-
Notifications
You must be signed in to change notification settings - Fork 53
/
gencert.ps1
121 lines (102 loc) · 4.13 KB
/
gencert.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
param (
[string]$directory = $pwd
)
$pwd = $directory
#Adapted from https://blogs.msdn.microsoft.com/virtual_pc_guy/2010/09/23/a-self-elevating-powershell-script/
# Get the ID and security principal of the current user account
$myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent()
$myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID)
# Get the security principal for the Administrator role
$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator
# Check to see if we are currently running "as Administrator"
if ($myWindowsPrincipal.IsInRole($adminRole))
{
# We are running "as Administrator" - so change the title and background color to indicate this
$Host.UI.RawUI.WindowTitle = $myInvocation.MyCommand.Definition + "(Elevated)"
$Host.UI.RawUI.BackgroundColor = "DarkBlue"
clear-host
}
else
{
# We are not running "as Administrator" - so relaunch as administrator
# Create a new process object that starts PowerShell
$newProcess = new-object System.Diagnostics.ProcessStartInfo "PowerShell";
# Specify the current script path and name as a parameter
[string[]]$argList = @('-ExecutionPolicy', 'Unrestricted')
$argList += $myInvocation.MyCommand.Definition
$argList += @('-directory', $pwd)
$newProcess.Arguments = $argList
# Indicate that the process should be elevated
$newProcess.Verb = "runas";
# Start the new process
$process = [System.Diagnostics.Process]::Start($newProcess);
$process.WaitForExit()
# Exit from the current, unelevated, process
exit
}
$CertFile = Join-Path -Path $pwd -ChildPath "TestSign.cer"
Write-Host "Certificate Path: " $CertFile
if (Test-Path Cert:\CurrentUser\PrivateCertStore) {
#Check For Cert in PrivateCertStore and move it to My if it exists (compat with initial commit)
$Cert = Get-ChildItem Cert:\CurrentUser\PrivateCertStore | Where {$_.subject -eq 'CN=SKSoftware'}
if($Cert -ne $null)
{
Write-Host "Moving Cert in PrivateCertStore to My"
$thumb = $Cert.Thumbprint
Move-Item "Cert:\CurrentUser\PrivateCertStore\$thumb" "Cert:\CurrentUser\My\"
}
}
#Check For Existence of Certificate In Root
$Certs = @(Get-ChildItem cert:\LocalMachine\Root | Where {$_.subject -eq 'CN=SKSoftware'})
if ($Certs.length -eq 0) {
Write-Host "Cert Not Found in Root Store"
#Not in Root, Check User
$Certs = @(Get-ChildItem -recurse cert:\CurrentUser\ | Where {$_.subject -eq 'CN=SKSoftware'})
if ($Certs.length -eq 0) {
#No Certificate, Create a New One
Write-Host "Certificate not Found in User Store, Creating"
if (Get-Command New-SelfSignedCertificate -errorAction SilentlyContinue)
{
$Cert = New-SelfSignedCertificate -Type CodeSigningCert -Subject CN=SKSoftware -CertStoreLocation "Cert:\CurrentUser\My"
}
else
{
Write-Host "New-SelfSignedCertificate Not Available, Falling Back To Makecert"
$makecert = 'C:/WinDDK/7600.16385.1/bin/amd64/makecert.exe'
if(-Not(Test-Path $makecert))
{
Write-Host "[!] Failure: Unable to find $makecert"
exit
}
& $makecert -r -pe -ss MY -n CN=SKSoftware -eku 1.3.6.1.5.5.7.3.3 $CertFile
}
}
else
{
Write-Host "Certificate Found in User Store"
$Cert = $Certs[0]
}
if (Get-Command Export-Certificate)
{
$output = Export-Certificate -Cert $Cert -FilePath $CertFile -Type CERT
}
Write-Host "Adding Certificate to Root Store"
$pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2
$pfx.import($CertFile)
$store = new-object System.Security.Cryptography.X509Certificates.X509Store(
[System.Security.Cryptography.X509Certificates.StoreName]::Root,
"localmachine"
)
$store.open("MaxAllowed")
$store.add($pfx)
$store.close()
}
else
{
Write-Host "Certificate Found In Root Store"
$Cert = $Certs[0]
}
if (Get-Command Export-Certificate -errorAction SilentlyContinue)
{
$output = Export-Certificate -Cert $Cert -FilePath $CertFile -Type CERT
}