provider/certificate/Test-IcingaCertificateExcludePattern.psm1

<#
.SYNOPSIS
   Tests the given certificate against patterns if it should be excluded or not from the returned list of certificates which are tested for validity

.DESCRIPTION
   A certificate, passed by the -Certificate parameter, is tested for every string contained in an array passed by the -ExcludePattern parameter.
   The array is looped through and accordingly compared, or moreover the fields are tested if the given string is contained.

.PARAMETER Certificate
   Used to pass the certificate which the search will performed against.

.PARAMETER ExcludePattern
   Used to specify an array of strings which should be tested.

.INPUTS
   System.Boolean
.OUTPUTS
   System.Boolean
#>


function Test-IcingaCertificateExcludePattern
{
    [OutputType([boolean])]
    param (
        [array]$ExcludePattern                                                       = @(),
        [System.Security.Cryptography.X509Certificates.X509Certificate2]$Certificate = $null
    );

    #If the array is empty, just behave like it's not contained
    if (($null -eq $ExcludePattern) -or ($ExcludePattern.Count -lt 1)) {
        return $false
    }

    #Iterate through the array of patterns and look for the string in Subject, Issuer, Subject Alternative Name
    foreach ($ExcludeString in $ExcludePattern) {
        if ($Certificate.Subject.Contains($ExcludeString)) {
            return $true
        }

        if ($Certificate.Issuer.Contains($ExcludeString)) {
            return $true
        }

        try {
            if (($Certificate.Extensions | Where-Object { $_.Oid.FriendlyName -eq "subject alternative name" }).Format(1).Contains($ExcludeString)) {
                return $true
            }
        } catch {
            #Certificate doesn't have SANs; continue with next ExcludeString in the array
            continue;
        }
    }

    #if nothing is found, return false
    return $false
}