PowerNets

1.5

PowerNets.psm1

function Find-NetsCertificate {
    param (
        [string]$Email
    )
    
    $subjectAlternateNameUid = "2.5.29.17"

    $ldapconnection = Get-LdapConnection -LdapServer "crtdir.certifikat.dk" -Port 389 -AuthType Anonymous
    #.net object for handling bytearray to windows cert object
    if ($PSVersionTable.PSEdition -eq "Desktop" ) {
        $Certobject = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2    
    }
    

    $certificatestring = $Email.Trim()
    try {
        $cn = Find-LDAPObject -LdapConnection $ldapconnection -searchFilter:"(mail=$certificatestring)" -searchBase:"c=DK" -searchScope Subtree

        if ($null -eq $cn) {
            Write-Error "No certificate found"
            break
        }

        $customobject = @()
        foreach ($c in $cn) {
            $ldapcert = Find-LDAPObject -LdapConnection $ldapconnection -searchFilter:"(ObjectClass=*)" -searchBase $c -searchScope Base -RangeSize 0 -PropertiesToLoad:@("userCertificate;binary") -BinaryProperties:@("userCertificate;binary")
            $certificatebinary = $ldapcert."userCertificate;binary"
            #put binary data into .net certficate object.
            if ($PSVersionTable.PSEdition -eq "Desktop" ) {
                $Certobject.Import($certificatebinary)
            }
            if ($psversiontable.PSEdition -eq "Core") {
                $Certobject = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate2($certificatebinary)    
            }
            
            $decimalserial = [convert]::ToInt64($certobject.SerialNumber,16)


            $extensions = $Certobject.Extensions
            $asnarray = @{}
            foreach ($e in $extensions) {
                $asn = New-Object -TypeName System.Security.Cryptography.AsnEncodedData($e.oid, $e.rawdata)
                $asnformatted= $asn.Format($true)
                $asnarray.add($asn.Oid, $asnformatted)
            }

            $mail = ((($asnarray[($asnarray.Keys | Where-Object Value -eq $subjectAlternateNameUid)]) -replace "`r`n","").Split('='))[1]
            
            #check to see if certifcate has expired
            $expired = ""
                
            if($Certobject.NotAfter -lt (Get-Date)) {
                $expired = $true
            } else {
                $expired = $false
            }
            
            $customobject += New-Object psobject -Property @{RawCertificate=$certificatebinary;Mail=$mail;Name=$Certobject.Subject;Created=$Certobject.NotBefore;Expires=$Certobject.NotAfter;SerialNumberDecimal=$decimalserial;SerialNumberHex=$Certobject.SerialNumber;Expired=$expired;Extensions=$extensions;Thumbprint=$Certobject.Thumbprint}
            
        }
        return $customobject
        
    } catch {
        if ($_.Exception.Message -like "*Exception calling `"SendRequest`" with `"2`" argument(s): `"Den tilladte*`"") {
            Write-Error "More than five certificates found for this email"
        } else {
            Write-Error "No certificate found"
        }
    }
}