update

2026-04-15 15:45:50 -05:00
commit 1d304511b8
613 changed files with 140998 additions and 0 deletions
@@ -0,0 +1,71 @@
+
+ #'x509' - for Certificate (w/ chain), PEM encoded,
+ #'x509CO' - for Certificate only, PEM encoded,
+ #'base64' - for PKCS#7, PEM encoded,
+ #'bin' - for PKCS#7, 'x509IO' - for Root/Intermediate(s) only, PEM encoded,
+ #'x509IOR' - for Intermediate(s)/Root only, PEM encoded,
+ #'pem' - for Certificate (w/ chain), PEM encoded,
+ #'pemco' - for Certificate only, PEM encoded,
+ #'pemia' - for Certificate (w/ issuer after), PEM encoded,
+ #'x509R' - for Certificate (w/ chain), PEM encoded.
+ # base64 is default.
+
+function Download-SectigoCertificate {
+    [CmdletBinding(SupportsShouldProcess=$true)]
+    param (
+        [string]$ApiToken=$env:SectigoToken,
+        [string]$CertRootPath="c:\certs",
+        [ValidateSet('x509','x509CO','base64','bin','x509IOR','pem','pemco','pemia','x509R' )]
+        [string]$Format="x509CO",
+
+        [Parameter(Mandatory=$true)]
+        [string]$OrderId
+    )
+
+    if (-Not $ApiToken) {
+        $ApiToken=Read-Host "ApiToken:"
+    }
+    . $PSScriptRoot\..\Private\Set-Onload.ps1
+
+    [string]$CollectUrl = "${BaseAPIUrl}/api/ssl/v1/collect/${OrderId}?format=${format}"
+
+   Write-Verbose -Verbose "CollectUrl: $CollectUrl"
+    $headers = @{
+        "Authorization" = "Bearer $ApiToken"
+        "Content-Type" = "application/json"  # <-- Cleaned up syntax
+    }
+
+    # --- API Call ---
+    Write-Verbose "Attempting to retrieve certificate for Order ID: $OrderId"
+
+    try {
+        $response = Invoke-WebRequest -Uri $CollectUrl -Method Get -Headers $headers -UseBasicParsing -ErrorAction Stop
+    } catch {
+        Write-Error "API Request Failed: $($_.Exception.Message)"
+        return $null
+    }
+     $OutPath = "${CertRootPath}\cert_${OrderId}.cer"
+
+    # --- Response Processing ---
+    if ($response.StatusCode -eq 200) {
+        Write-Verbose "Certificate successfully retrieved (Status 200)."
+
+        # 1. Get the Hex String
+        # ASSUMPTION: The API returns the raw certificate Hex string in the response content.
+        # If the API returns JSON, you must use 'ConvertFrom-Json' first to extract the hex property.
+        $decimalNumbersString = $response.Content
+
+$numberStrings = $decimalNumbersString -split '\s+|,|\r?\n' | Where-Object { $_ }
+
+try {
+    [byte[]]$bytes = $numberStrings | ForEach-Object { [int]$_ }
+} catch {
+    Write-Error "Error converting numbers. Ensure all numbers are between 0 and 255."
+    exit
+}
+
+#  Write the byte array to the binary file
+[System.IO.File]::WriteAllBytes($OutPath , $bytes)
+Get-ChildItem $OutPath|select fullname, LastWriteTime
+    }
+}
@@ -0,0 +1,149 @@
+Function Enroll-SectigoCertificateRequest {
+    [CmdletBinding()]
+    param (
+        [string]$ApiToken=$env:SectigoToken,
+        [int]$OrgId=8091,  # 8091 friendly label is "Information Technology Department - Windows"
+        [Parameter(Mandatory=$true)]
+        [string]$subjAltNames,
+        [ValidateSet('IIS','IIS_OLD','IBM','LINUX','Apache','Tomcat')]
+        [string]$Type="IIS",
+        [string]$comment = "",
+        [Parameter(Mandatory=$true)]
+        [string]$dcvEmail,
+        [Parameter(Mandatory=$true)]
+        [ValidateSet('ECC',"RSA")]
+        [string]$KeyType,
+        [Parameter(Mandatory=$true)]
+        [string]$Csr,  # Replace with your Sectigo Organization ID
+        [switch]$Test
+    )
+    if (-Not $ApiToken) {
+        $ApiToken=Read-Host "ApiToken:"
+    }
+
+. $PSScriptRoot\..\Private\Set-Onload.ps1
+
+[string]$RequestUrl= $BaseAPIUrl + "/api/ssl/v1/enroll"
+
+Write-Verbose -Verbose "RequestUrl: $RequestUrl"
+#$CertType=2369
+
+#If ($subjAltNames) {
+$CertType=2375
+#}
+
+
+$term=365
+# 7: IBM HTTP Server
+# 14: Microsoft IIS 5 or 6
+    switch ($ServerType.ToLower()) {
+        "iis" {
+            $ServerTypeCode = 35
+        }
+        "iis_old" {
+            $ServerTypeCode = 14
+        }
+        "ibm" {
+            $ServerTypeCode = 7
+        }
+        "linux" {
+            $ServerTypeCode = 'Linux'
+        }
+        "apache" {
+            $ServerTypeCode = 2
+        }
+        "tomcat" {
+            $ServerTypeCode = 12
+        }
+        default {
+            Write-Warning "Unsupported server type: $ServerType. Please provide specific instructions for manual installation."
+        }
+     }
+
+
+#ignorded for now
+#    keySize = 2048,
+#    keyParam = 2048,
+#    algorithm = $KeyType
+#    keyGenerationMethod = PK_AGENT
+
+
+$body = @{
+    orgId = $OrgId
+    subjAltNames = $subjAltNames
+    certType = $CertType
+    term = $term
+    serverType = $ServerTypeCode
+    comments = $comment
+    csr = $csr
+    externalRequester = $dcvEmail
+}
+
+#$b2= @{
+#    subjAltNames = $subjAltNames
+#}
+#
+#if ($subjAltNames) {
+#    $body = $body + $b2
+#}
+
+
+
+$b3=@{
+commonName = $commonName
+keySize = 2048
+keyParam = "2048"
+algorithm = "RSA"
+keyGenerationMethod = "PK_AGENT"
+}
+
+$b4=@{
+commonName = $commonName
+keyParam = "secp256r1"
+algorithm = "ESS"
+keyGenerationMethod = "PK_AGENT"
+}
+
+
+
+#    $body = $body + $b2
+#If ($KeyType -eq "rsa") {
+#    $body = $body + $b3
+#} else {
+#    $body = $body + $b4
+#}
+
+
+
+
+If ($test) {
+    Return
+}
+
+# Convert the body to JSON
+$jsonBody = $body | ConvertTo-Json
+
+Write-Host $jsonBody
+
+# --- Set up Authentication Headers ---
+$headers = @{
+    "Authorization" = "Bearer $ApiToken"
+    "Content-Type"  = "application/json"
+}
+
+# --- Send the Request ---
+try {
+    $response=Invoke-RestMethod -Uri $RequestUrl -Method POST -Headers $headers -Body $jsonBody -ContentType "application/json"
+
+    return $response
+}
+catch {
+    Write-Error "Error during certificate enrollment: $($_.Exception.Message)"
+    if ($_.Exception.Response) {
+        $errorResponse = $_.Exception.Response.GetResponseStream()
+        $reader = New-Object System.IO.StreamReader($errorResponse)
+        $responseBody = $reader.ReadToEnd()
+        Write-Error "Sectigo API Error Response: $responseBody"
+    }
+}
+}
@@ -0,0 +1,46 @@
+
+
+Function Get-SectigoApiToken {
+
+#[CmdletBinding()]
+
+. $PSScriptRoot\..\Private\Set-Onload.ps1
+[string]$tokenEndpoint = $AuthBaseAPIUrl + "/auth/realms/apiclients/protocol/openid-connect/token"
+
+$clientId=$env:Sectigoclientid
+$clientSecret=$env:SectigoclientSecret
+
+if (-Not $clientid) {
+  $clientid=Read-Host "Please enter your clientid"
+}
+
+if (-Not $clientSecret) {
+ $clientSecret=Read-Host "Please enter your clientSecret"
+}
+
+Write-Verbose -Verbose "tokenEndpoint:  $tokenEndpoint "
+
+# Prepare the body for the token request
+$body = @{
+    grant_type    = "client_credentials"
+    client_id     = $clientId
+    client_secret = $clientSecret
+
+}
+
+. $PSScriptRoot\..\Private\Set-Onload.ps1
+
+# Request the access token
+try {
+    $tokenResponse = Invoke-RestMethod -Uri $tokenEndpoint -Method Post -Body $body -ContentType "application/x-www-form-urlencoded"
+    $accessToken = $tokenResponse.access_token
+    $env:SectigoToken=$accessToken
+    if ($accesstoken) { Write-Verbose -Verbose 'Token Set $ENV:SectigoToken'}
+
+}
+catch {
+    Write-Error "Failed to obtain access token: $($_.Exception.Message)"
+    #exit 1
+}
+
+}
@@ -0,0 +1,37 @@
+
+function Get-SectigoCertificate {
+    [CmdletBinding(SupportsShouldProcess=$true)]
+    param (
+        [string]$ApiToken=$env:SectigoToken,
+        [Parameter(Mandatory=$true)]
+        [string]$OrderId
+    )
+
+    if (-Not $ApiToken) {
+        $ApiToken=Read-Host "ApiToken:"
+    }
+
+    . $PSScriptRoot\..\Private\Set-Onload.ps1
+
+   # [string]$dcvUrl = "${BaseAPIUrl}/api/ssl/v1/${OrderId}/dcv"
+    [string]$dcvUrl = "${BaseAPIUrl}/api/ssl/v1/${OrderId}"
+
+
+    $headers = @{
+        "Authorization" = "Bearer $ApiToken"
+        "Content-Type" = "application/json"  # <-- Cleaned up syntax
+    }
+
+    # --- API Call ---
+    Write-Verbose "Attempting to retrieve certificate for Order ID: $OrderId"
+
+    try {
+        $response = Invoke-RestMethod -Uri $dcvUrl -Method Get -Headers $headers -UseBasicParsing -ErrorAction Stop
+        return $response
+    } catch {
+       Write-Error "API Request Failed: $($_.Exception.Message)"
+        return $null
+    }
+     $response
+
+}
@@ -0,0 +1,42 @@
+
+
+function Get-SectigoCertificateTypes {
+    [CmdletBinding()]
+    param (
+        [string]$ApiToken=$env:SectigoToken
+    )
+
+    if (-Not $ApiToken) {
+        $ApiToken=Read-Host "ApiToken:"
+    }
+
+	. $PSScriptRoot\..\Private\Set-Onload.ps1
+
+    [string]$CertificateTypesUrl= $BaseAPIUrl + "/api/ssl/v1/types"
+    Write-Verbose -Verbose "CertificateTypesUrl: $CertificateTypesUrl"
+
+    # 1. Prepare the Authorization Header
+    # The Sectigo API usually requires the token in a Bearer authorization header.
+    $headers = @{
+        "Authorization" = "Bearer $ApiToken"
+        "Content-Type"  = "application/json"
+    }
+
+    # 2. Send the Request (GET is the standard method for listing resources)
+    $response = Invoke-WebRequest -Uri $CertificateTypesUrl -Method Get -Headers $headers -UseBasicParsing
+
+    if ($response.StatusCode -eq 200) {
+        # 3. Process the Response
+        $certTypes = $response.Content | ConvertFrom-Json
+
+        # ASSUMPTION: The API returns an array of objects,
+        # each representing a certificate type.
+        # This function returns the entire list/array.
+        return $certTypes
+
+    } else {
+        Write-Error "Failed to get Certificate Types. Status code: $($response.StatusCode)."
+        Write-Error "Response content: $($response.Content)"
+        return $null
+    }
+}
@@ -0,0 +1,44 @@
+# Load Configuration Variables
+
+
+function Get-SectigoOrg {
+    [CmdletBinding()]
+    param (
+        [string]$ApiToken=$env:SectigoToken
+    )
+
+    if (-Not $ApiToken) {
+        $ApiToken=Read-Host
+    }
+
+    . $PSScriptRoot\..\Private\Set-Onload.ps1
+    [string]$OrganizationLookupUrl=$BaseAPIUrl + "/api/organization/v1"
+
+    # 1. Prepare the Authorization Header
+    $headers = @{
+        "Authorization" = "Bearer $ApiToken"
+        "Content-Type"  = "application/json"
+    }
+
+	. $PSScriptRoot\..\Private\Set-Onload.ps1
+
+try {
+    # Invoke the web request to the Sectigo API
+    $Response = Invoke-WebRequest -Uri $OrganizationLookupUrl -Headers $Headers -Method GET
+
+    # Check if the request was successful
+    if ($Response.StatusCode -eq 200) {
+        # Parse the JSON response
+        $Organizations = $Response.Content | ConvertFrom-Json
+        $Organizations|select-object id, name
+        $Organizations.departments
+
+    } else {
+        Write-Error "Failed to retrieve organizations. Status Code: $($Response.StatusCode)"
+        Write-Error "Response Content: $($Response.Content)"
+    }
+}
+catch {
+    Write-Error "An error occurred during the API call: $($_.Exception.Message)"
+}
+}
@@ -0,0 +1,43 @@
+# Load Configuration Variables
+
+
+function Get-SectigoSeverTypes {
+    [CmdletBinding()]
+    param (
+        [string]$ApiToken=$env:SectigoToken
+    )
+
+    if (-Not $ApiToken) {
+        $ApiToken=Read-Host
+    }
+
+    . $PSScriptRoot\..\Private\Set-Onload.ps1
+    [string]$OrganizationLookupUrl=$BaseAPIUrl + "/api/v1/servertype"
+
+    # 1. Prepare the Authorization Header
+    $headers = @{
+        "Authorization" = "Bearer $ApiToken"
+        "Content-Type"  = "application/json"
+    }
+
+	. $PSScriptRoot\..\Private\Set-Onload.ps1
+
+try {
+    # Invoke the web request to the Sectigo API
+    $Response = Invoke-WebRequest -Uri $OrganizationLookupUrl -Headers $Headers -Method GET
+
+    # Check if the request was successful
+    if ($Response.StatusCode -eq 200) {
+        # Parse the JSON response
+       $Response.Content | ConvertFrom-Json
+
+
+    } else {
+        Write-Error "Failed to retrieve organizations. Status Code: $($Response.StatusCode)"
+        Write-Error "Response Content: $($Response.Content)"
+    }
+}
+catch {
+    Write-Error "An error occurred during the API call: $($_.Exception.Message)"
+}
+}
@@ -0,0 +1,46 @@
+
+function Revoke-SectigoCertificate {
+    [CmdletBinding(SupportsShouldProcess=$true)]
+    param (
+        [string]$ApiToken=$env:SectigoToken,
+
+        [int]$reasonCode=4,
+        [Parameter(Mandatory=$true)]
+        [string]$reason,
+        [Parameter(Mandatory=$true)]
+        [string]$OrderId
+    )
+
+   if (-Not $ApiToken) {
+        $ApiToken=Read-Host
+    }
+    . $PSScriptRoot\..\Private\Set-Onload.ps1
+
+    [string]$RevokeUrl = "${BaseAPIUrl}/api/ssl/v1/revoke/${OrderId}"
+
+Write-Verbose -Verbose "RequestUrl: $RevokeUrl"
+
+    $headers = @{
+        "Authorization" = "Bearer $ApiToken"
+        "Content-Type" = "application/json"  # <-- Cleaned up syntax
+    }
+
+    $body = @{
+        reasonCode = $reasonCode
+        reason = $reasonCode
+    }
+
+    $jsonBody = $body | ConvertTo-Json
+
+    # --- API Call ---
+    Write-Verbose "Attempting to retrieve certificate for Order ID: $OrderId"
+
+    try {
+        $response=Invoke-RestMethod -Uri $RevokeUrl -Method POST -Headers $headers -Body $jsonBody -ContentType "application/json"
+        return $response
+        "Success"
+    } catch {
+        Write-Error "API Request Failed: $($_.Exception.Message)"
+        return $null
+    }
+}
@@ -0,0 +1,39 @@
+
+function Test-SectigoCertificateRequest {
+    [CmdletBinding(SupportsShouldProcess=$true)]
+    param (
+        [string]$FilePath,
+        [string]$csr
+    )
+
+if ($FilePath) {
+   [string]$csr = (Get-Content -Path $FilePath -Raw)
+}
+
+    [string]$dcvUrl = "https://certificates.nd.gov/api/csr/validate/string"
+
+
+    $headers = @{
+        "accept" = "application/json"
+        "Content-Type" = "application/json"  # <-- Cleaned up syntax
+    }
+
+   $Body = @{
+        "csr" = $csr
+    }
+
+$jsonBody = $body | ConvertTo-Json
+
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+    # --- API Call ---
+    Write-Verbose "Attempting to retrieve certificate for Order ID: $OrderId"
+
+    try {
+        $response = Invoke-RestMethod -Uri $dcvUrl -Method Post -Headers $headers -Body $jsonBody
+         $response
+    } catch {
+       Write-Error "API Request Failed: $($_.Exception.Message)"|convertfrom-json
+        return $null
+    }
+
+}