5b3SAdam Hornáček        {
*eeb7e5b3SAdam Hornáček            Write-Warning -Message "  $($name)"
*eeb7e5b3SAdam Hornáček        }
*eeb7e5b3SAdam Hornáček        Write-Warning -Message 'NOTE that all parameter names are CASE SENSITIVE!'
*eeb7e5b3SAdam Hornáček    }
*eeb7e5b3SAdam Hornáček    #endregion - Check if any unknown parameter names was passed
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    #endregion - Parameters
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    #region - Parameters debug
*eeb7e5b3SAdam Hornáček    Write-Debug -Message '---------------------------------------------------------------------------------------'
*eeb7e5b3SAdam Hornáček    Write-Debug -Message "Parameters for $($machine.name)"
*eeb7e5b3SAdam Hornáček    Write-Debug -Message '---------------------------------------------------------------------------------------'
*eeb7e5b3SAdam Hornáček    if ($machine.Roles.Properties.GetEnumerator().Count)
*eeb7e5b3SAdam Hornáček    {
*eeb7e5b3SAdam Hornáček        foreach ($r in $machine.Roles)
*eeb7e5b3SAdam Hornáček        {
*eeb7e5b3SAdam Hornáček            if (([AutomatedLab.Roles]$r.Name -band $roles) -ne 0) #if this is a CA role
*eeb7e5b3SAdam Hornáček            {
*eeb7e5b3SAdam Hornáček                foreach ($key in ($r.Properties.GetEnumerator() | Sort-Object -Property Key))
*eeb7e5b3SAdam Hornáček                {
*eeb7e5b3SAdam Hornáček                    Write-Debug -Message "  $($key.Key.PadRight(27)) $($key.Value)"
*eeb7e5b3SAdam Hornáček                }
*eeb7e5b3SAdam Hornáček            }
*eeb7e5b3SAdam Hornáček        }
*eeb7e5b3SAdam Hornáček    }
*eeb7e5b3SAdam Hornáček    else
*eeb7e5b3SAdam Hornáček    {
*eeb7e5b3SAdam Hornáček        Write-Debug -message '  No parameters specified'
*eeb7e5b3SAdam Hornáček    }
*eeb7e5b3SAdam Hornáček    Write-Debug -Message '---------------------------------------------------------------------------------------'
*eeb7e5b3SAdam Hornáček    #endregion - Parameters debug
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    #region ----- Input validation (raw values) -----
*eeb7e5b3SAdam Hornáček    if ($role.Properties.ContainsKey('CACommonName') -and ($param.CACommonName.Length -gt 37))
*eeb7e5b3SAdam Hornáček    {
*eeb7e5b3SAdam Hornáček        Write-Error -Message "CACommonName cannot be longer than 37 characters. Specified value is: '$($param.CACommonName)'"; return
*eeb7e5b3SAdam Hornáček    }
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    if ($role.Properties.ContainsKey('CACommonName') -and ($param.CACommonName.Length -lt 1))
*eeb7e5b3SAdam Hornáček    {
*eeb7e5b3SAdam Hornáček        Write-Error -Message "CACommonName cannot be blank. Specified value is: '$($param.CACommonName)'"; return
*eeb7e5b3SAdam Hornáček    }
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    if ($role.Name -eq 'CaRoot')
*eeb7e5b3SAdam Hornáček    {
*eeb7e5b3SAdam Hornáček        if (-not ($param.CAType -in 'EnterpriseRootCA', 'StandAloneRootCA', '<auto>'))
*eeb7e5b3SAdam Hornáček        {
*eeb7e5b3SAdam Hornáček            Write-Error -Message "CAType needs to be 'EnterpriseRootCA' or 'StandAloneRootCA' when role is CaRoot. Specified value is: '$param.CAType'"; return
*eeb7e5b3SAdam Hornáček        }
*eeb7e5b3SAdam Hornáček    }
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    if ($role.Name -eq 'CaSubordinate')
*eeb7e5b3SAdam Hornáček    {
*eeb7e5b3SAdam Hornáček        if (-not ($param.CAType -in 'EnterpriseSubordinateCA', 'StandAloneSubordinateCA', '<auto>'))
*eeb7e5b3SAdam Hornáček        {
*eeb7e5b3SAdam Hornáček            Write-Error -Message "CAType needs to be 'EnterpriseSubordinateCA' or 'StandAloneSubordinateCA' when role is CaSubordinate. Specified value is: '$param.CAType'"; return
*eeb7e5b3SAdam Hornáček        }
*eeb7e5b3SAdam Hornáček    }
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    $availableCombinations = @()
*eeb7e5b3SAdam Hornáček    $availableCombinations += @{CryptoProviderName='Microsoft Base SMart Card Crypto Provider';           HashAlgorithmName='sha1','md2','md4','md5';                           KeyLength='1024','2048','4096'}
*eeb7e5b3SAdam Hornáček    #...
*eeb7e5b3SAdam Hornáček    $combination = $availableCombinations | Where-Object {$_.CryptoProviderName -eq $param.CryptoProviderName}
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    if (-not ($param.CryptoProviderName -in $combination.CryptoProviderName))
*eeb7e5b3SAdam Hornáček    {
*eeb7e5b3SAdam Hornáček        Write-Error -Message "CryptoProviderName '$($param.CryptoProviderName)' is unknown. `nList of valid options for CryptoProviderName:`n  $($availableCombinations.CryptoProviderName -join "`n  ")"; return
*eeb7e5b3SAdam Hornáček    }
*eeb7e5b3SAdam Hornáček    elseif (-not ($param.HashAlgorithmName -in $combination.HashAlgorithmName))
*eeb7e5b3SAdam Hornáček    {
*eeb7e5b3SAdam Hornáček        Write-Error -Message "HashAlgorithmName '$($param.HashAlgorithmName)' is not valid for CryptoProviderName '$($param.CryptoProviderName)'. The Crypto Provider selected supports the following Hash Algorithms:`n  $($combination.HashAlgorithmName -join "`n  ")"; return
*eeb7e5b3SAdam Hornáček    }
*eeb7e5b3SAdam Hornáček    elseif (-not ($param.KeyLength -in $combination.KeyLength))
*eeb7e5b3SAdam Hornáček    {
*eeb7e5b3SAdam Hornáček        Write-Error -Message "Keylength '$($param.KeyLength)' is not valid for CryptoProviderName '$($param.CryptoProviderName)'. The Crypto Provider selected supports the following keylengths:`n  $($combination.KeyLength -join "`n  ")"; return
*eeb7e5b3SAdam Hornáček    }
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    if ($role.Properties.ContainsKey('DatabaseDirectory') -and -not ($param.DatabaseDirectory -match '^[C-Z]:\\'))
*eeb7e5b3SAdam Hornáček    {
*eeb7e5b3SAdam Hornáček        Write-Error -Message 'DatabaseDirectory needs to be located on a local drive (drive letter C-Z)'; return
*eeb7e5b3SAdam Hornáček    }
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    #...
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček    #if any validity parameter was defined, get these now and convert them all to hours (temporary variables)
*eeb7e5b3SAdam Hornáček    if ($param.ValidityPeriodUnits -ne '<auto>')
*eeb7e5b3SAdam Hornáček    {
*eeb7e5b3SAdam Hornáček        switch ($param.ValidityPeriod)
*eeb7e5b3SAdam Hornáček        {
*eeb7e5b3SAdam Hornáček            'Years'  { $validityPeriodUnitsHours = [int]$param.ValidityPeriodUnits * 365 * 24 }
*eeb7e5b3SAdam Hornáček            'Months' { $validityPeriodUnitsHours = [int]$param.ValidityPeriodUnits * (365/12) * 24 }
*eeb7e5b3SAdam Hornáček            'Weeks'  { $validityPeriodUnitsHours = [int]$param.ValidityPeriodUnits * 7 * 24 }
*eeb7e5b3SAdam Hornáček            'Days'   { $validityPeriodUnitsHours = [int]$param.ValidityPeriodUnits * 24 }
*eeb7e5b3SAdam Hornáček            'Hours'  { $validityPeriodUnitsHours = [int]$param.ValidityPeriodUnits }
*eeb7e5b3SAdam Hornáček        }
*eeb7e5b3SAdam Hornáček    }
*eeb7e5b3SAdam Hornáček    if ($param.CertsValidityPeriodUnits -ne '<auto>')
*eeb7e5b3SAdam Hornáček    {
*eeb7e5b3SAdam Hornáček        switch ($param.CertsValidityPeriod)
*eeb7e5b3SAdam Hornáček        {
*eeb7e5b3SAdam Hornáček            'Years'  { $certsvalidityPeriodUnitsHours = [int]$param.CertsValidityPeriodUnits * 365 * 24 }
*eeb7e5b3SAdam Hornáček            'Months' { $certsvalidityPeriodUnitsHours = [int]$param.CertsValidityPeriodUnits * (365/12) * 24 }
*eeb7e5b3SAdam Hornáček            'Weeks'  { $certsvalidityPeriodUnitsHours = [int]$param.CertsValidityPeriodUnits * 7 * 24 }
*eeb7e5b3SAdam Hornáček            'Days'   { $certsvalidityPeriodUnitsHours = [int]$param.CertsValidityPeriodUnits * 24 }
*eeb7e5b3SAdam Hornáček            'Hours'  { $certsvalidityPeriodUnitsHours = [int]$param.CertsValidityPeriodUnits }
*eeb7e5b3SAdam Hornáček        }
*eeb7e5b3SAdam Hornáček    }
*eeb7e5b3SAdam Hornáček    if ($param.CRLPeriodUnits -ne '<auto>')
*eeb7e5b3SAdam Hornáček    {
*eeb7e5b3SAdam Hornáček        switch ($param.CRLPeriod)
*eeb7e5b3SAdam Hornáček        {
*eeb7e5b3SAdam Hornáček            'Years'  { $cRLPeriodUnitsHours = [int]([int]$param.CRLPeriodUnits * 365 * 24) }
*eeb7e5b3SAdam Hornáček            'Months' { $cRLPeriodUnitsHours = [int]([int]$param.CRLPeriodUnit * (365/12) * 24) }
*eeb7e5b3SAdam Hornáček            'Weeks'  { $cRLPeriodUnitsHours = [int]([int]$param.CRLPeriodUnits * 7 * 24) }
*eeb7e5b3SAdam Hornáček            'Days'   { $cRLPeriodUnitsHours = [int]([int]$param.CRLPeriodUnits * 24) }
*eeb7e5b3SAdam Hornáček            'Hours'  { $cRLPeriodUnitsHours = [int]([int]$param.CRLPeriodUnits) }
*eeb7e5b3SAdam Hornáček        }
*eeb7e5b3SAdam Hornáček    }
*eeb7e5b3SAdam Hornáček    if ($param.CRLDeltaPeriodUnits -ne '<auto>')
*eeb7e5b3SAdam Hornáček    {
*eeb7e5b3SAdam Hornáček        switch ($param.CRLDeltaPeriod)
*eeb7e5b3SAdam Hornáček        {
*eeb7e5b3SAdam Hornáček            'Years'  { $cRLDeltaPeriodUnitsHours = [int]([int]$param.CRLDeltaPeriodUnits * 365 * 24) }
*eeb7e5b3SAdam Hornáček            'Months' { $cRLDeltaPeriodUnitsHours = [int]([int]$param.CRLDeltaPeriodUnits * (365/12) * 24) }
*eeb7e5b3SAdam Hornáček            'Weeks'  { $cRLDeltaPeriodUnitsHours = [int]([int]$param.CRLDeltaPeriodUnits * 7 * 24) }
*eeb7e5b3SAdam Hornáček            'Days'   { $cRLDeltaPeriodUnitsHours = [int]([int]$param.CRLDeltaPeriodUnits * 24) }
*eeb7e5b3SAdam Hornáček            'Hours'  { $cRLDeltaPeriodUnitsHours = [int]([int]$param.CRLDeltaPeriodUnits) }
*eeb7e5b3SAdam Hornáček        }
*eeb7e5b3SAdam Hornáček    }
*eeb7e5b3SAdam Hornáček    if ($param.CRLOverlapUnits -ne '<auto>')
*eeb7e5b3SAdam Hornáček    {
*eeb7e5b3SAdam Hornáček        switch ($param.CRLOverlapPeriod)
*eeb7e5b3SAdam Hornáček        {
*eeb7e5b3SAdam Hornáček            'Years'  { $CRLOverlapUnitsHours = [int]([int]$param.CRLOverlapUnits * 365 * 24) }
*eeb7e5b3SAdam Hornáček            'Months' { $CRLOverlapUnitsHours = [int]([int]$param.CRLOverlapUnits * (365/12) * 24) }
*eeb7e5b3SAdam Hornáček            'Weeks'  { $CRLOverlapUnitsHours = [int]([int]$param.CRLOverlapUnits * 7 * 24) }
*eeb7e5b3SAdam Hornáček            'Days'   { $CRLOverlapUnitsHours = [int]([int]$param.CRLOverlapUnits * 24) }
*eeb7e5b3SAdam Hornáček            'Hours'  { $CRLOverlapUnitsHours = [int]([int]${param}.CRLOverlapUnits) }
*eeb7e5b3SAdam Hornáček        }
*eeb7e5b3SAdam Hornáček    }
*eeb7e5b3SAdam Hornáček    #...
*eeb7e5b3SAdam Hornáček}
*eeb7e5b3SAdam Hornáček#endregion Install-LabCAMachine
*eeb7e5b3SAdam Hornáček#...
*eeb7e5b3SAdam Hornáček<#http://example.com.#>
*eeb7e5b3SAdam HornáčekWrite-Debug `$`{`}
*eeb7e5b3SAdam HornáčekWrite-Debug $false.$true.$param
*eeb7e5b3SAdam Hornáček$(Write-Debug $true)
*eeb7e5b3SAdam Hornáček
*eeb7e5b3SAdam Hornáček:OuterLoop while ($true) {
*eeb7e5b3SAdam Hornáček    while ($true) { break OuterLoop }
*eeb7e5b3SAdam Hornáček}