Private/ConvertFrom-DuneSecureString.ps1
|
<# .SYNOPSIS Decode a SecureString to its plain-text value. .DESCRIPTION Converts a SecureString back to plain text in a way that is compatible with both PowerShell 7+ (`ConvertFrom-SecureString -AsPlainText`) and Windows PowerShell 5.1 (via Marshal/BSTR). Non-SecureString input is returned as-is; `$null` returns `$null`. .PARAMETER SecureString The SecureString to decode. Accepts `$null` and plain strings for convenience. .EXAMPLE PS> ConvertFrom-DuneSecureString -SecureString $DuneSession.Token Returns the plain-text JWT for use in an Authorization header. #> function ConvertFrom-DuneSecureString { [CmdletBinding()] param( [Parameter(Mandatory)] [AllowNull()] $SecureString ) if ($null -eq $SecureString) { return $null } if ($SecureString -isnot [System.Security.SecureString]) { return [string]$SecureString } # PowerShell 7+: ConvertFrom-SecureString supports -AsPlainText $convertCmd = Get-Command ConvertFrom-SecureString -ErrorAction SilentlyContinue if ($convertCmd -and $convertCmd.Parameters.Keys -contains 'AsPlainText') { return ($SecureString | ConvertFrom-SecureString -AsPlainText) } # Windows PowerShell 5.1 fallback $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecureString) try { return [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr) } finally { if ($bstr) { [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($bstr) } } } |