(#160) Removes Duplicate CCM Cert Functionality

Removes the duplicated logic in the Set-CCMCertificate script, and improves the Set-CCMCertificate functions a bit.
chocolatey · May 28, 2024 · 28fc13c · 28fc13c
1 parent e44e8cb
commit 28fc13c
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 50 deletions.
diff --git a/Set-SslSecurity.ps1 b/Set-SslSecurity.ps1
@@ -239,13 +239,12 @@ process {
     }
 
     <# CCM #>
+    Stop-CcmService    
     # Update the service certificate
     Set-CcmCertificate -CertificateThumbprint $Certificate.Thumbprint
-
     # Remove old CCM web binding, and add new CCM web binding
-    Stop-CcmService
     Remove-CcmBinding
-    New-CcmBinding
+    New-CcmBinding -Thumbprint $Certificate.Thumbprint
     Start-CcmService
 
     # Create the site hosting the certificate import script on port 80

diff --git a/scripts/Get-Helpers.ps1 b/scripts/Get-Helpers.ps1
@@ -1793,7 +1793,6 @@ function Stop-CCMService {
 function Remove-CcmBinding {
     [CmdletBinding()]
     param()
-
     process {
         Write-Verbose "Removing existing bindings"
         netsh http delete sslcert ipport=0.0.0.0:443
@@ -1802,7 +1801,9 @@ function Remove-CcmBinding {
 
 function New-CcmBinding {
     [CmdletBinding()]
-    param()
+    param(
+        $Thumbprint
+    )
     Write-Verbose "Adding new binding https://${SubjectWithoutCn} to Chocolatey Central Management"
 
     $guid = [Guid]::NewGuid().ToString("B")
@@ -1834,13 +1835,14 @@ function Set-CcmCertificate {
         [String]
         $CertificateThumbprint
     )
-
     process {
-        Stop-Service chocolatey-central-management
         $jsonData = Get-Content $env:ChocolateyInstall\lib\chocolatey-management-service\tools\service\appsettings.json | ConvertFrom-Json
         $jsonData.CertificateThumbprint = $CertificateThumbprint
         $jsonData | ConvertTo-Json | Set-Content $env:chocolateyInstall\lib\chocolatey-management-service\tools\service\appsettings.json
-        Start-Service chocolatey-central-management
+
+        if ((Get-Service).Status -eq 'Running') {
+            Restart-Service chocolatey-central-management
+        }
     }
 }
 

diff --git a/scripts/Set-CCMCert.ps1 b/scripts/Set-CCMCert.ps1
@@ -29,48 +29,16 @@ param(
     [string]$Thumbprint
 )
 
-begin {
-    if($host.name -ne 'ConsoleHost') {
-        Write-Warning "This script cannot be ran from within PowerShell ISE"
-        Write-Warning "Please launch powershell.exe as an administrator, and run this script again"
-        break
-    }
+if($host.name -ne 'ConsoleHost') {
+    Write-Warning "This script cannot be ran from within PowerShell ISE"
+    Write-Warning "Please launch powershell.exe as an administrator, and run this script again"
+    break
 }
 
-process {
+. $PSScriptRoot\Get-Helpers.ps1
 
-    #Stop Central Management components
-        Stop-Service chocolatey-central-management
-        Get-Process chocolateysoftware.chocolateymanagement.web* | Stop-Process -ErrorAction SilentlyContinue -Force
-
-    #Remove existing bindings
-        Write-Verbose "Removing existing bindings"
-        netsh http delete sslcert ipport=0.0.0.0:443
-
-    #Add new CCM Web IIS Binding
-        Write-Verbose "Adding new IIS binding to Chocolatey Central Management"
-        $guid = [Guid]::NewGuid().ToString("B")
-        netsh http add sslcert ipport=0.0.0.0:443 certhash=$CertificateThumbprint certstorename=MY appid="$guid"
-        Get-WebBinding -Name ChocolateyCentralManagement | Remove-WebBinding
-        New-WebBinding -Name ChocolateyCentralManagement -Protocol https -Port 443 -SslFlags 0 -IpAddress '*'        
-
-    #Write Thumbprint to CCM Service appsettings.json
-        $appSettingsJson = 'C:\ProgramData\chocolatey\lib\chocolatey-management-service\tools\service\appsettings.json'
-        $json = Get-Content $appSettingsJson | ConvertFrom-Json
-        $json.CertificateThumbprint = $CertificateThumbprint
-        $json | ConvertTo-Json | Set-Content $appSettingsJson -Force
-
-    #Try Restarting CCM Service
-        try {
-            Start-Service chocolatey-central-management -ErrorAction Stop
-        }
-        catch {
-            #Try again...
-            Start-Service chocolatey-central-management -ErrorAction SilentlyContinue
-        }
-        finally {
-            if ((Get-Service chocolatey-central-management).Status -ne 'Running') {
-             Write-Warning "Unable to start Chocolatey Central Management service, please start manually in Services.msc"
-            }
-        }
-}
+Stop-CCMService
+Remove-CCMBinding
+New-CCMBinding -Thumbprint $Thumbprint
+Set-CCMCertificate -CertificateThumbprint $Thumbprint
+Start-CCMService