diff --git a/Windows/SoftCertPolicyAppender/SoftCertPolicyAppender/SoftCertPolicyAppender/CertPolicyAppender.cs b/Windows/SoftCertPolicyAppender/SoftCertPolicyAppender/SoftCertPolicyAppender/CertPolicyAppender.cs
index d81e395d48fb6220ab8eb8ea6274f99134205f35..05532ae56616936599734e988f0a701380ff6239 100644
--- a/Windows/SoftCertPolicyAppender/SoftCertPolicyAppender/SoftCertPolicyAppender/CertPolicyAppender.cs
+++ b/Windows/SoftCertPolicyAppender/SoftCertPolicyAppender/SoftCertPolicyAppender/CertPolicyAppender.cs
@@ -9,23 +9,23 @@ namespace SoftCertPolicyAppender
{
public class CertPolicyAppender
{
- private X509Certificate2 _cert;
-
public void Load(string certFile)
{
var cert = new X509Certificate2();
cert.Import(certFile);
- _cert = cert;
+ Certificate = cert;
}
+ public X509Certificate2 Certificate { get; private set; }
+
/// <summary>
/// æž„é€ å†™å†™å…¥æ³¨å†Œè¡¨çš„è¯ä¹¦æ•°æ®
/// </summary>
/// <returns></returns>
private byte[] CalcRegCertData()
{
- var cert = _cert;
+ var cert = Certificate;
var thumbprintData = cert.Thumbprint.HexString2Bytes().ToArray();
var rtn = new List<byte>();
@@ -58,7 +58,7 @@ namespace SoftCertPolicyAppender
/// <returns></returns>
public void WriteRegisty()
{
- var cer = _cert;
+ var cer = Certificate;
const string keyPath = @"Software\Microsoft\Windows\CurrentVersion\Group Policy Objects";
var rk = RegistryKey.OpenBaseKey(RegistryHive.CurrentUser, RegistryView.Default);
var srk = rk.OpenSubKey(keyPath);
@@ -85,13 +85,46 @@ namespace SoftCertPolicyAppender
}
+ /// <summary>
+ /// 写入注册表项
+ /// </summary>
+ /// <returns></returns>
+ public void RemoveRegisty()
+ {
+ var cer = Certificate;
+ const string keyPath = @"Software\Microsoft\Windows\CurrentVersion\Group Policy Objects";
+ var rk = RegistryKey.OpenBaseKey(RegistryHive.CurrentUser, RegistryView.Default);
+ var srk = rk.OpenSubKey(keyPath);
+ if (srk == null)
+ {
+ throw new ApplicationException("æ— æ³•æ‰“å¼€æ³¨å†Œè¡¨é¡¹:" + keyPath);
+ }
+ var certKeys = srk.GetSubKeyNames()
+ .Where(x => x.EndsWith("Machine"))
+ .Select(
+ x =>
+ string.Format(
+ "{0}\\{1}\\Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\Certificates\\{2}",
+ keyPath, x, cer.Thumbprint))
+ //.Where(x => rk.OpenSubKey(x) == null)
+ .ToList();
+
+ foreach (var certKey in certKeys)
+ {
+ rk.DeleteSubKey(certKey);
+ }
+
+ }
+
+
+
/// <summary>
/// æ·»åŠ è¯ä¹¦ç»„ç–ç•¥
/// </summary>
/// <remarks>引用组件æ¥è‡ª:https://bitbucket.org/MartinEden/local-policy/overview </remarks>
public void AddCertPolicy()
{
- var cert = _cert;
+ var cert = Certificate;
var gpo = new ComputerGroupPolicyObject();
var keyPath = string.Format("Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\Certificates\\{0}", cert.Thumbprint);
@@ -105,6 +138,21 @@ namespace SoftCertPolicyAppender
gpo.Save();
}
+
+
+ public void RemoveCertPolicy()
+ {
+ var cert = Certificate;
+
+ var gpo = new ComputerGroupPolicyObject();
+ var keyPath = string.Format("Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\Certificates\\{0}", cert.Thumbprint);
+ using (var machine = gpo.GetRootRegistryKey(GroupPolicySection.Machine))
+ {
+ machine.DeleteSubKey(keyPath);
+ }
+ gpo.Save();
+
+ }
}
diff --git a/Windows/SoftCertPolicyAppender/SoftCertPolicyAppender/SoftCertPolicyAppender/Program.cs b/Windows/SoftCertPolicyAppender/SoftCertPolicyAppender/SoftCertPolicyAppender/Program.cs
index f2d33d6dced02cb6e9389481eebbbdb25d15c0d4..b3e09d09ee9ead96c76ae31c52395a05885b0f45 100644
--- a/Windows/SoftCertPolicyAppender/SoftCertPolicyAppender/SoftCertPolicyAppender/Program.cs
+++ b/Windows/SoftCertPolicyAppender/SoftCertPolicyAppender/SoftCertPolicyAppender/Program.cs
@@ -8,17 +8,32 @@ namespace SoftCertPolicyAppender
[STAThread]
static void Main(string[] args)
{
-
+ var flag = 0;
var cers = args.Where(x => x.EndsWith(".cer") || x.EndsWith(".crt") || x.EndsWith(".pem"));
-
+ if (args.Contains("-r"))
+ {
+ flag = 1;
+ }
foreach (var s in cers)
{
try
{
var appdender = new CertPolicyAppender();
appdender.Load(s);
- appdender.WriteRegisty();
- appdender.AddCertPolicy();
+ switch (flag)
+ {
+ case 0:
+ appdender.WriteRegisty();
+ appdender.AddCertPolicy();
+ Console.WriteLine("Add cert policy for {0}",appdender.Certificate.Thumbprint);
+ break;
+ case 1:
+ appdender.RemoveRegisty();
+ appdender.RemoveCertPolicy();
+ Console.WriteLine("Remove cert policy for {0}", appdender.Certificate.Thumbprint);
+ break;
+ }
+
}
catch (Exception e)
{
@@ -28,7 +43,7 @@ namespace SoftCertPolicyAppender
}
}
Console.ForegroundColor = ConsoleColor.Green;
- Console.WriteLine("Success!");
+ Console.WriteLine("All Success!");
Console.ResetColor();
}
}