diff --git a/Posh-ACME/Public/Export-PAAccountKey.ps1 b/Posh-ACME/Public/Export-PAAccountKey.ps1 index 9acd24f1..8c989840 100644 --- a/Posh-ACME/Public/Export-PAAccountKey.ps1 +++ b/Posh-ACME/Public/Export-PAAccountKey.ps1 @@ -23,7 +23,7 @@ function Export-PAAccountKey { } Process { - trap { $PSCmdlet.ThrowTerminatingError($PSItem) } + trap { $PSCmdlet.ThrowTerminatingError($_) } # throw an error if there's no current account and no ID passed in if (-not $ID -and -not ($acct = Get-PAAccount)) { diff --git a/Posh-ACME/Public/Get-KeyAuthorization.ps1 b/Posh-ACME/Public/Get-KeyAuthorization.ps1 index 9c98cc0d..20090ed5 100644 --- a/Posh-ACME/Public/Get-KeyAuthorization.ps1 +++ b/Posh-ACME/Public/Get-KeyAuthorization.ps1 @@ -29,23 +29,20 @@ function Get-KeyAuthorization { # strings. Begin { + trap { $PSCmdlet.ThrowTerminatingError($_) } + # make sure any account passed in is actually associated with the current server # or if no account was specified, that there's a current account. if (-not $Account) { if (-not ($Account = Get-PAAccount)) { - try { throw "No Account parameter specified and no current account selected. Try running Set-PAAccount first." } - catch { $PSCmdlet.ThrowTerminatingError($_) } - } - } else { - if ($Account.id -notin (Get-PAAccount -List).id) { - try { throw "Specified account id $($Account.id) was not found in the current server's account list." } - catch { $PSCmdlet.ThrowTerminatingError($_) } + throw "No Account parameter specified and no current account selected. Try running Set-PAAccount first." } + } elseif ($Account.id -notin (Get-PAAccount -List).id) { + throw "Specified account id $($Account.id) was not found in the current server's account list." } # make sure it's valid if ($Account.status -ne 'valid') { - try { throw "Account status is $($Account.status)." } - catch { $PSCmdlet.ThrowTerminatingError($_) } + throw "Account status is $($Account.status)." } # hydrate the account key diff --git a/Posh-ACME/Public/Get-PAAuthorization.ps1 b/Posh-ACME/Public/Get-PAAuthorization.ps1 index 2c62972f..9d69f427 100644 --- a/Posh-ACME/Public/Get-PAAuthorization.ps1 +++ b/Posh-ACME/Public/Get-PAAuthorization.ps1 @@ -10,17 +10,18 @@ function Get-PAAuthorization { ) Begin { - # Make sure there's a valid account - if (-not $Account) { - if (-not ($Account = Get-PAAccount)) { - try { throw "No Account parameter specified and no current account selected. Try running Set-PAAccount first." } - catch { $PSCmdlet.ThrowTerminatingError($_) } + try { + # Make sure there's a valid account + if (-not $Account) { + if (-not ($Account = Get-PAAccount)) { + throw "No Account parameter specified and no current account selected. Try running Set-PAAccount first." + } + } + if ($Account.status -ne 'valid') { + throw "Account status is $($Account.status)." } } - if ($Account.status -ne 'valid') { - try { throw "Account status is $($Account.status)." } - catch { $PSCmdlet.ThrowTerminatingError($_) } - } + catch { $PSCmdlet.ThrowTerminatingError($_) } } Process { diff --git a/Posh-ACME/Public/Get-PACertificate.ps1 b/Posh-ACME/Public/Get-PACertificate.ps1 index 895c6046..0ebe7e11 100644 --- a/Posh-ACME/Public/Get-PACertificate.ps1 +++ b/Posh-ACME/Public/Get-PACertificate.ps1 @@ -13,11 +13,13 @@ function Get-PACertificate { ) Begin { - # Make sure we have an account configured - if (-not (Get-PAAccount)) { - try { throw "No ACME account configured. Run Set-PAAccount or New-PAAccount first." } - catch { $PSCmdlet.ThrowTerminatingError($_) } + try { + # Make sure we have an account configured + if (-not (Get-PAAccount)) { + throw "No ACME account configured. Run Set-PAAccount or New-PAAccount first." + } } + catch { $PSCmdlet.ThrowTerminatingError($_) } # prep to calculate SHA1 thumbprints $sha1 = [Security.Cryptography.SHA1CryptoServiceProvider]::new() @@ -27,7 +29,10 @@ function Get-PACertificate { # since the params in this function are a subset of the params for Get-PAOrder, we're # just going to pass them directly to it to get order(s) associated with the certificates - Get-PAOrder @PSBoundParameters | ForEach-Object { + if (-not ($orders = Get-PAOrder @PSBoundParameters)) { + return + } + $orders | ForEach-Object { $order = $_ $certFile = Join-Path $order.Folder 'cert.cer' diff --git a/Posh-ACME/Public/Get-PAOrder.ps1 b/Posh-ACME/Public/Get-PAOrder.ps1 index 9996381c..4bbf704c 100644 --- a/Posh-ACME/Public/Get-PAOrder.ps1 +++ b/Posh-ACME/Public/Get-PAOrder.ps1 @@ -13,11 +13,13 @@ function Get-PAOrder { ) Begin { - # Make sure we have an account configured - if (-not ($acct = Get-PAAccount)) { - try { throw "No ACME account configured. Run Set-PAAccount or New-PAAccount first." } - catch { $PSCmdlet.ThrowTerminatingError($_) } + try { + # Make sure we have an account configured + if (-not ($acct = Get-PAAccount)) { + throw "No ACME account configured. Run Set-PAAccount or New-PAAccount first." + } } + catch { $PSCmdlet.ThrowTerminatingError($_) } } Process { diff --git a/Posh-ACME/Public/Get-PAPluginArgs.ps1 b/Posh-ACME/Public/Get-PAPluginArgs.ps1 index e2a3f456..e660dfdd 100644 --- a/Posh-ACME/Public/Get-PAPluginArgs.ps1 +++ b/Posh-ACME/Public/Get-PAPluginArgs.ps1 @@ -10,11 +10,13 @@ function Get-PAPluginArgs { ) Begin { - # Make sure we have an account configured - if (-not ($acct = Get-PAAccount)) { - try { throw "No ACME account configured. Run Set-PAAccount or New-PAAccount first." } - catch { $PSCmdlet.ThrowTerminatingError($_) } + try { + # Make sure we have an account configured + if (-not ($acct = Get-PAAccount)) { + throw "No ACME account configured. Run Set-PAAccount or New-PAAccount first." + } } + catch { $PSCmdlet.ThrowTerminatingError($_) } function SecureDeserialize { [CmdletBinding()] diff --git a/Posh-ACME/Public/Invoke-HttpChallengeListener.ps1 b/Posh-ACME/Public/Invoke-HttpChallengeListener.ps1 index f25587e8..fbb2f0ea 100644 --- a/Posh-ACME/Public/Invoke-HttpChallengeListener.ps1 +++ b/Posh-ACME/Public/Invoke-HttpChallengeListener.ps1 @@ -21,11 +21,13 @@ function Invoke-HttpChallengeListener { Begin { - # Make sure we have an account configured - if (-not ($acct = Get-PAAccount)) { - try { throw "No ACME account configured. Run Set-PAAccount or New-PAAccount first." } - catch { $PSCmdlet.ThrowTerminatingError($_) } + try { + # Make sure we have an account configured + if (-not ($acct = Get-PAAccount)) { + throw "No ACME account configured. Run Set-PAAccount or New-PAAccount first." + } } + catch { $PSCmdlet.ThrowTerminatingError($_) } # account present, lets start # if ListenerTimeout is set to zero, write a warning diff --git a/Posh-ACME/Public/New-PAAuthorization.ps1 b/Posh-ACME/Public/New-PAAuthorization.ps1 index d1baa6c3..e6c27c68 100644 --- a/Posh-ACME/Public/New-PAAuthorization.ps1 +++ b/Posh-ACME/Public/New-PAAuthorization.ps1 @@ -9,23 +9,23 @@ function New-PAAuthorization { ) Begin { - # Make sure the current server actually supports pre-authorization - if (-not $script:Dir.newAuthz) { - try { throw "The current ACME server does not support pre-authorization. Use New-PAOrder or New-PACertificate instead." } - catch { $PSCmdlet.ThrowTerminatingError($_) } - } + try { + # Make sure the current server actually supports pre-authorization + if (-not $script:Dir.newAuthz) { + throw "The current ACME server does not support pre-authorization. Use New-PAOrder or New-PACertificate instead." + } - # Make sure there's a valid account - if (-not $Account) { - if (-not ($Account = Get-PAAccount)) { - try { throw "No Account parameter specified and no current account selected. Try running Set-PAAccount first." } - catch { $PSCmdlet.ThrowTerminatingError($_) } + # Make sure there's a valid account + if (-not $Account) { + if (-not ($Account = Get-PAAccount)) { + throw "No Account parameter specified and no current account selected. Try running Set-PAAccount first." + } + } + if ($Account.status -ne 'valid') { + throw "Account status is $($Account.status)." } } - if ($Account.status -ne 'valid') { - try { throw "Account status is $($Account.status)." } - catch { $PSCmdlet.ThrowTerminatingError($_) } - } + catch { $PSCmdlet.ThrowTerminatingError($_) } # super lazy IPv4 address regex, but we just need to be able to # distinguish from an FQDN diff --git a/Posh-ACME/Public/New-PAOrder.ps1 b/Posh-ACME/Public/New-PAOrder.ps1 index 105624dc..385e6399 100644 --- a/Posh-ACME/Public/New-PAOrder.ps1 +++ b/Posh-ACME/Public/New-PAOrder.ps1 @@ -53,11 +53,13 @@ function New-PAOrder { [switch]$Force ) - # Make sure we have an account configured - if (-not ($acct = Get-PAAccount)) { - try { throw "No ACME account configured. Run Set-PAAccount or New-PAAccount first." } - catch { $PSCmdlet.ThrowTerminatingError($_) } + try { + # Make sure we have an account configured + if (-not ($acct = Get-PAAccount)) { + throw "No ACME account configured. Run Set-PAAccount or New-PAAccount first." + } } + catch { $PSCmdlet.ThrowTerminatingError($_) } # If using a pre-generated CSR, extract the details so we can generate expected parameters if ('FromCSR' -eq $PSCmdlet.ParameterSetName) { diff --git a/Posh-ACME/Public/Remove-PAOrder.ps1 b/Posh-ACME/Public/Remove-PAOrder.ps1 index 29e3373f..761d1988 100644 --- a/Posh-ACME/Public/Remove-PAOrder.ps1 +++ b/Posh-ACME/Public/Remove-PAOrder.ps1 @@ -11,11 +11,13 @@ function Remove-PAOrder { ) Begin { - # Make sure we have an account configured - if (-not ($acct = Get-PAAccount)) { - try { throw "No ACME account configured. Run Set-PAAccount or New-PAAccount first." } - catch { $PSCmdlet.ThrowTerminatingError($_) } + try { + # Make sure we have an account configured + if (-not ($acct = Get-PAAccount)) { + throw "No ACME account configured. Run Set-PAAccount or New-PAAccount first." + } } + catch { $PSCmdlet.ThrowTerminatingError($_) } } Process { diff --git a/Posh-ACME/Public/Revoke-PAAuthorization.ps1 b/Posh-ACME/Public/Revoke-PAAuthorization.ps1 index 90557740..6d622960 100644 --- a/Posh-ACME/Public/Revoke-PAAuthorization.ps1 +++ b/Posh-ACME/Public/Revoke-PAAuthorization.ps1 @@ -11,23 +11,20 @@ function Revoke-PAAuthorization { ) Begin { + trap { $PSCmdlet.ThrowTerminatingError($_) } + # make sure any account passed in is actually associated with the current server # or if no account was specified, that there's a current account. if (-not $Account) { if (-not ($Account = Get-PAAccount)) { - try { throw "No Account parameter specified and no current account selected. Try running Set-PAAccount first." } - catch { $PSCmdlet.ThrowTerminatingError($_) } - } - } else { - if ($Account.id -notin (Get-PAAccount -List).id) { - try { throw "Specified account id $($Account.id) was not found in the current server's account list." } - catch { $PSCmdlet.ThrowTerminatingError($_) } + throw "No Account parameter specified and no current account selected. Try running Set-PAAccount first." } + } elseif ($Account.id -notin (Get-PAAccount -List).id) { + throw "Specified account id $($Account.id) was not found in the current server's account list." } # make sure it's valid if ($Account.status -ne 'valid') { - try { throw "Account status is $($Account.status)." } - catch { $PSCmdlet.ThrowTerminatingError($_) } + throw "Account status is $($Account.status)." } # build the header template diff --git a/Posh-ACME/Public/Revoke-PACertificate.ps1 b/Posh-ACME/Public/Revoke-PACertificate.ps1 index 2a1cf389..63bfa353 100644 --- a/Posh-ACME/Public/Revoke-PACertificate.ps1 +++ b/Posh-ACME/Public/Revoke-PACertificate.ps1 @@ -19,8 +19,16 @@ function Revoke-PACertificate { ) Begin { - # grab a reference to the current account if it exists - $acct = Get-PAAccount + # make sure we have a server configured + if (-not (Get-PAServer)) { + try { throw "No ACME server configured. Run Set-PAServer first." } + catch { $PSCmdlet.ThrowTerminatingError($_) } + } + + try { + # grab a reference to the current account if it exists + $acct = Get-PAAccount + } catch {} if ($Force){ $ConfirmPreference = 'None' @@ -34,12 +42,21 @@ function Revoke-PACertificate { if ('MainDomain' -eq $PSCmdlet.ParameterSetName) { + if (-not $acct) { + try { throw "No ACME account configured. Run Set-PAAccount or New-PAAccount first." } + catch { $PSCmdlet.ThrowTerminatingError($_) } + } + + if (-not $Name -and -not $MainDomain) { + try { throw "Please specify either MainDomain or Name parameters." } + catch { $PSCmdlet.WriteError($_); return } + } + # check for a unique matching order if ($Name) { - $order = Get-PAOrder -Name $Name - if (-not $order) { - Write-Error "No order found matching Name '$Name'." - return + if (-not ($order = Get-PAOrder -Name $Name)) { + try { throw "No order found matching Name '$Name'." } + catch { $PSCmdlet.WriteError($_); return } } } else { $matchingOrders = @(Get-PAOrder -List | Where-Object { $_.MainDomain -eq $MainDomain }) @@ -47,18 +64,18 @@ function Revoke-PACertificate { $order = $matchingOrders } elseif ($matchingOrders.Count -ge 2) { # error because we can't be sure which object to affect - Write-Error "Multiple orders found for MainDomain '$MainDomain'. Please specify Name as well." - return + try { throw "Multiple orders found for MainDomain '$MainDomain'. Please specify Name as well." } + catch { $PSCmdlet.WriteError($_); return } } else { - Write-Error "No order found matching MainDomain '$MainDomain'." - return + try { throw "No order found matching MainDomain '$MainDomain'." } + catch { $PSCmdlet.WriteError($_); return } } } # check for an existing certificate if (-not ($paCert = $order | Get-PACertificate)) { try { throw "No existing certificate found for $MainDomain." } - catch { $PSCmdlet.ThrowTerminatingError($_) } + catch { $PSCmdlet.WriteError($_); return } } # set the cert file path @@ -72,10 +89,10 @@ function Revoke-PACertificate { throw "Malformed certificate file: $CertFile" } } - catch { $PSCmdlet.ThrowTerminatingError($_) } + catch { $PSCmdlet.WriteError($_); return } # remove the header/footer and convert to Base64Url as ACME expects - $certStr = $certStr.Replace($pemHeader,'').Replace($pemFooter,'') | + $certStr = $certStr.Replace($pemHeader,'').Replace($pemFooter,'').Trim() | ConvertTo-Base64Url -FromBase64 # Now we need to decide how we're going to sign to request. It can either @@ -85,8 +102,8 @@ function Revoke-PACertificate { # the cert. # https://datatracker.ietf.org/doc/html/rfc5280#section-5.3.1 # - # BuyPass currently only implements Account key based revocation, so we - # can't just default to using the Cert key when it's available. + # BuyPass currently only implements Account key based revocation and throws + # an Internal Server Error if you try to revoke via the cert key. # check the private key if ($KeyFile) { @@ -131,10 +148,6 @@ function Revoke-PACertificate { # set the key $acmeParams.Key = $certKey - } elseif (-not $acct) { - try { throw "No ACME account configured. Run Set-PAAccount or New-PAAccount first." } - catch { $PSCmdlet.ThrowTerminatingError($_) } - } else { Write-Debug "Attempting to use account key" @@ -159,6 +172,7 @@ function Revoke-PACertificate { # send the request if ($PSCmdlet.ShouldProcess($CertFile)){ + Write-Verbose "Sending revocation request." try { Invoke-ACME @acmeParams | Out-Null } catch { $PSCmdlet.ThrowTerminatingError($_) } diff --git a/Posh-ACME/Public/Send-ChallengeAck.ps1 b/Posh-ACME/Public/Send-ChallengeAck.ps1 index 588f326b..37cb8af8 100644 --- a/Posh-ACME/Public/Send-ChallengeAck.ps1 +++ b/Posh-ACME/Public/Send-ChallengeAck.ps1 @@ -8,23 +8,20 @@ function Send-ChallengeAck { ) Begin { + trap { $PSCmdlet.ThrowTerminatingError($_) } + # make sure any account passed in is actually associated with the current server # or if no account was specified, that there's a current account. if (-not $Account) { if (-not ($Account = Get-PAAccount)) { - try { throw "No Account parameter specified and no current account selected. Try running Set-PAAccount first." } - catch { $PSCmdlet.ThrowTerminatingError($_) } - } - } else { - if ($Account.id -notin (Get-PAAccount -List).id) { - try { throw "Specified account id $($Account.id) was not found in the current server's account list." } - catch { $PSCmdlet.ThrowTerminatingError($_) } + throw "No Account parameter specified and no current account selected. Try running Set-PAAccount first." } + } elseif ($Account.id -notin (Get-PAAccount -List).id) { + throw "Specified account id $($Account.id) was not found in the current server's account list." } # make sure it's valid if ($Account.status -ne 'valid') { - try { throw "Account status is $($Account.status)." } - catch { $PSCmdlet.ThrowTerminatingError($_) } + throw "Account status is $($Account.status)." } } diff --git a/Posh-ACME/Public/Set-PAOrder.ps1 b/Posh-ACME/Public/Set-PAOrder.ps1 index 8d1d54b6..5afdade6 100644 --- a/Posh-ACME/Public/Set-PAOrder.ps1 +++ b/Posh-ACME/Public/Set-PAOrder.ps1 @@ -58,11 +58,13 @@ function Set-PAOrder { ) Begin { - # Make sure we have an account configured - if (-not ($acct = Get-PAAccount)) { - try { throw "No ACME account configured. Run Set-PAAccount or New-PAAccount first." } - catch { $PSCmdlet.ThrowTerminatingError($_) } + try { + # Make sure we have an account configured + if (-not ($acct = Get-PAAccount)) { + throw "No ACME account configured. Run Set-PAAccount or New-PAAccount first." + } } + catch { $PSCmdlet.ThrowTerminatingError($_) } # PfxPassSecure takes precedence over PfxPass if both are specified but we # need the value in plain text. So we'll just take over the PfxPass variable diff --git a/Posh-ACME/Public/Submit-Renewal.ps1 b/Posh-ACME/Public/Submit-Renewal.ps1 index d66e322e..3c95ba9b 100644 --- a/Posh-ACME/Public/Submit-Renewal.ps1 +++ b/Posh-ACME/Public/Submit-Renewal.ps1 @@ -18,10 +18,12 @@ function Submit-Renewal { Begin { # make sure we have an account if renewing all or a specific order if ($PSCmdlet.ParameterSetName -in 'Specific','AllOrders') { - if (-not (Get-PAAccount)) { - try { throw "No ACME account configured. Run Set-PAAccount or New-PAAccount first." } - catch { $PSCmdlet.ThrowTerminatingError($_) } + try { + if (-not (Get-PAAccount)) { + throw "No ACME account configured. Run Set-PAAccount or New-PAAccount first." + } } + catch { $PSCmdlet.ThrowTerminatingError($_) } } }