< Summary

Class:	SharpHoundCommonLib.Processors.CertAbuseProcessor
Assembly:	SharpHoundCommonLib
File(s):	D:\a\SharpHoundCommon\SharpHoundCommon\src\CommonLib\Processors\CertAbuseProcessor.cs
Covered lines:	0
Uncovered lines:	242
Coverable lines:	242
Total lines:	478
Line coverage:	0% (0 of 242)
Covered branches:	0
Total branches:	124
Branch coverage:	0% (0 of 124)

Metrics

Method	Branch coverage	Cyclomatic complexity	Sequence coverage
.ctor(...)	0%	2	0%
ProcessRegistryEnrollmentPermissions()	0%	38	0%
ProcessEAPermissions()	0%	16	0%
ProcessCertTemplates()	0%	6	0%
GetRegistryPrincipal()	0%	22	0%
GetMachineSid()	0%	10	0%
CreateEnrollmentAgentRestriction()	0%	24	0%
OpenSamServer(...)	0%	2	0%
SendComputerStatus()	0%	4	0%

File(s)

D:\a\SharpHoundCommon\SharpHoundCommon\src\CommonLib\Processors\CertAbuseProcessor.cs

#	Line	Line coverage
	`1`	`using System;`
	`2`	`using System.Collections.Generic;`
	`3`	`using System.Diagnostics.CodeAnalysis;`
	`4`	`using System.Security.AccessControl;`
	`5`	`using System.Security.Principal;`
	`6`	`using System.Text;`
	`7`	`using System.Threading.Tasks;`
	`8`	`using Microsoft.Extensions.Logging;`
	`9`	`using SharpHoundCommonLib.Enums;`
	`10`	`using SharpHoundCommonLib.OutputTypes;`
	`11`	`using SharpHoundRPC;`
	`12`	`using SharpHoundRPC.Wrappers;`
	`13`	`using Encoder = Microsoft.Security.Application.Encoder;`
	`14`
	`15`	`namespace SharpHoundCommonLib.Processors`
	`16`	`{`
	`17`	`public class CertAbuseProcessor`
	`18`	`{`
	`19`	`private readonly ILogger _log;`
	`20`	`private readonly ILdapUtils _utils;`
	`21`	`public delegate Task ComputerStatusDelegate(CSVComputerStatus status);`
	`22`	`public event ComputerStatusDelegate ComputerStatusEvent;`
	`23`
	`24`
0	`25`	`public CertAbuseProcessor(ILdapUtils utils, ILogger log = null)`
0	`26`	`{`
0	`27`	`_utils = utils;`
0	`28`	`_log = log ?? Logging.LogProvider.CreateLogger("CAProc");`
0	`29`	`}`
	`30`
	`31`	`/// <summary>`
	`32`	`/// This function should be called with the security data fetched from <see cref="GetCARegistryValues"/>.`
	`33`	`/// The resulting ACEs will contain the owner of the CA as well as Management rights.`
	`34`	`/// </summary>`
	`35`	`/// <param name="security"></param>`
	`36`	`/// <param name="objectDomain"></param>`
	`37`	`/// <param name="computerName"></param>`
	`38`	`/// <returns></returns>`
	`39`	`public async Task<AceRegistryAPIResult> ProcessRegistryEnrollmentPermissions(string caName, string objectDomain,`
0	`40`	`{`
0	`41`	`var data = new AceRegistryAPIResult();`
	`42`
0	`43`	`var aceData = GetCASecurity(computerName, caName);`
0	`44`	`data.Collected = aceData.Collected;`
0	`45`	`if (!aceData.Collected)`
0	`46`	`{`
0	`47`	`data.FailureReason = aceData.FailureReason;`
0	`48`	`return data;`
	`49`	`}`
	`50`
0	`51`	`if (aceData.Value == null)`
0	`52`	`{`
0	`53`	`return data;`
	`54`	`}`
	`55`
0	`56`	`var descriptor = _utils.MakeSecurityDescriptor();`
0	`57`	`descriptor.SetSecurityDescriptorBinaryForm(aceData.Value as byte[], AccessControlSections.All);`
	`58`
0	`59`	`var ownerSid = Helpers.PreProcessSID(descriptor.GetOwner(typeof(SecurityIdentifier)));`
0	`60`	`var isDomainController = await _utils.IsDomainController(computerObjectId, objectDomain);`
0	`61`	`var machineSid = await GetMachineSid(computerName, computerObjectId);`
	`62`
0	`63`	`var aces = new List<ACE>();`
	`64`
0	`65`	`if (ownerSid != null) {`
0	`66`	`var processed = new SecurityIdentifier(ownerSid);`
0	`67`	`if (await GetRegistryPrincipal(processed, objectDomain, computerName,`
0	`68`	`isDomainController, computerObjectId, machineSid) is (true, var resolvedOwner)) {`
0	`69`	`aces.Add(new ACE`
0	`70`	`{`
0	`71`	`PrincipalType = resolvedOwner.ObjectType,`
0	`72`	`PrincipalSID = resolvedOwner.ObjectIdentifier,`
0	`73`	`RightName = EdgeNames.Owns,`
0	`74`	`IsInherited = false`
0	`75`	`});`
0	`76`	`} else {`
0	`77`	`aces.Add(new ACE`
0	`78`	`{`
0	`79`	`PrincipalType = Label.Base,`
0	`80`	`PrincipalSID = processed.Value,`
0	`81`	`RightName = EdgeNames.Owns,`
0	`82`	`IsInherited = false`
0	`83`	`});`
0	`84`	`}`
0	`85`	`}`
	`86`	`else`
0	`87`	`{`
0	`88`	`_log.LogDebug("Owner on CA {Name} is null", computerName);`
0	`89`	`}`
	`90`
0	`91`	`foreach (var rule in descriptor.GetAccessRules(true, true, typeof(SecurityIdentifier)))`
0	`92`	`{`
0	`93`	`if (rule == null)`
0	`94`	`continue;`
	`95`
0	`96`	`if (rule.AccessControlType() == AccessControlType.Deny)`
0	`97`	`continue;`
	`98`
0	`99`	`var principalSid = Helpers.PreProcessSID(rule.IdentityReference());`
0	`100`	`if (principalSid == null)`
0	`101`	`continue;`
	`102`
0	`103`	`var (getDomainSuccess, principalDomain) = await _utils.GetDomainNameFromSid(principalSid);`
0	`104`	`if (!getDomainSuccess) {`
	`105`	`//Fallback to computer's domain in case we cant resolve the principal domain`
0	`106`	`principalDomain = objectDomain;`
0	`107`	`}`
0	`108`	`var (resSuccess, resolvedPrincipal) = await GetRegistryPrincipal(new SecurityIdentifier(principalSid), p`
0	`109`	`if (!resSuccess) {`
0	`110`	`resolvedPrincipal = new TypedPrincipal {`
0	`111`	`ObjectType = Label.Base,`
0	`112`	`ObjectIdentifier = principalSid`
0	`113`	`};`
0	`114`	`}`
0	`115`	`var isInherited = rule.IsInherited();`
	`116`
0	`117`	`var cARights = (CertificationAuthorityRights)rule.ActiveDirectoryRights();`
	`118`
	`119`	`// TODO: These if statements are also present in ProcessACL. Move to shared location.`
0	`120`	`if ((cARights & CertificationAuthorityRights.ManageCA) != 0)`
0	`121`	`aces.Add(new ACE`
0	`122`	`{`
0	`123`	`PrincipalType = resolvedPrincipal.ObjectType,`
0	`124`	`PrincipalSID = resolvedPrincipal.ObjectIdentifier,`
0	`125`	`IsInherited = isInherited,`
0	`126`	`RightName = EdgeNames.ManageCA`
0	`127`	`});`
0	`128`	`if ((cARights & CertificationAuthorityRights.ManageCertificates) != 0)`
0	`129`	`aces.Add(new ACE`
0	`130`	`{`
0	`131`	`PrincipalType = resolvedPrincipal.ObjectType,`
0	`132`	`PrincipalSID = resolvedPrincipal.ObjectIdentifier,`
0	`133`	`IsInherited = isInherited,`
0	`134`	`RightName = EdgeNames.ManageCertificates`
0	`135`	`});`
	`136`
0	`137`	`if ((cARights & CertificationAuthorityRights.Enroll) != 0)`
0	`138`	`aces.Add(new ACE`
0	`139`	`{`
0	`140`	`PrincipalType = resolvedPrincipal.ObjectType,`
0	`141`	`PrincipalSID = resolvedPrincipal.ObjectIdentifier,`
0	`142`	`IsInherited = isInherited,`
0	`143`	`RightName = EdgeNames.Enroll`
0	`144`	`});`
0	`145`	`}`
	`146`
0	`147`	`data.Data = aces.ToArray();`
0	`148`	`return data;`
0	`149`	`}`
	`150`
	`151`	`/// <summary>`
	`152`	`/// This function should be called with the enrollment data fetched from <see cref="GetCARegistryValues"/>.`
	`153`	`/// The resulting items will contain enrollment agent restrictions`
	`154`	`/// </summary>`
	`155`	`/// <param name="enrollmentAgentRestrictions"></param>`
	`156`	`/// <returns></returns>`
	`157`	`public async Task<EnrollmentAgentRegistryAPIResult> ProcessEAPermissions(string caName, string objectDomain, str`
0	`158`	`{`
0	`159`	`var ret = new EnrollmentAgentRegistryAPIResult();`
0	`160`	`var regData = GetEnrollmentAgentRights(computerName, caName);`
	`161`
0	`162`	`ret.Collected = regData.Collected;`
0	`163`	`if (!ret.Collected)`
0	`164`	`{`
0	`165`	`ret.FailureReason = regData.FailureReason;`
0	`166`	`return ret;`
	`167`	`}`
	`168`
0	`169`	`if (regData.Value == null)`
0	`170`	`{`
0	`171`	`return ret;`
	`172`	`}`
	`173`
0	`174`	`var isDomainController = await _utils.IsDomainController(computerObjectId, objectDomain);`
0	`175`	`var machineSid = await GetMachineSid(computerName, computerObjectId);`
0	`176`	`var descriptor = new RawSecurityDescriptor(regData.Value as byte[], 0);`
0	`177`	`var enrollmentAgentRestrictions = new List<EnrollmentAgentRestriction>();`
0	`178`	`foreach (var genericAce in descriptor.DiscretionaryAcl)`
0	`179`	`{`
0	`180`	`var ace = (QualifiedAce)genericAce;`
0	`181`	`if (await CreateEnrollmentAgentRestriction(ace, objectDomain, computerName, isDomainController,`
0	`182`	`computerObjectId, machineSid) is (true, var restriction)) {`
0	`183`	`enrollmentAgentRestrictions.Add(restriction);`
0	`184`	`}`
0	`185`	`}`
	`186`
0	`187`	`ret.Restrictions = enrollmentAgentRestrictions.ToArray();`
	`188`
0	`189`	`return ret;`
0	`190`	`}`
	`191`
	`192`	`public async Task<(IEnumerable<TypedPrincipal> resolvedTemplates, IEnumerable<string> unresolvedTemplates)> Proc`
0	`193`	`{`
0	`194`	`var resolvedTemplates = new List<TypedPrincipal>();`
0	`195`	`var unresolvedTemplates = new List<string>();`
	`196`
0	`197`	`foreach (var templateCN in templates)`
0	`198`	`{`
0	`199`	`var res = await _utils.ResolveCertTemplateByProperty(Encoder.LdapFilterEncode(templateCN), LDAPPropertie`
0	`200`	`if (res.Success) {`
0	`201`	`resolvedTemplates.Add(res.Principal);`
0	`202`	`} else {`
0	`203`	`unresolvedTemplates.Add(templateCN);`
0	`204`	`}`
0	`205`	`}`
	`206`
0	`207`	`return (resolvedTemplates: resolvedTemplates, unresolvedTemplates: unresolvedTemplates);`
0	`208`	`}`
	`209`
	`210`	`/// <summary>`
	`211`	`/// Get CA security registry value from the remote machine for processing security/enrollmentagentrights`
	`212`	`/// </summary>`
	`213`	`/// <param name="target"></param>`
	`214`	`/// <param name="caName"></param>`
	`215`	`/// <returns></returns>`
	`216`	`[ExcludeFromCodeCoverage]`
	`217`	`private RegistryResult GetCASecurity(string target, string caName)`
	`218`	`{`
	`219`	`var regSubKey = $"SYSTEM\\CurrentControlSet\\Services\\CertSvc\\Configuration\\{caName}";`
	`220`	`const string regValue = "Security";`
	`221`
	`222`	`return Helpers.GetRegistryKeyData(target, regSubKey, regValue, _log);`
	`223`	`}`
	`224`
	`225`	`/// <summary>`
	`226`	`/// Get EnrollmentAgentRights registry value from the remote machine for processing security/enrollmentagentrigh`
	`227`	`/// </summary>`
	`228`	`/// <param name="target"></param>`
	`229`	`/// <param name="caName"></param>`
	`230`	`/// <returns></returns>`
	`231`	`[ExcludeFromCodeCoverage]`
	`232`	`private RegistryResult GetEnrollmentAgentRights(string target, string caName)`
	`233`	`{`
	`234`	`var regSubKey = $"SYSTEM\\CurrentControlSet\\Services\\CertSvc\\Configuration\\{caName}";`
	`235`	`var regValue = "EnrollmentAgentRights";`
	`236`
	`237`	`return Helpers.GetRegistryKeyData(target, regSubKey, regValue, _log);`
	`238`	`}`
	`239`
	`240`	`/// <summary>`
	`241`	`/// This function checks a registry setting on the target host for the specified CA to see if a requesting user`
	`242`	`/// The ManageCA permission allows you to flip this bit as well. This appears to usually work, even if admin rig`
	`243`	`/// </summary>`
	`244`	`/// <remarks>https://blog.keyfactor.com/hidden-dangers-certificate-subject-alternative-names-sans</remarks>`
	`245`	`/// <param name="target"></param>`
	`246`	`/// <param name="caName"></param>`
	`247`	`/// <returns></returns>`
	`248`	`/// <exception cref="Exception"></exception>`
	`249`	`[ExcludeFromCodeCoverage]`
	`250`	`public BoolRegistryAPIResult IsUserSpecifiesSanEnabled(string target, string caName)`
	`251`	`{`
	`252`	`var ret = new BoolRegistryAPIResult();`
	`253`	`var subKey =`
	`254`	`$"SYSTEM\\CurrentControlSet\\Services\\CertSvc\\Configuration\\{caName}\\PolicyModules\\CertificateAutho`
	`255`	`const string subValue = "EditFlags";`
	`256`	`var data = Helpers.GetRegistryKeyData(target, subKey, subValue, _log);`
	`257`
	`258`	`ret.Collected = data.Collected;`
	`259`	`if (!data.Collected)`
	`260`	`{`
	`261`	`ret.FailureReason = data.FailureReason;`
	`262`	`return ret;`
	`263`	`}`
	`264`
	`265`	`if (data.Value == null)`
	`266`	`{`
	`267`	`return ret;`
	`268`	`}`
	`269`
	`270`	`var editFlags = (int)data.Value;`
	`271`	`ret.Value = (editFlags & 0x00040000) == 0x00040000;`
	`272`
	`273`	`return ret;`
	`274`	`}`
	`275`
	`276`	`/// <summary>`
	`277`	`/// This function checks a registry setting on the target host for the specified CA to see if role seperation is`
	`278`	`/// If enabled, you cannot perform any CA actions if you have both ManageCA and ManageCertificates permissions.`
	`279`	`/// </summary>`
	`280`	`/// <remarks>https://www.itprotoday.com/security/q-how-can-i-make-sure-given-windows-account-assigned-only-singl`
	`281`	`/// <param name="target"></param>`
	`282`	`/// <param name="caName"></param>`
	`283`	`/// <returns></returns>`
	`284`	`/// <exception cref="Exception"></exception>`
	`285`	`[ExcludeFromCodeCoverage]`
	`286`	`public BoolRegistryAPIResult RoleSeparationEnabled(string target, string caName)`
	`287`	`{`
	`288`	`var ret = new BoolRegistryAPIResult();`
	`289`	`var regSubKey = $"SYSTEM\\CurrentControlSet\\Services\\CertSvc\\Configuration\\{caName}";`
	`290`	`const string regValue = "RoleSeparationEnabled";`
	`291`	`var data = Helpers.GetRegistryKeyData(target, regSubKey, regValue, _log);`
	`292`
	`293`	`ret.Collected = data.Collected;`
	`294`	`if (!data.Collected)`
	`295`	`{`
	`296`	`ret.FailureReason = data.FailureReason;`
	`297`	`return ret;`
	`298`	`}`
	`299`
	`300`	`if (data.Value == null)`
	`301`	`{`
	`302`	`return ret;`
	`303`	`}`
	`304`
	`305`	`ret.Value = (int)data.Value == 1;`
	`306`
	`307`	`return ret;`
	`308`	`}`
	`309`
	`310`	`public async Task<(bool Success, TypedPrincipal Principal)> GetRegistryPrincipal(SecurityIdentifier sid, string`
0	`311`	`{`
0	`312`	`_log.LogTrace("Got principal with sid {SID} on computer {ComputerName}", sid.Value, computerName);`
	`313`
	`314`	`//Check if our sid is filtered`
0	`315`	`if (Helpers.IsSidFiltered(sid.Value))`
0	`316`	`return (false, default);`
	`317`
0	`318`	`if (isDomainController &&`
0	`319`	`await _utils.ResolveIDAndType(sid.Value, computerDomain) is (true, var resolvedPrincipal)) {`
0	`320`	`return (true, resolvedPrincipal);`
	`321`	`}`
	`322`
	`323`	`//If we get a local well known principal, we need to convert it using the computer's domain sid`
0	`324`	`if (await _utils.ConvertLocalWellKnownPrincipal(sid, computerObjectId, computerDomain) is`
0	`325`	`(true, var principal)) {`
0	`326`	`return (true, principal);`
	`327`	`}`
	`328`
	`329`	`//If the security identifier starts with the machine sid, we need to resolve it as a local principal`
0	`330`	`if (machineSid != null && sid.IsEqualDomainSid(machineSid))`
0	`331`	`{`
0	`332`	`_log.LogTrace("Got local principal {sid} on computer {Computer}", sid.Value, computerName);`
	`333`
	`334`	`// Set label to be local group. It could be a local user or alias but I'm not sure how we can confirm. B`
	`335`	`// The local group sid is computer machine sid - group rid.`
0	`336`	`var groupRid = sid.Rid();`
0	`337`	`var newSid = $"{computerObjectId}-{groupRid}";`
0	`338`	`return (true, new TypedPrincipal(newSid, Label.LocalGroup));`
	`339`	`}`
	`340`
	`341`	`//If we get here, we most likely have a domain principal. Do a lookup`
0	`342`	`return await _utils.ResolveIDAndType(sid.Value, computerDomain);`
0	`343`	`}`
	`344`
	`345`	`private async Task<SecurityIdentifier> GetMachineSid(string computerName, string computerObjectId)`
0	`346`	`{`
0	`347`	`SecurityIdentifier machineSid = null;`
	`348`
	`349`	`//Try to get the machine sid for the computer if its not already cached`
0	`350`	`if (!Cache.GetMachineSid(computerObjectId, out var tempMachineSid))`
0	`351`	`{`
	`352`	`// Open a handle to the server`
0	`353`	`var openServerResult = OpenSamServer(computerName);`
0	`354`	`if (openServerResult.IsFailed)`
0	`355`	`{`
0	`356`	`_log.LogTrace("OpenServer failed on {ComputerName}: {Error}", computerName, openServerResult.SError)`
0	`357`	`await SendComputerStatus(new CSVComputerStatus`
0	`358`	`{`
0	`359`	`Task = "SamConnect",`
0	`360`	`ComputerName = computerName,`
0	`361`	`Status = openServerResult.SError`
0	`362`	`});`
0	`363`	`return null;`
	`364`	`}`
	`365`
0	`366`	`var server = openServerResult.Value;`
0	`367`	`var getMachineSidResult = server.GetMachineSid();`
0	`368`	`if (getMachineSidResult.IsFailed)`
0	`369`	`{`
0	`370`	`_log.LogTrace("GetMachineSid failed on {ComputerName}: {Error}", computerName, getMachineSidResult.S`
0	`371`	`await SendComputerStatus(new CSVComputerStatus`
0	`372`	`{`
0	`373`	`Status = getMachineSidResult.SError,`
0	`374`	`ComputerName = computerName,`
0	`375`	`Task = "GetMachineSid"`
0	`376`	`});`
	`377`	`//If we can't get a machine sid, we wont be able to make local principals with unique object ids, or`
0	`378`	`_log.LogWarning("Unable to get machineSid for {Computer}: {Status}", computerName, getMachineSidResu`
0	`379`	`return null;`
	`380`	`}`
	`381`
0	`382`	`machineSid = getMachineSidResult.Value;`
0	`383`	`Cache.AddMachineSid(computerObjectId, machineSid.Value);`
0	`384`	`}`
	`385`	`else`
0	`386`	`{`
0	`387`	`machineSid = new SecurityIdentifier(tempMachineSid);`
0	`388`	`}`
	`389`
0	`390`	`return machineSid;`
0	`391`	`}`
	`392`
0	`393`	`private async Task<(bool success, EnrollmentAgentRestriction restriction)> CreateEnrollmentAgentRestriction(Qual`
0	`394`	`var targets = new List<TypedPrincipal>();`
0	`395`	`var index = 0;`
	`396`
0	`397`	`var accessType = ace.AceType.ToString();`
0	`398`	`var agent = await GetRegistryPrincipal(ace.SecurityIdentifier, computerDomain, computerName, isDomainControl`
0	`399`	`computerObjectId, machineSid);`
	`400`
0	`401`	`var opaque = ace.GetOpaque();`
0	`402`	`var sidCount = BitConverter.ToUInt32(opaque, 0);`
0	`403`	`index += 4;`
	`404`
0	`405`	`for (var i = 0; i < sidCount; i++) {`
0	`406`	`var sid = new SecurityIdentifier(opaque, index);`
0	`407`	`if (await GetRegistryPrincipal(sid, computerDomain, computerName, isDomainController, computerObjectId,`
0	`408`	`machineSid) is (true, var regPrincipal)) {`
0	`409`	`targets.Add(regPrincipal);`
0	`410`	`}`
	`411`
0	`412`	`index += sid.BinaryLength;`
0	`413`	`}`
	`414`
0	`415`	`var finalTargets = targets.ToArray();`
0	`416`	`var allTemplates = index >= opaque.Length;`
0	`417`	`if (index < opaque.Length) {`
0	`418`	`var template = Encoding.Unicode.GetString(opaque, index, opaque.Length - index - 2).Replace("\u0000", st`
0	`419`	`if (await _utils.ResolveCertTemplateByProperty(Encoder.LdapFilterEncode(template), LDAPProperties.Canoni`
0	`420`	`return (true, new EnrollmentAgentRestriction {`
0	`421`	`Template = resolvedTemplate,`
0	`422`	`Agent = agent.Principal,`
0	`423`	`AllTemplates = allTemplates,`
0	`424`	`AccessType = accessType,`
0	`425`	`Targets = finalTargets`
0	`426`	`});`
	`427`	`}`
	`428`
0	`429`	`if (await _utils.ResolveCertTemplateByProperty(`
0	`430`	`Encoder.LdapFilterEncode(template), LDAPProperties.CertTemplateOID, computerDomain) is`
0	`431`	`(true, var resolvedOidTemplate)) {`
0	`432`	`return (true, new EnrollmentAgentRestriction {`
0	`433`	`Template = resolvedOidTemplate,`
0	`434`	`Agent = agent.Principal,`
0	`435`	`AllTemplates = allTemplates,`
0	`436`	`AccessType = accessType,`
0	`437`	`Targets = finalTargets`
0	`438`	`});`
	`439`	`}`
0	`440`	`}`
	`441`
0	`442`	`return (false, default);`
0	`443`	`}`
	`444`
	`445`	`public virtual SharpHoundRPC.Result<ISAMServer> OpenSamServer(string computerName)`
0	`446`	`{`
0	`447`	`var result = SAMServer.OpenServer(computerName);`
0	`448`	`if (result.IsFailed)`
0	`449`	`{`
0	`450`	`return SharpHoundRPC.Result<ISAMServer>.Fail(result.SError);`
	`451`	`}`
	`452`
0	`453`	`return SharpHoundRPC.Result<ISAMServer>.Ok(result.Value);`
0	`454`	`}`
	`455`
	`456`	`private async Task SendComputerStatus(CSVComputerStatus status)`
0	`457`	`{`
0	`458`	`if (ComputerStatusEvent is not null) await ComputerStatusEvent(status);`
0	`459`	`}`
	`460`
	`461`	`}`
	`462`
	`463`	`public class EnrollmentAgentRestriction`
	`464`	`{`
	`465`	`public string AccessType { get; set; }`
	`466`	`public TypedPrincipal Agent { get; set; }`
	`467`	`public TypedPrincipal[] Targets { get; set; }`
	`468`	`public TypedPrincipal Template { get; set; }`
	`469`	`public bool AllTemplates { get; set; } = false;`
	`470`	`}`
	`471`
	`472`	`public class CertRegistryResult`
	`473`	`{`
	`474`	`public bool Collected { get; set; } = false;`
	`475`	`public byte[] Value { get; set; }`
	`476`	`public string FailureReason { get; set; }`
	`477`	`}`
	`478`	`}`

< Summary

Metrics

File(s)

D:\a\SharpHoundCommon\SharpHoundCommon\src\CommonLib\Processors\CertAbuseProcessor.cs

Methods/Properties