PowerNets.psm1
|
function Find-Certificate { param ( [string]$Email ) $ldapconnection = Get-LdapConnection -LdapServer "crtdir.certifikat.dk" -Port 389 -AuthType Anonymous #.net object for handling bytearray to windows cert object $Certobject = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $certificatestring = $Email.Trim() try { $cn = Find-LDAPObject -LdapConnection $ldapconnection -searchFilter:"(mail=$certificatestring)" -searchBase:"c=DK" -searchScope Subtree if ($null -eq $cn) { Write-Error "No certificate found" -ErrorAction Stop } #if the returned array is longer than 1, we have multiple certificates elseif ($cn.Length -gt 1) { $customobject = @() foreach ($c in $cn) { $ldapcert = Find-LDAPObject -LdapConnection $ldapconnection -searchFilter:"(ObjectClass=*)" -searchBase $c -searchScope Base -RangeSize 0 -PropertiesToLoad:@("userCertificate;binary") -BinaryProperties:@("userCertificate;binary") $certificatebinary = $ldapcert."userCertificate;binary" #put binary data into .net certficate object. $Certobject.Import($certificatebinary) $decimalserial = [convert]::ToInt64($certobject.SerialNumber,16) $extensions = $Certobject.Extensions $asnarray = @() foreach ($e in $extensions) { $asn = New-Object -TypeName System.Security.Cryptography.AsnEncodedData($e.oid, $e.rawdata) $asnformatted= $asn.Format($true) $asnarray += @{$asn.Oid.Value=$asnformatted;FriendlyName=$asn.Oid.FriendlyName} } $mail = ((($asnarray."2.5.29.17") -replace "`r`n","").Split('='))[1] #check to see if certifcate has expired $expired = "" if($Certobject.NotAfter -lt (Get-Date)){ $expired = $true } else{ $expired = $false } $customobject += New-Object psobject -Property @{RawCertificate=$certificatebinary;Mail=$mail;Name=$Certobject.Subject;Created=$Certobject.NotBefore;Expires=$Certobject.NotAfter;SerialNumberDecimal=$decimalserial;SerialNumberHex=$Certobject.SerialNumber;Expired=$expired;Extensions=$extensions} } return $customobject } #else we have one certificate possibly valid certificate else { #we proceed to get the binary data from the ldap connection $ldapcert = Find-LDAPObject -LdapConnection $ldapconnection -searchFilter:"(ObjectClass=*)" -searchBase $cn -searchScope Base -RangeSize 0 -PropertiesToLoad:@("userCertificate;binary") -BinaryProperties:@("userCertificate;binary") $certificatebinary = $ldapcert."userCertificate;binary" #put binary data into .net certficate object. $Certobject.Import($certificatebinary) $decimalserial = [convert]::ToInt64($certobject.SerialNumber,16) $extensions = $Certobject.Extensions $asnarray = @() foreach ($e in $extensions) { $asn = New-Object -TypeName System.Security.Cryptography.AsnEncodedData($e.oid, $e.rawdata) $asnformatted= $asn.Format($true) $asnarray += @{$asn.Oid.Value=$asnformatted;FriendlyName=$asn.Oid.FriendlyName} } $mail = ((($asnarray."2.5.29.17") -replace "`r`n","").Split('='))[1] $customobject = @() #check to see if certifcate has expired $expired = "" if($Certobject.NotAfter -lt (Get-Date)){ $expired = $true } else{ $expired = $false } $customobject += New-Object psobject -Property @{RawCertificate=$certificatebinary;Mail=$mail;Name=$Certobject.Subject;Created=$Certobject.NotBefore;Expires=$Certobject.NotAfter;SerialNumberDecimal=$decimalserial;SerialNumberHex=$Certobject.SerialNumber;Expired=$expired;Extensions=$asnarray} return $customobject } } catch { if ($Error[0].Exception.InnerException.Message -like "*Den tilladte st*rrelse er overskredet*") { throw "More than five certificates found for this email" } else { throw "No certificate found" } } } |