/
Revoke-Certificate.ps1
38 lines (37 loc) · 1.48 KB
/
Revoke-Certificate.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
function Revoke-Certificate {
<#
.ExternalHelp PSPKI.Help.xml
#>
[OutputType('PKI.Utils.IServiceOperationResult')]
[CmdletBinding()]
param(
[Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)]
[ValidateScript({
if ($_.GetType().FullName -eq "PKI.CertificateServices.DB.RequestRow") {$true} else {$false}
})]$Request,
[ValidateSet("Unspecified","KeyCompromise","CACompromise","AffiliationChanged",
"Superseded","CeaseOfOperation","Hold","Unrevoke")]
[string]$Reason = "Unspecified",
[datetime]$RevocationDate = [datetime]::Now
)
begin {
$Reasons = @{"Unspecified"=0;"KeyCompromise"=1;"CACompromise"=2;"AffiliationChanged"=3;"Superseded"=4;
"CeaseOfOperation"=5;"Hold"=6;"ReleaseFromCRL"=8;"Unrevoke"=-1}
}
process {
if ([string]::IsNullOrEmpty($Request.SerialNumber)) {
throw New-Object InvalidOperationException
}
$CertAdmin = New-Object -ComObject CertificateAuthority.Admin
if ($Request.SerialNumber.Length % 2) {$Request.Serialnumber = "0" + $Request.Serialnumber}
try {
$CertAdmin.RevokeCertificate($Request.ConfigString,$Request.SerialNumber,$Reasons[$Reason],$RevocationDate.ToUniversalTime())
New-Object SysadminsLV.PKI.Utils.ServiceOperationResult 0,
"Successfully revoked certificate with ID=$($Request.RequestID) and reason: '$Reason'"
} catch {
New-Object SysadminsLV.PKI.Utils.ServiceOperationResult $_.Exception.HResult
} finally {
[PKI.Utils.CryptographyUtils]::ReleaseCom($CertAdmin)
}
}
}