有谁知道我如何才能找出用户证书何时到期?我知道我可以使用以下代码获取给定用户的所有证书:
Set objUserTemplate = _
GetObject("LDAP://cn=userTemplate,OU=Management,dc=NA,dc=fabrikam,dc=com")
arrUserCertificates = objUserTemplate.GetEx("userCertificate")
但是,我该如何轮询给定证书的到期日期呢?我确实在这里看到了这个 java 代码:http ://forums.novell.com/novell-developer-forums/dev-ldap/364977-q-retrieving-users-public-key-over-ldap.html ,
X509Certificate cert = ( X509Certificate )it.next();
java.util.Date expires = cert.getNotAfter();
GregorianCalendar calNow = new GregorianCalendar();
GregorianCalendar calExp = new GregorianCalendar();
calExp.setTime( expires );
//issuerDN = cert.getIssuerDN().getName();
int daysTilExp = com.willeke.utility.DateUtils.daysPast( calExp );
long diffDays = com.willeke.utility.DateUtils.diffDayPeriods( calNow,
calExp );
if( diffDays <= 0 )
{
String mex = " Will expire in: " + diffDays + " days!";
但我不确定我是否可以getNotAfter在 VB 中使用该方法,或者我将如何去做。有没有人有任何想法?如果可能的话,我希望帮助在 VBScript/VB.Net/VBA 等中进行此查询。
我确实在这里找到了这个 VBScript 代码,它似乎正在做我想要完成的事情,但看起来相当复杂,而 java 代码看起来要简单得多。有没有一种更简单的方法可以在某种 VB 中进行此查询?
从克鲁托网站:
On Error Resume Next
Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D
Const ForWriting = 2
Const WshRunning = 0
Set objUser = GetObject _
("GC://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.GetInfoEx Array("userCertificate"), 0
arrUserCertificates = objUser.GetEx("userCertificate")
If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
WScript.Echo "No assigned certificates"
WScript.Quit
Else
Set objShell = CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
strPath = "."
intFileCounter = 0
For Each arrUserCertificate in arrUserCertificates
strFileName = "file" & intFileCounter
strFullName = objFSO.BuildPath(strPath, strFileName)
Set objFile = objFSO.OpenTextFile(strFullName, ForWriting, True)
For i = 1 To LenB(arrUserCertificate)
ReDim Preserve arrUserCertificatesChar(i - 1)
arrUserCertificatesChar(i-1) = _
Hex(AscB(MidB(arrUserCertificate, i, 3)))
Next
intCounter=0
For Each HexVal in arrUserCertificatesChar
intCounter=intCounter + 1
If Len(HexVal) = 1 Then
objFile.Write(0 & HexVal & " ")
Else
objFile.Write(HexVal & " ")
End If
Next
objFile.Close
Set objFile = Nothing
Set objExecCmd1 = objShell.Exec _
("certutil -decodeHex " & strFileName & " " & strFileName & ".cer")
Do While objExecCmd1.Status = WshRunning
WScript.Sleep 100
Loop
Set objExecCmd1 = Nothing
Set objExecCmd2 = objShell.Exec("certutil " & strFileName & ".cer")
Set objStdOut = objExecCmd2.StdOut
Set objExecCmd2 = Nothing
WScript.Echo VbCrLf & "Certificate " & intFileCounter + 1
While Not objStdOut.AtEndOfStream
strLine = objStdOut.ReadLine
If InStr(strLine, "Issuer:") Then
WScript.Echo Trim(strLine)
WScript.Echo vbTab & Trim(objStdOut.ReadLine)
End If
If InStr(strLine, "Subject:") Then
Wscript.Echo Trim(strLine)
WScript.Echo vbTab & Trim(objStdOut.ReadLine)
End If
If InStr(strLine, "NotAfter:") Then
strLine = Trim(strLine)
WScript.Echo "Expires:"
Wscript.Echo vbTab & Mid(strLine, 11)
End If
Wend
objFSO.DeleteFile(strFullName)
objFSO.DeleteFile(strPath & "\" & strFileName & ".cer")
intFileCounter = intFileCounter + 1
Next
End If
更新我确实看到我可以将证书导入到 CAPICOM对象中以返回ValidToDate属性,但是根据这里的帖子,显然它存储在 AD 中的格式是错误的格式:http://www.powershellcommunity。 org/Forums/tabid/54/aff/4/aft/1639/afv/topic/Default.aspx
有谁知道 CAPICOM 导入功能需要什么格式?