From d62e566fea5bd8101c8576895a3d605e654b3ad7 Mon Sep 17 00:00:00 2001
From: Christian Stein <cstein@netways.de>
Date: Thu, 26 Mar 2020 18:08:48 +0100
Subject: [PATCH] Adds Cmdlets to enable/disable untrusted certificates for
 rest endpoints

---
 ...-IcingaUntrustedCertificateValidation.psm1 | 14 ++++++++++
 ...-IcingaUntrustedCertificateValidation.psm1 | 27 +++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 lib/web/Disable-IcingaUntrustedCertificateValidation.psm1
 create mode 100644 lib/web/Enable-IcingaUntrustedCertificateValidation.psm1

diff --git a/lib/web/Disable-IcingaUntrustedCertificateValidation.psm1 b/lib/web/Disable-IcingaUntrustedCertificateValidation.psm1
new file mode 100644
index 0000000..386d9d5
--- /dev/null
+++ b/lib/web/Disable-IcingaUntrustedCertificateValidation.psm1
@@ -0,0 +1,14 @@
+function Disable-IcingaUntrustedCertificateValidation()
+{
+    try {
+        [System.Net.ServicePointManager]::CertificatePolicy = $null;
+
+        Write-Host 'Successfully disabled untrusted certificate validation for this shell instance';
+    } catch {
+        Write-Host (
+            [string]::Format(
+                'Failed to disable untrusted certificate policy: {0}', $_.Exception.Message
+            )
+        );
+    }
+}
diff --git a/lib/web/Enable-IcingaUntrustedCertificateValidation.psm1 b/lib/web/Enable-IcingaUntrustedCertificateValidation.psm1
new file mode 100644
index 0000000..7fd9f54
--- /dev/null
+++ b/lib/web/Enable-IcingaUntrustedCertificateValidation.psm1
@@ -0,0 +1,27 @@
+function Enable-IcingaUntrustedCertificateValidation()
+{
+    try {
+        # There is no other way as to use C# for this specific
+        # case to configure the certificate validation check
+        add-type @"
+        using System.Net;
+        using System.Security.Cryptography.X509Certificates;
+
+        public class IcingaUntrustedCertificateValidation : ICertificatePolicy {
+            public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) {
+                return true;
+            }
+        }
+"@
+
+        [System.Net.ServicePointManager]::CertificatePolicy = New-Object IcingaUntrustedCertificateValidation;
+
+        Write-Host 'Successfully enabled untrusted certificate validation for this shell instance';
+    } catch {
+        Write-Host (
+            [string]::Format(
+                'Failed to enable untrusted certificate policy: {0}', $_.Exception.Message
+            )
+        );
+    }
+}