✨ UPDATE New-PASSession

ADD `SkipCertificateCheck` parameter.
Enables SSL Validation to be skipped for the session.
`Invoke-PASRestMethod` updated with separate flows for PWSH + PowerShell.
PWSH uses the `SkipCertificateCheck` parameter present in `Invoke-WebRequest`.
PowerShell uses code contained in `Skip-CertificateCheck.ps1`.

Using SkipCertificateCheck parameter is not secure and is not recommended. Use at your own risk.

Closes #196

psPAS/Functions/Authentication/New-PASSession.ps1

@@ -81,6 +81,12 @@
 	See Invoke-WebRequest
 	The thumbprint of the certificate to use for client certificate authentication.
 
+	.PARAMETER SkipCertificateCheck
+	Skips certificate validation checks.
+	Using this parameter is not secure and is not recommended.
+	This switch is only intended to be used against known hosts using a self-signed certificate for testing purposes.
+	Use at your own risk.
+
 	.EXAMPLE
 	New-PASSession -Credential $cred -BaseURI https://PVWA -type LDAP
 
@@ -147,6 +153,11 @@
 	New-PASSession -UseSharedAuthentication -BaseURI https://pvwa.some.co -CertificateThumbprint 0e194289c57e666115109d6e2800c24fb7db6edb
 
 	If authentication via certificates is configured, provide CertificateThumbprint details.
+
+	.EXAMPLE
+	New-PASSession -Credential $cred -BaseURI $url -SkipCertificateCheck
+
+	Skip SSL Certificate validation for the session.
 	#>
 	[CmdletBinding(SupportsShouldProcess, DefaultParameterSetName = "v10")]
 	param(
@@ -348,7 +359,14 @@
 			ValueFromPipeline = $false,
 			ValueFromPipelinebyPropertyName = $false
 		)]
-		[string]$CertificateThumbprint
+		[string]$CertificateThumbprint,
+
+		[parameter(
+			Mandatory = $false,
+			ValueFromPipeline = $false,
+			ValueFromPipelinebyPropertyName = $true
+		)]
+		[switch]$SkipCertificateCheck
 
 	)
 
@@ -361,6 +379,7 @@
 		$LogonRequest["Method"] = "POST"
 		$LogonRequest["SessionVariable"] = "PASSession"
 		$LogonRequest["UseDefaultCredentials"] = $UseDefaultCredentials.IsPresent
+		$LogonRequest["SkipCertificateCheck"] = $SkipCertificateCheck.IsPresent
 		If ($CertificateThumbprint) {
 			$LogonRequest["CertificateThumbprint"] = $CertificateThumbprint
 		}
@@ -416,7 +435,7 @@
 	PROCESS {
 
 		#Get request parameters
-		$boundParameters = $PSBoundParameters | Get-PASParameter -ParametersToRemove Credential, SkipVersionCheck,
+		$boundParameters = $PSBoundParameters | Get-PASParameter -ParametersToRemove Credential, SkipVersionCheck, SkipCertificateCheck,
 		UseDefaultCredentials, CertificateThumbprint, BaseURI, PVWAAppName, OTP, type, OTPMode, OTPDelimiter, RadiusChallenge
 
 		If (($PSCmdlet.ParameterSetName -match "^v9*") -or ($PSCmdlet.ParameterSetName -match "^v10*") ) {
@@ -542,7 +561,6 @@
 					If ($PASSession.length -ge 180) {
 
 						#V10 Auth Token.
-
 						$CyberArkLogonResult = $PASSession
 
 					}

psPAS/Private/Invoke-PASRestMethod.ps1

@@ -46,6 +46,9 @@
 	See Invoke-WebRequest
 	The thumbprint of the certificate to use for client certificate authentication.
 
+	.PARAMETER SkipCertificateCheck
+	Skips certificate validation checks.
+
 	.EXAMPLE
 	Invoke-PASRestMethod -Uri $URI -Method DELETE -WebSession $Script:WebSession
 
@@ -86,7 +89,10 @@
 		[int]$TimeoutSec,
 
 		[Parameter(Mandatory = $false)]
-		[string]$CertificateThumbprint
+		[string]$CertificateThumbprint,
+
+		[Parameter(Mandatory = $false)]
+		[switch]$SkipCertificateCheck
 	)
 
 	Begin {
@@ -104,6 +110,58 @@
 
 		}
 
+		Switch ($PSBoundParameters.ContainsKey("SkipCertificateCheck")) {
+
+			$true {
+
+				#SkipCertificateCheck Declared
+				if ( -not ($IsCoreCLR)) {
+
+					#Remove parameter, incompatible with PowerShell
+					$PSBoundParameters.Remove("SkipCertificateCheck") | Out-Null
+
+					if ($SkipCertificateCheck) {
+
+						#Skip SSL Validation
+						Skip-CertificateCheck
+
+					}
+
+				} else {
+
+					#PWSH
+					if ($SkipCertificateCheck) {
+
+						#Ongoing SSL Validation Bypass Required
+						$Script:SkipCertificateCheck = $true
+
+					}
+
+				}
+
+			}
+
+			$false {
+
+				#SkipCertificateCheck Not Declared
+				#SSL Validation Bypass Previously Requested
+				If ($Script:SkipCertificateCheck) {
+
+					#PWSH Zone
+					if ($IsCoreCLR) {
+
+						#Add SkipCertificateCheck to PS Core command
+						#Parameter must be included for all pwsh invocations of Invoke-WebRequest
+						$PSBoundParameters.Add("SkipCertificateCheck", $true)
+
+					}
+
+				}
+
+			}
+
+		}
+
 		#If Tls12 Security Protocol is available
 		if (([Net.SecurityProtocolType].GetEnumNames() -contains "Tls12") -and
 

psPAS/Private/Skip-CertificateCheck.ps1

@@ -0,0 +1,40 @@
+Function Skip-CertificateCheck {
+	<#
+	.SYNOPSIS
+	Bypass SSL Validation
+
+	.DESCRIPTION
+	Enables skipping of ssl certificate validation for current PowerShell session.
+
+	.EXAMPLE
+	Skip-CertificateCheck
+
+	#>
+
+	#Only required to be executed once per ps session
+	$Provider = New-Object Microsoft.CSharp.CSharpCodeProvider
+	$Compiler = $Provider.CreateCompiler()
+	$Params = New-Object System.CodeDom.Compiler.CompilerParameters
+	$Params.GenerateExecutable = $false
+	$Params.GenerateInMemory = $true
+	$Params.IncludeDebugInformation = $false
+	$Params.ReferencedAssemblies.Add("System.DLL") | Out-Null
+	$TASource = @'
+        namespace Local.ToolkitExtensions.Net.CertificatePolicy
+        {
+            public class TrustAll : System.Net.ICertificatePolicy
+            {
+                public bool CheckValidationResult(System.Net.ServicePoint sp,System.Security.Cryptography.X509Certificates.X509Certificate cert, System.Net.WebRequest req, int problem)
+                {
+                    return true;
+                }
+            }
+        }
+'@
+
+	$TAResults = $Provider.CompileAssemblyFromSource($Params, $TASource)
+	$TAAssembly = $TAResults.CompiledAssembly
+	## Create an instance of TrustAll and attach it to the ServicePointManager
+	$TrustAll = $TAAssembly.CreateInstance("Local.ToolkitExtensions.Net.CertificatePolicy.TrustAll")
+	[System.Net.ServicePointManager]::CertificatePolicy = $TrustAll
+}