|
#Get-Pfxdata is only supported by PowerShell 4.0 or Higher
[cmdletbinding()]
param(
[parameter(Mandatory = $true, Position = 0)]
[string]$Thumbprint,
[parameter(Mandatory = $true, Position = 1)]
[string]$FolderPath,
[parameter(Mandatory = $false, Position = 2)]
$Password
)
if ($PSVersionTable.PSVersion.Major -lt 4)
{
Write-Warning "You need run the script on PowerShell 4.0 or Higher"
exit
}
[string[]]$CertPath = $null
[string[]]$ShortCertPath = $null
[pscustomobject[]]$OutputCerts = $null
#====================================================================
$ShortCertPath = Get-ChildItem -Path $FolderPath -Recurse -Force -Include *.cer, *.pfx -Name
#其实用FUllName就可以直接实现了
foreach ($scp in $ShortCertPath) {
$CertPath+=Join-Path $FolderPath $scp
}
#====================================================================
#密码是个可选参数,这里设置了默认密码的值,如果有统一密码可以在脚本里***那个位置将密码填上
if ($Password)
{
$Password = ConvertTo-SecureString -AsPlainText $Password -Force
}
else
{
$Password = ConvertTo-SecureString -AsPlainText "***" -Force
}
#====================================================================
foreach ($cp in $CertPath) {
if ($cp.EndsWith(".pfx"))
{
try
{
$Error.clear()
$PfxCert = Get-PfxData -FilePath $cp -Password $Password
}
catch
{
#$ErrorMessage = $cp+$Error[0].Exception.Message
#Write-Host -ForegroundColor 'Red' "$(Get-Date -uFormat %Y%m%d-%H:%M:%S)" $ErrorMessage
$pwdtxt = Join-Path (Get-ChildItem $cp).Directory.FullName "pwd.txt"
if (Test-Path $pwdtxt)
{
$OtherPasswordtxt = Get-Content $pwdtxt
if($OtherPasswordtxt.Length -lt 5)
{
$OtherPassword = ConvertTo-SecureString -AsPlainText $OtherPasswordtxt[0] -Force
}
else
{
$OtherPassword = ConvertTo-SecureString -AsPlainText $OtherPasswordtxt -Force
}
try
{
$Error.clear()
$PfxCert = Get-PfxData -FilePath $cp -Password $OtherPassword
}
catch
{
$ErrorMessage = $cp+$Error[0].Exception.Message
Write-Warning "$(Get-Date -uFormat %Y%m%d-%H:%M:%S)" $ErrorMessage
}
}
else
{
Write-Warning "Didn't find the password for $cp, so pls check the thumbprint manually"
#Write-Warning "The password for $cp is not correct, so pls check the thumbprint manually"
}
}
$PfxThumbprint = $PfxCert.EndEntityCertificates.Thumbprint
if ($PfxThumbprint -eq $Thumbprint)
{
$PfxObject = $null
$PfxObject = New-Object -TypeName psobject
$PfxObject | Add-Member -MemberType NoteProperty -Name EnhancedKeyUsageList -Value $PfxCert.EndEntityCertificates.EnhancedKeyUsageList
$PfxObject | Add-Member -MemberType NoteProperty -Name DnsNameList -Value $PfxCert.EndEntityCertificates.DnsNameList
$PfxObject | Add-Member -MemberType NoteProperty -Name SendAsTrustedIssuer -Value $PfxCert.EndEntityCertificates.SendAsTrustedIssuer
$PfxObject | Add-Member -MemberType NoteProperty -Name EnrollmentPolicyEndPoint -Value $PfxCert.EndEntityCertificates.EnrollmentPolicyEndPoint
$PfxObject | Add-Member -MemberType NoteProperty -Name EnrollmentServerEndPoint -Value $PfxCert.EndEntityCertificates.EnrollmentServerEndPoint
$PfxObject | Add-Member -MemberType NoteProperty -Name PolicyId -Value $PfxCert.EndEntityCertificates.PolicyId
$PfxObject | Add-Member -MemberType NoteProperty -Name Archived -Value $PfxCert.EndEntityCertificates.Archived
$PfxObject | Add-Member -MemberType NoteProperty -Name Extensions -Value $PfxCert.EndEntityCertificates.Extensions
$PfxObject | Add-Member -MemberType NoteProperty -Name FriendlyName -Value $PfxCert.EndEntityCertificates.FriendlyName
$PfxObject | Add-Member -MemberType NoteProperty -Name IssuerName -Value $PfxCert.EndEntityCertificates.IssuerName
$PfxObject | Add-Member -MemberType NoteProperty -Name NotAfter -Value $PfxCert.EndEntityCertificates.NotAfter
$PfxObject | Add-Member -MemberType NoteProperty -Name NotBefore -Value $PfxCert.EndEntityCertificates.NotBefore
$PfxObject | Add-Member -MemberType NoteProperty -Name HasPrivateKey -Value $PfxCert.EndEntityCertificates.HasPrivateKey
$PfxObject | Add-Member -MemberType NoteProperty -Name PrivateKey -Value $PfxCert.EndEntityCertificates.PrivateKey
$PfxObject | Add-Member -MemberType NoteProperty -Name PublicKey -Value $PfxCert.EndEntityCertificates.PublicKey
$PfxObject | Add-Member -MemberType NoteProperty -Name RawData -Value $PfxCert.EndEntityCertificates.RawData
$PfxObject | Add-Member -MemberType NoteProperty -Name SerialNumber -Value $PfxCert.EndEntityCertificates.SerialNumber
$PfxObject | Add-Member -MemberType NoteProperty -Name SubjectName -Value $PfxCert.EndEntityCertificates.SubjectName
$PfxObject | Add-Member -MemberType NoteProperty -Name SignatureAlgorithm -Value $PfxCert.EndEntityCertificates.SignatureAlgorithm
$PfxObject | Add-Member -MemberType NoteProperty -Name Thumbprint -Value $PfxCert.EndEntityCertificates.Thumbprint
$PfxObject | Add-Member -MemberType NoteProperty -Name Version -Value $PfxCert.EndEntityCertificates.Version
$PfxObject | Add-Member -MemberType NoteProperty -Name Handle -Value $PfxCert.EndEntityCertificates.Handle
$PfxObject | Add-Member -MemberType NoteProperty -Name Issuer -Value $PfxCert.EndEntityCertificates.Issuer
$PfxObject | Add-Member -MemberType NoteProperty -Name Subject -Value $PfxCert.EndEntityCertificates.Subject
$PfxObject | Add-Member -MemberType NoteProperty -Name CertFilePath -Value $cp
$OutputCerts += $PfxObject
}
}
elseif ($cp.EndsWith(".cer"))
{
$CerCert = Get-PfxCertificate -FilePath $cp
$CerThumbprint = $CerCert.Thumbprint
if ($CerThumbprint -eq $Thumbprint)
{
$CerObject = $null
$CerObject = New-Object -TypeName psobject
$CerObject | Add-Member -MemberType NoteProperty -Name EnhancedKeyUsageList -Value $CerCert.EnhancedKeyUsageList
$CerObject | Add-Member -MemberType NoteProperty -Name DnsNameList -Value $CerCert.DnsNameList
$CerObject | Add-Member -MemberType NoteProperty -Name SendAsTrustedIssuer -Value $CerCert.SendAsTrustedIssuer
$CerObject | Add-Member -MemberType NoteProperty -Name EnrollmentPolicyEndPoint -Value $CerCert.EnrollmentPolicyEndPoint
$CerObject | Add-Member -MemberType NoteProperty -Name EnrollmentServerEndPoint -Value $CerCert.EnrollmentServerEndPoint
$CerObject | Add-Member -MemberType NoteProperty -Name PolicyId -Value $CerCert.PolicyId
$CerObject | Add-Member -MemberType NoteProperty -Name Archived -Value $CerCert.Archived
$CerObject | Add-Member -MemberType NoteProperty -Name Extensions -Value $CerCert.Extensions
$CerObject | Add-Member -MemberType NoteProperty -Name FriendlyName -Value $CerCert.FriendlyName
$CerObject | Add-Member -MemberType NoteProperty -Name IssuerName -Value $CerCert.IssuerName
$CerObject | Add-Member -MemberType NoteProperty -Name NotAfter -Value $CerCert.NotAfter
$CerObject | Add-Member -MemberType NoteProperty -Name NotBefore -Value $CerCert.NotBefore
$CerObject | Add-Member -MemberType NoteProperty -Name HasPrivateKey -Value $CerCert.HasPrivateKey
$CerObject | Add-Member -MemberType NoteProperty -Name PrivateKey -Value $CerCert.PrivateKey
$CerObject | Add-Member -MemberType NoteProperty -Name PublicKey -Value $CerCert.PublicKey
$CerObject | Add-Member -MemberType NoteProperty -Name RawData -Value $CerCert.RawData
$CerObject | Add-Member -MemberType NoteProperty -Name SerialNumber -Value $CerCert.SerialNumber
$CerObject | Add-Member -MemberType NoteProperty -Name SubjectName -Value $CerCert.SubjectName
$CerObject | Add-Member -MemberType NoteProperty -Name SignatureAlgorithm -Value $CerCert.SignatureAlgorithm
$CerObject | Add-Member -MemberType NoteProperty -Name Thumbprint -Value $CerCert.Thumbprint
$CerObject | Add-Member -MemberType NoteProperty -Name Version -Value $CerCert.Version
$CerObject | Add-Member -MemberType NoteProperty -Name Handle -Value $CerCert.Handle
$CerObject | Add-Member -MemberType NoteProperty -Name Issuer -Value $CerCert.Issuer
$CerObject | Add-Member -MemberType NoteProperty -Name Subject -Value $CerCert.Subject
$CerObject | Add-Member -MemberType NoteProperty -Name CertFilePath -Value $cp
$OutputCerts += $CerObject
}
}
else
{
Write-Host "$cp is not a valid cert" -ForegroundColor 'Red'
}
}
#====================================================================
if ($OutputCerts -ne $null)
{
if ($OutputCerts.count -eq 1)
{
Write-Host "There is one cert with thumbprint $Thumbprint under Folder $FolderPath" -ForegroundColor 'Cyan'
}
else
{
$cc=$OutputCerts.count
Write-Host "There are $cc certs with thumbprint $Thumbprint under Folder $FolderPath" -ForegroundColor 'Cyan'
}
for ($i = 0; $i -lt $OutputCerts.count;$i++)
{
Write-Host "NO:$($i+1)"
$OutputCerts[$i]
Write-Host "================================================================================================="
}
}
else
{
Write-Host "There is no cert with thumbprint $Thumbprint under Folder $FolderPath" -ForegroundColor 'Cyan'
}
|
|
|