[Summary view] [Print] [Text view]

   1  # Script to add certificates to certificate stores.
   2  
   3  # Note: This script relies on the CryptoAPI COM interface (CAPICOM),
   4  # which must be installed first.  See
   5  # <http://msdn.microsoft.com/library/en-us/security/Security/getting_ready_to_use_capicom.asp>.
   6  
   7  use warnings;
   8  use strict;
   9  use Getopt::Long;
  10  use Pod::Usage;
  11  use Win32::OLE;
  12  
  13  # Your usual option-processing sludge.
  14  my %opts;
  15  GetOptions (\%opts, 'help|h|?', 'add=s')
  16      or pod2usage (2);
  17  
  18  (exists $opts{'help'})
  19      and pod2usage ('-exitstatus' => 0, '-verbose' => 2);
  20  
  21  # Ensure no arguments after options.
  22  scalar @ARGV == 0
  23      or pod2usage (2);
  24  
  25  # Require "--add" option (for now)
  26  (defined $opts{'add'})
  27      or pod2usage (2);
  28  
  29  # Bomb out completely if COM engine encounters any trouble.
  30  Win32::OLE->Option ('Warn' => 3);
  31  
  32  # CAPICOM constant definitions
  33  use constant {
  34      # Store Location
  35      # http://msdn.microsoft.com/library/en-us/security/security/capicom_store_location.asp
  36      CAPICOM_LOCAL_MACHINE_STORE => 1,
  37  
  38      # Store Open Mode
  39      # http://msdn.microsoft.com/library/en-us/security/security/capicom_store_open_mode.asp
  40      CAPICOM_STORE_OPEN_READ_ONLY => 0, 
  41      CAPICOM_STORE_OPEN_READ_WRITE => 1, 
  42      CAPICOM_STORE_OPEN_MAXIMUM_ALLOWED => 2, 
  43      CAPICOM_STORE_OPEN_EXISTING_ONLY => 128, 
  44      CAPICOM_STORE_OPEN_INCLUDE_ARCHIVED => 256,
  45  };
  46  
  47  my $cert_file = $opts{'add'};
  48  
  49  # Create a new Certificate object, and load it from the file. See
  50  # <http://msdn.microsoft.com/library/en-us/security/security/certificate.asp>.
  51  my $cert = Win32::OLE->new ('CAPICOM.Certificate');
  52  $cert->Load ($cert_file);
  53  
  54  # Create a new Store object, and use it to open the store.  See
  55  # <http://msdn.microsoft.com/library/en-us/security/security/store.asp>.
  56  my $store = Win32::OLE->new ('CAPICOM.Store');
  57  
  58  # FIXME: These should be command-line options.
  59  my $store_location = CAPICOM_LOCAL_MACHINE_STORE;
  60  my $store_name = 'ROOT';
  61  
  62  $store->Open ($store_location, $store_name, CAPICOM_STORE_OPEN_READ_WRITE);
  63  
  64  # Add the certificate to the store.  Note that this may put up a
  65  # dialog box...
  66  $store->Add ($cert);
  67  
  68  exit 0;
  69  
  70  __END__
  71  
  72  =head1 NAME
  73  
  74  cert.pl - Add a certificate to a store
  75  
  76  =head1 SYNOPSIS
  77  
  78  cert.pl [options]
  79  
  80  Options (may be abbreviated):
  81  
  82   --help                 Display help and exit
  83   --add <filename>       Read cert from <filename> and add it to store
  84  
  85  =head1 DESCRIPTION
  86  
  87  This script manipulates Windows certificate stores.
  88  
  89  The "--add <filename>" option reads a certificate from a .cer or .pfx
  90  file and adds it to the root CA store for the local system.  (There is
  91  no option to set the store's location or name.  Someday...)
  92  
  93  =head1 SEE ALSO
  94  
  95  C<http://msdn.microsoft.com/library/en-us/security/security/store.asp>