From 5be3649aae40c359098d209edea926dceda89e1a Mon Sep 17 00:00:00 2001 From: Bob Pokorny Date: Fri, 31 May 2024 14:50:41 -0500 Subject: [PATCH] #ab58570 Added additional error trapping and logging. Also modified the certutil logic to use -addstore when no password was provided when adding a certificate. --- IISU/ClientPSCertStoreManager.cs | 39 ++++++++++++++++++++++---------- 1 file changed, 27 insertions(+), 12 deletions(-) diff --git a/IISU/ClientPSCertStoreManager.cs b/IISU/ClientPSCertStoreManager.cs index 069d071..df91f38 100644 --- a/IISU/ClientPSCertStoreManager.cs +++ b/IISU/ClientPSCertStoreManager.cs @@ -133,8 +133,17 @@ public JobResult ImportPFXFile(string filePath, string privateKeyPassword, strin // If no private key password is provided, import the pfx file directory to the store using addstore argument string script = @" param($pfxFilePath, $storePath) - $output = certutil -addstore Cert:\LocalMachine\$storePath $pfxFilePath 2>&1 - $c = $LASTEXITCODE + $output = certutil -addstore $storePath $pfxFilePath 2>&1 + $exit_message = ""LASTEXITCODE:$($LASTEXITCODE)"" + + if ($output.GetType().Name -eq ""String"") + { + $output = @($output, $exit_message) + } + else + { + $output += $exit_message + } $output "; @@ -148,10 +157,9 @@ public JobResult ImportPFXFile(string filePath, string privateKeyPassword, strin string script = @" param($pfxFilePath, $privateKeyPassword) - $output = certutil -importpfx -p $privateKeyPassword $pfxFilePath 2>&1 + $output = certutil -importpfx -p $privateKeyPassword $storePath $pfxFilePath 2>&1 $exit_message = ""LASTEXITCODE:$($LASTEXITCODE)"" $stuff = certutil -dump - if ($stuff.GetType().Name -eq ""String"") { $stuff = @($stuff, $exit_message) @@ -160,7 +168,6 @@ public JobResult ImportPFXFile(string filePath, string privateKeyPassword, strin { $stuff += $exit_message } - $output $stuff "; @@ -177,9 +184,20 @@ public JobResult ImportPFXFile(string filePath, string privateKeyPassword, strin { string script = @" param($pfxFilePath, $cspName, $storePath) - $output = certutil -csp $cspName -addstore LocalMachine\$storePath $pfxFilePath 2>&1 - $c = $LASTEXITCODE + $output = certutil -csp $cspName -addstore $storePath $pfxFilePath 2>&1 + $exit_message = ""LASTEXITCODE:$($LASTEXITCODE)"" + + $stuff = certutil -dump + if ($stuff.GetType().Name -eq ""String"") + { + $stuff = @($stuff, $exit_message) + } + else + { + $stuff += $exit_message + } $output + $stuff "; ps.AddScript(script); @@ -191,10 +209,10 @@ public JobResult ImportPFXFile(string filePath, string privateKeyPassword, strin { string script = @" param($pfxFilePath, $privateKeyPassword, $cspName) - $output = certutil -importpfx -csp $cspName -p $privateKeyPassword LocalMachine\$storePath $pfxFilePath 2>&1 + $output = certutil -importpfx -csp $cspName -p $privateKeyPassword $storePath $pfxFilePath 2>&1 $exit_message = ""LASTEXITCODE:$($LASTEXITCODE)"" - $stuff = certutil -dump + $stuff = certutil -dump if ($stuff.GetType().Name -eq ""String"") { $stuff = @($stuff, $exit_message) @@ -203,7 +221,6 @@ public JobResult ImportPFXFile(string filePath, string privateKeyPassword, strin { $stuff += $exit_message } - $output $stuff "; @@ -221,8 +238,6 @@ public JobResult ImportPFXFile(string filePath, string privateKeyPassword, strin var results = ps.Invoke(); // Get the last exist code returned from the script - // This statement is in a try/catch block because PSVariable.GetValue() is not a valid method on a remote PS Session and throws an exception. - // Due to security reasons and Windows architecture, retreiving values from a remote system is not supported. int lastExitCode = 0; try {