Search code examples
powershellldapbase64pkitobase64string

Powershell: How to grab base64 value from attribute of SearchResultEntry object?

My goal is to fetch the published CRL of a CA from an LDAP connection. I have a function to search the LDAP (not Active Directory!), which returns a System.DirectoryServices.Protocols.SearchResultEntryCollection as expected.

$results = LDAPsearch "$_LDAP_server`:$_LDAP_searchPort" "cn=$CA,$_LDAP_searchBase" '(&(certificateRevocationList=*))'
ForEach ($element in $results){
    $element.Attributes['cn'].GetValues('string')
    $element.Attributes['certificateRevocationList;binary'].GetValues('string')
}

The above properly reads the cn attribute value of each element returned, however the certificateRevocationList is returned in a strange format which does not correspond at all to the Base64 string I expect (e.g. the one that can be read if you export your data to an LDIF file or if you use the Linux ldapsearch command)...

How can I get the actual Base64 value ?

Unfortunately, you can only pass 'byte[]' or 'string' as parameter to the GetValues method (a 'Base64String' option here would be useful to me, but well...).

Current output below (where cn value is correctly written but not certificateRevocationList):

How the output looks like

Solution

  • Retrieve the raw CRL as byte[], then convert to base64 yourself:

    $crlBin = $element.Attributes['certificateRevocationList;binary'].GetValues('byte[]')
$crlB64 = [Convert]::ToBase64String($crlBin)