-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathUTMCertPostPatch.ps1
149 lines (113 loc) · 4.35 KB
/
UTMCertPostPatch.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
Param(
[Parameter(Mandatory=$true)]
[bool]
$IsNewCert,
[Parameter(Mandatory=$true)]
[String]
$Domain,
[Parameter(Mandatory=$true)]
[String]
$CertPath,
[Parameter(Mandatory=$true)]
[String]
$KeyPath
)
Function 509Body {
#Form Body
$x509Json = @"
{
"comment": "upload",
"enddate": "$notAfter",
"fingerprint": "$fingerprint",
"issuer": "$Issuer",
"issuer_hash": "$isshash",
"name": "$name",
"public_key_algorithm": "$keyalg",
"serial": "$certserial",
"startdate": "$NotBefore",
"subject": "$subject",
"subject_alt_names": ["$SAN"],
"subject_hash": "$subhash",
"vpn_id": "$VNPId",
"vpn_id_type": "fqdn"
}
"@
return $x509Json
}
Function CertBody {
$CA = "REF_CaVerLetsEncryCa"
#pull info from cert
$CertContent = (Get-Content $CertPath) | Out-String
$KeyContent = (Get-Content $KeyPath) | Out-String
$CertAsText = openssl x509 -in $CertPath -noout -text | Out-String
$509Format = "$CertAsText" + "$CertContent"
#cert body
$body = [ordered]@{
name= "$VNPId"
ca= "$CA"
certificate= "$509Format"
comment= "AutomatedTM"
encrypted= $false
key= "$KeyContent"
meta= "$509Ref"
}
$json = ConvertTo-Json $body
return $json
}
# $IsNewCert = $true
# $Domain = '*.demo2.com'
# $CertPath = $Cert.CertFile
# $KeyPath = $Cert.KeyFile
Write-verbose $IsNewCert
Write-verbose $Domain
Write-verbose $CertPath
Write-verbose $KeyPath
#Auth/Creds
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$BaseURL = "https://XXXX:4444/api/"
$token = ''
$tokenBase64 = [Convert]::ToBase64String([System.Text.Encoding]::Default.GetBytes("token:" + $token))
$headers = @{}
$headers.add("Authorization",'Basic ' + $tokenBase64)
#Please dont look at this ... I should know how Regexes work but nope so get this shit
$notAfter = (openssl x509 -enddate -in $CertPath -noout).Split("=")[1]
$fingerprint = (openssl x509 -fingerprint -in $CertPath -noout).Split("=")[1]
$Issuer = "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"
$isshash = openssl x509 -issuer_hash -in $CertPath -noout
$certserial = (openssl x509 -serial -in $CertPath -noout).Split("=")[1]
$name = $certserial
$keyalg = "rsaEncryption"
$subhash = openssl x509 -subject_hash -in $CertPath -noout
$NotBefore = (openssl x509 -startdate -in $CertPath -noout).Split("=")[1]
$subject = (openssl x509 -subject -in $CertPath -noout).replace("subject=","")
$subject = $subject.Replace(" ","")
$SAN = "DNS:"+ ($subject.Split("=")[1])
$subhash = openssl x509 -subject_hash -in $CertPath -noout
$VNPId = $subject.Replace("CN=","")
$x509Json = 509Body
if($IsNewCert -eq $true){
#Upload New 509 and set 509ref
$Call = $BaseURL + 'objects/ca/meta_x509/'
$509PostReturn = Invoke-RestMethod -Uri $Call -Method post -Headers $headers -ContentType "application/json" -Body $x509Json
$509Ref = $509PostReturn._ref
$Certjson = CertBody
$Call = $BaseURL + 'objects/ca/host_key_cert/'
Invoke-RestMethod -Uri $Call -Method post -Headers $headers -ContentType "application/json" -Body $Certjson | Out-Null #dont post cert body to log
}else{
#Get uploaded Certs REF ID# like $Domain
$Call = $BaseURL + 'objects/ca/meta_x509/'
$509Object = Invoke-RestMethod -Uri $Call -Method get -Headers $headers -UseBasicParsing
$509Object = $509Object| Where-Object {$_.subject -like "$Domain"} | Sort-Object -Property enddate | Select-Object _ref -First 1
$509Ref = $509Object._ref
#Patch the New 509 over the top
$Call = $BaseURL + 'objects/ca/meta_x509/' + "$509Ref"
Invoke-RestMethod -Uri $Call -Method patch -Headers $headers -ContentType "application/json" -Body $x509Json
##Get Used by Reference ID#
$Call = $BaseURL + 'objects/ca/meta_x509/' + "$509Ref/usedby"
$GetResult = Invoke-RestMethod -Uri $Call -Method get -Headers $headers
$CertRef = $GetResult.objects
$Certjson = CertBody
#Update the Cert Object
$Call = $BaseURL + 'objects/ca/host_key_cert/' + "$CertRef"
Invoke-RestMethod -Uri $Call -Method patch -Headers $headers -ContentType "application/json" -Body $Certjson | Out-Null #dont post cert body to log
}