Adding CertDeploy action

VMDeployment · Oct 10, 2023 · b32c22c · b32c22c
1 parent 261d546
commit b32c22c
Show file tree

Hide file tree

Showing 2 changed files with 91 additions and 0 deletions.
diff --git a/Actions/certdeploy.action.ps1 b/Actions/certdeploy.action.ps1
@@ -0,0 +1,90 @@
+$executionCode = {
+	param (
+		$Configuration
+	)
+
+	$filePath = Join-Path -Path 'VMDeploy:\Resources' -ChildPath $Configuration.FileName
+	if (-not (Test-Path -Path $filePath)) {
+		Write-PSFMessage -Level Warning -Message "Certificate file not found in the VMDeploy package! Ensure the $($Configuration.FileName) certificate is deployed as a resource!"
+		return
+	}
+	$fullFilePath = (Get-Item -Path $filePath).FullName
+	try { $certificate = [System.Security.Cryptography.X509Certificates.X509Certificate2]::CreateFromCertFile($fullFilePath) }
+	catch {
+		Write-PSFMessage -Level Warning -Message "Error opening certificate $($Configuration.FileName)" -ErrorRecord $_
+		return
+	}
+
+	try {
+		$store = [System.Security.Cryptography.X509Certificates.X509Store]::new(
+			$Configuration.Store,
+			[System.Security.Cryptography.X509Certificates.StoreLocation]::LocalMachine
+		)
+		$store.Open('ReadWrite')
+	}
+	catch {
+		Write-PSFMessage -Level Warning -Message "Error accessing certificate store $($Configuration.Store)" -ErrorRecord $_
+		return
+	}
+
+	try { $store.Add($certificate) }
+	catch {
+		Write-PSFMessage -Level Warning -Message "Error writing certificate $($Configuration.FileName) to certificate store $($Configuration.Store)" -ErrorRecord $_
+		return
+	}
+}
+
+$validationCode = {
+	param (
+		$Configuration
+	)
+
+	$filePath = Join-Path -Path 'VMDeploy:\Resources' -ChildPath $Configuration.FileName
+	if (-not (Test-Path -Path $filePath)) {
+		Write-PSFMessage -Level Warning -Message "Certificate file not found in the VMDeploy package! Ensure the $($Configuration.FileName) certificate is deployed as a resource!"
+		return $false
+	}
+	$fullFilePath = (Get-Item -Path $filePath).FullName
+	try { $certificate = [System.Security.Cryptography.X509Certificates.X509Certificate2]::CreateFromCertFile($fullFilePath) }
+	catch {
+		Write-PSFMessage -Level Warning -Message "Error opening certificate $($Configuration.FileName)" -ErrorRecord $_
+		return $false
+	}
+
+	try {
+		$store = [System.Security.Cryptography.X509Certificates.X509Store]::new(
+			$Configuration.Store,
+			[System.Security.Cryptography.X509Certificates.StoreLocation]::LocalMachine
+		)
+		$store.Open('ReadOnly')
+	}
+	catch {
+		Write-PSFMessage -Level Warning -Message "Error accessing certificate store $($Configuration.Store)" -ErrorRecord $_
+		return $false
+	}
+	$store.Certificates.ThumbPrint -contains $certificate.ThumbPrint
+}
+
+$PreDeploymentCode = {
+	param (
+		$Configuration,
+
+		$WorkingDirectory
+	)
+}
+
+$param = @{
+	Name               = 'CertDeploy'
+	ScriptBlock        = $executionCode
+	Validate           = $validationCode
+	Description        = 'Deploys a certificate to the specified certificate store'
+	PreDeploymentCode  = $PreDeploymentCode
+	ParameterMandatory = @(
+		'FileName'
+		'Store'
+	)
+	ParameterOptional = @(
+	)
+	Tag                = 'certificate', 'pki'
+}
+Register-VMGuestAction @param
diff --git a/VMDeploy.Guest/changelog.md b/VMDeploy.Guest/changelog.md
@@ -2,6 +2,7 @@
 
 ## ???
 
++ New: Action: CertDeploy - deploy a certificate (such as a root CA cert) to a selected certificate store
 + New: Action: ScriptBlock - execute a custom scriptblock
 + Upd: Action: Certificate - added CertRoles & RDP configuration
 + Upd: Action: ComputerName - disabled interactive user prompts