Outlook_Addin_LLM/node_modules/office-addin-dev-certs/scripts/verify.ps1

Param (
    [Parameter(Mandatory=$true)]
    [ValidateNotNullOrEmpty()]
    [string]
    $CaCertificateName,

    [Parameter(Mandatory=$true)]
    [ValidateNotNullOrEmpty()]
    [string]
    $CaCertificatePath,

    [Parameter(Mandatory=$true)]
    [ValidateNotNullOrEmpty()]
    [string]
    $LocalhostCertificatePath,

    [Parameter(Mandatory = $false)]
    [ValidateNotNullOrEmpty()]
    [string]
    $OutputMarker,

    [switch]
    $ReturnInvalidCertificate
)

# An optional output marker that can be used to find the beginning of this script's output
if ($OutputMarker) {
    Write-Output $OutputMarker
}

# Without this, the script always succeeds (exit code = 0)
$ErrorActionPreference = 'Stop'

if ($PSVersionTable.PSVersion.Major -le 5) {
    # The following line is required in case pwsh is one of the parent callers
    # because the changes it makes to PSModulePath are not backward compatible with Windows powershell.
    $env:PSModulePath = [Environment]::GetEnvironmentVariable('PSModulePath', 'Machine')
}

if(Get-Command -name Import-Certificate -ErrorAction SilentlyContinue){
    $result = Get-ChildItem cert:\\CurrentUser\\Root | Where-Object Issuer -like "*CN=$CaCertificateName*"
    if (!$ReturnInvalidCertificate) {
        $result = $result | Where-Object { $_.NotAfter -gt (Get-Date).AddDays(1) }
        if ($result -and ($result.Length -eq 1) -and (Test-Path $CaCertificatePath) -and (Test-Path $LocalhostCertificatePath)) {
            # Check that CA certificate in store is the same as ca.crt
            $caCert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($CaCertificatePath)
            $caThumbprint = $caCert.Thumbprint

            $result = $result | Where-Object Thumbprint -eq $caThumbprint

            if ($result) {
                # Check that it matches the issuer of localhost.crt
                $localhostCert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($LocalhostCertificatePath)

                $localhostChain = [System.Security.Cryptography.X509Certificates.X509Chain]::new()
                $localhostChain.Build($localhostCert) | Out-Null
                $localhostTrustedIssuer = $localhostChain.ChainElements.Certificate | Where-Object { $_.Subject -eq $localhostCert.Issuer -and $_.Thumbprint -eq $caThumbprint }
                if (!$localhostTrustedIssuer) {
                    $result = $null
                }
            }
        }
        else {
            $result = $null
        }
    }

    $result | Format-List
}
else{
    # Legacy system support
    Get-ChildItem cert:\\CurrentUser\\Root | Where-Object { $_.Subject -like "*CN=$CaCertificateName*"} | Where-Object { $_.NotAfter -gt (Get-Date).AddDays(1) } | Format-List
}
First version with simple frontend and Compose Email by AI 2024-11-29 21:36:41 +01:00			`Param (`
			`[Parameter(Mandatory=$true)]`
			`[ValidateNotNullOrEmpty()]`
			`[string]`
			`$CaCertificateName,`

			`[Parameter(Mandatory=$true)]`
			`[ValidateNotNullOrEmpty()]`
			`[string]`
			`$CaCertificatePath,`

			`[Parameter(Mandatory=$true)]`
			`[ValidateNotNullOrEmpty()]`
			`[string]`
			`$LocalhostCertificatePath,`

			`[Parameter(Mandatory = $false)]`
			`[ValidateNotNullOrEmpty()]`
			`[string]`
			`$OutputMarker,`

			`[switch]`
			`$ReturnInvalidCertificate`
			`)`

			`# An optional output marker that can be used to find the beginning of this script's output`
			`if ($OutputMarker) {`
			`Write-Output $OutputMarker`
			`}`

			`# Without this, the script always succeeds (exit code = 0)`
			`$ErrorActionPreference = 'Stop'`

			`if ($PSVersionTable.PSVersion.Major -le 5) {`
			`# The following line is required in case pwsh is one of the parent callers`
			`# because the changes it makes to PSModulePath are not backward compatible with Windows powershell.`
			`$env:PSModulePath = [Environment]::GetEnvironmentVariable('PSModulePath', 'Machine')`
			`}`

			`if(Get-Command -name Import-Certificate -ErrorAction SilentlyContinue){`
			`$result = Get-ChildItem cert:\\CurrentUser\\Root \| Where-Object Issuer -like "CN=$CaCertificateName"`
			`if (!$ReturnInvalidCertificate) {`
			`$result = $result \| Where-Object { $_.NotAfter -gt (Get-Date).AddDays(1) }`
			`if ($result -and ($result.Length -eq 1) -and (Test-Path $CaCertificatePath) -and (Test-Path $LocalhostCertificatePath)) {`
			`# Check that CA certificate in store is the same as ca.crt`
			`$caCert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($CaCertificatePath)`
			`$caThumbprint = $caCert.Thumbprint`

			`$result = $result \| Where-Object Thumbprint -eq $caThumbprint`

			`if ($result) {`
			`# Check that it matches the issuer of localhost.crt`
			`$localhostCert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($LocalhostCertificatePath)`

			`$localhostChain = [System.Security.Cryptography.X509Certificates.X509Chain]::new()`
			`$localhostChain.Build($localhostCert) \| Out-Null`
			`$localhostTrustedIssuer = $localhostChain.ChainElements.Certificate \| Where-Object { $_.Subject -eq $localhostCert.Issuer -and $_.Thumbprint -eq $caThumbprint }`
			`if (!$localhostTrustedIssuer) {`
			`$result = $null`
			`}`
			`}`
			`}`
			`else {`
			`$result = $null`
			`}`
			`}`

			`$result \| Format-List`
			`}`
			`else{`
			`# Legacy system support`
			`Get-ChildItem cert:\\CurrentUser\\Root \| Where-Object { $_.Subject -like "CN=$CaCertificateName"} \| Where-Object { $_.NotAfter -gt (Get-Date).AddDays(1) } \| Format-List`
			`}`