DSCResources/MSFT_SPTrustedRootAuthority/MSFT_SPTrustedRootAuthority.psm1

function Get-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.Collections.Hashtable])]
    param
    (
        [Parameter(Mandatory = $true)]
        [System.String]
        $Name,

        [Parameter(Mandatory = $true)]
        [System.String]
        $CertificateThumbprint,

        [Parameter()]
        [ValidateSet("Present","Absent")]
        [System.String]
        $Ensure = "Present",

        [Parameter()]
        [System.Management.Automation.PSCredential]
        $InstallAccount
    )

    Write-Verbose "Getting Trusted Root Authority with name '$Name'"
    $result = Invoke-SPDSCCommand -Credential $InstallAccount `
                                  -Arguments $PSBoundParameters `
                                  -ScriptBlock {
        $params = $args[0]

        $rootCert = Get-SPTrustedRootAuthority -Identity $params.Name -ErrorAction SilentlyContinue

        $ensure = "Absent"

        if($null -eq $rootCert)
        {
            return @{
                Name = $params.Name
                CertificateThumbprint = [string]::Empty
                Ensure = $ensure
            }
        }
        else
        {
            $ensure = "Present"

            return @{
                Name = $params.Name
                CertificateThumbprint = $rootCert.Certificate.Thumbprint
                Ensure = $ensure
            }
        }
    }

    return $result
}

function Set-TargetResource
{
    [CmdletBinding()]
    param
    (
       [Parameter(Mandatory = $true)]
        [System.String]
        $Name,

        [Parameter(Mandatory = $true)]
        [System.String]
        $CertificateThumbprint,

        [Parameter()]
        [ValidateSet("Present","Absent")]
        [System.String]
        $Ensure = "Present",

        [Parameter()]
        [System.Management.Automation.PSCredential]
        $InstallAccount
    )

    Write-Verbose -Message "Setting SPTrustedRootAuthority '$Name'"

    $CurrentValues = Get-TargetResource @PSBoundParameters
    if ($Ensure -eq "Present" -and $CurrentValues.Ensure -eq "Present")
    {
        Write-Verbose -Message "Updating SPTrustedRootAuthority '$Name'"
        $result = Invoke-SPDSCCommand -Credential $InstallAccount `
                                      -Arguments $PSBoundParameters `
                                      -ScriptBlock {
            $params = $args[0]
            $cert = Get-Item -Path "CERT:\LocalMachine\My\$($params.CertificateThumbprint)" `
                             -ErrorAction SilentlyContinue

            if ($null -eq $cert)
            {
                throw "Certificate not found in the local Certificate Store"
            }

            if ($cert.HasPrivateKey)
            {
                $pubKeyBytes = $cert.Export("cert")
                $cert2 = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
                $cert2.Import($pubKeyBytes)
                $cert = $cert2
            }

            Set-SPTrustedRootAuthority -Identity $params.Name -Certificate $cert
        }
    }
    if ($Ensure -eq "Present" -and $CurrentValues.Ensure -eq "Absent")
    {
        Write-Verbose -Message "Adding SPTrustedRootAuthority '$Name'"
        $result = Invoke-SPDSCCommand -Credential $InstallAccount `
                                      -Arguments $PSBoundParameters `
                                      -ScriptBlock {
            $params = $args[0]

            $cert = Get-Item -Path "CERT:\LocalMachine\My\$($params.CertificateThumbprint)" `
                             -ErrorAction SilentlyContinue

            if($null -eq $cert)
            {
                throw "Certificate not found in the local Certificate Store"
            }

            if($cert.HasPrivateKey)
            {
                $pubKeyBytes = $cert.Export("cert")
                $cert2 = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
                $cert2.Import($pubKeyBytes)
                $cert = $cert2
            }

            New-SPTrustedRootAuthority -Name $params.Name -Certificate $cert
        }
    }
    if ($Ensure -eq "Absent")
    {
        Write-Verbose -Message "Removing SPTrustedRootAuthority '$Name'"
        $result = Invoke-SPDSCCommand -Credential $InstallAccount `
                                      -Arguments $PSBoundParameters `
                                      -ScriptBlock {
            $params = $args[0]
            Remove-SPTrustedRootAuthority -Identity $params.Name `
                                          -ErrorAction SilentlyContinue
        }
    }
}

function Test-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.Boolean])]
    param
    (
        [Parameter(Mandatory = $true)]
        [System.String]
        $Name,

        [Parameter(Mandatory = $true)]
        [System.String]
        $CertificateThumbprint,

        [Parameter()]
        [ValidateSet("Present","Absent")]
        [System.String]
        $Ensure = "Present",

        [Parameter()]
        [System.Management.Automation.PSCredential]
        $InstallAccount
    )

    Write-Verbose -Message "Testing SPTrustedRootAuthority '$Name'"

    $CurrentValues = Get-TargetResource @PSBoundParameters
    if($Ensure -eq "Present")
    {
        return Test-SPDscParameterState -CurrentValues $CurrentValues `
                                        -DesiredValues $PSBoundParameters `
                                        -ValuesToCheck @("Name","CertificateThumbprint","Ensure")
    }
    else
    {
         return Test-SPDscParameterState -CurrentValues $CurrentValues `
                                        -DesiredValues $PSBoundParameters `
                                        -ValuesToCheck @("Name","Ensure")
    }
}

Export-ModuleMember -Function *-TargetResource