Welcome to the Chocolatey Community Package Repository! The packages found in this section of the site are provided, maintained, and moderated by the community.
Moderation
Every version of each package undergoes a rigorous moderation process before it goes live that typically includes:
- Security, consistency, and quality checking
- Installation testing
- Virus checking through VirusTotal
- Human moderators who give final review and sign off
More detail at Security and Moderation.
Organizational Use
If you are an organization using Chocolatey, we want your experience to be fully reliable. Due to the nature of this publicly offered repository, reliability cannot be guaranteed. Packages offered here are subject to distribution rights, which means they may need to reach out further to the internet to the official locations to download files at runtime.
Fortunately, distribution rights do not apply for internal use. With any edition of Chocolatey (including the free open source edition), you can host your own packages and cache or internalize existing community packages.
Disclaimer
Your use of the packages on this site means you understand they are not supported or guaranteed in any way. Learn more...
-
STEP1
Package Review
-
STEP2
Integration Method
-
STEP3
Internal Repo Url
-
STEP4
Environment Setup
-
STEP5
Install Script
Step 1: Review Your Packages
Step 2: Choose Your Integration Method
Step 3: Enter Your Internal Repository Url
(this should look similar to https://community.chocolatey.org/api/v2/)
Step 3: Copy Your Script or Download Config
Option 1: Copy Script
Option 2: Download Config
Step 4: Setup Your Environment
1. Ensure you are set for organizational deployment
Please see the organizational deployment guide
2. Get the package into your environment
Option 1: Cached Package (Unreliable, Requires Internet - Same As Community)-
Open Source or Commercial:
- Proxy Repository - Create a proxy nuget repository on Nexus, Artifactory Pro, or a proxy Chocolatey repository on ProGet. Point your upstream to https://community.chocolatey.org/api/v2/. Packages cache on first access automatically. Make sure your choco clients are using your proxy repository as a source and NOT the default community repository. See source command for more information.
-
You can also just download the packages and push them to a repository
Download Packages
-
Open Source
-
Download the packages:
Download Packages - Follow manual internalization instructions
-
-
Package Internalizer (C4B)
-
Run: (additional options)
-
For package and dependencies run:
- Automate package internalization
-
Run: (additional options)
Step 5: Copy Your Script
See options you can pass to upgrade.
See best practices for scripting.
Add this to a PowerShell script or use a Batch script with tools and in places where you are calling directly to Chocolatey. If you are integrating, keep in mind enhanced exit codes.
If you do use a PowerShell script, use the following to ensure bad exit codes are shown as failures:
## 1. REQUIREMENTS ##
### Here are the requirements necessary to ensure this is successful.
### a. Internal/Private Cloud Repository Set Up ###
#### You'll need an internal/private cloud repository you can use. These are
#### generally really quick to set up and there are quite a few options.
#### Chocolatey Software recommends Nexus, Artifactory Pro, or ProGet as they
#### are repository servers and will give you the ability to manage multiple
#### repositories and types from one server installation.
### b. Download Chocolatey Package and Put on Internal Repository ###
#### You need to have downloaded the Chocolatey package as well.
#### Please see https://chocolatey.org/install#organization
### c. Other Requirements ###
#### We initialize a few things that are needed by this script - there are no other requirements.
$ErrorActionPreference = "Stop"
#### Set TLS 1.2 (3072) as that is the minimum required by various up-to-date repositories.
#### Use integers because the enumeration value for TLS 1.2 won't exist
#### in .NET 4.0, even though they are addressable if .NET 4.5+ is
#### installed (.NET 4.5 is an in-place upgrade).
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
#### We use this variable for future REST calls.
$RequestArguments = @{
UseBasicParsing = $true
}
## 2. TOP LEVEL VARIABLES ##
### a. Your internal repository url (the main one). ###
#### Should be similar to what you see when you browse
#### to https://community.chocolatey.org/api/v2/
$NugetRepositoryUrl = "INTERNAL REPO URL"
### b. Internal Repository Credential ###
#### If required, add the repository access credential here
# $NugetRepositoryCredential = [PSCredential]::new(
# "username",
# ("password" | ConvertTo-SecureString -AsPlainText -Force)
# )
# $RequestArguments.Credential = $NugetRepositoryCredential
### c. Chocolatey nupkg download url ###
#### This url should result in an immediate download when you navigate to it
$ChocolateyDownloadUrl = "$($NugetRepositoryUrl.TrimEnd('/'))/package/chocolatey.1.1.0.nupkg"
### d. Chocolatey Central Management (CCM) ###
#### If using CCM to manage Chocolatey, add the following:
#### i. Endpoint URL for CCM
# $ChocolateyCentralManagementUrl = "https://chocolatey-central-management:24020/ChocolateyManagementService"
#### ii. If using a Client Salt, add it here
# $ChocolateyCentralManagementClientSalt = "clientsalt"
#### iii. If using a Service Salt, add it here
# $ChocolateyCentralManagementServiceSalt = "servicesalt"
## 3. ENSURE CHOCOLATEY IS INSTALLED ##
### Ensure Chocolatey is installed from your internal repository
#### Download the Nupkg, appending .zip to the filename to handle archive cmdlet limitations
if (-not (Get-Command choco.exe -ErrorAction SilentlyContinue)) {
$TempDirectory = Join-Path $env:Temp "chocolateyInstall"
if (-not (Test-Path $TempDirectory -PathType Container)) {
$null = New-Item -Path $TempDirectory -ItemType Directory
}
$DownloadedNupkg = Join-Path $TempDirectory "$(Split-Path $ChocolateyDownloadUrl -Leaf).zip"
Invoke-WebRequest -Uri $ChocolateyDownloadUrl -OutFile $DownloadedNupkg @RequestArguments
#### Extract the Nupkg, and run the chocolateyInstall script
if (Get-Command Microsoft.PowerShell.Archive\Expand-Archive -ErrorAction SilentlyContinue) {
Microsoft.PowerShell.Archive\Expand-Archive -Path $DownloadedNupkg -DestinationPath $TempDirectory -Force
} else {
# PowerShell versions <4.0 do not have this function available
try {
$shellApplication = New-Object -ComObject Shell.Application
$zipPackage = $shellApplication.NameSpace($DownloadedNupkg)
$destinationFolder = $shellApplication.NameSpace($TempDirectory)
$destinationFolder.CopyHere($zipPackage.Items(), 0x10)
} catch {
Write-Warning "Unable to unzip package using built-in compression."
throw $_
}
}
& $(Join-Path $TempDirectory "tools\chocolateyInstall.ps1")
}
if (-not (Get-Command choco.exe -ErrorAction SilentlyContinue)) {
refreshenv
}
## 4. CONFIGURE CHOCOLATEY BASELINE ##
### a. FIPS Feature ###
#### If you need FIPS compliance - make this the first thing you configure
#### before you do any additional configuration or package installations
# choco feature enable -n useFipsCompliantChecksums
### b. Apply Recommended Configuration ###
#### Move cache location so Chocolatey is very deterministic about
#### cleaning up temporary data and the location is secured to admins
choco config set --name cacheLocation --value C:\ProgramData\chocolatey\cache
#### Increase timeout to at least 4 hours
choco config set --name commandExecutionTimeoutSeconds --value 14400
#### Turn off download progress when running choco through integrations
choco feature disable --name showDownloadProgress
### c. Sources ###
#### Remove the default community package repository source
choco source list --limitoutput | ConvertFrom-Csv -Header 'Name', 'Location' -Delimiter '|' | ForEach-Object {
if ($_.Location -eq 'https://community.chocolatey.org/api/v2/') {
choco source remove -n $_.Name
}
}
#### Add internal default sources
#### You could have multiple sources here, so we will provide an example
#### of one using the remote repo variable here
#### NOTE: This EXAMPLE may require changes
if ($NugetRepositoryCredential) {
choco source add --name ChocolateyInternal --source $NugetRepositoryUrl --user $NugetRepositoryCredential.UserName --password $NugetRepositoryCredential.GetNetworkCredential().Password --priority 1
} else {
choco source add --name ChocolateyInternal --source $NugetRepositoryUrl --priority 1
}
### b. Keep Chocolatey Up To Date ###
#### Keep chocolatey up to date based on your internal source
#### You control the upgrades based on when you push an updated version
#### to your internal repository.
#### Note the source here is to the OData feed, similar to what you see
#### when you browse to https://community.chocolatey.org/api/v2/
choco upgrade chocolatey --confirm
## 5. ENSURE CHOCOLATEY FOR BUSINESS ##
### If you don't have Chocolatey for Business (C4B), you'll want to remove from here down.
### a. Ensure The License File Is Installed ###
#### Create a license package using script from https://docs.chocolatey.org/en-us/how-tos/setup-offline-installation#exercise-4-create-a-package-for-the-license
choco install chocolatey-license --source $NugetRepositoryUrl --confirm
### b. Disable The Licensed Source ###
#### The licensed source cannot be removed, so it must be disabled.
#### This must occur after the license has been set by the license package.
if ("chocolatey-license" -in (choco list --localonly --limitoutput | ConvertFrom-Csv -Header "Name" -Delimiter "|").Name) {
choco source disable --name chocolatey.licensed
} else {
Write-Warning "Not disabling 'chocolatey.licensed' feed, as Chocolatey-License has not been installed."
}
### c. Ensure Chocolatey Licensed Extension ###
#### You will have downloaded the licensed extension to your internal repository
#### as you have disabled the licensed repository in step 5b.
#### Ensure the chocolatey.extension package (aka Chocolatey Licensed Extension)
if ("chocolatey-license" -in (choco list --localonly --limitoutput | ConvertFrom-Csv -Header "Name" -Delimiter "|").Name) {
choco install chocolatey.extension --source $NugetRepositoryUrl --confirm
} else {
Write-Warning "Not installing 'chocolatey.extension', as Chocolatey-License has not been installed."
}
#### The Chocolatey Licensed Extension unlocks all of the following, which also have configuration/feature items available with them. You may want to visit the feature pages to see what you might want to also enable:
#### - Package Builder - https://docs.chocolatey.org/en-us/features/paid/package-builder
#### - Package Internalizer - https://docs.chocolatey.org/en-us/features/paid/package-internalizer
#### - Package Synchronization (3 components) - https://docs.chocolatey.org/en-us/features/paid/package-synchronization
#### - Package Reducer - https://docs.chocolatey.org/en-us/features/paid/package-reducer
#### - Package Audit - https://docs.chocolatey.org/en-us/features/paid/package-audit
#### - Package Throttle - https://docs.chocolatey.org/en-us/features/paid/package-throttle
#### - CDN Cache Access - https://docs.chocolatey.org/en-us/features/paid/private-cdn
#### - Branding - https://docs.chocolatey.org/en-us/features/paid/branding
#### - Self-Service Anywhere (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/self-service-anywhere
#### - Chocolatey Central Management (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/chocolatey-central-management
#### - Other - https://docs.chocolatey.org/en-us/features/paid/
### d. Ensure Self-Service Anywhere ###
#### If you have desktop clients where users are not administrators, you may
#### to take advantage of deploying and configuring Self-Service anywhere
choco feature disable --name showNonElevatedWarnings
choco feature enable --name useBackgroundService
choco feature enable --name useBackgroundServiceWithNonAdministratorsOnly
choco feature enable --name allowBackgroundServiceUninstallsFromUserInstallsOnly
choco config set --name allowedBackgroundServiceCommands --value "install,upgrade,uninstall"
### e. Ensure Chocolatey Central Management ###
#### If you want to manage and report on endpoints, you can set up and configure
### Central Management. There are multiple portions to manage, so you'll see
### a section on agents here along with notes on how to configure the server
### side components.
if ($ChocolateyCentralManagementUrl) {
choco install chocolatey-agent --source $NugetRepositoryUrl --confirm
choco config set --name CentralManagementServiceUrl --value $ChocolateyCentralManagementUrl
if ($ChocolateyCentralManagementClientSalt) {
choco config set --name centralManagementClientCommunicationSaltAdditivePassword --value $ChocolateyCentralManagementClientSalt
}
if ($ChocolateyCentralManagementServiceSalt) {
choco config set --name centralManagementServiceCommunicationSaltAdditivePassword --value $ChocolateyCentralManagementServiceSalt
}
choco feature enable --name useChocolateyCentralManagement
choco feature enable --name useChocolateyCentralManagementDeployments
}
See docs at https://docs.ansible.com/ansible/latest/modules/win_chocolatey_module.html.
If Applicable - Chocolatey Configuration/Installation
## 1. REQUIREMENTS ##
### Here are the requirements necessary to ensure this is successful.
### a. Internal/Private Cloud Repository Set Up ###
#### You'll need an internal/private cloud repository you can use. These are
#### generally really quick to set up and there are quite a few options.
#### Chocolatey Software recommends Nexus, Artifactory Pro, or ProGet as they
#### are repository servers and will give you the ability to manage multiple
#### repositories and types from one server installation.
### b. Download Chocolatey Package and Put on Internal Repository ###
#### You need to have downloaded the Chocolatey package as well.
#### Please see https://chocolatey.org/install#organization
### c. Other Requirements ###
#### i. chocolatey.chocolatey
##### You will require the chocolatey.chocolatey collection to be installed
##### on all machines using this playbook.
##### Please see https://github.com/chocolatey/chocolatey-ansible/#installing-the-collection-from-ansible-galaxy
- name: Install and Configure Chocolatey
hosts: all
## 2. TOP LEVEL VARIABLES ##
vars:
### a. Your internal repository url (the main one). ###
#### Should be similar to what you see when you browse
#### to https://community.chocolatey.org/api/v2/
nuget_repository_url: INTERNAL REPO URL
### b. Internal Repository Credential ###
#### If required, add the repository access credential here and
#### uncomment lines with source_username and source_password below
# nuget_repository_username: username
# nuget_repository_password: password
### c. Chocolatey Central Management (CCM) ###
#### If using CCM to manage Chocolatey, add the following:
#### i. Endpoint URL for CCM
# chocolatey_central_management_url: https://chocolatey-central-management:24020/ChocolateyManagementService
#### ii. If using a Client Salt, add it here
# chocolatey_central_management_client_salt: clientsalt
#### iii. If using a Service Salt, add it here
# chocolatey_central_management_service_salt: servicesalt
## 3. ENSURE CHOCOLATEY IS INSTALLED ##
### Ensure Chocolatey is installed from your internal repository
tasks:
- name: Install chocolatey
win_chocolatey:
name: chocolatey
source: {{ nuget_repository_url }}
# source_username: {{ nuget_repository_username }}
# source_password: {{ nuget_repository_password }}
## 4. CONFIGURE CHOCOLATEY BASELINE ##
### a. FIPS Feature ###
#### If you need FIPS compliance - make this the first thing you configure
#### before you do any additional configuration or package installations
# - name: Enable FIPS compliance
# win_chocolatey_feature:
# name: useFipsCompliantChecksums
# state: enabled
### b. Apply Recommended Configuration ###
#### Move cache location so Chocolatey is very deterministic about
#### cleaning up temporary data and the location is secured to admins
- name: Set the cache location
win_chocolatey_config:
name: cacheLocation
state: present
value: C:\ProgramData\chocolatey\cache
#### Increase timeout to at least 4 hours
- name: Set the command execution timeout
win_chocolatey_config:
name: commandExecutionTimeoutSeconds
state: present
value: 14400
#### Turn off download progress when running choco through integrations
- name: Disable showing download progress
win_chocolatey_feature:
name: showDownloadProgress
state: disabled
### c. Sources ###
#### Remove the default community package repository source
- name: Remove Chocolatey Community Repository
win_chocolatey_source:
name: chocolatey
state: absent
#### Add internal default sources
#### You could have multiple sources here, so we will provide an example
#### of one using the remote repo variable here
#### NOTE: This EXAMPLE may require changes
- name: Add Internal Repository
win_chocolatey_source:
name: ChocolateyInternal
state: present
source: {{ nuget_repository_url }}
# source_username: {{ nuget_repository_username }}
# source_password: {{ nuget_repository_password }}
priority: 1
### b. Keep Chocolatey Up To Date ###
#### Keep chocolatey up to date based on your internal source
#### You control the upgrades based on when you push an updated version
#### to your internal repository.
#### Note the source here is to the OData feed, similar to what you see
#### when you browse to https://community.chocolatey.org/api/v2/
- name: Upgrade Chocolatey
win_chocolatey:
name: chocolatey
state: latest
## 5. ENSURE CHOCOLATEY FOR BUSINESS ##
### If you don't have Chocolatey for Business (C4B), you'll want to remove from here down.
### a. Ensure The License File Is Installed ###
#### Create a license package using script from https://docs.chocolatey.org/en-us/how-tos/setup-offline-installation#exercise-4-create-a-package-for-the-license
- name: Install Chocolatey License
win_chocolatey:
name: chocolatey-license
source: ChocolateyInternal
state: latest
### b. Disable The Licensed Source ###
#### The licensed source cannot be removed, so it must be disabled.
#### This must occur after the license has been set by the license package.
- name: Disable Chocolatey Community Repository
win_chocolatey_source:
name: chocolatey.licensed
state: disabled
### c. Ensure Chocolatey Licensed Extension ###
#### You will have downloaded the licensed extension to your internal repository
#### as you have disabled the licensed repository in step 5b.
#### Ensure the chocolatey.extension package (aka Chocolatey Licensed Extension)
- name: Install Chocolatey Extension
win_chocolatey:
name: chocolatey.extension
source: ChocolateyInternal
state: latest
#### The Chocolatey Licensed Extension unlocks all of the following, which also have configuration/feature items available with them. You may want to visit the feature pages to see what you might want to also enable:
#### - Package Builder - https://docs.chocolatey.org/en-us/features/paid/package-builder
#### - Package Internalizer - https://docs.chocolatey.org/en-us/features/paid/package-internalizer
#### - Package Synchronization (3 components) - https://docs.chocolatey.org/en-us/features/paid/package-synchronization
#### - Package Reducer - https://docs.chocolatey.org/en-us/features/paid/package-reducer
#### - Package Audit - https://docs.chocolatey.org/en-us/features/paid/package-audit
#### - Package Throttle - https://docs.chocolatey.org/en-us/features/paid/package-throttle
#### - CDN Cache Access - https://docs.chocolatey.org/en-us/features/paid/private-cdn
#### - Branding - https://docs.chocolatey.org/en-us/features/paid/branding
#### - Self-Service Anywhere (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/self-service-anywhere
#### - Chocolatey Central Management (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/chocolatey-central-management
#### - Other - https://docs.chocolatey.org/en-us/features/paid/
### d. Ensure Self-Service Anywhere ###
#### If you have desktop clients where users are not administrators, you may
#### to take advantage of deploying and configuring Self-Service anywhere
- name: Hide not-elevated warnings
win_chocolatey_feature:
name: showNonElevatedWarnings
state: disabled
- name: Use background mode for self-service
win_chocolatey_feature:
name: useBackgroundService
state: enabled
- name: Use background service for non-admins
win_chocolatey_feature:
name: useBackgroundServiceWithNonAdministratorsOnly
state: enabled
- name: Allow background uninstallation for user installs
win_chocolatey_feature:
name: allowBackgroundServiceUninstallsFromUserInstallsOnly
state: enabled
- name: Set allowed background service commands
win_chocolatey_config:
name: backgroundServiceAllowedCommands
state: present
value: install,upgrade,uninstall
### e. Ensure Chocolatey Central Management ###
#### If you want to manage and report on endpoints, you can set up and configure
### Central Management. There are multiple portions to manage, so you'll see
### a section on agents here along with notes on how to configure the server
### side components.
- name: Install Chocolatey Agent
when: chocolatey_central_management_url is defined
win_chocolatey:
name: chocolatey-agent
source: ChocolateyInternal
state: latest
- name: Set the Central Management Service URL
when: chocolatey_central_management_url is defined
win_chocolatey_config:
name: CentralManagementServiceUrl
state: present
value: {{ chocolatey_central_management_url }}
- name: Set the Central Management Client Salt
when: chocolatey_central_management_client_salt is defined
win_chocolatey_config:
name: centralManagementClientCommunicationSaltAdditivePassword
state: present
value: {{ chocolatey_central_management_client_salt }}
- name: Set the Central Management Service Salt
when: chocolatey_central_management_service_salt is defined
win_chocolatey_config:
name: centralManagementServiceCommunicationSaltAdditivePassword
state: present
value: {{ chocolatey_central_management_service_salt }}
- name: Use Central Management
when: chocolatey_central_management_url is defined
win_chocolatey_feature:
name: useChocolateyCentralManagement
state: enabled
- name: Use Central Management Deployments
when: chocolatey_central_management_url is defined
win_chocolatey_feature:
name: useChocolateyCentralManagementDeployments
state: enabled
See docs at https://docs.chef.io/resource_chocolatey_package.html.
If Applicable - Chocolatey Configuration/Installation
## 1. REQUIREMENTS ##
### Here are the requirements necessary to ensure this is successful.
### a. Internal/Private Cloud Repository Set Up ###
#### You'll need an internal/private cloud repository you can use. These are
#### generally really quick to set up and there are quite a few options.
#### Chocolatey Software recommends Nexus, Artifactory Pro, or ProGet as they
#### are repository servers and will give you the ability to manage multiple
#### repositories and types from one server installation.
### b. Download Chocolatey Package and Put on Internal Repository ###
#### You need to have downloaded the Chocolatey package as well.
#### Please see https://chocolatey.org/install#organization
### c. Other Requirements ###
#### The Chocolatey resources are available with any recent version of Chef.
#### We utilise the Chocolatey recipe to install the Chocolatey binaries.
include_recipe "chocolatey"
## 2. TOP LEVEL VARIABLES ##
### a. Your internal repository url (the main one). ###
#### Should be similar to what you see when you browse
#### to https://community.chocolatey.org/api/v2/
NugetRepositoryUrl = "INTERNAL REPO URL"
### b. Internal Repository Credential ###
#### If required, add the repository access credential here
# NugetRepositoryUsername = "username"
# NugetRepositoryPassword = "password"
### c. Chocolatey nupkg download url ###
#### This url should result in an immediate download when you navigate to it in
#### a web browser
ChocolateyNupkgUrl = "INTERNAL REPO URL/package/chocolatey.1.1.0.nupkg",
### d. Chocolatey Central Management (CCM) ###
#### If using CCM to manage Chocolatey, add the following:
#### i. Endpoint URL for CCM
# ChocolateyCentralManagementUrl = "https://chocolatey-central-management:24020/ChocolateyManagementService"
#### ii. If using a Client Salt, add it here
# ChocolateyCentralManagementClientSalt = "clientsalt"
#### iii. If using a Service Salt, add it here
# ChocolateyCentralManagementServiceSalt = "servicesalt"
## 3. ENSURE CHOCOLATEY IS INSTALLED ##
### Ensure Chocolatey is installed from your internal repository
node['chocolatey']['install vars'] = {
'chocolateyDownloadUrl' => "#{ChocolateyNupkgUrl}",
}
## 4. CONFIGURE CHOCOLATEY BASELINE ##
### a. FIPS Feature ###
#### If you need FIPS compliance - make this the first thing you configure
#### before you do any additional configuration or package installations
# chocolatey_feature 'useFipsCompliantChecksums' do
# action :enable
# end
### b. Apply Recommended Configuration ###
#### Move cache location so Chocolatey is very deterministic about
#### cleaning up temporary data and the location is secured to admins
chocolatey_config 'cacheLocation' do
value 'C:\ProgramData\chocolatey\cache'
end
#### Increase timeout to at least 4 hours
chocolatey_config 'commandExecutionTimeoutSeconds' do
value '14400'
end
#### Turn off download progress when running choco through integrations
chocolatey_feature 'showDownloadProgress' do
action :disable
end
### c. Sources ###
#### Remove the default community package repository source
chocolatey_source 'chocolatey' do
action :remove
end
#### Add internal default sources
#### You could have multiple sources here, so we will provide an example
#### of one using the remote repo variable here
#### NOTE: This EXAMPLE may require changes
chocolatey_source 'ChocolateyInternal' do
source "#{NugetRepositoryUrl}"
priority 1
action :add
end
execute 'ChocolateyInternal' do
command "choco source add --name ChocolateyInternal -s #{NugetRepositoryUrl} -u=#{NugetRepositoryUsername} -p=#{NugetRepositoryPassword} --priority=1"
only_if { NugetRepositoryUsername != nil || NugetRepositoryPassword != nil }
end
### b. Keep Chocolatey Up To Date ###
#### Keep chocolatey up to date based on your internal source
#### You control the upgrades based on when you push an updated version
#### to your internal repository.
#### Note the source here is to the OData feed, similar to what you see
#### when you browse to https://community.chocolatey.org/api/v2/
chocolatey_package 'chocolatey' do
action :upgrade
source "#{NugetRepositoryUrl}"
end
## 5. ENSURE CHOCOLATEY FOR BUSINESS ##
### If you don't have Chocolatey for Business (C4B), you'll want to remove from here down.
### a. Ensure The License File Is Installed ###
#### Create a license package using script from https://docs.chocolatey.org/en-us/how-tos/setup-offline-installation#exercise-4-create-a-package-for-the-license
chocolatey_package 'chocolatey-license' do
action :install
source "#{NugetRepositoryUrl}"
end
### b. Disable The Licensed Source ###
#### The licensed source cannot be removed, so it must be disabled.
#### This must occur after the license has been set by the license package.
chocolatey_source 'chocolatey.licensed' do
action :disable
end
### c. Ensure Chocolatey Licensed Extension ###
#### You will have downloaded the licensed extension to your internal repository
#### as you have disabled the licensed repository in step 5b.
#### Ensure the chocolatey.extension package (aka Chocolatey Licensed Extension)
chocolatey_package 'chocolatey.extention' do
action install
source "#{NugetRepositoryUrl}"
end
#### The Chocolatey Licensed Extension unlocks all of the following, which also have configuration/feature items available with them. You may want to visit the feature pages to see what you might want to also enable:
#### - Package Builder - https://docs.chocolatey.org/en-us/features/paid/package-builder
#### - Package Internalizer - https://docs.chocolatey.org/en-us/features/paid/package-internalizer
#### - Package Synchronization (3 components) - https://docs.chocolatey.org/en-us/features/paid/package-synchronization
#### - Package Reducer - https://docs.chocolatey.org/en-us/features/paid/package-reducer
#### - Package Audit - https://docs.chocolatey.org/en-us/features/paid/package-audit
#### - Package Throttle - https://docs.chocolatey.org/en-us/features/paid/package-throttle
#### - CDN Cache Access - https://docs.chocolatey.org/en-us/features/paid/private-cdn
#### - Branding - https://docs.chocolatey.org/en-us/features/paid/branding
#### - Self-Service Anywhere (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/self-service-anywhere
#### - Chocolatey Central Management (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/chocolatey-central-management
#### - Other - https://docs.chocolatey.org/en-us/features/paid/
### d. Ensure Self-Service Anywhere ###
#### If you have desktop clients where users are not administrators, you may
#### to take advantage of deploying and configuring Self-Service anywhere
chocolatey_feature 'showNonElevatedWarnings' do
action :disable
end
chocolatey_feature 'useBackgroundService' do
action :enable
end
chocolatey_feature 'useBackgroundServiceWithNonAdministratorsOnly' do
action :enable
end
chocolatey_feature 'allowBackgroundServiceUninstallsFromUserInstallsOnly' do
action :enable
end
chocolatey_config 'backgroundServiceAllowedCommands' do
value 'install,upgrade,uninstall'
end
### e. Ensure Chocolatey Central Management ###
#### If you want to manage and report on endpoints, you can set up and configure
### Central Management. There are multiple portions to manage, so you'll see
### a section on agents here along with notes on how to configure the server
### side components.
chocolatey_package 'chocolatey-agent' do
action install
source "#{NugetRepositoryUrl}"
# user "#{NugetRepositoryUsername}"
# password "#{NugetRepositoryPassword}"
only_if { ChocolateyCentralManagementUrl != nil }
end
chocolatey_config 'CentralManagementServiceUrl' do
value "#{ChocolateyCentralManagementUrl}"
only_if { ChocolateyCentralManagementUrl != nil }
end
chocolatey_config 'centralManagementClientCommunicationSaltAdditivePassword' do
value "#{ChocolateyCentralManagementClientSalt}"
only_if { ChocolateyCentralManagementClientSalt != nil }
end
chocolatey_config 'centralManagementServiceCommunicationSaltAdditivePassword' do
value "#{ChocolateyCentralManagementServiceSalt}"
only_if { ChocolateyCentralManagementServiceSalt != nil }
end
chocolatey_feature 'useChocolateyCentralManagement' do
action :enable
only_if { ChocolateyCentralManagementUrl != nil }
end
chocolatey_feature 'useChocolateyCentralManagementDeployments' do
action :enable
only_if { ChocolateyCentralManagementUrl != nil }
end
Requires cChoco DSC Resource. See docs at https://github.com/chocolatey/cChoco.
If Applicable - Chocolatey Configuration/Installation
#requires -Modules cChoco
## 1. REQUIREMENTS ##
### Here are the requirements necessary to ensure this is successful.
### a. Internal/Private Cloud Repository Set Up ###
#### You'll need an internal/private cloud repository you can use. These are
#### generally really quick to set up and there are quite a few options.
#### Chocolatey Software recommends Nexus, Artifactory Pro, or ProGet as they
#### are repository servers and will give you the ability to manage multiple
#### repositories and types from one server installation.
### b. Download Chocolatey Package and Put on Internal Repository ###
#### You need to have downloaded the Chocolatey package as well.
#### Please see https://chocolatey.org/install#organization
### c. Other Requirements ###
#### i. Requires chocolatey\cChoco DSC module to be installed on the machine compiling the DSC manifest
#### NOTE: This will need to be installed before running the DSC portion of this script
if (-not (Get-Module cChoco -ListAvailable)) {
$null = Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
if (($PSGallery = Get-PSRepository -Name PSGallery).InstallationPolicy -ne "Trusted") {
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
}
Install-Module -Name cChoco
if ($PSGallery.InstallationPolicy -ne "Trusted") {
Set-PSRepository -Name PSGallery -InstallationPolicy $PSGallery.InstallationPolicy
}
}
#### ii. Requires a hosted copy of the install.ps1 script
##### This should be available to download without authentication.
##### The original script can be found here: https://community.chocolatey.org/install.ps1
Configuration ChocolateyConfig {
## 2. TOP LEVEL VARIABLES ##
param(
### a. Your internal repository url (the main one). ###
#### Should be similar to what you see when you browse
#### to https://community.chocolatey.org/api/v2/
$NugetRepositoryUrl = "INTERNAL REPO URL",
### b. Chocolatey nupkg download url ###
#### This url should result in an immediate download when you navigate to it in
#### a web browser
$ChocolateyNupkgUrl = "INTERNAL REPO URL/package/chocolatey.1.1.0.nupkg",
### c. Internal Repository Credential ###
#### If required, add the repository access credential here
# $NugetRepositoryCredential = [PSCredential]::new(
# "username",
# ("password" | ConvertTo-SecureString -AsPlainText -Force)
# ),
### d. Install.ps1 URL
#### The path to the hosted install script:
$ChocolateyInstallPs1Url = "https://community.chocolatey.org/install.ps1"
### e. Chocolatey Central Management (CCM) ###
#### If using CCM to manage Chocolatey, add the following:
#### i. Endpoint URL for CCM
# $ChocolateyCentralManagementUrl = "https://chocolatey-central-management:24020/ChocolateyManagementService",
#### ii. If using a Client Salt, add it here
# $ChocolateyCentralManagementClientSalt = "clientsalt",
#### iii. If using a Service Salt, add it here
# $ChocolateyCentralManagementServiceSalt = "servicesalt"
)
Import-DscResource -ModuleName PSDesiredStateConfiguration
Import-DscResource -ModuleName cChoco
Node 'localhost' {
## 3. ENSURE CHOCOLATEY IS INSTALLED ##
### Ensure Chocolatey is installed from your internal repository
Environment chocoDownloadUrl {
Name = "chocolateyDownloadUrl"
Value = $ChocolateyNupkgUrl
}
cChocoInstaller installChocolatey {
DependsOn = "[Environment]chocoDownloadUrl"
InstallDir = Join-Path $env:ProgramData "chocolatey"
ChocoInstallScriptUrl = $ChocolateyInstallPs1Url
}
## 4. CONFIGURE CHOCOLATEY BASELINE ##
### a. FIPS Feature ###
#### If you need FIPS compliance - make this the first thing you configure
#### before you do any additional configuration or package installations
# cChocoFeature featureFipsCompliance {
# FeatureName = "useFipsCompliantChecksums"
# }
### b. Apply Recommended Configuration ###
#### Move cache location so Chocolatey is very deterministic about
#### cleaning up temporary data and the location is secured to admins
cChocoConfig cacheLocation {
DependsOn = "[cChocoInstaller]installChocolatey"
ConfigName = "cacheLocation"
Value = "C:\ProgramData\chocolatey\cache"
}
#### Increase timeout to at least 4 hours
cChocoConfig commandExecutionTimeoutSeconds {
DependsOn = "[cChocoInstaller]installChocolatey"
ConfigName = "commandExecutionTimeoutSeconds"
Value = 14400
}
#### Turn off download progress when running choco through integrations
cChocoFeature showDownloadProgress {
DependsOn = "[cChocoInstaller]installChocolatey"
FeatureName = "showDownloadProgress"
Ensure = "Absent"
}
### c. Sources ###
#### Remove the default community package repository source
cChocoSource removeCommunityRepository {
DependsOn = "[cChocoInstaller]installChocolatey"
Name = "chocolatey"
Ensure = "Absent"
}
#### Add internal default sources
#### You could have multiple sources here, so we will provide an example
#### of one using the remote repo variable here.
#### NOTE: This EXAMPLE may require changes
cChocoSource addInternalSource {
DependsOn = "[cChocoInstaller]installChocolatey"
Name = "ChocolateyInternal"
Source = $NugetRepositoryUrl
Credentials = $NugetRepositoryCredential
Priority = 1
}
### b. Keep Chocolatey Up To Date ###
#### Keep chocolatey up to date based on your internal source
#### You control the upgrades based on when you push an updated version
#### to your internal repository.
#### Note the source here is to the OData feed, similar to what you see
#### when you browse to https://community.chocolatey.org/api/v2/
cChocoPackageInstaller updateChocolatey {
DependsOn = "[cChocoSource]addInternalSource", "[cChocoSource]removeCommunityRepository"
Name = "chocolatey"
AutoUpgrade = $true
}
## 5. ENSURE CHOCOLATEY FOR BUSINESS ##
### If you don't have Chocolatey for Business (C4B), you'll want to remove from here down.
### a. Ensure The License File Is Installed ###
#### Create a license package using script from https://docs.chocolatey.org/en-us/how-tos/setup-offline-installation#exercise-4-create-a-package-for-the-license
cChocoPackageInstaller chocolateyLicense {
DependsOn = "[cChocoPackageInstaller]updateChocolatey"
Name = "chocolatey-license"
}
### b. Disable The Licensed Source ###
#### The licensed source cannot be removed, so it must be disabled.
#### This must occur after the license has been set by the license package.
Script disableLicensedSource {
DependsOn = "[cChocoPackageInstaller]chocolateyLicense"
GetScript = {
$Source = choco source list --limitoutput | `
ConvertFrom-Csv -Delimiter '|' -Header Name, Source, Disabled | `
Where-Object Name -eq "chocolatey.licensed"
return @{
Result = if ($Source) {
[bool]::Parse($Source.Disabled)
} else {
Write-Warning "Source 'chocolatey.licensed' was not present."
$true # Source does not need disabling
}
}
}
SetScript = {
$null = choco source disable --name "chocolatey.licensed"
}
TestScript = {
$State = [ScriptBlock]::Create($GetScript).Invoke()
return $State.Result
}
}
### c. Ensure Chocolatey Licensed Extension ###
#### You will have downloaded the licensed extension to your internal repository
#### as you have disabled the licensed repository in step 5b.
#### Ensure the chocolatey.extension package (aka Chocolatey Licensed Extension)
cChocoPackageInstaller chocolateyLicensedExtension {
DependsOn = "[Script]disableLicensedSource"
Name = "chocolatey.extension"
}
#### The Chocolatey Licensed Extension unlocks all of the following, which also have configuration/feature items available with them. You may want to visit the feature pages to see what you might want to also enable:
#### - Package Builder - https://docs.chocolatey.org/en-us/features/paid/package-builder
#### - Package Internalizer - https://docs.chocolatey.org/en-us/features/paid/package-internalizer
#### - Package Synchronization (3 components) - https://docs.chocolatey.org/en-us/features/paid/package-synchronization
#### - Package Reducer - https://docs.chocolatey.org/en-us/features/paid/package-reducer
#### - Package Audit - https://docs.chocolatey.org/en-us/features/paid/package-audit
#### - Package Throttle - https://docs.chocolatey.org/en-us/features/paid/package-throttle
#### - CDN Cache Access - https://docs.chocolatey.org/en-us/features/paid/private-cdn
#### - Branding - https://docs.chocolatey.org/en-us/features/paid/branding
#### - Self-Service Anywhere (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/self-service-anywhere
#### - Chocolatey Central Management (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/chocolatey-central-management
#### - Other - https://docs.chocolatey.org/en-us/features/paid/
### d. Ensure Self-Service Anywhere ###
#### If you have desktop clients where users are not administrators, you may
#### to take advantage of deploying and configuring Self-Service anywhere
cChocoFeature hideElevatedWarnings {
DependsOn = "[cChocoPackageInstaller]chocolateyLicensedExtension"
FeatureName = "showNonElevatedWarnings"
Ensure = "Absent"
}
cChocoFeature useBackgroundService {
DependsOn = "[cChocoPackageInstaller]chocolateyLicensedExtension"
FeatureName = "useBackgroundService"
Ensure = "Present"
}
cChocoFeature useBackgroundServiceWithNonAdmins {
DependsOn = "[cChocoPackageInstaller]chocolateyLicensedExtension"
FeatureName = "useBackgroundServiceWithNonAdministratorsOnly"
Ensure = "Present"
}
cChocoFeature useBackgroundServiceUninstallsForUserInstalls {
DependsOn = "[cChocoPackageInstaller]chocolateyLicensedExtension"
FeatureName = "allowBackgroundServiceUninstallsFromUserInstallsOnly"
Ensure = "Present"
}
cChocoConfig allowedBackgroundServiceCommands {
DependsOn = "[cChocoFeature]useBackgroundService"
ConfigName = "backgroundServiceAllowedCommands"
Value = "install,upgrade,uninstall"
}
### e. Ensure Chocolatey Central Management ###
#### If you want to manage and report on endpoints, you can set up and configure
### Central Management. There are multiple portions to manage, so you'll see
### a section on agents here along with notes on how to configure the server
### side components.
if ($ChocolateyCentralManagementUrl) {
cChocoPackageInstaller chocolateyAgent {
DependsOn = "[cChocoPackageInstaller]chocolateyLicensedExtension"
Name = "chocolatey-agent"
}
cChocoConfig centralManagementServiceUrl {
DependsOn = "[cChocoPackageInstaller]chocolateyAgent"
ConfigName = "CentralManagementServiceUrl"
Value = $ChocolateyCentralManagementUrl
}
if ($ChocolateyCentralManagementClientSalt) {
cChocoConfig centralManagementClientSalt {
DependsOn = "[cChocoPackageInstaller]chocolateyAgent"
ConfigName = "centralManagementClientCommunicationSaltAdditivePassword"
Value = $ChocolateyCentralManagementClientSalt
}
}
if ($ChocolateyCentralManagementServiceSalt) {
cChocoConfig centralManagementServiceSalt {
DependsOn = "[cChocoPackageInstaller]chocolateyAgent"
ConfigName = "centralManagementServiceCommunicationSaltAdditivePassword"
Value = $ChocolateyCentralManagementServiceSalt
}
}
cChocoFeature useCentralManagement {
DependsOn = "[cChocoPackageInstaller]chocolateyAgent"
FeatureName = "useChocolateyCentralManagement"
Ensure = "Present"
}
cChocoFeature useCentralManagementDeployments {
DependsOn = "[cChocoPackageInstaller]chocolateyAgent"
FeatureName = "useChocolateyCentralManagementDeployments"
Ensure = "Present"
}
}
}
}
# If working this into an existing configuration with a good method for
$ConfigData = @{
AllNodes = @(
@{
NodeName = "localhost"
PSDscAllowPlainTextPassword = $true
}
)
}
try {
Push-Location $env:Temp
$Config = ChocolateyConfig -ConfigurationData $ConfigData
Start-DscConfiguration -Path $Config.PSParentPath -Wait -Verbose -Force
} finally {
Pop-Location
}
Requires Puppet Chocolatey Provider module. See docs at https://forge.puppet.com/puppetlabs/chocolatey.
If Applicable - Chocolatey Configuration/Installation
## 1. REQUIREMENTS ##
### Here are the requirements necessary to ensure this is successful.
### a. Internal/Private Cloud Repository Set Up ###
#### You'll need an internal/private cloud repository you can use. These are
#### generally really quick to set up and there are quite a few options.
#### Chocolatey Software recommends Nexus, Artifactory Pro, or ProGet as they
#### are repository servers and will give you the ability to manage multiple
#### repositories and types from one server installation.
### b. Download Chocolatey Package and Put on Internal Repository ###
#### You need to have downloaded the Chocolatey package as well.
#### Please see https://chocolatey.org/install#organization
### c. Other Requirements ###
#### i. Requires puppetlabs/chocolatey module
#### See https://forge.puppet.com/puppetlabs/chocolatey
## 2. TOP LEVEL VARIABLES ##
### a. Your internal repository url (the main one). ###
#### Should be similar to what you see when you browse
#### to https://community.chocolatey.org/api/v2/
$_repository_url = 'INTERNAL REPO URL'
### b. Chocolatey nupkg download url ###
#### This url should result in an immediate download when you navigate to it in
#### a web browser
$_choco_download_url = 'INTERNAL REPO URL/package/chocolatey.1.1.0.nupkg'
### c. Chocolatey Central Management (CCM) ###
#### If using CCM to manage Chocolatey, add the following:
#### i. Endpoint URL for CCM
# $_chocolatey_central_management_url = 'https://chocolatey-central-management:24020/ChocolateyManagementService'
#### ii. If using a Client Salt, add it here
# $_chocolatey_central_management_client_salt = "clientsalt"
#### iii. If using a Service Salt, add it here
# $_chocolatey_central_management_service_salt = 'servicesalt'
## 3. ENSURE CHOCOLATEY IS INSTALLED ##
### Ensure Chocolatey is installed from your internal repository
### Note: `chocolatey_download_url is completely different than normal
### source locations. This is directly to the bare download url for the
### chocolatey.nupkg, similar to what you see when you browse to
### https://community.chocolatey.org/api/v2/package/chocolatey
class {'chocolatey':
chocolatey_download_url => $_choco_download_url,
use_7zip => false,
}
## 4. CONFIGURE CHOCOLATEY BASELINE ##
### a. FIPS Feature ###
#### If you need FIPS compliance - make this the first thing you configure
#### before you do any additional configuration or package installations
#chocolateyfeature {'useFipsCompliantChecksums':
# ensure => enabled,
#}
### b. Apply Recommended Configuration ###
#### Move cache location so Chocolatey is very deterministic about
#### cleaning up temporary data and the location is secured to admins
chocolateyconfig {'cacheLocation':
value => 'C:\ProgramData\chocolatey\cache',
}
#### Increase timeout to at least 4 hours
chocolateyconfig {'commandExecutionTimeoutSeconds':
value => '14400',
}
#### Turn off download progress when running choco through integrations
chocolateyfeature {'showDownloadProgress':
ensure => disabled,
}
### c. Sources ###
#### Remove the default community package repository source
chocolateysource {'chocolatey':
ensure => absent,
location => 'https://community.chocolatey.org/api/v2/',
}
#### Add internal default sources
#### You could have multiple sources here, so we will provide an example
#### of one using the remote repo variable here
#### NOTE: This EXAMPLE requires changes
chocolateysource {'internal_chocolatey':
ensure => present,
location => $_repository_url,
priority => 1,
username => 'optional',
password => 'optional,not ensured',
bypass_proxy => true,
admin_only => false,
allow_self_service => false,
}
### b. Keep Chocolatey Up To Date ###
#### Keep chocolatey up to date based on your internal source
#### You control the upgrades based on when you push an updated version
#### to your internal repository.
#### Note the source here is to the OData feed, similar to what you see
#### when you browse to https://community.chocolatey.org/api/v2/
package {'chocolatey':
ensure => latest,
provider => chocolatey,
source => $_repository_url,
}
## 5. ENSURE CHOCOLATEY FOR BUSINESS ##
### If you don't have Chocolatey for Business (C4B), you'll want to remove from here down.
### a. Ensure The License File Is Installed ###
#### Create a license package using script from https://docs.chocolatey.org/en-us/guides/organizations/organizational-deployment-guide#exercise-4-create-a-package-for-the-license
# TODO: Add resource for installing/ensuring the chocolatey-license package
package {'chocolatey-license':
ensure => latest,
provider => chocolatey,
source => $_repository_url,
}
### b. Disable The Licensed Source ###
#### The licensed source cannot be removed, so it must be disabled.
#### This must occur after the license has been set by the license package.
## Disabled sources still need all other attributes until
## https://tickets.puppetlabs.com/browse/MODULES-4449 is resolved.
## Password is necessary with user, but not ensurable, so it should not
## matter what it is set to here. If you ever do get into trouble here,
## the password is your license GUID.
chocolateysource {'chocolatey.licensed':
ensure => disabled,
priority => '10',
user => 'customer',
password => '1234',
require => Package['chocolatey-license'],
}
### c. Ensure Chocolatey Licensed Extension ###
#### You will have downloaded the licensed extension to your internal repository
#### as you have disabled the licensed repository in step 5b.
#### Ensure the chocolatey.extension package (aka Chocolatey Licensed Extension)
package {'chocolatey.extension':
ensure => latest,
provider => chocolatey,
source => $_repository_url,
require => Package['chocolatey-license'],
}
#### The Chocolatey Licensed Extension unlocks all of the following, which also have configuration/feature items available with them. You may want to visit the feature pages to see what you might want to also enable:
#### - Package Builder - https://docs.chocolatey.org/en-us/features/paid/package-builder
#### - Package Internalizer - https://docs.chocolatey.org/en-us/features/paid/package-internalizer
#### - Package Synchronization (3 components) - https://docs.chocolatey.org/en-us/features/paid/package-synchronization
#### - Package Reducer - https://docs.chocolatey.org/en-us/features/paid/package-reducer
#### - Package Audit - https://docs.chocolatey.org/en-us/features/paid/package-audit
#### - Package Throttle - https://docs.chocolatey.org/en-us/features/paid/package-throttle
#### - CDN Cache Access - https://docs.chocolatey.org/en-us/features/paid/private-cdn
#### - Branding - https://docs.chocolatey.org/en-us/features/paid/branding
#### - Self-Service Anywhere (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/self-service-anywhere
#### - Chocolatey Central Management (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/chocolatey-central-management
#### - Other - https://docs.chocolatey.org/en-us/features/paid/
### d. Ensure Self-Service Anywhere ###
#### If you have desktop clients where users are not administrators, you may
#### to take advantage of deploying and configuring Self-Service anywhere
chocolateyfeature {'showNonElevatedWarnings':
ensure => disabled,
}
chocolateyfeature {'useBackgroundService':
ensure => enabled,
}
chocolateyfeature {'useBackgroundServiceWithNonAdministratorsOnly':
ensure => enabled,
}
chocolateyfeature {'allowBackgroundServiceUninstallsFromUserInstallsOnly':
ensure => enabled,
}
chocolateyconfig {'backgroundServiceAllowedCommands':
value => 'install,upgrade,uninstall',
}
### e. Ensure Chocolatey Central Management ###
#### If you want to manage and report on endpoints, you can set up and configure
### Central Management. There are multiple portions to manage, so you'll see
### a section on agents here along with notes on how to configure the server
### side components.
if $_chocolatey_central_management_url {
package {'chocolatey-agent':
ensure => latest,
provider => chocolatey,
source => $_repository_url,
require => Package['chocolatey-license'],
}
chocolateyconfig {'CentralManagementServiceUrl':
value => $_chocolatey_central_management_url,
}
if $_chocolatey_central_management_client_salt {
chocolateyconfig {'centralManagementClientCommunicationSaltAdditivePassword':
value => $_chocolatey_central_management_client_salt,
}
}
if $_chocolatey_central_management_service_salt {
chocolateyconfig {'centralManagementClientCommunicationSaltAdditivePassword':
value => $_chocolatey_central_management_client_salt,
}
}
chocolateyfeature {'useChocolateyCentralManagement':
ensure => enabled,
require => Package['chocolatey-agent'],
}
chocolateyfeature {'useChocolateyCentralManagementDeployments':
ensure => enabled,
require => Package['chocolatey-agent'],
}
}
Need Help? View our docs or file an issue.
There is already a version of this package in your Script Builder
Current Version | New Version |
---|---|
- Passing
- Failing
- Pending
- Unknown / Exempted

Downloads:
10,608
Downloads of v 0.0.72:
906
Last Update:
29 Mar 2015
Package Maintainer(s):
Software Author(s):
- Chris Dostert
Tags:
Powershell PoshDevOps TaskRunner CI ContinuousIntegration Build Deployment admin- Software Specific:
- Software Site
- Package Specific:
- Package outdated?
- Package broken?
- Contact Maintainers
- Contact Site Admins
- Software Vendor?
- Report Abuse
- Download

PoshDevOps
- 1
- 2
- 3
0.0.72 | Updated: 29 Mar 2015
- Software Specific:
- Software Site
- Package Specific:
- Package outdated?
- Package broken?
- Contact Maintainers
- Contact Site Admins
- Software Vendor?
- Report Abuse
- Download
Downloads:
10,608
Downloads of v 0.0.72:
906
Maintainer(s):
Software Author(s):
- Chris Dostert
Edit Package
To edit the metadata for a package, please upload an updated version of the package.
Chocolatey's Community Package Repository currently does not allow updating package metadata on the website. This helps ensure that the package itself (and the source used to build the package) remains the one true source of package metadata.
This does require that you increment the package version.
- 1
- 2
- 3
PoshDevOps
0.0.72
- 1
- 2
- 3
Some Checks Have Failed or Are Not Yet Complete
Not All Tests Have Passed
Validation Testing Unknown
Verification Testing Unknown
Scan Testing Successful:
No detections found in any package files
Deployment Method: Individual Install, Upgrade, & Uninstall
To install PoshDevOps, run the following command from the command line or from PowerShell:
To upgrade PoshDevOps, run the following command from the command line or from PowerShell:
To uninstall PoshDevOps, run the following command from the command line or from PowerShell:
Deployment Method:
📝 NOTE: This applies to both open source and commercial editions of Chocolatey.
1. Enter Your Internal Repository Url
(this should look similar to https://community.chocolatey.org/api/v2/)
2. Setup Your Environment
1. Ensure you are set for organizational deployment
Please see the organizational deployment guide
2. Get the package into your environment
Option 1: Cached Package (Unreliable, Requires Internet - Same As Community)-
Open Source or Commercial:
- Proxy Repository - Create a proxy nuget repository on Nexus, Artifactory Pro, or a proxy Chocolatey repository on ProGet. Point your upstream to https://community.chocolatey.org/api/v2/. Packages cache on first access automatically. Make sure your choco clients are using your proxy repository as a source and NOT the default community repository. See source command for more information.
- You can also just download the package and push it to a repository Download
-
Open Source
-
Download the package:
Download - Follow manual internalization instructions
-
-
Package Internalizer (C4B)
-
Run: (additional options)
choco download poshdevops --internalize --source=https://community.chocolatey.org/api/v2/
-
For package and dependencies run:
choco push --source="'INTERNAL REPO URL'"
- Automate package internalization
-
Run: (additional options)
3. Copy Your Script
choco upgrade poshdevops -y --source="'INTERNAL REPO URL'" [other options]
See options you can pass to upgrade.
See best practices for scripting.
Add this to a PowerShell script or use a Batch script with tools and in places where you are calling directly to Chocolatey. If you are integrating, keep in mind enhanced exit codes.
If you do use a PowerShell script, use the following to ensure bad exit codes are shown as failures:
choco upgrade poshdevops -y --source="'INTERNAL REPO URL'"
$exitCode = $LASTEXITCODE
Write-Verbose "Exit code was $exitCode"
$validExitCodes = @(0, 1605, 1614, 1641, 3010)
if ($validExitCodes -contains $exitCode) {
Exit 0
}
Exit $exitCode
- name: Install poshdevops
win_chocolatey:
name: poshdevops
version: '0.0.72'
source: INTERNAL REPO URL
state: present
See docs at https://docs.ansible.com/ansible/latest/modules/win_chocolatey_module.html.
chocolatey_package 'poshdevops' do
action :install
source 'INTERNAL REPO URL'
version '0.0.72'
end
See docs at https://docs.chef.io/resource_chocolatey_package.html.
cChocoPackageInstaller poshdevops
{
Name = "poshdevops"
Version = "0.0.72"
Source = "INTERNAL REPO URL"
}
Requires cChoco DSC Resource. See docs at https://github.com/chocolatey/cChoco.
package { 'poshdevops':
ensure => '0.0.72',
provider => 'chocolatey',
source => 'INTERNAL REPO URL',
}
Requires Puppet Chocolatey Provider module. See docs at https://forge.puppet.com/puppetlabs/chocolatey.
4. If applicable - Chocolatey configuration/installation
See infrastructure management matrix for Chocolatey configuration elements and examples.
This package was approved as a trusted package on 24 Apr 2015.
PowerShell driven distributed DevOps
Installation notes:
- installs to: C:\ProgramFiles\PoshDevOps
- appends C:\ProgramFiles\PoshDevOps\Modules to PSModulePath environment variable
try {
. "$PSScriptRoot\PoshDevOps\Install.ps1"
} catch {
Write-ChocolateyFailure 'PoshDevOps' $_.Exception.Message
throw
}
try {
. "$PSScriptRoot\PoshDevOps\Uninstall.ps1"
} catch {
Write-ChocolateyFailure 'PoshDevOps' $_.Exception.Message
throw
}
Import-Module "$PSScriptRoot\..\OrderedDictionaryExtensions"
Import-Module "$PSScriptRoot\..\Pson"
function Get-DevOp(
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$Name,
[string]
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$ProjectRootDirPath = '.'){
<#
.SYNOPSIS
an internal utility function that retrieves a DevOp from storage
#>
$DevOpFilePath = Resolve-Path "$ProjectRootDirPath\.PoshDevOps\$Name.psd1"
Write-Output (Get-Content $DevOpFilePath | Out-String | ConvertFrom-Pson)
}
function Add-DevOp(
[PsCustomObject]
$Value,
[switch]
$Force,
[string]
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$ProjectRootDirPath = '.'){
<#
.SYNOPSIS
an internal utility function that saves a DevOp to storage
#>
$DevOpFilePath = "$ProjectRootDirPath\.PoshDevOps\$($Value.Name).psd1"
# guard against unintentionally overwriting existing DevOp
if(!$Force.IsPresent -and (Test-Path $DevOpFilePath)){
throw `
@"
Task group "$($Value.Name)" already exists
for project "$(Resolve-Path $ProjectRootDirPath)".
Task group names must be unique.
If you want to overwrite the existing DevOp use the -Force parameter
"@
}
Write-Debug `
@"
Creating DevOp file at:
$DevOpFilePath
Creating...
"@
New-Item -Path $DevOpFilePath -ItemType File -Force
Set-Content $DevOpFilePath -Value (ConvertTo-Pson -InputObject $Value -Depth 12 -Layers 12 -Strict) -Force
}
function Rename-DevOp(
[string]
[ValidateNotNullOrEmpty()]
$OldName,
[string]
[ValidateNotNullOrEmpty()]
$NewName,
[switch]
$Force,
[string]
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$ProjectRootDirPath = '.'){
<#
.SYNOPSIS
an internal utility function that updates the name of a DevOp in storage
#>
$OldDevOpFilePath = "$ProjectRootDirPath\.PoshDevOps\$OldName.psd1"
$NewDevOpFilePath = "$ProjectRootDirPath\.PoshDevOps\$NewName.psd1"
# guard against unintentionally overwriting existing DevOp
if(!$Force.IsPresent -and (Test-Path $NewDevOpFilePath)){
throw `
@"
Task group "$NewName" already exists
for project "$(Resolve-Path $ProjectRootDirPath)".
Task group names must be unique.
If you want to overwrite the existing DevOp use the -Force parameter
"@
}
# fetch DevOp
$DevOp = Get-DevOp -Name $OldName -ProjectRootDirPath $ProjectRootDirPath
# update name
$DevOp.Name = $NewName
#save
mv $OldDevOpFilePath $NewDevOpFilePath -Force
sc $NewDevOpFilePath -Value (ConvertTo-Pson -InputObject $DevOp -Depth 12 -Layers 12 -Strict) -Force
}
function Remove-DevOp(
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$Name,
[string]
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$ProjectRootDirPath = '.'){
<#
.SYNOPSIS
an internal utility function that removes a DevOp from storage
#>
$DevOpFilePath = Resolve-Path "$ProjectRootDirPath\.PoshDevOps\$Name.psd1"
Remove-Item -Path $DevOpFilePath -Force
}
function Add-DevOpTask(
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$DevOpName,
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$Name,
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$PackageId,
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$PackageVersion,
[int]
[ValidateScript({$_ -gt -1})]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$Index,
[switch]
$Force,
[string]
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$ProjectRootDirPath = '.'){
<#
.SYNOPSIS
an internal utility function that adds a task to a DevOp in storage
#>
$DevOpFilePath = "$ProjectRootDirPath\.PoshDevOps\$DevOpName.psd1"
# fetch DevOp
$DevOp = Get-DevOp -Name $DevOpName -ProjectRootDirPath $ProjectRootDirPath
# guard against unintentionally overwriting existing tasks
if(!$Force.IsPresent -and ($DevOp.Tasks.$Name)){
throw `
@"
Task "$Name" already exists in DevOp "$DevOpName"
for project "$(Resolve-Path $ProjectRootDirPath)".
Task names must be unique.
If you want to overwrite the existing task use the -Force parameter
"@
}
# construct task object
$Task = @{Name=$Name;PackageId=$PackageId;PackageVersion=$PackageVersion;}
# add task to taskgroup
$DevOp.Tasks.Insert($Index,$Name,$Task)
# save
sc $DevOpFilePath -Value (ConvertTo-Pson -InputObject $DevOp -Depth 12 -Layers 12 -Strict) -Force
}
function Remove-DevOpTask(
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$DevOpName,
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$Name,
[string]
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$ProjectRootDirPath = '.'){
$DevOpFilePath = "$ProjectRootDirPath\.PoshDevOps\$DevOpName.psd1"
# fetch DevOp
$DevOp = Get-DevOp -Name $DevOpName -ProjectRootDirPath $ProjectRootDirPath
# remove task
$DevOp.Tasks.Remove($Name)
# save
sc $DevOpFilePath -Value (ConvertTo-Pson -InputObject $DevOp -Depth 12 -Layers 12 -Strict) -Force
}
function Rename-DevOpTask(
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$DevOpName,
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$OldName,
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$NewName,
[switch]
$Force,
[string]
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$ProjectRootDirPath = '.'){
$DevOpFilePath = "$ProjectRootDirPath\.PoshDevOps\$DevOpName.psd1"
# fetch DevOp
$DevOp = Get-DevOp -Name $DevOpName -ProjectRootDirPath $ProjectRootDirPath
# fetch task
$Task = $DevOp.Tasks.$OldName
# handle task not found
if(!$Task){
throw `
@"
Task "$TaskName" not found in DevOp "$DevOpName"
for project "$(Resolve-Path $ProjectRootDirPath)".
"@
}
# guard against unintentionally overwriting existing task
if(!$Force.IsPresent -and ($DevOp.Tasks.$NewName)){
throw `
@"
Task "$NewName" already exists in DevOp "$DevOpName"
for project "$(Resolve-Path $ProjectRootDirPath)".
Task names must be unique.
If you want to overwrite the existing task use the -Force parameter
"@
}
# get task index
$Index = Get-IndexOfKeyInOrderedDictionary -Key $OldName -OrderedDictionary $DevOp.Tasks
# update name
$Task.Name = $NewName
# remove old record
$DevOp.Tasks.Remove($OldName)
# insert new record
$DevOp.Tasks.Insert($Index,$Task.Name,$Task)
# save
sc $DevOpFilePath -Value (ConvertTo-Pson -InputObject $DevOp -Depth 12 -Layers 12 -Strict) -Force
}
function Set-DevOpTaskParameter(
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$DevOpName,
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$TaskName,
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true)]
$Name,
[object]
[Parameter(
Mandatory=$true)]
$Value,
[switch]
$Force,
[string]
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$ProjectRootDirPath = '.'){
$DevOpFilePath = "$ProjectRootDirPath\.PoshDevOps\$DevOpName.psd1"
# fetch DevOp
$DevOp = Get-DevOp -Name $DevOpName -ProjectRootDirPath $ProjectRootDirPath
# fetch task
$Task = $DevOp.Tasks.$TaskName
# handle task not found
if(!$Task){
throw `
@"
Task "$TaskName" not found in DevOp "$DevOpName"
for project "$(Resolve-Path $ProjectRootDirPath)".
"@
}
# handle the case where this is the first parameter set
If(!$Task.Parameters){
$Task.Parameters = @{$Name=$Value}
}
# guard against unintentionally overwriting existing parameter value
ElseIf(!$Force.IsPresent -and ($Task.Parameters.$Name)){
throw `
@"
A value of $($Task.Parameters.$Name) has already been set for parameter $Name in task "$TaskName" in DevOp "$DevOpName"
for project "$(Resolve-Path $ProjectRootDirPath)".
If you want to overwrite the existing parameter value use the -Force parameter
"@
}
Else{
$Task.Parameters.$Name = $Value
}
# save
sc $DevOpFilePath -Value (ConvertTo-Pson -InputObject $DevOp -Depth 12 -Layers 12 -Strict) -Force
}
function Update-DevOpTaskPackageVersion(
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$DevOpName,
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$TaskName,
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$PackageVersion,
[string]
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$ProjectRootDirPath = '.'){
$DevOpFilePath = "$ProjectRootDirPath\.PoshDevOps\$DevOpName.psd1"
# fetch DevOp
$DevOp = Get-DevOp -Name $DevOpName -ProjectRootDirPath $ProjectRootDirPath
# fetch task
$Task = $DevOp.Tasks.$TaskName
# handle task not found
if(!$Task){
throw `
@"
Task "$TaskName" not found in DevOp "$DevOpName"
for project "$(Resolve-Path $ProjectRootDirPath)".
"@
}
# update task version
$Task.PackageVersion = $PackageVersion
# save
sc $DevOpFilePath -Value (ConvertTo-Pson -InputObject $DevOp -Depth 12 -Layers 12 -Strict) -Force
}
Export-ModuleMember -Function @(
# DevOp API
'Get-DevOp',
'Add-DevOp',
'Rename-DevOp',
'Remove-DevOp',
# DevOp Task API
'Add-DevOpTask',
'Remove-DevOpTask',
'Rename-DevOpTask',
'Set-DevOpTaskParameter',
'Update-DevOpTaskPackageVersion')
function Get-UnionOfHashtables(
[Hashtable]
[ValidateNotNull()]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$Source1,
[Hashtable]
[ValidateNotNull()]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$Source2){
$destination = $Source1.Clone()
Write-Debug "After adding `$Source1, destination is $($destination|Out-String)"
$Source2.GetEnumerator() | ?{!$destination.ContainsKey($_.Key)} |%{$destination[$_.Key] = $_.Value}
Write-Debug "After adding `$Source2, destination is $($destination|Out-String)"
Write-Output $destination
}
Export-ModuleMember -Function Get-UnionOfHashtables
# installer based on guidelines provided by Microsoft
# for installing shared/3rd party powershell modules
# (see: https://msdn.microsoft.com/en-us/library/dd878350%28v=vs.85%29.aspx )
if($PSVersionTable.PSVersion.Major -lt 3) {
Write-Warning "PoshDevOps requires PowerShell 3.0 or better; you have version $($Host.Version)."
return
}
# prepare install dir
$installRootDirPath = "$env:ProgramFiles\PoshDevOps"
$installDirPath = "$installRootDirPath\Modules"
# handle upgrade scenario
if(Test-Path "$installRootDirPath"){
Write-Debug 'removing previous PoshDevOps installation'
. "$PSScriptRoot\Uninstall.ps1"
}
New-Item $installDirPath -ItemType Directory | Out-Null
Copy-Item -Path "$PSScriptRoot" -Destination $installDirPath -Recurse
$psModulePath = [Environment]::GetEnvironmentVariable('PSModulePath','Machine')
# if installation dir path is not already in path then add it.
if(!($psModulePath.Split(';').Contains($installDirPath))){
Write-Debug "adding $installDirPath to '$env:PSModulePath'"
# trim trailing semicolon if exists
$psModulePath = $psModulePath.TrimEnd(';');
# append path to PoshDevOps installation
$psModulePath = $psModulePath + ";$installDirPath"
# save
[Environment]::SetEnvironmentVariable('PSModulePath',$psModulePath,'Machine')
# make effective in current session
$env:PSModulePath = $env:PSModulePath + ";$installDirPath"
}
function Get-IndexOfKeyInOrderedDictionary(
[string]
[ValidateNotNullOrEmpty()]
$Key,
[System.Collections.Specialized.OrderedDictionary]
[ValidateNotNullOrEmpty()]
$OrderedDictionary){
<#
.SYNOPSIS
an internal utility function to find the index of a key in an ordered dictionary
#>
$indexOfKey = -1
$keysArray = [string[]]$OrderedDictionary.Keys
for ($i = 0; $i -lt $OrderedDictionary.Count; $i++){
if($keysArray[$i] -eq $Key){
$indexOfKey = $i
break
}
}
Write-Output $indexOfKey
}
Export-ModuleMember -Function Get-IndexOfKeyInOrderedDictionary
Import-Module "$PSScriptRoot\Versioning"
Import-Module "$PSScriptRoot\..\Pson"
$DefaultPackageSources = @('https://www.myget.org/F/poshdevops')
$NugetExecutable = "$PSScriptRoot\nuget.exe"
function Get-LatestDevOpTaskPackageVersion(
[string[]]
[Parameter(
Mandatory=$true)]
$Source = $DefaultPackageSources,
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true)]
$Id){
$versions = @()
foreach($packageSource in $Source){
$uri = "$packageSource/api/v2/package-versions/$Id"
Write-Debug "Attempting to fetch package versions:` uri: $uri "
$versions = $versions + (Invoke-RestMethod -Uri $uri)
Write-Debug "response from $uri was: ` $versions"
}
if(!$versions -or ($versions.Count -lt 1)){
throw "no versions of $Id could be located.` searched: $Source"
}
Write-Output ([Array](Get-SortedSemanticVersions -InputArray $versions -Descending))[0]
}
function New-DevOpTaskPackageSpec(
[string]
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$OutputDirPath = '.',
[switch]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$Force,
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
ValueFromPipelineByPropertyName=$true,
Mandatory=$true)]
$PackageName,
[string]
[ValidateScript({ if(!$_){$true}else{$_ | Test-SemanticVersion} })]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$PackageVersion,
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$PackageDescription,
[Hashtable[]]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$PackageContributor,
[System.Uri]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$PackageProjectUrl,
[string[]]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$PackageTag,
[Hashtable]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$PackageLicense,
[Hashtable]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$PackageDependency,
[Hashtable[]]
[ValidateNotNullOrEmpty()]
[Parameter(
ValueFromPipelineByPropertyName=$true,
Mandatory=$true)]
$PackageFile){
$PackageSpecFilePath = "$OutputDirPath\PackageSpec.psd1"
# guard against unintentionally overwriting existing package spec
if(!$Force.IsPresent -and (Test-Path $PackageSpecFilePath)){
throw `
@"
Package spec already exists at: $(Resolve-Path $PackageSpecFilePath)
to overwrite the existing package spec use the -Force parameter
"@
}
Write-Debug `
@"
Creating package spec file at:
$PackageSpecFilePath
"@
New-Item -Path $PackageSpecFilePath -ItemType File -Force:$Force
$PackageSpec = @{
Name = $PackageName;
Version = $PackageVersion;
Description = $PackageDescription;
Contributors = $PackageContributor;
ProjectUrl = $PackageProjectUrl;
Tags = $PackageTag;
License = $PackageLicense;
Dependencies = $PackageDependency;
Files = $PackageFile}
Set-Content $PackageSpecFilePath -Value (ConvertTo-Pson -InputObject $PackageSpec -Depth 12 -Layers 12 -Strict) -Force
}
function Get-DevOpTaskPackageInstallDirPath(
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$Name,
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$Version,
[string]
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$ProjectRootDirPath = '.'){
Resolve-Path "$ProjectRootDirPath\.PoshDevOps\packages\$Name.$Version\PackageSpec.psd1" | Write-Output
}
function Get-DevOpTaskPackageSpec(
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$Name,
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$Version,
[string]
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$ProjectRootDirPath = '.'){
<#
.SYNOPSIS
an internal utility function that retrieves a package spec from storage
#>
$PackageSpecFilePath = Get-DevOpTaskPackageInstallDirPath -Name $Name -Version $Version -ProjectRootDirPath $ProjectRootDirPath
Get-Content $PackageSpecFilePath | Out-String | ConvertFrom-Pson | Write-Output
}
function Install-DevOpTaskPackage(
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$Id,
[string]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$Version,
[string[]]
[ValidateCount( 1, [Int]::MaxValue)]
[ValidateNotNullOrEmpty()]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$Source,
[string]
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$ProjectRootDirPath='.'){
<#
.SYNOPSIS
Installs a task package to an environment if it's not already installed
#>
$taskGroupDirPath = Resolve-Path "$ProjectRootDirPath\.PoshDevOps"
$packagesDirPath = "$taskGroupDirPath\packages"
if([string]::IsNullOrWhiteSpace($Version)){
$Version = Get-LatestPackageVersion -Source $Source -Id $Id
Write-Debug "using greatest available package version : $Version"
}
$initialOFS = $OFS
try{
$OFS = ';'
$nugetParameters = @('install',$Id,'-Source',($Source|Out-String),'-OutputDirectory',$packagesDirPath,'-Version',$Version,'-NonInteractive')
Write-Debug `
@"
Invoking nuget:
& $nugetExecutable $($nugetParameters|Out-String)
"@
& $nugetExecutable $nugetParameters
# handle errors
if ($LastExitCode -ne 0) {
throw $Error
}
}
Finally{
$OFS = $initialOFS
}
#TODO: INSTALL DEPENDENCIES
}
function Uninstall-DevOpTaskPackage(
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$Id,
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$Version,
[string]
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$ProjectRootDirPath='.'){
<#
.SYNOPSIS
Uninstalls a task package from an environment if it's installed
#>
$taskGroupDirPath = Resolve-Path "$ProjectRootDirPath\.PoshDevOps"
$packagesDirPath = "$taskGroupDirPath\packages"
$packageInstallationDir = "$packagesDirPath\$($Id).$($Version)"
If(Test-Path $packageInstallationDir){
Write-Debug `
@"
Removing package at:
$packageInstallationDir
"@
Remove-Item $packageInstallationDir -Recurse -Force
}
Else{
Write-Debug `
@"
No package to remove at:
$packageInstallationDir
"@
}
#TODO: UNINSTALL DEPENDENCIES
}
Export-ModuleMember -Variable 'DefaultPackageSources'
Export-ModuleMember -Function @(
'Install-DevOpTaskPackage',
'Uninstall-DevOpTaskPackage'
'Get-LatestDevOpTaskPackageVersion'
'New-DevOpTaskPackageSpec')
$SemanticVersionRegex = "(?<Major>\d+)\.(?<Minor>\d+)\.(?<Patch>\d+)(?:-(?<PreRelease>[0-9A-Za-z-.]*))?(?:\+(?<Build>[0-9A-Za-z-.]*))?"
function Test-SemanticVersion(
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true,
ValueFromPipeline=$true)]
$SemanticVersionString){
$SemanticVersionString -match $SemanticVersionRegex
}
function ConvertTo-SemanticVersionObject(
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true)]
$SemanticVersionString){
<#
.SYNOPSIS
creates an object representing a v1.0 & v2.0 semantic version (see: http://semver.org/)
#>
$SemanticVersionString -match $SemanticVersionRegex |Out-Null
$Matches.Remove(0)
$Matches.Major = [int]$Matches.Major
$Matches.Minor = [int]$Matches.Minor
$Matches.Patch = [int]$Matches.Patch
If($Matches.PreRelease){
$preReleaseIdentifiers = $Matches.PreRelease.Split('.')|%{if($_ -as [long]){[long]$_}else{[string]$_}}
$Matches.PreRelease = @{Identifiers=[object[]]$preReleaseIdentifiers}
}
$Matches.Clone() | Write-Output
}
function Compare-SemanticVersions(
<#
.SYNOPSIS
compares v1.0 & v2.0 semantic versions (see: http://semver.org/)
#>
[string]
$XSemVerString,
[string]
$YSemVerString){
$XSemVer = ConvertTo-SemanticVersionObject -SemanticVersionString $XSemVerString
$YSemVer = ConvertTo-SemanticVersionObject -SemanticVersionString $YSemVerString
If($XSemVer.Major -ne $YSemVer.Major){
return $XSemVer.Major - $YSemVer.Major
}
ElseIf($XSemVer.Minor -ne $YSemVer.Minor){
return $XSemVer.Minor - $YSemVer.Minor
}
ElseIf($XSemVer.Patch -ne $YSemVer.Patch){
return $XSemVer.Patch - $YSemVer.Patch
}
# per spec: "When major, minor, and patch are equal, a pre-release version has lower precedence than a normal version"
If(!$XSemVer.PreRelease -and $YSemVer.PreRelease){
return 1
}
ElseIf(!$XSemVer.PreRelease -and !$YSemVer.PreRelease){
return 0
}
ElseIf($XSemVer.PreRelease -and !$YSemVer.PreRelease){
return -1
}
For($i = 0;$i -lt [Math]::Min($XSemVer.PreRelease.Identifiers.Count,$YSemVer.PreRelease.Identifiers.Count);$i++){
$XIdentifier = $XSemVer.PreRelease.Identifiers[$i]
$YIdentifier = $YSemVer.PreRelease.Identifiers[$i]
#if x and y numeric
If(($XIdentifier -is [long]) -and ($YIdentifier -is [long])){
#per spec: "identifiers consisting of only digits are compared numerically"
$xIdentifierMinusYIdentifier = $XIdentifier - $YIdentifier
If($xIdentifierMinusYIdentifier -ne 0){
return $xIdentifierMinusYIdentifier
}
}
#if x or[exclusive] y is numeric
ElseIf(($XIdentifier -is [long]) -xor ($YIdentifier -is [long])){
#per spec: "Numeric identifiers always have lower precedence than non-numeric identifiers"
If($XIdentifier -isnot [long]){
return 1
}
Else{
return -1
}
}
#if x and y both textual
Else{
#per spec: "identifiers with letters or hyphens are compared lexically in ASCII sort order"
If($XIdentifier -gt $YIdentifier){
return 1
}
ElseIf($XIdentifier -lt $YIdentifier){
return -1
}
}
}
#per spec: "A larger set of pre-release fields has a higher precedence than a smaller set, if all of the preceding identifiers are equal"
return $XSemVer.PreRelease.Identifiers.Count - $YSemVer.PreRelease.Identifiers.Count
}
function Get-SortedSemanticVersions(
[string[]]
$InputArray,
[switch]
$Descending){
<#
.SYNOPSIS
sorts v1.0 & v2.0 semantic versions (see: http://semver.org/)
#>
$counter = 0
$compareResultFactor = 1
if($Descending.IsPresent){
$compareResultFactor = -1
}
# $unsorted is the first index of the unsorted region
for ($unsorted = 1; $unsorted -lt $InputArray.Count; $unsorted++)
{
# Next item in the unsorted region
$nextItem = $InputArray[$unsorted]
# Index of insertion in the sorted region
$location = $unsorted
while (($location -gt 0) -and `
(($compareResultFactor *(Compare-SemanticVersions -X $InputArray[$location - 1] -Y $nextItem)) -gt 0))
{
$counter++
# Shift to the right
$InputArray[$location] = $InputArray[$location - 1]
$location--
}
# Insert $nextItem into the sorted region
$InputArray[$location] = $nextItem
}
Write-Output $InputArray
}
Export-ModuleMember -Function @(
'Get-SortedSemanticVersions',
'Test-SemanticVersion')
Import-Module "$PSScriptRoot\PackageManagement"
Import-Module "$PSScriptRoot\DevOpStorage"
Import-Module "$PSScriptRoot\HashtableExtensions"
Import-Module "$PSScriptRoot\OrderedDictionaryExtensions"
function Invoke-DevOp(
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true)]
$Name,
[Hashtable]
[Parameter(
ValueFromPipeline=$true,
ValueFromPipelineByPropertyName=$true)]
$Parameters,
[string[]]
[ValidateCount( 1, [Int]::MaxValue)]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$PackageSource = $DefaultPackageSources,
[String]
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$ProjectRootDirPath='.'){
$DevOp = DevOpStorage\Get-DevOp -Name $Name -ProjectRootDirPath $ProjectRootDirPath
if($DevOp){
foreach($task in $DevOp.Tasks.Values){
if($Parameters.($task.Name)){
if($task.Parameters){
Write-Debug "Adding union of passed parameters and archived parameters to pipeline. Passed parameters will override archived parameters"
$taskParameters = HashtableExtensions\Get-UnionOfHashtables -Source1 $Parameters.($task.Name) -Source2 $task.Parameters
}
else{
Write-Debug "Adding passed parameters to pipeline"
$taskParameters = $Parameters.($task.Name)
}
}
elseif($task.Parameters){
Write-Debug "Adding archived parameters to pipeline"
$taskParameters = $task.Parameters
}
else{
$taskParameters = @{}
}
Write-Debug "Adding automatic parameters to pipeline"
$taskParameters.PoshDevOpsProjectRootDirPath = (Resolve-Path $ProjectRootDirPath)
$taskParameters.PoshDevOpsTaskName = $task.Name
Write-Debug "Ensuring task module package installed"
PackageManagement\Install-DevOpTaskPackage -Id $task.PackageId -Version $task.PackageVersion -Source $PackageSource
$moduleDirPath = "$ProjectRootDirPath\.PoshDevOps\packages\$($task.PackageId).$($task.PackageVersion)\$($task.PackageId)"
Write-Debug "Importing module located at: $moduleDirPath"
Import-Module $moduleDirPath -Force
Write-Debug `
@"
Invoking task $($task.Name) with parameters:
$($taskParameters|Out-String)
"@
# Parameters must be PSCustomObject so [Parameter(ValueFromPipelineByPropertyName = $true)] works
[PSCustomObject]$taskParameters.Clone() | & "$($task.PackageId)\Invoke"
Remove-Module $task.PackageId
}
}
else{
throw "$Name.psd1 not found for project at $ProjectRootDirPath"
}
}
function New-DevOp(
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true)]
$Name,
[switch]
$Force,
[string]
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$ProjectRootDirPath = '.'){
$DevOp = @{Name=$Name;Tasks=[ordered]@{}}
DevOpStorage\Add-DevOp `
-Value $DevOp `
-Force:$Force `
-ProjectRootDirPath $ProjectRootDirPath
}
function Remove-DevOp(
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true)]
$Name,
[switch]$Force,
[string]
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$ProjectRootDirPath = '.'){
$confirmationPromptQuery = "Are you sure you want to delete the DevOp `"$Name`"`?"
$confirmationPromptCaption = 'Confirm task removal'
if($Force.IsPresent -or $PSCmdlet.ShouldContinue($confirmationPromptQuery,$confirmationPromptCaption)){
DevOpStorage\Remove-DevOp `
-Name $Name `
-ProjectRootDirPath $ProjectRootDirPath
}
}
function Rename-DevOp(
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true)]
$OldName,
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true)]
$NewName,
[switch]
$Force,
[string]
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(
ValueFromPipeline=$true,
ValueFromPipelineByPropertyName=$true)]
$ProjectRootDirPath = '.'){
DevOpStorage\Rename-DevOp `
-OldName $OldName `
-NewName $NewName `
-Force:$Force `
-ProjectRootDirPath $ProjectRootDirPath
}
function Get-DevOp(
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true)]
$Name,
[string]
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$ProjectRootDirPath = '.'){
DevOpStorage\Get-DevOp -Name $Name -ProjectRootDirPath $ProjectRootDirPath | Write-Output
}
function Add-DevOpTask(
[CmdletBinding(
DefaultParameterSetName="Add-DevOpTaskLast")]
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true)]
$DevOpName,
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true)]
$Name,
[string]
[Parameter(
Mandatory=$true)]
$PackageId,
[string]
$PackageVersion,
[switch]
[Parameter(
Mandatory=$true,
ParameterSetName='Add-DevOpTaskFirst')]
$First,
[switch]
[Parameter(
ParameterSetName='Add-DevOpTaskLast')]
$Last,
[string]
[Parameter(
Mandatory=$true,
ParameterSetName='Add-DevOpTaskAfter')]
$After,
[string]
[Parameter(
Mandatory=$true,
ParameterSetName='Add-DevOpTaskBefore')]
$Before,
[switch]
$Force,
[string[]]
[ValidateNotNullOrEmpty()]
$PackageSource= $DefaultPackageSources,
[string]
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(
ValueFromPipeline=$true,
ValueFromPipelineByPropertyName=$true)]
$ProjectRootDirPath = '.'){
<#
.SYNOPSIS
Adds a new task to a DevOp
.EXAMPLE
Add-DevOpTask -DevOp "Deploy To Azure" -Name "LastTask" -PackageId "DeployNupkgToAzureWebsites" -PackageVersion "0.0.3"
Description:
This command adds task "LastTask" after all existing tasks in DevOp "Deploy To Azure"
.EXAMPLE
Add-DevOpTask -DevOp "Deploy To Azure" -Name "FirstTask" -PackageId "DeployNupkgToAzureWebsites" -First
Description:
This command adds task "FirstTask" before all existing tasks in DevOp "Deploy To Azure"
.EXAMPLE
Add-DevOpTask -DevOp "Deploy To Azure" -Name "AfterSecondTask" -PackageId "DeployNupkgToAzureWebsites" -After "SecondTask"
Description:
This command adds task "AfterSecondTask" after the existing task "SecondTask" in DevOp "Deploy To Azure"
.EXAMPLE
Add-DevOpTask -DevOp "Deploy To Azure" -Name "BeforeSecondTask" -PackageId "DeployNupkgToAzureWebsites" -Before "SecondTask"
Description:
This command adds task "BeforeSecondTask" before the existing task "SecondTask" in DevOp "Deploy To Azure"
#>
if([string]::IsNullOrWhiteSpace($PackageVersion)){
$PackageVersion = PackageManagement\Get-LatestDevOpTaskPackageVersion -Source $PackageSource -Id $PackageId
Write-Debug "using greatest available package version : $PackageVersion"
}
if($First.IsPresent){
$TaskIndex = 0
}
elseif('Add-DevOpTaskAfter' -eq $PSCmdlet.ParameterSetName){
$DevOp = DevOpStorage\Get-DevOp -Name $DevOpName -ProjectRootDirPath $ProjectRootDirPath
$indexOfAfter = OrderedDictionaryExtensions\Get-IndexOfKeyInOrderedDictionary -Key $After -OrderedDictionary $DevOp.Tasks
# ensure task with key $After exists
if($indexOfAfter -lt 0){
throw "A task with name $After could not be found."
}
$TaskIndex = $indexOfAfter + 1
}
elseif('Add-DevOpTaskBefore' -eq $PSCmdlet.ParameterSetName){
$DevOp = DevOpStorage\Get-DevOp -Name $DevOpName -ProjectRootDirPath $ProjectRootDirPath
$indexOfBefore = OrderedDictionaryExtensions\Get-IndexOfKeyInOrderedDictionary -Key $Before -OrderedDictionary $DevOp.Tasks
# ensure task with key $Before exists
if($indexOfBefore -lt 0){
throw "A task with name $Before could not be found."
}
$TaskIndex = $indexOfBefore
}
else{
$DevOp = DevOpStorage\Get-DevOp -Name $DevOpName -ProjectRootDirPath $ProjectRootDirPath
$TaskIndex = $DevOp.Tasks.Count
}
DevOpStorage\Add-DevOpTask `
-DevOpName $DevOpName `
-Name $Name `
-PackageId $PackageId `
-PackageVersion $PackageVersion `
-Index $TaskIndex `
-Force:$Force `
-ProjectRootDirPath $ProjectRootDirPath
}
function Remove-DevOpTask(
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true)]
$DevOpName,
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true)]
$Name,
[switch]$Force,
[string]
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$ProjectRootDirPath = '.'){
$confirmationPromptQuery = "Are you sure you want to remove the task with name $Name`?"
$confirmationPromptCaption = 'Confirm task removal'
if($Force.IsPresent -or $PSCmdlet.ShouldContinue($confirmationPromptQuery,$confirmationPromptCaption)){
DevOpStorage\Remove-DevOpTask `
-DevOpName $DevOpName `
-Name $Name `
-ProjectRootDirPath $ProjectRootDirPath
}
}
function Rename-DevOpTask(
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true)]
$DevOpName,
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true)]
$OldName,
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true)]
$NewName,
[switch]$Force,
[string]
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$ProjectRootDirPath = '.'){
DevOpStorage\Rename-DevOpTask `
-DevOpName $DevOpName `
-OldName $OldName `
-NewName $NewName `
-Force:$Force `
-ProjectRootDirPath $ProjectRootDirPath
}
function Set-DevOpTaskParameter(
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true)]
$DevOpName,
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true)]
$TaskName,
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true)]
$Name,
[object]
[Parameter(
Mandatory=$true)]
$Value,
[switch]
$Force,
[string]
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$ProjectRootDirPath = '.'){
<#
.SYNOPSIS
Sets configurable parameters of a task
.EXAMPLE
Set-DevOpTaskParameter -DevOpName Build -TaskName GitClone -Name GitParameters -Value Status -Force
Description:
This command sets the parameter "GitParameters" to "Status" for a task "GitClone" in DevOp "Build"
#>
DevOpStorage\Set-DevOpTaskParameter `
-DevOpName $DevOpName `
-TaskName $TaskName `
-Name $Name `
-Value $Value `
-Force:$Force
}
function Update-DevOpTaskPackage(
[CmdletBinding(
DefaultParameterSetName="Update-All")]
[string]
[ValidateNotNullOrEmpty()]
[Parameter(
Mandatory=$true)]
$DevOpName,
[string[]]
[ValidateCount( 1, [Int]::MaxValue)]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
ParameterSetName="Update-Single")]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
ParameterSetName="Update-Multiple")]
$Id,
[string]
[Parameter(
Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
ParameterSetName="Update-Single")]
$Version,
[switch]
[Parameter(
ParameterSetName="Update-All")]
$All,
[string[]]
[ValidateCount( 1, [Int]::MaxValue)]
[ValidateNotNullOrEmpty()]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$Source = $DefaultPackageSources,
[String]
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(
ValueFromPipelineByPropertyName=$true)]
$ProjectRootDirPath='.'){
$DevOp = DevOpStorage\Get-DevOp -Name $DevOpName -ProjectRootDirPath $ProjectRootDirPath
# build up list of package updates
$packageUpdates = @{}
If('Update-Multiple' -eq $PSCmdlet.ParameterSetName){
foreach($packageId in $Id){
$packageUpdates.Add($packageId,(PackageManagement\Get-LatestDevOpTaskPackageVersion -Source $Source -Id $packageId))
}
}
ElseIf('Update-Single' -eq $PSCmdlet.ParameterSetName){
if($Id.Length -ne 1){
throw "Updating to an explicit package version is only allowed when updating a single package"
}
$packageUpdates.Add($Id,$Version)
}
Else{
foreach($task in $DevOp.Tasks.Values){
$packageUpdates.Add($task.PackageId,(PackageManagement\Get-LatestDevOpTaskPackageVersion -Source $Source -Id $task.PackageId))
}
}
foreach($task in $DevOp.Tasks.Values){
$updatedPackageVersion = $packageUpdates.($task.PackageId)
if($null -ne $updatedPackageVersion){
PackageManagement\Uninstall-DevOpTaskPackage -Id $task.PackageId -Version $task.PackageVersion -ProjectRootDirPath $ProjectRootDirPath
Write-Debug `
@"
Updating task "$($task.Name)" package "$($task.PackageId)"
from version "$($task.PackageVersion)"
to version "$($updatedPackageVersion)"
"@
DevOpStorage\Update-DevOpTaskPackageVersion `
-DevOpName $DevOpName `
-TaskName $task.Name `
-PackageVersion $updatedPackageVersion `
-ProjectRootDirPath $ProjectRootDirPath
}
}
}
Export-ModuleMember -Function @(
# DevOp API
'Invoke-DevOp',
'New-DevOp',
'Remove-DevOp',
'Rename-DevOp',
'Get-DevOp',
# DevOp Task API
'Add-DevOpTask',
'Remove-DevOpTask',
'Rename-DevOpTask',
'Set-DevOpTaskParameter',
# DevOp Task Package API
'Update-DevOpTaskPackage',
'New-DevOpTaskPackageSpec')
if ($PSVersionTable.PSVersion.Major -eq 2)
{
$IgnoreError = 'SilentlyContinue'
}
else
{
$IgnoreError = 'Ignore'
}
$script:ValidTypes = @(
[string]
[System.Security.SecureString]
[System.Management.Automation.PSCredential]
[byte[]]
)
$script:PSCredentialHeader = [byte[]](5,12,19,75,80,20,19,11,11,6,11,13)
$script:EccAlgorithmOid = '1.2.840.10045.2.1'
#region Exported functions
function Protect-Data
{
<#
.Synopsis
Encrypts an object using one or more digital certificates and/or passwords.
.DESCRIPTION
Encrypts an object using a randomly-generated AES key. AES key information is encrypted using one or more certificate public keys and/or password-derived keys, allowing the data to be securely shared among multiple users and computers.
If certificates are used, they must be installed in either the local computer or local user's certificate stores, and the certificates' Key Usage extension must allow Key Encipherment (for RSA) or Key Agreement (for ECDH). The private keys are not required for Protect-Data.
.PARAMETER InputObject
The object that is to be encrypted. The object must be of one of the types returned by the Get-ProtectedDataSupportedTypes command.
.PARAMETER Certificate
Zero or more RSA or ECDH certificates that should be used to encrypt the data. The data can later be decrypted by using the same certificate (with its private key.) You can pass an X509Certificate2 object to this parameter, or you can pass in a string which contains either a path to a certificate file on the file system, a path to the certificate in the Certificate provider, or a certificate thumbprint (in which case the certificate provider will be searched to find the certificate.)
.PARAMETER UseLegacyPadding
Optional switch specifying that when performing certificate-based encryption, PKCS#1 v1.5 padding should be used instead of the newer, more secure OAEP padding scheme. Some certificates may not work properly with OAEP padding
.PARAMETER Password
Zero or more SecureString objects containing password that will be used to derive encryption keys. The data can later be decrypted by passing in a SecureString with the same value.
.PARAMETER SkipCertificateValidation
If specified, the command does not attempt to validate that the specified certificate(s) came from trusted publishers and have not been revoked or expired.
This is primarily intended to allow the use of self-signed certificates.
.PARAMETER PasswordIterationCount
Optional positive integer value specifying the number of iteration that should be used when deriving encryption keys from the specified password(s). Defaults to 1000.
Higher values make it more costly to crack the passwords by brute force.
.EXAMPLE
$encryptedObject = Protect-Data -InputObject $myString -CertificateThumbprint CB04E7C885BEAE441B39BC843C85855D97785D25 -Password (Read-Host -AsSecureString -Prompt 'Enter password to encrypt')
Encrypts a string using a single RSA or ECDH certificate, and a password. Either the certificate or the password can be used when decrypting the data.
.EXAMPLE
$credential | Protect-Data -CertificateThumbprint 'CB04E7C885BEAE441B39BC843C85855D97785D25', 'B5A04AB031C24BCEE220D6F9F99B6F5D376753FB'
Encrypts a PSCredential object using two RSA or ECDH certificates. Either private key can be used to later decrypt the data.
.INPUTS
Object
Object must be one of the types returned by the Get-ProtectedDataSupportedTypes command.
.OUTPUTS
PSObject
The output object contains the following properties:
CipherText : An array of bytes containing the encrypted data
Type : A string representation of the InputObject's original type (used when decrypting back to the original object later.)
KeyData : One or more structures which contain encrypted copies of the AES key used to protect the ciphertext, and other identifying information about the way this copy of the keys was protected, such as Certificate Thumbprint, Password Hash, Salt values, and Iteration count.
.LINK
Unprotect-Data
.LINK
Add-ProtectedDataCredential
.LINK
Remove-ProtectedDataCredential
.LINK
Get-ProtectedDataSupportedTypes
#>
[CmdletBinding()]
[OutputType([psobject])]
param (
[Parameter(Mandatory = $true, ValueFromPipeline = $true)]
[ValidateScript({
if ($script:ValidTypes -notcontains $_.GetType() -and $null -eq ($_ -as [byte[]]))
{
throw "InputObject must be one of the following types: $($script:ValidTypes -join ', ')"
}
if ($_ -is [System.Security.SecureString] -and $_.Length -eq 0)
{
throw 'SecureString argument contained no data.'
}
return $true
})]
$InputObject,
[ValidateNotNullOrEmpty()]
[AllowEmptyCollection()]
[object[]]
$Certificate = @(),
[switch]
$UseLegacyPadding,
[ValidateNotNull()]
[AllowEmptyCollection()]
[ValidateScript({
if ($_.Length -eq 0)
{
throw 'You may not pass empty SecureStrings to the Password parameter'
}
return $true
})]
[System.Security.SecureString[]]
$Password = @(),
[ValidateRange(1,2147483647)]
[int]
$PasswordIterationCount = 1000,
[switch]
$SkipCertificateVerification
)
begin
{
$certs = @(
foreach ($cert in $Certificate)
{
try
{
$x509Cert = ConvertTo-X509Certificate2 -InputObject $cert -ErrorAction Stop
$params = @{
CertificateGroup = $x509Cert
SkipCertificateVerification = $SkipCertificateVerification
}
ValidateKeyEncryptionCertificate @params -ErrorAction Stop
}
catch
{
Write-Error -ErrorRecord $_
}
}
)
if ($certs.Count -eq 0 -and $Password.Count -eq 0)
{
throw ('None of the specified certificates could be used for encryption, and no passwords were specified.' +
' Data protection cannot be performed.')
}
}
process
{
$plainText = $null
$payload = $null
try
{
$plainText = ConvertTo-PinnedByteArray -InputObject $InputObject
$payload = Protect-DataWithAes -PlainText $plainText
$protectedData = New-Object psobject -Property @{
CipherText = $payload.CipherText
HMAC = $payload.HMAC
Type = $InputObject.GetType().FullName
KeyData = @()
}
$params = @{
InputObject = $protectedData
Key = $payload.Key
IV = $payload.IV
Certificate = $certs
Password = $Password
PasswordIterationCount = $PasswordIterationCount
UseLegacyPadding = $UseLegacyPadding
}
Add-KeyData @params
if ($protectedData.KeyData.Count -eq 0)
{
Write-Error 'Failed to protect data with any of the supplied certificates or passwords.'
return
}
else
{
$protectedData
}
}
finally
{
if ($plainText -is [IDisposable]) { $plainText.Dispose() }
if ($null -ne $payload)
{
if ($payload.Key -is [IDisposable]) { $payload.Key.Dispose() }
if ($payload.IV -is [IDisposable]) { $payload.IV.Dispose() }
}
}
} # process
} # function Protect-Data
function Unprotect-Data
{
<#
.Synopsis
Decrypts an object that was produced by the Protect-Data command.
.DESCRIPTION
Decrypts an object that was produced by the Protect-Data command. If a Certificate is used to perform the decryption, it must be installed in either the local computer or current user's certificate stores (with its private key), and the current user must have permission to use that key.
.PARAMETER InputObject
The ProtectedData object that is to be decrypted.
.PARAMETER Certificate
An RSA or ECDH certificate that will be used to decrypt the data. You must have the certificate's private key, and it must be one of the certificates that was used to encrypt the data. You can pass an X509Certificate2 object to this parameter, or you can pass in a string which contains either a path to a certificate file on the file system, a path to the certificate in the Certificate provider, or a certificate thumbprint (in which case the certificate provider will be searched to find the certificate.)
.PARAMETER Password
A SecureString containing a password that will be used to derive an encryption key. One of the InputObject's KeyData objects must be protected with this password.
.PARAMETER SkipCertificateValidation
If specified, the command does not attempt to validate that the specified certificate(s) came from trusted publishers and have not been revoked or expired.
This is primarily intended to allow the use of self-signed certificates.
.EXAMPLE
$decryptedObject = $encryptedObject | Unprotect-Data -Password (Read-Host -AsSecureString -Prompt 'Enter password to decrypt the data')
Decrypts the contents of $encryptedObject and outputs an object of the same type as what was originally passed to Protect-Data. Uses a password to decrypt the object instead of a certificate.
.INPUTS
PSObject
The input object should be a copy of an object that was produced by Protect-Data.
.OUTPUTS
Object
Object may be any type returned by Get-ProtectedDataSupportedTypes. Specifically, it will be an object of the type specified in the InputObject's Type property.
.LINK
Protect-Data
.LINK
Add-ProtectedDataCredential
.LINK
Remove-ProtectedDataCredential
.LINK
Get-ProtectedDataSupportedTypes
#>
[CmdletBinding(DefaultParameterSetName = 'Certificate')]
param (
[Parameter(Mandatory = $true, ValueFromPipeline = $true)]
[ValidateScript({
if (-not (Test-IsProtectedData -InputObject $_))
{
throw 'InputObject argument must be a ProtectedData object.'
}
if ($null -eq $_.CipherText -or $_.CipherText.Count -eq 0)
{
throw 'Protected data object contained no cipher text.'
}
$type = $_.Type -as [type]
if ($null -eq $type -or $script:ValidTypes -notcontains $type)
{
throw 'Protected data object specified an invalid type. Type must be one of: ' +
($script:ValidTypes -join ', ')
}
return $true
})]
$InputObject,
[Parameter(Mandatory = $true, ParameterSetName = 'Certificate')]
[object]
$Certificate,
[Parameter(Mandatory = $true, ParameterSetName = 'Password')]
[System.Security.SecureString]
$Password,
[switch]
$SkipCertificateVerification
)
begin
{
$cert = $null
if ($Certificate)
{
try
{
$cert = ConvertTo-X509Certificate2 -InputObject $Certificate -ErrorAction Stop
$params = @{
CertificateGroup = $cert
RequirePrivateKey = $true
SkipCertificateVerification = $SkipCertificateVerification
}
$cert = ValidateKeyEncryptionCertificate @params -ErrorAction Stop
}
catch
{
throw
}
}
}
process
{
$plainText = $null
$aes = $null
$key = $null
$iv = $null
if ($null -ne $cert)
{
$params = @{ Certificate = $cert }
}
else
{
$params = @{ Password = $Password }
}
try
{
$result = Unprotect-MatchingKeyData -InputObject $InputObject @params
$key = $result.Key
$iv = $result.IV
if ($null -eq $InputObject.HMAC)
{
throw 'Input Object contained no HMAC code.'
}
$hmac = $InputObject.HMAC
$plainText = (Unprotect-DataWithAes -CipherText $InputObject.CipherText -Key $key -IV $iv -HMAC $hmac).PlainText
ConvertFrom-ByteArray -ByteArray $plainText -Type $InputObject.Type -ByteCount $plainText.Count
}
catch
{
Write-Error -ErrorRecord $_
return
}
finally
{
if ($plainText -is [IDisposable]) { $plainText.Dispose() }
if ($key -is [IDisposable]) { $key.Dispose() }
if ($iv -is [IDisposable]) { $iv.Dispose() }
}
} # process
} # function Unprotect-Data
function Add-ProtectedDataHmac
{
<#
.Synopsis
Adds an HMAC authentication code to a ProtectedData object which was created with a previous version of the module.
.DESCRIPTION
Adds an HMAC authentication code to a ProtectedData object which was created with a previous version of the module. The parameters and requirements are the same as for the Unprotect-Data command, as the data must be partially decrypted in order to produce the HMAC code.
.PARAMETER InputObject
The ProtectedData object that is to have an HMAC generated.
.PARAMETER Certificate
An RSA or ECDH certificate that will be used to decrypt the data. You must have the certificate's private key, and it must be one of the certificates that was used to encrypt the data. You can pass an X509Certificate2 object to this parameter, or you can pass in a string which contains either a path to a certificate file on the file system, a path to the certificate in the Certificate provider, or a certificate thumbprint (in which case the certificate provider will be searched to find the certificate.)
.PARAMETER Password
A SecureString containing a password that will be used to derive an encryption key. One of the InputObject's KeyData objects must be protected with this password.
.PARAMETER SkipCertificateValidation
If specified, the command does not attempt to validate that the specified certificate(s) came from trusted publishers and have not been revoked or expired.
This is primarily intended to allow the use of self-signed certificates.
.PARAMETER PassThru
If specified, the command outputs the ProtectedData object after adding the HMAC.
.EXAMPLE
$encryptedObject | Add-ProtectedDataHmac -Password (Read-Host -AsSecureString -Prompt 'Enter password to decrypt the key data')
Adds an HMAC code to the $encryptedObject object.
.INPUTS
PSObject
The input object should be a copy of an object that was produced by Protect-Data.
.OUTPUTS
None, or ProtectedData object if the -PassThru switch is used.
.LINK
Protect-Data
.LINK
Unprotect-Data
.LINK
Add-ProtectedDataCredential
.LINK
Remove-ProtectedDataCredential
.LINK
Get-ProtectedDataSupportedTypes
#>
[CmdletBinding(DefaultParameterSetName = 'Certificate')]
param (
[Parameter(Mandatory = $true, ValueFromPipeline = $true)]
[ValidateScript({
if (-not (Test-IsProtectedData -InputObject $_))
{
throw 'InputObject argument must be a ProtectedData object.'
}
if ($null -eq $_.CipherText -or $_.CipherText.Count -eq 0)
{
throw 'Protected data object contained no cipher text.'
}
$type = $_.Type -as [type]
if ($null -eq $type -or $script:ValidTypes -notcontains $type)
{
throw 'Protected data object specified an invalid type. Type must be one of: ' +
($script:ValidTypes -join ', ')
}
return $true
})]
$InputObject,
[Parameter(Mandatory = $true, ParameterSetName = 'Certificate')]
[object]
$Certificate,
[Parameter(Mandatory = $true, ParameterSetName = 'Password')]
[System.Security.SecureString]
$Password,
[switch]
$SkipCertificateVerification,
[switch]
$PassThru
)
begin
{
$cert = $null
if ($Certificate)
{
try
{
$cert = ConvertTo-X509Certificate2 -InputObject $Certificate -ErrorAction Stop
$params = @{
CertificateGroup = $cert
RequirePrivateKey = $true
SkipCertificateVerification = $SkipCertificateVerification
}
$cert = ValidateKeyEncryptionCertificate @params -ErrorAction Stop
}
catch
{
throw
}
}
}
process
{
$key = $null
$iv = $null
if ($null -ne $cert)
{
$params = @{ Certificate = $cert }
}
else
{
$params = @{ Password = $Password }
}
try
{
$result = Unprotect-MatchingKeyData -InputObject $InputObject @params
$key = $result.Key
$iv = $result.IV
$hmac = Get-Hmac -Key $key -Bytes $InputObject.CipherText
if ($InputObject.PSObject.Properties['HMAC'])
{
$InputObject.HMAC = $hmac
}
else
{
Add-Member -InputObject $InputObject -Name HMAC -Value $hmac -MemberType NoteProperty
}
if ($PassThru)
{
$InputObject
}
}
catch
{
Write-Error -ErrorRecord $_
return
}
finally
{
if ($key -is [IDisposable]) { $key.Dispose() }
if ($iv -is [IDisposable]) { $iv.Dispose() }
}
} # process
} # function Unprotect-Data
function Add-ProtectedDataCredential
{
<#
.Synopsis
Adds one or more new copies of an encryption key to an object generated by Protect-Data.
.DESCRIPTION
This command can be used to add new certificates and/or passwords to an object that was previously encrypted by Protect-Data. The caller must provide one of the certificates or passwords that already exists in the ProtectedData object to perform this operation.
.PARAMETER InputObject
The ProtectedData object which was created by an earlier call to Protect-Data.
.PARAMETER Certificate
An RSA or ECDH certificate which was previously used to encrypt the ProtectedData structure's key.
.PARAMETER Password
A password which was previously used to encrypt the ProtectedData structure's key.
.PARAMETER NewCertificate
Zero or more RSA or ECDH certificates that should be used to encrypt the data. The data can later be decrypted by using the same certificate (with its private key.) You can pass an X509Certificate2 object to this parameter, or you can pass in a string which contains either a path to a certificate file on the file system, a path to the certificate in the Certificate provider, or a certificate thumbprint (in which case the certificate provider will be searched to find the certificate.)
.PARAMETER UseLegacyPadding
Optional switch specifying that when performing certificate-based encryption, PKCS#1 v1.5 padding should be used instead of the newer, more secure OAEP padding scheme. Some certificates may not work properly with OAEP padding
.PARAMETER NewPassword
Zero or more SecureString objects containing password that will be used to derive encryption keys. The data can later be decrypted by passing in a SecureString with the same value.
.PARAMETER SkipCertificateValidation
If specified, the command does not attempt to validate that the specified certificate(s) came from trusted publishers and have not been revoked or expired.
This is primarily intended to allow the use of self-signed certificates.
.PARAMETER PasswordIterationCount
Optional positive integer value specifying the number of iteration that should be used when deriving encryption keys from the specified password(s). Defaults to 1000.
Higher values make it more costly to crack the passwords by brute force.
.PARAMETER Passthru
If this switch is used, the ProtectedData object is output to the pipeline after it is modified.
.EXAMPLE
Add-ProtectedDataCredential -InputObject $protectedData -Certificate $oldThumbprint -NewCertificate $newThumbprints -NewPassword $newPasswords
Uses the certificate with thumbprint $oldThumbprint to add new key copies to the $protectedData object. $newThumbprints would be a string array containing thumbprints, and $newPasswords would be an array of SecureString objects.
.INPUTS
[PSObject]
The input object should be a copy of an object that was produced by Protect-Data.
.OUTPUTS
None, or
[PSObject]
.LINK
Unprotect-Data
.LINK
Add-ProtectedDataCredential
.LINK
Remove-ProtectedDataCredential
.LINK
Get-ProtectedDataSupportedTypes
#>
[CmdletBinding(DefaultParameterSetName = 'Certificate')]
param (
[Parameter(Mandatory = $true, ValueFromPipeline = $true)]
[ValidateScript({
if (-not (Test-IsProtectedData -InputObject $_))
{
throw 'InputObject argument must be a ProtectedData object.'
}
return $true
})]
$InputObject,
[Parameter(Mandatory = $true, ParameterSetName = 'Certificate')]
[object]
$Certificate,
[Parameter(ParameterSetName = 'Certificate')]
[switch]
$UseLegacyPaddingForDecryption,
[Parameter(Mandatory = $true, ParameterSetName = 'Password')]
[System.Security.SecureString]
$Password,
[ValidateNotNull()]
[AllowEmptyCollection()]
[object[]]
$NewCertificate = @(),
[switch]
$UseLegacyPadding,
[ValidateNotNull()]
[AllowEmptyCollection()]
[System.Security.SecureString[]]
$NewPassword = @(),
[ValidateRange(1,2147483647)]
[int]
$PasswordIterationCount = 1000,
[switch]
$SkipCertificateVerification,
[switch]
$Passthru
)
begin
{
$decryptionCert = $null
if ($PSCmdlet.ParameterSetName -eq 'Certificate')
{
try
{
$decryptionCert = ConvertTo-X509Certificate2 -InputObject $Certificate -ErrorAction Stop
$params = @{
CertificateGroup = $decryptionCert
SkipCertificateVerification = $SkipCertificateVerification
RequirePrivateKey = $true
}
$decryptionCert = ValidateKeyEncryptionCertificate @params -ErrorAction Stop
}
catch
{
throw
}
}
$certs = @(
foreach ($cert in $NewCertificate)
{
try
{
$x509Cert = ConvertTo-X509Certificate2 -InputObject $cert -ErrorAction Stop
$params = @{
CertificateGroup = $x509Cert
SkipCertificateVerification = $SkipCertificateVerification
}
ValidateKeyEncryptionCertificate @params -ErrorAction Stop
}
catch
{
Write-Error -ErrorRecord $_
}
}
)
if ($certs.Count -eq 0 -and $NewPassword.Count -eq 0)
{
throw 'None of the specified certificates could be used for encryption, and no passwords were ' +
'specified. Data protection cannot be performed.'
}
} # begin
process
{
if ($null -ne $decryptionCert)
{
$params = @{ Certificate = $decryptionCert }
}
else
{
$params = @{ Password = $Password }
}
$key = $null
$iv = $null
try
{
$result = Unprotect-MatchingKeyData -InputObject $InputObject @params
$key = $result.Key
$iv = $result.IV
Add-KeyData -InputObject $InputObject -Key $key -IV $iv -Certificate $certs -Password $NewPassword -UseLegacyPadding:$UseLegacyPadding
}
catch
{
Write-Error -ErrorRecord $_
return
}
finally
{
if ($key -is [IDisposable]) { $key.Dispose() }
if ($iv -is [IDisposable]) { $iv.Dispose() }
}
if ($Passthru)
{
$InputObject
}
} # process
} # function Add-ProtectedDataCredential
function Remove-ProtectedDataCredential
{
<#
.Synopsis
Removes copies of encryption keys from a ProtectedData object.
.DESCRIPTION
The KeyData copies in a ProtectedData object which are associated with the specified Certificates and/or Passwords are removed from the object, unless that removal would leave no KeyData copies behind.
.PARAMETER InputObject
The ProtectedData object which is to be modified.
.PARAMETER Certificate
RSA or ECDH certificates that you wish to remove from this ProtectedData object. You can pass an X509Certificate2 object to this parameter, or you can pass in a string which contains either a path to a certificate file on the file system, a path to the certificate in the Certificate provider, or a certificate thumbprint (in which case the certificate provider will be searched to find the certificate.)
.PARAMETER Password
Passwords in SecureString form which are to be removed from this ProtectedData object.
.PARAMETER Passthru
If this switch is used, the ProtectedData object will be written to the pipeline after processing is complete.
.EXAMPLE
$protectedData | Remove-ProtectedDataCredential -Certificate $thumbprints -Password $passwords
Removes certificates and passwords from an existing ProtectedData object.
.INPUTS
[PSObject]
The input object should be a copy of an object that was produced by Protect-Data.
.OUTPUTS
None, or
[PSObject]
.LINK
Protect-Data
.LINK
Unprotect-Data
.LINK
Add-ProtectedDataCredential
#>
[CmdletBinding()]
param (
[Parameter(Mandatory = $true, ValueFromPipeline = $true)]
[ValidateScript({
if (-not (Test-IsProtectedData -InputObject $_))
{
throw 'InputObject argument must be a ProtectedData object.'
}
return $true
})]
$InputObject,
[ValidateNotNull()]
[AllowEmptyCollection()]
[object[]]
$Certificate,
[ValidateNotNull()]
[AllowEmptyCollection()]
[System.Security.SecureString[]]
$Password,
[switch]
$Passthru
)
begin
{
$thumbprints = @(
$Certificate |
ConvertTo-X509Certificate2 |
Select-Object -ExpandProperty Thumbprint
)
$thumbprints = $thumbprints | Get-Unique
}
process
{
$matchingKeyData = @(
foreach ($keyData in $InputObject.KeyData)
{
if (Test-IsCertificateProtectedKeyData -InputObject $keyData)
{
if ($thumbprints -contains $keyData.Thumbprint) { $keyData }
}
elseif (Test-IsPasswordProtectedKeyData -InputObject $keyData)
{
foreach ($secureString in $Password)
{
$params = @{
Password = $secureString
Salt = $keyData.HashSalt
IterationCount = $keyData.IterationCount
}
if ($keyData.Hash -eq (Get-PasswordHash @params))
{
$keyData
}
}
}
}
)
if ($matchingKeyData.Count -eq $InputObject.KeyData.Count)
{
Write-Error 'You must leave at least one copy of the ProtectedData object''s keys.'
return
}
$InputObject.KeyData = $InputObject.KeyData | Where-Object { $matchingKeyData -notcontains $_ }
if ($Passthru)
{
$InputObject
}
}
} # function Remove-ProtectedDataCredential
function Get-ProtectedDataSupportedTypes
{
<#
.Synopsis
Returns a list of types that can be used as the InputObject in the Protect-Data command.
.EXAMPLE
$types = Get-ProtectedDataSupportedTypes
.INPUTS
None.
.OUTPUTS
Type[]
.NOTES
This function allows you to know which InputObject types are supported by the Protect-Data and Unprotect-Data commands in this version of the module. This list may expand over time, will always be backwards-compatible with previously-encrypted data.
.LINK
Protect-Data
.LINK
Unprotect-Data
#>
[CmdletBinding()]
[OutputType([Type[]])]
param ( )
$script:ValidTypes
}
function Get-KeyEncryptionCertificate
{
<#
.Synopsis
Finds certificates which can be used by Protect-Data and related commands.
.DESCRIPTION
Searches the given path, and all child paths, for certificates which can be used by Protect-Data. Such certificates must support Key Encipherment (for RSA) or Key Agreement (for ECDH) usage, and by default, must not be expired and must be issued by a trusted authority.
.PARAMETER Path
Path which should be searched for the certifictes. Defaults to the entire Cert: drive.
.PARAMETER CertificateThumbprint
Thumbprints which should be included in the search. Wildcards are allowed. Defaults to '*'.
.PARAMETER SkipCertificateVerification
If this switch is used, the command will include certificates which are not yet valid, expired, revoked, or issued by an untrusted authority. This can be useful if you wish to use a self-signed certificate for encryption.
.PARAMETER RequirePrivateKey
If this switch is used, the command will only output certificates which have a usable private key on this computer.
.EXAMPLE
Get-KeyEncryptionCertificate -Path Cert:\CurrentUser -RequirePrivateKey -SkipCertificateVerification
Searches for certificates which support key encipherment (RSA) or key agreement (ECDH) and have a private key installed. All matching certificates are returned, and they do not need to be verified for trust, revocation or validity period.
.EXAMPLE
Get-KeyEncryptionCertificate -Path Cert:\CurrentUser\TrustedPeople
Searches the current user's Trusted People store for certificates that can be used with Protect-Data. Certificates must be current, issued by a trusted authority, and not revoked, but they do not need to have a private key available to the current user.
.INPUTS
None.
.OUTPUTS
[System.Security.Cryptography.X509Certificates.X509Certificate2]
.LINK
Protect-Data
.LINK
Unprotect-Data
.LINK
Add-ProtectedDataCredential
.LINK
Remove-ProtectedDataCredential
#>
[CmdletBinding()]
[OutputType([System.Security.Cryptography.X509Certificates.X509Certificate2])]
param (
[ValidateNotNullOrEmpty()]
[string]
$Path = 'Cert:\',
[string]
$CertificateThumbprint = '*',
[switch]
$SkipCertificateVerification,
[switch]
$RequirePrivateKey
)
# Suppress error output if we're doing a wildcard search (unless user specifically asks for it via -ErrorAction)
# This is a little ugly, may rework this later now that I've made Get-KeyEncryptionCertificate public. Originally
# it was only used to search for a single thumbprint, and threw errors back to the caller if no suitable cert could
# be found. Now I want it to also be used as a search tool for users to identify suitable certificates. Maybe just
# needs to be two separate functions, one internal and one public.
if (-not $PSBoundParameters.ContainsKey('ErrorAction') -and
$CertificateThumbprint -notmatch '^[A-F\d]+$')
{
$ErrorActionPreference = $IgnoreError
}
$certGroups = GetCertificateByThumbprint -Path $Path -Thumbprint $CertificateThumbprint -ErrorAction $IgnoreError |
Group-Object -Property Thumbprint
if ($null -eq $certGroups)
{
throw "Certificate '$CertificateThumbprint' was not found."
}
$params = @{
SkipCertificateVerification = $SkipCertificateVerification
RequirePrivateKey = $RequirePrivateKey
}
foreach ($group in $certGroups)
{
ValidateKeyEncryptionCertificate -CertificateGroup $group.Group @params
}
} # function Get-KeyEncryptionCertificate
#endregion
#region Helper functions
function ConvertTo-X509Certificate2
{
[CmdletBinding()]
[OutputType([System.Security.Cryptography.X509Certificates.X509Certificate2])]
param (
[Parameter(ValueFromPipeline = $true)]
[object[]] $InputObject = @()
)
process
{
foreach ($object in $InputObject)
{
if ($null -eq $object) { continue }
$possibleCerts = @(
$object -as [System.Security.Cryptography.X509Certificates.X509Certificate2]
GetCertificateFromPSPath -Path $object
) -ne $null
if ($object -match '^[A-F\d]+$' -and $possibleCerts.Count -eq 0)
{
$possibleCerts = @(GetCertificateByThumbprint -Thumbprint $object)
}
$cert = $possibleCerts | Select-Object -First 1
if ($null -ne $cert)
{
$cert
}
else
{
Write-Error "No certificate with identifier '$object' of type $($object.GetType().FullName) was found."
}
}
}
}
function GetCertificateFromPSPath
{
[CmdletBinding()]
[OutputType([System.Security.Cryptography.X509Certificates.X509Certificate2])]
param (
[Parameter(Mandatory = $true)]
[string] $Path
)
if (-not (Test-Path -LiteralPath $Path)) { return }
$resolved = Resolve-Path -LiteralPath $Path
switch ($resolved.Provider.Name)
{
'FileSystem'
{
# X509Certificate2 has a constructor that takes a fileName string; using the -as operator is faster than
# New-Object, and works just as well.
return $resolved.ProviderPath -as [System.Security.Cryptography.X509Certificates.X509Certificate2]
}
'Certificate'
{
return (Get-Item -LiteralPath $Path) -as [System.Security.Cryptography.X509Certificates.X509Certificate2]
}
}
}
function GetCertificateByThumbprint
{
[CmdletBinding()]
[OutputType([System.Security.Cryptography.X509Certificates.X509Certificate2])]
param (
[Parameter(Mandatory = $true)]
[string] $Thumbprint,
[ValidateNotNullOrEmpty()]
[string]
$Path = 'Cert:\'
)
return Get-ChildItem -Path $Path -Recurse -Include $Thumbprint |
Where-Object { $_ -is [System.Security.Cryptography.X509Certificates.X509Certificate2] } |
Sort-Object -Property HasPrivateKey -Descending
}
function Protect-DataWithAes
{
[CmdletBinding(DefaultParameterSetName = 'KnownKey')]
param (
[Parameter(Mandatory = $true)]
[byte[]]
$PlainText,
[byte[]]
$Key,
[byte[]]
$IV,
[switch]
$NoHMAC
)
$aes = $null
$memoryStream = $null
$cryptoStream = $null
try
{
$aes = New-Object System.Security.Cryptography.AesCryptoServiceProvider
if ($null -ne $Key) { $aes.Key = $Key }
if ($null -ne $IV) { $aes.IV = $IV }
$memoryStream = New-Object System.IO.MemoryStream
$cryptoStream = New-Object System.Security.Cryptography.CryptoStream(
$memoryStream, $aes.CreateEncryptor(), 'Write'
)
$cryptoStream.Write($PlainText, 0, $PlainText.Count)
$cryptoStream.FlushFinalBlock()
$properties = @{
CipherText = $memoryStream.ToArray()
HMAC = $null
}
$hmacKeySplat = @{
Key = $Key
}
if ($null -eq $Key)
{
$properties['Key'] = New-Object PowerShellUtils.PinnedArray[byte](,$aes.Key)
$hmacKeySplat['Key'] = $properties['Key']
}
if ($null -eq $IV)
{
$properties['IV'] = New-Object PowerShellUtils.PinnedArray[byte](,$aes.IV)
}
if (-not $NoHMAC)
{
$properties['HMAC'] = Get-Hmac @hmacKeySplat -Bytes $properties['CipherText']
}
New-Object psobject -Property $properties
}
finally
{
if ($null -ne $aes) { $aes.Clear() }
if ($cryptoStream -is [IDisposable]) { $cryptoStream.Dispose() }
if ($memoryStream -is [IDisposable]) { $memoryStream.Dispose() }
}
}
function Get-Hmac
{
[OutputType([byte[]])]
param (
[Parameter(Mandatory = $true)]
[byte[]] $Key,
[Parameter(Mandatory = $true)]
[byte[]] $Bytes
)
$hmac = $null
$sha = $null
try
{
$sha = New-Object System.Security.Cryptography.SHA256CryptoServiceProvider
$hmac = New-Object PowerShellUtils.FipsHmacSha256(,$sha.ComputeHash($Key))
return ,$hmac.ComputeHash($Bytes)
}
finally
{
if ($null -ne $hmac) { $hmac.Clear() }
if ($null -ne $sha) { $sha.Clear() }
}
}
function Unprotect-DataWithAes
{
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[byte[]]
$CipherText,
[Parameter(Mandatory = $true)]
[byte[]]
$Key,
[Parameter(Mandatory = $true)]
[byte[]]
$IV,
[byte[]]
$HMAC
)
$aes = $null
$memoryStream = $null
$cryptoStream = $null
$buffer = $null
if ($null -ne $HMAC)
{
Assert-ValidHmac -Key $Key -Bytes $CipherText -Hmac $HMAC
}
try
{
$aes = New-Object System.Security.Cryptography.AesCryptoServiceProvider -Property @{
Key = $Key
IV = $IV
}
# Not sure exactly how long of a buffer we'll need to hold the decrypted data. Twice
# the ciphertext length should be more than enough.
$buffer = New-Object PowerShellUtils.PinnedArray[byte](2 * $CipherText.Count)
$memoryStream = New-Object System.IO.MemoryStream(,$buffer)
$cryptoStream = New-Object System.Security.Cryptography.CryptoStream(
$memoryStream, $aes.CreateDecryptor(), 'Write'
)
$cryptoStream.Write($CipherText, 0, $CipherText.Count)
$cryptoStream.FlushFinalBlock()
$plainText = New-Object PowerShellUtils.PinnedArray[byte]($memoryStream.Position)
[Array]::Copy($buffer.Array, $plainText.Array, $memoryStream.Position)
return New-Object psobject -Property @{
PlainText = $plainText
}
}
finally
{
if ($null -ne $aes) { $aes.Clear() }
if ($cryptoStream -is [IDisposable]) { $cryptoStream.Dispose() }
if ($memoryStream -is [IDisposable]) { $memoryStream.Dispose() }
if ($buffer -is [IDisposable]) { $buffer.Dispose() }
}
}
function Assert-ValidHmac
{
[OutputType([void])]
param (
[Parameter(Mandatory = $true)]
[byte[]] $Key,
[Parameter(Mandatory = $true)]
[byte[]] $Bytes,
[Parameter(Mandatory = $true)]
[byte[]] $Hmac
)
$recomputedHmac = Get-Hmac -Key $Key -Bytes $Bytes
if (-not (ByteArraysAreEqual $Hmac $recomputedHmac))
{
throw 'Decryption failed due to invalid HMAC.'
}
}
function ByteArraysAreEqual([byte[]] $First, [byte[]] $Second)
{
if ($null -eq $First) { $First = @() }
if ($null -eq $Second) { $Second = @() }
if ($First.Length -ne $Second.Length) { return $false }
$length = $First.Length
for ($i = 0; $i -lt $length; $i++)
{
if ($First[$i] -ne $Second[$i]) { return $false }
}
return $true
}
function Add-KeyData
{
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
$InputObject,
[Parameter(Mandatory = $true)]
[byte[]]
$Key,
[Parameter(Mandatory = $true)]
[byte[]]
$IV,
[ValidateNotNull()]
[AllowEmptyCollection()]
[System.Security.Cryptography.X509Certificates.X509Certificate2[]]
$Certificate = @(),
[switch]
$UseLegacyPadding,
[ValidateNotNull()]
[AllowEmptyCollection()]
[System.Security.SecureString[]]
$Password = @(),
[ValidateRange(1,2147483647)]
[int]
$PasswordIterationCount = 1000
)
if ($certs.Count -eq 0 -and $Password.Count -eq 0)
{
return
}
$useOAEP = -not $UseLegacyPadding
$InputObject.KeyData += @(
foreach ($cert in $Certificate)
{
$match = $InputObject.KeyData |
Where-Object { $_.Thumbprint -eq $cert.Thumbprint }
if ($null -ne $match) { continue }
Protect-KeyDataWithCertificate -Certificate $cert -Key $Key -IV $IV -UseLegacyPadding:$UseLegacyPadding
}
foreach ($secureString in $Password)
{
$match = $InputObject.KeyData |
Where-Object {
$params = @{
Password = $secureString
Salt = $_.HashSalt
IterationCount = $_.IterationCount
}
$null -ne $_.Hash -and $_.Hash -eq (Get-PasswordHash @params)
}
if ($null -ne $match) { continue }
Protect-KeyDataWithPassword -Password $secureString -Key $Key -IV $IV -IterationCount $PasswordIterationCount
}
)
} # function Add-KeyData
function Unprotect-MatchingKeyData
{
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
$InputObject,
[Parameter(Mandatory = $true, ParameterSetName = 'Certificate')]
[System.Security.Cryptography.X509Certificates.X509Certificate2]
$Certificate,
[Parameter(Mandatory = $true, ParameterSetName = 'Password')]
[System.Security.SecureString]
$Password
)
if ($PSCmdlet.ParameterSetName -eq 'Certificate')
{
$keyData = $InputObject.KeyData |
Where-Object { (Test-IsCertificateProtectedKeyData -InputObject $_) -and $_.Thumbprint -eq $Certificate.Thumbprint } |
Select-Object -First 1
if ($null -eq $keyData)
{
throw "Protected data object was not encrypted with certificate '$($Certificate.Thumbprint)'."
}
try
{
return Unprotect-KeyDataWithCertificate -KeyData $keyData -Certificate $Certificate
}
catch
{
throw
}
}
else
{
$keyData =
$InputObject.KeyData |
Where-Object {
(Test-IsPasswordProtectedKeyData -InputObject $_) -and
$_.Hash -eq (Get-PasswordHash -Password $Password -Salt $_.HashSalt -IterationCount $_.IterationCount)
} |
Select-Object -First 1
if ($null -eq $keyData)
{
throw 'Protected data object was not encrypted with the specified password.'
}
try
{
return Unprotect-KeyDataWithPassword -KeyData $keyData -Password $Password
}
catch
{
throw
}
}
} # function Unprotect-MatchingKeyData
function ValidateKeyEncryptionCertificate
{
[CmdletBinding()]
[OutputType([System.Security.Cryptography.X509Certificates.X509Certificate2])]
param (
[System.Security.Cryptography.X509Certificates.X509Certificate2[]]
$CertificateGroup,
[switch]
$SkipCertificateVerification,
[switch]
$RequirePrivateKey
)
process
{
$Certificate = $CertificateGroup[0]
$isEccCertificate = $Certificate.GetKeyAlgorithm() -eq $script:EccAlgorithmOid
if ($Certificate.PublicKey.Key -isnot [System.Security.Cryptography.RSACryptoServiceProvider] -and
-not $isEccCertificate)
{
Write-Error "Certficiate '$($Certificate.Thumbprint)' is not an RSA or ECDH certificate."
return
}
if (-not $SkipCertificateVerification)
{
if ($Certificate.NotBefore -gt (Get-Date))
{
Write-Error "Certificate '$($Certificate.Thumbprint)' is not yet valid."
return
}
if ($Certificate.NotAfter -lt (Get-Date))
{
Write-Error "Certificate '$($Certificate.Thumbprint)' has expired."
return
}
}
if ($isEccCertificate)
{
$neededKeyUsage = [System.Security.Cryptography.X509Certificates.X509KeyUsageFlags]::KeyAgreement
}
else
{
$neededKeyUsage = [System.Security.Cryptography.X509Certificates.X509KeyUsageFlags]::KeyEncipherment
}
$keyUsageFlags = 0
foreach ($extension in $Certificate.Extensions)
{
if ($extension -is [System.Security.Cryptography.X509Certificates.X509KeyUsageExtension])
{
$keyUsageFlags = $keyUsageFlags -bor $extension.KeyUsages
}
}
if (($keyUsageFlags -band $neededKeyUsage) -ne $neededKeyUsage)
{
Write-Error "Certificate '$($Certificate.Thumbprint)' does not have the required $($neededKeyUsage.ToString()) Key Usage flag."
return
}
if (-not $SkipCertificateVerification -and -not $Certificate.Verify())
{
Write-Error "Verification of certificate '$($Certificate.Thumbprint)' failed."
return
}
if ($RequirePrivateKey)
{
$Certificate = $CertificateGroup |
Where-Object { TestPrivateKey -Certificate $_ } |
Select-Object -First 1
if ($null -eq $Certificate)
{
Write-Error "Could not find private key for certificate '$($CertificateGroup[0].Thumbprint)'."
return
}
}
$Certificate
} # process
} # function ValidateKeyEncryptionCertificate
function TestPrivateKey([System.Security.Cryptography.X509Certificates.X509Certificate2] $Certificate)
{
if (-not $Certificate.HasPrivateKey) { return $false }
if ($Certificate.PrivateKey -is [System.Security.Cryptography.RSACryptoServiceProvider]) { return $true }
$cngKey = $null
try
{
if ([Security.Cryptography.X509Certificates.X509CertificateExtensionMethods]::HasCngKey($Certificate))
{
$cngKey = [Security.Cryptography.X509Certificates.X509Certificate2ExtensionMethods]::GetCngPrivateKey($Certificate)
return $null -ne $cngKey -and
($cngKey.AlgorithmGroup -eq [System.Security.Cryptography.CngAlgorithmGroup]::Rsa -or
$cngKey.AlgorithmGroup -eq [System.Security.Cryptography.CngAlgorithmGroup]::ECDiffieHellman)
}
}
catch
{
return $false
}
finally
{
if ($cngKey -is [IDisposable]) { $cngKey.Dispose() }
}
}
function Get-KeyGenerator
{
[CmdletBinding(DefaultParameterSetName = 'CreateNew')]
[OutputType([System.Security.Cryptography.Rfc2898DeriveBytes])]
param (
[Parameter(Mandatory = $true)]
[System.Security.SecureString]
$Password,
[Parameter(Mandatory = $true, ParameterSetName = 'RestoreExisting')]
[byte[]]
$Salt,
[ValidateRange(1,2147483647)]
[int]
$IterationCount = 1000
)
$byteArray = $null
try
{
$byteArray = Convert-SecureStringToPinnedByteArray -SecureString $Password
if ($PSCmdlet.ParameterSetName -eq 'RestoreExisting')
{
$saltBytes = $Salt
}
else
{
$saltBytes = Get-RandomBytes -Count 32
}
New-Object System.Security.Cryptography.Rfc2898DeriveBytes($byteArray, $saltBytes, $IterationCount)
}
finally
{
if ($byteArray -is [IDisposable]) { $byteArray.Dispose() }
}
} # function Get-KeyGenerator
function Get-PasswordHash
{
[CmdletBinding()]
[OutputType([string])]
param (
[Parameter(Mandatory = $true)]
[System.Security.SecureString]
$Password,
[Parameter(Mandatory = $true)]
[byte[]]
$Salt,
[ValidateRange(1, 2147483647)]
[int]
$IterationCount = 1000
)
$keyGen = $null
try
{
$keyGen = Get-KeyGenerator @PSBoundParameters
[BitConverter]::ToString($keyGen.GetBytes(32)) -replace '[^A-F\d]'
}
finally
{
if ($keyGen -is [IDisposable]) { $keyGen.Dispose() }
}
} # function Get-PasswordHash
function Get-RandomBytes
{
[CmdletBinding()]
[OutputType([byte[]])]
param (
[Parameter(Mandatory = $true)]
[ValidateRange(1,1000)]
$Count
)
$rng = $null
try
{
$rng = New-Object System.Security.Cryptography.RNGCryptoServiceProvider
$bytes = New-Object byte[]($Count)
$rng.GetBytes($bytes)
,$bytes
}
finally
{
if ($rng -is [IDisposable]) { $rng.Dispose() }
}
} # function Get-RandomBytes
function Protect-KeyDataWithCertificate
{
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[System.Security.Cryptography.X509Certificates.X509Certificate2]
$Certificate,
[byte[]]
$Key,
[byte[]]
$IV,
[switch] $UseLegacyPadding
)
if ($Certificate.PublicKey.Key -is [System.Security.Cryptography.RSACryptoServiceProvider])
{
Protect-KeyDataWithRsaCertificate -Certificate $Certificate -Key $Key -IV $IV -UseLegacyPadding:$UseLegacyPadding
}
elseif ($Certificate.GetKeyAlgorithm() -eq $script:EccAlgorithmOid)
{
Protect-KeyDataWithEcdhCertificate -Certificate $Certificate -Key $Key -IV $IV
}
}
function Protect-KeyDataWithRsaCertificate
{
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[System.Security.Cryptography.X509Certificates.X509Certificate2]
$Certificate,
[byte[]]
$Key,
[byte[]]
$IV,
[switch] $UseLegacyPadding
)
$useOAEP = -not $UseLegacyPadding
try
{
New-Object psobject -Property @{
Key = $Certificate.PublicKey.Key.Encrypt($key, $useOAEP)
IV = $Certificate.PublicKey.Key.Encrypt($iv, $useOAEP)
Thumbprint = $Certificate.Thumbprint
LegacyPadding = [bool] $UseLegacyPadding
}
}
catch
{
Write-Error -ErrorRecord $_
}
}
function Protect-KeyDataWithEcdhCertificate
{
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[System.Security.Cryptography.X509Certificates.X509Certificate2]
$Certificate,
[byte[]]
$Key,
[byte[]]
$IV
)
$publicKey = $null
$ephemeralKey = $null
$ecdh = $null
$derivedKey = $null
try
{
$publicKey = Get-EcdhPublicKey -Certificate $cert
$ephemeralKey = [System.Security.Cryptography.CngKey]::Create($publicKey.Algorithm)
$ecdh = [System.Security.Cryptography.ECDiffieHellmanCng]$ephemeralKey
$derivedKey = New-Object PowerShellUtils.PinnedArray[byte](
,($ecdh.DeriveKeyMaterial($publicKey) | Select-Object -First 32)
)
if ($derivedKey.Count -ne 32)
{
# This shouldn't happen, but just in case...
throw "Error: Key material derived from ECDH certificate $($Certificate.Thumbprint) was less than the required 32 bytes"
}
$ecdhIv = Get-RandomBytes -Count 16
$encryptedKey = Protect-DataWithAes -PlainText $Key -Key $derivedKey -IV $ecdhIv -NoHMAC
$encryptedIv = Protect-DataWithAes -PlainText $IV -Key $derivedKey -IV $ecdhIv -NoHMAC
New-Object psobject @{
Key = $encryptedKey.CipherText
IV = $encryptedIv.CipherText
EcdhPublicKey = $ecdh.PublicKey.ToByteArray()
EcdhIV = $ecdhIv
Thumbprint = $Certificate.Thumbprint
}
}
finally
{
if ($publicKey -is [IDisposable]) { $publicKey.Dispose() }
if ($ephemeralKey -is [IDisposable]) { $ephemeralKey.Dispose() }
if ($null -ne $ecdh) { $ecdh.Clear() }
if ($derivedKey -is [IDisposable]) { $derivedKey.Dispose() }
}
}
function Get-EcdhPublicKey([System.Security.Cryptography.X509Certificates.X509Certificate2] $Certificate)
{
# If we get here, we've already verified that the certificate has the Key Agreement usage extension,
# and that it is an ECC algorithm cert, meaning we can treat the OIDs as ECDH algorithms. (These OIDs
# are shared with ECDSA, for some reason, and the ECDSA magic constants are different.)
$magic = @{
'1.2.840.10045.3.1.7' = [uint32]0x314B4345L # BCRYPT_ECDH_PUBLIC_P256_MAGIC
'1.3.132.0.34' = [uint32]0x334B4345L # BCRYPT_ECDH_PUBLIC_P384_MAGIC
'1.3.132.0.35' = [uint32]0x354B4345L # BCRYPT_ECDH_PUBLIC_P521_MAGIC
}
$algorithm = Get-AlgorithmOid -Certificate $Certificate
if (-not $magic.ContainsKey($algorithm))
{
throw "Certificate '$($Certificate.Thumbprint)' returned an unknown Public Key Algorithm OID: '$algorithm'"
}
$size = (($cert.GetPublicKey().Count - 1) / 2)
$keyBlob = [byte[]]@(
[System.BitConverter]::GetBytes($magic[$algorithm])
[System.BitConverter]::GetBytes($size)
$cert.GetPublicKey() | Select-Object -Skip 1
)
return [System.Security.Cryptography.CngKey]::Import($keyBlob, [System.Security.Cryptography.CngKeyBlobFormat]::EccPublicBlob)
}
function Get-AlgorithmOid([System.Security.Cryptography.X509Certificates.X509Certificate] $Certificate)
{
$algorithmOid = $Certificate.GetKeyAlgorithm();
if ($algorithmOid -eq $script:EccAlgorithmOid)
{
$algorithmOid = DecodeBinaryOid -Bytes $Certificate.GetKeyAlgorithmParameters()
}
return $algorithmOid
}
function DecodeBinaryOid([byte[]] $Bytes)
{
# Thanks to Vadims Podans (http://sysadmins.lv/) for this cool technique to take a byte array
# and decode the OID without having to use P/Invoke to call the CryptDecodeObject function directly.
[byte[]] $ekuBlob = @(
48
$Bytes.Count
$Bytes
)
$asnEncodedData = New-Object System.Security.Cryptography.AsnEncodedData(,$ekuBlob)
$enhancedKeyUsage = New-Object System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension($asnEncodedData, $false)
return $enhancedKeyUsage.EnhancedKeyUsages[0].Value
}
function Unprotect-KeyDataWithCertificate
{
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
$KeyData,
[Parameter(Mandatory = $true)]
[System.Security.Cryptography.X509Certificates.X509Certificate2]
$Certificate
)
if ($Certificate.PublicKey.Key -is [System.Security.Cryptography.RSACryptoServiceProvider])
{
Unprotect-KeyDataWithRsaCertificate -KeyData $KeyData -Certificate $Certificate
}
elseif ($Certificate.GetKeyAlgorithm() -eq $script:EccAlgorithmOid)
{
Unprotect-KeyDataWithEcdhCertificate -KeyData $KeyData -Certificate $Certificate
}
}
function Unprotect-KeyDataWithEcdhCertificate
{
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
$KeyData,
[Parameter(Mandatory = $true)]
[System.Security.Cryptography.X509Certificates.X509Certificate2]
$Certificate
)
$doFinallyBlock = $true
$key = $null
$iv = $null
$derivedKey = $null
$publicKey = $null
$privateKey = $null
$ecdh = $null
try
{
$privateKey = [Security.Cryptography.X509Certificates.X509Certificate2ExtensionMethods]::GetCngPrivateKey($Certificate)
if ($privateKey.AlgorithmGroup -ne [System.Security.Cryptography.CngAlgorithmGroup]::ECDiffieHellman)
{
throw "Certificate '$($Certificate.Thumbprint)' contains a non-ECDH key pair."
}
if ($null -eq $KeyData.EcdhPublicKey -or $null -eq $KeyData.EcdhIV)
{
throw "Certificate '$($Certificate.Thumbprint)' is a valid ECDH certificate, but the stored KeyData structure is missing the public key and/or IV used during encryption."
}
$publicKey = [System.Security.Cryptography.CngKey]::Import($KeyData.EcdhPublicKey, [System.Security.Cryptography.CngKeyBlobFormat]::EccPublicBlob)
$ecdh = [System.Security.Cryptography.ECDiffieHellmanCng]$privateKey
$derivedKey = New-Object PowerShellUtils.PinnedArray[byte](,($ecdh.DeriveKeyMaterial($publicKey) | Select-Object -First 32))
if ($derivedKey.Count -ne 32)
{
# This shouldn't happen, but just in case...
throw "Error: Key material derived from ECDH certificate $($Certificate.Thumbprint) was less than the required 32 bytes"
}
$key = (Unprotect-DataWithAes -CipherText $KeyData.Key -Key $derivedKey -IV $KeyData.EcdhIV).PlainText
$iv = (Unprotect-DataWithAes -CipherText $KeyData.IV -Key $derivedKey -IV $KeyData.EcdhIV).PlainText
$doFinallyBlock = $false
return New-Object psobject -Property @{
Key = $key
IV = $iv
}
}
catch
{
throw
}
finally
{
if ($doFinallyBlock)
{
if ($key -is [IDisposable]) { $key.Dispose() }
if ($iv -is [IDisposable]) { $iv.Dispose() }
}
if ($derivedKey -is [IDisposable]) { $derivedKey.Dispose() }
if ($privateKey -is [IDisposable]) { $privateKey.Dispose() }
if ($publicKey -is [IDisposable]) { $publicKey.Dispose() }
if ($null -ne $ecdh) { $ecdh.Clear() }
}
}
function Unprotect-KeyDataWithRsaCertificate
{
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
$KeyData,
[Parameter(Mandatory = $true)]
[System.Security.Cryptography.X509Certificates.X509Certificate2]
$Certificate
)
$useOAEP = -not $keyData.LegacyPadding
$key = $null
$iv = $null
$doFinallyBlock = $true
try
{
$key = DecryptRsaData -Certificate $Certificate -CipherText $keyData.Key -UseOaepPadding:$useOAEP
$iv = DecryptRsaData -Certificate $Certificate -CipherText $keyData.IV -UseOaepPadding:$useOAEP
$doFinallyBlock = $false
return New-Object psobject -Property @{
Key = $key
IV = $iv
}
}
catch
{
throw
}
finally
{
if ($doFinallyBlock)
{
if ($key -is [IDisposable]) { $key.Dispose() }
if ($iv -is [IDisposable]) { $iv.Dispose() }
}
}
}
function DecryptRsaData([System.Security.Cryptography.X509Certificates.X509Certificate2] $Certificate,
[byte[]] $CipherText,
[switch] $UseOaepPadding)
{
if ($Certificate.PrivateKey -is [System.Security.Cryptography.RSACryptoServiceProvider])
{
return New-Object PowerShellUtils.PinnedArray[byte](
,$Certificate.PrivateKey.Decrypt($CipherText, $UseOaepPadding)
)
}
# By the time we get here, we've already validated that either the certificate has an RsaCryptoServiceProvider
# object in its PrivateKey property, or we can fetch an RSA CNG key.
$cngKey = $null
$cngRsa = $null
try
{
$cngKey = [Security.Cryptography.X509Certificates.X509Certificate2ExtensionMethods]::GetCngPrivateKey($Certificate)
$cngRsa = [Security.Cryptography.RSACng]$cngKey
$cngRsa.EncryptionHashAlgorithm = [System.Security.Cryptography.CngAlgorithm]::Sha1
if (-not $UseOaepPadding)
{
$cngRsa.EncryptionPaddingMode = [Security.Cryptography.AsymmetricPaddingMode]::Pkcs1
}
return New-Object PowerShellUtils.PinnedArray[byte](
,$cngRsa.DecryptValue($CipherText)
)
}
catch
{
throw
}
finally
{
if ($cngKey -is [IDisposable]) { $cngKey.Dispose() }
if ($null -ne $cngRsa) { $cngRsa.Clear() }
}
}
function Protect-KeyDataWithPassword
{
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[System.Security.SecureString]
$Password,
[Parameter(Mandatory = $true)]
[byte[]]
$Key,
[Parameter(Mandatory = $true)]
[byte[]]
$IV,
[ValidateRange(1,2147483647)]
[int]
$IterationCount = 1000
)
$keyGen = $null
$ephemeralKey = $null
$ephemeralIV = $null
try
{
$keyGen = Get-KeyGenerator -Password $Password -IterationCount $IterationCount
$ephemeralKey = New-Object PowerShellUtils.PinnedArray[byte](,$keyGen.GetBytes(32))
$ephemeralIV = New-Object PowerShellUtils.PinnedArray[byte](,$keyGen.GetBytes(16))
$hashSalt = Get-RandomBytes -Count 32
$hash = Get-PasswordHash -Password $Password -Salt $hashSalt -IterationCount $IterationCount
$encryptedKey = (Protect-DataWithAes -PlainText $Key -Key $ephemeralKey -IV $ephemeralIV -NoHMAC).CipherText
$encryptedIV = (Protect-DataWithAes -PlainText $IV -Key $ephemeralKey -IV $ephemeralIV -NoHMAC).CipherText
New-Object psobject -Property @{
Key = $encryptedKey
IV = $encryptedIV
Salt = $keyGen.Salt
IterationCount = $keyGen.IterationCount
Hash = $hash
HashSalt = $hashSalt
}
}
catch
{
throw
}
finally
{
if ($keyGen -is [IDisposable]) { $keyGen.Dispose() }
if ($ephemeralKey -is [IDisposable]) { $ephemeralKey.Dispose() }
if ($ephemeralIV -is [IDisposable]) { $ephemeralIV.Dispose() }
}
} # function Protect-KeyDataWithPassword
function Unprotect-KeyDataWithPassword
{
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
$KeyData,
[Parameter(Mandatory = $true)]
[System.Security.SecureString]
$Password
)
$keyGen = $null
$key = $null
$iv = $null
$ephemeralKey = $null
$ephemeralIV = $null
$doFinallyBlock = $true
try
{
$params = @{
Password = $Password
Salt = $KeyData.Salt.Clone()
IterationCount = $KeyData.IterationCount
}
$keyGen = Get-KeyGenerator @params
$ephemeralKey = New-Object PowerShellUtils.PinnedArray[byte](,$keyGen.GetBytes(32))
$ephemeralIV = New-Object PowerShellUtils.PinnedArray[byte](,$keyGen.GetBytes(16))
$key = (Unprotect-DataWithAes -CipherText $KeyData.Key -Key $ephemeralKey -IV $ephemeralIV).PlainText
$iv = (Unprotect-DataWithAes -CipherText $KeyData.IV -Key $ephemeralKey -IV $ephemeralIV).PlainText
$doFinallyBlock = $false
return New-Object psobject -Property @{
Key = $key
IV = $iv
}
}
catch
{
throw
}
finally
{
if ($keyGen -is [IDisposable]) { $keyGen.Dispose() }
if ($ephemeralKey -is [IDisposable]) { $ephemeralKey.Dispose() }
if ($ephemeralIV -is [IDisposable]) { $ephemeralIV.Dispose() }
if ($doFinallyBlock)
{
if ($key -is [IDisposable]) { $key.Dispose() }
if ($iv -is [IDisposable]) { $iv.Dispose() }
}
}
} # function Unprotect-KeyDataWithPassword
function ConvertTo-PinnedByteArray
{
[CmdletBinding()]
[OutputType([PowerShellUtils.PinnedArray[byte]])]
param (
[Parameter(Mandatory = $true)]
$InputObject
)
try
{
switch ($InputObject.GetType().FullName)
{
([string].FullName)
{
$pinnedArray = Convert-StringToPinnedByteArray -String $InputObject
break
}
([System.Security.SecureString].FullName)
{
$pinnedArray = Convert-SecureStringToPinnedByteArray -SecureString $InputObject
break
}
([System.Management.Automation.PSCredential].FullName)
{
$pinnedArray = Convert-PSCredentialToPinnedByteArray -Credential $InputObject
break
}
default
{
$byteArray = $InputObject -as [byte[]]
if ($null -eq $byteArray)
{
throw 'Something unexpected got through our parameter validation.'
}
else
{
$pinnedArray = New-Object PowerShellUtils.PinnedArray[byte](
,$byteArray.Clone()
)
}
}
}
$pinnedArray
}
catch
{
throw
}
} # function ConvertTo-PinnedByteArray
function ConvertFrom-ByteArray
{
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[byte[]]
$ByteArray,
[Parameter(Mandatory = $true)]
[ValidateScript({
if ($script:ValidTypes -notcontains $_)
{
throw "Invalid type specified. Type must be one of: $($script:ValidTypes -join ', ')"
}
return $true
})]
[type]
$Type,
[UInt32]
$StartIndex = 0,
[Nullable[UInt32]]
$ByteCount = $null
)
if ($null -eq $ByteCount)
{
$ByteCount = $ByteArray.Count - $StartIndex
}
if ($StartIndex + $ByteCount -gt $ByteArray.Count)
{
throw 'The specified index and count values exceed the bounds of the array.'
}
switch ($Type.FullName)
{
([string].FullName)
{
Convert-ByteArrayToString -ByteArray $ByteArray -StartIndex $StartIndex -ByteCount $ByteCount
break
}
([System.Security.SecureString].FullName)
{
Convert-ByteArrayToSecureString -ByteArray $ByteArray -StartIndex $StartIndex -ByteCount $ByteCount
break
}
([System.Management.Automation.PSCredential].FullName)
{
Convert-ByteArrayToPSCredential -ByteArray $ByteArray -StartIndex $StartIndex -ByteCount $ByteCount
break
}
([byte[]].FullName)
{
$array = New-Object byte[]($ByteCount)
[Array]::Copy($ByteArray, $StartIndex, $array, 0, $ByteCount)
,$array
break
}
default
{
throw 'Something unexpected got through parameter validation.'
}
}
} # function ConvertFrom-ByteArray
function Convert-StringToPinnedByteArray
{
[CmdletBinding()]
[OutputType([PowerShellUtils.PinnedArray[byte]])]
param (
[Parameter(Mandatory = $true)]
[string]
$String
)
New-Object PowerShellUtils.PinnedArray[byte](
,[System.Text.Encoding]::UTF8.GetBytes($String)
)
}
function Convert-SecureStringToPinnedByteArray
{
[CmdletBinding()]
[OutputType([PowerShellUtils.PinnedArray[byte]])]
param (
[Parameter(Mandatory = $true)]
[System.Security.SecureString]
$SecureString
)
try
{
$ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToGlobalAllocUnicode($SecureString)
$byteCount = $SecureString.Length * 2
$pinnedArray = New-Object PowerShellUtils.PinnedArray[byte]($byteCount)
[System.Runtime.InteropServices.Marshal]::Copy($ptr, $pinnedArray, 0, $byteCount)
$pinnedArray
}
catch
{
throw
}
finally
{
if ($null -ne $ptr)
{
[System.Runtime.InteropServices.Marshal]::ZeroFreeGlobalAllocUnicode($ptr)
}
}
} # function Convert-SecureStringToPinnedByteArray
function Convert-PSCredentialToPinnedByteArray
{
[CmdletBinding()]
[OutputType([PowerShellUtils.PinnedArray[byte]])]
param (
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$Credential
)
$passwordBytes = $null
$pinnedArray = $null
try
{
$passwordBytes = Convert-SecureStringToPinnedByteArray -SecureString $Credential.Password
$usernameBytes = [System.Text.Encoding]::Unicode.GetBytes($Credential.UserName)
$sizeBytes = [System.BitConverter]::GetBytes([uint32]$usernameBytes.Count)
if (-not [System.BitConverter]::IsLittleEndian) { [Array]::Reverse($sizeBytes) }
$doFinallyBlock = $true
try
{
$bufferSize = $passwordBytes.Count +
$usernameBytes.Count +
$script:PSCredentialHeader.Count +
$sizeBytes.Count
$pinnedArray = New-Object PowerShellUtils.PinnedArray[byte]($bufferSize)
$destIndex = 0
[Array]::Copy(
$script:PSCredentialHeader, 0, $pinnedArray.Array, $destIndex, $script:PSCredentialHeader.Count
)
$destIndex += $script:PSCredentialHeader.Count
[Array]::Copy($sizeBytes, 0, $pinnedArray.Array, $destIndex, $sizeBytes.Count)
$destIndex += $sizeBytes.Count
[Array]::Copy($usernameBytes, 0, $pinnedArray.Array, $destIndex, $usernameBytes.Count)
$destIndex += $usernameBytes.Count
[Array]::Copy($passwordBytes.Array, 0, $pinnedArray.Array, $destIndex, $passwordBytes.Count)
$doFinallyBlock = $false
$pinnedArray
}
finally
{
if ($doFinallyBlock)
{
if ($pinnedArray -is [IDisposable]) { $pinnedArray.Dispose() }
}
}
}
catch
{
throw
}
finally
{
if ($passwordBytes -is [IDisposable]) { $passwordBytes.Dispose() }
}
} # function Convert-PSCredentialToPinnedByteArray
function Convert-ByteArrayToString
{
[CmdletBinding()]
[OutputType([string])]
param (
[Parameter(Mandatory = $true)]
[byte[]]
$ByteArray,
[Parameter(Mandatory = $true)]
[UInt32]
$StartIndex,
[Parameter(Mandatory = $true)]
[UInt32]
$ByteCount
)
[System.Text.Encoding]::UTF8.GetString($ByteArray, $StartIndex, $ByteCount)
}
function Convert-ByteArrayToSecureString
{
[CmdletBinding()]
[OutputType([System.Security.SecureString])]
param (
[Parameter(Mandatory = $true)]
[byte[]]
$ByteArray,
[Parameter(Mandatory = $true)]
[UInt32]
$StartIndex,
[Parameter(Mandatory = $true)]
[UInt32]
$ByteCount
)
$chars = $null
$memoryStream = $null
$streamReader = $null
try
{
$ss = New-Object System.Security.SecureString
$memoryStream = New-Object System.IO.MemoryStream($ByteArray, $StartIndex, $ByteCount)
$streamReader = New-Object System.IO.StreamReader($memoryStream, [System.Text.Encoding]::Unicode, $false)
$chars = New-Object PowerShellUtils.PinnedArray[char](1024)
while (($read = $streamReader.Read($chars, 0, $chars.Count)) -gt 0)
{
for ($i = 0; $i -lt $read; $i++)
{
$ss.AppendChar($chars[$i])
}
}
$ss.MakeReadOnly()
$ss
}
finally
{
if ($streamReader -is [IDisposable]) { $streamReader.Dispose() }
if ($memoryStream -is [IDisposable]) { $memoryStream.Dispose() }
if ($chars -is [IDisposable]) { $chars.Dispose() }
}
} # function Convert-ByteArrayToSecureString
function Convert-ByteArrayToPSCredential
{
[CmdletBinding()]
[OutputType([System.Management.Automation.PSCredential])]
param (
[Parameter(Mandatory = $true)]
[byte[]]
$ByteArray,
[Parameter(Mandatory = $true)]
[UInt32]
$StartIndex,
[Parameter(Mandatory = $true)]
[UInt32]
$ByteCount
)
$message = 'Byte array is not a serialized PSCredential object.'
if ($ByteCount -lt $script:PSCredentialHeader.Count + 4) { throw $message }
for ($i = 0; $i -lt $script:PSCredentialHeader.Count; $i++)
{
if ($ByteArray[$StartIndex + $i] -ne $script:PSCredentialHeader[$i]) { throw $message }
}
$i = $StartIndex + $script:PSCredentialHeader.Count
$sizeBytes = $ByteArray[$i..($i+3)]
if (-not [System.BitConverter]::IsLittleEndian) { [array]::Reverse($sizeBytes) }
$i += 4
$size = [System.BitConverter]::ToUInt32($sizeBytes, 0)
if ($ByteCount -lt $i + $size) { throw $message }
$userName = [System.Text.Encoding]::Unicode.GetString($ByteArray, $i, $size)
$i += $size
try
{
$params = @{
ByteArray = $ByteArray
StartIndex = $i
ByteCount = $StartIndex + $ByteCount - $i
}
$secureString = Convert-ByteArrayToSecureString @params
}
catch
{
throw $message
}
New-Object System.Management.Automation.PSCredential($userName, $secureString)
} # function Convert-ByteArrayToPSCredential
function Test-IsProtectedData
{
[CmdletBinding()]
[OutputType([bool])]
param (
[Parameter(Mandatory = $true)]
[psobject]
$InputObject
)
$isValid = $true
$cipherText = $InputObject.CipherText -as [byte[]]
$type = $InputObject.Type -as [string]
if ($null -eq $cipherText -or $cipherText.Count -eq 0 -or
[string]::IsNullOrEmpty($type) -or
$null -eq $InputObject.KeyData)
{
$isValid = $false
}
if ($isValid)
{
foreach ($object in $InputObject.KeyData)
{
if (-not (Test-IsKeyData -InputObject $object))
{
$isValid = $false
break
}
}
}
return $isValid
} # function Test-IsProtectedData
function Test-IsKeyData
{
[CmdletBinding()]
[OutputType([bool])]
param (
[Parameter(Mandatory = $true)]
[psobject]
$InputObject
)
$isValid = $true
$key = $InputObject.Key -as [byte[]]
$iv = $InputObject.IV -as [byte[]]
if ($null -eq $key -or $null -eq $iv -or $key.Count -eq 0 -or $iv.Count -eq 0)
{
$isValid = $false
}
if ($isValid)
{
$isCertificate = Test-IsCertificateProtectedKeyData -InputObject $InputObject
$isPassword = Test-IsPasswordProtectedKeydata -InputObject $InputObject
$isValid = $isCertificate -or $isPassword
}
return $isValid
} # function Test-IsKeyData
function Test-IsPasswordProtectedKeyData
{
[CmdletBinding()]
[OutputType([bool])]
param (
[Parameter(Mandatory = $true)]
[psobject]
$InputObject
)
$isValid = $true
$salt = $InputObject.Salt -as [byte[]]
$hash = $InputObject.Hash -as [string]
$hashSalt = $InputObject.HashSalt -as [byte[]]
$iterations = $InputObject.IterationCount -as [int]
if ($null -eq $salt -or $salt.Count -eq 0 -or
$null -eq $hashSalt -or $hashSalt.Count -eq 0 -or
$null -eq $iterations -or $iterations -eq 0 -or
$null -eq $hash -or $hash -notmatch '^[A-F\d]+$')
{
$isValid = $false
}
return $isValid
} # function Test-IsPasswordProtectedKeyData
function Test-IsCertificateProtectedKeyData
{
[CmdletBinding()]
[OutputType([bool])]
param (
[Parameter(Mandatory = $true)]
[psobject]
$InputObject
)
$isValid = $true
$thumbprint = $InputObject.Thumbprint -as [string]
if ($null -eq $thumbprint -or $thumbprint -notmatch '^[A-F\d]+$')
{
$isValid = $false
}
return $isValid
} # function Test-IsCertificateProtectedKeyData
#endregion
# SIG # Begin signature block
# MIIhfgYJKoZIhvcNAQcCoIIhbzCCIWsCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB
# gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR
# AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUDcPa+jtE0RQdPndabdJGpyDB
# yhOgghywMIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0B
# AQUFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD
# VQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVk
# IElEIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQsw
# CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu
# ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg
# Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg
# +XESpa7cJpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lT
# XDGEKvYPmDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5
# a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g
# 0I6QNcZ4VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1
# roV9Iq4/AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whf
# GHdPAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0G
# A1UdDgQWBBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLL
# gjEtUYunpyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3
# cmbYMuRCdWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmr
# EthngYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+
# fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5Q
# Z7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu
# 838fYxAe+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw
# 8jCCBQswggPzoAMCAQICEAOiV15N2F/TLPzy+oVrWjMwDQYJKoZIhvcNAQEFBQAw
# bzELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ
# d3d3LmRpZ2ljZXJ0LmNvbTEuMCwGA1UEAxMlRGlnaUNlcnQgQXNzdXJlZCBJRCBD
# b2RlIFNpZ25pbmcgQ0EtMTAeFw0xNDA1MDUwMDAwMDBaFw0xNTA1MTMxMjAwMDBa
# MGExCzAJBgNVBAYTAkNBMQswCQYDVQQIEwJPTjERMA8GA1UEBxMIQnJhbXB0b24x
# GDAWBgNVBAoTD0RhdmlkIExlZSBXeWF0dDEYMBYGA1UEAxMPRGF2aWQgTGVlIFd5
# YXR0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcX51YAyViQE16mg
# +IVQCQ0O8QC/wXBzTMPirnoGK9TThmxQIYgtcekZ5Xa/dWpW0xKKjaS6dRwYYXET
# pzozoMWZbFDVrgKaqtuZNu9TD6rqK/QKf4iL/eikr0NIUL4CoSEQDeGLXDw7ntzZ
# XKM86RuPw6MlDapfFQQFIMjsT7YaoqQNTOxhbiFoHVHqP7xL3JTS7TApa/RnNYyl
# O7SQ7TSNsekiXGwUNxPqt6UGuOP0nyR+GtNiBcPfeUi+XaqjjBmpqgDbkEIMLDuf
# fDO54VKvDLl8D2TxTFOcKZv61IcToOs+8z1sWTpMWI2MBuLhRR3A6iIhvilTYRBI
# iX5FZQIDAQABo4IBrzCCAaswHwYDVR0jBBgwFoAUe2jOKarAF75JeuHlP9an90WP
# NTIwHQYDVR0OBBYEFDS4+PmyUp+SmK2GR+NCMiLd+DpvMA4GA1UdDwEB/wQEAwIH
# gDATBgNVHSUEDDAKBggrBgEFBQcDAzBtBgNVHR8EZjBkMDCgLqAshipodHRwOi8v
# Y3JsMy5kaWdpY2VydC5jb20vYXNzdXJlZC1jcy1nMS5jcmwwMKAuoCyGKmh0dHA6
# Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9hc3N1cmVkLWNzLWcxLmNybDBCBgNVHSAEOzA5
# MDcGCWCGSAGG/WwDATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2Vy
# dC5jb20vQ1BTMIGCBggrBgEFBQcBAQR2MHQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
# Y3NwLmRpZ2ljZXJ0LmNvbTBMBggrBgEFBQcwAoZAaHR0cDovL2NhY2VydHMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEQ29kZVNpZ25pbmdDQS0xLmNydDAM
# BgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUAA4IBAQBbzAp8wys0A5LcuENslW0E
# oz7rc0A8h+XgjJWdJOFRohE1mZRFpdkVxM0SRqw7IzlSFtTMCsVVPNwU6O7y9rCY
# x5agx3CJBkJVDR/Y7DcOQTmmHy1zpcrKAgTznZuKUQZLpoYz/bA+Uh+bvXB9woCA
# IRbchos1oxC+7/gjuxBMKh4NM+9NIvWs6qpnH5JeBidQDQXp3flPkla+MKrPTL/T
# /amgna5E+9WHWnXbMFCpZ5n1bI1OvgNVZlYC/JTa4fjPEk8d16jYVP4GlRz/QUYI
# y6IAGc/z6xpkdtpXWVCbW0dCd5ybfUYTaeCJumGpS/HSJ7JcTZj694QDOKNvhfrm
# MIIGajCCBVKgAwIBAgIQAwGaAjr/WLFr1tXq5hfwZjANBgkqhkiG9w0BAQUFADBi
# MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
# d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBBc3N1cmVkIElEIENB
# LTEwHhcNMTQxMDIyMDAwMDAwWhcNMjQxMDIyMDAwMDAwWjBHMQswCQYDVQQGEwJV
# UzERMA8GA1UEChMIRGlnaUNlcnQxJTAjBgNVBAMTHERpZ2lDZXJ0IFRpbWVzdGFt
# cCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjZF38
# fLPggjXg4PbGKuZJdTvMbuBTqZ8fZFnmfGt/a4ydVfiS457VWmNbAklQ2YPOb2bu
# 3cuF6V+l+dSHdIhEOxnJ5fWRn8YUOawk6qhLLJGJzF4o9GS2ULf1ErNzlgpno75h
# n67z/RJ4dQ6mWxT9RSOOhkRVfRiGBYxVh3lIRvfKDo2n3k5f4qi2LVkCYYhhchho
# ubh87ubnNC8xd4EwH7s2AY3vJ+P3mvBMMWSN4+v6GYeofs/sjAw2W3rBerh4x8kG
# LkYQyI3oBGDbvHN0+k7Y/qpA8bLOcEaD6dpAoVk62RUJV5lWMJPzyWHM0AjMa+xi
# QpGsAsDvpPCJEY93AgMBAAGjggM1MIIDMTAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0T
# AQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDCCAb8GA1UdIASCAbYwggGy
# MIIBoQYJYIZIAYb9bAcBMIIBkjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGln
# aWNlcnQuY29tL0NQUzCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjALBglghkgBhv1s
# AxUwHwYDVR0jBBgwFoAUFQASKxOYspkH7R7for5XDStnAs0wHQYDVR0OBBYEFGFa
# TSS2STKdSip5GoNL9B6Jwcp9MH0GA1UdHwR2MHQwOKA2oDSGMmh0dHA6Ly9jcmwz
# LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRENBLTEuY3JsMDigNqA0hjJo
# dHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURDQS0xLmNy
# bDB3BggrBgEFBQcBAQRrMGkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2lj
# ZXJ0LmNvbTBBBggrBgEFBQcwAoY1aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29t
# L0RpZ2lDZXJ0QXNzdXJlZElEQ0EtMS5jcnQwDQYJKoZIhvcNAQEFBQADggEBAJ0l
# fhszTbImgVybhs4jIA+Ah+WI//+x1GosMe06FxlxF82pG7xaFjkAneNshORaQPve
# BgGMN/qbsZ0kfv4gpFetW7easGAm6mlXIV00Lx9xsIOUGQVrNZAQoHuXx/Y/5+IR
# Qaa9YtnwJz04HShvOlIJ8OxwYtNiS7Dgc6aSwNOOMdgv420XEwbu5AO2FKvzj0On
# cZ0h3RTKFV2SQdr5D4HRmXQNJsQOfxu19aDxxncGKBXp2JPlVRbwuwqrHNtcSCdm
# yKOLChzlldquxC5ZoGHd2vNtomHpigtt7BIYvfdVVEADkitrwlHCCkivsNRu4PQU
# Cjob4489yq9qjXvc2EQwggajMIIFi6ADAgECAhAPqEkGFdcAoL4hdv3F7G29MA0G
# CSqGSIb3DQEBBQUAMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
# bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0
# IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0xMTAyMTExMjAwMDBaFw0yNjAyMTAxMjAw
# MDBaMG8xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNV
# BAsTEHd3dy5kaWdpY2VydC5jb20xLjAsBgNVBAMTJURpZ2lDZXJ0IEFzc3VyZWQg
# SUQgQ29kZSBTaWduaW5nIENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
# AoIBAQCcfPmgjwrKiUtTmjzsGSJ/DMv3SETQPyJumk/6zt/G0ySR/6hSk+dy+PFG
# hpTFqxf0eH/Ler6QJhx8Uy/lg+e7agUozKAXEUsYIPO3vfLcy7iGQEUfT/k5mNM7
# 629ppFwBLrFm6aa43Abero1i/kQngqkDw/7mJguTSXHlOG1O/oBcZ3e11W9mZJRr
# u4hJaNjR9H4hwebFHsnglrgJlflLnq7MMb1qWkKnxAVHfWAr2aFdvftWk+8b/HL5
# 3z4y/d0qLDJG2l5jvNC4y0wQNfxQX6xDRHz+hERQtIwqPXQM9HqLckvgVrUTtmPp
# P05JI+cGFvAlqwH4KEHmx9RkO12rAgMBAAGjggNDMIIDPzAOBgNVHQ8BAf8EBAMC
# AYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwggHDBgNVHSAEggG6MIIBtjCCAbIGCGCG
# SAGG/WwDMIIBpDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20v
# c3NsLWNwcy1yZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBu
# AHkAIAB1AHMAZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0
# AGUAIABjAG8AbgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBl
# ACAAbwBmACAAdABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAg
# AGEAbgBkACAAdABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBn
# AHIAZQBlAG0AZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBi
# AGkAbABpAHQAeQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0
# AGUAZAAgAGgAZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAS
# BgNVHRMBAf8ECDAGAQH/AgEAMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYY
# aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2Fj
# ZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGB
# BgNVHR8EejB4MDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNl
# cnRBc3N1cmVkSURSb290Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2Vy
# dC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMB0GA1UdDgQWBBR7aM4p
# qsAXvkl64eU/1qf3RY81MjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823I
# DzANBgkqhkiG9w0BAQUFAAOCAQEAe3IdZP+IyDrBt+nnqcSHu9uUkteQWTP6K4fe
# qFuAJT8Tj5uDG3xDxOaM3zk+wxXssNo7ISV7JMFyXbhHkYETRvqcP2pRON60Jcvw
# q9/FKAFUeRBGJNE4DyahYZBNur0o5j/xxKqb9to1U0/J8j3TbNwj7aqgTWcJ8zqA
# PTz7NkyQ53ak3fI6v1Y1L6JMZejg1NrRx8iRai0jTzc7GZQY1NWcEDzVsRwZ/4/I
# a5ue+K6cmZZ40c2cURVbQiZyWo0KSiOSQOiG3iLCkzrUm2im3yl/Brk8Dr2fxIac
# gkdCcTKGCZlyCXlLnXFp9UH/fzl3ZPGEjb6LHrJ9aKOlkLEM/zCCBs0wggW1oAMC
# AQICEAb9+QOWA63qAArrPye7uhswDQYJKoZIhvcNAQEFBQAwZTELMAkGA1UEBhMC
# VVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0
# LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBSb290IENBMB4XDTA2
# MTExMDAwMDAwMFoXDTIxMTExMDAwMDAwMFowYjELMAkGA1UEBhMCVVMxFTATBgNV
# BAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEhMB8G
# A1UEAxMYRGlnaUNlcnQgQXNzdXJlZCBJRCBDQS0xMIIBIjANBgkqhkiG9w0BAQEF
# AAOCAQ8AMIIBCgKCAQEA6IItmfnKwkKVpYBzQHDSnlZUXKnE0kEGj8kz/E1FkVyB
# n+0snPgWWd+etSQVwpi5tHdJ3InECtqvy15r7a2wcTHrzzpADEZNk+yLejYIA6sM
# NP4YSYL+x8cxSIB8HqIPkg5QycaH6zY/2DDD/6b3+6LNb3Mj/qxWBZDwMiEWicZw
# iPkFl32jx0PdAug7Pe2xQaPtP77blUjE7h6z8rwMK5nQxl0SQoHhg26Ccz8mSxSQ
# rllmCsSNvtLOBq6thG9IhJtPQLnxTPKvmPv2zkBdXPao8S+v7Iki8msYZbHBc63X
# 8djPHgp0XEK4aH631XcKJ1Z8D2KkPzIUYJX9BwSiCQIDAQABo4IDejCCA3YwDgYD
# VR0PAQH/BAQDAgGGMDsGA1UdJQQ0MDIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYB
# BQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCDCCAdIGA1UdIASCAckwggHFMIIBtAYK
# YIZIAYb9bAABBDCCAaQwOgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cuZGlnaWNlcnQu
# Y29tL3NzbC1jcHMtcmVwb3NpdG9yeS5odG0wggFkBggrBgEFBQcCAjCCAVYeggFS
# AEEAbgB5ACAAdQBzAGUAIABvAGYAIAB0AGgAaQBzACAAQwBlAHIAdABpAGYAaQBj
# AGEAdABlACAAYwBvAG4AcwB0AGkAdAB1AHQAZQBzACAAYQBjAGMAZQBwAHQAYQBu
# AGMAZQAgAG8AZgAgAHQAaABlACAARABpAGcAaQBDAGUAcgB0ACAAQwBQAC8AQwBQ
# AFMAIABhAG4AZAAgAHQAaABlACAAUgBlAGwAeQBpAG4AZwAgAFAAYQByAHQAeQAg
# AEEAZwByAGUAZQBtAGUAbgB0ACAAdwBoAGkAYwBoACAAbABpAG0AaQB0ACAAbABp
# AGEAYgBpAGwAaQB0AHkAIABhAG4AZAAgAGEAcgBlACAAaQBuAGMAbwByAHAAbwBy
# AGEAdABlAGQAIABoAGUAcgBlAGkAbgAgAGIAeQAgAHIAZQBmAGUAcgBlAG4AYwBl
# AC4wCwYJYIZIAYb9bAMVMBIGA1UdEwEB/wQIMAYBAf8CAQAweQYIKwYBBQUHAQEE
# bTBrMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQwYIKwYB
# BQUHMAKGN2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3Vy
# ZWRJRFJvb3RDQS5jcnQwgYEGA1UdHwR6MHgwOqA4oDaGNGh0dHA6Ly9jcmwzLmRp
# Z2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwOqA4oDaGNGh0
# dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5j
# cmwwHQYDVR0OBBYEFBUAEisTmLKZB+0e36K+Vw0rZwLNMB8GA1UdIwQYMBaAFEXr
# oq/0ksuCMS1Ri6enIZ3zbcgPMA0GCSqGSIb3DQEBBQUAA4IBAQBGUD7Jtygkpzgd
# tlspr1LPUukxR6tWXHvVDQtBs+/sdR90OPKyXGGinJXDUOSCuSPRujqGcq04eKx1
# XRcXNHJHhZRW0eu7NoR3zCSl8wQZVann4+erYs37iy2QwsDStZS9Xk+xBdIOPRqp
# FFumhjFiqKgz5Js5p8T1zh14dpQlc+Qqq8+cdkvtX8JLFuRLcEwAiR78xXm8TBJX
# /l/hHrwCXaj++wc4Tw3GXZG5D2dFzdaD7eeSDY2xaYxP+1ngIw/Sqq4AfO6cQg7P
# kdcntxbuD8O9fAqg7iwIVYUiuOsYGk38KiGtSTGDR5V3cdyxG0tLHBCcdxTBnU8v
# WpUIKRAmMYIEODCCBDQCAQEwgYMwbzELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERp
# Z2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEuMCwGA1UEAxMl
# RGlnaUNlcnQgQXNzdXJlZCBJRCBDb2RlIFNpZ25pbmcgQ0EtMQIQA6JXXk3YX9Ms
# /PL6hWtaMzAJBgUrDgMCGgUAoHgwGAYKKwYBBAGCNwIBDDEKMAigAoAAoQKAADAZ
# BgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3AgELMQ4wDAYKKwYB
# BAGCNwIBFTAjBgkqhkiG9w0BCQQxFgQUczcU4EQbsHsF+0fAtzmOYQ2luqswDQYJ
# KoZIhvcNAQEBBQAEggEAsK4hIA69OO5v64a+iCySO2GykIekLe/KkMQksghglW4r
# T4KCbSZsEFHaCL26wGXuU+lshVZNJpouwO3dZrJ3EZLPm0gV5V4IbdQShxFbt+ku
# 6nwPwpS2CM+kQsCWlbOv1qrmJSR1P1FEH3iSdwvsqsljPt6WY48XK4YftM2/fu6L
# x9cyp7qwPW2yFRTQUPQyD2pZ57rBu9pgy5y/Jsa07WX7INr7sP1mOlL1aTVaI6PC
# dHmf170sNawIHNkAmEkWwsRMY/ARGB53b0uj+7FoeNMwhNP2sVujlnkpN+vnlR6S
# 4KGs8OXVuoyC589/w1fevklHu2/8eoyIwuxNJwF1RaGCAg8wggILBgkqhkiG9w0B
# CQYxggH8MIIB+AIBATB2MGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2Vy
# dCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lD
# ZXJ0IEFzc3VyZWQgSUQgQ0EtMQIQAwGaAjr/WLFr1tXq5hfwZjAJBgUrDgMCGgUA
# oF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTQx
# MTEyMDQ0MjA4WjAjBgkqhkiG9w0BCQQxFgQUq0UoWVLmx9Ow11i3PVaNjKOZUmAw
# DQYJKoZIhvcNAQEBBQAEggEAZ6Eni3CBcUeNSuTPLQcMX+3IoPNkCPieJZafxHhk
# jyuuZHQYtRcvmrfeJxdVuBqt4Z48r+GEm0aKyhK3yxtHXJa1kvOGlvk5aanYAgTr
# bXqVFGTYLzz9AF2V1yDlMEOqcl6z7qB+5+WYLJD+Gi070NjcLMEH40fj2hJ2Nu0h
# KxeND3Xr8bs36/7NTN83IylwtFcruVl3KoB1Xa3jJxFh7LHaPCV3lFLzY+eMlKih
# lVmge5jdzimg3YZ58ab39WZqGiRuCu5lldb7dQ450vfAac8duNjQmpo27HVBbrxT
# 8p4gxbSx9xKMrQ6DPxdYw4om1h5P4YdOwf8baPJDHI9nmQ==
# SIG # End signature block
TOPIC
about_ProtectedData
SHORT DESCRIPTION
Provides background information about the ProtectedData module.
About ProtectedData
When you need to store secret data, such as a set of credentials, in a
PowerShell script, you would typically use the Export-Clixml or
ConvertFrom-SecureString cmdlets to accomplish this. These commands
leverage the Windows Data Protection API (DPAPI) to perform the encryption.
The DPAPI is extremely convenient, but it has a limitation: the data can
only be decrypted by the user who originally encrypted it, and in many cases,
this decryption can only happen on the same computer where the encryption
took place (unless you have Credential Roaming or Roaming Profiles enabled
in an Active Directory environment.)
The ProtectedData module exists to overcome this limitation, while still
allowing the convenience of not having to worry about managing or protecting
encryption keys. It does this, primarily, by leveraging digital certificates.
How It Works
When you send a piece of data to the Protect-Data command, it is encrypted
using a randomly-generated AES key and initialization vector (IV). Copies
of this key and IV are then encrypted using either the public keys of RSA
or ECDH certificates, or using a password-derived AES key (more on that later.)
The resulting object can be persisted to disk with Export-Clixml, and can
later be read back in with Import-Clixml and then passed to the
Unprotect-Data command. When you call Unprotect-Data, you must pass in either
one of the passwords that was to protect the data, or the thumbprint of one
of the certificates that was used to protect the data. If you use a certificate
when calling Unprotect-Data, you must have the certificate's private key.
Regarding Password-derived Keys
This module's intended use is to leverage certificate-based encryption wherever
possible. This is what provides security, without the need for the user to worry
about key protection or key management; the operating system takes care of this for
you when you install a certificate (with or without its private key.)
The various -Password parameters to the ProtectedData module's commands are
intended as a backup mechanism. If you are unable to decrypt the data with
a certificate for some reason, you'd be able to enter the correct password
to retrieve it or to add a new certificate-encrypted copy of the keys.
If you do use the Password functionality of the module, you're encouraged to
always enter these passwords interactively. If you try to persist the passwords
in some way, you're back to the original problem: you can either use DPAPI
and accept its limitations, or you have to manage and protect encryption keys
yourself.
All passwords are passed to the ProtectedData commands in the form of
SecureString objects.
Supported Data Types
All data must be serialized to a byte array before it can be encrypted. The
ProtectedData module supports automatic serialization / deserialization of
PSCredential, SecureString, and String objects. If you want to encrypt another
data type instead, you're responsible for converting it to a byte array yourself
first, and passing the resulting byte array to Protect-Data's -InputObject
parameter.
The ProtectedData object which is returned from the Protect-Data command includes
a Type property. When you pass the object to Unprotect-Data, it uses this information
to build and return an object of the original type for you (PSCredential, SecureString,
String or Byte[] .)
Regarding In-Memory Security
The commands in the ProtectedData module make an effort to minimize the amount
of time that any sensitive, unencrypted data is left in memory as well, but
this is a tricky topic in a .NET application. The Garbage Collector can
sometimes create copies of unencrypted byte arrays before the module has had
a chance to pin them. This in-memory security is provided on a "best effort"
basis.
Certificate requirements
The RSA certificates used with this module must allow Key Encipherment in their
Key Usage extension. ECDH certificate must allow the Key Agreement Key Usage
extension. All certificates must also be issued by a trusted certificate
authority and be currently valid, unless you pass the -SkipCertificateVerification
switch parameter when calling the various commands in the module. This switch
allows you to leverage self-signed certificates, etc, if you don't care about
validating a trust chain and just want to get at the certificate's key pair.
You can verify which of your certificates are usable for both encryption and
decryption ahead of time by running the following command:
Get-KeyEncryptionCertificate -RequirePrivateKey -SkipCertificateVerification
(With this set of parameters, the command searches the entire Cert: drive, including
both CurrentUser and LocalMachine stores, and as mentioned earlier, the
-SkipCertificateVerification switch ignores certificate validity periods, trust
chains and revocation status.)
SEE ALSO
Protect-Data
Unprotect-Data
Add-ProtectedDataCredential
Remove-ProtectedDataCredential
Get-ProtectedDataSupportedTypes
Get-KeyEncryptionCertificate
Add-Type -ReferencedAssemblies System.Core -WarningAction SilentlyContinue -TypeDefinition @'
namespace PowerShellUtils
{
using System;
using System.Reflection;
using System.Security.Cryptography;
public class FipsHmacSha256 : HMAC
{
// Class exists to guarantee FIPS compliant SHA-256 HMAC, which isn't
// the case in the built-in HMACSHA256 class in older version of the
// .NET Framework and PowerShell.
private static RNGCryptoServiceProvider rng;
private static RNGCryptoServiceProvider Rng
{
get
{
if (rng == null)
{
rng = new RNGCryptoServiceProvider();
}
return rng;
}
}
private static byte[] GetRandomBytes(int keyLength)
{
byte[] array = new byte[keyLength];
Rng.GetBytes(array);
return array;
}
public FipsHmacSha256() : this(GetRandomBytes(64)) { }
public FipsHmacSha256(byte[] key)
{
BindingFlags flags = BindingFlags.Instance | BindingFlags.NonPublic;
typeof(HMAC).GetField("m_hashName", flags).SetValue(this, "SHA256");
typeof(HMAC).GetField("m_hash1", flags).SetValue(this, new SHA256CryptoServiceProvider());
typeof(HMAC).GetField("m_hash2", flags).SetValue(this, new SHA256CryptoServiceProvider());
HashSizeValue = 256;
Key = key;
}
}
}
'@
# SIG # Begin signature block
# MIIhfgYJKoZIhvcNAQcCoIIhbzCCIWsCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB
# gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR
# AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQU6SvJQWGGzNPYmQKPDMpa/G21
# EOagghywMIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0B
# AQUFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD
# VQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVk
# IElEIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQsw
# CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu
# ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg
# Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg
# +XESpa7cJpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lT
# XDGEKvYPmDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5
# a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g
# 0I6QNcZ4VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1
# roV9Iq4/AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whf
# GHdPAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0G
# A1UdDgQWBBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLL
# gjEtUYunpyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3
# cmbYMuRCdWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmr
# EthngYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+
# fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5Q
# Z7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu
# 838fYxAe+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw
# 8jCCBQswggPzoAMCAQICEAOiV15N2F/TLPzy+oVrWjMwDQYJKoZIhvcNAQEFBQAw
# bzELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ
# d3d3LmRpZ2ljZXJ0LmNvbTEuMCwGA1UEAxMlRGlnaUNlcnQgQXNzdXJlZCBJRCBD
# b2RlIFNpZ25pbmcgQ0EtMTAeFw0xNDA1MDUwMDAwMDBaFw0xNTA1MTMxMjAwMDBa
# MGExCzAJBgNVBAYTAkNBMQswCQYDVQQIEwJPTjERMA8GA1UEBxMIQnJhbXB0b24x
# GDAWBgNVBAoTD0RhdmlkIExlZSBXeWF0dDEYMBYGA1UEAxMPRGF2aWQgTGVlIFd5
# YXR0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcX51YAyViQE16mg
# +IVQCQ0O8QC/wXBzTMPirnoGK9TThmxQIYgtcekZ5Xa/dWpW0xKKjaS6dRwYYXET
# pzozoMWZbFDVrgKaqtuZNu9TD6rqK/QKf4iL/eikr0NIUL4CoSEQDeGLXDw7ntzZ
# XKM86RuPw6MlDapfFQQFIMjsT7YaoqQNTOxhbiFoHVHqP7xL3JTS7TApa/RnNYyl
# O7SQ7TSNsekiXGwUNxPqt6UGuOP0nyR+GtNiBcPfeUi+XaqjjBmpqgDbkEIMLDuf
# fDO54VKvDLl8D2TxTFOcKZv61IcToOs+8z1sWTpMWI2MBuLhRR3A6iIhvilTYRBI
# iX5FZQIDAQABo4IBrzCCAaswHwYDVR0jBBgwFoAUe2jOKarAF75JeuHlP9an90WP
# NTIwHQYDVR0OBBYEFDS4+PmyUp+SmK2GR+NCMiLd+DpvMA4GA1UdDwEB/wQEAwIH
# gDATBgNVHSUEDDAKBggrBgEFBQcDAzBtBgNVHR8EZjBkMDCgLqAshipodHRwOi8v
# Y3JsMy5kaWdpY2VydC5jb20vYXNzdXJlZC1jcy1nMS5jcmwwMKAuoCyGKmh0dHA6
# Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9hc3N1cmVkLWNzLWcxLmNybDBCBgNVHSAEOzA5
# MDcGCWCGSAGG/WwDATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2Vy
# dC5jb20vQ1BTMIGCBggrBgEFBQcBAQR2MHQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
# Y3NwLmRpZ2ljZXJ0LmNvbTBMBggrBgEFBQcwAoZAaHR0cDovL2NhY2VydHMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEQ29kZVNpZ25pbmdDQS0xLmNydDAM
# BgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUAA4IBAQBbzAp8wys0A5LcuENslW0E
# oz7rc0A8h+XgjJWdJOFRohE1mZRFpdkVxM0SRqw7IzlSFtTMCsVVPNwU6O7y9rCY
# x5agx3CJBkJVDR/Y7DcOQTmmHy1zpcrKAgTznZuKUQZLpoYz/bA+Uh+bvXB9woCA
# IRbchos1oxC+7/gjuxBMKh4NM+9NIvWs6qpnH5JeBidQDQXp3flPkla+MKrPTL/T
# /amgna5E+9WHWnXbMFCpZ5n1bI1OvgNVZlYC/JTa4fjPEk8d16jYVP4GlRz/QUYI
# y6IAGc/z6xpkdtpXWVCbW0dCd5ybfUYTaeCJumGpS/HSJ7JcTZj694QDOKNvhfrm
# MIIGajCCBVKgAwIBAgIQAwGaAjr/WLFr1tXq5hfwZjANBgkqhkiG9w0BAQUFADBi
# MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
# d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBBc3N1cmVkIElEIENB
# LTEwHhcNMTQxMDIyMDAwMDAwWhcNMjQxMDIyMDAwMDAwWjBHMQswCQYDVQQGEwJV
# UzERMA8GA1UEChMIRGlnaUNlcnQxJTAjBgNVBAMTHERpZ2lDZXJ0IFRpbWVzdGFt
# cCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjZF38
# fLPggjXg4PbGKuZJdTvMbuBTqZ8fZFnmfGt/a4ydVfiS457VWmNbAklQ2YPOb2bu
# 3cuF6V+l+dSHdIhEOxnJ5fWRn8YUOawk6qhLLJGJzF4o9GS2ULf1ErNzlgpno75h
# n67z/RJ4dQ6mWxT9RSOOhkRVfRiGBYxVh3lIRvfKDo2n3k5f4qi2LVkCYYhhchho
# ubh87ubnNC8xd4EwH7s2AY3vJ+P3mvBMMWSN4+v6GYeofs/sjAw2W3rBerh4x8kG
# LkYQyI3oBGDbvHN0+k7Y/qpA8bLOcEaD6dpAoVk62RUJV5lWMJPzyWHM0AjMa+xi
# QpGsAsDvpPCJEY93AgMBAAGjggM1MIIDMTAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0T
# AQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDCCAb8GA1UdIASCAbYwggGy
# MIIBoQYJYIZIAYb9bAcBMIIBkjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGln
# aWNlcnQuY29tL0NQUzCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjALBglghkgBhv1s
# AxUwHwYDVR0jBBgwFoAUFQASKxOYspkH7R7for5XDStnAs0wHQYDVR0OBBYEFGFa
# TSS2STKdSip5GoNL9B6Jwcp9MH0GA1UdHwR2MHQwOKA2oDSGMmh0dHA6Ly9jcmwz
# LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRENBLTEuY3JsMDigNqA0hjJo
# dHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURDQS0xLmNy
# bDB3BggrBgEFBQcBAQRrMGkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2lj
# ZXJ0LmNvbTBBBggrBgEFBQcwAoY1aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29t
# L0RpZ2lDZXJ0QXNzdXJlZElEQ0EtMS5jcnQwDQYJKoZIhvcNAQEFBQADggEBAJ0l
# fhszTbImgVybhs4jIA+Ah+WI//+x1GosMe06FxlxF82pG7xaFjkAneNshORaQPve
# BgGMN/qbsZ0kfv4gpFetW7easGAm6mlXIV00Lx9xsIOUGQVrNZAQoHuXx/Y/5+IR
# Qaa9YtnwJz04HShvOlIJ8OxwYtNiS7Dgc6aSwNOOMdgv420XEwbu5AO2FKvzj0On
# cZ0h3RTKFV2SQdr5D4HRmXQNJsQOfxu19aDxxncGKBXp2JPlVRbwuwqrHNtcSCdm
# yKOLChzlldquxC5ZoGHd2vNtomHpigtt7BIYvfdVVEADkitrwlHCCkivsNRu4PQU
# Cjob4489yq9qjXvc2EQwggajMIIFi6ADAgECAhAPqEkGFdcAoL4hdv3F7G29MA0G
# CSqGSIb3DQEBBQUAMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
# bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0
# IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0xMTAyMTExMjAwMDBaFw0yNjAyMTAxMjAw
# MDBaMG8xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNV
# BAsTEHd3dy5kaWdpY2VydC5jb20xLjAsBgNVBAMTJURpZ2lDZXJ0IEFzc3VyZWQg
# SUQgQ29kZSBTaWduaW5nIENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
# AoIBAQCcfPmgjwrKiUtTmjzsGSJ/DMv3SETQPyJumk/6zt/G0ySR/6hSk+dy+PFG
# hpTFqxf0eH/Ler6QJhx8Uy/lg+e7agUozKAXEUsYIPO3vfLcy7iGQEUfT/k5mNM7
# 629ppFwBLrFm6aa43Abero1i/kQngqkDw/7mJguTSXHlOG1O/oBcZ3e11W9mZJRr
# u4hJaNjR9H4hwebFHsnglrgJlflLnq7MMb1qWkKnxAVHfWAr2aFdvftWk+8b/HL5
# 3z4y/d0qLDJG2l5jvNC4y0wQNfxQX6xDRHz+hERQtIwqPXQM9HqLckvgVrUTtmPp
# P05JI+cGFvAlqwH4KEHmx9RkO12rAgMBAAGjggNDMIIDPzAOBgNVHQ8BAf8EBAMC
# AYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwggHDBgNVHSAEggG6MIIBtjCCAbIGCGCG
# SAGG/WwDMIIBpDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20v
# c3NsLWNwcy1yZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBu
# AHkAIAB1AHMAZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0
# AGUAIABjAG8AbgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBl
# ACAAbwBmACAAdABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAg
# AGEAbgBkACAAdABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBn
# AHIAZQBlAG0AZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBi
# AGkAbABpAHQAeQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0
# AGUAZAAgAGgAZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAS
# BgNVHRMBAf8ECDAGAQH/AgEAMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYY
# aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2Fj
# ZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGB
# BgNVHR8EejB4MDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNl
# cnRBc3N1cmVkSURSb290Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2Vy
# dC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMB0GA1UdDgQWBBR7aM4p
# qsAXvkl64eU/1qf3RY81MjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823I
# DzANBgkqhkiG9w0BAQUFAAOCAQEAe3IdZP+IyDrBt+nnqcSHu9uUkteQWTP6K4fe
# qFuAJT8Tj5uDG3xDxOaM3zk+wxXssNo7ISV7JMFyXbhHkYETRvqcP2pRON60Jcvw
# q9/FKAFUeRBGJNE4DyahYZBNur0o5j/xxKqb9to1U0/J8j3TbNwj7aqgTWcJ8zqA
# PTz7NkyQ53ak3fI6v1Y1L6JMZejg1NrRx8iRai0jTzc7GZQY1NWcEDzVsRwZ/4/I
# a5ue+K6cmZZ40c2cURVbQiZyWo0KSiOSQOiG3iLCkzrUm2im3yl/Brk8Dr2fxIac
# gkdCcTKGCZlyCXlLnXFp9UH/fzl3ZPGEjb6LHrJ9aKOlkLEM/zCCBs0wggW1oAMC
# AQICEAb9+QOWA63qAArrPye7uhswDQYJKoZIhvcNAQEFBQAwZTELMAkGA1UEBhMC
# VVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0
# LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBSb290IENBMB4XDTA2
# MTExMDAwMDAwMFoXDTIxMTExMDAwMDAwMFowYjELMAkGA1UEBhMCVVMxFTATBgNV
# BAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEhMB8G
# A1UEAxMYRGlnaUNlcnQgQXNzdXJlZCBJRCBDQS0xMIIBIjANBgkqhkiG9w0BAQEF
# AAOCAQ8AMIIBCgKCAQEA6IItmfnKwkKVpYBzQHDSnlZUXKnE0kEGj8kz/E1FkVyB
# n+0snPgWWd+etSQVwpi5tHdJ3InECtqvy15r7a2wcTHrzzpADEZNk+yLejYIA6sM
# NP4YSYL+x8cxSIB8HqIPkg5QycaH6zY/2DDD/6b3+6LNb3Mj/qxWBZDwMiEWicZw
# iPkFl32jx0PdAug7Pe2xQaPtP77blUjE7h6z8rwMK5nQxl0SQoHhg26Ccz8mSxSQ
# rllmCsSNvtLOBq6thG9IhJtPQLnxTPKvmPv2zkBdXPao8S+v7Iki8msYZbHBc63X
# 8djPHgp0XEK4aH631XcKJ1Z8D2KkPzIUYJX9BwSiCQIDAQABo4IDejCCA3YwDgYD
# VR0PAQH/BAQDAgGGMDsGA1UdJQQ0MDIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYB
# BQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCDCCAdIGA1UdIASCAckwggHFMIIBtAYK
# YIZIAYb9bAABBDCCAaQwOgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cuZGlnaWNlcnQu
# Y29tL3NzbC1jcHMtcmVwb3NpdG9yeS5odG0wggFkBggrBgEFBQcCAjCCAVYeggFS
# AEEAbgB5ACAAdQBzAGUAIABvAGYAIAB0AGgAaQBzACAAQwBlAHIAdABpAGYAaQBj
# AGEAdABlACAAYwBvAG4AcwB0AGkAdAB1AHQAZQBzACAAYQBjAGMAZQBwAHQAYQBu
# AGMAZQAgAG8AZgAgAHQAaABlACAARABpAGcAaQBDAGUAcgB0ACAAQwBQAC8AQwBQ
# AFMAIABhAG4AZAAgAHQAaABlACAAUgBlAGwAeQBpAG4AZwAgAFAAYQByAHQAeQAg
# AEEAZwByAGUAZQBtAGUAbgB0ACAAdwBoAGkAYwBoACAAbABpAG0AaQB0ACAAbABp
# AGEAYgBpAGwAaQB0AHkAIABhAG4AZAAgAGEAcgBlACAAaQBuAGMAbwByAHAAbwBy
# AGEAdABlAGQAIABoAGUAcgBlAGkAbgAgAGIAeQAgAHIAZQBmAGUAcgBlAG4AYwBl
# AC4wCwYJYIZIAYb9bAMVMBIGA1UdEwEB/wQIMAYBAf8CAQAweQYIKwYBBQUHAQEE
# bTBrMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQwYIKwYB
# BQUHMAKGN2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3Vy
# ZWRJRFJvb3RDQS5jcnQwgYEGA1UdHwR6MHgwOqA4oDaGNGh0dHA6Ly9jcmwzLmRp
# Z2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwOqA4oDaGNGh0
# dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5j
# cmwwHQYDVR0OBBYEFBUAEisTmLKZB+0e36K+Vw0rZwLNMB8GA1UdIwQYMBaAFEXr
# oq/0ksuCMS1Ri6enIZ3zbcgPMA0GCSqGSIb3DQEBBQUAA4IBAQBGUD7Jtygkpzgd
# tlspr1LPUukxR6tWXHvVDQtBs+/sdR90OPKyXGGinJXDUOSCuSPRujqGcq04eKx1
# XRcXNHJHhZRW0eu7NoR3zCSl8wQZVann4+erYs37iy2QwsDStZS9Xk+xBdIOPRqp
# FFumhjFiqKgz5Js5p8T1zh14dpQlc+Qqq8+cdkvtX8JLFuRLcEwAiR78xXm8TBJX
# /l/hHrwCXaj++wc4Tw3GXZG5D2dFzdaD7eeSDY2xaYxP+1ngIw/Sqq4AfO6cQg7P
# kdcntxbuD8O9fAqg7iwIVYUiuOsYGk38KiGtSTGDR5V3cdyxG0tLHBCcdxTBnU8v
# WpUIKRAmMYIEODCCBDQCAQEwgYMwbzELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERp
# Z2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEuMCwGA1UEAxMl
# RGlnaUNlcnQgQXNzdXJlZCBJRCBDb2RlIFNpZ25pbmcgQ0EtMQIQA6JXXk3YX9Ms
# /PL6hWtaMzAJBgUrDgMCGgUAoHgwGAYKKwYBBAGCNwIBDDEKMAigAoAAoQKAADAZ
# BgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3AgELMQ4wDAYKKwYB
# BAGCNwIBFTAjBgkqhkiG9w0BCQQxFgQUANzHv3qMGd7uTCtccvpwmN7pi7MwDQYJ
# KoZIhvcNAQEBBQAEggEAWciQHbHu8A7aDTsjmA4+SMrb4tPS92u7tdtH7oC5EtqB
# B/uMxt12ml+aTV5uLQ2hfGpp73mC+DBmYUZ7NmyGzQHCO8iCepIpFrg6NqV1gp4h
# PF6BeYL1BligH6FlYsgKXZa/MQDYsvrRnJdC4/yH0hujTVgAcUlUJnB6AjLm1WSw
# NAk1sZoHSfeBbWUD3HVTSx1aiIQHzjSKhzIpkGOLhVnBp1/HUy6/b5aGO9l3Ytb/
# 8n9U9MxyeaTlBVDvSueV8aFmKYVymNI5BuxjCjVKpjmu+I+y9MSYp/IgeGBrMofm
# DSGWhFnGq+IQIq3yIB2meE2pfWF99Iifsm/qVW1EfqGCAg8wggILBgkqhkiG9w0B
# CQYxggH8MIIB+AIBATB2MGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2Vy
# dCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lD
# ZXJ0IEFzc3VyZWQgSUQgQ0EtMQIQAwGaAjr/WLFr1tXq5hfwZjAJBgUrDgMCGgUA
# oF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTQx
# MTEyMDQ0MjA4WjAjBgkqhkiG9w0BCQQxFgQU55ARbXAM8IjEf6qKz8gbwRJhXjIw
# DQYJKoZIhvcNAQEBBQAEggEAE5zHsCV8hkfTHrKzB1R5DvlXtzeqSZVBc9QS+E6b
# u3EyBjTcpaLmICOLjGGx4f4IznW47vRLNVCvamim/veN8TIjJ0w2BZluSHR9E1oq
# i+C+bLnnB/lgk7s/PGSqWR9ezJ3UlLupEVfBx9n3rkcEK1Lcf30MocF6lIOQh6xM
# AFD1bV0qPXUP2Wx61Rahttr13r3cmZ++wt9wfct2F4kU7PBLK7bvsRFUi+xLoU1U
# 56jW2LG6DYjpz6cx0nPWpTOJuyVU736q99PZrICUJrZjDihcOKFh88iyjqCBX6qY
# Q+IR5GDvqwPMEITA44TFFzJSQv2ltwtTnG+Vwm7opljUHg==
# SIG # End signature block
Add-Type -TypeDefinition @'
namespace PowerShellUtils
{
using System;
using System.Runtime.InteropServices;
public sealed class PinnedArray<T> : IDisposable
{
private readonly T[] array;
private readonly GCHandle gcHandle;
public readonly bool ClearOnDispose = true;
private bool isDisposed = false;
public static implicit operator T[](PinnedArray<T> pinnedArray)
{
return pinnedArray.Array;
}
public T this[int key]
{
get
{
if (isDisposed) { throw new ObjectDisposedException("PinnedArray"); }
return array[key];
}
set
{
if (isDisposed) { throw new ObjectDisposedException("PinnedArray"); }
array[key] = value;
}
}
public T[] Array
{
get
{
if (isDisposed) { throw new ObjectDisposedException("PinnedArray"); }
return array;
}
}
public int Length
{
get
{
if (isDisposed) { throw new ObjectDisposedException("PinnedArray"); }
return array.Length;
}
}
public int Count
{
get { return Length; }
}
public PinnedArray(uint count)
{
array = new T[count];
gcHandle = GCHandle.Alloc(Array, GCHandleType.Pinned);
}
public PinnedArray(uint count, bool clearOnDispose) : this(count)
{
ClearOnDispose = clearOnDispose;
}
public PinnedArray(T[] array)
{
if (array == null) { throw new ArgumentNullException("array"); }
this.array = array;
gcHandle = GCHandle.Alloc(this.array, GCHandleType.Pinned);
}
public PinnedArray(T[] array, bool clearOnDispose) : this(array)
{
ClearOnDispose = clearOnDispose;
}
~PinnedArray()
{
Dispose();
}
public void Dispose()
{
if (isDisposed) { return; }
if (array != null && ClearOnDispose) { System.Array.Clear(array, 0, array.Length); }
if (gcHandle != null) { gcHandle.Free(); }
isDisposed = true;
}
}
}
'@
# SIG # Begin signature block
# MIIhfgYJKoZIhvcNAQcCoIIhbzCCIWsCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB
# gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR
# AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQU4y9tT75NMguTkRut5nk9XoRe
# Y+SgghywMIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0B
# AQUFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD
# VQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVk
# IElEIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQsw
# CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu
# ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg
# Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg
# +XESpa7cJpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lT
# XDGEKvYPmDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5
# a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g
# 0I6QNcZ4VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1
# roV9Iq4/AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whf
# GHdPAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0G
# A1UdDgQWBBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLL
# gjEtUYunpyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3
# cmbYMuRCdWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmr
# EthngYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+
# fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5Q
# Z7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu
# 838fYxAe+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw
# 8jCCBQswggPzoAMCAQICEAOiV15N2F/TLPzy+oVrWjMwDQYJKoZIhvcNAQEFBQAw
# bzELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ
# d3d3LmRpZ2ljZXJ0LmNvbTEuMCwGA1UEAxMlRGlnaUNlcnQgQXNzdXJlZCBJRCBD
# b2RlIFNpZ25pbmcgQ0EtMTAeFw0xNDA1MDUwMDAwMDBaFw0xNTA1MTMxMjAwMDBa
# MGExCzAJBgNVBAYTAkNBMQswCQYDVQQIEwJPTjERMA8GA1UEBxMIQnJhbXB0b24x
# GDAWBgNVBAoTD0RhdmlkIExlZSBXeWF0dDEYMBYGA1UEAxMPRGF2aWQgTGVlIFd5
# YXR0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcX51YAyViQE16mg
# +IVQCQ0O8QC/wXBzTMPirnoGK9TThmxQIYgtcekZ5Xa/dWpW0xKKjaS6dRwYYXET
# pzozoMWZbFDVrgKaqtuZNu9TD6rqK/QKf4iL/eikr0NIUL4CoSEQDeGLXDw7ntzZ
# XKM86RuPw6MlDapfFQQFIMjsT7YaoqQNTOxhbiFoHVHqP7xL3JTS7TApa/RnNYyl
# O7SQ7TSNsekiXGwUNxPqt6UGuOP0nyR+GtNiBcPfeUi+XaqjjBmpqgDbkEIMLDuf
# fDO54VKvDLl8D2TxTFOcKZv61IcToOs+8z1sWTpMWI2MBuLhRR3A6iIhvilTYRBI
# iX5FZQIDAQABo4IBrzCCAaswHwYDVR0jBBgwFoAUe2jOKarAF75JeuHlP9an90WP
# NTIwHQYDVR0OBBYEFDS4+PmyUp+SmK2GR+NCMiLd+DpvMA4GA1UdDwEB/wQEAwIH
# gDATBgNVHSUEDDAKBggrBgEFBQcDAzBtBgNVHR8EZjBkMDCgLqAshipodHRwOi8v
# Y3JsMy5kaWdpY2VydC5jb20vYXNzdXJlZC1jcy1nMS5jcmwwMKAuoCyGKmh0dHA6
# Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9hc3N1cmVkLWNzLWcxLmNybDBCBgNVHSAEOzA5
# MDcGCWCGSAGG/WwDATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2Vy
# dC5jb20vQ1BTMIGCBggrBgEFBQcBAQR2MHQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
# Y3NwLmRpZ2ljZXJ0LmNvbTBMBggrBgEFBQcwAoZAaHR0cDovL2NhY2VydHMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEQ29kZVNpZ25pbmdDQS0xLmNydDAM
# BgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUAA4IBAQBbzAp8wys0A5LcuENslW0E
# oz7rc0A8h+XgjJWdJOFRohE1mZRFpdkVxM0SRqw7IzlSFtTMCsVVPNwU6O7y9rCY
# x5agx3CJBkJVDR/Y7DcOQTmmHy1zpcrKAgTznZuKUQZLpoYz/bA+Uh+bvXB9woCA
# IRbchos1oxC+7/gjuxBMKh4NM+9NIvWs6qpnH5JeBidQDQXp3flPkla+MKrPTL/T
# /amgna5E+9WHWnXbMFCpZ5n1bI1OvgNVZlYC/JTa4fjPEk8d16jYVP4GlRz/QUYI
# y6IAGc/z6xpkdtpXWVCbW0dCd5ybfUYTaeCJumGpS/HSJ7JcTZj694QDOKNvhfrm
# MIIGajCCBVKgAwIBAgIQAwGaAjr/WLFr1tXq5hfwZjANBgkqhkiG9w0BAQUFADBi
# MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
# d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBBc3N1cmVkIElEIENB
# LTEwHhcNMTQxMDIyMDAwMDAwWhcNMjQxMDIyMDAwMDAwWjBHMQswCQYDVQQGEwJV
# UzERMA8GA1UEChMIRGlnaUNlcnQxJTAjBgNVBAMTHERpZ2lDZXJ0IFRpbWVzdGFt
# cCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjZF38
# fLPggjXg4PbGKuZJdTvMbuBTqZ8fZFnmfGt/a4ydVfiS457VWmNbAklQ2YPOb2bu
# 3cuF6V+l+dSHdIhEOxnJ5fWRn8YUOawk6qhLLJGJzF4o9GS2ULf1ErNzlgpno75h
# n67z/RJ4dQ6mWxT9RSOOhkRVfRiGBYxVh3lIRvfKDo2n3k5f4qi2LVkCYYhhchho
# ubh87ubnNC8xd4EwH7s2AY3vJ+P3mvBMMWSN4+v6GYeofs/sjAw2W3rBerh4x8kG
# LkYQyI3oBGDbvHN0+k7Y/qpA8bLOcEaD6dpAoVk62RUJV5lWMJPzyWHM0AjMa+xi
# QpGsAsDvpPCJEY93AgMBAAGjggM1MIIDMTAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0T
# AQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDCCAb8GA1UdIASCAbYwggGy
# MIIBoQYJYIZIAYb9bAcBMIIBkjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGln
# aWNlcnQuY29tL0NQUzCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjALBglghkgBhv1s
# AxUwHwYDVR0jBBgwFoAUFQASKxOYspkH7R7for5XDStnAs0wHQYDVR0OBBYEFGFa
# TSS2STKdSip5GoNL9B6Jwcp9MH0GA1UdHwR2MHQwOKA2oDSGMmh0dHA6Ly9jcmwz
# LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRENBLTEuY3JsMDigNqA0hjJo
# dHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURDQS0xLmNy
# bDB3BggrBgEFBQcBAQRrMGkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2lj
# ZXJ0LmNvbTBBBggrBgEFBQcwAoY1aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29t
# L0RpZ2lDZXJ0QXNzdXJlZElEQ0EtMS5jcnQwDQYJKoZIhvcNAQEFBQADggEBAJ0l
# fhszTbImgVybhs4jIA+Ah+WI//+x1GosMe06FxlxF82pG7xaFjkAneNshORaQPve
# BgGMN/qbsZ0kfv4gpFetW7easGAm6mlXIV00Lx9xsIOUGQVrNZAQoHuXx/Y/5+IR
# Qaa9YtnwJz04HShvOlIJ8OxwYtNiS7Dgc6aSwNOOMdgv420XEwbu5AO2FKvzj0On
# cZ0h3RTKFV2SQdr5D4HRmXQNJsQOfxu19aDxxncGKBXp2JPlVRbwuwqrHNtcSCdm
# yKOLChzlldquxC5ZoGHd2vNtomHpigtt7BIYvfdVVEADkitrwlHCCkivsNRu4PQU
# Cjob4489yq9qjXvc2EQwggajMIIFi6ADAgECAhAPqEkGFdcAoL4hdv3F7G29MA0G
# CSqGSIb3DQEBBQUAMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
# bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0
# IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0xMTAyMTExMjAwMDBaFw0yNjAyMTAxMjAw
# MDBaMG8xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNV
# BAsTEHd3dy5kaWdpY2VydC5jb20xLjAsBgNVBAMTJURpZ2lDZXJ0IEFzc3VyZWQg
# SUQgQ29kZSBTaWduaW5nIENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
# AoIBAQCcfPmgjwrKiUtTmjzsGSJ/DMv3SETQPyJumk/6zt/G0ySR/6hSk+dy+PFG
# hpTFqxf0eH/Ler6QJhx8Uy/lg+e7agUozKAXEUsYIPO3vfLcy7iGQEUfT/k5mNM7
# 629ppFwBLrFm6aa43Abero1i/kQngqkDw/7mJguTSXHlOG1O/oBcZ3e11W9mZJRr
# u4hJaNjR9H4hwebFHsnglrgJlflLnq7MMb1qWkKnxAVHfWAr2aFdvftWk+8b/HL5
# 3z4y/d0qLDJG2l5jvNC4y0wQNfxQX6xDRHz+hERQtIwqPXQM9HqLckvgVrUTtmPp
# P05JI+cGFvAlqwH4KEHmx9RkO12rAgMBAAGjggNDMIIDPzAOBgNVHQ8BAf8EBAMC
# AYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwggHDBgNVHSAEggG6MIIBtjCCAbIGCGCG
# SAGG/WwDMIIBpDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20v
# c3NsLWNwcy1yZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBu
# AHkAIAB1AHMAZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0
# AGUAIABjAG8AbgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBl
# ACAAbwBmACAAdABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAg
# AGEAbgBkACAAdABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBn
# AHIAZQBlAG0AZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBi
# AGkAbABpAHQAeQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0
# AGUAZAAgAGgAZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAS
# BgNVHRMBAf8ECDAGAQH/AgEAMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYY
# aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2Fj
# ZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGB
# BgNVHR8EejB4MDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNl
# cnRBc3N1cmVkSURSb290Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2Vy
# dC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMB0GA1UdDgQWBBR7aM4p
# qsAXvkl64eU/1qf3RY81MjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823I
# DzANBgkqhkiG9w0BAQUFAAOCAQEAe3IdZP+IyDrBt+nnqcSHu9uUkteQWTP6K4fe
# qFuAJT8Tj5uDG3xDxOaM3zk+wxXssNo7ISV7JMFyXbhHkYETRvqcP2pRON60Jcvw
# q9/FKAFUeRBGJNE4DyahYZBNur0o5j/xxKqb9to1U0/J8j3TbNwj7aqgTWcJ8zqA
# PTz7NkyQ53ak3fI6v1Y1L6JMZejg1NrRx8iRai0jTzc7GZQY1NWcEDzVsRwZ/4/I
# a5ue+K6cmZZ40c2cURVbQiZyWo0KSiOSQOiG3iLCkzrUm2im3yl/Brk8Dr2fxIac
# gkdCcTKGCZlyCXlLnXFp9UH/fzl3ZPGEjb6LHrJ9aKOlkLEM/zCCBs0wggW1oAMC
# AQICEAb9+QOWA63qAArrPye7uhswDQYJKoZIhvcNAQEFBQAwZTELMAkGA1UEBhMC
# VVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0
# LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBSb290IENBMB4XDTA2
# MTExMDAwMDAwMFoXDTIxMTExMDAwMDAwMFowYjELMAkGA1UEBhMCVVMxFTATBgNV
# BAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEhMB8G
# A1UEAxMYRGlnaUNlcnQgQXNzdXJlZCBJRCBDQS0xMIIBIjANBgkqhkiG9w0BAQEF
# AAOCAQ8AMIIBCgKCAQEA6IItmfnKwkKVpYBzQHDSnlZUXKnE0kEGj8kz/E1FkVyB
# n+0snPgWWd+etSQVwpi5tHdJ3InECtqvy15r7a2wcTHrzzpADEZNk+yLejYIA6sM
# NP4YSYL+x8cxSIB8HqIPkg5QycaH6zY/2DDD/6b3+6LNb3Mj/qxWBZDwMiEWicZw
# iPkFl32jx0PdAug7Pe2xQaPtP77blUjE7h6z8rwMK5nQxl0SQoHhg26Ccz8mSxSQ
# rllmCsSNvtLOBq6thG9IhJtPQLnxTPKvmPv2zkBdXPao8S+v7Iki8msYZbHBc63X
# 8djPHgp0XEK4aH631XcKJ1Z8D2KkPzIUYJX9BwSiCQIDAQABo4IDejCCA3YwDgYD
# VR0PAQH/BAQDAgGGMDsGA1UdJQQ0MDIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYB
# BQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCDCCAdIGA1UdIASCAckwggHFMIIBtAYK
# YIZIAYb9bAABBDCCAaQwOgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cuZGlnaWNlcnQu
# Y29tL3NzbC1jcHMtcmVwb3NpdG9yeS5odG0wggFkBggrBgEFBQcCAjCCAVYeggFS
# AEEAbgB5ACAAdQBzAGUAIABvAGYAIAB0AGgAaQBzACAAQwBlAHIAdABpAGYAaQBj
# AGEAdABlACAAYwBvAG4AcwB0AGkAdAB1AHQAZQBzACAAYQBjAGMAZQBwAHQAYQBu
# AGMAZQAgAG8AZgAgAHQAaABlACAARABpAGcAaQBDAGUAcgB0ACAAQwBQAC8AQwBQ
# AFMAIABhAG4AZAAgAHQAaABlACAAUgBlAGwAeQBpAG4AZwAgAFAAYQByAHQAeQAg
# AEEAZwByAGUAZQBtAGUAbgB0ACAAdwBoAGkAYwBoACAAbABpAG0AaQB0ACAAbABp
# AGEAYgBpAGwAaQB0AHkAIABhAG4AZAAgAGEAcgBlACAAaQBuAGMAbwByAHAAbwBy
# AGEAdABlAGQAIABoAGUAcgBlAGkAbgAgAGIAeQAgAHIAZQBmAGUAcgBlAG4AYwBl
# AC4wCwYJYIZIAYb9bAMVMBIGA1UdEwEB/wQIMAYBAf8CAQAweQYIKwYBBQUHAQEE
# bTBrMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQwYIKwYB
# BQUHMAKGN2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3Vy
# ZWRJRFJvb3RDQS5jcnQwgYEGA1UdHwR6MHgwOqA4oDaGNGh0dHA6Ly9jcmwzLmRp
# Z2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwOqA4oDaGNGh0
# dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5j
# cmwwHQYDVR0OBBYEFBUAEisTmLKZB+0e36K+Vw0rZwLNMB8GA1UdIwQYMBaAFEXr
# oq/0ksuCMS1Ri6enIZ3zbcgPMA0GCSqGSIb3DQEBBQUAA4IBAQBGUD7Jtygkpzgd
# tlspr1LPUukxR6tWXHvVDQtBs+/sdR90OPKyXGGinJXDUOSCuSPRujqGcq04eKx1
# XRcXNHJHhZRW0eu7NoR3zCSl8wQZVann4+erYs37iy2QwsDStZS9Xk+xBdIOPRqp
# FFumhjFiqKgz5Js5p8T1zh14dpQlc+Qqq8+cdkvtX8JLFuRLcEwAiR78xXm8TBJX
# /l/hHrwCXaj++wc4Tw3GXZG5D2dFzdaD7eeSDY2xaYxP+1ngIw/Sqq4AfO6cQg7P
# kdcntxbuD8O9fAqg7iwIVYUiuOsYGk38KiGtSTGDR5V3cdyxG0tLHBCcdxTBnU8v
# WpUIKRAmMYIEODCCBDQCAQEwgYMwbzELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERp
# Z2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEuMCwGA1UEAxMl
# RGlnaUNlcnQgQXNzdXJlZCBJRCBDb2RlIFNpZ25pbmcgQ0EtMQIQA6JXXk3YX9Ms
# /PL6hWtaMzAJBgUrDgMCGgUAoHgwGAYKKwYBBAGCNwIBDDEKMAigAoAAoQKAADAZ
# BgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3AgELMQ4wDAYKKwYB
# BAGCNwIBFTAjBgkqhkiG9w0BCQQxFgQUB6BAHom/eVSCSZ0zvj/mbm+P+LowDQYJ
# KoZIhvcNAQEBBQAEggEAfNFttI4FAAqXaqiQijA46CvuXT86c8YGvcl0GLtj/qxA
# FQZu1bIMh706nBouPl6vSEmSqhBLZrFe0LOrXucrKiM8LEw50Op4LP/NgXbOhVLf
# VcZoZUDnedGhIYfKVLyx61M4Pzw96Gvsf8pMOxHcQqvkYJXwKif8vX0zekO1FY8h
# rOVsn/fbKN/qLS555BJ/9u4C80M7xKd5xVRt1YI6oCwotKrTXZCPL3tqc9qcaxm/
# droWbF0z5IgloR3fEQtso0jyEui8F+d85OHO8mp7xRWgpIFPzCTSAe52MCTDrOK2
# H9AeRWOnPTFbKgKFc+GwvFF+8Dbw//eg7vsYnnB9SqGCAg8wggILBgkqhkiG9w0B
# CQYxggH8MIIB+AIBATB2MGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2Vy
# dCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lD
# ZXJ0IEFzc3VyZWQgSUQgQ0EtMQIQAwGaAjr/WLFr1tXq5hfwZjAJBgUrDgMCGgUA
# oF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTQx
# MTEyMDQ0MjA5WjAjBgkqhkiG9w0BCQQxFgQUEEzuukefezdx5LM+64uN5GKGNRgw
# DQYJKoZIhvcNAQEBBQAEggEAEEGnAx6ynX1lTPDVSuQrMzQbglKRxsqc88vf+odH
# 9IYkB9eUIrDXEFkrHBExL3yoEblc6cCLofRRnIoJzqiw/6YffN2vYAnCxMwgcHhx
# GG59QP9fKIEFCS0fbF5C+FLWRZasrmcJXR6BNoIgcDv7atQmZC6Vu6F3XKtZQ9LV
# Qop1UYiRptwpjZcH5HhwePLqIe6XdM6ImLJ0YbQkMkGVdMl7InBDNhaRvJ9xnUNe
# rybNDi10lbg3FB1IoUcqq7nyjv6cZ+HJJUyvPjS349BuVRtFbfZEIE+1i2WxCG+H
# JSDlrVlcVKZ9UUQUUO/k5yywHGbDBFdKUBsKe6/NQGMEzA==
# SIG # End signature block
$path = Split-Path $MyInvocation.MyCommand.Path
Add-Type -Path $path\Security.Cryptography.dll -ErrorAction Stop
. $path\PinnedArray.ps1
. $path\HMAC.ps1
. $path\Commands.ps1
# SIG # Begin signature block
# MIIhfgYJKoZIhvcNAQcCoIIhbzCCIWsCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB
# gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR
# AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUfHvyvqFagSCOuLtSRXFgymVn
# I+GgghywMIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0B
# AQUFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD
# VQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVk
# IElEIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQsw
# CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu
# ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg
# Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg
# +XESpa7cJpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lT
# XDGEKvYPmDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5
# a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g
# 0I6QNcZ4VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1
# roV9Iq4/AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whf
# GHdPAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0G
# A1UdDgQWBBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLL
# gjEtUYunpyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3
# cmbYMuRCdWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmr
# EthngYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+
# fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5Q
# Z7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu
# 838fYxAe+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw
# 8jCCBQswggPzoAMCAQICEAOiV15N2F/TLPzy+oVrWjMwDQYJKoZIhvcNAQEFBQAw
# bzELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ
# d3d3LmRpZ2ljZXJ0LmNvbTEuMCwGA1UEAxMlRGlnaUNlcnQgQXNzdXJlZCBJRCBD
# b2RlIFNpZ25pbmcgQ0EtMTAeFw0xNDA1MDUwMDAwMDBaFw0xNTA1MTMxMjAwMDBa
# MGExCzAJBgNVBAYTAkNBMQswCQYDVQQIEwJPTjERMA8GA1UEBxMIQnJhbXB0b24x
# GDAWBgNVBAoTD0RhdmlkIExlZSBXeWF0dDEYMBYGA1UEAxMPRGF2aWQgTGVlIFd5
# YXR0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcX51YAyViQE16mg
# +IVQCQ0O8QC/wXBzTMPirnoGK9TThmxQIYgtcekZ5Xa/dWpW0xKKjaS6dRwYYXET
# pzozoMWZbFDVrgKaqtuZNu9TD6rqK/QKf4iL/eikr0NIUL4CoSEQDeGLXDw7ntzZ
# XKM86RuPw6MlDapfFQQFIMjsT7YaoqQNTOxhbiFoHVHqP7xL3JTS7TApa/RnNYyl
# O7SQ7TSNsekiXGwUNxPqt6UGuOP0nyR+GtNiBcPfeUi+XaqjjBmpqgDbkEIMLDuf
# fDO54VKvDLl8D2TxTFOcKZv61IcToOs+8z1sWTpMWI2MBuLhRR3A6iIhvilTYRBI
# iX5FZQIDAQABo4IBrzCCAaswHwYDVR0jBBgwFoAUe2jOKarAF75JeuHlP9an90WP
# NTIwHQYDVR0OBBYEFDS4+PmyUp+SmK2GR+NCMiLd+DpvMA4GA1UdDwEB/wQEAwIH
# gDATBgNVHSUEDDAKBggrBgEFBQcDAzBtBgNVHR8EZjBkMDCgLqAshipodHRwOi8v
# Y3JsMy5kaWdpY2VydC5jb20vYXNzdXJlZC1jcy1nMS5jcmwwMKAuoCyGKmh0dHA6
# Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9hc3N1cmVkLWNzLWcxLmNybDBCBgNVHSAEOzA5
# MDcGCWCGSAGG/WwDATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2Vy
# dC5jb20vQ1BTMIGCBggrBgEFBQcBAQR2MHQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
# Y3NwLmRpZ2ljZXJ0LmNvbTBMBggrBgEFBQcwAoZAaHR0cDovL2NhY2VydHMuZGln
# aWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEQ29kZVNpZ25pbmdDQS0xLmNydDAM
# BgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUAA4IBAQBbzAp8wys0A5LcuENslW0E
# oz7rc0A8h+XgjJWdJOFRohE1mZRFpdkVxM0SRqw7IzlSFtTMCsVVPNwU6O7y9rCY
# x5agx3CJBkJVDR/Y7DcOQTmmHy1zpcrKAgTznZuKUQZLpoYz/bA+Uh+bvXB9woCA
# IRbchos1oxC+7/gjuxBMKh4NM+9NIvWs6qpnH5JeBidQDQXp3flPkla+MKrPTL/T
# /amgna5E+9WHWnXbMFCpZ5n1bI1OvgNVZlYC/JTa4fjPEk8d16jYVP4GlRz/QUYI
# y6IAGc/z6xpkdtpXWVCbW0dCd5ybfUYTaeCJumGpS/HSJ7JcTZj694QDOKNvhfrm
# MIIGajCCBVKgAwIBAgIQAwGaAjr/WLFr1tXq5hfwZjANBgkqhkiG9w0BAQUFADBi
# MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
# d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBBc3N1cmVkIElEIENB
# LTEwHhcNMTQxMDIyMDAwMDAwWhcNMjQxMDIyMDAwMDAwWjBHMQswCQYDVQQGEwJV
# UzERMA8GA1UEChMIRGlnaUNlcnQxJTAjBgNVBAMTHERpZ2lDZXJ0IFRpbWVzdGFt
# cCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjZF38
# fLPggjXg4PbGKuZJdTvMbuBTqZ8fZFnmfGt/a4ydVfiS457VWmNbAklQ2YPOb2bu
# 3cuF6V+l+dSHdIhEOxnJ5fWRn8YUOawk6qhLLJGJzF4o9GS2ULf1ErNzlgpno75h
# n67z/RJ4dQ6mWxT9RSOOhkRVfRiGBYxVh3lIRvfKDo2n3k5f4qi2LVkCYYhhchho
# ubh87ubnNC8xd4EwH7s2AY3vJ+P3mvBMMWSN4+v6GYeofs/sjAw2W3rBerh4x8kG
# LkYQyI3oBGDbvHN0+k7Y/qpA8bLOcEaD6dpAoVk62RUJV5lWMJPzyWHM0AjMa+xi
# QpGsAsDvpPCJEY93AgMBAAGjggM1MIIDMTAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0T
# AQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDCCAb8GA1UdIASCAbYwggGy
# MIIBoQYJYIZIAYb9bAcBMIIBkjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGln
# aWNlcnQuY29tL0NQUzCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
# ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
# bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
# dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
# dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
# ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
# eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
# ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjALBglghkgBhv1s
# AxUwHwYDVR0jBBgwFoAUFQASKxOYspkH7R7for5XDStnAs0wHQYDVR0OBBYEFGFa
# TSS2STKdSip5GoNL9B6Jwcp9MH0GA1UdHwR2MHQwOKA2oDSGMmh0dHA6Ly9jcmwz
# LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRENBLTEuY3JsMDigNqA0hjJo
# dHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURDQS0xLmNy
# bDB3BggrBgEFBQcBAQRrMGkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2lj
# ZXJ0LmNvbTBBBggrBgEFBQcwAoY1aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29t
# L0RpZ2lDZXJ0QXNzdXJlZElEQ0EtMS5jcnQwDQYJKoZIhvcNAQEFBQADggEBAJ0l
# fhszTbImgVybhs4jIA+Ah+WI//+x1GosMe06FxlxF82pG7xaFjkAneNshORaQPve
# BgGMN/qbsZ0kfv4gpFetW7easGAm6mlXIV00Lx9xsIOUGQVrNZAQoHuXx/Y/5+IR
# Qaa9YtnwJz04HShvOlIJ8OxwYtNiS7Dgc6aSwNOOMdgv420XEwbu5AO2FKvzj0On
# cZ0h3RTKFV2SQdr5D4HRmXQNJsQOfxu19aDxxncGKBXp2JPlVRbwuwqrHNtcSCdm
# yKOLChzlldquxC5ZoGHd2vNtomHpigtt7BIYvfdVVEADkitrwlHCCkivsNRu4PQU
# Cjob4489yq9qjXvc2EQwggajMIIFi6ADAgECAhAPqEkGFdcAoL4hdv3F7G29MA0G
# CSqGSIb3DQEBBQUAMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
# bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0
# IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0xMTAyMTExMjAwMDBaFw0yNjAyMTAxMjAw
# MDBaMG8xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNV
# BAsTEHd3dy5kaWdpY2VydC5jb20xLjAsBgNVBAMTJURpZ2lDZXJ0IEFzc3VyZWQg
# SUQgQ29kZSBTaWduaW5nIENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
# AoIBAQCcfPmgjwrKiUtTmjzsGSJ/DMv3SETQPyJumk/6zt/G0ySR/6hSk+dy+PFG
# hpTFqxf0eH/Ler6QJhx8Uy/lg+e7agUozKAXEUsYIPO3vfLcy7iGQEUfT/k5mNM7
# 629ppFwBLrFm6aa43Abero1i/kQngqkDw/7mJguTSXHlOG1O/oBcZ3e11W9mZJRr
# u4hJaNjR9H4hwebFHsnglrgJlflLnq7MMb1qWkKnxAVHfWAr2aFdvftWk+8b/HL5
# 3z4y/d0qLDJG2l5jvNC4y0wQNfxQX6xDRHz+hERQtIwqPXQM9HqLckvgVrUTtmPp
# P05JI+cGFvAlqwH4KEHmx9RkO12rAgMBAAGjggNDMIIDPzAOBgNVHQ8BAf8EBAMC
# AYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwggHDBgNVHSAEggG6MIIBtjCCAbIGCGCG
# SAGG/WwDMIIBpDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20v
# c3NsLWNwcy1yZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBu
# AHkAIAB1AHMAZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0
# AGUAIABjAG8AbgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBl
# ACAAbwBmACAAdABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAg
# AGEAbgBkACAAdABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBn
# AHIAZQBlAG0AZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBi
# AGkAbABpAHQAeQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0
# AGUAZAAgAGgAZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAS
# BgNVHRMBAf8ECDAGAQH/AgEAMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYY
# aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2Fj
# ZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGB
# BgNVHR8EejB4MDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNl
# cnRBc3N1cmVkSURSb290Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2Vy
# dC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMB0GA1UdDgQWBBR7aM4p
# qsAXvkl64eU/1qf3RY81MjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823I
# DzANBgkqhkiG9w0BAQUFAAOCAQEAe3IdZP+IyDrBt+nnqcSHu9uUkteQWTP6K4fe
# qFuAJT8Tj5uDG3xDxOaM3zk+wxXssNo7ISV7JMFyXbhHkYETRvqcP2pRON60Jcvw
# q9/FKAFUeRBGJNE4DyahYZBNur0o5j/xxKqb9to1U0/J8j3TbNwj7aqgTWcJ8zqA
# PTz7NkyQ53ak3fI6v1Y1L6JMZejg1NrRx8iRai0jTzc7GZQY1NWcEDzVsRwZ/4/I
# a5ue+K6cmZZ40c2cURVbQiZyWo0KSiOSQOiG3iLCkzrUm2im3yl/Brk8Dr2fxIac
# gkdCcTKGCZlyCXlLnXFp9UH/fzl3ZPGEjb6LHrJ9aKOlkLEM/zCCBs0wggW1oAMC
# AQICEAb9+QOWA63qAArrPye7uhswDQYJKoZIhvcNAQEFBQAwZTELMAkGA1UEBhMC
# VVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0
# LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBSb290IENBMB4XDTA2
# MTExMDAwMDAwMFoXDTIxMTExMDAwMDAwMFowYjELMAkGA1UEBhMCVVMxFTATBgNV
# BAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEhMB8G
# A1UEAxMYRGlnaUNlcnQgQXNzdXJlZCBJRCBDQS0xMIIBIjANBgkqhkiG9w0BAQEF
# AAOCAQ8AMIIBCgKCAQEA6IItmfnKwkKVpYBzQHDSnlZUXKnE0kEGj8kz/E1FkVyB
# n+0snPgWWd+etSQVwpi5tHdJ3InECtqvy15r7a2wcTHrzzpADEZNk+yLejYIA6sM
# NP4YSYL+x8cxSIB8HqIPkg5QycaH6zY/2DDD/6b3+6LNb3Mj/qxWBZDwMiEWicZw
# iPkFl32jx0PdAug7Pe2xQaPtP77blUjE7h6z8rwMK5nQxl0SQoHhg26Ccz8mSxSQ
# rllmCsSNvtLOBq6thG9IhJtPQLnxTPKvmPv2zkBdXPao8S+v7Iki8msYZbHBc63X
# 8djPHgp0XEK4aH631XcKJ1Z8D2KkPzIUYJX9BwSiCQIDAQABo4IDejCCA3YwDgYD
# VR0PAQH/BAQDAgGGMDsGA1UdJQQ0MDIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYB
# BQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCDCCAdIGA1UdIASCAckwggHFMIIBtAYK
# YIZIAYb9bAABBDCCAaQwOgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cuZGlnaWNlcnQu
# Y29tL3NzbC1jcHMtcmVwb3NpdG9yeS5odG0wggFkBggrBgEFBQcCAjCCAVYeggFS
# AEEAbgB5ACAAdQBzAGUAIABvAGYAIAB0AGgAaQBzACAAQwBlAHIAdABpAGYAaQBj
# AGEAdABlACAAYwBvAG4AcwB0AGkAdAB1AHQAZQBzACAAYQBjAGMAZQBwAHQAYQBu
# AGMAZQAgAG8AZgAgAHQAaABlACAARABpAGcAaQBDAGUAcgB0ACAAQwBQAC8AQwBQ
# AFMAIABhAG4AZAAgAHQAaABlACAAUgBlAGwAeQBpAG4AZwAgAFAAYQByAHQAeQAg
# AEEAZwByAGUAZQBtAGUAbgB0ACAAdwBoAGkAYwBoACAAbABpAG0AaQB0ACAAbABp
# AGEAYgBpAGwAaQB0AHkAIABhAG4AZAAgAGEAcgBlACAAaQBuAGMAbwByAHAAbwBy
# AGEAdABlAGQAIABoAGUAcgBlAGkAbgAgAGIAeQAgAHIAZQBmAGUAcgBlAG4AYwBl
# AC4wCwYJYIZIAYb9bAMVMBIGA1UdEwEB/wQIMAYBAf8CAQAweQYIKwYBBQUHAQEE
# bTBrMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQwYIKwYB
# BQUHMAKGN2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3Vy
# ZWRJRFJvb3RDQS5jcnQwgYEGA1UdHwR6MHgwOqA4oDaGNGh0dHA6Ly9jcmwzLmRp
# Z2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwOqA4oDaGNGh0
# dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5j
# cmwwHQYDVR0OBBYEFBUAEisTmLKZB+0e36K+Vw0rZwLNMB8GA1UdIwQYMBaAFEXr
# oq/0ksuCMS1Ri6enIZ3zbcgPMA0GCSqGSIb3DQEBBQUAA4IBAQBGUD7Jtygkpzgd
# tlspr1LPUukxR6tWXHvVDQtBs+/sdR90OPKyXGGinJXDUOSCuSPRujqGcq04eKx1
# XRcXNHJHhZRW0eu7NoR3zCSl8wQZVann4+erYs37iy2QwsDStZS9Xk+xBdIOPRqp
# FFumhjFiqKgz5Js5p8T1zh14dpQlc+Qqq8+cdkvtX8JLFuRLcEwAiR78xXm8TBJX
# /l/hHrwCXaj++wc4Tw3GXZG5D2dFzdaD7eeSDY2xaYxP+1ngIw/Sqq4AfO6cQg7P
# kdcntxbuD8O9fAqg7iwIVYUiuOsYGk38KiGtSTGDR5V3cdyxG0tLHBCcdxTBnU8v
# WpUIKRAmMYIEODCCBDQCAQEwgYMwbzELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERp
# Z2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEuMCwGA1UEAxMl
# RGlnaUNlcnQgQXNzdXJlZCBJRCBDb2RlIFNpZ25pbmcgQ0EtMQIQA6JXXk3YX9Ms
# /PL6hWtaMzAJBgUrDgMCGgUAoHgwGAYKKwYBBAGCNwIBDDEKMAigAoAAoQKAADAZ
# BgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3AgELMQ4wDAYKKwYB
# BAGCNwIBFTAjBgkqhkiG9w0BCQQxFgQUUByiEzQCXqmwqOhg2XBImnlQmcQwDQYJ
# KoZIhvcNAQEBBQAEggEAuIqDC+AL3kR1LbOXcwipwWYR343bPEv4UB//i9myoV/Y
# ewyXuwvLtjlc/JXKPDYv4nMRz5g4/esZLj0oNH4jF80mvGclxwTXWXrbdvwyuMz2
# N7y2WBoN6TZN9/UCr7eRlv7AFL02F3R8S9XibO1XSOFtcA4ROq/6truV0am/diLY
# qC/YWG6JVkQriAfNQlHkiX3Gsd4k4PhWmeaA2UMcdDom+qPqd5/2+SasD1Binwxn
# SA44i2B5dwvhG/3GC/sSkzkM3BPVBa4wRXsE6J0KJICUbauB8Z6u+iuQMUWFYQnC
# yGJoN82fU5XF8UblCIFeTRz3KrhhCoESywu+FwI3GKGCAg8wggILBgkqhkiG9w0B
# CQYxggH8MIIB+AIBATB2MGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2Vy
# dCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lD
# ZXJ0IEFzc3VyZWQgSUQgQ0EtMQIQAwGaAjr/WLFr1tXq5hfwZjAJBgUrDgMCGgUA
# oF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTQx
# MTEyMDQ0MjA5WjAjBgkqhkiG9w0BCQQxFgQUtsK/suEgStPsD5HRiom0bAEEbiow
# DQYJKoZIhvcNAQEBBQAEggEAoPoPmOH524OOT6J2YuV8WHrhuSq1OEwN/mP3Vxhh
# cWkPB8WKXlaBe/t9/JTAr7VJwj6m3znkAVdORjhT6uztDzttSDp9H4irR/hyt/GF
# 5MzFolIgTLdYRxDwJgSO/M9Z1/xzNbn6QP5dArH9PZ9fLc+ij4G1GyID06reE1QS
# 3huVpOeondwzwjDirvKsr58F+/0ee14tXXCjLA2H3mJUfe19SU6hFn2og1i4f2yk
# o7ExzMWA/GRYhhP8K5gg/eG/3VK/RlC5K+3AmedZ3XAWFBZAWm1B5ZuOpUcQkWQQ
# RF2rNhXd+zkwMEFco/jBUjefqnzEIgaY/WR23R+dhhRXGA==
# SIG # End signature block
Set-Alias ConvertFrom-Pson Invoke-Expression -Description "Convert variable from PSON"
Function ConvertTo-Pson(
[Parameter(
ValueFromPipeline=$true)]
$InputObject,
[Int]
$Depth = 9,
[Int]
$Layers = 1,
[Switch]
$Strict) {
<#
.LINK http://stackoverflow.com/questions/15139552/save-hash-table-in-powershell-object-notation-pson
#>
$Format = $Null
$Quote = If ($Depth -le 0) {""} Else {""""}
$Space = If ($Layers -le 0) {""} Else {" "}
If ($InputObject -eq $Null) {"`$Null"} Else {
$Type = "[" + $InputObject.GetType().Name + "]"
$PSON = If ($InputObject -is [Array]) {
$Format = "@(", ",$Space", ")"
If ($Depth -gt 1) {
For ($i = 0; $i -lt $InputObject.Count; $i++) {
ConvertTo-PSON $InputObject[$i] ($Depth - 1) ($Layers - 1) -Strict:$Strict
}
}
} ElseIf ($InputObject -is [Xml]) {
$Type = "[Xml]"
$String = New-Object System.IO.StringWriter
$InputObject.Save($String)
$Xml = "'" + ([String]$String).Replace("`'", "'") + "'"
If ($Layers -le 0) {
($Xml -Replace "\r\n\s*", "") -Replace "\s+", " "
} ElseIf ($Layers -eq 1) {
$Xml
} Else {
$Xml.Replace("`r`n", "`r`n`t")
}
$String.Dispose()
} ElseIf ($InputObject -is [DateTime]) {
"$Quote$($InputObject.ToString('s'))$Quote"
} ElseIf ($InputObject -is [String]) {
0..11 | ForEach {$InputObject = $InputObject.Replace([String]"```'""`0`a`b`f`n`r`t`v`$"[$_], ('`' + '`''"0abfnrtv$'[$_]))}; "$Quote$InputObject$Quote"
} ElseIf ($InputObject -is [Boolean]) {
"`$$InputObject"
} ElseIf ($InputObject -is [Char]) {
If ($Strict) {[Int]$InputObject} Else {"$Quote$InputObject$Quote"}
} ElseIf ($InputObject -is [ValueType]) {
$InputObject
} ElseIf ($InputObject -as [Hashtable]){
if($InputObject -is [System.Collections.Specialized.OrderedDictionary]){
$Type = "[Ordered]"
}
$Format = "@{", ";$Space", "}"
If ($Depth -gt 1){
$InputObject.GetEnumerator() | ForEach {"$Quote$($_.Name)$Quote" + "$Space=$Space" + (ConvertTo-PSON $_.Value ($Depth - 1) ($Layers - 1) -Strict:$Strict)}
}
} ElseIf ($InputObject -is [Object]) {
$Format = "@{", ";$Space", "}"
If ($Depth -gt 1) {
$InputObject.PSObject.Properties | ForEach {$_.Name + "$Space=$Space" + (ConvertTo-PSON $_.Value ($Depth - 1) ($Layers - 1) -Strict:$Strict)}
}
} Else {
$InputObject
}
If ($Format) {
$PSON = $Format[0] + (&{
If (($Layers -le 1) -or ($PSON.Count -le 0)) {
$PSON -Join $Format[1]
} Else {
("`r`n" + ($PSON -Join "$($Format[1])`r`n")).Replace("`r`n", "`r`n`t") + "`r`n"
}
}) + $Format[2]
}
If ($Strict) {
"$Type$PSON"
} Else {
"$PSON"
}
}
}
Export-ModuleMember -Function ConvertTo-Pson
Export-ModuleMember -Alias ConvertFrom-Pson
# remove source
$installRootDirPath = "C:\Program Files\PoshDevOps"
$installDirPath = "$installRootDirPath\Modules"
# make idempotent
if(Test-Path "$installRootDirPath"){
Remove-Item $installRootDirPath -Force -Recurse
}
# remove $PSModulePath modification
$psModulePath = [Environment]::GetEnvironmentVariable('PSModulePath','Machine')
$newPSModulePathParts = @();
$isPSModulePathModified = $false
foreach($part in $psModulePath.Split(';')){
if($part -eq $installDirPath){
$isPSModulePathModified = $true
}
else{
$newPSModulePathParts += $part;
}
}
$psModulePath = $newPSModulePathParts -join ';'
if($isPSModulePathModified){
Write-Debug "updating '$env:PSModulePath' to $psModulePath"
# save
[Environment]::SetEnvironmentVariable('PSModulePath',$psModulePath,'Machine')
}
Log in or click on link to see number of positives.
- nuget.exe (61704f7dbe23) - ## / 54
- Security.Cryptography.dll (217ddfcb7e46) - ## / 56
- poshdevops.0.0.72.nupkg (b57a58388d9f) - ## / 57
In cases where actual malware is found, the packages are subject to removal. Software sometimes has false positives. Moderators do not necessarily validate the safety of the underlying software, only that a package retrieves software from the official distribution point and/or validate embedded software against official distribution point (where distribution rights allow redistribution).
Chocolatey Pro provides runtime protection from possible malware.
Add to Builder | Version | Downloads | Last Updated | Status |
---|---|---|---|---|
PoshDevOps 0.0.72 | 906 | Sunday, March 29, 2015 | Approved | |
PoshDevOps 0.0.71 | 357 | Friday, March 27, 2015 | Approved | |
PoshDevOps 0.0.69 | 356 | Friday, March 27, 2015 | Approved | |
PoshDevOps 0.0.68 | 368 | Thursday, March 26, 2015 | Approved | |
PoshDevOps 0.0.64 | 396 | Thursday, March 26, 2015 | Approved | |
PoshDevOps 0.0.63 | 363 | Wednesday, March 25, 2015 | Approved | |
PoshDevOps 0.0.62 | 341 | Wednesday, March 25, 2015 | Approved | |
PoshDevOps 0.0.42 | 395 | Wednesday, March 25, 2015 | Approved | |
PoshDevOps 0.0.41 | 358 | Tuesday, March 24, 2015 | Approved | |
PoshDevOps 0.0.40 | 346 | Tuesday, March 24, 2015 | Approved | |
PoshDevOps 0.0.39 | 351 | Tuesday, March 24, 2015 | Approved | |
PoshDevOps 0.0.38 | 351 | Monday, March 23, 2015 | Approved | |
PoshDevOps 0.0.37 | 374 | Monday, March 23, 2015 | Approved | |
PoshDevOps 0.0.36 | 367 | Sunday, March 22, 2015 | Approved | |
PoshDevOps 0.0.35 | 361 | Sunday, March 22, 2015 | Approved | |
PoshDevOps 0.0.34 | 349 | Saturday, March 21, 2015 | Approved | |
PoshDevOps 0.0.33 | 418 | Saturday, March 21, 2015 | Approved | |
PoshDevOps 0.0.32 | 302 | Saturday, March 21, 2015 | Approved | |
PoshDevOps 0.0.31 | 352 | Saturday, March 21, 2015 | Approved | |
PoshDevOps 0.0.30 | 357 | Saturday, March 21, 2015 | Approved | |
PoshDevOps 0.0.28 | 377 | Saturday, March 21, 2015 | Approved | |
PoshDevOps 0.0.27 | 409 | Saturday, March 21, 2015 | Approved | |
PoshDevOps 0.0.13 | 461 | Friday, March 20, 2015 | Approved | |
PoshDevOps 0.0.12 | 352 | Friday, March 20, 2015 | Approved | |
PoshDevOps 0.0.6 | 375 | Wednesday, March 18, 2015 | Approved | |
PoshDevOps 0.0.4 | 318 | Wednesday, March 18, 2015 | Approved | |
PoshDevOps 0.0.2 | 326 | Monday, March 30, 2015 | Approved |
This package has no dependencies.
Ground Rules:
- This discussion is only about PoshDevOps and the PoshDevOps package. If you have feedback for Chocolatey, please contact the Google Group.
- This discussion will carry over multiple versions. If you have a comment about a particular version, please note that in your comments.
- The maintainers of this Chocolatey Package will be notified about new comments that are posted to this Disqus thread, however, it is NOT a guarantee that you will get a response. If you do not hear back from the maintainers after posting a message below, please follow up by using the link on the left side of this page or follow this link to contact maintainers. If you still hear nothing back, please follow the package triage process.
- Tell us what you love about the package or PoshDevOps, or tell us what needs improvement.
- Share your experiences with the package, or extra configuration or gotchas that you've found.
- If you use a url, the comment will be flagged for moderation until you've been whitelisted. Disqus moderated comments are approved on a weekly schedule if not sooner. It could take between 1-5 days for your comment to show up.