PowerNets.psm1
function Find-NetsCertificate { param ( [string]$Email ) $subjectAlternateNameUid = "2.5.29.17" $ldapconnection = Get-LdapConnection -LdapServer "crtdir.certifikat.dk" -Port 389 -AuthType Anonymous #.net object for handling bytearray to windows cert object if ($PSVersionTable.PSEdition -eq "Desktop" ) { $Certobject = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 } $certificatestring = $Email.Trim() try { $cn = Find-LDAPObject -LdapConnection $ldapconnection -searchFilter:"(mail=$certificatestring)" -searchBase:"c=DK" -searchScope Subtree if ($null -eq $cn) { Write-Error "No certificate found" break } $customobject = @() foreach ($c in $cn) { $ldapcert = Find-LDAPObject -LdapConnection $ldapconnection -searchFilter:"(ObjectClass=*)" -searchBase $c -searchScope Base -RangeSize 0 -PropertiesToLoad:@("userCertificate;binary") -BinaryProperties:@("userCertificate;binary") $certificatebinary = $ldapcert."userCertificate;binary" #put binary data into .net certficate object. if ($PSVersionTable.PSEdition -eq "Desktop" ) { $Certobject.Import($certificatebinary) } if ($psversiontable.PSEdition -eq "Core") { $Certobject = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList @(,$certificatebinary) } $decimalserial = [convert]::ToInt64($certobject.SerialNumber,16) $extensions = $Certobject.Extensions $asnarray = @{} foreach ($e in $extensions) { $asn = New-Object -TypeName System.Security.Cryptography.AsnEncodedData($e.oid, $e.rawdata) $asnformatted= $asn.Format($true) $asnarray.add($asn.Oid, $asnformatted) } $mail = ((($asnarray[($asnarray.Keys | Where-Object Value -eq $subjectAlternateNameUid)]) -replace "`r`n","").Split('='))[1] #check to see if certifcate has expired $expired = "" if($Certobject.NotAfter -lt (Get-Date)) { $expired = $true } else { $expired = $false } $customobject += New-Object psobject -Property @{RawCertificate=$certificatebinary;Mail=$mail;Name=$Certobject.Subject;Created=$Certobject.NotBefore;Expires=$Certobject.NotAfter;SerialNumberDecimal=$decimalserial;SerialNumberHex=$Certobject.SerialNumber;Expired=$expired;Extensions=$extensions;Thumbprint=$Certobject.Thumbprint} } return $customobject } catch { if ($_.Exception.Message -like "*Exception calling `"SendRequest`" with `"2`" argument(s): `"Den tilladte*`"") { Write-Error "More than five certificates found for this email" } else { Write-Error "No certificate found" } } } |