Add support for ECDSA Certificates

[jborean93]

Description Of Changes

Adds support for using an ECDSA based certificate which is becoming more common as people move away from RSA. As part of this change it is now able to get the unique key container name for both RSA and ECDSA types but also support editing permissions on keys using the older Legacy CryptoAPI providers and the newer CNG providers.

Motivation and Context

See above

Testing

Ran playbook on a new environment with an ECDSA key. You can use the following to generate an ECDSA key using OpenSSL

openssl ecparam \
    -name secp384r1 \
    -genkey \
    -noout \
    -out cert.key

openssl req \
    -new \
    -x509 \
    -out cert.pem \
    -key cert.key \
    -days 365 \
    -subj "/CN=server.chocolatey.test" \
    -addext "subjectAltName = DNS:server.chocolatey.test"

openssl pkcs12 \
    -export \
    -certpbe PBE-SHA1-3DES \
    -keypbe PBE-SHA1-3DES \
    -macalg SHA1 \
    -out cert.pfx \
    -inkey cert.key \
    -in cert.pem

Operating Systems Testing

Server 2022 but should be supported all the way back to Server 2008. The dotnet APIs should not matter as the playbook install .NET 4.8 which is essentially the latest available.

Change Types Made

• Bug fix (non-breaking change).
• Feature / Enhancement (non-breaking change).
• Breaking change (fix or feature that could cause existing functionality to change).
• Documentation changes.
• PowerShell code changes.

Change Checklist

• Requires a change to the documentation.
• Documentation has been updated.
• Tests to cover my changes, have been added.
• All new and existing tests passed?
• PowerShell code changes: PowerShell v2 compatibility checked?

Related Issue