
#Requires -Version 4.0

$modulePath = Join-Path -Path (Split-Path -Path (Split-Path -Path $PSScriptRoot -Parent) -Parent) -ChildPath 'Modules'

# Import the Certificate Common Modules
Import-Module -Name (Join-Path -Path $modulePath `
                               -ChildPath (Join-Path -Path 'CertificateDsc.Common' `
                                                     -ChildPath 'CertificateDsc.Common.psm1'))

# Import the Certificate Resource Helper Module
Import-Module -Name (Join-Path -Path $modulePath `
                               -ChildPath (Join-Path -Path 'CertificateDsc.ResourceHelper' `
                                                     -ChildPath 'CertificateDsc.ResourceHelper.psm1'))

# Import Localization Strings
$localizedData = Get-LocalizedData `
    -ResourceName 'MSFT_xPfxImport' `
    -ResourcePath (Split-Path -Parent $Script:MyInvocation.MyCommand.Path)

    Returns the current state of the PFX Certificte file that should be imported.
    .PARAMETER Thumbprint
    The thumbprint (unique identifier) of the PFX file you're importing.
    The Windows Certificate Store Location to import the PFX file to.
    .PARAMETER Location
    The Windows Certificate Store Location to import the PFX file to.
    .PARAMETER Store
    The Windows Certificate Store Name to import the PFX file to.
    .PARAMETER Exportable
    Determines whether the private key is exportable from the machine after it has been imported.
    .PARAMETER Credential
    A [PSCredential] object that is used to decrypt the PFX file. Only the password is used, so any user name is valid.
    .PARAMETER Ensure
    Specifies whether the PFX file should be present or absent.

function Get-TargetResource
        [Parameter(Mandatory = $true)]
        [ValidateScript( { $_ | Test-Thumbprint } )]

        [Parameter(Mandatory = $true)]
        [ValidateScript( { $_ | Test-CertificatePath } )]

        [Parameter(Mandatory = $true)]
        [ValidateSet('CurrentUser', 'LocalMachine')]

        [Parameter(Mandatory = $true)]

        $Exportable = $false,


        [ValidateSet('Present', 'Absent')]
        $Ensure = 'Present'

    $certificateStore = 'Cert:' |
        Join-Path -ChildPath $Location |
        Join-Path -ChildPath $Store

    Write-Verbose -Message ( @(
            "$($MyInvocation.MyCommand): "
            $($LocalizedData.GettingPfxStatusMessage -f $Thumbprint,$certificateStore)
        ) -join '' )

    if ((Test-Path $certificateStore) -eq $false)
        New-InvalidArgumentError `
            -ErrorId 'CertificateStoreNotFound' `
            -ErrorMessage ($LocalizedData.CertificateStoreNotFoundError -f $certificateStore)

    $checkEnsure = [Bool](
        $certificateStore |
        Get-ChildItem |
        Where-Object -FilterScript {$_.Thumbprint -ieq $Thumbprint}
    if ($checkEnsure)
        $Ensure = 'Present'
        $Ensure = 'Absent'

        Thumbprint = $Thumbprint
        Path       = $Path
        Location   = $Location
        Store      = $Store
        Exportable = $Exportable
        Ensure     = $Ensure
} # end function Get-TargetResource

function Test-TargetResource
        [Parameter(Mandatory = $true)]
        [ValidateScript( { $_ | Test-Thumbprint } )]

        [Parameter(Mandatory = $true)]
        [ValidateScript( { $_ | Test-CertificatePath } )]

        [Parameter(Mandatory = $true)]
        [ValidateSet('CurrentUser', 'LocalMachine')]

        [Parameter(Mandatory = $true)]

        $Exportable = $false,


        [ValidateSet('Present', 'Absent')]
        $Ensure = 'Present'

    $result = @(Get-TargetResource @PSBoundParameters)

    $certificateStore = 'Cert:' |
        Join-Path -ChildPath $Location |
        Join-Path -ChildPath $Store

    Write-Verbose -Message ( @(
            "$($MyInvocation.MyCommand): "
            $($LocalizedData.TestingPfxStatusMessage -f $Thumbprint,$certificateStore)
        ) -join '' )

    if ($Ensure -ne $result.Ensure)
        return $false
    return $true
} # end function Test-TargetResource

function Set-TargetResource
        [Parameter(Mandatory = $true)]
        [ValidateScript( { $_ | Test-Thumbprint } )]

        [Parameter(Mandatory = $true)]
        [ValidateScript( { $_ | Test-CertificatePath } )]

        [Parameter(Mandatory = $true)]
        [ValidateSet('CurrentUser', 'LocalMachine')]

        [Parameter(Mandatory = $true)]

        $Exportable = $false,


        [ValidateSet('Present', 'Absent')]
        $Ensure = 'Present'

    $certificateStore = 'Cert:' |
        Join-Path -ChildPath $Location |
        Join-Path -ChildPath $Store

    Write-Verbose -Message ( @(
            "$($MyInvocation.MyCommand): "
            $($LocalizedData.SettingPfxStatusMessage -f $Thumbprint,$certificateStore)
        ) -join '' )

    if ($Ensure -ieq 'Present')
        if ($PSCmdlet.ShouldProcess(($LocalizedData.ImportingPfxShould `
            -f $Path,$certificateStore)))
            # Import the certificate into the Store
            Write-Verbose -Message ( @(
                    "$($MyInvocation.MyCommand): "
                    $($LocalizedData.ImportingPfxMessage -f $Path,$certificateStore)
                ) -join '' )

            $param = @{
                Exportable        = $Exportable
                CertStoreLocation = $certificateStore
                FilePath          = $Path
            if ($Credential)
                $param['Password'] = $Credential.Password
            Import-PfxCertificate @param
    elseif ($Ensure -ieq 'Absent')
        # Remove the certificate from the Store
        Write-Verbose -Message ( @(
                "$($MyInvocation.MyCommand): "
                $($LocalizedData.RemovingPfxMessage -f $Thumbprint,$certificateStore)
            ) -join '' )

        Get-ChildItem -Path $certificateStore |
            Where-Object { $_.Thumbprint -ieq $thumbprint } |
            Remove-Item -Force
} # end function Set-TargetResource

Export-ModuleMember -Function *-TargetResource