rusthound_ce/objects/
aiaca.rs

1use serde_json::value::Value;
2use serde::{Deserialize, Serialize};
3use x509_parser::oid_registry::asn1_rs::oid;
4use x509_parser::prelude::*;
5
6use crate::enums::{decode_guid_le, parse_ntsecuritydescriptor};
7use crate::utils::date::string_to_epoch;
8use crate::objects::common::{
9    LdapObject,
10    AceTemplate,
11    SPNTarget,
12    Link,
13    Member
14};
15use crate::utils::crypto::calculate_sha1;
16
17use ldap3::SearchEntry;
18use log::{debug, error, trace};
19use std::collections::HashMap;
20use std::error::Error;
21
22/// AIACA structure
23#[derive(Debug, Clone, Deserialize, Serialize, Default)]
24pub struct AIACA {
25    #[serde(rename = "Properties")]
26    properties: AIACAProperties,
27    #[serde(rename = "DomainSID")]
28    domain_sid: String,
29    #[serde(rename = "Aces")]
30    aces: Vec<AceTemplate>,
31    #[serde(rename = "ObjectIdentifier")]
32    object_identifier: String,
33    #[serde(rename = "IsDeleted")]
34    is_deleted: bool,
35    #[serde(rename = "IsACLProtected")]
36    is_acl_protected: bool,
37    #[serde(rename = "ContainedBy")]
38    contained_by: Option<Member>,
39}
40
41impl AIACA {
42    // New AIACA
43    pub fn new() -> Self { 
44        Self { ..Default::default() } 
45    }
46
47    /// Function to parse and replace value in json template for AIACA object.
48    pub fn parse(
49        &mut self,
50        result: SearchEntry,
51        domain: &String,
52        dn_sid: &mut HashMap<String, String>,
53        sid_type: &mut HashMap<String, String>,
54        domain_sid: &String
55    ) -> Result<(), Box<dyn Error>> {
56        let result_dn: String = result.dn.to_uppercase();
57        let result_attrs: HashMap<String, Vec<String>> = result.attrs;
58        let result_bin: HashMap<String, Vec<Vec<u8>>> = result.bin_attrs;
59
60        // Debug for current object
61        debug!("Parse AIACA: {}", result_dn);
62        // Trace all result attributes
63        for (key, value) in &result_attrs {
64            trace!("  {:?}:{:?}", key, value);
65        }
66        // Trace all bin result attributes
67        for (key, value) in &result_bin {
68            trace!("  {:?}:{:?}", key, value);
69        }
70
71        // Change all values...
72        self.properties.domain = domain.to_uppercase();
73        self.properties.distinguishedname = result_dn;    
74        self.properties.domainsid = domain_sid.to_string();
75        self.domain_sid = domain_sid.to_string();
76
77        // With a check
78        for (key, value) in &result_attrs {
79            match key.as_str() {
80                "name" => {
81                    let name = format!("{}@{}",&value[0],domain);
82                    self.properties.name = name.to_uppercase();
83                }
84                "description" => {
85                    self.properties.description = Some(value[0].to_owned());
86                }
87                "whenCreated" => {
88                    let epoch = string_to_epoch(&value[0])?;
89                    if epoch.is_positive() {
90                        self.properties.whencreated = epoch;
91                    }
92                }
93                "IsDeleted" => {
94                    self.is_deleted = true.into();
95                }
96                "crossCertificatePair" => {
97                    self.properties.hascrosscertificatepair = true;
98                    // self.properties.crosscertificatepair = value[0].to_owned();
99                }
100                _ => {}
101            }
102        }
103
104        // For all, bins attributs
105        for (key, value) in &result_bin {
106            match key.as_str() {
107                "objectGUID" => {
108                    // objectGUID raw to string
109                    let guid = decode_guid_le(&value[0]);
110                    self.object_identifier = guid.to_owned().into();
111                }
112                "nTSecurityDescriptor" => {
113                    // Needed with acl
114                    let entry_type = "AIACA".to_string();
115                    // nTSecurityDescriptor raw to string
116                    let relations_ace = parse_ntsecuritydescriptor(
117                        self,
118                        &value[0],
119                        entry_type,
120                        &result_attrs,
121                        &result_bin,
122                        &domain,
123                    );
124                    self.aces = relations_ace;
125                }
126                "cACertificate" => {
127                    //info!("{:?}:{:?}", key,value[0].to_owned());
128                    let certsha1: String = calculate_sha1(&value[0]);
129                    self.properties.certthumbprint = certsha1.to_owned();
130                    self.properties.certname = certsha1.to_owned();
131                    self.properties.certchain = vec![certsha1.to_owned()];
132
133                    // Parsing certificate.
134                    let res = X509Certificate::from_der(&value[0]);
135                    match res {
136                        Ok((_rem, cert)) => {
137                            // println!("Basic Constraints Extensions:");
138                            for ext in cert.extensions() {
139                                // println!("{:?} : {:?}",&ext.oid, ext);
140                                if &ext.oid == &oid!(2.5.29.19) {
141                                    // <https://docs.rs/x509-parser/latest/x509_parser/extensions/struct.BasicConstraints.html>
142                                    if let ParsedExtension::BasicConstraints(basic_constraints) = &ext.parsed_extension() {
143                                        let _ca = &basic_constraints.ca;
144                                        let _path_len_constraint = &basic_constraints.path_len_constraint;
145                                        // println!("ca: {:?}", _ca);
146                                        // println!("path_len_constraint: {:?}", _path_len_constraint);
147                                        match _path_len_constraint {
148                                            Some(_path_len_constraint) => {
149                                                if _path_len_constraint > &0 {
150                                                    self.properties.hasbasicconstraints = true;
151                                                    self.properties.basicconstraintpathlength = _path_len_constraint.to_owned();
152
153                                                } else {
154                                                    self.properties.hasbasicconstraints = false;
155                                                    self.properties.basicconstraintpathlength = 0;
156                                                }
157                                            },
158                                            None => {
159                                                self.properties.hasbasicconstraints = false;
160                                                self.properties.basicconstraintpathlength = 0;
161                                            }
162                                        }
163                                    }
164                                }
165                            }
166                        },
167                        _ => error!("CA x509 certificate parsing failed: {:?}", res),
168                    }
169                }
170                _ => {}
171            }
172        }
173
174        // Push DN and SID in HashMap
175        if self.object_identifier.to_string() != "SID" {
176            dn_sid.insert(
177                self.properties.distinguishedname.to_owned(),
178                self.object_identifier.to_owned()
179            );
180            // Push DN and Type
181            sid_type.insert(
182                self.object_identifier.to_owned(),
183                "AIACA".to_string()
184            );
185        }
186
187        // Trace and return AIACA struct
188        // trace!("JSON OUTPUT: {:?}",serde_json::to_string(&self).unwrap());
189        Ok(())
190    }
191}
192
193impl LdapObject for AIACA {
194    // To JSON
195    fn to_json(&self) -> Value {
196        serde_json::to_value(&self).unwrap()
197    }
198
199    // Get values
200    fn get_object_identifier(&self) -> &String {
201        &self.object_identifier
202    }
203    fn get_is_acl_protected(&self) -> &bool {
204        &self.is_acl_protected
205    }
206    fn get_aces(&self) -> &Vec<AceTemplate> {
207        &self.aces
208    }
209    fn get_spntargets(&self) -> &Vec<SPNTarget> {
210        panic!("Not used by current object.");
211    }
212    fn get_allowed_to_delegate(&self) -> &Vec<Member> {
213        panic!("Not used by current object.");
214    }
215    fn get_links(&self) -> &Vec<Link> {
216        panic!("Not used by current object.");
217    }
218    fn get_contained_by(&self) -> &Option<Member> {
219        &self.contained_by
220    }
221    fn get_child_objects(&self) -> &Vec<Member> {
222        panic!("Not used by current object.");
223    }
224    fn get_haslaps(&self) -> &bool {
225        &false
226    }
227    
228    // Get mutable values
229    fn get_aces_mut(&mut self) -> &mut Vec<AceTemplate> {
230        &mut self.aces
231    }
232    fn get_spntargets_mut(&mut self) -> &mut Vec<SPNTarget> {
233        panic!("Not used by current object.");
234    }
235    fn get_allowed_to_delegate_mut(&mut self) -> &mut Vec<Member> {
236        panic!("Not used by current object.");
237    }
238    
239    // Edit values
240    fn set_is_acl_protected(&mut self, is_acl_protected: bool) {
241        self.is_acl_protected = is_acl_protected;
242        self.properties.isaclprotected = is_acl_protected;
243    }
244    fn set_aces(&mut self, aces: Vec<AceTemplate>) {
245        self.aces = aces;
246    }
247    fn set_spntargets(&mut self, _spn_targets: Vec<SPNTarget>) {
248        // Not used by current object.
249    }
250    fn set_allowed_to_delegate(&mut self, _allowed_to_delegate: Vec<Member>) {
251        // Not used by current object.
252    }
253    fn set_links(&mut self, _links: Vec<Link>) {
254        // Not used by current object.
255    }
256    fn set_contained_by(&mut self, contained_by: Option<Member>) {
257        self.contained_by = contained_by;
258    }
259    fn set_child_objects(&mut self, _child_objects: Vec<Member>) {
260        // Not used by current object.
261    }
262}
263
264
265// AIACA properties structure
266#[derive(Debug, Clone, Deserialize, Serialize)]
267pub struct AIACAProperties {
268   domain: String,
269   name: String,
270   distinguishedname: String,
271   domainsid: String,
272   isaclprotected: bool,
273   description: Option<String>,
274   whencreated: i64,
275   crosscertificatepair: Vec<String>,
276   hascrosscertificatepair: bool,
277   certthumbprint: String,
278   certname: String,
279   certchain: Vec<String>,
280   hasbasicconstraints: bool,
281   basicconstraintpathlength: u32,
282}
283
284impl Default for AIACAProperties {
285    fn default() -> AIACAProperties {
286        AIACAProperties {
287            domain: String::from(""),
288            name: String::from(""),
289            distinguishedname: String::from(""),
290            domainsid: String::from(""),
291            isaclprotected: false,
292            description: None,
293            whencreated: -1,
294            crosscertificatepair: Vec::new(),
295            hascrosscertificatepair: false,
296            certthumbprint: String::from(""),
297            certname: String::from(""),
298            certchain: Vec::new(),
299            hasbasicconstraints: false,
300            basicconstraintpathlength: 0,
301       }
302    }
303}