dsccommunity
diff --git a/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎DSCResources/MSFT_xRemoteFile/MSFT_xRemoteFile.psm1‎
Lines changed: 130 additions & 8 deletions b/‎DSCResources/MSFT_xRemoteFile/MSFT_xRemoteFile.psm1‎
Lines changed: 130 additions & 8 deletions
diff --git a/‎DSCResources/MSFT_xRemoteFile/MSFT_xRemoteFile.schema.mof‎
Lines changed: 2 additions & 0 deletions b/‎DSCResources/MSFT_xRemoteFile/MSFT_xRemoteFile.schema.mof‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎DSCResources/MSFT_xRemoteFile/en-us/MSFT_xRemoteFile.strings.psd1‎
Lines changed: 1 addition & 0 deletions b/‎DSCResources/MSFT_xRemoteFile/en-us/MSFT_xRemoteFile.strings.psd1‎
Lines changed: 1 addition & 0 deletions
@@ -9,6 +9,7 @@
   - Added MOF descriptions.
 - Corrected minor style issues.
 - Fix minor style issues in hashtable layout.
+- Added support for Checksum on xRemoteFile - [issue #423](https://github.com/PowerShell/PSDscResources/issues/423)
 
 ## 8.10.0.0
 
 
@@ -21,6 +21,9 @@ $script:cacheLocation = "$env:ProgramData\Microsoft\Windows\PowerShell\Configura
     .PARAMETER Uri
         Uri of a file which should be copied or downloaded. This parameter
         supports HTTP and HTTPS values.
+
+    .PARAMETER ChecksumType
+        The algorithm used to calculate the checksum of the file.
 #>
 function Get-TargetResource
 {
@@ -36,19 +39,32 @@ function Get-TargetResource
         [Parameter(Mandatory = $true)]
         [ValidateNotNullOrEmpty()]
         [System.String]
-        $Uri
+        $Uri,
+
+        [Parameter()]
+        [System.String]
+        [ValidateSet('None', 'SHA1', 'SHA256', 'SHA384', 'SHA512', 'MACTripleDES', 'MD5', 'RIPEMD160')]
+        $ChecksumType = 'None'
+
     )
 
     # Check whether DestinationPath is existing file
     $ensure = 'Absent'
     $pathItemType = Get-PathItemType -Path $DestinationPath
+    $checksumValue = ''
 
     switch ($pathItemType)
     {
         'File'
         {
             Write-Verbose -Message ($script:localizedData.DestinationPathIsExistingFile -f $DestinationPath)
             $ensure = 'Present'
+
+            if ($ChecksumType -ine 'None')
+            {
+                $getFileHash = Get-FileHash -Path $DestinationPath -Algorithm $ChecksumType
+                $checksumValue = $getFileHash.Hash
+            }
         }
 
         'Directory'
@@ -63,6 +79,12 @@ function Get-TargetResource
             {
                 Write-Verbose -Message ($script:localizedData.FileExistsInDestinationPath -f $uriFileName)
                 $ensure = 'Present'
+
+                if ($ChecksumType -ine 'None')
+                {
+                    $getFileHash = Get-FileHash -Path $expectedDestinationPath -Algorithm $ChecksumType
+                    $checksumValue = $getFileHash.Hash
+                }
             }
         }
 
@@ -81,6 +103,7 @@ function Get-TargetResource
         DestinationPath = $DestinationPath
         Uri             = $Uri
         Ensure          = $ensure
+        Checksum        = $checksumValue
     }
 }
 
@@ -123,6 +146,12 @@ function Get-TargetResource
     .PARAMETER ProxyCredential
         Specifies a user account that has permission to use the proxy server that
         is specified by the Proxy parameter.
+
+    .PARAMETER Checksum
+        Specifies the expected checksum value of downloaded file.
+
+    .PARAMETER ChecksumType
+        The algorithm used to calculate the checksum of the file.
 #>
 function Set-TargetResource
 {
@@ -167,7 +196,16 @@ function Set-TargetResource
         [Parameter()]
         [System.Management.Automation.Credential()]
         [System.Management.Automation.PSCredential]
-        $ProxyCredential
+        $ProxyCredential,
+
+        [Parameter()]
+        [System.String]
+        [ValidateSet('None', 'SHA1', 'SHA256', 'SHA384', 'SHA512', 'MACTripleDES', 'MD5', 'RIPEMD160')]
+        $ChecksumType = 'None',
+
+        [Parameter()]
+        [System.String]
+        $Checksum
     )
 
     # Validate Uri
@@ -198,7 +236,7 @@ function Set-TargetResource
     }
 
     # Validate DestinationPath does not contain invalid characters
-    @('*', '?', '"', '<', '>', '|') | Foreach-Object -Process {
+    @('*', '?', '"', '<', '>', '|') | ForEach-Object -Process {
         if ($DestinationPath.Contains($_))
         {
             $errorMessage = $script:localizedData.DestinationPathHasInvalidCharactersError -f $DestinationPath
@@ -233,6 +271,10 @@ function Set-TargetResource
         $DestinationPath = Join-Path -Path $DestinationPath -ChildPath $uriFileName
     }
 
+    # Remove ChecksumType and Checksum from parameters as they are not parameters of Invoke-WebRequest.
+    $null = $PSBoundParameters.Remove('ChecksumType')
+    $null = $PSBoundParameters.Remove('Checksum')
+
     # Remove DestinationPath and MatchSource from parameters as they are not parameters of Invoke-WebRequest
     $null = $PSBoundParameters.Remove('DestinationPath')
     $null = $PSBoundParameters.Remove('MatchSource')
@@ -301,13 +343,34 @@ function Set-TargetResource
         $ProgressPreference = $currentProgressPreference
     }
 
+    # Check checksum
+    if ($ChecksumType -ine 'None' -and -not [String]::IsNullOrEmpty($Checksum))
+    {
+        $fileHashSplat = @{
+            Path      = $DestinationPath
+            Algorithm = $ChecksumType
+        }
+
+        $getFileHash = Get-FileHash @fileHashSplat
+        $fileHash = $getFileHash.Hash
+
+        if ($fileHash -ine $Checksum)
+        {
+            # the checksum failed
+            $errorMessage = $script:localizedData.ChecksumDoesNotMatch -f $Checksum, $fileHash
+            New-InvalidDataException `
+                -ErrorId 'ChecksumDoesNotMatch' `
+                -ErrorMessage $errorMessage
+        }
+    }
+
     # Update cache
     if (Test-Path -Path $DestinationPath)
     {
         $downloadedFile = Get-Item -Path $DestinationPath
         $lastWriteTime = $downloadedFile.LastWriteTimeUtc
         $filesize = $downloadedFile.Length
-        $inputObject = @{}
+        $inputObject = @{ }
         $inputObject['LastWriteTime'] = $lastWriteTime
         $inputObject['FileSize'] = $filesize
         Update-Cache -DestinationPath $DestinationPath -Uri $Uri -InputObject $inputObject
@@ -352,6 +415,12 @@ function Set-TargetResource
     .PARAMETER ProxyCredential
         Specifies a user account that has permission to use the proxy server that
         is specified by the Proxy parameter.
+
+    .PARAMETER Checksum
+        Specifies the expected checksum value of downloaded file.
+
+    .PARAMETER ChecksumType
+        The algorithm used to calculate the checksum of the file.
 #>
 function Test-TargetResource
 {
@@ -397,7 +466,16 @@ function Test-TargetResource
         [Parameter()]
         [System.Management.Automation.Credential()]
         [System.Management.Automation.PSCredential]
-        $ProxyCredential
+        $ProxyCredential,
+
+        [Parameter()]
+        [System.String]
+        [ValidateSet('None', 'SHA1', 'SHA256', 'SHA384', 'SHA512', 'MACTripleDES', 'MD5', 'RIPEMD160')]
+        $ChecksumType = 'None',
+
+        [Parameter()]
+        [System.String]
+        $Checksum
     )
 
     # Check whether DestinationPath points to existing file or directory
@@ -434,6 +512,28 @@ function Test-TargetResource
                 Write-Verbose -Message $script:localizedData.MatchSourceFalse
                 $fileExists = $true
             }
+
+            if ($ChecksumType -ine 'None' `
+                    -and -not [String]::IsNullOrEmpty($Checksum) `
+                    -and $fileExists -eq $true)
+            {
+                $fileHashSplat = @{
+                    Path      = $DestinationPath
+                    Algorithm = $ChecksumType
+                }
+                $getFileHash = Get-FileHash @fileHashSplat
+                $fileHash = $getFileHash.Hash
+
+                if ($fileHash -ieq $Checksum)
+                {
+                    $fileExists = $true
+                }
+                else
+                {
+                    # The checksum does not match. The file may match what is in the cached data. Resetting it to false.
+                    $fileExists = $false
+                }
+            }
         }
 
         'Directory'
@@ -464,6 +564,28 @@ function Test-TargetResource
                     Write-Verbose -Message $script:localizedData.MatchSourceFalse
                     $fileExists = $true
                 }
+
+                if ($ChecksumType -ine 'None' `
+                    -and -not [String]::IsNullOrEmpty($Checksum) `
+                    -and $fileExists -eq $true)
+            {
+                $fileHashSplat = @{
+                    Path      = $expectedDestinationPath
+                    Algorithm = $ChecksumType
+                }
+                $getFileHash = Get-FileHash @fileHashSplat
+                $fileHash = $getFileHash.Hash
+
+                if ($fileHash -ieq $Checksum)
+                {
+                    $fileExists = $true
+                }
+                else
+                {
+                    # The checksum does not match. The file may match what is in the cached data. Resetting it to false.
+                    $fileExists = $false
+                }
+            }
             }
         }
 
@@ -586,7 +708,7 @@ function Convert-KeyValuePairArrayToHashtable
         $Array
     )
 
-    $hashtable = @{}
+    $hashtable = @{ }
 
     foreach ($item in $Array)
     {
@@ -638,7 +760,7 @@ function Get-Cache
     }
     else
     {
-        $cacheContent = Import-CliXml -Path $path
+        $cacheContent = Import-Clixml -Path $path
         Write-Verbose -Message ($script:localizedData.CacheFoundForPath -f $DestinationPath, $Uri, $Key)
     }
 
@@ -688,7 +810,7 @@ function Update-Cache
 
     Write-Verbose -Message ($script:localizedData.UpdatingCache -f $DestinationPath, $Uri, $Key)
 
-    Export-CliXml -Path $path -InputObject $InputObject -Force
+    Export-Clixml -Path $path -InputObject $InputObject -Force
 }
 
 <#
 
@@ -8,6 +8,8 @@ class MSFT_xRemoteFile : OMI_BaseResource
     [Write, Description("Headers of the web request."), EmbeddedInstance("MSFT_KeyValuePair")] String Headers[];
     [Write, Description("Specifies a user account that has permission to send the request."), EmbeddedInstance("MSFT_Credential")] String Credential;
     [Write, Description("A boolean value to indicate whether the remote file should be re-downloaded if the file in the DestinationPath was modified locally. The default value is true.")] Boolean MatchSource;
+    [Write, Description("Specifies the checksum type to verify the downloaded file"), ValueMap{"None","SHA1","SHA256","SHA384","SHA512","MACTripleDES","MD5","RIPEMD160"}, Values{"None","SHA1","SHA256","SHA384","SHA512","MACTripleDES","MD5","RIPEMD160"}] String ChecksumType;
+    [Write, Description("Specifies the checksum value to compare against the downloaded file")] String Checksum;
     [Write, Description("Specifies how long the request can be pending before it times out.")] Uint32 TimeoutSec;
     [Write, Description("Uses a proxy server for the request, rather than connecting directly to the Internet resource. Should be the URI of a network proxy server (e.g 'http://10.20.30.1').")] String Proxy;
     [Write, Description("Specifies a user account that has permission to use the proxy server that is specified by the Proxy parameter."), EmbeddedInstance("MSFT_Credential")] String ProxyCredential;
 
@@ -19,5 +19,6 @@ ConvertFrom-StringData @'
     CacheLookingForPath=Looking for cache path '{0}'.
     CacheNotFoundForPath=No cache found for DestinationPath '{0}' and Uri '{1}' CacheKey '{2}'.
     CacheFoundForPath=Found cache found for DestinationPath '{0}' and Uri '{1}' CacheKey '{2}'.
+    ChecksumDoesNotMatch=Checksum does not match specified value - Desired: '{0}', Actual: '{1}'.
     UpdatingCache=Updating cache for DestinationPath '{0}' and Uri '{1}' CacheKey '{2}'.
 '@