Feature/1.0.7 (#11)

* chore: Update module version to 1.0.7 and backup Entrust Security World files

* chore: Update module version to 1.0.7 and backup Entrust Security World files

Author: System-Admins-ath

README.md

@@ -8,7 +8,8 @@ PowerShell module "SystemAdmins.AdcsToolbox" for Active Directory Certificate Se
 - [Installation](#installation)
 - [Usage](#usage)
 - [Cmdlets](#cmdlets)
-  - [Backup-CADatabase](#Backup-CADatabase)
+  - [Backup-CA](#Backup-CA)
+  - Export-CACertificate
   - [Get-CACertificate](#Get-CACertificate)
   - [Get-CACommonName](#Get-CACommonName)
   - [Get-CACrlConfig](#Get-CACrlConfig)
@@ -82,7 +83,7 @@ Most AD CS servers don't have access to the internet, therefore it's required to
 
 ## Cmdlets
 
-### Backup-CADatabase
+### Backup-CA
 
 #### Synopsis
 
@@ -95,24 +96,50 @@ Backup certificate authority with or without the private key.
 | String | Path       | Backup folder path                | False    | C:\Path\To\My\Folder |
 | Switch | PrivateKey | Include private key in the backup | True     |                      |
 
-### Output
-
-Hashtable
-
 #### Example(s)
 
 Create a backup without a private key to the folder "C:\Backup".
 
 ```powershell
-Backup-CADatabase -Path 'C:\Backup'
+Backup-CA -Path 'C:\Backup'
 ```
 
 Create a backup with the private key to the folder "C:\Backup".
 
 ```powershell
-Backup-CADatabase -Path 'C:\Backup' -PrivateKey
+Backup-CA -Path 'C:\Backup' -PrivateKey
 ```
 
+### Output
+
+Hashtable
+
+
+
+### Export-CACertificate
+
+#### Synopsis
+
+Export certificate authority certificate (public key).
+
+#### Parameter(s)
+
+| Type   | Parameter  | Description        | Optional | Accepted Values      |
+| ------ | ---------- | ------------------ | -------- | -------------------- |
+| String | FolderPath | Backup folder path | False    | C:\Path\To\My\Folder |
+
+#### Example(s)
+
+Export the CA certificate (public key) the folder "C:\Backup".
+
+```powershell
+Export-CACertificate -FolderPath 'C:\Backup'
+```
+
+### Output
+
+String
+
 
 
 ### Get-CACertificate

src/SystemAdmins.AdcsToolbox/SystemAdmins.AdcsToolbox.psd1

@@ -3,7 +3,7 @@
     RootModule           = 'SystemAdmins.AdcsToolbox.psm1';
 
     # Version number of this module.
-    ModuleVersion        = '1.0.6';
+    ModuleVersion        = '1.0.7';
 
     # Supported PSEditions
     CompatiblePSEditions = @('Desktop');

src/SystemAdmins.AdcsToolbox/private/entrust/Backup-EntrustSecurityWorld.ps1

@@ -0,0 +1,92 @@
+function Backup-EntrustSecurityWorld
+{
+    <#
+    .SYNOPSIS
+        Backup Entrust Security World files.
+    .DESCRIPTION
+        Creates a folder and backup the Entrust Security World files to the folder.
+    .PARAMETER Path
+        Backup path.
+    .EXAMPLE
+        Backup-EntrustSecurityWorld -Path 'C:\Backup';
+    #>
+    [cmdletbinding()]
+    [OutputType([pscustomobject])]
+    param
+    (
+        # Backup path.
+        [Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true)]
+        [ValidateNotNullOrEmpty()]
+        [ValidateScript({ $_ -match '^[a-zA-Z]:\\' })]
+        [ValidateScript({ Test-Path $_ -PathType 'Container' -IsValid })]
+        [string]$Path = $script:ModuleBackupFolder
+    )
+
+    BEGIN
+    {
+        # Write to log.
+        $customProgress = Write-CustomProgress -Activity $MyInvocation.MyCommand.Name -CurrentOperation 'Backup Entrust Security World';
+
+        # Get if the software is installed.
+        $isInstalled = Test-EntrustSecurityWorldInstalled;
+
+        # Construct the backup folder.
+        $backupFolderPath = Join-Path -Path $Path -ChildPath 'EntrustSecurityWorld';
+
+        # Security World data folder.
+        $securityWorldDataFolderPath = Join-Path -Path $env:NFAST_KMDATA -ChildPath 'local';
+
+        # Result object.
+        $result = [pscustomobject]@{
+            BackupFolderPath            = $backupFolderPath;
+            SecurityWorldDataFolderPath = $securityWorldDataFolderPath;
+        };
+    }
+    PROCESS
+    {
+        # If the software is not installed.
+        if ($true -eq $isInstalled)
+        {
+            # If the backup path does not exist.
+            if (-not (Test-Path -Path $backupFolderPath))
+            {
+                # Write to log.
+                Write-CustomLog -Message ("Creating backup folder '{0}'" -f $backupFolderPath) -Level Verbose;
+
+                # Create the path.
+                $null = New-Item -Path $backupFolderPath -ItemType 'Directory' -Force;
+            }
+
+            # If the Security World folder does not exist.
+            if (-not (Test-Path -Path $securityWorldDataFolderPath))
+            {
+                # Write to log.
+                Write-CustomLog -Message ("Security World data folder '{0}' does not exist, skipping backup" -f $securityWorldDataFolderPath) -Level Verbose;
+            }
+            # Else the Security World folder exist.
+            else
+            {
+                # Write to log.
+                Write-CustomLog -Message ("Copying all files from '{0}' to '{1}'" -f $securityWorldDataFolderPath, $backupFolder) -Level Verbose;
+
+                # Copy the files from the folder.
+                $null = Copy-Item -Path ($securityWorldDataFolderPath + '\*') -Destination $backupFolder -Recurse -Force;
+
+                # Write to event log.
+                Write-CustomEventLog -EventId 152 -AdditionalMessage ('Backup folder is {0}' -f $backupFolder);
+            }
+        }
+    }
+    END
+    {
+        # Write to log.
+        Write-CustomProgress @customProgress;
+
+        # If the software is installed.
+        if ($true -eq $isInstalled)
+        {
+            # Return result.
+            return $result;
+        }
+    }
+}

src/SystemAdmins.AdcsToolbox/private/entrust/Test-EntrustSecurityWorldInstalled.ps1

@@ -0,0 +1,61 @@
+function Test-EntrustSecurityWorldInstalled
+{
+    <#
+    .SYNOPSIS
+        Test if the Entrust Security World Software is installed.
+    .DESCRIPTION
+        Return true or false.
+    .EXAMPLE
+        Test-EntrustSecurityWorldInstalled;
+    #>
+    [cmdletbinding()]
+    [OutputType([bool])]
+    param
+    (
+    )
+
+    BEGIN
+    {
+        # Write to log.
+        $customProgress = Write-CustomProgress -Activity $MyInvocation.MyCommand.Name -CurrentOperation 'Check if Entrust Security World Software is installed';
+
+        # Boolean to return.
+        [bool]$isInstalled = $false;
+    }
+    PROCESS
+    {
+        # If the software is installed.
+        if (-not [string]::IsNullOrEmpty($env:NFAST_KMDATA))
+        {
+            # Write to log.
+            Write-CustomLog -Message 'Entrust Security World Software is installed' -Level Verbose;
+
+            # Test if the folder exist.
+            if (Test-Path -Path $env:NFAST_KMDATA)
+            {
+                # Write to log.
+                Write-CustomLog -Message ("Security World data folder '{0}' exist" -f $env:NFAST_KMDATA) -Level Verbose;
+
+                # Set boolean to true.
+                $isInstalled = $true;
+            }
+        }
+        # Else the role is not installed.
+        else
+        {
+            # Write to log.
+            Write-CustomLog -Message 'Entrust Security World Software is not installed' -Level Verbose;
+
+            # Write to event log.
+            Write-CustomEventLog -EventId 151;
+        }
+    }
+    END
+    {
+        # Write to log.
+        Write-CustomProgress @customProgress;
+
+        # Return boolean.
+        return $isInstalled;
+    }
+}

src/SystemAdmins.AdcsToolbox/private/module/eventlog.json

@@ -184,5 +184,17 @@
         "entryType": "Warning",
         "logName": "Application",
         "message": "The request was could not be removed"
+    },
+    {
+        "eventId": 151,
+        "entryType": "Information",
+        "logName": "Application",
+        "message": "Entrust Security World Software is not installed"
+    },
+    {
+        "eventId": 152,
+        "entryType": "Information",
+        "logName": "Application",
+        "message": "Created a copy of the Entrust Security World files"
     }
 ]

…AdcsToolbox/public/Backup-CADatabase.ps1 …mAdmins.AdcsToolbox/public/Backup-CA.ps1src/SystemAdmins.AdcsToolbox/public/Backup-CADatabase.ps1 renamed to src/SystemAdmins.AdcsToolbox/public/Backup-CA.ps1 src/SystemAdmins.AdcsToolbox/public/Backup-CADatabase.ps1 renamed to src/SystemAdmins.AdcsToolbox/public/Backup-CA.ps1

@@ -1,4 +1,4 @@
-function Backup-CADatabase
+function Backup-CA
 {
     <#
     .SYNOPSIS
@@ -10,9 +10,9 @@ function Backup-CADatabase
     .PARAMETER PrivateKey
         Backup private key.
     .EXAMPLE
-        Backup-CADatabase -Path 'C:\Backup';
+        Backup-CA -Path 'C:\Backup';
     .EXAMPLE
-        Backup-CADatabase -Path 'C:\Backup' -PrivateKey;
+        Backup-CA -Path 'C:\Backup' -PrivateKey;
     #>
     [cmdletbinding()]
     [OutputType([pscustomobject])]
@@ -27,7 +27,11 @@ function Backup-CADatabase
 
         # Private key backup.
         [Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true)]
-        [switch]$PrivateKey
+        [switch]$PrivateKey,
+
+        # Password for the backup.
+        [Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true)]
+        [string]$Password
     )
 
     BEGIN
@@ -64,8 +68,11 @@ function Backup-CADatabase
         }
 
         # If the path does not exist.
-        if (-not (Test-Path $Path))
+        if (-not (Test-Path -Path $Path))
         {
+            # Write to log.
+            Write-CustomLog -Message ("Creating backup folder '{0}'" -f $Path) -Level Verbose;
+
             # Create the path.
             $null = New-Item -Path $Path -ItemType 'Directory' -Force;
         }
@@ -86,6 +93,25 @@ function Backup-CADatabase
         # Get the common name of the certificate authority.
         $commonName = Get-CACommonName;
 
+        # Splatting for the backup.
+        $backupSplat = @{
+            Path        = $Path;
+            ErrorAction = 'Stop';
+        };
+
+        # If the password is set.
+        if (-not [string]::IsNullOrEmpty($Password))
+        {
+            # Write to log.
+            Write-CustomLog -Message 'Backup will be password protected' -Level Verbose;
+
+            # Convert the password to a secure string.
+            $securePassword = ConvertTo-SecureString -String $Password -AsPlainText -Force;
+
+            # Add password to the splat.
+            $null = $backupSplat.Add('Password', $securePassword);
+        }
+
         # Object to return.
         [pscustomobject]$result = [pscustomobject]@{
             DatabasePath   = ('{0}\DataBase' -f $Path);
@@ -94,20 +120,33 @@ function Backup-CADatabase
     }
     PROCESS
     {
+        # Export CA certificate.
+        $null = Export-CACertificate -FolderPath $Path;
+
         # If private key backup is requested.
         if ($true -eq $PrivateKey)
         {
             # Write to event log.
             Write-CustomEventLog -EventId 12;
 
+            # If Entrust Security World is installed.
+            if ($true -eq (Test-EntrustSecurityWorldInstalled))
+            {
+                # Backup Entrust Security World.
+                $entrustSecurityWorld = Backup-EntrustSecurityWorld -Path $Path;
+
+                # Add member to result.
+                $null = Add-Member -InputObject $result -MemberType NoteProperty -Name 'EntrustSecurityWorldPath' -Value $entrustSecurityWorld.BackupFolderPath -Force;
+            }
+
             # Try to backup the private key.
             try
             {
                 # Write to log.
                 Write-CustomLog -Message ("Trying to backup the database with private key to the directory '{0}'" -f $Path) -Level Verbose;
 
                 # Backup the database.
-                Backup-CARoleService -Path $Path -KeepLog -Force -ErrorAction Stop;
+                Backup-CARoleService @backupSplat;
 
                 # Write to log.
                 Write-CustomLog -Message ("Successfully made a backup of the database including the private key to the directory '{0}'" -f $Path) -Level Verbose;
@@ -128,7 +167,7 @@ function Backup-CADatabase
                 Write-CustomEventLog -EventId 3;
 
                 # Backup without private key.
-                $null = Backup-CADatabase -Path $Path;
+                $null = Backup-CA -Path $Path;
             }
         }
         # Else backup without private key.
@@ -144,7 +183,7 @@ function Backup-CADatabase
                 Write-CustomLog -Message ("Trying to backup the database without the private key to the directory '{0}'" -f $Path) -Level Verbose;
 
                 # Backup the database.
-                Backup-CARoleService -Path $Path -DatabaseOnly -KeepLog -Force -ErrorAction Stop;
+                Backup-CARoleService -DatabaseOnly @backupSplat;
 
                 # Write to log.
                 Write-CustomLog -Message ("Successfully made a backup of the database without the private key to the directory '{0}'" -f $Path) -Level Verbose;