From 0f94d84e979edbf5d29fe502bf4b35c1c33e5460 Mon Sep 17 00:00:00 2001
From: James Ruskin <james@chocolatey.io>
Date: Tue, 16 Apr 2024 18:21:35 +0100
Subject: [PATCH] (#160) Hides KeyTool Output
---
scripts/Get-Helpers.ps1 | 52 ++++++++++++++++++++++++++---------------
1 file changed, 33 insertions(+), 19 deletions(-)
diff --git a/scripts/Get-Helpers.ps1 b/scripts/Get-Helpers.ps1
index 2545ec6..361bba9 100644
--- a/scripts/Get-Helpers.ps1
+++ b/scripts/Get-Helpers.ps1
@@ -1654,33 +1654,41 @@ function Set-NexusCert {
$TempCertPath = Join-Path $env:TEMP "$(New-Guid).pfx"
try {
- Write-Verbose "Exporting .pfx file to C:\, will remove when finished"
+ # Temporarily export the certificate as a PFX
Get-ChildItem Cert:\LocalMachine\TrustedPeople\ | Where-Object { $_.Thumbprint -eq $Thumbprint } | Sort-Object | Select-Object -First 1 | Export-PfxCertificate -FilePath $TempCertPath -Password $KeystoreCredential.SecurePassword
# TODO: Is this the right place for this? # Get-ChildItem -Path $TempCertPath | Import-PfxCertificate -CertStoreLocation Cert:\LocalMachine\My -Exportable -Password $KeystoreCredential.SecurePassword
- Write-Warning -Message "You'll now see prompts and other outputs, things are working as expected, don't do anything"
- $string = ($KeystoreCredential.Password | & $KeyTool -list -v -keystore $TempCertPath) -match '^Alias.*'
- $currentAlias = ($string -split ':')[1].Trim()
-
+
if ((Test-Path $KeyStorePath)) {
Remove-Item $KeyStorePath -Force
}
- & $KeyTool -importkeystore -srckeystore $TempCertPath -srcstoretype PKCS12 -srcstorepass $KeystoreCredential.Password -destkeystore $KeyStorePath -deststoretype JKS -alias $currentAlias -destalias jetty -deststorepass $KeystoreCredential.Password
- & $KeyTool -keypasswd -keystore $KeyStorePath -alias jetty -storepass $KeystoreCredential.Password -keypass chocolatey -new $KeystoreCredential.Password
-
- $xmlPath = 'C:\ProgramData\nexus\etc\jetty\jetty-https.xml'
- [xml]$xml = Get-Content -Path 'C:\ProgramData\nexus\etc\jetty\jetty-https.xml'
- foreach ($entry in $xml.Configure.New.Where{ $_.id -match 'ssl' }.Set.Where{ $_.name -match 'password' }) {
- $entry.InnerText = $KeystoreCredential.Password
+ # Using a job to hide improper non-output streams
+ $Job = Start-Job {
+ $string = ($using:KeystoreCredential.Password | & $using:KeyTool -list -v -keystore $using:TempCertPath) -match '^Alias.*'
+ $currentAlias = ($string -split ':')[1].Trim()
+ & $using:KeyTool -importkeystore -srckeystore $using:TempCertPath -srcstoretype PKCS12 -srcstorepass $using:KeystoreCredential.Password -destkeystore $using:KeyStorePath -deststoretype JKS -alias $currentAlias -destalias jetty -deststorepass $using:KeystoreCredential.Password
+ & $using:KeyTool -keypasswd -keystore $using:KeyStorePath -alias jetty -storepass $using:KeystoreCredential.Password -keypass $using:KeystoreCredential.Password -new $using:KeystoreCredential.Password
+ } | Wait-Job
+ if ($Job.State -eq 'Failed') {
+ $Job | Receive-Job
+ } else {
+ $Job | Remove-Job
}
-
- $xml.Save($xmlPath)
} finally {
if (Test-Path $TempCertPath) {
Remove-Item $TempCertPath -Force
}
}
+ # Update the Nexus configuration
+ $xmlPath = 'C:\ProgramData\nexus\etc\jetty\jetty-https.xml'
+ [xml]$xml = Get-Content -Path 'C:\ProgramData\nexus\etc\jetty\jetty-https.xml'
+ foreach ($entry in $xml.Configure.New.Where{ $_.id -match 'ssl' }.Set.Where{ $_.name -match 'password' }) {
+ $entry.InnerText = $KeystoreCredential.Password
+ }
+
+ $xml.Save($xmlPath)
+
$configPath = "C:\ProgramData\sonatype-work\nexus3\etc\nexus.properties"
# Remove existing ssl config from the configuration
@@ -2088,12 +2096,18 @@ function Set-JenkinsCertificate {
# Temporarily export the certificate as a PFX
$null = Get-ChildItem Cert:\LocalMachine\TrustedPeople\ | Where-Object {$_.Thumbprint -eq $Thumbprint} | Export-PfxCertificate -FilePath $CertificatePath -Password $CertificatePassword.SecurePassword
- Write-Host "Do NOT " -NoNewline # There is no way to hide the input, but the pipelining works after a second
- $CurrentAlias = ($($CertificatePassword.Password | & $KeyTool -list -v -storetype PKCS12 -keystore $CertificatePath) -match "^Alias.*").Split(':')[1].Trim()
- Write-Host "" # Adds a newline, after this command has finished.
+ # Using a job to hide improper non-output streams
+ $Job = Start-Job {
+ $CurrentAlias = ($($using:CertificatePassword.Password | & $using:KeyTool -list -v -storetype PKCS12 -keystore $using:CertificatePath) -match "^Alias.*").Split(':')[1].Trim()
- $null = & $KeyTool -importkeystore -srckeystore $CertificatePath -srcstoretype PKCS12 -srcstorepass $CertificatePassword.Password -destkeystore $KeyStore -deststoretype JKS -alias $currentAlias -destalias jetty -deststorepass $Passkey
- $null = & $KeyTool -keypasswd -keystore $KeyStore -alias jetty -storepass $Passkey -keypass $CertificatePassword.Password -new $Passkey
+ $null = & $using:KeyTool -importkeystore -srckeystore $using:CertificatePath -srcstoretype PKCS12 -srcstorepass $using:CertificatePassword.Password -destkeystore $using:KeyStore -deststoretype JKS -alias $currentAlias -destalias jetty -deststorepass $using:Passkey
+ $null = & $using:KeyTool -keypasswd -keystore $using:KeyStore -alias jetty -storepass $using:Passkey -keypass $using:CertificatePassword.Password -new $using:Passkey
+ } | Wait-Job
+ if ($Job.State -eq 'Failed') {
+ $Job | Receive-Job
+ } else {
+ $Job | Remove-Job
+ }
} finally {
# Clean up the exported certificate
Remove-Item $CertificatePath