Check if string is X509Store path or PFX file

Question

I need to check if a string is a certificate store (eg. "Cert:\\CurrentUser\\My" ) or a pfx file path (eg. "D:\\\\PFXfiles\\self-signed.pfx" )

Which method is better to use and why? What are the cons/pros for each? Is there a better method? Method 1:

if ($certLocation.ToUpper().Contains(".PFX"))
{
    #it's a .pfx file
}
else
{
    #it's a cert store
}

Method 2:

if ((Resolve-Path -LiteralPath $certLocation).Provider.Name -eq "FileSystem")
{
    #it's a .pfx file
}
elseif ((Resolve-Path -LiteralPath $certLocation).Provider.Name -eq "Certificate"
{
    #it's a cert store
}

Answer 1

I'd use Split-Path :

switch ((Split-Path $certLocation -Qualifier)) {
  'cert:' { 'cert store' }
  'c:'    { 'file path' }
  default { Write-Error "invalid provider: $_" }
}

Check the extension inside the 'file path' script block if required.

Answer 2

you should see magic number of file , I recommend to you use file command exist in linux and the programmer provide for windows see this link
see my example

C:\Program Files (x86)\GnuWin32\bin>file.exe c:\Users\soheil\Desktop\1.pfx
c:\Users\soheil\Desktop\1.pfx; data

C:\Program Files (x86)\GnuWin32\bin>file.exe c:\Users\soheil\Desktop\2.pfx
c:\Users\soheil\Desktop\2.pfx; empty

or like this

C:\Program Files (x86)\GnuWin32\bin>file.exe c:\a.txt
c:\a.txt; UTF-8 Unicode (with BOM) English text, with very long lines, with CRLF
 line terminators

first 1.pfx i create self sign with IIS
second 2.pfx i rename txt file to 2.pfx
if you want exactly understand what file is you should use file command for see magic number

Answer 3

To me, testing the string would be better because it's more efficient to just manipulate the string vs resolving the path, creating another object and then reading a property of on that object, but in reality it's not going to change anything. I'd do it a little differently though.

if ($certLocation.Split(":")[0] -like "cert") { 
    #it's a cert store
}
else {
    #it's a pfx
}

Answer 4

I'll chime in... If you are testing a string to see where the path lies use the Resolve-Path cmdlet, and select the Provider property.

$StringPath = "Cert:\CurrentUser\my","C:\Temp\fakecert.pfx"

Switch($StringPath){
    {(Resolve-Path $_|Select -Expand Provider).tostring() -eq "Microsoft.PowerShell.Security\Certificate"} {"$_ is in the Certificate Store";continue}
    {(Resolve-Path $_|Select -Expand Provider).tostring() -eq "Microsoft.PowerShell.Core\FileSystem"} {"$_ is in the File System"}
}

Cert:\CurrentUser\my is in the Certificate Store
C:\Temp\fakecert.pfx is in the File System

That way PowerShell will tell you who it used to resolve the path. This will throw errors if you provide invalid paths, but should give you accurate info as to where items are stored. Error catching could be added to catch invalid paths, but that's up to you.