sergey-tihon/importCerfiticate.ps1 Secret

## importCerfiticate.ps1
#Import certificate to local machine personal folder
$root = Set-Location -PassThru $PSScriptRoot

$cert = Get-ChildItem -Path $root | where {$_.Extension -like "*.pfx"}

$PlainTextPass = Read-Host -Prompt "Type .pfx password for '$cert' certificate"
$pfxpass = $PlainTextPass | ConvertTo-SecureString -AsPlainText -Force

$cert = $cert | Import-PfxCertificate -CertStoreLocation Cert:\LocalMachine\My -Exportable -Password $pfxpass
Write-Host "Certificate is imported"


#Grant permission to selected account on private key and MachineKeys folder
$fileName = $cert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName
$path = "$env:ALLUSERSPROFILE\Microsoft\Crypto\RSA\MachineKeys\$fileName"

function SetPermissions([string[]]$accountNames)
{
    $acl = Get-Acl -Path $path

    # Add the new user and preserve all current permissions: SetAccessRuleProtection(False, X)
    # Add the new user and remove all inherited permissions: SetAccessRuleProtection(True, False)
    # Add the new user and convert all inherited permissions to explicit permissions: SetAccessRuleProtection(True, True)
    $acl.SetAccessRuleProtection($True, $False)

    foreach ($accountName in $accountNames) {
        $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($accountName,"Full","Allow")
        $acl.AddAccessRule($rule)
    }
    Set-Acl -Path $path -AclObject $acl

    Write-Host "Access to certificate is granted for $accountNames"
}

SetPermissions(@(
    "me@sergeytihon.com",
    "you@sergeytihon.com"
))
	#Import certificate to local machine personal folder
	$root = Set-Location -PassThru $PSScriptRoot

	$cert = Get-ChildItem -Path $root \| where {$_.Extension -like "*.pfx"}

	$PlainTextPass = Read-Host -Prompt "Type .pfx password for '$cert' certificate"
	$pfxpass = $PlainTextPass \| ConvertTo-SecureString -AsPlainText -Force

	$cert = $cert \| Import-PfxCertificate -CertStoreLocation Cert:\LocalMachine\My -Exportable -Password $pfxpass
	Write-Host "Certificate is imported"


	#Grant permission to selected account on private key and MachineKeys folder
	$fileName = $cert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName
	$path = "$env:ALLUSERSPROFILE\Microsoft\Crypto\RSA\MachineKeys\$fileName"

	function SetPermissions([string[]]$accountNames)
	{
	$acl = Get-Acl -Path $path

	# Add the new user and preserve all current permissions: SetAccessRuleProtection(False, X)
	# Add the new user and remove all inherited permissions: SetAccessRuleProtection(True, False)
	# Add the new user and convert all inherited permissions to explicit permissions: SetAccessRuleProtection(True, True)
	$acl.SetAccessRuleProtection($True, $False)

	foreach ($accountName in $accountNames) {
	$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($accountName,"Full","Allow")
	$acl.AddAccessRule($rule)
	}
	Set-Acl -Path $path -AclObject $acl

	Write-Host "Access to certificate is granted for $accountNames"
	}

	SetPermissions(@(
	"me@sergeytihon.com",
	"you@sergeytihon.com"
	))