aseigler/Read-CRLExpectedExpires.ps1

## Read-CRLExpectedExpires.ps1
function Read-CRLExpectedExpires {
    param (
        [String] $crlPath
    )
    try
    {
	    $crlbytes = (Invoke-WebRequest -UseBasicParsing -Uri $crlPath).Content
    }
    catch
    {
        return $_.Exception.Message
    }
    $CRLReader = [System.Formats.Asn1.AsnReader]::new($crlbytes, [System.Formats.Asn1.AsnEncodingRules]::DER)
    $CertificateList = $CRLReader.ReadSequence()
    $TBSCertList = $CertificateList.ReadSequence()
    $VersionTag = [System.Formats.Asn1.Asn1Tag]::new([System.Formats.Asn1.TagClass]::Universal, 2, $false)
    if ($VersionTag -eq $TBSCertList.PeekTag())
    {
        $version = $TBSCertList.ReadInteger()
    }

    $signature = $TBSCertList.ReadSequence()
    $issuer = $TBSCertList.ReadSequence()
    $thisUpdate = $TBSCertList.ReadUtcTime()
    $NextUpdateTag = [System.Formats.Asn1.Asn1Tag]::new([System.Formats.Asn1.TagClass]::Universal, 23, $false)
    if ($TBSCertList.HasData -and $NextUpdateTag -eq $TBSCertList.PeekTag())
    {
        $nextUpdate = $TBSCertList.ReadUtcTime()
    }

    $RevokedCertificatesTag = [System.Formats.Asn1.Asn1Tag]::new([System.Formats.Asn1.TagClass]::Universal, 16, $true)
    if ($TBSCertList.HasData -and $RevokedCertificatesTag -eq $TBSCertList.PeekTag()) {
        $revokedCertificates = $TBSCertList.ReadSequence()
    }

    $CrlExtensionsTag = [System.Formats.Asn1.Asn1Tag]::new([System.Formats.Asn1.TagClass]::ContextSpecific, 0, $true)
    if ($TBSCertList.HasData -and $CrlExtensionsTag -eq $TBSCertList.PeekTag())
    {
        $crlExtensionsContainer = $TBSCertList.ReadSequence($CrlExtensionsTag)
        $crlExtensions = $crlExtensionsContainer.ReadSequence()
        while ($crlExtensions.HasData)
        {
            $ext = $crlExtensions.ReadSequence()
            $oid = $ext.ReadObjectIdentifier()
            if ($oid -eq '1.3.6.1.4.1.311.21.4') # crlNextPublish
            {
                $crlExtBytes = $ext.ReadOctetString()
                $crlExtReader = [System.Formats.Asn1.AsnReader]::new($crlExtBytes, [System.Formats.Asn1.AsnEncodingRules]::DER)
                $crlNextPublish = $crlExtReader.ReadUtcTime()
            }
        }
    }

    return New-Object PsObject -Property @{CRLPath=$crlPath ; Expected=$crlNextPublish ; Expires=$nextUpdate ; SignTime=$thisUpdate}
}
	function Read-CRLExpectedExpires {
	param (
	[String] $crlPath
	)
	try
	{
	$crlbytes = (Invoke-WebRequest -UseBasicParsing -Uri $crlPath).Content
	}
	catch
	{
	return $_.Exception.Message
	}
	$CRLReader = [System.Formats.Asn1.AsnReader]::new($crlbytes, [System.Formats.Asn1.AsnEncodingRules]::DER)
	$CertificateList = $CRLReader.ReadSequence()
	$TBSCertList = $CertificateList.ReadSequence()
	$VersionTag = [System.Formats.Asn1.Asn1Tag]::new([System.Formats.Asn1.TagClass]::Universal, 2, $false)
	if ($VersionTag -eq $TBSCertList.PeekTag())
	{
	$version = $TBSCertList.ReadInteger()
	}

	$signature = $TBSCertList.ReadSequence()
	$issuer = $TBSCertList.ReadSequence()
	$thisUpdate = $TBSCertList.ReadUtcTime()
	$NextUpdateTag = [System.Formats.Asn1.Asn1Tag]::new([System.Formats.Asn1.TagClass]::Universal, 23, $false)
	if ($TBSCertList.HasData -and $NextUpdateTag -eq $TBSCertList.PeekTag())
	{
	$nextUpdate = $TBSCertList.ReadUtcTime()
	}

	$RevokedCertificatesTag = [System.Formats.Asn1.Asn1Tag]::new([System.Formats.Asn1.TagClass]::Universal, 16, $true)
	if ($TBSCertList.HasData -and $RevokedCertificatesTag -eq $TBSCertList.PeekTag()) {
	$revokedCertificates = $TBSCertList.ReadSequence()
	}

	$CrlExtensionsTag = [System.Formats.Asn1.Asn1Tag]::new([System.Formats.Asn1.TagClass]::ContextSpecific, 0, $true)
	if ($TBSCertList.HasData -and $CrlExtensionsTag -eq $TBSCertList.PeekTag())
	{
	$crlExtensionsContainer = $TBSCertList.ReadSequence($CrlExtensionsTag)
	$crlExtensions = $crlExtensionsContainer.ReadSequence()
	while ($crlExtensions.HasData)
	{
	$ext = $crlExtensions.ReadSequence()
	$oid = $ext.ReadObjectIdentifier()
	if ($oid -eq '1.3.6.1.4.1.311.21.4') # crlNextPublish
	{
	$crlExtBytes = $ext.ReadOctetString()
	$crlExtReader = [System.Formats.Asn1.AsnReader]::new($crlExtBytes, [System.Formats.Asn1.AsnEncodingRules]::DER)
	$crlNextPublish = $crlExtReader.ReadUtcTime()
	}
	}
	}

	return New-Object PsObject -Property @{CRLPath=$crlPath ; Expected=$crlNextPublish ; Expires=$nextUpdate ; SignTime=$thisUpdate}
	}