stuncloud
12/2/2014 - 2:40 AM
スクリプトファイルを別名で保存して署名する
スクリプトファイルを別名で保存して署名する
function Save-SignedScript {
[CmdletBinding(DefaultParameterSetName='subject')]
param(
[parameter(Mandatory,ValueFromPipeline)]
[string] $FilePath,
[parameter(Mandatory,ParameterSetName='cert')]
[System.Security.Cryptography.X509Certificates.X509Certificate2]
$Certificate,
[Parameter(Mandatory=$false,ParameterSetName='subject')]
[string] $Subject
)
begin {
if (! $Certificate)
{
if ($Subject)
{
$Temp = ls Cert:\CurrentUser\My\ -CodeSigningCert | ? Subject -Match $Subject
}
else
{
$Temp = ls Cert:\CurrentUser\My\ -CodeSigningCert
}
if (! $Temp)
{
Write-Warning 'コード署名用証明書が見つかりません'
break
}
if ($Temp.GetType().Name -ne 'X509Certificate2')
{
Write-Host ' コード署名用の証明書を選択してください'
Write-Host
$Temp | ForEach-Object {
Write-Host " $($Temp.IndexOf($_))) $($_.subject)"
}
Write-Host
$Certificate = $Temp[$(Read-Host '番号')]
if (! $Certificate)
{
Write-Warning '不正な入力'
break
}
}
else
{
$Certificate = $Temp
}
}
if ($Certificate.Extensions.EnhancedKeyUsages.Value -notcontains '1.3.6.1.5.5.7.3.3') {
# コード署名用ではなかったら
Write-Warning "`n証明書の目的が「$($Certificate.Extensions.EnhancedKeyUsages.FriendlyName)」です`nコード署名用の証明書を指定してください"
break
}
Write-Verbose $Certificate
}
process {
if (Test-Path $FilePath)
{
Get-Item $FilePath | ForEach-Object {
$SignedFileName = "$($_.BaseName).Signed$($_.Extension)"
$_ | Copy-Item -Destination $SignedFileName
$SignedFileName | Set-AuthenticodeSignature -Certificate $Certificate
}
}
else
{
Write-Warning "No such file: $($FilePath)"
}
}
}