pypsrp 0.8.1__tar.gz → 0.9.0rc1__tar.gz

{pypsrp-0.8.1 → pypsrp-0.9.0rc1}/CHANGELOG.md

@@ -1,8 +1,18 @@
 # Changelog
 
+## 0.9.0 - TBD
+
+* Raised minimum Python version to 3.10
+* Added retry handler for WSMan `Receive` operations that can attempt to recover from a network disconnect during a command operation
+* Added `no_profile` option to `RunspacePool` to skip loading the user profile on the remote shell
+* Made an `__enter__` and `__exit__` method for `PowerShell` to allow it to be used with a `with PowerShell(runspace) as ps:` syntax
+  * On `__exit__` the pipeline will be closed using the `TERMINATE` signal to clean up any resources on the server end
+  * `ps.close()` can also be called manually to clean up any resources and to prep the pipeline to be run again
+* Added `clear_streams()` onto a `PowerShell` object to clear the output and `streams` values so it is ready for a subsequent run
+
 ## 0.8.1 - 2022-02-22
 
-* Bump `requests-credssp` minimumt to new version to support newer encryption format and simpler dependencies
+* Bump `requests-credssp` minimum to new version to support newer encryption format and simpler dependencies
 
 
 ## 0.8.0 - 2022-02-01

{pypsrp-0.8.1 → pypsrp-0.9.0rc1}/PKG-INFO

@@ -1,25 +1,44 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.4
 Name: pypsrp
-Version: 0.8.1
+Version: 0.9.0rc1
 Summary: PowerShell Remoting Protocol and WinRM for Python
-Home-page: https://github.com/jborean93/pypsrp
-Author: Jordan Borean
-Author-email: jborean93@gmail.com
-License: MIT
+Author-email: Jordan Borean <jborean93@gmail.com>
+License-Expression: MIT
+Project-URL: homepage, https://github.com/jborean93/pypsrp
 Keywords: winrm,psrp,winrs,windows,powershell
-Platform: UNKNOWN
 Classifier: Development Status :: 4 - Beta
-Classifier: License :: OSI Approved :: MIT License
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.6
-Classifier: Programming Language :: Python :: 3.7
-Classifier: Programming Language :: Python :: 3.8
-Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
+Requires-Python: >=3.10
 Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: cryptography>=3.1
+Requires-Dist: pyspnego<1.0.0,>=0.7.0
+Requires-Dist: requests>=2.9.1
 Provides-Extra: credssp
+Requires-Dist: requests-credssp>=2.0.0; extra == "credssp"
 Provides-Extra: kerberos
-License-File: LICENSE
+Requires-Dist: pyspnego[kerberos]; extra == "kerberos"
+Provides-Extra: dev
+Requires-Dist: black==25.11.0; extra == "dev"
+Requires-Dist: build; extra == "dev"
+Requires-Dist: isort==6.1.0; extra == "dev"
+Requires-Dist: mypy==1.19.0; extra == "dev"
+Requires-Dist: pre-commit; extra == "dev"
+Requires-Dist: pyspnego[kerberos]; extra == "dev"
+Requires-Dist: pytest; extra == "dev"
+Requires-Dist: pytest-cov; extra == "dev"
+Requires-Dist: pytest-mock; extra == "dev"
+Requires-Dist: PyYAML; extra == "dev"
+Requires-Dist: requests-credssp; extra == "dev"
+Requires-Dist: types-requests; extra == "dev"
+Requires-Dist: types-PyYAML; extra == "dev"
+Requires-Dist: xmldiff; extra == "dev"
+Dynamic: license-file
 
 # pypsrp - Python PowerShell Remoting Protocol Client library
 
@@ -64,7 +83,7 @@ libraries to be installed.
 
 See `How to Install` for more details
 
-* CPython 3.6+
+* CPython 3.10+
 * [cryptography](https://github.com/pyca/cryptography)
 * [pyspnego](https://github.com/jborean93/pyspnego)
 * [requests](https://github.com/requests/requests)
@@ -150,7 +169,19 @@ pip install pypsrp[credssp]
 ```
 
 If that fails you may need to update pip and setuptools to a newer version
-`pip install -U pip setuptools`.
+`pip install -U pip setuptools`, otherwise the following system package may be
+required;
+
+```bash
+# For Debian/Ubuntu
+apt-get install gcc python-dev
+
+# For RHEL/Centos
+yum install gcc python-devel
+
+# For Fedora
+dnf install gcc python-devel
+```
 
 
 ## How to Use
@@ -230,7 +261,7 @@ configure a `WinRS` shell;
 * `idle_time_out`: THe idle timeout in seconds of the shell
 * `lifetime`: The total lifetime of the shell
 * `name`: The name (description only) of the shell
-* `no_profile`: Whether to create the shell with the user profile loaded or not
+* `no_profile`: Whether to create the shell with the user profile loaded or not. This no longer works on Server 2012/Windows 8 or newer
 * `working_directory`: The default working directory of the created shell
 
 `RunspacePool` is a shell used by the PSRP protocol, it is designed to be a
@@ -247,6 +278,7 @@ Here are the options that can be used to configure a `RunspacePool` shell;
 * `min_runspaces`: The minimuum number of runspaces that a pool can hold, default is 1
 * `max_runspaces`: The maximum number of runspaces that a pool can hold. Each PowerShell pipeline is run in a single Runspace, default is 1
 * `session_key_timeout_ms`: The maximum time to wait for a session key transfer from the server
+* `no_profile`: Do not load the user profile on the remote Runspace Pool
 
 ### Process
 
@@ -352,9 +384,8 @@ from pypsrp.wsman import WSMan
 # creates a https connection with explicit kerberos auth and implicit credentials
 wsman = WSMan("server", auth="kerberos", cert_validation=False))
 
-with wsman, RunspacePool(wsman) as pool:
+with wsman, RunspacePool(wsman) as pool, PowerShell(pool) as ps:
     # execute 'Get-Process | Select-Object Name'
-    ps = PowerShell(pool)
     ps.add_cmdlet("Get-Process").add_cmdlet("Select-Object").add_argument("Name")
     output = ps.invoke()
 
@@ -385,6 +416,19 @@ with wsman, RunspacePool(wsman) as pool:
     ps.invoke(["string", 1])
     print(ps.output)
     print(ps.streams.debug)
+
+    # It is possible to run the PowerShell pipeline again with invoke() but it
+    # needs to be explicitly closed first and the commands/streams optionally
+    # cleared if desired.
+    ps.close()
+
+    # Clears out ps.output and ps.streams to a blank value. Not required but
+    # nice if the output should be separate from a previous run
+    ps.clear_streams()
+
+    # Removes all existing commands. Not required but needed if re-using the
+    # same pipeline with a different set of commands
+    ps.clear_commands()
 ```
 
 
@@ -438,17 +482,18 @@ information and should only be used for debugging purposes._
 ## Testing
 
 Any changes are more than welcome in pull request form, you can run the current
-test suite with tox like so;
+test suite with:
 
 ```bash
-# make sure tox is installed
-pip install tox
-
-# run the tox suite
-tox
-
-# or run the test manually for the current Python environment
-py.test -v --pep8 --cov pypsrp --cov-report term-missing
+pip install -e .[dev]
+
+python -m pytest \
+    tests/tests_pypsrp \
+    --verbose \
+    --junitxml junit/test-results.xml \
+    --cov pypsrp \
+    --cov-report xml \
+    --cov-report term-missing
 ```
 
 A lot of the tests either simulate a remote Windows host but you can also run a
@@ -518,5 +563,3 @@ tests.
 * Add Ansible playbook for better integration tests
 * Improved serialization between Python and .NET objects
 * Live interactive console for PSRP
-
-

pypsrp-0.8.1/src/pypsrp.egg-info/PKG-INFO → pypsrp-0.9.0rc1/README.md

@@ -1,26 +1,3 @@
-Metadata-Version: 2.1
-Name: pypsrp
-Version: 0.8.1
-Summary: PowerShell Remoting Protocol and WinRM for Python
-Home-page: https://github.com/jborean93/pypsrp
-Author: Jordan Borean
-Author-email: jborean93@gmail.com
-License: MIT
-Keywords: winrm,psrp,winrs,windows,powershell
-Platform: UNKNOWN
-Classifier: Development Status :: 4 - Beta
-Classifier: License :: OSI Approved :: MIT License
-Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.6
-Classifier: Programming Language :: Python :: 3.7
-Classifier: Programming Language :: Python :: 3.8
-Classifier: Programming Language :: Python :: 3.9
-Classifier: Programming Language :: Python :: 3.10
-Description-Content-Type: text/markdown
-Provides-Extra: credssp
-Provides-Extra: kerberos
-License-File: LICENSE
-
 # pypsrp - Python PowerShell Remoting Protocol Client library
 
 [![Test workflow](https://github.com/jborean93/pypsrp/actions/workflows/ci.yml/badge.svg)](https://github.com/jborean93/pypsrp/actions/workflows/ci.yml)
@@ -64,7 +41,7 @@ libraries to be installed.
 
 See `How to Install` for more details
 
-* CPython 3.6+
+* CPython 3.10+
 * [cryptography](https://github.com/pyca/cryptography)
 * [pyspnego](https://github.com/jborean93/pyspnego)
 * [requests](https://github.com/requests/requests)
@@ -150,7 +127,19 @@ pip install pypsrp[credssp]
 ```
 
 If that fails you may need to update pip and setuptools to a newer version
-`pip install -U pip setuptools`.
+`pip install -U pip setuptools`, otherwise the following system package may be
+required;
+
+```bash
+# For Debian/Ubuntu
+apt-get install gcc python-dev
+
+# For RHEL/Centos
+yum install gcc python-devel
+
+# For Fedora
+dnf install gcc python-devel
+```
 
 
 ## How to Use
@@ -230,7 +219,7 @@ configure a `WinRS` shell;
 * `idle_time_out`: THe idle timeout in seconds of the shell
 * `lifetime`: The total lifetime of the shell
 * `name`: The name (description only) of the shell
-* `no_profile`: Whether to create the shell with the user profile loaded or not
+* `no_profile`: Whether to create the shell with the user profile loaded or not. This no longer works on Server 2012/Windows 8 or newer
 * `working_directory`: The default working directory of the created shell
 
 `RunspacePool` is a shell used by the PSRP protocol, it is designed to be a
@@ -247,6 +236,7 @@ Here are the options that can be used to configure a `RunspacePool` shell;
 * `min_runspaces`: The minimuum number of runspaces that a pool can hold, default is 1
 * `max_runspaces`: The maximum number of runspaces that a pool can hold. Each PowerShell pipeline is run in a single Runspace, default is 1
 * `session_key_timeout_ms`: The maximum time to wait for a session key transfer from the server
+* `no_profile`: Do not load the user profile on the remote Runspace Pool
 
 ### Process
 
@@ -352,9 +342,8 @@ from pypsrp.wsman import WSMan
 # creates a https connection with explicit kerberos auth and implicit credentials
 wsman = WSMan("server", auth="kerberos", cert_validation=False))
 
-with wsman, RunspacePool(wsman) as pool:
+with wsman, RunspacePool(wsman) as pool, PowerShell(pool) as ps:
     # execute 'Get-Process | Select-Object Name'
-    ps = PowerShell(pool)
     ps.add_cmdlet("Get-Process").add_cmdlet("Select-Object").add_argument("Name")
     output = ps.invoke()
 
@@ -385,6 +374,19 @@ with wsman, RunspacePool(wsman) as pool:
     ps.invoke(["string", 1])
     print(ps.output)
     print(ps.streams.debug)
+
+    # It is possible to run the PowerShell pipeline again with invoke() but it
+    # needs to be explicitly closed first and the commands/streams optionally
+    # cleared if desired.
+    ps.close()
+
+    # Clears out ps.output and ps.streams to a blank value. Not required but
+    # nice if the output should be separate from a previous run
+    ps.clear_streams()
+
+    # Removes all existing commands. Not required but needed if re-using the
+    # same pipeline with a different set of commands
+    ps.clear_commands()
 ```
 
 
@@ -438,17 +440,18 @@ information and should only be used for debugging purposes._
 ## Testing
 
 Any changes are more than welcome in pull request form, you can run the current
-test suite with tox like so;
+test suite with:
 
 ```bash
-# make sure tox is installed
-pip install tox
-
-# run the tox suite
-tox
-
-# or run the test manually for the current Python environment
-py.test -v --pep8 --cov pypsrp --cov-report term-missing
+pip install -e .[dev]
+
+python -m pytest \
+    tests/tests_pypsrp \
+    --verbose \
+    --junitxml junit/test-results.xml \
+    --cov pypsrp \
+    --cov-report xml \
+    --cov-report term-missing
 ```
 
 A lot of the tests either simulate a remote Windows host but you can also run a
@@ -518,5 +521,3 @@ tests.
 * Add Ansible playbook for better integration tests
 * Improved serialization between Python and .NET objects
 * Live interactive console for PSRP
-
-

{pypsrp-0.8.1 → pypsrp-0.9.0rc1}/build_helpers/lib.sh

@@ -62,25 +62,17 @@ lib::setup::python_requirements() {
         echo "::group::Installing Python Requirements"
     fi
 
-    python -m pip install --upgrade pip setuptools wheel
+    # Getting the version is important so that pip prioritises our local dist
+    python -m pip install build
+    PSRP_VERSION="$( python -c "import build.util; print(build.util.project_wheel_metadata('.').get('Version'))" )"
 
     echo "Installing pypsrp"
-    if [ "$(expr substr $(uname -s) 1 5)" == "MINGW" ]; then
-        DIST_LINK_PATH="$( echo "${PWD}/dist" | sed -e 's/^\///' -e 's/\//\\/g' -e 's/^./\0:/' )"
-    else
-        DIST_LINK_PATH="${PWD}/dist"
-    fi
-
-    python -m pip install pypsrp \
-        --no-index \
-        --find-links "file://${DIST_LINK_PATH}" \
-        --no-build-isolation \
-        --no-dependencies \
+    python -m pip install pypsrp[credssp,kerberos]=="${PSRP_VERSION}" \
+        --find-links dist \
         --verbose
-    python -m pip install pypsrp[credssp,kerberos]
 
     echo "Installing dev dependencies"
-    python -m pip install -r requirements-dev.txt
+    python -m pip install .[dev]
 
     if [ x"${GITHUB_ACTIONS}" = "xtrue" ]; then
         echo "::endgroup::"
@@ -114,6 +106,7 @@ lib::tests::run() {
     fi
 
     python -m pytest \
+        tests/tests_pypsrp \
         --verbose \
         --junitxml junit/test-results.xml \
         --cov pypsrp \

{pypsrp-0.8.1 → pypsrp-0.9.0rc1}/build_helpers/win-setup.ps1

@@ -120,13 +120,13 @@ function New-WinRMFirewallRule {
 
     foreach ($rule in $rules) {
         $rule_details = @{
-            LocalPorts      = $Port
-            RemotePorts     = "*"
-            LocalAddresses  = "*"
-            Enabled         = $true
-            Direction       = 1
-            Action          = 1
-            Grouping        = "Windows Remote Management"
+            LocalPorts = $Port
+            RemotePorts = "*"
+            LocalAddresses = "*"
+            Enabled = $true
+            Direction = 1
+            Action = 1
+            Grouping = "Windows Remote Management"
             ApplicationName = "System"
         }
         $rule.Protocol = 6
@@ -171,33 +171,28 @@ function Reset-WinRMConfig {
     Write-Verbose "Removing all existing WinRM listeners"
     Get-ChildItem -LiteralPath WSMan:\localhost\Listener | Remove-Item -Force -Recurse
 
-    if (-not $CertificateThumbprint) {
-        Write-Verbose "Removing all existing certificate in the personal store"
-        Remove-Item -Path Cert:\LocalMachine\My\* -Force -Recurse
-    }
-
     Write-Information -MessageData "Creating HTTP listener"
-    $selector_set = @{
+    $selectorSet = @{
         Transport = "HTTP"
-        Address   = "*"
+        Address = "*"
     }
-    $value_set = @{
+    $valueSet = @{
         Enabled = $true
     }
-    New-WSManInstance -ResourceURI winrm/config/listener -SelectorSet $selector_set -ValueSet $value_set > $null
+    New-WSManInstance -ResourceURI winrm/config/listener -SelectorSet $selectorSet -ValueSet $valueSet > $null
 
     $certificate = New-LegacySelfSignedCert -Subject $env:COMPUTERNAME -ValidDays 1095
-    $selector_set = @{
+    $selectorSet = @{
         Transport = "HTTPS"
-        Address   = "*"
+        Address = "*"
     }
-    $value_set = @{
+    $valueSet = @{
         CertificateThumbprint = $certificate.Thumbprint
-        Enabled               = $true
+        Enabled = $true
     }
 
     Write-Information -MessageData "Creating HTTPS listener"
-    New-WSManInstance -ResourceURI "winrm/config/Listener" -SelectorSet $selector_set -ValueSet $value_set > $null
+    New-WSManInstance -ResourceURI "winrm/config/Listener" -SelectorSet $selectorSet -ValueSet $valueSet > $null
 
     Write-Verbose "Enabling PowerShell Remoting"
     Enable-PSRemoting -Force > $null
@@ -211,8 +206,8 @@ function Reset-WinRMConfig {
     Write-Information -MessageData "Enabling CredSSP authentication"
     Enable-WSManCredSSP -Role Server -Force > $null
 
-    Write-Information -MessageData "Setting AllowUnencrypted to False"
-    Set-Item -Path WSMan:\localhost\Service\AllowUnencrypted -Value $false
+    Write-Information -MessageData "Setting AllowUnencrypted to True"
+    Set-Item -Path WSMan:\localhost\Service\AllowUnencrypted -Value $true
 
     Write-Information -MessageData "Configuring WinRM HTTPS firewall rule"
     New-WinRMFirewallRule -Port 5986 -Protocol HTTPS
@@ -222,11 +217,11 @@ function Reset-WinRMConfig {
 
     Write-Information -MessageData "Allow local admins over network auth"
     $regInfo = @{
-        Path         = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"
-        Name         = "LocalAccountTokenFilterPolicy"
-        Value        = 1
+        Path = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"
+        Name = "LocalAccountTokenFilterPolicy"
+        Value = 1
         PropertyType = "DWord"
-        Force        = $true
+        Force = $true
     }
     New-ItemProperty @regInfo
 
@@ -245,45 +240,61 @@ Function New-CertificateAuthBinding {
 
     Write-Information -MessageData "Generating self signed certificate for authentication of user $Name"
     $certInfo = @{
-        Type          = "Custom"
-        Subject       = "CN=$Name"
+        Subject = "CN=$Name"
+        KeyUsage = "DigitalSignature", "KeyEncipherment"
+        KeyAlgorithm = "RSA"
+        KeyLength = 2048
         TextExtension = @("2.5.29.37={text}1.3.6.1.5.5.7.3.2", "2.5.29.17={text}upn=$Name@localhost")
-        KeyUsage      = "DigitalSignature", "KeyEncipherment"
-        KeyAlgorithm  = "RSA"
-        KeyLength     = 2048
+        Type = "Custom"
+        CertStoreLocation = "Cert:\CurrentUser\My"
     }
     $cert = New-SelfSignedCertificate @certInfo
 
-    Write-Information -MessageData "Exporting public key of cert"
-    $pem_output = @()
-    $pem_output += "-----BEGIN CERTIFICATE-----"
-    $pem_output += [System.Convert]::ToBase64String($cert.RawData) -replace ".{64}", "$&`n"
-    $pem_output += "-----END CERTIFICATE-----"
-    [System.IO.File]::WriteAllLines("$CertPath\cert.pem", $pem_output)
-
     Write-Information -MessageData "Exporting private key in a PFX file"
     [System.IO.File]::WriteAllBytes("$CertPath\cert.pfx", $cert.Export("Pfx"))
 
     Write-Information -MessageData "Converting private key to PEM format with openssl"
-    &"C:\Program Files\OpenSSL\bin\openssl.exe" @("pkcs12", "-in", "$CertPath\cert.pfx", "-nocerts", "-nodes", "-out", "$CertPath\cert_key.pem", "-passin", "pass:", "-passout", "pass:")
+    $out = openssl.exe @(
+        "pkcs12",
+        "-in", "$CertPath\cert.pfx",
+        "-nocerts",
+        "-nodes",
+        "-out", "$CertPath\cert_key.pem",
+        "-passin", "pass:",
+        "-passout", "pass:"
+    ) 2>&1
+    if ($LASTEXITCODE) {
+        throw "Failed to extract key from PEM:`n$out"
+    }
+    Remove-Item -Path "$CertPath\cert.pfx" -Force
+
+    # WinRM seems to be very picky about the type of cert in the trusted root and people store. Make sure this is set
+    # to the cert and not cert + key.
+    $cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($cert.RawData)
+
+    Write-Information -MessageData "Exporting cert and key of user certificate"
+    $key_pem = Get-Content -Path "$CertPath\cert_key.pem"
+    Remove-Item -Path "$CertPath\cert_key.pem" -Force
+    [System.IO.File]::WriteAllLines("$CertPath\cert.pem", @(
+            $key_pem
+            "-----BEGIN CERTIFICATE-----"
+            [System.Convert]::ToBase64String($cert.RawData) -replace ".{64}", "$&`n"
+            "-----END CERTIFICATE-----"
+        ))
 
     Write-Information -MessageData "Importing cert into LocalMachine\Root"
-    $store_name = [System.Security.Cryptography.X509Certificates.StoreName]::Root
-    $store_location = [System.Security.Cryptography.X509Certificates.StoreLocation]::LocalMachine
-    $store = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Store -ArgumentList $store_name, $store_location
+    $store = Get-Item -Path Cert:\LocalMachine\Root
     $store.Open("MaxAllowed")
     $store.Add($cert)
     $store.Close()
 
     Write-Information -MessageData "Importing cert into LocalMachine\TrustedPeople"
-    $store_name = [System.Security.Cryptography.X509Certificates.StoreName]::TrustedPeople
-    $store_location = [System.Security.Cryptography.X509Certificates.StoreLocation]::LocalMachine
-    $store = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Store -ArgumentList $store_name, $store_location
+    $store = Get-Item -Path Cert:\LocalMachine\TrustedPeople
     $store.Open("MaxAllowed")
     $store.Add($cert)
     $store.Close()
 
-    $cert.Thumbprint
+    $cert
 }
 
 Function New-JEAConfiguration {
@@ -296,31 +307,31 @@ Function New-JEAConfiguration {
         $JEAConfigPath
     )
 
-    $module_path = Join-Path -Path $env:ProgramFiles -ChildPath "WindowsPowerShell\Modules\$Name"
-    Write-Information -MessageData "Setting up JEA PowerShell module path at '$module_path'"
-    if (-not (Test-Path -Path $module_path)) {
-        New-Item -Path $module_path -ItemType Directory
+    $modulePath = Join-Path -Path $env:ProgramFiles -ChildPath "WindowsPowerShell\Modules\$Name"
+    Write-Information -MessageData "Setting up JEA PowerShell module path at '$modulePath'"
+    if (-not (Test-Path -Path $modulePath)) {
+        New-Item -Path $modulePath -ItemType Directory
     }
 
-    $functions_path = Join-Path -Path $module_path -ChildPath "$($Name)Functions.psm1"
-    if (-not (Test-Path -Path $functions_path)) {
-        New-Item -Path $functions_path -ItemType File
+    $functionsPath = Join-Path -Path $modulePath -ChildPath "$($Name)Functions.psm1"
+    if (-not (Test-Path -Path $functionsPath)) {
+        New-Item -Path $functionsPath -ItemType File
     }
 
-    $manifest_path = Join-Path -Path $module_path -ChildPath "$($Name).psd1"
-    if (-not (Test-Path -Path $manifest_path)) {
-        New-ModuleManifest -Path $manifest_path -RootModule "$($Name)Functions.psm1"
+    $manifestPath = Join-Path -Path $modulePath -ChildPath "$($Name).psd1"
+    if (-not (Test-Path -Path $manifestPath)) {
+        New-ModuleManifest -Path $manifestPath -RootModule "$($Name)Functions.psm1"
     }
 
-    $role_path = Join-Path -Path $module_path -ChildPath "RoleCapabilities"
-    if (-not (Test-Path -Path $role_path)) {
-        New-Item -Path $role_path -ItemType Directory
+    $rolePath = Join-Path -Path $modulePath -ChildPath "RoleCapabilities"
+    if (-not (Test-Path -Path $rolePath)) {
+        New-Item -Path $rolePath -ItemType Directory
     }
 
-    $jea_role_src = Join-Path -Path $JEAConfigPath -ChildPath "$($Name).psrc"
+    $jeaRoleSrc = Join-Path -Path $JEAConfigPath -ChildPath "$($Name).psrc"
 
-    Write-Information -MessageData "Copying across JEA role configuration from '$jea_role_src'"
-    Copy-Item -Path $jea_role_src -Destination $role_path
+    Write-Information -MessageData "Copying across JEA role configuration from '$jeaRoleSrc'"
+    Copy-Item -Path $jeaRoleSrc -Destination $rolePath
 
     if (Get-PSSessionConfiguration | Where-Object { $_.Name -eq $name }) {
         Write-Information -MessageData "JEA role $Name already registered, removing to ensure we start fresh"
@@ -330,6 +341,7 @@ Function New-JEAConfiguration {
 
 $secPassword = ConvertTo-SecureString -String $Password -AsPlainText -Force
 $userCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $env:COMPUTERNAME\$UserName, $secPassword
+$userCertCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $UserName, $secPassword
 
 Enable-PSRemoting -Force
 Start-Service -Name WinRM
@@ -338,17 +350,19 @@ Reset-WinRMConfig
 $localUser = New-LocalUser -Name $UserName -Password $secPassword -AccountNeverExpires -PasswordNeverExpires
 Add-LocalGroupMember -Group Administrators -Member $localUser
 
-# Cert auth is disabled in these tests due to some unknown failure
-# $thumbprint = New-CertificateAuthBinding -Name $UserName -CertPath $CertPath
-# $credBinding = @{
-#     Path       = "WSMan:\localhost\ClientCertificate"
-#     Subject    = "$UserName@localhost"
-#     URI        = "*"
-#     Issuer     = $thumbprint
-#     Credential = $userCredential
-#     Force      = $true
-# }
-# New-Item @credBinding
+$clientCertificate = New-CertificateAuthBinding -Name $UserName -CertPath $CertPath
+$certChain = [Security.Cryptography.X509Certificates.X509Chain]::new()
+[void]$certChain.Build($clientCertificate)
+
+$credBinding = @{
+    Path = "WSMan:\localhost\ClientCertificate"
+    Subject = "$UserName@localhost"
+    URI = "*"
+    Issuer = $certChain.ChainElements.Certificate[-1].Thumbprint
+    Credential = $userCertCredential
+    Force = $true
+}
+New-Item @credBinding
 
 New-JEAConfiguration -Name JEARole -JEAConfigPath $PSScriptRoot
 Register-PSSessionConfiguration -Path "$PSScriptRoot\JEARoleSettings.pssc" -Name JEARole -Force
@@ -356,4 +370,12 @@ Register-PSSessionConfiguration -Path "$PSScriptRoot\JEARoleSettings.pssc" -Name
 Restart-Service -Name winrm
 
 Write-Information -MessageData "Testing WinRM connection"
-Invoke-Command -ComputerName localhost -ScriptBlock { whoami.exe /all } -Credential $userCredential
+$invokeParams = @{
+    ComputerName = 'localhost'
+    ScriptBlock = { whoami.exe }
+    SessionOption = (New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck)
+}
+Invoke-Command @invokeParams -Credential $userCredential
+
+# Write-Information -MessageData "Testing WinRM connection with certificates"
+# Invoke-Command @invokeParams -CertificateThumbprint $thumbprint