Goy*_*uix 6 c# vbscript powershell scripting batch-file
我需要每周下载并安装大约50个CRL,并将它们安装在多个Windows服务器上.下载是一个简单的部分,有没有办法编写CRL导入过程的脚本?
Goy*_*uix 12
这是我的最终来源(稍微为公众擦洗) - 但应该有效.我不会改变已接受的答案,但我希望这会有所帮助(就像提出问题和答案一样!).
注意:这会将CRL或常规证书导入LOCAL MACHINE受信任的根存储中.改变下面CERT_SYSTEM_STORE_LOCAL_MACHINE以CERT_SYSTEM_STORE_CURRENT_USER在呼叫CertOpenStore将改变它为当前用户存储工作.
using System;
using System.Collections.Generic;
using System.Text;
using System.Runtime.InteropServices;
namespace ConsoleApplication2
{
class Program
{
public struct CRYPTUI_WIZ_IMPORT_SRC_INFO
{
public Int32 dwSize;
public Int32 dwSubjectChoice;
[MarshalAs(UnmanagedType.LPWStr)]public String pwszFileName;
public Int32 dwFlags;
[MarshalAs(UnmanagedType.LPWStr)]public String pwszPassword;
}
[DllImport("CryptUI.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern Boolean CryptUIWizImport(
Int32 dwFlags,
IntPtr hwndParent,
IntPtr pwszWizardTitle,
ref CRYPTUI_WIZ_IMPORT_SRC_INFO pImportSrc,
IntPtr hDestCertStore
);
[DllImport("CRYPT32.DLL", CharSet = CharSet.Auto, SetLastError = true)]
public static extern IntPtr CertOpenStore(
int storeProvider,
int encodingType,
IntPtr hcryptProv,
int flags,
String pvPara
);
public const Int32 CRYPTUI_WIZ_IMPORT_SUBJECT_FILE = 1;
public const Int32 CRYPT_EXPORTABLE = 0x00000001;
public const Int32 CRYPT_USER_PROTECTED = 0x00000002;
public const Int32 CRYPTUI_WIZ_NO_UI = 0x0001;
private static int CERT_STORE_PROV_SYSTEM = 10;
private static int CERT_SYSTEM_STORE_CURRENT_USER = (1 << 16);
private static int CERT_SYSTEM_STORE_LOCAL_MACHINE = (2 << 16);
static void Main(string[] args)
{
if (args.Length != 1)
{
Console.WriteLine("Usage: certimp.exe list.crl");
Environment.ExitCode = 1;
}
else
{
IntPtr hLocalCertStore = CertOpenStore(
CERT_STORE_PROV_SYSTEM,
0,
IntPtr.Zero,
CERT_SYSTEM_STORE_LOCAL_MACHINE,
"ROOT"
);
CRYPTUI_WIZ_IMPORT_SRC_INFO importSrc = new CRYPTUI_WIZ_IMPORT_SRC_INFO();
importSrc.dwSize = Marshal.SizeOf(importSrc);
importSrc.dwSubjectChoice = CRYPTUI_WIZ_IMPORT_SUBJECT_FILE;
importSrc.pwszFileName = args[0];
importSrc.pwszPassword = null;
importSrc.dwFlags = CRYPT_EXPORTABLE | CRYPT_USER_PROTECTED;
if (!CryptUIWizImport(
CRYPTUI_WIZ_NO_UI,
IntPtr.Zero,
IntPtr.Zero,
ref importSrc,
hLocalCertStore
))
{
Console.WriteLine("CryptUIWizImport error " + Marshal.GetLastWin32Error());
Environment.ExitCode = -1;
}
}
}
}
}
我不知道通过脚本来做到这一点的方法。你会写C代码吗?如果我明白你想做什么,你将使用CryptUiWizImport函数和CRYPTUI_WIZ_IMPORT_SRC_INFO结构。
这是安装 Cert 的代码示例;相应的CRL导入类似。
附录:
这篇文章指出 Win32 API(例如 CryptUiWizImport)无法从 PowerShell 直接访问,然后描述了一种可能的解决方法:从 PowerShell 脚本中动态生成并编译执行 P/Invoke 操作的 C# 代码,然后运行生成的程序集。这将允许您严格从 powershell 脚本执行 CryptUiWizImport,尽管这将是一个非常奇特的脚本。