PKI.OCSP.OCSPRequest class is failing on PowerShell 5

[milesgratz]

Expected behavior

Perform a OCSP request/response using PKI.OCSP.OCSPRequest class.

Actual behavior

When creating object with PKI.OCSP.OCSPRequest class, it is unable to retrieve RawData and RequestList attributes. Calling the SendRequest() method fails.

Steps to reproduce

1. Launch PowerShell 5 on Windows 10 or Server 2012 R2
2. Install PSPKI module 3.2.7.0

Install-Module PSPKI -Scope CurrentUser
Import-Module PSPKI

3. Follow OCSP Client Tool guide to create OCSP challenge/response.

$cert = (Test-WebServerSSL login.live.com).Certificate
$Request = New-Object pki.ocsp.ocsprequest $cert
$Request

Version : 1
Nonce : False
NonceValue :
RequestList : {System.Security.Cryptography.X509Certificates.X500DistinguishedName}
Extensions :
URL : http://ocsp.msocsp.com/
SignerCertificate :
Proxy :
IsReadOnly : False
AcceptedSignatureAlgorithms : {sha1RSA}
RawData :

$cert = New-Object Security.Cryptography.X509Certificates.X509Certificate2 "D:\smartcard-staging.cer"
$Request = New-Object pki.ocsp.ocsprequest $cert
$Request.RequestList

The following exception occurred while trying to enumerate the collection: "The method or operation is not implemented."

$cert = (Test-WebServerSSL login.live.com).Certificate
$Request = New-Object pki.ocsp.ocsprequest $cert
$Request.SendRequest()

Exception calling "SendRequest" with "0" argument(s): "The method or operation is not implemented."

[milesgratz]

Hey thanks for fixing this 👍 is there any compiling instructions? Or should I wait until the next release?

[Crypt32]

Well, you can wait until next PSPKI release, or compile it yourself. You will need to take this branch: https://github.com/Crypt32/pkix.net/tree/v3.2.7.0-vNext

External libraries you will need to reference are placed in _ExternalReferences folder.

[rizriso]

After attempting to test the example above I get an error when attempting to create the request. Now, I must admit, I am a domain member in a tightly locked down environment. The OS is Win10.

PS C:\scripts> ipmo pspki
$Cert = (Test-WebServerSSL login.live.com).Certificate
$cert

Thumbprint Subject

---

371DF399B6D85803795416E492D978206500DDCF CN=*.login.live.com

PS P:\Backups\L6001173\D\RSCs Documents\Source Code\Scripts> $Request = New-Object pki.ocsp.ocsprequest $cert
$Request
New-Object : Exception calling ".ctor" with "1" argument(s): "Issuer for the speified certificate not found."
At line:1 char:12

• $Request = New-Object pki.ocsp.ocsprequest $cert

•        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (:) [New-Object], MethodInvocationException
  • FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand

[Crypt32]

You may need to use this OCSPRequest constructor overload: OCSPRequest Constructor (X509Certificate2Collection, X509Certificate2)

where first parameter accepts a collection of end-entity certificates (1 in your case) and issuer certificate.

[SinnGit]

Looks like 3.7.2 may be experiencing issues with this request again.

Test-WebServerSSL does not seem to be returning anything for the certificate property in some cases when downloading the cert via a URL. Rather, certificate details are returned in the pkcs7chain property. This does not seem to be the case for all certificates returned via a URL. Is there any workaround for this situation?

thanks

[Crypt32]

@SinnGit please, open your own issue and describe your problem.