Merge pull request Micke-K#86 from cstaubli/master

Find certificate by thumbprint in store
dobrien23 · Sep 4, 2022 · 9c9e46d · 9c9e46d
2 parents 4d3d8a3 + e980b41
commit 9c9e46d
Showing 1 changed file with 20 additions and 1 deletion.
diff --git a/Extensions/MSALAuthentication.psm1 b/Extensions/MSALAuthentication.psm1
@@ -573,7 +573,26 @@ function Connect-MSALClientApp
         }
         elseif($Certificate)
         {
-            $ClientApplicationBuilder = [Microsoft.Identity.Client.ConfidentialClientApplicationBuilder]::Create($clientId).WithCertificate($Certificate).WithAuthority([URI]::new($authority)) #.WithRedirectUri($redirectUri)
+            $f = [System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly
+            $cert = $null
+            # Try LocalMachine store first, if not found try also CurrentUser store
+            $store = New-Object System.Security.Cryptography.X509Certificates.X509Store("My", "LocalMachine")
+            $null = $store.Open($f)
+            $cert = $store.Certificates | Where-Object {$_.Thumbprint -eq $Certificate}
+            $null = $store.Close()
+            if($null -eq $cert)
+            {
+                $store = New-Object System.Security.Cryptography.X509Certificates.X509Store("My", "CurrentUser")
+                $null = $store.Open($f)
+                $cert = $store.Certificates | Where-Object {$_.Thumbprint -eq $Certificate}
+                $null = $store.Close()
+            }
+
+            if($null -eq $cert)
+            {
+                Write-LogError "Could not find a certificate with thumbprint '$($Certificate)' in LocalMachine or CurrentUser store"
+            }  
+            $ClientApplicationBuilder = [Microsoft.Identity.Client.ConfidentialClientApplicationBuilder]::Create($clientId).WithCertificate($cert).WithAuthority([URI]::new($authority)) #.WithRedirectUri($redirectUri)
         }
         else 
         {