Private/Import-PfxCertInternal.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
function Import-PfxCertInternal {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory,Position=0)]
        [string]$PfxFile,
        [securestring]$PfxPass,
        [string]$StoreName = 'LocalMachine',
        [string]$StoreLoc = 'My'
    )

    # The PowerShell native Import-PfxCertificate function only exists on
    # Windows 8/2012 and beyond for PowerShell Desktop edition. So we need a
    # shim that has an alternative for Core edition and earlier Desktop
    # edition OSes.

    if (!$PfxPass) {
        # create an empty secure string
        $PfxPass = New-Object Security.SecureString
    }

    if (Get-Command 'Import-PfxCertificate' -ErrorAction SilentlyContinue) {
        # Win 8/2012 and above (Windows PowerShell only)
        Write-Debug "Importing PFX via native Import-PfxCertificate"

        Import-PfxCertificate $PfxFile Cert:\$StoreName\$StoreLoc -Exportable -Password $PfxPass | Out-Null

    } elseif ($PSVersionTable.PSEdition -eq 'Core' -and !$IsWindows) {
        # This is a non-Windows version of PowerShell Core
        throw "Certificate import is not currently supported on non-Windows OSes"

    } else {
        # Win 7/2008R2 and below and PowerShell Core on Windows
        Write-Debug "Importing PFX via downlevel pfx import code"

        try {

            $pfxBytes = [IO.File]::ReadAllBytes($PfxFile)

            $pfx = New-Object Security.Cryptography.X509Certificates.X509Certificate2($pfxBytes,$PfxPass,'Exportable,PersistKeySet')

            $store = New-Object Security.Cryptography.X509Certificates.X509Store($StoreLoc,$StoreName)
            $store.Open("MaxAllowed")
            $store.Add($pfx)
            $store.Close()

        } finally {
            if ($store -ne $null) { $store.Dispose() }
            if ($pfx -ne $null) { $pfx.Dispose() }
        }

    }

}