From ced67c67182f63ed2b45c283da400dac242ee1c0 Mon Sep 17 00:00:00 2001 From: Carl Chang Date: Mon, 15 Nov 2021 14:54:57 +0800 Subject: [PATCH 1/2] skip checking for certificate thumbprint and store name when SslFlags are valid --- source/DSCResources/MSFT_xWebSite/MSFT_xWebSite.psm1 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/source/DSCResources/MSFT_xWebSite/MSFT_xWebSite.psm1 b/source/DSCResources/MSFT_xWebSite/MSFT_xWebSite.psm1 index ea3e5b285..ebb228a0c 100644 --- a/source/DSCResources/MSFT_xWebSite/MSFT_xWebSite.psm1 +++ b/source/DSCResources/MSFT_xWebSite/MSFT_xWebSite.psm1 @@ -1435,6 +1435,8 @@ function ConvertTo-WebBinding # SSL-related properties if ($binding.Protocol -eq 'https') { + if ([Environment]::OSVersion.Version -lt '6.2' -or $binding.SslFlags -notin @('2', '3')) + { if ([String]::IsNullOrEmpty($binding.CertificateThumbprint)) { if ($Binding.CertificateSubject) @@ -1500,6 +1502,7 @@ function ConvertTo-WebBinding $outputObject.Add('certificateHash', [String]$certificateHash) $outputObject.Add('certificateStoreName', [String]$certificateStoreName) + } if ([Environment]::OSVersion.Version -ge '6.2') { From 6d85fa8100485f728c408c1e43a8d8c8f39fb1cc Mon Sep 17 00:00:00 2001 From: Carl Chang Date: Mon, 15 Nov 2021 19:29:51 +0800 Subject: [PATCH 2/2] add indent --- .../MSFT_xWebSite/MSFT_xWebSite.psm1 | 104 +++++++++--------- 1 file changed, 52 insertions(+), 52 deletions(-) diff --git a/source/DSCResources/MSFT_xWebSite/MSFT_xWebSite.psm1 b/source/DSCResources/MSFT_xWebSite/MSFT_xWebSite.psm1 index ebb228a0c..7159fdb3b 100644 --- a/source/DSCResources/MSFT_xWebSite/MSFT_xWebSite.psm1 +++ b/source/DSCResources/MSFT_xWebSite/MSFT_xWebSite.psm1 @@ -1437,71 +1437,71 @@ function ConvertTo-WebBinding { if ([Environment]::OSVersion.Version -lt '6.2' -or $binding.SslFlags -notin @('2', '3')) { - if ([String]::IsNullOrEmpty($binding.CertificateThumbprint)) - { - if ($Binding.CertificateSubject) + if ([String]::IsNullOrEmpty($binding.CertificateThumbprint)) { - if ($binding.CertificateSubject.substring(0,3) -ne 'CN=') + if ($Binding.CertificateSubject) { - $binding.CertificateSubject = "CN=$($Binding.CertificateSubject)" + if ($binding.CertificateSubject.substring(0,3) -ne 'CN=') + { + $binding.CertificateSubject = "CN=$($Binding.CertificateSubject)" + } + $FindCertificateSplat = @{ + Subject = $Binding.CertificateSubject + } } - $FindCertificateSplat = @{ - Subject = $Binding.CertificateSubject + else + { + $errorMessage = $script:localizedData.ErrorWebBindingMissingCertificateThumbprint ` + -f $binding.Protocol + New-TerminatingError -ErrorId 'WebBindingMissingCertificateThumbprint' ` + -ErrorMessage $errorMessage ` + -ErrorCategory 'InvalidArgument' } } + + if ([String]::IsNullOrEmpty($binding.CertificateStoreName)) + { + $certificateStoreName = 'MY' + Write-Verbose -Message ` + ($script:localizedData.VerboseConvertToWebBindingDefaultCertificateStoreName ` + -f $certificateStoreName) + } else { - $errorMessage = $script:localizedData.ErrorWebBindingMissingCertificateThumbprint ` - -f $binding.Protocol - New-TerminatingError -ErrorId 'WebBindingMissingCertificateThumbprint' ` - -ErrorMessage $errorMessage ` - -ErrorCategory 'InvalidArgument' + $certificateStoreName = $binding.CertificateStoreName } - } - - if ([String]::IsNullOrEmpty($binding.CertificateStoreName)) - { - $certificateStoreName = 'MY' - Write-Verbose -Message ` - ($script:localizedData.VerboseConvertToWebBindingDefaultCertificateStoreName ` - -f $certificateStoreName) - } - else - { - $certificateStoreName = $binding.CertificateStoreName - } - - $certificateHash = $null - if ($FindCertificateSplat) - { - $FindCertificateSplat.Add('Store',$CertificateStoreName) - $Certificate = Find-Certificate @FindCertificateSplat | Select-Object -First 1 - if ($Certificate) + + $certificateHash = $null + if ($FindCertificateSplat) { - $certificateHash = $Certificate.Thumbprint + $FindCertificateSplat.Add('Store',$CertificateStoreName) + $Certificate = Find-Certificate @FindCertificateSplat | Select-Object -First 1 + if ($Certificate) + { + $certificateHash = $Certificate.Thumbprint + } + else + { + $errorMessage = $script:localizedData.ErrorWebBindingInvalidCertificateSubject ` + -f $binding.CertificateSubject, $binding.CertificateStoreName + New-TerminatingError -ErrorId 'WebBindingInvalidCertificateSubject' ` + -ErrorMessage $errorMessage ` + -ErrorCategory 'InvalidArgument' + } + } + + # Remove the Left-to-Right Mark character + if ($certificateHash) + { + $certificateHash = $certificateHash -replace '^\u200E' } else { - $errorMessage = $script:localizedData.ErrorWebBindingInvalidCertificateSubject ` - -f $binding.CertificateSubject, $binding.CertificateStoreName - New-TerminatingError -ErrorId 'WebBindingInvalidCertificateSubject' ` - -ErrorMessage $errorMessage ` - -ErrorCategory 'InvalidArgument' + $certificateHash = $binding.CertificateThumbprint -replace '^\u200E' } - } - - # Remove the Left-to-Right Mark character - if ($certificateHash) - { - $certificateHash = $certificateHash -replace '^\u200E' - } - else - { - $certificateHash = $binding.CertificateThumbprint -replace '^\u200E' - } - - $outputObject.Add('certificateHash', [String]$certificateHash) - $outputObject.Add('certificateStoreName', [String]$certificateStoreName) + + $outputObject.Add('certificateHash', [String]$certificateHash) + $outputObject.Add('certificateStoreName', [String]$certificateStoreName) } if ([Environment]::OSVersion.Version -ge '6.2')