当前位置：文江博客话题详情

查明用户的证书何时到期

发布于 2024-07-21 07:29:31 字数 4765 浏览 8 评论 0 原文

有谁知道我如何找出用户证书何时过期？我知道我可以使用以下代码获取给定用户的所有证书：

Set objUserTemplate = _
    GetObject("LDAP://cn=userTemplate,OU=Management,dc=NA,dc=fabrikam,dc=com")
arrUserCertificates = objUserTemplate.GetEx("userCertificate")

但是我该如何轮询给定证书的到期日期呢？我确实在这里看到了这个java代码： http://forums.novell.com/novell-developer-forums/dev-ldap/364977-q-retriving-users-public-key-over-ldap.html,

X509Certificate cert = ( X509Certificate )it.next();
java.util.Date expires = cert.getNotAfter();
GregorianCalendar calNow = new GregorianCalendar();
GregorianCalendar calExp = new GregorianCalendar();
calExp.setTime( expires );
//issuerDN = cert.getIssuerDN().getName();
int daysTilExp = com.willeke.utility.DateUtils.daysPast( calExp );
long diffDays = com.willeke.utility.DateUtils.diffDayPeriods( calNow,
calExp );
if( diffDays <= 0 )
{
String mex = " Will expire in: " + diffDays + " days!";

但我不确定是否可以在 VB 中使用 getNotAfter 方法，或者我将如何去做。有人有什么想法吗？如果可能的话，我希望帮助在 VBScript/VB.Net/VBA 等中执行此查询。

我确实找到了这个 VBScript 此处的代码似乎正在做我想要完成的事情，但实际上是看起来相当复杂，而java代码看起来简单得多。有没有更简单的方法可以用某种类型的 VB 来执行此查询？

从 cruto 网站：

On Error Resume Next

Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D
Const ForWriting = 2
Const WshRunning = 0

Set objUser = GetObject _
    ("GC://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.GetInfoEx Array("userCertificate"), 0
arrUserCertificates = objUser.GetEx("userCertificate")

If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
    WScript.Echo "No assigned certificates"
    WScript.Quit
Else
    Set objShell = CreateObject("WScript.Shell")
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    strPath = "." 
    intFileCounter = 0

    For Each arrUserCertificate in arrUserCertificates
        strFileName = "file" & intFileCounter
        strFullName = objFSO.BuildPath(strPath, strFileName)
        Set objFile = objFSO.OpenTextFile(strFullName, ForWriting, True)

        For i = 1 To LenB(arrUserCertificate)
            ReDim Preserve arrUserCertificatesChar(i - 1)
            arrUserCertificatesChar(i-1) = _
                Hex(AscB(MidB(arrUserCertificate, i, 3)))
        Next

        intCounter=0
        For Each HexVal in arrUserCertificatesChar
            intCounter=intCounter + 1
            If Len(HexVal) = 1 Then 
                objFile.Write(0 & HexVal & " ")
            Else
                objFile.Write(HexVal & " ")
            End If
        Next
        objFile.Close
        Set objFile = Nothing

        Set objExecCmd1 = objShell.Exec _
            ("certutil -decodeHex " & strFileName & " " & strFileName & ".cer")
        Do While objExecCmd1.Status = WshRunning
            WScript.Sleep 100
        Loop
        Set objExecCmd1 = Nothing

        Set objExecCmd2 = objShell.Exec("certutil " & strFileName & ".cer")
        Set objStdOut = objExecCmd2.StdOut
        Set objExecCmd2 = Nothing

        WScript.Echo VbCrLf & "Certificate " & intFileCounter + 1
        While Not objStdOut.AtEndOfStream
            strLine = objStdOut.ReadLine
            If InStr(strLine, "Issuer:") Then
                WScript.Echo Trim(strLine)
                WScript.Echo vbTab & Trim(objStdOut.ReadLine)
            End If
            If InStr(strLine, "Subject:") Then
                Wscript.Echo Trim(strLine)
                WScript.Echo vbTab & Trim(objStdOut.ReadLine)
            End If
            If InStr(strLine, "NotAfter:") Then
                strLine = Trim(strLine)
                WScript.Echo "Expires:"
                Wscript.Echo vbTab & Mid(strLine, 11)
            End If
        Wend

        objFSO.DeleteFile(strFullName)
        objFSO.DeleteFile(strPath & "\" & strFileName & ".cer") 

        intFileCounter = intFileCounter + 1
    Next
End If

更新我确实看到我可以导入将证书放入 CAPICOM 对象以返回 ValidToDate 属性，但根据此处发布的内容，它在 AD 中存储的格式显然是错误的：http://www.powershellcommunity.org/Forums/tabid/54/aff/4/aft/1639/afv/topic /Default.aspx

有谁知道 CAPICOM 导入功能需要什么格式？

原文

Does anyone know how I could go about finding out when a certificate for user is set to expire? I know I can get pull all of the certificates for a given user by usin the following code:

Set objUserTemplate = _
    GetObject("LDAP://cn=userTemplate,OU=Management,dc=NA,dc=fabrikam,dc=com")
arrUserCertificates = objUserTemplate.GetEx("userCertificate")

But then how do I go about polling the expiration date for a given certificate? I did see this java code here: http://forums.novell.com/novell-developer-forums/dev-ldap/364977-q-retrieving-users-public-key-over-ldap.html,

X509Certificate cert = ( X509Certificate )it.next();
java.util.Date expires = cert.getNotAfter();
GregorianCalendar calNow = new GregorianCalendar();
GregorianCalendar calExp = new GregorianCalendar();
calExp.setTime( expires );
//issuerDN = cert.getIssuerDN().getName();
int daysTilExp = com.willeke.utility.DateUtils.daysPast( calExp );
long diffDays = com.willeke.utility.DateUtils.diffDayPeriods( calNow,
calExp );
if( diffDays <= 0 )
{
String mex = " Will expire in: " + diffDays + " days!";

but I'm not sure if I can use the getNotAfter method within VB, or how I would go about doing it. Does anyone have any ideas? If at all possible I would like help in doing this query in VBScript/VB.Net/VBA, etc.

I did find this VBScript code here which seems to be doing what I am trying to accomplish, but is seems pretty complex, where as the java code seemed much simpler. Is there an easier way to do this query in some flavor of VB?

From the cruto site:

On Error Resume Next

Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D
Const ForWriting = 2
Const WshRunning = 0

Set objUser = GetObject _
    ("GC://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.GetInfoEx Array("userCertificate"), 0
arrUserCertificates = objUser.GetEx("userCertificate")

If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
    WScript.Echo "No assigned certificates"
    WScript.Quit
Else
    Set objShell = CreateObject("WScript.Shell")
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    strPath = "." 
    intFileCounter = 0

    For Each arrUserCertificate in arrUserCertificates
        strFileName = "file" & intFileCounter
        strFullName = objFSO.BuildPath(strPath, strFileName)
        Set objFile = objFSO.OpenTextFile(strFullName, ForWriting, True)

        For i = 1 To LenB(arrUserCertificate)
            ReDim Preserve arrUserCertificatesChar(i - 1)
            arrUserCertificatesChar(i-1) = _
                Hex(AscB(MidB(arrUserCertificate, i, 3)))
        Next

        intCounter=0
        For Each HexVal in arrUserCertificatesChar
            intCounter=intCounter + 1
            If Len(HexVal) = 1 Then 
                objFile.Write(0 & HexVal & " ")
            Else
                objFile.Write(HexVal & " ")
            End If
        Next
        objFile.Close
        Set objFile = Nothing

        Set objExecCmd1 = objShell.Exec _
            ("certutil -decodeHex " & strFileName & " " & strFileName & ".cer")
        Do While objExecCmd1.Status = WshRunning
            WScript.Sleep 100
        Loop
        Set objExecCmd1 = Nothing

        Set objExecCmd2 = objShell.Exec("certutil " & strFileName & ".cer")
        Set objStdOut = objExecCmd2.StdOut
        Set objExecCmd2 = Nothing

        WScript.Echo VbCrLf & "Certificate " & intFileCounter + 1
        While Not objStdOut.AtEndOfStream
            strLine = objStdOut.ReadLine
            If InStr(strLine, "Issuer:") Then
                WScript.Echo Trim(strLine)
                WScript.Echo vbTab & Trim(objStdOut.ReadLine)
            End If
            If InStr(strLine, "Subject:") Then
                Wscript.Echo Trim(strLine)
                WScript.Echo vbTab & Trim(objStdOut.ReadLine)
            End If
            If InStr(strLine, "NotAfter:") Then
                strLine = Trim(strLine)
                WScript.Echo "Expires:"
                Wscript.Echo vbTab & Mid(strLine, 11)
            End If
        Wend

        objFSO.DeleteFile(strFullName)
        objFSO.DeleteFile(strPath & "\" & strFileName & ".cer") 

        intFileCounter = intFileCounter + 1
    Next
End If

Update I did see that I could import the certificate into the CAPICOM object to return back the ValidToDate Property, but apparently the format inwhich it is stored in AD is of the wrong format according to this posting here: http://www.powershellcommunity.org/Forums/tabid/54/aff/4/aft/1639/afv/topic/Default.aspx

Does anyone know what format is expected from the CAPICOM import function?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

妖妓 2024-07-28 07:29:31

Microsoft 有一个名为 CAPICOM 的 ActiveX 控件，它允许您以编程方式访问证书的各种属性。 MSDN CAPICOM 文章详细介绍了这些功能。 Platform SDK（从何处获取链接链接）包括示例、文档和可再发行控件。这些示例包括 VBScript 示例。我找到了 Platform SDK 此处。

简而言之，检索证书后，您将查找 ValidFromDate 和 ValidToDate 属性。

回复收藏 0 原文

~没有更多了~

关于作者

多孤肩上扛

暂无简介

0 文章

0 评论

22 人气

关注发私信

友情链接

文江博客

查明用户的证书何时到期

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

评论（1）

关于作者

相关话题

热门标签

推荐作者

1CH1MKgiKxn9p

ゞ记忆︶ㄣ

JackDx

信远

yaoduoduo1995

霞映澄塘

友情链接

查明用户的证书何时到期

如果你对这篇内容有疑问，欢迎到本站社区发帖提问 参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

评论（1）

关于作者

相关话题

热门标签

推荐作者

1CH1MKgiKxn9p

ゞ记忆︶ㄣ

JackDx

信远

yaoduoduo1995

霞映澄塘

友情链接

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。