[+] Added Passphrase support

AdessoTorbenSoenneckenTest · AdessoTorbenSoenneckenTest · commit 614ea0b4ea4f · 2023-08-15T16:32:11.000+02:00
diff --git a/PSGithubUtils/PSGithubUtils.psd1 b/PSGithubUtils/PSGithubUtils.psd1
@@ -12,7 +12,7 @@
     RootModule        = 'PSGithubUtils.psm1'
 
     # Version number of this module.
-    ModuleVersion     = '0.1.0'
+    ModuleVersion     = '0.2.0'
 
     # Supported PSEditions
     # CompatiblePSEditions = @()
@@ -94,7 +94,7 @@
 
         PSData = @{
             # Tags applied to this module. These help with module discovery in online galleries.
-            Tags                       = @("Github", "API Client")
+            Tags                       = @("Github", "JWT", "Invitation")
 
             # A URL to the license for this module.
             LicenseUri                 = 'https://github.com/RootITUp/PSGithubUtils/LICENSE.md'
diff --git a/PSGithubUtils/PSGithubUtils.psm1 b/PSGithubUtils/PSGithubUtils.psm1
@@ -24,4 +24,5 @@ if ($PSVersionTable.PSVersion.Major -lt 7){
     throw [System.NotImplementedException]::new($PSVersionTable.PSVersion)
 }
 
-Add-Type -Path $securityLibPath
+Add-Type -Path $securityLibPath
+Add-Type -TypeDefinition (Get-Content -Path ".\lib\Private\BasicPasswordFinder.cs" -Raw) -ReferencedAssemblies @($securityLibPath)
diff --git a/PSGithubUtils/Private/Get-JWTToken.ps1 b/PSGithubUtils/Private/Get-JWTToken.ps1
@@ -1,13 +1,16 @@
 function Get-JWTToken {
     param(
-        [Parameter(Mandatory, ParameterSetName="Data")]
+        [Parameter(Mandatory, ParameterSetName = "Data")]
         [string]
         $KeyData,
-        [Parameter(Mandatory, ParameterSetName="Path")]
+        [Parameter(Mandatory, ParameterSetName = "Path")]
         [string]
         $KeyPath,
-        [Parameter(Mandatory, ParameterSetName="Data")]
-        [Parameter(Mandatory, ParameterSetName="Path")]
+        [Parameter(ParameterSetName = "Path")]
+        [string]
+        $Passphrase,
+        [Parameter(Mandatory, ParameterSetName = "Data")]
+        [Parameter(Mandatory, ParameterSetName = "Path")]
         [int]
         $AppId,
         [ValidateScript({ $_ -gt 30 })]
@@ -37,17 +40,19 @@ function Get-JWTToken {
     # D) Create Signature
 
     ## 1.) Load PEM
-    if ($PSCmdlet.ParameterSetName -eq "Path"){
+    if ($PSCmdlet.ParameterSetName -eq "Path") {
         $KeyData = Get-Content -Path $KeyPath -Raw
     }
-    $reader = [System.IO.StringReader]::new($keyData)
+
+    $reader = [System.IO.StringReader]::new($KeyData)
     try{
-        $pemReader = New-Object Org.BouncyCastle.OpenSsl.PemReader $reader
+        $pemReader = New-Object Org.BouncyCastle.OpenSsl.PemReader $reader, ([BasicPasswordFinder]::new($Passphrase))
         $keyPair = $pemReader.ReadObject()
-    }finally{
+    }
+    finally {
         $reader.Close()
     }
-
+    
     ## 2.) Prepare Signer
     $signer = [Org.BouncyCastle.Security.SignerUtilities]::GetSigner("SHA256withRSA")
     $signer.Init($true, $keyPair.Private)
diff --git a/PSGithubUtils/Public/Get-GithubToken.ps1 b/PSGithubUtils/Public/Get-GithubToken.ps1
@@ -29,6 +29,9 @@ function Get-GithubToken {
         [Parameter(Mandatory, ParameterSetName = "Path")]
         [string]
         $KeyPath,
+        [Parameter(ParameterSetName = "Path")]
+        [string]
+        $Passphrase,
         [Parameter(Mandatory, ParameterSetName = "Data")]
         [Parameter(Mandatory, ParameterSetName = "Path")]
         [int]
@@ -44,7 +47,7 @@ function Get-GithubToken {
             $jwt = Get-JWTToken -AppId $AppId -KeyData $KeyData
         }
         "Path" {
-            $jwt = Get-JWTToken -AppId $AppId -KeyPath $KeyPath
+            $jwt = Get-JWTToken -AppId $AppId -KeyPath $KeyPath -Passphrase $Passphrase
         }
         default {
             throw [System.NotImplementedException]::new($PSCmdlet.ParameterSetName)
diff --git a/PSGithubUtils/lib/Private/BasicPasswordFinder.cs b/PSGithubUtils/lib/Private/BasicPasswordFinder.cs
@@ -0,0 +1,14 @@
+using  Org.BouncyCastle.OpenSsl;
+
+public class BasicPasswordFinder : IPasswordFinder
+{
+    private readonly string _password;
+
+    public BasicPasswordFinder(string password){
+        this._password = password;
+    }
+
+    public char[] GetPassword() {
+        return this._password.ToCharArray();
+    }
+}
diff --git a/README.md b/README.md
@@ -11,6 +11,11 @@ $token = Get-GithubToken -KeyPath C:\secret.pem -AppId 2131234 -InstallationId 5
 New-OrganizationMember -Token $token -Organization "Organization123" -Email "asdasd@test.de"
 ```
 
+```powershell
+# Given a private key encrypted via "openssl rsa -in secret.pem -aes256 -out encrypted-secret.pem"
+$token = Get-GithubToken -KeyPath C:\encrypted-secret.pem -Passphrase $passphrase -AppId 2131234 -InstallationId 5342523356
+```
+
 ## Using PowerShellForGithub
 
 ```powershell

Original file line number	Diff line number	Diff line change
`@@ -24,4 +24,5 @@ if ($PSVersionTable.PSVersion.Major -lt 7){`
`24`	`24`	`throw [System.NotImplementedException]::new($PSVersionTable.PSVersion)`
`25`	`25`	`}`
`26`	`26`
`27`		`-Add-Type -Path $securityLibPath`
	`27`	`+Add-Type -Path $securityLibPath`
	`28`	`+Add-Type -TypeDefinition (Get-Content -Path ".\lib\Private\BasicPasswordFinder.cs" -Raw) -ReferencedAssemblies @($securityLibPath)`