Correction TLS/SSL pour connexion aux automates Eclypse
- Remplacement de la validation de certificat par ICertificatePolicy avec activation TLS 1.0/1.1/1.2 - ajout d'un fallback curl.exe -k pour les cas ou la négociation TLS .NET échoue
This commit is contained in:
+38
-5
@@ -92,8 +92,10 @@ function Write-Log {
|
||||
# FONCTION : Initialize-ApiClient
|
||||
# Force TLS 1.2 et accepte les certificats auto-signes (equivalent curl -k)
|
||||
# =====================================================================
|
||||
$script:CurlAvailable = $false
|
||||
|
||||
function Initialize-ApiClient {
|
||||
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
|
||||
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 -bor [Net.SecurityProtocolType]::Tls11 -bor [Net.SecurityProtocolType]::Tls
|
||||
|
||||
if (-not ([System.Management.Automation.PSTypeName]'TrustAllCertsPolicy').Type) {
|
||||
Add-Type @"
|
||||
@@ -109,6 +111,27 @@ public class TrustAllCertsPolicy : ICertificatePolicy {
|
||||
"@
|
||||
}
|
||||
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
|
||||
|
||||
$script:CurlAvailable = [bool](Get-Command curl.exe -ErrorAction SilentlyContinue)
|
||||
}
|
||||
|
||||
function Test-SslError {
|
||||
param([System.Exception]$Exception)
|
||||
$msg = $Exception.Message
|
||||
return ($msg -match "SSL" -or $msg -match "TLS" -or $msg -match "confiance" -or $msg -match "trust" -or $msg -match "certificate" -or $msg -match "envoi")
|
||||
}
|
||||
|
||||
function Invoke-CurlGet {
|
||||
param(
|
||||
[string]$Url,
|
||||
[string]$Username,
|
||||
[AllowEmptyString()][string]$Password
|
||||
)
|
||||
$output = & curl.exe -s -k -u "${Username}:${Password}" -H "Accept: text/csv, application/json, text/plain, */*" $Url 2>&1
|
||||
if ($LASTEXITCODE -ne 0) {
|
||||
throw "curl GET erreur (exit code $LASTEXITCODE): $output"
|
||||
}
|
||||
return ($output | Out-String)
|
||||
}
|
||||
|
||||
# =====================================================================
|
||||
@@ -202,7 +225,17 @@ function Invoke-AuditLogGet {
|
||||
[AllowEmptyString()][string]$Password
|
||||
)
|
||||
$headers = Get-AuthHeader -Username $Username -Password $Password
|
||||
return Invoke-WebRequest -Uri $Url -Method GET -Headers $headers -UseBasicParsing -TimeoutSec 30
|
||||
try {
|
||||
$response = Invoke-WebRequest -Uri $Url -Method GET -Headers $headers -UseBasicParsing -TimeoutSec 30
|
||||
return $response.Content
|
||||
}
|
||||
catch {
|
||||
if ((Test-SslError -Exception $_.Exception) -and $script:CurlAvailable) {
|
||||
Write-Log -Message "Bascule sur curl.exe -k (echec TLS .NET)" -Level WARN
|
||||
return Invoke-CurlGet -Url $Url -Username $Username -Password $Password
|
||||
}
|
||||
throw
|
||||
}
|
||||
}
|
||||
|
||||
# =====================================================================
|
||||
@@ -261,17 +294,17 @@ foreach ($automate in $automates) {
|
||||
|
||||
Write-Log -Message "[$hostname] GET $url (user: $($creds.Username))" -Level INFO
|
||||
|
||||
$response = Invoke-AuditLogGet -Url $url -Username $creds.Username -Password $creds.Password
|
||||
$content = Invoke-AuditLogGet -Url $url -Username $creds.Username -Password $creds.Password
|
||||
|
||||
if ($OutputFormat -eq "PerAutomate") {
|
||||
$filePath = Join-Path $outputDir "$ip.csv"
|
||||
Set-Content -Path $filePath -Value $response.Content -Encoding UTF8
|
||||
Set-Content -Path $filePath -Value $content -Encoding UTF8
|
||||
Write-Log -Message "[$hostname] Journal d'audit ecrit : $filePath" -Level OK
|
||||
}
|
||||
else {
|
||||
# Suppose une reponse API au format CSV (comme le .bat d'origine qui
|
||||
# ecrit directement la reponse brute dans un fichier .csv)
|
||||
$rows = @($response.Content | ConvertFrom-Csv)
|
||||
$rows = @($content | ConvertFrom-Csv)
|
||||
foreach ($row in $rows) {
|
||||
$obj = [ordered]@{ Hostname = $hostname; IP = $ip }
|
||||
foreach ($prop in $row.PSObject.Properties) { $obj[$prop.Name] = $prop.Value }
|
||||
|
||||
Reference in New Issue
Block a user