Remove extra OID definitions

lib/msf/core/exploit/remote/cert_request.rb

@@ -9,18 +9,6 @@ require 'rex/proto/x509/request'
 module Msf
 
   module Exploit::Remote::CertRequest
-
-    # [2.2.2.7.7.4 szOID_NTDS_CA_SECURITY_EXT](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wcce/e563cff8-1af6-4e6f-a655-7571ca482e71)
-    OID_NTDS_CA_SECURITY_EXT = '1.3.6.1.4.1.311.25.2'.freeze
-    # [2.2.2.7.5 szOID_NT_PRINCIPAL_NAME](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-wcce/ea9ef420-4cbf-44bc-b093-c4175139f90f)
-    OID_NT_PRINCIPAL_NAME = '1.3.6.1.4.1.311.20.2.3'.freeze
-    # [[MS-WCCE]: Windows Client Certificate Enrollment Protocol](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-winerrata/c39fd72a-da21-4b13-b329-c35d61f74a60)
-    OID_NTDS_OBJECTSID = '1.3.6.1.4.1.311.25.2.1'.freeze
-    # [[MS-WCCE]: 2.2.2.7.10 szENROLLMENT_NAME_VALUE_PAIR](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wcce/92f07a54-2889-45e3-afd0-94b60daa80ec)
-    OID_ENROLLMENT_NAME_VALUE_PAIR = '1.3.6.1.4.1.311.13.2.1'.freeze
-    # [[MS-WCCE]: 2.2.2.7.7.3 Encoding a Certificate Application Policy Extension](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wcce/160b96b1-c431-457a-8eed-27c11873f378)
-    OID_APPLICATION_CERT_POLICIES = '1.3.6.1.4.1.311.21.10'.freeze
-
     # @param opts [Hash]
     # @option opts [String] :username the CN to embed in the CSR subject
     # @option opts [OpenSSL::PKey::RSA] :private_key an existing key to sign with; a new one is generated when omitted
@@ -260,11 +248,11 @@ module Msf
     # @param [OpenSSL::X509::Certificate] cert
     # @return [String, nil] The SID if it was found, otherwise nil.
     def get_cert_msext_sid(cert)
-      ext = cert.extensions.find { |e| e.oid == OID_NTDS_CA_SECURITY_EXT }
+      ext = cert.extensions.find { |e| e.oid == Rex::Proto::X509::OID_NTDS_CA_SECURITY_EXT }
       return unless ext
 
       ntds_ca_security_ext = Rex::Proto::CryptoAsn1::NtdsCaSecurityExt.parse(ext.value_der)
-      return unless ntds_ca_security_ext[:OtherName][:type_id].value == OID_NTDS_OBJECTSID
+      return unless ntds_ca_security_ext[:OtherName][:type_id].value == Rex::Proto::X509::OID_NTDS_OBJECTSID
 
       ntds_ca_security_ext[:OtherName][:value].value
     end
@@ -277,7 +265,7 @@ module Msf
       return [] unless (san = get_cert_san(cert))
 
       san[:GeneralNames].value.select do |gn|
-        gn[:otherName][:type_id]&.value == OID_NT_PRINCIPAL_NAME
+        gn[:otherName][:type_id]&.value == Rex::Proto::X509::OID_NT_PRINCIPAL_NAME
       end.map do |gn|
         RASN1::Types::Utf8String.parse(gn[:otherName][:value].value, explicit: 0, constructed: true).value
       end

spec/lib/msf/core/exploit/remote/ms_icpr_spec.rb

@@ -206,7 +206,7 @@ RSpec.describe Msf::Exploit::Remote::MsIcpr do
 
     context 'when the cert has the NTDS CA security extension' do
       it 'returns the SID string' do
-        ntds_ext = OpenSSL::X509::Extension.new(Msf::Exploit::Remote::CertRequest::OID_NTDS_CA_SECURITY_EXT, ntds_ext_der, false)
+        ntds_ext = OpenSSL::X509::Extension.new(Rex::Proto::X509::OID_NTDS_CA_SECURITY_EXT, ntds_ext_der, false)
         cert = build_test_cert(rsa_key, extensions: [ntds_ext])
         expect(subject.get_cert_msext_sid(cert)).to eq('S-1-5-21-3402587289-1488798532-3618296993-1105')
       end
@@ -219,7 +219,7 @@ RSpec.describe Msf::Exploit::Remote::MsIcpr do
           type_id: '1.2.3.4.5',
           value: 'S-1-5-21-0-0-0-0'
         }).to_der
-        ntds_ext = OpenSSL::X509::Extension.new(Msf::Exploit::Remote::CertRequest::OID_NTDS_CA_SECURITY_EXT, bogus_ext_der, false)
+        ntds_ext = OpenSSL::X509::Extension.new(Rex::Proto::X509::OID_NTDS_CA_SECURITY_EXT, bogus_ext_der, false)
         cert = build_test_cert(rsa_key, extensions: [ntds_ext])
         expect(subject.get_cert_msext_sid(cert)).to be_nil
       end