Find certificate by thumbprint in store

2022-09-02 11:31:26 +02:00
parent 4d3d8a3060
commit e980b412d0
1 changed files with 20 additions and 1 deletions
--- a/Extensions/MSALAuthentication.psm1
+++ b/Extensions/MSALAuthentication.psm1
@@ -573,7 +573,26 @@ function Connect-MSALClientApp
        }
        elseif($Certificate)
        {
-            $ClientApplicationBuilder = [Microsoft.Identity.Client.ConfidentialClientApplicationBuilder]::Create($clientId).WithCertificate($Certificate).WithAuthority([URI]::new($authority)) #.WithRedirectUri($redirectUri)
+            $f = [System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly
+            $cert = $null
+            # Try LocalMachine store first, if not found try also CurrentUser store
+            $store = New-Object System.Security.Cryptography.X509Certificates.X509Store("My", "LocalMachine")
+            $null = $store.Open($f)
+            $cert = $store.Certificates | Where-Object {$_.Thumbprint -eq $Certificate}
+            $null = $store.Close()
+            if($null -eq $cert)
+            {
+                $store = New-Object System.Security.Cryptography.X509Certificates.X509Store("My", "CurrentUser")
+                $null = $store.Open($f)
+                $cert = $store.Certificates | Where-Object {$_.Thumbprint -eq $Certificate}
+                $null = $store.Close()
+            }
+
+            if($null -eq $cert)
+            {
+                Write-LogError "Could not find a certificate with thumbprint '$($Certificate)' in LocalMachine or CurrentUser store"
+            }  
+            $ClientApplicationBuilder = [Microsoft.Identity.Client.ConfidentialClientApplicationBuilder]::Create($clientId).WithCertificate($cert).WithAuthority([URI]::new($authority)) #.WithRedirectUri($redirectUri)
        }
        else 
        {