DosInstallUtilities.Realtime

2.13

functions/Testers/Install-Certificate.ps1

                                <#

.SYNOPSIS

Install-Certificate

.DESCRIPTION

Install-Certificate

.INPUTS

Install-Certificate - The name of Install-Certificate

.OUTPUTS

None

.EXAMPLE

Install-Certificate

.EXAMPLE

Install-Certificate

#>

function Install-Certificate() {

    [CmdletBinding()]

    param

    (

        [Parameter(Mandatory = $true)]

        [ValidateNotNullOrEmpty()]

        [byte[]]

        $certdata

        ,

        [Parameter(Mandatory = $true)]

        [ValidateNotNullOrEmpty()]

        [string]

        $certpass

    )

    Write-Verbose 'Install-Certificate: Starting'

    If (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {

        Write-Error "This script needs to be run As Admin"

        Break

    }

    # http://paulstovell.com/blog/x509certificate2

    $flags = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::MachineKeySet -bor [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet -bor [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable

    [System.Security.Cryptography.X509Certificates.X509Certificate2] $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2(`

            $certdata, `

            $certpass, `

            $flags);

    [System.Security.Cryptography.X509Certificates.X509Store] $store = New-Object System.Security.Cryptography.X509Certificates.X509Store( `

            [System.Security.Cryptography.X509Certificates.StoreName]::My, `

            [System.Security.Cryptography.X509Certificates.StoreLocation]::LocalMachine);

    $store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite);

    $store.Add($cert);

    # [string] $userName = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name;

    # AddAccessToCertificate($cert);

    Write-Host "Saved certificate in Local Computer store on this machine: Personal->Certificates"

    Write-Verbose 'Install-Certificate: Done'

}

function AddAccessToCertificate() {

    [CmdletBinding()]

    param

    (

        [Parameter(Mandatory = $true)]

        [System.Security.Cryptography.X509Certificates.X509Certificate2]

        $cert

    )

    [System.Security.Cryptography.RSACryptoServiceProvider] $rsa = $cert.PrivateKey

    [string] $keyfilepath = FindKeyLocation($rsa.CspKeyContainerInfo.UniqueKeyContainerName);

    [System.IO.FileInfo] $file = New-Object System.IO.FileInfo($keyfilepath + "\\" + $rsa.CspKeyContainerInfo.UniqueKeyContainerName);

    [System.Security.AccessControl.FileSecurity] $fs = $file.GetAccessControl();

    [System.Security.Principal.SecurityIdentifier] $sid = New-Object System.Security.Principal.SecurityIdentifier(`

            [System.Security.Principal.WellKnownSidType]::AuthenticatedUserSid, $null);

    $type = [System.Security.Principal.NTAccount]

    [System.Security.Principal.NTAccount] $account = $sid.Translate($type);

    [System.Security.AccessControl.FileSystemAccessRule] $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($account, `

            [System.Security.AccessControl.FileSystemRights]::Read, `

            [System.Security.AccessControl.AccessControlType]::Allow)

    $fs.AddAccessRule($accessRule);

    $file.SetAccessControl($fs);

    Write-Host "Added access to the cert's private key to all authenticated users"

}

function FindKeyLocation() {

    [CmdletBinding()]

    [OutputType([hashtable])]

    param

    (

        [Parameter(Mandatory = $true)]

        [ValidateNotNullOrEmpty()]

        [string]

        $keyFileName

    )

    [string] $text1 = [System.Environment]::GetFolderPath([System.Environment.SpecialFolder]::CommonApplicationData);

    [string] $text2 = $text1 + '\Microsoft\Crypto\RSA\MachineKeys';

    [string[]] $textArray1 = [System.IO.Directory]::GetFiles($text2, $keyFileName);

    if ($textArray1.Length -gt 0) {

        return @{

            Location = $text2;

        }

    }

    [string] $text3 = [System.Environment]::GetFolderPath([System.Environment.SpecialFolder]::ApplicationData);

    [string] $text4 = $text3 + '\Microsoft\Crypto\RSA\';

    $textArray1 = [System.IO.Directory]::GetDirectories($text4);

    if ($textArray1.Length -gt 0) {

        foreach ($text5 in $textArray1) {

            $textArray1 = [System.IO.Directory]::GetFiles($text5, $keyFileName);

            if ($textArray1.Length -ne 0) {

                return @{

                    Location = $text5;

                }

            }

        }

    }

    Write-Error "Private key exists but is not accessible";

    return @{

        Location = $null

    }

}

Export-ModuleMember -Function 'Install-Certificate'