Importar Certificados das Autoridades Certificadoras (ACs) da ICP-Brasil

Import-ICPBrasil-CertiticateAuthorities.ps1

#
# How to execute
# Using Windows
#	PowerShell -NoProfile -ExecutionPolicy Bypass -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://gist.githubusercontent.com/gblmarquez/0124ce6e20ffb7883ecc021673c48417/raw/a403721d0f0abe2a609e312d9d2f74af47dc6514'))"
#

function DownloadWithRetry([string] $Uri, [string] $OutFile, [int] $retries = 5) {
    while($true) {
        try {
            Invoke-WebRequest -Uri $Uri -OutFile $OutFile
            break
        }
        catch {
            $exceptionMessage = $_.Exception.Message
            Write-Host "Failed to download '$Uri': $exceptionMessage"
            if ($retries -gt 0) {
                $retries--
                Write-Host "Waiting 10 seconds before retrying. Retries left: $retries"
                Start-Sleep -Seconds 10
            }
            else {
                $exception = $_.Exception
                throw $exception
            }
        }
    }
}

Write-Output  ("Import Certificate Authorities from ICP-Brasil")

# URI Certificates ZIP
$urlZip = "http://acraiz.icpbrasil.gov.br/credenciadas/CertificadosAC-ICP-Brasil/ACcompactado.zip"
# URI SHA512 ZIP
$urlHash = "http://acraiz.icpbrasil.gov.br/credenciadas/CertificadosAC-ICP-Brasil/hashsha512.txt"
# Base folders
$outputBase = "$env:temp\CertsAC_ICPBrasil"

Write-Output  ("  CAZip       : $urlZip")
Write-Output  ("  CAZipSHA512 : $urlHash")
Write-Output  ("  TempFolder  : $outputBase")

$outputZip = "$outputBase.zip" # ZIP Certificates AC ICP Brasil
$outputHash = "$outputZip.hash" # SHA512 ZIP Certificates AC ICP Brasil

$Computername = $env:COMPUTERNAME
$StoreName = "Root"
$StoreLocation = "LocalMachine"
$start_time = Get-Date

Write-Output  ("    Downloading SHA512 for Zip '$urlHash'...")
DownloadWithRetry -Uri $urlHash -OutFile $outputHash

Write-Output  ("    Downloading Zip '$urlZip' to '$outputZip'...")
DownloadWithRetry -Uri $urlZip -OutFile $outputZip

Write-Output  ("    Computing SHA512 of '$outputZip'...")
$computedZipHash = (Get-FileHash -Algorithm SHA512 -Path $outputZip).Hash

Write-Output  ("    Reading expected SHA512 from '$outputHash'...")
$expectedZipHash = (Get-Content $outputHash).ToString().Split(' ')[0]

if ($computedZipHash -ne $expectedZipHash)
{
	Write-Output  ("    Computed Hash '$computedZipHash' is not same of '$expectedZipHash'")
	Break
}

Write-Output  ("    Expanding Zip to '$outputBase'...")
Expand-Archive -Force $outputZip -DestinationPath $outputBase

Write-Output  ("    Connecting to '\\$Computername' and X509Store '$StoreName\$StoreLocation'...")
$CertStore = New-Object System.Security.Cryptography.X509Certificates.X509Store -ArgumentList "\\$($Computername)\$($StoreName)", $StoreLocation
$CertStore.Open('ReadWrite')

Write-Output ("    Importing certificates from '$outputBase'...")
$Certificates = @(Get-ChildItem -Filter "*.c*" -Recurse -Force $outputBase)
$CertificatesTotal = $Certificates.Count
$CertificatesImported = 0

foreach ($Certificate in $Certificates) {
	try {
		Write-Progress -Activity "Importing Certificates" -Status "Loading $Certificate..." -PercentComplete (($CertificatesImported*100)/$CertificatesTotal);
		$CertificateObject = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($Certificate.FullName)
		
		Write-Progress -Activity "Importing Certificates" -Status "Importing $Certificate..." -PercentComplete (($CertificatesImported*100)/$CertificatesTotal);
		$CertStore.Add($CertificateObject)
		$CertificatesImported = $CertificatesImported + 1
	}
	catch {
		Write-Warning  "$($Computer): $_"
	}
}

$CertStore.Close()
Write-Output  ("Imported Certificate Authorities from ICP-Brasil in $((Get-Date).Subtract($start_time).Seconds) second(s)")