ACME-PS

1.0.5-beta1

functions/Order/New-Order.ps1

                                function New-Order {

    <#

        .SYNOPSIS

            Creates a new order object.

        .DESCRIPTION

            Creates a new order object to be used for signing a new certificate including all submitted identifiers.

        .PARAMETER State

            The state object, that is used in this module, to provide easy access to the ACME service directory,

            your account key, the associated account and the replay nonce.

        .PARAMETER Identifiers

            The list of identifiers, which will be covered by the certificates subject alternative names.

        .PARAMETER NotBefore

            Earliest date the certificate should be considered valid.

        .PARAMETER NotAfter

            Latest date the certificate should be considered valid.

        .PARAMETER CertDN

            If set, this will be used as Distinguished Name for the CSR that will be send to the ACME service by Complete-Order.

            If not set, the first identifier will be used as CommonName (CN=Identifier).

            Make sure to provide a valid X500DistinguishedName.

        .EXAMPLE

            PS> New-Order -Directory $myDirectory -AccountKey $myAccountKey -KeyId $myKid -Nonce $myNonce -Identifiers $myIdentifiers

        .EXAMPLE

            PS> New-Order -Identifiers (New-Identifier "dns" "www.test.com")

    #>

    [CmdletBinding(SupportsShouldProcess=$true)]

    param(

        [Parameter(Mandatory = $true, Position = 0)]

        [ValidateNotNull()]

        [ValidateScript({$_.Validate()})]

        [AcmeState]

        $State,

        [Parameter(Mandatory = $true)]

        [ValidateNotNullOrEmpty()]

        [AcmeIdentifier[]] $Identifiers,

        [Parameter()]

        [System.DateTimeOffset] $NotBefore,

        [Parameter()]

        [System.DateTimeOffset] $NotAfter,

        [Parameter()]

        [string] $CertDN

    )

    $payload = @{

        "identifiers" = @($Identifiers | Select-Object @{N="type";E={$_.Type}}, @{N="value";E={$_.Value}})

    };

    if($NotBefore -and $NotAfter) {

        $payload.Add("notBefore", $NotBefore.ToString("o"));

        $payload.Add("notAfter", $NotAfter.ToString("o"));

    }

    $requestUrl = $State.GetServiceDirectory().NewOrder;

    $csrOptions = [AcmeCsrOptions]::new()

    if(-not [string]::IsNullOrWhiteSpace($CertDN)) {

        try {

            [X500DistinguishedName]::new($CertDN) | Out-Null;

        } catch {

            throw "'$CertDN' is not a valid X500 distinguished name";

        }

        $csrOptions.DistinguishedName = $CertDN;

    } else {

        $csrOptions.DistinguishedName = "CN=$($Identifiers[0].Value)";

    }

    if($PSCmdlet.ShouldProcess("Order", "Create new order with ACME Service")) {

        $response = Invoke-SignedWebRequest $requestUrl $State $payload;

        $order = [AcmeOrder]::new($response, $csrOptions);

        $state.AddOrder($order);

        return $order;

    }

}