PoshCode Archive  Artifact [00eed80f19]

Check-ins Using Download Hex

Artifact 00eed80f198e6252fa98738727d791d869978c7dfe0fd4b92ef336100755cc9f:

  • File Get-Set-Signature-CTP2.ps1 — part of check-in [fbef68647a] at 2018-06-10 13:40:02 on branch trunk — VERSION 1.1 (user: Joel Bennett size: 5198) 
# encoding: ascii
# api: powershell
# title: Get/Set Signature (CTP2)
# description: VERSION 1.1
# version: 1.1
# type: script
# author: Joel Bennett
# license: CC0
# x-poshcode-id: 437
# x-derived-from-id: 456
# x-archived: 2009-07-31T23:59:53
#
# Description
# Wrappers for the Get-AuthenticodeSignature and Set-AuthenticodeSignature which properly parse paths and don’t kill your pipeline and script when you hit a folder by accident…
# Changes
# Added a filter “If-Signed” that can be used like: ls | If-Signed
# # With optional switches: ValidOnly, InvalidOnly, BrokenOnly, TrustedOnly, UnsignedOnly
#
#Requires -version 2.0
## Authenticode.psm1
####################################################################################################
## Wrappers for the Get-AuthenticodeSignature and Set-AuthenticodeSignature cmdlets 
## These properly parse paths, so they don't kill your pipeline and script if you include a folder 
##
## Usage:
## ls | Get-AuthenticodeSignature
## ls | If-Signed -Broken | Set-AuthenticodeSignature Get-PfxCertificate C:\My.pfx
####################################################################################################
## History:
## 1.1 - Added a filter "If-Signed" that can be used like: ls | If-Signed
##     - With optional switches: ValidOnly, InvalidOnly, BrokenOnly, TrustedOnly, UnsignedOnly
##     - commented out the default Certificate which won't work for "you"
## 1.0 - first working version, includes wrappers for Get and Set
##
CMDLET Set-AuthenticodeSignature -snapin Huddled.BetterDefaults {
PARAM ( 
   [Parameter(Position=1, Mandatory=$true, ValueFromPipelineByPropertyName=$true)]
   [Alias("FullName")]
   [ValidateScript({ 
      if((resolve-path $_).Provider.Name -ne "FileSystem") {
         throw "Specified Path is not in the FileSystem: '$_'" 
      }
      if(!(Test-Path -PathType Leaf $_)) { 
         throw "Specified Path is not a File: '$_'" 
      }
      return $true
   })]
   [string]
   $Path
,  ## TODO: you should CHANGE THIS to a method which gets *your* default certificate
   $Certificate # = $(ls cert:\CurrentUser\my\0DA3A2A2189CD74AE371E6C57504FEB9A59BB22E)
)
   Microsoft.PowerShell.Security\Set-AuthenticodeSignature -Certificate $Certificate -FilePath $Path  
}

CMDLET Get-AuthenticodeSignature -snapin Huddled.BetterDefaults {
PARAM ( 
   [Parameter(Position=1, Mandatory=$true, ValueFromPipelineByPropertyName=$true)]
   [Alias("FullName")]
   [ValidateScript({ 
      if((resolve-path $_).Provider.Name -ne "FileSystem") {
         throw "Specified Path is not in the FileSystem: '$_'" 
      }
      if(!(Test-Path -PathType Leaf $_)) { 
         throw "Specified Path is not a File: '$_'" 
      }
      return $true
   })]
   [string]
   $Path
)
   Microsoft.PowerShell.Security\Get-AuthenticodeSignature -FilePath $Path  
}


CMDLET If-Signed -snapin Huddled.BetterDefaults {
PARAM ( 
   [Parameter(Position=1, Mandatory=$true, ValueFromPipelineByPropertyName=$true)]
   [Alias("FullName")]
   [ValidateScript({ 
      if((resolve-path $_).Provider.Name -ne "FileSystem") {
         throw "Specified Path is not in the FileSystem: '$_'" 
      }
      if(!(Test-Path -PathType Leaf $_)) { 
         throw "Specified Path is not a File: '$_'" 
      }
      return $true
   })]
   [string]
   $Path
,
   [Parameter()]
   [switch]$BrokenOnly
,
   [Parameter()]
   [switch]$TrustedOnly
,
   [Parameter()]
   [switch]$ValidOnly
,
   [Parameter()]
   [switch]$InvalidOnly
,
   [Parameter()]
   [switch]$UnsignedOnly
)
   $sig = Microsoft.PowerShell.Security\Get-AuthenticodeSignature -FilePath $Path 
   
   # Broken only returns ONLY things which are HashMismatch
   if($BrokenOnly  -and $sig.Status -ne "HashMismatch") 
   { 
      Write-Debug "$($sig.Status) - Not Broken: $Path"
      return 
   }
   # Trusted only returns ONLY things which are Valid
   if($TrustedOnly -and $sig.Status -ne "Valid") 
   { 
      Write-Debug "$($sig.Status) - Not Trusted: $Path"
      return 
   }
   
   # AllValid returns only things that are SIGNED and not HashMismatch
   if($ValidOnly   -and (($sig.Status -ne "HashMismatch") -or !$_.SignerCertificate) ) 
   { 
      Write-Debug "$($sig.Status) - Not Valid: $Path"
      return 
   }
   
   # NOTValid returns only things that are SIGNED and not HashMismatch
   if($InvalidOnly    -and ($sig.Status -eq "Valid")) 
   { 
      Write-Debug "$($sig.Status) - Valid: $Path"
      return 
   }
   
   # Unsigned returns only things that aren't signed
   # NOTE: we don't test using NotSigned, because that's only set for .ps1 or .exe files??
   if($UnsignedOnly    -and $_.SignerCertificate ) 
   { 
      Write-Debug "$($sig.Status) - Signed: $Path"
      return 
   }
   
   if(!$BrokenOnly -and !$TrustedOnly -and !$ValidOnly -and !$InvalidOnly -and !$UnsignedOnly -and !$_.SignerCertificate ) 
   { 
      Write-Debug "$($sig.Status) - Not Signed: $Path"
      return 
   }
   
   get-childItem $sig.Path
}


Export-ModuleMember Set-AuthenticodeSignature,Get-AuthenticodeSignature,If-Signed
Fossil 2.20 [0d61fd2310] 2022-10-28 19:48:33
This page was generated in about 0.014s