diff --git a/.gitignore b/.gitignore index 01d2d27..cd948f2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,6 @@ -plan +plan/ .claude +.idea/ +Audit_*/ +*.csv +*.bat \ No newline at end of file diff --git a/AuditLogCLI.ps1 b/AuditLogCLI.ps1 index bc1bd90..aff3d82 100644 --- a/AuditLogCLI.ps1 +++ b/AuditLogCLI.ps1 @@ -92,8 +92,10 @@ function Write-Log { # FONCTION : Initialize-ApiClient # Force TLS 1.2 et accepte les certificats auto-signes (equivalent curl -k) # ===================================================================== +$script:CurlAvailable = $false + function Initialize-ApiClient { - [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 -bor [Net.SecurityProtocolType]::Tls11 -bor [Net.SecurityProtocolType]::Tls if (-not ([System.Management.Automation.PSTypeName]'TrustAllCertsPolicy').Type) { Add-Type @" @@ -109,6 +111,27 @@ public class TrustAllCertsPolicy : ICertificatePolicy { "@ } [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy + + $script:CurlAvailable = [bool](Get-Command curl.exe -ErrorAction SilentlyContinue) +} + +function Test-SslError { + param([System.Exception]$Exception) + $msg = $Exception.Message + return ($msg -match "SSL" -or $msg -match "TLS" -or $msg -match "confiance" -or $msg -match "trust" -or $msg -match "certificate" -or $msg -match "envoi") +} + +function Invoke-CurlGet { + param( + [string]$Url, + [string]$Username, + [AllowEmptyString()][string]$Password + ) + $output = & curl.exe -s -k -u "${Username}:${Password}" -H "Accept: text/csv, application/json, text/plain, */*" $Url 2>&1 + if ($LASTEXITCODE -ne 0) { + throw "curl GET erreur (exit code $LASTEXITCODE): $output" + } + return ($output | Out-String) } # ===================================================================== @@ -202,7 +225,17 @@ function Invoke-AuditLogGet { [AllowEmptyString()][string]$Password ) $headers = Get-AuthHeader -Username $Username -Password $Password - return Invoke-WebRequest -Uri $Url -Method GET -Headers $headers -UseBasicParsing -TimeoutSec 30 + try { + $response = Invoke-WebRequest -Uri $Url -Method GET -Headers $headers -UseBasicParsing -TimeoutSec 30 + return $response.Content + } + catch { + if ((Test-SslError -Exception $_.Exception) -and $script:CurlAvailable) { + Write-Log -Message "Bascule sur curl.exe -k (echec TLS .NET)" -Level WARN + return Invoke-CurlGet -Url $Url -Username $Username -Password $Password + } + throw + } } # ===================================================================== @@ -261,17 +294,17 @@ foreach ($automate in $automates) { Write-Log -Message "[$hostname] GET $url (user: $($creds.Username))" -Level INFO - $response = Invoke-AuditLogGet -Url $url -Username $creds.Username -Password $creds.Password + $content = Invoke-AuditLogGet -Url $url -Username $creds.Username -Password $creds.Password if ($OutputFormat -eq "PerAutomate") { $filePath = Join-Path $outputDir "$ip.csv" - Set-Content -Path $filePath -Value $response.Content -Encoding UTF8 + Set-Content -Path $filePath -Value $content -Encoding UTF8 Write-Log -Message "[$hostname] Journal d'audit ecrit : $filePath" -Level OK } else { # Suppose une reponse API au format CSV (comme le .bat d'origine qui # ecrit directement la reponse brute dans un fichier .csv) - $rows = @($response.Content | ConvertFrom-Csv) + $rows = @($content | ConvertFrom-Csv) foreach ($row in $rows) { $obj = [ordered]@{ Hostname = $hostname; IP = $ip } foreach ($prop in $row.PSObject.Properties) { $obj[$prop.Name] = $prop.Value }