xcat-core/xCAT-server/share/xcat/netboot/windows/xcatlibs.psm1

# IBM(c) 2013 EPL license http://www.eclipse.org/legal/epl-v10.html
# This function specifically validates that the peer we are talking to is signed by the xCAT blessed CA and no other CA
Function xCAT-Verify-Cert ($sender, $cert, $chain, $polerrs) {
        foreach ($cert in $chain.chainElements) {
                $cathumb=$cert.Certificate.thumbprint
        }
	if ($scrpt:xcatcacert.thumbprint -ne $cathumb) {
		return $false
	}
	return $true
}

#we import the xCAT certificate authority into the appropriate scope
Function xCAT-Import-CA ( $certpath ) {
	$script:xcatcacert=Import-Certificate -FilePath $certpath -CertStoreLocation Cert:\LocalMachine\root 
}
Function xCAT-Remove-CA () {
	rm cert:\localmachine\root\$script:xcatcacert.thumbprint
}
First pass at some xCAT powershell functions to build updatemynodestat/reportip/updateflag out of in name of removing compiled code git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@15253 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd 2013-02-25 22:05:33 +00:00			`# IBM(c) 2013 EPL license http://www.eclipse.org/legal/epl-v10.html`
			`# This function specifically validates that the peer we are talking to is signed by the xCAT blessed CA and no other CA`
			`Function xCAT-Verify-Cert ($sender, $cert, $chain, $polerrs) {`
			`foreach ($cert in $chain.chainElements) {`
			`$cathumb=$cert.Certificate.thumbprint`
			`}`
			`if ($scrpt:xcatcacert.thumbprint -ne $cathumb) {`
			`return $false`
			`}`
			`return $true`
			`}`

			`#we import the xCAT certificate authority into the appropriate scope`
			`Function xCAT-Import-CA ( $certpath ) {`
			`$script:xcatcacert=Import-Certificate -FilePath $certpath -CertStoreLocation Cert:\LocalMachine\root`
			`}`
			`Function xCAT-Remove-CA () {`
			`rm cert:\localmachine\root\$script:xcatcacert.thumbprint`
			`}`