Public/Get-PAAuthorization.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
function Get-PAAuthorization {
    [CmdletBinding()]
    [OutputType('PoshACME.PAAuthorization')]
    param(
        [Parameter(Mandatory,Position=0,ValueFromPipeline,ValueFromPipelineByPropertyName)]
        [Alias('authorizations')]
        [string[]]$AuthURLs,
        [Parameter(Position=1)]
        [PSTypeName('PoshACME.PAAccount')]$Account
    )

    Begin {
        # Make sure there's a valid account
        if (-not $Account) {
            if (-not ($Account = Get-PAAccount)) {
                try { throw "No Account parameter specified and no current account selected. Try running Set-PAAccount first." }
                catch { $PSCmdlet.ThrowTerminatingError($_) }
            }
        }
        if ($Account.status -ne 'valid') {
            try { throw "Account status is $($Account.status)." }
            catch { $PSCmdlet.ThrowTerminatingError($_) }
        }
    }

    Process {
        foreach ($AuthUrl in $AuthUrls) {

            # request the object
            try {
                $header = @{
                    alg   = $Account.alg
                    kid   = $Account.location
                    nonce = $script:Dir.nonce
                    url   = $AuthUrl
                }
                $response = Invoke-ACME $header ([String]::Empty) $Account -EA Stop
            } catch [AcmeException] {
                if ($_.Exception.Data.status -eq 404) {
                    Write-Warning "Authorization not found on server. $($_.Exception.Data.detail)"
                    continue
                } else { throw }
            }

            # Look for Retry-After header. We're not yet ready to do anything with it
            # but it can be useful for debugging.
            # https://datatracker.ietf.org/doc/html/rfc8555#section-8.2
            if ($response.Headers.ContainsKey('Retry-After')) {
                $retryAfter = $response.Headers['Retry-After']
                Write-Debug "Retry-After = $retryAfter"
            }

            ConvertTo-PAAuthorization $response.Content $AuthUrl
        }
    }
}