PoshCode Logo PowerShell Code Repository

Get/Set Signature (CTP2) (modification of post by Joel Bennett view diff)
View followups from Joel Bennett | diff | embed code: <script type="text/javascript" src="http://PoshCode.org/embed/437"></script>download | new post

VERSION 1.1


With optional switches: ValidOnly, InvalidOnly, BrokenOnly, TrustedOnly, UnsignedOnly

  1. #Requires -version 2.0
  2. ## Authenticode.psm1
  3. ####################################################################################################
  4. ## Wrappers for the Get-AuthenticodeSignature and Set-AuthenticodeSignature cmdlets
  5. ## These properly parse paths, so they don't kill your pipeline and script if you include a folder
  6. ##
  7. ## Usage:
  8. ## ls | Get-AuthenticodeSignature
  9. ## ls | If-Signed -Broken | Set-AuthenticodeSignature Get-PfxCertificate C:\My.pfx
  10. ####################################################################################################
  11. ## History:
  12. ## 1.1 - Added a filter "If-Signed" that can be used like: ls | If-Signed
  13. ##     - With optional switches: ValidOnly, InvalidOnly, BrokenOnly, TrustedOnly, UnsignedOnly
  14. ##     - commented out the default Certificate which won't work for "you"
  15. ## 1.0 - first working version, includes wrappers for Get and Set
  16. ##
  17. CMDLET Set-AuthenticodeSignature -snapin Huddled.BetterDefaults {
  18. PARAM (
  19.    [Parameter(Position=1, Mandatory=$true, ValueFromPipelineByPropertyName=$true)]
  20.    [Alias("FullName")]
  21.    [ValidateScript({
  22.       if((resolve-path $_).Provider.Name -ne "FileSystem") {
  23.          throw "Specified Path is not in the FileSystem: '$_'"
  24.       }
  25.       if(!(Test-Path -PathType Leaf $_)) {
  26.          throw "Specified Path is not a File: '$_'"
  27.       }
  28.       return $true
  29.    })]
  30.    [string]
  31.    $Path
  32. ## TODO: you should CHANGE THIS to a method which gets *your* default certificate
  33.    $Certificate # = $(ls cert:\CurrentUser\my\0DA3A2A2189CD74AE371E6C57504FEB9A59BB22E)
  34. )
  35.    Microsoft.PowerShell.Security\Set-AuthenticodeSignature -Certificate $Certificate -FilePath $Path 
  36. }
  37.  
  38. CMDLET Get-AuthenticodeSignature -snapin Huddled.BetterDefaults {
  39. PARAM (
  40.    [Parameter(Position=1, Mandatory=$true, ValueFromPipelineByPropertyName=$true)]
  41.    [Alias("FullName")]
  42.    [ValidateScript({
  43.       if((resolve-path $_).Provider.Name -ne "FileSystem") {
  44.          throw "Specified Path is not in the FileSystem: '$_'"
  45.       }
  46.       if(!(Test-Path -PathType Leaf $_)) {
  47.          throw "Specified Path is not a File: '$_'"
  48.       }
  49.       return $true
  50.    })]
  51.    [string]
  52.    $Path
  53. )
  54.    Microsoft.PowerShell.Security\Get-AuthenticodeSignature -FilePath $Path 
  55. }
  56.  
  57.  
  58. CMDLET If-Signed -snapin Huddled.BetterDefaults {
  59. PARAM (
  60.    [Parameter(Position=1, Mandatory=$true, ValueFromPipelineByPropertyName=$true)]
  61.    [Alias("FullName")]
  62.    [ValidateScript({
  63.       if((resolve-path $_).Provider.Name -ne "FileSystem") {
  64.          throw "Specified Path is not in the FileSystem: '$_'"
  65.       }
  66.       if(!(Test-Path -PathType Leaf $_)) {
  67.          throw "Specified Path is not a File: '$_'"
  68.       }
  69.       return $true
  70.    })]
  71.    [string]
  72.    $Path
  73. ,
  74.    [Parameter()]
  75.    [switch]$BrokenOnly
  76. ,
  77.    [Parameter()]
  78.    [switch]$TrustedOnly
  79. ,
  80.    [Parameter()]
  81.    [switch]$ValidOnly
  82. ,
  83.    [Parameter()]
  84.    [switch]$InvalidOnly
  85. ,
  86.    [Parameter()]
  87.    [switch]$UnsignedOnly
  88. )
  89.    $sig = Microsoft.PowerShell.Security\Get-AuthenticodeSignature -FilePath $Path
  90.    
  91.    # Broken only returns ONLY things which are HashMismatch
  92.    if($BrokenOnly  -and $sig.Status -ne "HashMismatch")
  93.    {
  94.       Write-Debug "$($sig.Status) - Not Broken: $Path"
  95.       return
  96.    }
  97.    # Trusted only returns ONLY things which are Valid
  98.    if($TrustedOnly -and $sig.Status -ne "Valid")
  99.    {
  100.       Write-Debug "$($sig.Status) - Not Trusted: $Path"
  101.       return
  102.    }
  103.    
  104.    # AllValid returns only things that are SIGNED and not HashMismatch
  105.    if($ValidOnly   -and (($sig.Status -ne "HashMismatch") -or !$_.SignerCertificate) )
  106.    {
  107.       Write-Debug "$($sig.Status) - Not Valid: $Path"
  108.       return
  109.    }
  110.    
  111.    # NOTValid returns only things that are SIGNED and not HashMismatch
  112.    if($InvalidOnly    -and ($sig.Status -eq "Valid"))
  113.    {
  114.       Write-Debug "$($sig.Status) - Valid: $Path"
  115.       return
  116.    }
  117.    
  118.    # Unsigned returns only things that aren't signed
  119.    # NOTE: we don't test using NotSigned, because that's only set for .ps1 or .exe files??
  120.    if($UnsignedOnly    -and $_.SignerCertificate )
  121.    {
  122.       Write-Debug "$($sig.Status) - Signed: $Path"
  123.       return
  124.    }
  125.    
  126.    if(!$BrokenOnly -and !$TrustedOnly -and !$ValidOnly -and !$InvalidOnly -and !$UnsignedOnly -and !$_.SignerCertificate )
  127.    {
  128.       Write-Debug "$($sig.Status) - Not Signed: $Path"
  129.       return
  130.    }
  131.    
  132.    get-childItem $sig.Path
  133. }
  134.  
  135.  
  136. Export-ModuleMember Set-AuthenticodeSignature,Get-AuthenticodeSignature,If-Signed

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting:


Remember me