1
Vote

Issues with Set-CertificateExtension

description

Hi,

I'm working with PSPKI v3.2.6.

When using Set-CertificateExtensions, I have some issues :
  • With the "-Remove" switch, powershell complains about an unavailable type ([PKI.ASN.ASN1])
    For example (output is in French) :
PS C:\Tests> Get-PendingRequest -CertificationAuthority $mdpIGCobj -RequestID 485 | Set-CertificateExtension -Extension "2.5.29.17" -Remove
Type [PKI.ASN.ASN1] introuvable. Assurez-vous que l'assembly qui contient ce type est chargé.
Au caractère ...\Documents\WindowsPowerShell\Modules\PSPKI\Server\Set-CertificateExtension.ps1:53 : 7
  • [void][PKI.ASN.ASN1]::EncodeObjectIdentifier($ext)
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : InvalidOperation : (PKI.ASN.ASN1:TypeName) [], RuntimeException
    • FullyQualifiedErrorId : TypeNotFound
It seems that the call to [void][PKI.ASN.ASN1]::EncodeObjectIdentifier should be replaced by a call to [void][SysadminsLV.Asn1Parser.Asn1Utils]::EncodeObjectIdentifier on line 53.
  • When trying to run the Example 1 in the Set-CertificateExtension page, Powershell complains about the use of an available operator (op_modulus) on a [System.Byte[]] type.
    For example (output also in French) :
PS C:\Tests> Get-PendingRequest -CertificationAuthority $mdpIGCobj -RequestID 485 | Set-CertificateExtension -Extension $SAN
Échec lors de l'appel de la méthode, car [System.Byte[]] ne contient pas de méthode nommée « op_Modulus ».
Au caractère ...\Documents\WindowsPowerShell\Modules\PSPKI\Server\Set-CertificateExtension.ps1:36 : 27
  • [Byte[]]$bytes = if ($ext.RawData % 2) {$ext.RawData + 0} else {$ext.RawDat ...
  • ~~~~~~~~~~~~~~~~
    • CategoryInfo : InvalidOperation : (op_Modulus:String) [], RuntimeException
    • FullyQualifiedErrorId : MethodNotFound
It seems that the length property has been omitted when calling $ext.RawData on lines 20 and 36.

Thanks by advance for your help.

Best regards.

Thierry

comments

Camelot wrote Oct 19, 2016 at 8:13 PM

Thanks for report! This is definitely a bug. I'll check this.

titipub wrote Oct 20, 2016 at 6:44 AM

Hi,

Thanks for your answer.

I also have some minor corrections to submit for the Example 1 in the Set-CertificatExtension page :
  • The second line should be replaces by :
PS C:\> $altName2 = New-Object Security.Cryptography.X509Certificates.X509AlternativeName "DnsName","www.company.com"
So the $altName2 variable is created.
  • The fifth line should be replaces by :
PS C:\> $SAN = New-Object Security.Cryptography.X509Certificates.X509SubjectAlternativeNamesExtension($altNames,0)
A "s" is missing in the X509SubjectAlternativeNamesExtension method's name and the parameters are omitted.

I forgot to thank you for the really great job done for this very useful module.
Thank you !

Best regards,

Thierry