Mirrors/pfSense-Certificate-Viewer
1
0
Fork 0
mirror of https://github.com/alvarsedano/pfSense-Certificate-Viewer.git synced 2025-08-18 18:42:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update pfSenseCertViewer.ps1

Browse Source
This commit is contained in:
Alvaro Sedano 2019-09-11 02:38:41 +02:00 committed by GitHub
parent 684737ebbb
commit 4ce05e5c24
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 96 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
pfSenseCertViewer.ps1
View File

@ -1,9 +1,9 @@
#### ####
### pfSense Certificate Viewer (without private key) ### pfSense Certificate Viewer (without private key)
### Version 1.0.3 ### Version 1.0.4
#### ####
# Redefine the $cfg string variable to point to a valid non encrypted pfSense XML configuration backup file. # Redefine the $cfg string variable to point to a valid unecrypted pfSense Configuration XML file.
# You can also pass the command line FilePath parameter as path to the input XML cfg file. # You can also use the command line FilePath parameter as path to the input XML cfg file
# This script will return the CA certificates, Server certificates, User certificates (used or not) and duplicated Serial Number Certificates # This script will return the CA certificates, Server certificates, User certificates (used or not) and duplicated Serial Number Certificates
# #
@ -14,13 +14,22 @@
#[CmdletBinding()] #[CmdletBinding()]
Param ( Param (
[Parameter(Mandatory=$false, [Parameter(Mandatory=$false,
Position=0, Position=0,
ValueFromPipeline=$true, ValueFromPipeline=$true,
ValueFromPipelineByPropertyName=$true)] ValueFromPipelineByPropertyName=$true)]
[Alias("File")] [Alias("File")]
[string]$FilePath) [string]$FilePath)
Function Get-BeginEndWO {
Param([Parameter(Mandatory=$true, Position=0)]
[string]$path)
[string[]]$text = Get-Content $path -Encoding UTF8
#Remove 1st and last lines
$text[1..($text.Count-2)]
}
Function Get-CN { Function Get-CN {
Param([Parameter(Mandatory=$true)][string]$name) Param([Parameter(Mandatory=$true)][string]$name)
if($name -match "CN=([^,]*)") { if($name -match "CN=([^,]*)") {
@ -61,10 +70,87 @@ Function Add-Lista {
} }
} }
Function Decrypt {
Param([Parameter(Mandatory=$true,Position=0)][string]$fileIn
,[Parameter(Mandatory=$true,Position=1)][string]$fileOut
,[Parameter(Mandatory=$false,Position=2)][string]$pass)
# If $openSSL is not '', we will look for the openSSL.exe available with openVPN install.
# You can define a value for $openSSL if you have a valid openssl executable path.
[string]$openSSL = ''
if ($openSSL -eq '') {
#Look for openvpn installation
[string]$rutaREG = "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\OpenVPN"
if (-not (Test-Path($rutaREG))) {
Write-Host 'No openvpn installation found. openssl.exe is part of the openVPN installation. If you have another openssl.exe available path, you can redefine the $openSSL variable at line 81.' -BackgroundColor DarkRed
Exit (3)
}
$openSSL = ((Get-ItemProperty -Path $rutaREG).exe_path).Replace("openvpn.exe", "openssl.exe")
}
if ($pass -eq '') {
[System.Security.SecureString]$pwd = Read-Host "Password XML File:" -AsSecureString
$pass = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($pwd))
}
& "$($openSSL)" enc -d -aes-256-cbc -in "$($fileIn)" -out "$($fileOut)" -salt -md md5 -k ''$($pass)''
}
Function Get-ConfigFile {
Param([Parameter(Mandatory=$true,Position=0)][string]$filePath `
,[Parameter(Mandatory=$true,Position=1)][ref]$xml)
if (-not (Test-Path -Path $filePath)) {
Write-Host "File '$cfg' not found. Process stopped." -BackgroundColor DarkRed
Exit 1
}
[bool]$encrypted = $false
try {
$xml.Value = Get-Content $filePath -Encoding UTF8
}
catch {
$encrypted = $true
}
if ($encrypted -eq $true) {
#Encrypted xml file
[string[]]$cifrado = Get-BeginEndWO -path $filePath
$f1Cin = New-TemporaryFile
$f1Cou = New-TemporaryFile
try {
[IO.File]::WriteAllBytes($f1Cin.FullName, [System.Convert]::FromBase64String($cifrado))
Decrypt -fileIn $f1Cin.FullName -fileOut $f1Cou.FullName
# Check if file exists
if (-not (Test-Path $f1Cou.FullName) -or (Get-Item $f1Cou.FullName).Length -eq 0) {
Write-Host "Unable to decrypt file. Process stoped." -BackgroundColor DarkRed
Exit 4
}
# File exists
$xml.Value = Get-Content $f1Cou.FullName -Encoding UTF8
}
catch {
Write-Host "Bad password. Process stoped." -BackgroundColor DarkRed
Exit 5
}
finally {
Remove-Item $f1Cin.FullName -Force
Remove-Item $f1Cou.FullName -Force
}
}
}
# #
# BODY # BODY
# #
#$ErrorActionPreference = 'SilentlyContinue'
# Check if param 0 is assigned # Check if param 0 is assigned
if ($FilePath -eq $null -or $FilePath -eq '') { if ($FilePath -eq $null -or $FilePath -eq '') {
[string]$cfg = "$env:USERPROFILE\Downloads\config-pfSense01.private.xml" [string]$cfg = "$env:USERPROFILE\Downloads\config-pfSense01.private.xml"
@ -75,13 +161,9 @@ else {
} }
if (-not (Test-Path -Path $cfg)) { #Read XML pfSense config file (UTF8 Encoding)
Write-Host "File '$cfg' not found. Process stopped." -BackgroundColor DarkRed [xml]$fxml = $null
Exit 1 Get-ConfigFile -filePath $cfg -xml ([ref]$fxml)
}
#Read XML pfSense config file (UTF8 enconding)
[xml]$fxml = Get-Content $cfg -Encoding UTF8
#Get the CRL revocation list #Get the CRL revocation list
[DateTime]$time0 = '1970-01-01' [DateTime]$time0 = '1970-01-01'
@ -98,7 +180,7 @@ Add-Lista -lista ([ref]$listaC) -obj ([ref]$fxml.pfsense.ca) -fromCA $true
Add-Lista -lista ([ref]$listaC) -obj ([ref]$fxml.pfsense.cert) -fromCA $false Add-Lista -lista ([ref]$listaC) -obj ([ref]$fxml.pfsense.cert) -fromCA $false
#Note: User Certificates created with old pfSense versions could set the EnhancedKeyUsageList property to <empty>. #Note: User Certificates created with old pfSense versions could set the EnhancedKeyUsageList property to <empty>.
Remove-Variable fxml, r Remove-Variable fxml
#List of CA Certificates #List of CA Certificates
Write-Output "`nCA Certificates" Write-Output "`nCA Certificates"