public/New-Password.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
function New-Password() {
    <#
    .SYNOPSIS
        Generates a new cryptographically secure password as a char array.
 
    .DESCRIPTION
        Generates a new cryptographically secure password with a given length
        using the supplied characters.
     
    .PARAMETER Chars
        An string of characters to use to build the password.
         
    .PARAMETER CharSets
        Optional. An array of choices that leverages a group of characters to use to build
        the password. The default is 'LatinAlphaUpperCase', 'LatinAlphaLowerCase', 'Digits', 'SpecialHybrid'
 
    .PARAMETER Length
        Optional. The length of the password that is generated. The default is 16
 
    .PARAMETER Validate
        Optional. A script block that validates the password to ensure it meets
        standards. The default checks for one uppercase, one lowercase, one digit,
        one special character.
     
    .PARAMETER AsSecureString
        A flag that instructs the result to be returned as a SecureString.
 
    .PARAMETER AsString
        A flag that instructs the result to be returned as a string.
     
    .EXAMPLE
        PS C:\> $pw = New-Password -Length 16 -AsSecureString -CharSets 'LatinAlphaUpperCase', 'LatinAlphaLowerCase', 'Digits', 'SpecialHybrid'
        Generates a new password with 16 characters with 1 upper, 1 lower, 1 digit, and one special character.
 
    #>

    Param(

        [int] $Length,

        [ValidateSet('LatinAlphaUpperCase', 'LatinAlphaLowerCase', 'Digits', 'Hyphen', 'Underscore', 'Brackets', 'Special', 'Space')]
        [string[]] $CharSets = $null,
        
        [string] $Chars = $null,
        
        [ScriptBlock] $Validate = $null,
        
        [Switch] $AsSecureString,

        [Switch] $AsString
    )

    if($Length -eq 0) {
        $Length = 16;
    }

    $sb = New-Object System.Text.StringBuilder
    if(!$CharSets -and $CharSets.Length -gt 0) {
        $set = (Merge-PasswordCharSets $CharSets)
        if($set -and $set.Length -gt 0) {
            $sb.Append($set) | Out-Null  
        }
    }

    if(![string]::IsNullOrWhiteSpace($Chars)) {
        $sb.Append($Chars)  | Out-Null  
    } 

    if($sb.Length -eq 0) {
        $sets = Merge-PasswordCharSets -CharSets (@('LatinAlphaUpperCase', 'LatinAlphaLowerCase', 'Digits', "SpecialHybrid"))
        $sb.Append($sets)  | Out-Null  
    }

    $permittedChars = $sb.ToString();
    $password = [char[]]@(0) * $Length;
    $bytes = [byte[]]@(0) * $Length;


    while( (Test-Password $password -Validate $Validate) -eq $false) {
        $rng = [System.Security.Cryptography.RandomNumberGenerator]::Create()
        $rng.GetBytes($bytes);
        $rng.Dispose();

        for($i = 0; $i -lt $Length; $i++) {
            $byte = $bytes[$i]
            if($byte -eq 0) {
                $index = 0;
            } else {
                $index = [int]($byte % $permittedChars.Length)
            }
            $index = [int] ($bytes[$i] % $permittedChars.Length);
            $password[$i] = [char] $permittedChars[$index];
        }
    }

    
    if($AsString.ToBool()) {
        return  (-join $password)
    }
    
    if($AsSecureString.ToBool()) {
        $secureString = New-Object System.Security.SecureString;
        foreach($char in $password) {
            $secureString.AppendChar($char)
        }
        return $secureString;
    }

    # return char array as it is not immutable like a string
    return $password;
}