WDACConfig

0.3.3

Shared/Confirm-CertCN.psm1

                                Function Confirm-CertCN {

    <#

    .SYNOPSIS

        Function to check Certificate Common name - used mostly to validate values in the user configurations file

    .PARAMETER CN

        Common name of the certificate to check

    .INPUTS

        System.String

    .OUTPUTS

        System.Boolean

    .NOTES

        Can receive empty string as input as well for cases when the user configurations file does not contain a certificate CN

    #>

    [CmdletBinding()]

    [OutputType([System.Boolean])]

    param(

        [AllowEmptyString()]

        [parameter(Mandatory = $true)][System.String]$CN

    )

    # Importing the $PSDefaultParameterValues to the current session, prior to everything else

    . "$ModuleRootPath\CoreExt\PSDefaultParameterValues.ps1"

    # Create an empty array to store the output objects

    [System.Object[]]$Output = @()

    # Loop through each certificate that uses RSA algorithm (Because ECDSA is not supported for signing WDAC policies) in the current user's personal store and extract the relevant properties

    foreach ($Cert in (Get-ChildItem -Path 'Cert:\CurrentUser\My' | Where-Object -FilterScript { $_.PublicKey.Oid.FriendlyName -eq 'RSA' })) {

        # Takes care of certificate subjects that include comma in their CN

        # Determine if the subject contains a comma

        if ($Cert.Subject -match 'CN=(?<RegexTest>.*?),.*') {

            # If the CN value contains double quotes, use split to get the value between the quotes

            if ($matches['RegexTest'] -like '*"*') {

                $SubjectCN = ($Element.Certificate.Subject -split 'CN="(.+?)"')[1]

            }

            # Otherwise, use the named group RegexTest to get the CN value

            else {

                $SubjectCN = $matches['RegexTest']

            }

        }

        # If the subject does not contain a comma, use a lookbehind to get the CN value

        elseif ($Cert.Subject -match '(?<=CN=).*') {

            $SubjectCN = $matches[0]

        }

        # Create a custom object with the certificate thumbprint, subject, friendly name and subject CN

        $Output += [PSCustomObject]@{

            Thumbprint   = [System.String]$Cert.Thumbprint

            Subject      = [System.String]$Cert.Subject

            FriendlyName = [System.String]$Cert.FriendlyName

            SubjectCN    = [System.String]$SubjectCN

        }

    }

    return [System.Boolean]([System.String[]]$Output.SubjectCN -contains $CN ? $true : $false)

}

# Export external facing functions only, prevent internal functions from getting exported

Export-ModuleMember -Function 'Confirm-CertCN'

# SIG # Begin signature block

# MIILkgYJKoZIhvcNAQcCoIILgzCCC38CAQExDzANBglghkgBZQMEAgEFADB5Bgor

# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG

# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCC2CeZSWe84r9V9

# Xhcil/bmtWpIGu58I8kj4qXoRlHmmaCCB9AwggfMMIIFtKADAgECAhMeAAAABI80

# LDQz/68TAAAAAAAEMA0GCSqGSIb3DQEBDQUAME8xEzARBgoJkiaJk/IsZAEZFgNj

# b20xIjAgBgoJkiaJk/IsZAEZFhJIT1RDQUtFWC1DQS1Eb21haW4xFDASBgNVBAMT

# C0hPVENBS0VYLUNBMCAXDTIzMTIyNzExMjkyOVoYDzIyMDgxMTEyMTEyOTI5WjB5

# MQswCQYDVQQGEwJVSzEeMBwGA1UEAxMVSG90Q2FrZVggQ29kZSBTaWduaW5nMSMw

# IQYJKoZIhvcNAQkBFhRob3RjYWtleEBvdXRsb29rLmNvbTElMCMGCSqGSIb3DQEJ

# ARYWU3B5bmV0Z2lybEBvdXRsb29rLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP

# ADCCAgoCggIBAKb1BJzTrpu1ERiwr7ivp0UuJ1GmNmmZ65eckLpGSF+2r22+7Tgm

# pEifj9NhPw0X60F9HhdSM+2XeuikmaNMvq8XRDUFoenv9P1ZU1wli5WTKHJ5ayDW

# k2NP22G9IPRnIpizkHkQnCwctx0AFJx1qvvd+EFlG6ihM0fKGG+DwMaFqsKCGh+M

# rb1bKKtY7UEnEVAsVi7KYGkkH+ukhyFUAdUbh/3ZjO0xWPYpkf/1ldvGes6pjK6P

# US2PHbe6ukiupqYYG3I5Ad0e20uQfZbz9vMSTiwslLhmsST0XAesEvi+SJYz2xAQ

# x2O4n/PxMRxZ3m5Q0WQxLTGFGjB2Bl+B+QPBzbpwb9JC77zgA8J2ncP2biEguSRJ

# e56Ezx6YpSoRv4d1jS3tpRL+ZFm8yv6We+hodE++0tLsfpUq42Guy3MrGQ2kTIRo

# 7TGLOLpayR8tYmnF0XEHaBiVl7u/Szr7kmOe/CfRG8IZl6UX+/66OqZeyJ12Q3m2

# fe7ZWnpWT5sVp2sJmiuGb3atFXBWKcwNumNuy4JecjQE+7NF8rfIv94NxbBV/WSM

# pKf6Yv9OgzkjY1nRdIS1FBHa88RR55+7Ikh4FIGPBTAibiCEJMc79+b8cdsQGOo4

# ymgbKjGeoRNjtegZ7XE/3TUywBBFMf8NfcjF8REs/HIl7u2RHwRaUTJdAgMBAAGj

# ggJzMIICbzA8BgkrBgEEAYI3FQcELzAtBiUrBgEEAYI3FQiG7sUghM++I4HxhQSF

# hqV1htyhDXuG5sF2wOlDAgFkAgEIMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA4GA1Ud

# DwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMBsGCSsGAQQBgjcVCgQOMAwwCgYIKwYB

# BQUHAwMwHQYDVR0OBBYEFOlnnQDHNUpYoPqECFP6JAqGDFM6MB8GA1UdIwQYMBaA

# FICT0Mhz5MfqMIi7Xax90DRKYJLSMIHUBgNVHR8EgcwwgckwgcaggcOggcCGgb1s

# ZGFwOi8vL0NOPUhPVENBS0VYLUNBLENOPUhvdENha2VYLENOPUNEUCxDTj1QdWJs

# aWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9u

# LERDPU5vbkV4aXN0ZW50RG9tYWluLERDPWNvbT9jZXJ0aWZpY2F0ZVJldm9jYXRp

# b25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwgccG

# CCsGAQUFBwEBBIG6MIG3MIG0BggrBgEFBQcwAoaBp2xkYXA6Ly8vQ049SE9UQ0FL

# RVgtQ0EsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZp

# Y2VzLENOPUNvbmZpZ3VyYXRpb24sREM9Tm9uRXhpc3RlbnREb21haW4sREM9Y29t

# P2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0

# aG9yaXR5MA0GCSqGSIb3DQEBDQUAA4ICAQA7JI76Ixy113wNjiJmJmPKfnn7brVI

# IyA3ZudXCheqWTYPyYnwzhCSzKJLejGNAsMlXwoYgXQBBmMiSI4Zv4UhTNc4Umqx

# pZSpqV+3FRFQHOG/X6NMHuFa2z7T2pdj+QJuH5TgPayKAJc+Kbg4C7edL6YoePRu

# HoEhoRffiabEP/yDtZWMa6WFqBsfgiLMlo7DfuhRJ0eRqvJ6+czOVU2bxvESMQVo

# bvFTNDlEcUzBM7QxbnsDyGpoJZTx6M3cUkEazuliPAw3IW1vJn8SR1jFBukKcjWn

# aau+/BE9w77GFz1RbIfH3hJ/CUA0wCavxWcbAHz1YoPTAz6EKjIc5PcHpDO+n8Fh

# t3ULwVjWPMoZzU589IXi+2Ol0IUWAdoQJr/Llhub3SNKZ3LlMUPNt+tXAs/vcUl0

# 7+Dp5FpUARE2gMYA/XxfU9T6Q3pX3/NRP/ojO9m0JrKv/KMc9sCGmV9sDygCOosU

# 5yGS4Ze/DJw6QR7xT9lMiWsfgL96Qcw4lfu1+5iLr0dnDFsGowGTKPGI0EvzK7H+

# DuFRg+Fyhn40dOUl8fVDqYHuZJRoWJxCsyobVkrX4rA6xUTswl7xYPYWz88WZDoY

# gI8AwuRkzJyUEA07IYtsbFCYrcUzIHME4uf8jsJhCmb0va1G2WrWuyasv3K/G8Nn

# f60MsDbDH1mLtzGCAxgwggMUAgEBMGYwTzETMBEGCgmSJomT8ixkARkWA2NvbTEi

# MCAGCgmSJomT8ixkARkWEkhPVENBS0VYLUNBLURvbWFpbjEUMBIGA1UEAxMLSE9U

# Q0FLRVgtQ0ECEx4AAAAEjzQsNDP/rxMAAAAAAAQwDQYJYIZIAWUDBAIBBQCggYQw

# GAYKKwYBBAGCNwIBDDEKMAigAoAAoQKAADAZBgkqhkiG9w0BCQMxDAYKKwYBBAGC

# NwIBBDAcBgorBgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQx

# IgQgvmDNLfw8ujuaOeyIZ4gxO5/Uu+aMi2rpFxK94ToQ5ekwDQYJKoZIhvcNAQEB

# BQAEggIAIuH8PKF4I9mGI4IyZrhXDKfc/6qPS9mXlDdBzZ2pdTzpt+83CTHhP8Ib

# YcmjysYHiRiIsZ6tr+hhfQe3z9IQvlDls82PK4cKNa5N06f+tOQgDxThYq6FKTC7

# x+zc1j2er10l4IDUN9zlFkmeIIi/Fw6xfGGxjWeQdVIrTuro4smQ8RXGUbbXvSy3

# 2en5XLXyrKh3jts1SLhNDOwW4eO6z1y85Fx51I3/cR8ksgDL0/+HJkjz5mdi/CJD

# kn6z0ODOWEqOgj2ZZJ4kNeRRY2t8JwvJREK+eLU+kVS28+baVOblwzbO31e/tNiW

# u3PJTH2eAJhx1rcBOvi8s8ShCtJtR7Wjwq8XImji1wkobQlp2l3Spw4olY+edFiL

# BmOy/P7CbeWVpaU9fqqu7IBqRyzvY5aU0gf/f3CuIqPkU6VAMeNw2K2oaUDLHb8b

# /SDs4HWmg23Q68EnMW9FjEhZOjZBB9/Yp87nKRCrUg1eUOweqcQA3P/2JMaHcOUK

# Lgu3xllCJKBg9KrTVAbeBGPSo/ATr3pItjUYMDSx5y1ztHS9WmSaEoG5/6/BspWP

# 4yWCMUFAe+Q2HH8kpaiEk0VcQBO26uh9WkGfv1jDhrLVoZpYd2/mM7onvjJabZyo

# GO8PA9l7dXzAaoIhWR3RoXm/oMEdftVg7aUJ6F6EzwmW9ElKmx4=

# SIG # End signature block