Vadims Podans

Problem line: https://github.com/PKISolutions/pkix.net/blob/b0452cf8edcdbeae6f717da0d94bc4ee83b7c83b/PKI/Security/AccessControl/CertTemplateSecurityDescriptor.cs#L205 There should be `ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.WriteProperty | ActiveDirectoryRights.ExtendedRight`

The issue is on this line: https://github.com/PKISolutions/pkix.net/blob/b0452cf8edcdbeae6f717da0d94bc4ee83b7c83b/PKI/Security/AccessControl/CertTemplateSecurityDescriptor.cs#L210 Compare must be done against Autoenroll, not Enroll.

V1 templates allow only these permissions: -Full Control - Read - Write - Enroll Currently, we do not check for template version and can enable Autoenroll right on V1 template,...

For example: ``` 00e1: | | 47 6f 20 44 61 64 64 79 20 43 6c 61 73 73 20 32 ; Go Daddy Class 2 00f1: | |...

Currently, it does as this: ``` 0129: | | | 00 de 9d d7 ea 57 18 49 a1 5b eb d7 5f 48 86 ea 0139: | | |...

Subj

`040629170620Z` UTC Time is decoded to `29.06.2004 08:06:20` which isn't correct. Hour value must be 17 (assuming 24h). Maybe it is related to underlying ASN library.

I'm the author of PSPKI module which is used by PSPKIAudit. For past time I've actively worked on bug fixing in PSPKI and would like to execute integration tests with...

OID entry name in OID container is not random

2

You have a function `Get-RandomHex` that generates random HEX for OID entry name in OID container. Actually, these OIDs are not truly random, their name depend on actual OID value...

In ADCS, PKI administrators may define custom application policies (MSFT analogue of Enhanced Key Usage extension) and certificate policies. When exporting certificate template, it might be reasonable to export custom...