feat: add some missing items for issuance policies (#114)

SpecterOps · Mar 26, 2024 · 5c9845b · 5c9845b
1 parent ecfa620
commit 5c9845b
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 2 deletions.
diff --git a/src/CommonLib/Enums/DataType.cs b/src/CommonLib/Enums/DataType.cs
@@ -14,5 +14,6 @@ public static class DataType
         public const string NTAuthStores = "ntauthstores";
         public const string EnterpriseCAs = "enterprisecas";
         public const string CertTemplates = "certtemplates";
+        public const string IssuancePolicies = "issuancepolicies";
     }
-}
+}
diff --git a/src/CommonLib/LDAPQueries/CommonProperties.cs b/src/CommonLib/LDAPQueries/CommonProperties.cs
@@ -84,7 +84,7 @@ public static class CommonProperties
             LDAPProperties.PKIEnrollmentFlag, LDAPProperties.DisplayName, LDAPProperties.Name, LDAPProperties.TemplateSchemaVersion, LDAPProperties.CertTemplateOID,
             LDAPProperties.PKIOverlappedPeriod, LDAPProperties.PKIExpirationPeriod, LDAPProperties.ExtendedKeyUsage, LDAPProperties.NumSignaturesRequired,
             LDAPProperties.CertificateApplicationPolicy, LDAPProperties.IssuancePolicies, LDAPProperties.CrossCertificatePair,
-            LDAPProperties.ApplicationPolicies, LDAPProperties.PKIPrivateKeyFlag
+            LDAPProperties.ApplicationPolicies, LDAPProperties.PKIPrivateKeyFlag, LDAPProperties.OIDGroupLink
         };
     }
 }
diff --git a/src/CommonLib/LDAPQueries/LDAPFilter.cs b/src/CommonLib/LDAPQueries/LDAPFilter.cs
@@ -201,6 +201,17 @@ public LDAPFilter AddEnterpriseCertificationAuthorities(params string[] conditio
             return this;
         }
 
+        /// <summary>
+        ///     Add a filter that will include Issuance Policies
+        /// </summary>
+        /// <param name="conditions"></param>
+        /// <returns></returns>
+        public LDAPFilter AddIssuancePolicies(params string[] conditions)
+        {
+            _filterParts.Add(BuildString("(objectClass=msPKI-Enterprise-Oid)", conditions));
+            return this;
+        }
+
         /// <summary>
         ///     Add a filter that will include schema items
         /// </summary>

diff --git a/src/CommonLib/OutputTypes/IssuancePolicy.cs b/src/CommonLib/OutputTypes/IssuancePolicy.cs
@@ -0,0 +1,7 @@
+namespace SharpHoundCommonLib.OutputTypes
+{
+    public class IssuancePolicy : OutputBase
+    {
+        public TypedPrincipal GroupLink { get; set; } = new();
+    }
+}