Create Sign_files.ps1

farag2 · web-flow · commit 3e6fc3410c32 · 2024-07-15T00:14:33.000+03:00
diff --git a/Sign_files.ps1 b/Sign_files.ps1
@@ -0,0 +1,50 @@
+# Sign all scripts in folder recursively by a self-signed certificate
+$CertName             = "Team Sophia"
+$FolderPath           = "src"
+$ExtensionsToSearchIn = @(".ps1", ".psm1", ".psd1")
+# Get-ChildItem -Path Cert:\LocalMachine\My, Cert:\CurrentUser\My | Where-Object -FilterScript {$_.Subject -eq "CN=$CertName"} | Remove-Item
+
+# Generate a self-signed Authenticode certificate in the local computer's personal certificate store
+$Parameters = @{
+	Subject           = $CertName
+	NotAfter          = (Get-Date).AddMonths(24)
+	CertStoreLocation = "Cert:\LocalMachine\My"
+	Type              = "CodeSigningCert"
+}
+$authenticode = New-SelfSignedCertificate @Parameters
+
+# Add the self-signed Authenticode certificate to the computer's root certificate store
+# Create an object to represent the LocalMachine\Root certificate store
+$rootStore = [System.Security.Cryptography.X509Certificates.X509Store]::new("Root","LocalMachine")
+# Open the root certificate store for reading and writing
+$rootStore.Open("ReadWrite")
+# Add the certificate stored in the $authenticode variable
+$rootStore.Add($authenticode)
+# Close the root certificate store
+$rootStore.Close()
+
+# Add the self-signed Authenticode certificate to the computer's trusted publishers certificate store
+# Create an object to represent the LocalMachine\TrustedPublisher certificate store
+$publisherStore = [System.Security.Cryptography.X509Certificates.X509Store]::new("TrustedPublisher","LocalMachine")
+# Open the TrustedPublisher certificate store for reading and writing
+$publisherStore.Open("ReadWrite")
+# Add the certificate stored in the $authenticode variable
+$publisherStore.Add($authenticode)
+# Close the TrustedPublisher certificate store
+$publisherStore.Close()
+
+# Get the code-signing certificate from the local computer's certificate store with the name "Sophia Authenticode" and store it to the $codeCertificate variable
+$codeCertificate = Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object -FilterScript {$_.Subject -eq "CN=$CertName"}
+
+# TimeStampServer specifies the trusted timestamp server that adds a timestamp to script's digital signature
+# Adding a timestamp ensures that your code will not expire when the signing certificate expires
+# -Include *.ps1, *.psm1, *.psd1 is obvious, but it's slow
+# There is no need to user $PSScriptRoot\$FolderPath
+Get-ChildItem -Path $FolderPath -Recurse -File | Where-Object -FilterScript {$_.Extension -in $ExtensionsToSearchIn} | ForEach-Object -Process {
+	$Parameters = @{
+		FilePath        = $_.FullName
+		Certificate     = $codeCertificate
+		TimeStampServer = "http://timestamp.digicert.com"
+	}
+	Set-AuthenticodeSignature @Parameters
+}
