diff --git a/step-templates/windows-certificate-grant-read-access.json b/step-templates/windows-certificate-grant-read-access.json index 0993bc093..bdea8f298 100644 --- a/step-templates/windows-certificate-grant-read-access.json +++ b/step-templates/windows-certificate-grant-read-access.json @@ -3,9 +3,9 @@ "Name": "Windows - Certificate Grant Read Access", "Description": "Grant read access to certificate for a specific user", "ActionType": "Octopus.Script", - "Version": 12, + "Version": 13, "Properties": { - "Octopus.Action.Script.ScriptBody": "# $certCN is the identifiying CN for the certificate you wish to work with\r\n# The selection also sorts on Expiration date, just in case there are old expired certs still in the certificate store.\r\n# Make sure we work with the most recent cert\r\n \r\n Try\r\n {\r\n $WorkingCert = Get-ChildItem CERT:\\LocalMachine\\My |where {$_.Subject -match $certCN} | sort $_.NotAfter -Descending | select -first 1 -erroraction STOP\r\n $TPrint = $WorkingCert.Thumbprint\r\n $rsaFile = $WorkingCert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName\r\n if($TPrint){\r\n Write-Host \"Found certificate named $certCN with thumbprint $TPrint\"\r\n }\r\n else{\r\n throw \"Error: unable to locate certificate for $($CertCN)\"\r\n }\r\n }\r\n Catch\r\n {\r\n throw \"Error: unable to locate certificate for $($CertCN)\"\r\n }\r\n $keyPath = \"$env:SystemDrive\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\\"\r\n $fullPath=$keyPath+$rsaFile\r\n $acl=Get-Acl -Path $fullPath\r\n $permission=$userName,\"Read\",\"Allow\"\r\n $accessRule=new-object System.Security.AccessControl.FileSystemAccessRule $permission\r\n $acl.AddAccessRule($accessRule)\r\n Try \r\n {\r\n Write-Host \"Granting read access for user $userName on $certCN\"\r\n Set-Acl $fullPath $acl\r\n Write-Host \"Success: ACL set on certificate\"\r\n }\r\n Catch\r\n {\r\n throw \"Error: unable to set ACL on certificate\"\r\n }", + "Octopus.Action.Script.ScriptBody": "# $certCN is the identifiying CN for the certificate you wish to work with\r\n# The selection also sorts on Expiration date, just in case there are old expired certs still in the certificate store.\r\n# Make sure we work with the most recent cert\r\n\r\nTry\r\n{\r\n $WorkingCert = Get-ChildItem CERT:\\LocalMachine\\My | where {$_.Subject -match $certCN} | sort $_.NotAfter -Descending | select -first 1 -erroraction STOP\r\n}\r\nCatch\r\n{\r\n throw \"Error: unable to locate certificate for $($CertCN)\"\r\n}\r\n\r\n$TPrint = $WorkingCert.Thumbprint\r\nif($TPrint)\r\n{\r\n Write-Host \"Found certificate named $certCN with thumbprint $TPrint\"\r\n}\r\nelse\r\n{\r\n throw \"Error: unable to locate certificate for $($CertCN)\"\r\n}\r\n\r\n$key = [System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPrivateKey($WorkingCert)\r\nif ($null -eq $key) {\r\n throw \"Private key not found or unsupported algorithm (non-RSA).\"\r\n}\r\n\r\nif ($key -is [System.Security.Cryptography.CngKey] -or $key.GetType().Name -eq \"RSACng\") {\r\n $rsaFile = $key.Key.UniqueName\r\n $fullPath = \"$($env:ProgramData)\\Microsoft\\Crypto\\Keys\\$rsaFile\"\r\n} else {\r\n # Legacy CSP\r\n $rsaFile = $WorkingCert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName\r\n $fullPath = \"$($env:ProgramData)\\Microsoft\\Crypto\\RSA\\MachineKeys\\$rsaFile\"\r\n}\r\n\r\n$acl = Get-Acl -Path $fullPath\r\n$permission = $userName,\"Read\",\"Allow\"\r\n$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission\r\n$acl.AddAccessRule($accessRule)\r\nTry \r\n{\r\n Write-Host \"Granting read access for user $userName on $certCN\"\r\n Set-Acl $fullPath $acl\r\n Write-Host \"Success: ACL set on certificate\"\r\n}\r\nCatch\r\n{\r\n throw \"Error: unable to set ACL on certificate\"\r\n}\r\n", "Octopus.Action.Script.Syntax": "PowerShell" }, "SensitiveProperties": {}, @@ -30,7 +30,7 @@ } ], "LastModifiedOn": "2015-01-30T14:37:16.927+00:00", - "LastModifiedBy": "ARBNIK@skandianet.org", + "LastModifiedBy": "farhanalam", "$Meta": { "ExportedAt": "2015-01-30T14:39:14.212+00:00", "OctopusVersion": "2.6.0.778",