powershell - 可以将对文件路径的 CERTUTIL 请求重定向到 powershell 变量吗?
问题描述
我正在使用 certreq 命令行实用程序来制定 CSR 修正案,如下所示(为了清楚起见,我简化了语法)
$CertReqPath = "C:\Windows\System32\certreq.exe"
$arg1="-config"
$arg1a= $IssuingCA
$arg2="-policy"
$arg2a= $CSR
$arg3=$Inf
$arg4=$NewSANCSR
& $CertReqPath $arg1 $arg1a $arg2 $arg2a $arg3 $arg4
第一个字段需要一个文本字符串(Issuing Authortiy) - 很简单。
其余三个字段应该采用基于文本的文件,并且在用变量替换时将不起作用。前两个参数($arg2a 和 $arg3)是输入(作为文本文件) 最后一个参数($arg4)是输出。除非我将其设为文件位置(例如“c:\temp\outfile.csr”),否则它将始终打开一个用于保存位置的 gui 提示
有没有一种方法可以欺骗 certutil 使其相信它正在适当地从文本文件接收/发送到文本文件,以便我可以将信息保存在对象中以供进一步操作?
显然,我可以将输入和输出写入系统临时目录中的文件并读回数据,但最好不必这样做。
非常感谢
解决方案
正如我在评论中提到的那样,我从来没有找到一种方法来做到这一点,但我确实设法将一个不调用命令行工具的函数拼凑在一起。
注意:这在生产中运行可能不安全。
Function New-CertificateFromCA{
[CmdletBinding()]
Param (
[String[]]$CommonName = @([System.Net.Dns]::GetHostEntry($env:computerName).hostname),
[string]$OrganizationalUnit = "CustomOUname",
[string]$Organization = "YourOrganizationHere",
[string]$City = "YourCityHere",
[string]$State = "YourStateHere",
[string]$Country = "YourCountryHere",
[int]$KeyLength = 4096,
[string]$ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0",
[string]$TemplateName = "YourTemplateHere",
[string]$CertificateAuthority = $null
)
begin {
# contexts
New-Variable -Name UserContext -Value 0x1 -Option Constant
New-Variable -Name MachineContext -Value 0x2 -Option Constant
# installation options
New-Variable -Name AllowNone -Value 0x0 -Option Constant
New-Variable -Name AllowNoOutstandingRequest -Value 0x1 -Option Constant
New-Variable -Name AllowUntrustedCertificate -Value 0x2 -Option Constant
New-Variable -Name AllowUntrustedRoot -Value 0x4 -Option Constant
# encoding
New-Variable -Name Base64Header -Value 0x0 -Option Constant
New-Variable -Name Base64 -Value 0x1 -Option Constant
}
Process {
[string]$Subject = "CN=$($CommonName), OU=$($OU), O=$($Organization), L=$($City), S=$($State), C=$($Country)"
$objCSP = New-Object -ComObject "X509Enrollment.CCspInformation"
$objCSP.InitializeFromName($ProviderName)
$objCSPs = New-Object -ComObject "X509Enrollment.CCspInformations"
$objCSPs.Add($objCSP)
$objPrivateKey = new-Object -ComObject "X509Enrollment.CX509PrivateKey"
$objPrivateKey.Length = $KeyLength
$objPrivateKey.KeySpec = 2 #X509KeySpec.XCN_AT_SIGNATURE
$objPrivateKey.KeyUsage = 16777215 #0xffffff #X509PrivateKeyUsageFlags.XCN_NCRYPT_ALLOW_ALL_USAGES
$objPrivateKey.MachineContext = $True
$objPrivateKey.CspInformations = $objCSPs
$objPrivateKey.ExportPolicy = 1 #Exportable
$objPrivateKey.Create()
$objPkcs10 = New-Object -ComObject X509Enrollment.CX509CertificateRequestPkcs10
$objPkcs10.InitializeFromPrivateKey(2, $objPrivateKey, "$TemplateName")
$objAlternativeName = New-Object -ComObject "X509Enrollment.CAlternativeName"
$objAlternativeName.InitializeFromString(3, $CommonName)
$objAlternativeNames = New-Object -ComObject "X509Enrollment.CAlternativeNames"
$objAlternativeNames.Add($objAlternativeName)
$objExtensionAlternativeNames = New-Object -ComObject "X509Enrollment.CX509ExtensionAlternativeNames"
$objExtensionAlternativeNames.InitializeEncode($objAlternativeNames)
$objPkcs10.X509Extensions.Add($objExtensionAlternativeNames)
$objDN = New-Object -ComObject "X509Enrollment.CX500DistinguishedName"
$objDN.Encode($Subject, 0)
$objPkcs10.Subject = $objDN
# Enroll locally
$objEnroll = new-object -com "X509Enrollment.CX509Enrollment"
$objEnroll.InitializeFromRequest($objPkcs10)
$DERString = $objEnroll.CreateRequest(0x1)
# Identify and Submit to CA
$CAQuery = certutil -templateCAs $TemplateName
If ($CAQuery -match "completed successfully") { $strCAConfig = $CAQuery[0] }
$objCertRequest = New-Object -ComObject "CertificateAuthority.Request"
$intDisposition = $objCertRequest.Submit(1, $DERString, $null, $strCAConfig)
If ($intDisposition -eq 3) {
Write-Verbose "Request Submitted successfully"
$strCert = $objCertRequest.GetCertificate(257)
$objEnroll = new-object -com "X509Enrollment.CX509Enrollment"
$objEnroll.Initialize($MachineContext)
$objEnroll.InstallResponse($AllowUntrustedRoot, $strCert, $Base64, $null)
$Flags = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable
$Flags = $Flags -bor [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::MachineKeySet
$Flags = $Flags -bor [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet
$Cert = New-Object Security.Cryptography.X509Certificates.X509Certificate2
$Cert.Import([System.Convert]::FromBase64String($objEnroll.Certificate(1)),$null,$Flags)
$result = gci -Recurse cert:\*$($Cert.Thumbprint)
Write-Verbose "Certificate with thumbprint $($Cert.Thumbprint) installed"
$result
}
}
}
推荐阅读
- c# - 对象引用未设置为... IN COMMAND IN COLLECTIONVIEW
- python - 如何从第 0 个日期开始每隔 3 个日期
- cmake - bitbake 缺少来自外部源的“安装”目标构建
- powershell - PowerShell 中是否有搜索选项,它可以查看整个子注册表
- reactjs - 材料设计引导程序(MDBReact)不起作用
- python - 一个监控 django 模型修改的地方
- acumatica - BQL 语句在 SOOrder 中获取数据,但在 POOrder 中没有
- machine-learning - 如何为 XGBoost XGBRanker 准备特征和标签?
- modelica - 扫描体积组件行为 - Modelica
- css - 引导表:随着单元格内容的增长,垂直行标题与单元格重叠