Import-AuthenticodeCertificateFromFile: Import the signed certificate embedded in a file into the certificate store for all users on the local computer

Topics: Archive - Toolkit Extensions
Developer
Jul 31, 2014 at 5:05 AM
This function uses Write-Log and Write-ErrorStack functions posted in another thread under Toolkit Extensions.
Function Import-AuthenticodeCertificateFromFile
{
<#
    .SYNOPSIS
        Import the signed certificate embedded in a file into the certificate store for all users on the local computer
    .DESCRIPTION
        Import the Authenticode certificate from a file into a certificate store for all users on the machine
    .PARAMETER FilePath
        Path to the file which contains the signed certificate
    .PARAMETER StoreName
        Name of the certificate store that the certificate should be added to. Default store is 'TrustedPublisher'.
    .EXAMPLE
        Import the certificate into the default 'TrustedPublisher' certificate store.
        Import-AuthenticodeCertificateFromFile -FilePath "F:\SCCM\ConfigurationManager.psd1"
    .EXAMPLE
        Import the certificate into the 'Root' certificate store.
        Import-AuthenticodeCertificateFromFile -FilePath "F:\SCCM\ConfigurationManager.psd1" -Store 'Root'
    .LINK
        http://msdn.microsoft.com/en-us/library/windows/hardware/ff537890(v=vs.85).aspx
        http://msdn.microsoft.com/en-us/library/ie/ms537361(v=vs.85).aspx
    .NOTES
        An authenticode certificate always gets added to the 'TrustedPublisher' certificate store. It may also
        need to be added to the 'Root' certificate store if the authenticode certificate does not have a
        trusted Certification Authority in the 'Root' certificate store.
#>
    [CmdletBinding()]
    Param
    (
        [Parameter(Mandatory=$true)]
        [ValidateNotNullorEmpty()]
        $FilePath,
        [Parameter(Mandatory=$false)]
        [ValidateNotNullorEmpty()]
        [ValidateSet('TrustedPublisher','Root','AddressBook','AuthRoot','CertificateAuthority','Disallowed','My','TrustedPeople')]
        $StoreName = 'TrustedPublisher'
    )
    
    Begin
    {
        ${CmdletName} = $PSCmdlet.MyInvocation.MyCommand.Name
        $PSParameters = New-Object -TypeName PSObject -Property $PSBoundParameters
        
        Write-Log -Message "Function Start" -Component ${CmdletName} -Severity 1
        If (-not [string]::IsNullOrEmpty($PSParameters))
        {
            Write-Log -Message "Function invoked with bound parameters [$PSParameters]" -Component ${CmdletName} -Severity 1
        }
        Else
        {
            Write-Log -Message "Function invoked without any bound parameters" -Component ${CmdletName} -Severity 1
        }
    }
    Process
    {
        Try
        {
            Write-Log -Message "Get the Authenticode signing certificate from file [$FilePath]" -Component ${CmdletName} -Severity 1
            $Certificate = Get-AuthenticodeSignature -FilePath $FilePath -ErrorAction 'Stop'
            
            Write-Log -Message "Open a X.509 certificate store object for [LocalMachine\$StoreName]" -Component ${CmdletName} -Severity 1
            $Store = New-Object System.Security.Cryptography.X509Certificates.X509Store([System.Security.Cryptography.X509Certificates.StoreName]::$StoreName,'LocalMachine')
            $Store.Open("MaxAllowed")
            
            Write-Log -Message "Adding certificate to X.509 certificate store [$StoreName]" -Component ${CmdletName} -Severity 1
            $Store.Add($Certificate.SignerCertificate) | Out-Null
            $Store.Close()
        }
        Catch
        {
            Write-Log -Message "Failed to add certificate to X.509 certificate store `n$(Write-ErrorStack)" -Component ${CmdletName} -Severity 3
            Exit-Script -ExitCode 20
        }
    }
    End
    {
        Write-Log -Message "Function End" -Component ${CmdletName} -Severity 1
    }
}