Skip to content

Commit

Permalink
Fix Windows SCEP Certificate Key Usage
Browse files Browse the repository at this point in the history
  • Loading branch information
Fabien Tschanz committed Feb 22, 2024
1 parent 604b66e commit 0b42c44
Show file tree
Hide file tree
Showing 6 changed files with 18 additions and 11 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
# Change log for Microsoft365DSC

# UNRELEASED

* IntuneDeviceConfigurationScepCertificatePolicyWindows10
* Fixes an issue where the keyUsage property format was not correctly handled

# 1.24.221.1

* AADApplication
Expand Down
10 changes: 6 additions & 4 deletions ...tificatePolicyWindows10/MSFT_IntuneDeviceConfigurationScepCertificatePolicyWindows10.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ function Get-TargetResource

[Parameter()]
[ValidateSet('keyEncipherment','digitalSignature')]
[System.String]
[System.String[]]
$KeyUsage,

[Parameter()]
Expand Down Expand Up @@ -255,7 +255,7 @@ function Get-TargetResource
CertificateStore = $enumCertificateStore
HashAlgorithm = $enumHashAlgorithm
KeySize = $enumKeySize
KeyUsage = $enumKeyUsage
KeyUsage = $enumKeyUsage.Split(',')
ScepServerUrls = $getValue.AdditionalProperties.scepServerUrls
SubjectAlternativeNameFormatString = $getValue.AdditionalProperties.subjectAlternativeNameFormatString
SubjectNameFormatString = $getValue.AdditionalProperties.subjectNameFormatString
Expand Down Expand Up @@ -332,7 +332,7 @@ function Set-TargetResource

[Parameter()]
[ValidateSet('keyEncipherment','digitalSignature')]
[System.String]
[System.String[]]
$KeyUsage,

[Parameter()]
Expand Down Expand Up @@ -460,6 +460,7 @@ function Set-TargetResource
$CreateParameters = ([Hashtable]$BoundParameters).clone()
$CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters
$CreateParameters.Remove('Id') | Out-Null
$CreateParameters['keyUsage'] = $CreateParameters['keyUsage'] -join ','

$keys = (([Hashtable]$CreateParameters).clone()).Keys
foreach ($key in $keys)
Expand Down Expand Up @@ -497,6 +498,7 @@ function Set-TargetResource
$UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters

$UpdateParameters.Remove('Id') | Out-Null
$UpdateParameters['keyUsage'] = $UpdateParameters['keyUsage'] -join ','

$keys = (([Hashtable]$UpdateParameters).clone()).Keys
foreach ($key in $keys)
Expand Down Expand Up @@ -559,7 +561,7 @@ function Test-TargetResource

[Parameter()]
[ValidateSet('keyEncipherment','digitalSignature')]
[System.String]
[System.String[]]
$KeyUsage,

[Parameter()]
Expand Down
2 changes: 1 addition & 1 deletion ...tePolicyWindows10/MSFT_IntuneDeviceConfigurationScepCertificatePolicyWindows10.schema.mof
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ class MSFT_IntuneDeviceConfigurationScepCertificatePolicyWindows10 : OMI_BaseRes
[Write, Description("Target store certificate. Possible values are: user, machine."), ValueMap{"user","machine"}, Values{"user","machine"}] String CertificateStore;
[Write, Description("SCEP Hash Algorithm. Possible values are: sha1, sha2."), ValueMap{"sha1","sha2"}, Values{"sha1","sha2"}] String HashAlgorithm;
[Write, Description("SCEP Key Size. Possible values are: size1024, size2048, size4096."), ValueMap{"size1024","size2048","size4096"}, Values{"size1024","size2048","size4096"}] String KeySize;
[Write, Description("SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature."), ValueMap{"keyEncipherment","digitalSignature"}, Values{"keyEncipherment","digitalSignature"}] String KeyUsage;
[Write, Description("SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature.")] String KeyUsage[];
[Write, Description("SCEP Server Url(s).")] String ScepServerUrls[];
[Write, Description("Custom String that defines the AAD Attribute.")] String SubjectAlternativeNameFormatString;
[Write, Description("Custom format to use with SubjectNameFormat = Custom. Example: CN={{UserName}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US")] String SubjectNameFormatString;
Expand Down
2 changes: 1 addition & 1 deletion ...C/Examples/Resources/IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/1-Create.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ Configuration Example
HashAlgorithm = "sha2";
KeySize = "size2048";
KeyStorageProvider = "useTpmKspOtherwiseUseSoftwareKsp";
KeyUsage = "digitalSignature";
KeyUsage = @("digitalSignature");
RenewalThresholdPercentage = 25;
ScepServerUrls = @("https://mydomain.com/certsrv/mscep/mscep.dll");
SubjectAlternativeNameType = "none";
Expand Down
2 changes: 1 addition & 1 deletion ...C/Examples/Resources/IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/2-Update.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ Configuration Example
HashAlgorithm = "sha2";
KeySize = "size2048";
KeyStorageProvider = "useTpmKspOtherwiseUseSoftwareKsp";
KeyUsage = "digitalSignature";
KeyUsage = @("digitalSignature");
RenewalThresholdPercentage = 30; # Updated Property
ScepServerUrls = @("https://mydomain.com/certsrv/mscep/mscep.dll");
SubjectAlternativeNameType = "none";
Expand Down
8 changes: 4 additions & 4 deletions ...t365DSC/Microsoft365DSC.IntuneDeviceConfigurationScepCertificatePolicyWindows10.Tests.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
id = "FakeStringValue"
KeySize = "size1024"
keyStorageProvider = "useTpmKspOtherwiseUseSoftwareKsp"
KeyUsage = "keyEncipherment"
KeyUsage = @("keyEncipherment")
renewalThresholdPercentage = 25
ScepServerUrls = @("FakeStringValue")
SubjectAlternativeNameFormatString = "FakeStringValue"
Expand Down Expand Up @@ -138,7 +138,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
id = "FakeStringValue"
KeySize = "size1024"
keyStorageProvider = "useTpmKspOtherwiseUseSoftwareKsp"
KeyUsage = "keyEncipherment"
KeyUsage = @("keyEncipherment")
renewalThresholdPercentage = 25
ScepServerUrls = @("FakeStringValue")
SubjectAlternativeNameFormatString = "FakeStringValue"
Expand Down Expand Up @@ -225,7 +225,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
id = "FakeStringValue"
KeySize = "size1024"
keyStorageProvider = "useTpmKspOtherwiseUseSoftwareKsp"
KeyUsage = "keyEncipherment"
KeyUsage = @("keyEncipherment")
renewalThresholdPercentage = 25
ScepServerUrls = @("FakeStringValue")
SubjectAlternativeNameFormatString = "FakeStringValue"
Expand Down Expand Up @@ -305,7 +305,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
id = "FakeStringValue"
KeySize = "size1024"
keyStorageProvider = "useTpmKspOtherwiseUseSoftwareKsp"
KeyUsage = "keyEncipherment"
KeyUsage = @("keyEncipherment")
renewalThresholdPercentage = 25
ScepServerUrls = @("FakeStringValue")
SubjectAlternativeNameFormatString = "FakeStringValue"
Expand Down

0 comments on commit 0b42c44

Please sign in to comment.