WS1AccessAdminAPI

0.2

Private/Get-X509Details.ps1

                                <#

@Source: https://raw.githubusercontent.com/darrenjrobinson/X509Details/master/X509Details.psm1 ©Darren Robinson

.SYNOPSIS

Decode an X509 Certificate and present it as a PowerShell Object.

Certificate PowerShell Object details updated to include the X509 Certificate time to expiry (timeToExpiry).

.DESCRIPTION

Decode an X509 Certificate and present it as a PowerShell Object.

Certificate PowerShell Object details updated to include the X509 Certificate time to expiry (timeToExpiry).

.PARAMETER cert

The X509 Certificate to decode and udpate with time to expiry

.INPUTS

Certificate from Pipeline 

.OUTPUTS

PowerShell Object

.SYNTAX

Get-X509Details(cert)

.EXAMPLE

PS> Get-X509Details('MIIDtzCCAp+gAwIBAgIQZpJpy9zmR........URpc0T9DzsUUfoHfbQ==')

or

PS> 'MIIDtzCCAp+gAwIBAgIQZpJpy9zmR........URpc0T9DzsUUfoHfbQ==' | Get-X509Details

or 

PS> Get-X509Details('@

                    -----BEGIN CERTIFICATE-----

                    MIIDtzCCAp

                    ........URpc0T9DzsUUfoHfbQ==

                    -----END CERTIFICATE-----

                    '@)

#>

function Get-X509Details {

    [cmdletbinding()]

    param(

        [Parameter(Mandatory = $true, ValueFromPipeline = $true, Position = 0)]

        [string]$cert

    )

    # Test textual encoding as per https://tools.ietf.org/html/rfc7468

    $verCertStart = "-----BEGIN CERTIFICATE-----`r`nM"

    $verCertEnd = "=`r`n-----END CERTIFICATE-----"

    if ($cert.StartsWith($verCertStart) -and $cert.EndsWith($verCertEnd)) { 

        $check = $true 

        $cert = $cert.Replace("-----BEGIN CERTIFICATE-----", "")

        $cert = $cert.Replace("-----END CERTIFICATE-----", "")

        $cert = $cert.trim()

    } 

    if (!$check) {

        if (!$cert.StartsWith("M") -and !$cert.EndsWith('=')) { 

            Write-Error "Invalid certificate or not in PEM / CER Format $($_)" -ErrorAction Stop 

        }

    }

    try {

        # Windows PowerShell

        $certData = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2    

        $certData.Import([Convert]::FromBase64String($cert))

    }

    catch {

        # PowerShell Core/6/7+

        $certData = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2(, [Convert]::FromBase64String($cert))

    }

    try {

        Write-Verbose "Certificate:$($certData.Subject)"        

        # Time to Expiry

        $timeToExpiry = ($certData.NotAfter - (get-date))

        Write-Verbose "Days until certificatioin expiry: $($timeToExpiry)"        

        $certData | Add-Member -Type NoteProperty -Name "timeToExpiry" -Value $timeToExpiry

        return $certData

    }

    catch {

        Write-Error "Invalid certificate or not in PEM / CER Format $($_)" -ErrorAction Stop 

    }

}