Public/Get-PAAuthorizations.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
function Get-PAAuthorizations {
    [CmdletBinding()]
    [OutputType('PoshACME.PAAuthorization')]
    param(
        [Parameter(Mandatory,Position=0,ValueFromPipeline,ValueFromPipelineByPropertyName)]
        [Alias('authorizations')]
        [string[]]$AuthURLs
    )

    # Every order has an array of authorization URLs that can be used to
    # retrieve the current state of the authorization object which we want to
    # return to the caller. However, most of what a caller would care about is
    # the state of the associated challenges for that authorization.

    # To make processing easier, we're going to flatten the challenge data so you don't
    # have to loop into a sub-array. This may get unwieldy if too many additional
    # challenge types are added in the future.

    Begin {
        # Make sure we have an account configured
        if (!($acct = Get-PAAccount)) {
            throw "No ACME account configured. Run Set-PAAccount or New-PAAccount first."
        }
    }

    Process {
        foreach ($AuthUrl in $AuthUrls) {

            # request the object
            try {
                $header = @{alg=$acct.alg; kid=$acct.location;nonce=$script:Dir.nonce;url=$AuthUrl}
                $response = Invoke-ACME $header ([String]::Empty) $acct -EA Stop
                $auth = $response.Content | ConvertFrom-Json
            } catch {
                if ($_.ErrorDetails.Message -like '*Expired authorization*') {
                    Write-Warning "Authorization has expired. Unable to retrieve details."
                    continue
                } else { throw }
            }
            # inject the type name
            $auth.PSObject.TypeNames.Insert(0,'PoshACME.PAAuthorization')
            Write-Debug "Response: $($auth | ConvertTo-Json)"

            # fix any dates that may have been parsed by PSCore's JSON serializer
            $auth.expires = Repair-ISODate $auth.expires

            # add "nice to have" members to the auth object
            $auth | Add-Member -MemberType NoteProperty -Name 'DNSId' -Value $auth.identifier.value
            $auth | Add-Member -MemberType NoteProperty -Name 'fqdn' -Value "$(if ($auth.wildcard) {'*.'})$($auth.DNSId)"
            $auth | Add-Member -MemberType NoteProperty -Name 'location' -Value $AuthUrl

            # add members that expose the details of the 'dns-01' challenge
            # in the root of the object
            $auth | Add-Member -MemberType NoteProperty -Name 'DNS01Status' -Value $null
            $auth | Add-Member -MemberType NoteProperty -Name 'DNS01Url' -Value $null
            $auth | Add-Member -MemberType NoteProperty -Name 'DNS01Token' -Value $null

            $dnsChallenge = $auth.challenges | Where-Object { $_.type -eq 'dns-01' }
            if ($dnsChallenge) {
                $auth.DNS01Status = $dnsChallenge.status
                $auth.DNS01Url    = $dnsChallenge.url
                $auth.DNS01Token  = $dnsChallenge.token
            }

            # add members that expose the details of the 'http-01' challenge
            # in the root of the object
            $auth | Add-Member -MemberType NoteProperty -Name 'HTTP01Status' -Value $null
            $auth | Add-Member -MemberType NoteProperty -Name 'HTTP01Url' -Value $null
            $auth | Add-Member -MemberType NoteProperty -Name 'HTTP01Token' -Value $null

            $httpChallenge = $auth.challenges | Where-Object { $_.type -eq 'http-01' }
            if ($httpChallenge) {
                $auth.HTTP01Status = $httpChallenge.status
                $auth.HTTP01Url    = $httpChallenge.url
                $auth.HTTP01Token  = $httpChallenge.token
            }

            Write-Output $auth

        }
    }





    <#
    .SYNOPSIS
        Get the authorizations associated with a particular order or set of authorization URLs.
 
    .DESCRIPTION
        Returns details such as fqdn, status, expiration, and challenges for one or more ACME authorizations.
 
    .PARAMETER AuthURLs
        One or more authorization URLs. You also pipe in one or more PoshACME.PAOrder objects.
 
    .EXAMPLE
        Get-PAAuthorizations https://acme.example.com/authz/1234567
 
        Get the authorization for the specified URL.
 
    .EXAMPLE
        Get-PAOrder | Get-PAAuthorizations
 
        Get the authorizations for the current order on the current account.
 
    .EXAMPLE
        Get-PAOrder -List | Get-PAAuthorizations
 
        Get the authorizations for all orders on the current account.
 
    .LINK
        Project: https://github.com/rmbolger/Posh-ACME
 
    .LINK
        Get-PAOrder
 
    .LINK
        New-PAOrder
 
    #>

}