From f8a5ddb9fd82def5eacbb165892e2cdadc88003a Mon Sep 17 00:00:00 2001 From: Jon Hawkesworth Date: Mon, 1 Sep 2014 21:22:18 +0100 Subject: [PATCH] This change selects the certificate from the winrm configuration and attempts to find the expiry date from that. Trond Hindenes pointed out that simply picking the first certificate from local computer certs is not guaranteed to select the correct certificate. --- windows/setup.ps1 | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/windows/setup.ps1 b/windows/setup.ps1 index 1d24ce21382..c249251d974 100644 --- a/windows/setup.ps1 +++ b/windows/setup.ps1 @@ -67,9 +67,31 @@ Foreach ($ip in $netcfg.IPAddress) { If ($ip) { $ips += $ip } } Set-Attr $result.ansible_facts "ansible_ip_addresses" $ips $psversion = $PSVersionTable.PSVersion.Major -$winrm_cert_expiry = Get-ChildItem -Path Cert:\LocalMachine\My | where Subject -EQ "CN=$env:COMPUTERNAME" | select NotAfter - Set-Attr $result.ansible_facts "ansible_powershell_version" $psversion + +$winrm_https_listener_parent_path = Get-ChildItem -Path WSMan:\localhost\Listener -Recurse | Where-Object {$_.PSChildName -eq "Transport" -and $_.Value -eq "HTTPS"} | select PSParentPath + +if ($winrm_https_listener_parent_path ) { + $winrm_https_listener_path = $winrm_https_listener_parent_path.PSParentPath.Substring($winrm_https_listener_parent_path.PSParentPath.LastIndexOf("\")) +} + +if ($winrm_https_listener_path) +{ + $https_listener = Get-ChildItem -Path "WSMan:\localhost\Listener$winrm_https_listener_path" +} + +if ($https_listener) +{ + $winrm_cert_thumbprint = $https_listener | where {$_.Name -EQ "CertificateThumbprint" } | select Value +} + +if ($winrm_cert_thumbprint) +{ + $uppercase_cert_thumbprint = $winrm_cert_thumbprint.Value.ToString().ToUpper() +} + +$winrm_cert_expiry = Get-ChildItem -Path Cert:\LocalMachine\My | where Thumbprint -EQ $uppercase_cert_thumbprint | select NotAfter + if ($winrm_cert_expiry) { Set-Attr $result.ansible_facts "ansible_winrm_certificate_expires" $winrm_cert_expiry.NotAfter.ToString("yyyy-MM-dd HH:mm:ss")