Object Identifier (OID) translation in PowerShell

Time at time I need to resolve Object Identifier (OID) to human-readable friendly name or get an OID if its OID is known. There are a lot of OIDs that are used in Internet PKI. In addition there may be custom OIDs that are defined (registered) within certain Active Directory forest. I can't remember all these OIDs and need a way to translate (or resolve) them. Even there are some online resources that provide a search in the OID tree. My favorite resource is: OID assignments from the top node. You can explore each tree and learn a bit more about OID structure. However these resources don't provide flexible way to automate this search. For example, I have OID = 1.3.6.1.5.5.7.3.1, but I don't know this OID friendly name. We can manually search this OID at such libraries and get the following output: id_kp_serverAuth. And if I need to get OCSP Signing OID. This task is harder. Fortunately there is a way to perform this translation in both directions: OID <—> Friendly Name.

Oid Class is that way! Read remarks section and get the fun! How to use it in PowerShell? Very simply, use one of the following constructor: Oid Constructor (Oid) or Oid Constructor (String). Actually they are used identically. Let's see some examples:

[↓] [vPodans] New-Object security.cryptography.oid("Code signing")

Value                                                       FriendlyName
-----                                                       ------------
1.3.6.1.5.5.7.3.3                                           Code Signing


[↓] [vPodans] New-Object security.cryptography.oid("1.3.6.1.5.5.7.3.1")

Value                                                       FriendlyName
-----                                                       ------------
1.3.6.1.5.5.7.3.1                                           Server Authentication


[↓] [vPodans]

As I said this class translates not only well-known Internet PKI OIDs, but custom AD-specific OID's. Of course you must be connected to the domain. Unfortunately there are no wildcard support. So if you don't know exact name or OID value, you will be unable to convert them. In any way this feature is very helpful for me and can be helpful for you. For that purposes I wrote a little PS function that will live in my PS profile Smaidiņš

#####################################################################
# Get-ObjectIdentifier.ps1
# Version 1.0
#
# Resolves OID value to a Friendly Name and vice versa.
#
# Vadims Podans (c) 2010
# http://en-us.sysadmins.lv/
#####################################################################
#requires -Version 2.0

function Get-ObjectIdentifier {
<#
.Synopsis
    Resolves OID value to a Friendly Name and vice versa.
.Description
    Resolves OID value to a Friendly Name and vice versa. The cmdlet resolves both
    well-known OIDs (used in Internet PKI) and Active Directory forest specific
    registered OIDs.
.Parameter OIDString
    Specifies the OID value or Friendly name.
.Example
    Get-ObjectIdentifier "Server Authentication"
    
    Will resolve "Server Authentication" OID to an object identifier value (1.3.6.1.5.5.7.3.1).
.Example
    Get-ObjectIdentifier "1.3.6.1.5.5.7.3.9"
    
    Will resolve "1.3.6.1.5.5.7.3.9" value to a friendly name (OCSP Signing).
.Outputs
    System.Security.Cryptography.Oid
#>
[CmdletBinding()]
[OutputType('System.Security.Cryptography.Oid')]
    param (
        [Parameter(Mandatory = $true, ValueFromPipeline = $true)]
        [String[]]$OIDString
    )
    $OIDString | %{New-Object Security.Cryptography.Oid $OIDString}
}

HTH

Comments:

Post your comment: