rusthound_ce/objects/
rootca.rs

1use serde_json::value::Value;
2use serde::{Deserialize, Serialize};
3use x509_parser::oid_registry::asn1_rs::oid;
4use x509_parser::prelude::*;
5use ldap3::SearchEntry;
6use log::{debug, error, trace};
7use std::collections::HashMap;
8use std::error::Error;
9
10use crate::objects::common::{LdapObject, AceTemplate, SPNTarget, Link, Member};
11use crate::enums::{decode_guid_le, parse_ntsecuritydescriptor};
12use crate::utils::date::string_to_epoch;
13use crate::utils::crypto::calculate_sha1;
14
15
16/// RootCA structure
17#[derive(Debug, Clone, Deserialize, Serialize, Default)]
18pub struct RootCA {
19    #[serde(rename = "Properties")]
20    properties: RootCAProperties,
21    #[serde(rename = "DomainSID")]
22    domain_sid: String,
23    #[serde(rename = "Aces")]
24    aces: Vec<AceTemplate>,
25    #[serde(rename = "ObjectIdentifier")]
26    object_identifier: String,
27    #[serde(rename = "IsDeleted")]
28    is_deleted: bool,
29    #[serde(rename = "IsACLProtected")]
30    is_acl_protected: bool,
31    #[serde(rename = "ContainedBy")]
32    contained_by: Option<Member>,
33}
34
35impl RootCA {
36    // New RootCA
37    pub fn new() -> Self { 
38        Self { ..Default::default() } 
39    }
40
41    /// Function to parse and replace value in json template for ROOT CA object.
42    pub fn parse(
43        &mut self,
44        result: SearchEntry,
45        domain: &str,
46        dn_sid: &mut HashMap<String, String>,
47        sid_type: &mut HashMap<String, String>,
48        domain_sid: &str
49    ) -> Result<(), Box<dyn Error>> {
50        let result_dn: String = result.dn.to_uppercase();
51        let result_attrs: HashMap<String, Vec<String>> = result.attrs;
52        let result_bin: HashMap<String, Vec<Vec<u8>>> = result.bin_attrs;
53
54        // Debug for current object
55        debug!("Parse RootCA: {result_dn}");
56
57        // Trace all result attributes
58        for (key, value) in &result_attrs {
59            trace!("  {key:?}:{value:?}");
60        }
61        // Trace all bin result attributes
62        for (key, value) in &result_bin {
63            trace!("  {key:?}:{value:?}");
64        }
65
66        // Change all values...
67        self.properties.domain = domain.to_uppercase();
68        self.properties.distinguishedname = result_dn;    
69        self.properties.domainsid = domain_sid.to_string();
70        self.domain_sid = domain_sid.to_string();
71
72        // With a check
73        for (key, value) in &result_attrs {
74            match key.as_str() {
75                "name" => {
76                    let name = format!("{}@{}", &value[0], domain);
77                    self.properties.name = name.to_uppercase();
78                }
79                "description" => {
80                    self.properties.description = value.first().cloned();
81                }
82                "whenCreated" => {
83                    let epoch = string_to_epoch(&value[0])?;
84                    if epoch.is_positive() {
85                        self.properties.whencreated = epoch;
86                    }
87                }
88                "IsDeleted" => {
89                    self.is_deleted = true;
90                }
91                _ => {}
92            }
93        }
94
95        // For all, bins attributs
96        for (key, value) in &result_bin {
97            match key.as_str() {
98                "objectGUID" => {
99                    // objectGUID raw to string
100                    self.object_identifier = decode_guid_le(&value[0]).to_owned();
101                }
102                "nTSecurityDescriptor" => {
103                    // nTSecurityDescriptor raw to string
104                    let relations_ace = parse_ntsecuritydescriptor(
105                        self,
106                        &value[0],
107                        "RootCA",
108                        &result_attrs,
109                        &result_bin,
110                        domain,
111                    );
112                    self.aces = relations_ace;
113                }
114                "cACertificate" => {
115                    //info!("{:?}:{:?}", key,value[0].to_owned());
116                    let certsha1: String = calculate_sha1(&value[0]);
117                    self.properties.certthumbprint = certsha1.to_string();
118                    self.properties.certname = certsha1.to_string();
119                    self.properties.certchain = vec![certsha1.to_string()];
120
121                    // Parsing certificate.
122                    let res = X509Certificate::from_der(&value[0]);
123                    match res {
124                        Ok((_rem, cert)) => {
125                            // println!("Basic Constraints Extensions:");
126                            for ext in cert.extensions() {
127                                // println!("{:?} : {:?}",&ext.oid, ext);
128                                if &ext.oid == &oid!(2.5.29.19) {
129                                    // <https://docs.rs/x509-parser/latest/x509_parser/extensions/struct.BasicConstraints.html>
130                                    if let ParsedExtension::BasicConstraints(basic_constraints) = &ext.parsed_extension() {
131                                        let _ca = &basic_constraints.ca;
132                                        let _path_len_constraint = &basic_constraints.path_len_constraint;
133                                        // println!("ca: {:?}", _ca);
134                                        // println!("path_len_constraint: {:?}", _path_len_constraint);
135                                        match _path_len_constraint {
136                                            Some(_path_len_constraint) => {
137                                                if _path_len_constraint > &0 {
138                                                    self.properties.hasbasicconstraints = true;
139                                                    self.properties.basicconstraintpathlength = _path_len_constraint.to_owned();
140
141                                                } else {
142                                                    self.properties.hasbasicconstraints = false;
143                                                    self.properties.basicconstraintpathlength = 0_u32;
144                                                }
145                                            },
146                                            None => {
147                                                self.properties.hasbasicconstraints = false;
148                                                self.properties.basicconstraintpathlength = 0_u32;
149                                            }
150                                        }
151                                    }
152                                }
153                            }
154                        },
155                        _ => error!("CA x509 certificate parsing failed: {:?}", res),
156                    }
157                }
158                _ => {}
159            }
160        }
161
162        // Push DN and SID in HashMap
163        if self.object_identifier != "SID" {
164            dn_sid.insert(
165                self.properties.distinguishedname.to_string(),
166                self.object_identifier.to_string()
167            );
168            // Push DN and Type
169            sid_type.insert(
170                self.object_identifier.to_string(),
171                "RootCA".to_string()
172            );
173        }
174
175        // Trace and return RootCA struct
176        // trace!("JSON OUTPUT: {:?}",serde_json::to_string(&self).unwrap());
177        Ok(())
178    }
179}
180
181impl LdapObject for RootCA {
182    // To JSON
183    fn to_json(&self) -> Value {
184        serde_json::to_value(self).unwrap()
185    }
186
187    // Get values
188    fn get_object_identifier(&self) -> &String {
189        &self.object_identifier
190    }
191    fn get_is_acl_protected(&self) -> &bool {
192        &self.is_acl_protected
193    }
194    fn get_aces(&self) -> &Vec<AceTemplate> {
195        &self.aces
196    }
197    fn get_spntargets(&self) -> &Vec<SPNTarget> {
198        panic!("Not used by current object.");
199    }
200    fn get_allowed_to_delegate(&self) -> &Vec<Member> {
201        panic!("Not used by current object.");
202    }
203    fn get_links(&self) -> &Vec<Link> {
204        panic!("Not used by current object.");
205    }
206    fn get_contained_by(&self) -> &Option<Member> {
207        &self.contained_by
208    }
209    fn get_child_objects(&self) -> &Vec<Member> {
210        panic!("Not used by current object.");
211    }
212    fn get_haslaps(&self) -> &bool {
213        &false
214    }
215    
216    // Get mutable values
217    fn get_aces_mut(&mut self) -> &mut Vec<AceTemplate> {
218        &mut self.aces
219    }
220    fn get_spntargets_mut(&mut self) -> &mut Vec<SPNTarget> {
221        panic!("Not used by current object.");
222    }
223    fn get_allowed_to_delegate_mut(&mut self) -> &mut Vec<Member> {
224        panic!("Not used by current object.");
225    }
226    
227    // Edit values
228    fn set_is_acl_protected(&mut self, is_acl_protected: bool) {
229        self.is_acl_protected = is_acl_protected;
230        self.properties.isaclprotected = is_acl_protected;
231    }
232    fn set_aces(&mut self, aces: Vec<AceTemplate>) {
233        self.aces = aces;
234    }
235    fn set_spntargets(&mut self, _spn_targets: Vec<SPNTarget>) {
236        // Not used by current object.
237    }
238    fn set_allowed_to_delegate(&mut self, _allowed_to_delegate: Vec<Member>) {
239        // Not used by current object.
240    }
241    fn set_links(&mut self, _links: Vec<Link>) {
242        // Not used by current object.
243    }
244    fn set_contained_by(&mut self, contained_by: Option<Member>) {
245        self.contained_by = contained_by;
246    }
247    fn set_child_objects(&mut self, _child_objects: Vec<Member>) {
248        // Not used by current object.
249    }
250}
251
252
253// RootCA properties structure
254#[derive(Debug, Clone, Deserialize, Serialize)]
255pub struct RootCAProperties {
256   domain: String,
257   name: String,
258   distinguishedname: String,
259   domainsid: String,
260   isaclprotected: bool,
261   description: Option<String>,
262   whencreated: i64,
263   certthumbprint: String,
264   certname: String,
265   certchain: Vec<String>,
266   hasbasicconstraints: bool,
267   basicconstraintpathlength: u32,
268}
269
270impl Default for RootCAProperties {
271    fn default() -> RootCAProperties {
272        RootCAProperties {
273            domain: String::from(""),
274            name: String::from(""),
275            distinguishedname: String::from(""),
276            domainsid: String::from(""),
277            isaclprotected: false,
278            description: None,
279            whencreated: -1,
280            certthumbprint: String::from(""),
281            certname: String::from(""),
282            certchain: Vec::new(),
283            hasbasicconstraints: false,
284            basicconstraintpathlength: 0,
285       }
286    }
287}
rusthound_ce/objects/rootca.rs

rusthound_ce/objects/
rootca.rs
