public void ParsePaPkAsRep_SignedDHRep()
{
KrbPaPkAsRep asrep = KrbPaPkAsRep.Decode(signedPkAsRep);
Assert.IsNotNull(asrep);
SignedCms signed = new SignedCms();
signed.Decode(asrep.DHInfo.DHSignedData.ToArray());
signed.CheckSignature(verifySignatureOnly: true);
}
public void ParsePaPkAsRep_SignedDHRep_KDCDHKeyInfo()
{
KrbPaPkAsRep asrep = KrbPaPkAsRep.Decode(signedPkAsRep);
Assert.IsNotNull(asrep);
SignedCms signed = new SignedCms();
signed.Decode(asrep.DHInfo.DHSignedData.ToArray());
signed.CheckSignature(verifySignatureOnly: true);
KrbKdcDHKeyInfo keyInfo = KrbKdcDHKeyInfo.Decode(signed.ContentInfo.Content);
Assert.IsNotNull(keyInfo);
}
/// <summary>
/// Decrypts the response from the KDC using credential-supplied secrets.
/// </summary>
/// <typeparam name="T">The return type</typeparam>
/// <param name="kdcRep">The response from the KDC to decrypt</param>
/// <param name="keyUsage">The KeyUsage salt used to decrypt the response</param>
/// <param name="func">The parsing function to process the decrypted response</param>
/// <returns>Returns <typeparamref name="T"/> after decryption</returns>
public override T DecryptKdcRep <T>(KrbKdcRep kdcRep, KeyUsage keyUsage, Func <ReadOnlyMemory <byte>, T> func)
{
var paPkRep = kdcRep?.PaData?.FirstOrDefault(a => a.Type == PaDataType.PA_PK_AS_REP);
if (paPkRep == null)
{
throw new KerberosProtocolException("PA-Data doesn't contain PA-PK-AS-REP");
}
var pkRep = KrbPaPkAsRep.Decode(paPkRep.Value);
if (pkRep.DHInfo != null)
{
sharedSecret = DeriveDHKeyAgreement(kdcRep, pkRep);
}
else
{
throw OnlyKeyAgreementSupportedException();
}
return(base.DecryptKdcRep(kdcRep, keyUsage, func));
}
public void ParsePaPkAsRep()
{
KrbPaPkAsRep asrep = KrbPaPkAsRep.Decode(signedPkAsRep);
Assert.IsNotNull(asrep);
}
