Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
## This script creates an oAuth 2.0 packet using the Drupal high trust Cert and S2S protocol
## To test the Drupal integration on a daily basis.
## Author: Paul Hunt - Trustmarque July 2015
##Setup Assemblies
[System.Reflection.Assembly]::LoadWithPartialName("System.Security") | out-null
[System.Reflection.Assembly]::LoadWithPartialName("mscorlib") | out-null
$identityDllPath = $PSScriptRoot + "\System.identitymodel.tokens.jwt.dll"
add-type -LiteralPath $identityDllPath
##Setup the root web and test query endpoint
$rootWeb = "https://sharepointsite.company.co.uk"
$apiInterface = "/_api/search/query?querytext='sharepoint'"
##get certificate details
$privateCertPath = $PSScriptRoot + "\High-Trust-Cert.pfx"
$certPW = "UnsecureTextPassword"
$certPWSecure = ConvertTo-SecureString $certPW -AsPlainText -force
##
$domain = "sharepointsite.company.co.uk"
$clientID = "c9725386-972e-45d6-8996-68333dae889a"
$realm = Get-SPAuthenticationRealm
##Now create a new X509 cert object with it.. this includes the Private key which allows us to Sign stuff!
$cert = new-object System.Security.Cryptography.X509Certificates.X509Certificate2($privateCertPath, $certPWSecure)
##now setup the items we need to build the tokens
$aud = "00000003-0000-0ff1-ce00-000000000000/" + $domain + "@" + $realm
$iss = $clientID + "@" + $realm
$nameid = "s-1-5-21-309554102-208957183-1128231545-40032" ##This is the SID for the SPInstall account
$actorNameid = $iss
$nii = "urn:office:idp:activedirectory"
$nbf = [DateTime]::UtcNow
$exp = [DateTime]::Now.AddHours(4).ToUniversalTime()
###Setup functions
##Send email via SharePoint
function sendErrorEmail([string] $msg)
{
$useSharePointEmail = $false
$sd = new-object System.collections.specialized.stringdictionary
$sd.add("to","sharepoint@companyname.co.uk")
$sd.add("from","sharepoint@companyname.co.uk")
$sd.add("Subject","##LIVE### - SharePoint Drupal web search testing failed")
$body = "The SharePoint drupal web search test has failed.
" + $msg
if ($useSharePointEmail)
{
$web = get-spweb $rootWeb
[Microsoft.SharePoint.Utilities.SPUtility]::SendEmail($web,$sd,$body)
}
else
{
Send-MailMessage -to $sd["To"] -From $sd["from"] -Subject $sd["Subject"] -BodyAsHtml $body -SmtpServer "mailrelay.companyname.co.uk"
}
}
###################
##Setup the signing credentials from the certificate
[System.IdentityModel.Tokens.X509SigningCredentials] $signingCredentials = new-object System.IdentityModel.Tokens.X509SigningCredentials($cert, [System.IdentityModel.Tokens.SecurityAlgorithms]::RsaSha256Signature, [System.IdentityModel.Tokens.SecurityAlgorithms]::Sha256Digest)
##############################
##now build the Actor Token ##
##############################
[System.IdentityModel.Tokens.JwtHeader] $jwtActorHeader = new-object System.IdentityModel.Tokens.JwtHeader($signingCredentials)
$nameIdClaim = new-object System.Security.Claims.Claim("nameid",$actorNameid)
$delegateClaim = new-object System.Security.Claims.Claim("trustedfordelegation","true")
$claims = new-object 'System.Collections.Generic.List[System.Security.Claims.Claim]'
$claims.Add($nameIdClaim)
$claims.Add($delegateClaim)
[System.IdentityModel.Tokens.JwtPayload] $jwtActorPayload = New-Object System.IdentityModel.Tokens.JwtPayload($iss,$aud,$claims,$nbf,$exp)
[System.IdentityModel.Tokens.JwtSecurityToken] $jwtActorToken = New-Object System.IdentityModel.Tokens.JwtSecurityToken($jwtActorHeader,$jwtActorPayload)
[System.IdentityModel.Tokens.JwtSecurityTokenHandler] $jwtSecurityTokenHandler = new-object System.IdentityModel.Tokens.JwtSecurityTokenHandler
$completeEncryptedActorToken = $jwtSecurityTokenHandler.WriteToken($jwtActorToken)
##############################
##now build the Outer Token ##
##############################
##Header first
[System.IdentityModel.Tokens.JwtHeader] $jwtOuterHeader = new-object System.IdentityModel.Tokens.JwtHeader
$jwtOuterHeader.Add("typ","JWT")
$jwtOuterHeader.Add("alg","none")
##Now the payload
$outerNameIdClaim = new-object System.Security.Claims.Claim("nameid",$nameid) ##This is the SID of the person we're impersonating
$outerNiiClaim = new-object System.Security.Claims.Claim("nii",$nii)
$outerActorClaim = new-object System.Security.Claims.Claim("actortoken",$completeEncryptedActorToken) ##The token we just created
$outerClaims = new-object 'System.Collections.Generic.List[System.Security.Claims.Claim]'
$outerClaims.Add($outerNameIdClaim)
$outerClaims.Add($outerNiiClaim)
$outerClaims.Add($outerActorClaim)
[System.IdentityModel.Tokens.JwtPayload] $jwtOuterPayload = New-Object System.IdentityModel.Tokens.JwtPayload($iss,$aud,$outerClaims,$nbf,$exp)
##Complete the token
[System.IdentityModel.Tokens.JwtSecurityToken] $jwtOuterToken = New-Object System.IdentityModel.Tokens.JwtSecurityToken($jwtOuterHeader,$jwtOuterPayload)
$finishedToken = $jwtSecurityTokenHandler.WriteToken($jwtOuterToken)
##At this point, all of the Token setup is complete.
##Now we can make a web request
$webRequestURL = $rootWeb + $apiInterface
$request = [System.Net.WebRequest]::Create($webRequestURL)
$request.Accept = "application/json;odata=verbose"
$request.Headers.Add("X-FORMS_BASED_AUTH_ACCEPTED","f")
$request.Headers.Add("X-HTTP-Method", "GET")
$request.Headers.Add("Authorization", "Bearer " + $finishedToken)
$request.Referer = "https://drupalsystem.companyname.co.uk"
write-host "Making request"
write-eventlog -logname Application -source "Drupal Test" -EntryType Information -eventid 1 -Message "Drupal test starting"
try
{
[System.Net.WebResponse] $response = $request.GetResponse()
}
catch
{
$exceptionMsg = $error[0].Exception.Message
$response = $null
}
if ($response)
{
try
{
$reader = New-Object System.IO.StreamReader $response.GetResponseStream()
$data = $reader.ReadToEnd()
Write-Host("Request completed") -ForegroundColor Green
$jsonResults = ConvertFrom-Json $data
$totalResults = $jsonResults.d.query.PrimaryQueryResult.RelevantResults.RowCount
if ($totalResults -gt 0)
{
write-host("Search results successfull") -ForegroundColor Green
write-eventlog -logname Application -source "Drupal Test" -EntryType Information -eventid 1000 -Message "Drupal test successfull"
}
else
{
$errMsg = "No Results Found - Total Rows returned = " + $jsonResults.d.query.PrimaryQueryResult.RelevantResults.TotalRows
write-host($errMsg)
sendErrorEmail($errMsg)
write-eventlog -logname Application -source "Drupal Test" -EntryType Error -eventid 9999 -Message $errMsg
}
}
finally
{
$reader.dispose()
}
}
else
{
write-host "Response object null"
$errMsg = "Exception thrown during Search: " + $exceptionMsg
write-host($errMsg)
sendErrorEmail($errMsg)
write-eventlog -logname Application -source "Drupal Test" -EntryType Error -eventid 9999 -Message $errMsg
}
write-eventlog -logname Application -source "Drupal Test" -EntryType Information -eventid 1 -Message "Drupal test ending"