c-hive.psm1
|
function Test-IsNumeric { <# .SYNOPSIS Returns if a specific value is numeric or not .EXAMPLE Test-IsNumeric -Value "1" # Returns $true Test-IsNumeric -Value "a" # Returns $false #> param( [Parameter(Mandatory = $true)] [string]$Value ) Write-Verbose "Executing: Test-IsNumeric" return $Value.Trim() -match '^-?\d+$' } function Test-IfFileIsCR { <# .SYNOPSIS Check if current file seems to be a certificate request .EXAMPLE Test-IfFileIsCR -ReqString "Subject: lorem ipsum...." # $true Test-IfFileIsCR -ReqString "lorem ipsum...." # $false #> param( [Parameter(Mandatory = $true)] [string[]]$ReqString ) Write-Verbose "Executing: Test-IfFileIsCR" $foundMarkers = 0 foreach ($line in $ReqString) { if ($line -match 'Subject:') { $foundMarkers++ } if ($line -match 'Certificate Request:') { $foundMarkers++ } if ($foundMarkers -ge 2) { return $true } } return $false } function Test-Signature { <# .SYNOPSIS Check for String: Signature matches Public Key .EXAMPLE Test-Signature -ReqString "Signature matches Public Key... lorem ipsum...." # $true Test-Signature -ReqString "lorem ipsum...." # $false #> param( [Parameter(Mandatory = $true)] [string[]]$ReqString ) Write-Verbose "Executing: Test-Signature" return $ReqString -contains { $_ -match 'Signature matches Public Key' } } function Get-RequestAttributes { <# .SYNOPSIS Get all Request Attributes .EXAMPLE Get-RequestAttributes -ReqString $certificate_request_string #> param([Parameter(mandatory=$true)]$ReqString) write-verbose "--Executing: Get-RequestAttributes" $line="" $lineCount=0 $found=$false $fieldNum=0 $fieldLine="" $Attributes=@() $numCount=0 $Count=0 $obj="" | Select-Object AttributeName,AttribField1,AttribField2,AttribField3,AttribField4,AttribField5 foreach ($line in $ReqString){ $lineCount++ if($found){ if($line -match " Attribute"){ $obj="" | Select-Object AttributeName,AttribField1,AttribField2,AttribField3,AttribField4,AttribField5 $obj.AttributeName=($line.Split("(")[1]).Substring(0,($line.Split("(")[1]).length-1) $Count++ $fieldNum=0 $i=0 do{ $fieldLine=$ReqString[$lineCount+$i++] if(($fieldLine -notmatch "Value") -and ($fieldLine -notmatch "Unknown Attribute")){ switch(++$fieldNum) { 1 {$obj.AttribField1=$fieldLine.trim()} 2 {$obj.AttribField2=$fieldLine.trim()} 3 {$obj.AttribField3=$fieldLine.trim()} 4 {$obj.AttribField4=$fieldLine.trim()} 5 {$obj.AttribField5=$fieldLine.trim()} } } }until(($ReqString[$lineCount+$i].length -eq 0) -or !($ReqString[$lineCount+$i].StartsWith(" "))) $Attributes += $obj } } if($line -match "Request Attributes:") { [int32]$numCount=$line.Split(":")[1] if($numCount -gt 0){$found=$true} } if($found -and ($Count -eq $numCount)){$found=$false} } return $Attributes } function Get-CertExtensions() { <# .SYNOPSIS Get all Request Certificate Extensions .EXAMPLE Get-CertExtensions -ReqString $certificate_request_string #> param([Parameter(mandatory=$true)]$ReqString) write-verbose "--Executing: Get-CertExtensions" $line="" $lineCount=0 $found=$false #$fieldNum=0 $fieldLine="" $Extensions=@() $numCount=0 $Count=0 $obj="" | Select-Object ExtensionOID,ExtensionName,ExtensionField foreach ($line in $ReqString){ $lineCount++ if($found){ if(($line.length -gt 0) -and (Test-IsNumeric -value $line.substring(4,1))){ $obj="" | Select-Object ExtensionOID,ExtensionName,ExtensionField $obj.ExtensionOID=($line.Split(":")[0]).trim() $obj.ExtensionName=$ReqString[$lineCount].trim() $Count++ #$fieldNum=0 $i=1 do{ $fieldLine=$ReqString[$lineCount+$i++] $obj.ExtensionField+=$fieldLine.trim()+"`r`n" }until(($ReqString[$lineCount+$i].length -eq 0) -or !($ReqString[$lineCount+$i].StartsWith(" "))) $Extensions += $obj } } if($line -match "Certificate Extensions:"){ [int32]$numCount=$line.Split(":")[1] if($numCount -gt 0){$found=$true} } if($found -and ($Count -eq $numCount)){$found=$false} } return $Extensions } function Get-SubjectName() { <# .SYNOPSIS Get Certificate Requests Subject Name .EXAMPLE Get-SubjectName -ReqString $certificate_request_string #> param([Parameter(mandatory=$true)]$ReqString) write-verbose "--Executing: get-SubjectName" $line="" #$lineCount=0 #$found=$false #$fieldNum=0 #$fieldLine="" #$Extensions=@() #$numCount=0 #$Count=0 #$i=0 $myobj = [PSCustomObject]@{ CN = $null OU = $null O = $null L = $null ST = $null S = $null STREET = $null C = $null E= $null } foreach ($line in $ReqString){ if ($line.contains(":")) { if ($line.Contains("Subject")) {$start_parsing = $true} else {$start_parsing = $false} } if ($start_parsing) { $SubjectType=$line.Split("=")[0].trim() try{$attrib = $line.Split("=")[1].trim()}catch{$attrib = $Null} switch($SubjectType) { "CN" {$myobj.CN=$attrib.trim()} "OU" {$myobj.OU=$attrib.trim()} "O" {$myobj.O=$attrib.trim()} "L" {$myobj.L=$attrib.trim()} "ST" {$myobj.ST=$attrib.trim()} "S" {$myobj.S=$attrib.trim()} "STREET" {$myobj.STREET=$attrib.trim()} "C" {$myobj.C=$attrib.trim()} "E" {$myobj.E=$attrib.trim()} } } } return $myobj } function Get-CertTemplate() { <# .SYNOPSIS Get Certificate Requests Certificate Template Name .EXAMPLE Get-CertTemplate -ReqString $certificate_request_string #> param( [Parameter(mandatory=$true)]$arrExt, [Parameter(mandatory=$true)]$arrAttrib ) write-verbose "--Executing: Get-CertTemplate" $arrCertTmpl=@() if($arrExt.count -ne 0) { Foreach($obj in $arrExt) { if($obj.ExtensionOID -match "1.3.6.1.4.1.311.21.7"){$arrCertTmpl+=$obj.ExtensionField.Split("`r`n")[0],"OID"} } Foreach($obj in $arrExt) { if($obj.ExtensionOID -match "1.3.6.1.4.1.311.20.2"){$arrCertTmpl+=$obj.ExtensionField.Split("`r`n")[0],"OID"} } } if($arrAttrib.count -ne 0) { Foreach($obj in $arrAttrib) { if($obj.AttribField1 -match "CertificateTemplate"){$arrCertTmpl+=$obj.AttribField1,"Name"} } } return $arrCertTmpl } function Get-CSP(){ <# .SYNOPSIS Get Certificate Requests CSP .EXAMPLE Get-CSP -arrExt Get-CertExtensions($certificate_Request_String) -arrAttrib Get-RequestAttributes($certificate_Request_String) #> param( [Parameter(mandatory=$true)]$arrExt, [Parameter(mandatory=$true)]$arrAttrib ) write-verbose "--Executing: Get-CSP" $CSP=@() if($arrAttrib.count -ne 0) { Foreach($obj in $arrAttrib) { if($obj.AttributeName -match "CSP"){ if($obj.AttribField1 -match "Provider ="){$CSP+=$obj.AttribField1.split("=")[1]} if($obj.AttribField2 -match "Provider ="){$CSP+=$obj.AttribField2.split("=")[1]} if($obj.AttribField3 -match "Provider ="){$CSP+=$obj.AttribField3.split("=")[1]} if($obj.AttribField4 -match "Provider ="){$CSP+=$obj.AttribField4.split("=")[1]} if($obj.AttribField5 -match "Provider ="){$CSP+=$obj.AttribField5.split("=")[1]} } } } return $CSP } function Get-EnhancedKeyUsage() { <# .SYNOPSIS Get Certificate Requests EnhancedKeyUsage .EXAMPLE Get-EnhancedKeyUsage -arrExt Get-CertExtensions($certificate_Request_String) #> param( [Parameter(mandatory=$true)]$arrExt ) write-verbose "--Executing: Get-EnhancedKeyUsage" $EnhKeyUsage=@() if($arrExt.count -ne 0) { Foreach($obj in $arrExt) { if($obj.ExtensionOID -match "2.5.29.37"){ $EnhKeyUsage+=$obj.ExtensionField } } } return $EnhKeyUsage } function Get-KeyUsage() { <# .SYNOPSIS Get Certificate Requests EnhancedKeyUsage .EXAMPLE Get-KeyUsage -arrExt Get-CertExtensions($certificate_Request_String) #> param([Parameter(mandatory=$true)]$arrExt) write-verbose "--Executing: Get-KeyUsage" $KeyUsage="" if($arrExt.count -ne 0) { Foreach($obj in $arrExt) { if($obj.ExtensionOID -match "2.5.29.15"){ $KeyUsage=$obj.ExtensionField } } } return $KeyUsage } function Get-SAN() { <# .SYNOPSIS Get Certificate Requests SAN .EXAMPLE Get-SAN -arrExt Get-CertExtensions($certificate_Request_String) #> param([Parameter(mandatory=$true)]$arrExt) write-verbose "--Executing: Get-SAN" $temp="" $SANTemp="" $SAN=@() $SANEntry="" | Select-Object Type, SAN if($arrExt.count -ne 0) { Foreach($obj in $arrExt) { if($obj.ExtensionOID -match "2.5.29.17"){ $temp=$obj.ExtensionField.trim().split("`n") foreach($SANTemp in $temp){ $SANEntry="" | Select-Object Type, SAN $SANEntry.Type=$SANTemp.split("=")[0] $SANEntry.SAN=$SANTemp.split("=")[1].trim() $SAN+=$SANEntry } } } } return $SAN } function Get-SignAlgorithm() { <# .SYNOPSIS Get Certificate Requests SignAlgorithm .EXAMPLE Get-SignAlgorithm -ReqString $certificate_Request_String #> param( [Parameter(mandatory=$true)]$ReqString ) write-verbose "--Executing: Get-SignAlgorithm" $line="" $found=$false $obj="" | Select-Object AlgoOID,AlgoName foreach ($line in $ReqString){ if($found){ if($line -match " Algorithm ObjectId:"){ $obj.AlgoOID=($line.Split(":")[1].trim()).Split(" ")[0] $obj.AlgoName=($line.Split(":")[1].trim()).Split(" ")[1] } $found=$false } if($line -match "Signature Algorithm:"){$found=$true} } return $obj } function Get-KeyAlgorithm() { <# .SYNOPSIS Get Certificate KeyAlgorithm .EXAMPLE Get-KeyAlgorithm -ReqString $certificate_Request_String #> param( [Parameter(mandatory=$true)]$ReqString ) write-verbose "--Executing: Get-KeyAlgorithm" $line="" $found=$false $obj="" | Select-Object AlgoOID,AlgoName foreach ($line in $ReqString){ if($found){ if($line -match " Algorithm ObjectId:"){ $obj.AlgoOID=($line.Split(":")[1].trim()).Split(" ")[0] $obj.AlgoName=($line.Split(":")[1].trim()).Split(" ")[1] } $found=$false } if($line -match "Public Key Algorithm:"){$found=$true} } return $obj } function Get-KeyLength { <# .SYNOPSIS Get Certificate KeyLength .EXAMPLE Get-KeyLength -ReqString $certificate_Request_String #> param( [Parameter(Mandatory=$true)] [string[]]$ReqString ) Write-Verbose "Executing: Get-KeyLength" # Find the first line containing 'Public Key Length:' and extract the value $keyLengthLine = $ReqString | Where-Object { $_ -match 'Public Key Length:' } | Select-Object -First 1 if ($null -ne $keyLengthLine) { return ($keyLengthLine -split ':')[1].Trim() } return $null } function convert-CSR2Object{ param($CSR) add-type -path ".\BouncyCastle.Cryptography.dll" $base64 = ($CSR -replace "-----.*-----", "") -replace "\s", "" $bytes = [Convert]::FromBase64String($base64) return [Org.BouncyCastle.Pkcs.Pkcs10CertificationRequest]::new($bytes) } Export-ModuleMember * |