generated from MrSphay/codex-agent-repository-kit
347 lines
13 KiB
PowerShell
347 lines
13 KiB
PowerShell
[CmdletBinding()]
|
|
param()
|
|
|
|
$ErrorActionPreference = "Stop"
|
|
|
|
Add-Type -AssemblyName System.Windows.Forms
|
|
Add-Type -AssemblyName System.Drawing
|
|
|
|
$script:RootPath = Split-Path -Parent (Split-Path -Parent $MyInvocation.MyCommand.Path)
|
|
$script:RootCertificatePath = Join-Path $script:RootPath "assets\certificates\MrSphay-LocalTrust-Root.cer"
|
|
$script:PublisherCertificatePath = Join-Path $script:RootPath "assets\certificates\MrSphay-CodeSigning.cer"
|
|
$script:IconPath = Join-Path $script:RootPath "assets\MrTrust.ico"
|
|
|
|
function Test-IsAdministrator {
|
|
$identity = [Security.Principal.WindowsIdentity]::GetCurrent()
|
|
$principal = [Security.Principal.WindowsPrincipal]::new($identity)
|
|
$principal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
|
|
}
|
|
|
|
function Get-MrTrustCertificate {
|
|
param([Parameter(Mandatory)][string]$Path)
|
|
|
|
if (-not (Test-Path -LiteralPath $Path)) {
|
|
throw "Certificate file not found: $Path"
|
|
}
|
|
|
|
[System.Security.Cryptography.X509Certificates.X509Certificate2]::new($Path)
|
|
}
|
|
|
|
function Get-TrustScope {
|
|
if ($script:AllUsersCheckBox.Checked) {
|
|
"LocalMachine"
|
|
}
|
|
else {
|
|
"CurrentUser"
|
|
}
|
|
}
|
|
|
|
function Get-StorePath {
|
|
param(
|
|
[Parameter(Mandatory)][string]$Scope,
|
|
[Parameter(Mandatory)][string]$Store
|
|
)
|
|
|
|
"Cert:\$Scope\$Store"
|
|
}
|
|
|
|
function Test-CertificateInstalled {
|
|
param(
|
|
[Parameter(Mandatory)]$Certificate,
|
|
[Parameter(Mandatory)][string]$Scope,
|
|
[Parameter(Mandatory)][string]$Store
|
|
)
|
|
|
|
$storePath = Get-StorePath -Scope $Scope -Store $Store
|
|
@(Get-ChildItem -Path $storePath | Where-Object Thumbprint -eq $Certificate.Thumbprint).Count -gt 0
|
|
}
|
|
|
|
function Set-StatusText {
|
|
param([Parameter(Mandatory)][string]$Text)
|
|
|
|
$script:StatusLabel.Text = $Text
|
|
}
|
|
|
|
function Refresh-MrTrustStatus {
|
|
try {
|
|
$rootCertificate = Get-MrTrustCertificate -Path $script:RootCertificatePath
|
|
$publisherCertificate = Get-MrTrustCertificate -Path $script:PublisherCertificatePath
|
|
$scope = Get-TrustScope
|
|
|
|
$rootInstalled = Test-CertificateInstalled -Certificate $rootCertificate -Scope $scope -Store "Root"
|
|
$publisherInstalled = Test-CertificateInstalled -Certificate $publisherCertificate -Scope $scope -Store "TrustedPublisher"
|
|
|
|
$script:RootThumbprintLabel.Text = $rootCertificate.Thumbprint
|
|
$script:PublisherThumbprintLabel.Text = $publisherCertificate.Thumbprint
|
|
$script:ExpiryLabel.Text = $rootCertificate.NotAfter.ToString("yyyy-MM-dd")
|
|
|
|
if ($rootInstalled -and $publisherInstalled) {
|
|
Set-StatusText "Trusted"
|
|
$script:StatusPill.BackColor = [Drawing.Color]::FromArgb(28, 185, 111)
|
|
}
|
|
else {
|
|
Set-StatusText "Not installed"
|
|
$script:StatusPill.BackColor = [Drawing.Color]::FromArgb(242, 153, 74)
|
|
}
|
|
}
|
|
catch {
|
|
Set-StatusText $_.Exception.Message
|
|
$script:StatusPill.BackColor = [Drawing.Color]::FromArgb(235, 87, 87)
|
|
}
|
|
}
|
|
|
|
function Install-MrTrustCertificates {
|
|
$scope = Get-TrustScope
|
|
if ($scope -eq "LocalMachine" -and -not (Test-IsAdministrator)) {
|
|
[Windows.Forms.MessageBox]::Show(
|
|
"All-users trust requires running PowerShell as Administrator.",
|
|
"MrTrust",
|
|
[Windows.Forms.MessageBoxButtons]::OK,
|
|
[Windows.Forms.MessageBoxIcon]::Warning
|
|
) | Out-Null
|
|
return
|
|
}
|
|
|
|
$rootCertificate = Get-MrTrustCertificate -Path $script:RootCertificatePath
|
|
$publisherCertificate = Get-MrTrustCertificate -Path $script:PublisherCertificatePath
|
|
|
|
$message = "Install MrSphay trust for $scope?`r`n`r`nRoot:`r`n$($rootCertificate.Thumbprint)`r`n`r`nPublisher:`r`n$($publisherCertificate.Thumbprint)`r`n`r`nOnly continue if you trust software signed by MrSphay."
|
|
$result = [Windows.Forms.MessageBox]::Show(
|
|
$message,
|
|
"Install MrTrust",
|
|
[Windows.Forms.MessageBoxButtons]::YesNo,
|
|
[Windows.Forms.MessageBoxIcon]::Warning
|
|
)
|
|
|
|
if ($result -ne [Windows.Forms.DialogResult]::Yes) {
|
|
return
|
|
}
|
|
|
|
Import-Certificate -FilePath $script:RootCertificatePath -CertStoreLocation (Get-StorePath -Scope $scope -Store "Root") | Out-Null
|
|
Import-Certificate -FilePath $script:PublisherCertificatePath -CertStoreLocation (Get-StorePath -Scope $scope -Store "TrustedPublisher") | Out-Null
|
|
Refresh-MrTrustStatus
|
|
}
|
|
|
|
function Remove-MrTrustCertificates {
|
|
$scope = Get-TrustScope
|
|
if ($scope -eq "LocalMachine" -and -not (Test-IsAdministrator)) {
|
|
[Windows.Forms.MessageBox]::Show(
|
|
"All-users removal requires running PowerShell as Administrator.",
|
|
"MrTrust",
|
|
[Windows.Forms.MessageBoxButtons]::OK,
|
|
[Windows.Forms.MessageBoxIcon]::Warning
|
|
) | Out-Null
|
|
return
|
|
}
|
|
|
|
$rootCertificate = Get-MrTrustCertificate -Path $script:RootCertificatePath
|
|
$publisherCertificate = Get-MrTrustCertificate -Path $script:PublisherCertificatePath
|
|
$result = [Windows.Forms.MessageBox]::Show(
|
|
"Remove MrSphay trust for $scope?",
|
|
"Remove MrTrust",
|
|
[Windows.Forms.MessageBoxButtons]::YesNo,
|
|
[Windows.Forms.MessageBoxIcon]::Question
|
|
)
|
|
|
|
if ($result -ne [Windows.Forms.DialogResult]::Yes) {
|
|
return
|
|
}
|
|
|
|
$targets = @(
|
|
[pscustomobject]@{ Store = "Root"; Thumbprint = $rootCertificate.Thumbprint },
|
|
[pscustomobject]@{ Store = "TrustedPublisher"; Thumbprint = $publisherCertificate.Thumbprint }
|
|
)
|
|
|
|
foreach ($target in $targets) {
|
|
$storePath = Get-StorePath -Scope $scope -Store $target.Store
|
|
Get-ChildItem -Path $storePath |
|
|
Where-Object Thumbprint -eq $target.Thumbprint |
|
|
Remove-Item
|
|
}
|
|
|
|
Refresh-MrTrustStatus
|
|
}
|
|
|
|
[Windows.Forms.Application]::EnableVisualStyles()
|
|
|
|
$form = [Windows.Forms.Form]::new()
|
|
$form.Text = "MrTrust"
|
|
$form.StartPosition = "CenterScreen"
|
|
$form.ClientSize = [Drawing.Size]::new(900, 560)
|
|
$form.MinimumSize = [Drawing.Size]::new(860, 540)
|
|
$form.BackColor = [Drawing.Color]::FromArgb(22, 26, 29)
|
|
$form.Font = [Drawing.Font]::new("Segoe UI", 10)
|
|
if (Test-Path -LiteralPath $script:IconPath) {
|
|
$form.Icon = [Drawing.Icon]::new($script:IconPath)
|
|
}
|
|
|
|
$header = [Windows.Forms.Panel]::new()
|
|
$header.Dock = "Top"
|
|
$header.Height = 124
|
|
$header.BackColor = [Drawing.Color]::FromArgb(27, 32, 35)
|
|
$form.Controls.Add($header)
|
|
|
|
$accent = [Windows.Forms.Panel]::new()
|
|
$accent.Dock = "Left"
|
|
$accent.Width = 8
|
|
$accent.BackColor = [Drawing.Color]::FromArgb(28, 185, 111)
|
|
$header.Controls.Add($accent)
|
|
|
|
$logoBox = [Windows.Forms.PictureBox]::new()
|
|
$logoBox.Size = [Drawing.Size]::new(44, 44)
|
|
$logoBox.Location = [Drawing.Point]::new(34, 30)
|
|
$logoBox.SizeMode = "StretchImage"
|
|
if (Test-Path -LiteralPath $script:IconPath) {
|
|
$logoBox.Image = [Drawing.Icon]::new($script:IconPath).ToBitmap()
|
|
}
|
|
$header.Controls.Add($logoBox)
|
|
|
|
$title = [Windows.Forms.Label]::new()
|
|
$title.Text = "MrTrust"
|
|
$title.ForeColor = [Drawing.Color]::White
|
|
$title.Font = [Drawing.Font]::new("Segoe UI", 24, [Drawing.FontStyle]::Bold)
|
|
$title.AutoSize = $true
|
|
$title.Location = [Drawing.Point]::new(92, 24)
|
|
$header.Controls.Add($title)
|
|
|
|
$subtitle = [Windows.Forms.Label]::new()
|
|
$subtitle.Text = "Trust setup for MrSphay signed Windows apps"
|
|
$subtitle.ForeColor = [Drawing.Color]::FromArgb(177, 190, 183)
|
|
$subtitle.AutoSize = $true
|
|
$subtitle.Location = [Drawing.Point]::new(96, 74)
|
|
$header.Controls.Add($subtitle)
|
|
|
|
$statusText = [Windows.Forms.Label]::new()
|
|
$statusText.Text = "Status"
|
|
$statusText.ForeColor = [Drawing.Color]::FromArgb(177, 190, 183)
|
|
$statusText.AutoSize = $true
|
|
$statusText.Location = [Drawing.Point]::new(646, 32)
|
|
$header.Controls.Add($statusText)
|
|
|
|
$script:StatusPill = [Windows.Forms.Panel]::new()
|
|
$script:StatusPill.Size = [Drawing.Size]::new(16, 16)
|
|
$script:StatusPill.Location = [Drawing.Point]::new(646, 62)
|
|
$script:StatusPill.BackColor = [Drawing.Color]::FromArgb(242, 153, 74)
|
|
$header.Controls.Add($script:StatusPill)
|
|
|
|
$script:StatusLabel = [Windows.Forms.Label]::new()
|
|
$script:StatusLabel.Text = "Checking..."
|
|
$script:StatusLabel.ForeColor = [Drawing.Color]::FromArgb(225, 231, 227)
|
|
$script:StatusLabel.AutoSize = $false
|
|
$script:StatusLabel.AutoEllipsis = $true
|
|
$script:StatusLabel.Location = [Drawing.Point]::new(674, 57)
|
|
$script:StatusLabel.Size = [Drawing.Size]::new(190, 28)
|
|
$header.Controls.Add($script:StatusLabel)
|
|
|
|
$content = [Windows.Forms.Panel]::new()
|
|
$content.Dock = "Fill"
|
|
$content.Padding = [Windows.Forms.Padding]::new(30)
|
|
$content.BackColor = [Drawing.Color]::FromArgb(22, 26, 29)
|
|
$form.Controls.Add($content)
|
|
|
|
$infoPanel = [Windows.Forms.Panel]::new()
|
|
$infoPanel.BackColor = [Drawing.Color]::FromArgb(31, 37, 40)
|
|
$infoPanel.Size = [Drawing.Size]::new(820, 226)
|
|
$infoPanel.Location = [Drawing.Point]::new(40, 34)
|
|
$content.Controls.Add($infoPanel)
|
|
|
|
$scopeLabel = [Windows.Forms.Label]::new()
|
|
$scopeLabel.Text = "Scope"
|
|
$scopeLabel.ForeColor = [Drawing.Color]::FromArgb(177, 190, 183)
|
|
$scopeLabel.Location = [Drawing.Point]::new(24, 24)
|
|
$scopeLabel.AutoSize = $true
|
|
$infoPanel.Controls.Add($scopeLabel)
|
|
|
|
$script:AllUsersCheckBox = [Windows.Forms.CheckBox]::new()
|
|
$script:AllUsersCheckBox.Text = "Install for all users (requires Administrator)"
|
|
$script:AllUsersCheckBox.ForeColor = [Drawing.Color]::FromArgb(225, 231, 227)
|
|
$script:AllUsersCheckBox.Location = [Drawing.Point]::new(24, 50)
|
|
$script:AllUsersCheckBox.AutoSize = $true
|
|
$script:AllUsersCheckBox.FlatStyle = "Flat"
|
|
$script:AllUsersCheckBox.Add_CheckedChanged({ Refresh-MrTrustStatus })
|
|
$infoPanel.Controls.Add($script:AllUsersCheckBox)
|
|
|
|
$rootLabel = [Windows.Forms.Label]::new()
|
|
$rootLabel.Text = "Root thumbprint"
|
|
$rootLabel.ForeColor = [Drawing.Color]::FromArgb(177, 190, 183)
|
|
$rootLabel.Location = [Drawing.Point]::new(24, 92)
|
|
$rootLabel.AutoSize = $true
|
|
$infoPanel.Controls.Add($rootLabel)
|
|
|
|
$script:RootThumbprintLabel = [Windows.Forms.Label]::new()
|
|
$script:RootThumbprintLabel.Text = "-"
|
|
$script:RootThumbprintLabel.ForeColor = [Drawing.Color]::FromArgb(225, 231, 227)
|
|
$script:RootThumbprintLabel.Font = [Drawing.Font]::new("Consolas", 9)
|
|
$script:RootThumbprintLabel.Location = [Drawing.Point]::new(180, 92)
|
|
$script:RootThumbprintLabel.AutoSize = $true
|
|
$infoPanel.Controls.Add($script:RootThumbprintLabel)
|
|
|
|
$publisherLabel = [Windows.Forms.Label]::new()
|
|
$publisherLabel.Text = "Publisher thumbprint"
|
|
$publisherLabel.ForeColor = [Drawing.Color]::FromArgb(177, 190, 183)
|
|
$publisherLabel.Location = [Drawing.Point]::new(24, 128)
|
|
$publisherLabel.AutoSize = $true
|
|
$infoPanel.Controls.Add($publisherLabel)
|
|
|
|
$script:PublisherThumbprintLabel = [Windows.Forms.Label]::new()
|
|
$script:PublisherThumbprintLabel.Text = "-"
|
|
$script:PublisherThumbprintLabel.ForeColor = [Drawing.Color]::FromArgb(225, 231, 227)
|
|
$script:PublisherThumbprintLabel.Font = [Drawing.Font]::new("Consolas", 9)
|
|
$script:PublisherThumbprintLabel.Location = [Drawing.Point]::new(180, 128)
|
|
$script:PublisherThumbprintLabel.AutoSize = $true
|
|
$infoPanel.Controls.Add($script:PublisherThumbprintLabel)
|
|
|
|
$expiryLabelTitle = [Windows.Forms.Label]::new()
|
|
$expiryLabelTitle.Text = "Expires"
|
|
$expiryLabelTitle.ForeColor = [Drawing.Color]::FromArgb(177, 190, 183)
|
|
$expiryLabelTitle.Location = [Drawing.Point]::new(24, 164)
|
|
$expiryLabelTitle.AutoSize = $true
|
|
$infoPanel.Controls.Add($expiryLabelTitle)
|
|
|
|
$script:ExpiryLabel = [Windows.Forms.Label]::new()
|
|
$script:ExpiryLabel.Text = "-"
|
|
$script:ExpiryLabel.ForeColor = [Drawing.Color]::FromArgb(225, 231, 227)
|
|
$script:ExpiryLabel.Location = [Drawing.Point]::new(180, 164)
|
|
$script:ExpiryLabel.AutoSize = $true
|
|
$infoPanel.Controls.Add($script:ExpiryLabel)
|
|
|
|
$installButton = [Windows.Forms.Button]::new()
|
|
$installButton.Text = "Install trust"
|
|
$installButton.BackColor = [Drawing.Color]::FromArgb(28, 185, 111)
|
|
$installButton.ForeColor = [Drawing.Color]::White
|
|
$installButton.FlatStyle = "Flat"
|
|
$installButton.Size = [Drawing.Size]::new(180, 46)
|
|
$installButton.Location = [Drawing.Point]::new(40, 292)
|
|
$installButton.Add_Click({ Install-MrTrustCertificates })
|
|
$content.Controls.Add($installButton)
|
|
|
|
$removeButton = [Windows.Forms.Button]::new()
|
|
$removeButton.Text = "Remove trust"
|
|
$removeButton.BackColor = [Drawing.Color]::FromArgb(44, 52, 56)
|
|
$removeButton.ForeColor = [Drawing.Color]::FromArgb(225, 231, 227)
|
|
$removeButton.FlatStyle = "Flat"
|
|
$removeButton.Size = [Drawing.Size]::new(180, 46)
|
|
$removeButton.Location = [Drawing.Point]::new(240, 292)
|
|
$removeButton.Add_Click({ Remove-MrTrustCertificates })
|
|
$content.Controls.Add($removeButton)
|
|
|
|
$refreshButton = [Windows.Forms.Button]::new()
|
|
$refreshButton.Text = "Refresh"
|
|
$refreshButton.BackColor = [Drawing.Color]::FromArgb(44, 52, 56)
|
|
$refreshButton.ForeColor = [Drawing.Color]::FromArgb(225, 231, 227)
|
|
$refreshButton.FlatStyle = "Flat"
|
|
$refreshButton.Size = [Drawing.Size]::new(140, 46)
|
|
$refreshButton.Location = [Drawing.Point]::new(440, 292)
|
|
$refreshButton.Add_Click({ Refresh-MrTrustStatus })
|
|
$content.Controls.Add($refreshButton)
|
|
|
|
$note = [Windows.Forms.Label]::new()
|
|
$note.Text = "MrTrust installs public certificates only. It does not disable Defender, SmartScreen, UAC, or enterprise policies."
|
|
$note.ForeColor = [Drawing.Color]::FromArgb(177, 190, 183)
|
|
$note.Location = [Drawing.Point]::new(40, 376)
|
|
$note.Size = [Drawing.Size]::new(820, 48)
|
|
$content.Controls.Add($note)
|
|
|
|
$form.Add_Shown({ Refresh-MrTrustStatus })
|
|
[Windows.Forms.Application]::Run($form)
|