ConvertTo-PEM

0.0.3

export-certificate.psm1

                                function get-certificateroots {

    Param(

        [Parameter(Mandatory=$true, ValueFromPipeline=$true)]

        [System.Security.Cryptography.X509Certificates.X509Certificate2[]]

        $cert

    )

    if ($cert.Issuer -eq $cert.Subject) {

        #@($cert)

    } else {

        foreach-object {

            $certs = get-childitem -recurse cert:\ | where Subject -eq $cert.issuer | Sort-Object | get-unique

            $certs | get-certificateroots;

            $certs

        }

    }

}

function ConvertTo-PEM {

    [CmdletBinding(DefaultParameterSetName="PublicDefault")]

    Param(

        [Parameter(Mandatory=$true, ValueFromPipeline=$true, Position=0)]

        [System.Security.Cryptography.X509Certificates.X509Certificate2]

        $Certificate,

        [Parameter(Mandatory=$true, ParameterSetName="PrivateKey")]

        [switch]

        $PrivateKey,

        [Parameter(Mandatory=$true, ParameterSetName="PublicKey")]

        [switch]

        $PublicKey,

        [Parameter(Mandatory=$true, ParameterSetName="PublicChain")]

        [switch]

        $Chain,

        [Parameter(Mandatory=$true, ParameterSetName="FullChain")]

        [switch]

        $FullChain

    )

    if ($PSCmdlet.ParameterSetName -eq "PrivateKey" -and $PrivateKey -eq $false) { throw "Parameter PrivateKey's value must be `$true or left undefined" }

    if ($PSCmdlet.ParameterSetName -eq "PublicKey" -and $PublicKey -eq $false) { throw "Parameter PublicKey's value must be `$true or left undefined" }

    if ($PSCmdlet.ParameterSetName -eq "PublicChain" -and $Chain -eq $false) { throw "Parameter Chain's value must be `$true or left undefined" }

    if ($PSCmdlet.ParameterSetName -eq "FullChain" -and $FullChain -eq $false) { throw "Parameter FullChain's value must be `$true or left undefined" }

    if ($PrivateKey) {

        if (-not $Certificate.HasPrivateKey) { throw "No private key for certificate" }

        if ($Certificate.PrivateKey -eq $null) { throw "Access Denied" }

        $algo = $Certificate.PrivateKey.Key.Algorithm

        write-output "-----BEGIN $algo PRIVATE KEY-----"

        [System.Convert]::ToBase64String($Certificate.PrivateKey.ExportRSAPrivateKey(), 1)

        write-output "-----END $algo PRIVATE KEY-----"

    } elseif ($PublicKey) {

        $algo = $Certificate.PublicKey.Key.Key.Algorithm

        write-output "-----BEGIN PUBLIC KEY-----"

        [System.Convert]::ToBase64String($Certificate.PublicKey.Key.ExportSubjectPublicKeyInfo(), 1)

        write-output "-----END PUBLIC KEY-----"

    } elseif ($Chain) {

        get-certificateroots $Certificate | ForEach-Object {

            write-output "-----BEGIN CERTIFICATE-----"

            write-output ([System.Convert]::ToBase64String($_.RawData, 1))

            write-output "-----END CERTIFICATE-----"

        }

    } elseif ($FullChain) {

        foreach-object {$Certificate; get-certificateroots $Certificate} | ForEach-Object {

            write-output "-----BEGIN CERTIFICATE-----"

            write-output ([System.Convert]::ToBase64String($_.RawData, 1))

            write-output "-----END CERTIFICATE-----"

        }

    } else {

        write-output "-----BEGIN CERTIFICATE-----"

        write-output ([System.Convert]::ToBase64String($Certificate.RawData, 1))

        write-output "-----END CERTIFICATE-----"

    }

}

Export-ModuleMember -Cmdlet ConvertTo-PEM