13 septembre 2017

My first Powershell funciton... Sign-Script

I'm starting to play more with powershell and for some need that we have I had to start signing script. I found many place on the internet  that explain how to get the code signing certificate from our corporate CA and then sign the script using timestamp so that script still works when the certificate expire as the timestamp certify that the certificate was valid at the time it was signed. This generates a pretty long command so I wrote my first powershell function... Sign-Script to leverage this, you can place this in your powershell profile (profile.ps1) to have it available each time you run powershell
profile.ps1

Powershell profile ref: https://technet.microsoft.com/en-us/library/2008.10.windowspowershell.aspx 

Code signing ref: https://www.darkoperator.com/blog/2013/3/5/powershell-basics-execution-policy-part-1.html

So without further delay here it comes...

#Begin copy after this line
#----------------------------------------------------------------------------------------------------

 <#
.Synopsis
   Sign the specified script with the first code signing certificate of the current user
   and with a default TimeStamping URL.

.DESCRIPTION
   This function allow you so sign a script with a timestamp so that your script will be
   valid even when the signing certificate expire. It also allow you to not have to type
   the full path to the signing certificate since it will use the first
   "Code Signing Certificate" available in the local User certificate store. This funciton
   also use a default "time stamping URL" so that you don't need to

.PARAMETER scriptname
    The script name including the full path that you want to sign

.PARAMETER cert
    A path to a code signing certificate.  The default is the first code signing script of
    the local user.
   
.PARAMETER TimeStampingServer
    URL to a time stamping server. The default is "http://timestamp.comodoca.com/authenticode".
   
.EXAMPLE
   Sign-cert c:\script\test.ps1

.EXAMPLE
   Sign-cert -scriptname c:\script\test.ps1 -cert gci cert:\CurrentUser\My -codesigning | where -Filter {$_.FriendlyName -eq "Thawte Code Signing"} -IncludeChain All -TimeStampServer "http://timestamp.verisign.com/scripts/timstamp.dll"
#>
function Sign-Script
{
    [CmdletBinding()]
    [Alias("Sign")]
    Param
    (
       # Description d’aide param1
       [Parameter(Mandatory=$true,
                   ValueFromPipeline=$true,
                   ValueFromPipelineByPropertyName=$true,
                   ValueFromRemainingArguments=$false,
                   Position=0,
                   ParameterSetName='Script name')]
        [ValidateNotNull()]
        [ValidateNotNullOrEmpty()]
        [Alias()]
        $scriptname,

        # Description d’aide param2
        $cert=(GCI cert:currentuser\my\ -CodeSigningCert)[0],
       
        # Description d’aide param3
        $TimeStampingServer="http://timestamp.comodoca.com/authenticode"
    )

    Process
    {
    Set-AuthenticodeSignature $scriptname $cert -TimestampServer $TimeStampingServer
    }
 }

#---------------------------------------------------------------------------------
#End copy above this line