private static KrbApReq CreateApReq(KrbKdcRep kdcRep, KrbEncryptionKey tgtSessionKey, KrbChecksum checksum, out KrbEncryptionKey subkey)
{
var tgt = kdcRep.Ticket;
subkey = KrbEncryptionKey.Generate(tgtSessionKey.EType);
var authenticator = new KrbAuthenticator
{
CName = kdcRep.CName,
Realm = tgt.Realm,
SequenceNumber = KerberosConstants.GetNonce(),
Subkey = subkey,
Checksum = checksum
};
KerberosConstants.Now(out authenticator.CTime, out authenticator.CuSec);
var encryptedAuthenticator = KrbEncryptedData.Encrypt(
authenticator.EncodeApplication(),
tgtSessionKey.AsKey(),
KeyUsage.PaTgsReqAuthenticator
);
var apReq = new KrbApReq
{
Ticket = tgt,
Authenticator = encryptedAuthenticator
};
return(apReq);
}
public static KrbApReq CreateApReq(
KrbKdcRep tgsRep,
KerberosKey authenticatorKey,
ApOptions options,
out KrbAuthenticator authenticator
)
{
var ticket = tgsRep.Ticket;
authenticator = new KrbAuthenticator
{
CName = tgsRep.CName,
Realm = ticket.Realm,
SequenceNumber = KerberosConstants.GetNonce(),
Subkey = KrbEncryptionKey.Generate(authenticatorKey.EncryptionType),
Checksum = KrbChecksum.EncodeDelegationChecksum(new DelegationInfo())
};
KerberosConstants.Now(out authenticator.CTime, out authenticator.CuSec);
var apReq = new KrbApReq
{
Ticket = ticket,
ApOptions = options,
Authenticator = KrbEncryptedData.Encrypt(
authenticator.EncodeApplication(),
authenticatorKey,
KeyUsage.ApReqAuthenticator
)
};
return(apReq);
}
public static KrbApReq CreateApReq(
KrbKdcRep tgsRep,
KerberosKey authenticatorKey,
RequestServiceTicket rst,
out KrbAuthenticator authenticator
)
{
if (tgsRep == null)
{
throw new ArgumentNullException(nameof(tgsRep));
}
if (authenticatorKey == null)
{
throw new ArgumentNullException(nameof(authenticatorKey));
}
var ticket = tgsRep.Ticket;
authenticator = new KrbAuthenticator
{
CName = tgsRep.CName,
Realm = ticket.Realm,
SequenceNumber = KerberosConstants.GetNonce(),
Subkey = KrbEncryptionKey.Generate(authenticatorKey.EncryptionType),
Checksum = KrbChecksum.EncodeDelegationChecksum(new DelegationInfo(rst))
};
KerberosConstants.Now(out DateTimeOffset ctime, out int usec);
authenticator.CTime = ctime;
authenticator.CuSec = usec;
var apReq = new KrbApReq
{
Ticket = ticket,
ApOptions = rst.ApOptions,
Authenticator = KrbEncryptedData.Encrypt(
authenticator.EncodeApplication(),
authenticatorKey,
KeyUsage.ApReqAuthenticator
)
};
return(apReq);
}
private static KrbApReq CreateApReq(KrbKdcRep kdcRep, KrbEncryptionKey tgtSessionKey, KrbChecksum checksum, out KrbEncryptionKey sessionKey)
{
var tgt = kdcRep.Ticket;
var authenticator = new KrbAuthenticator
{
CName = kdcRep.CName,
Realm = kdcRep.CRealm,
SequenceNumber = GetNonce(),
Checksum = checksum
};
sessionKey = KrbEncryptionKey.Generate(tgtSessionKey.EType);
sessionKey.Usage = KeyUsage.EncTgsRepPartSubSessionKey;
authenticator.Subkey = sessionKey;
Now(out DateTimeOffset ctime, out int usec);
authenticator.CTime = ctime;
authenticator.CuSec = usec;
var encryptedAuthenticator = KrbEncryptedData.Encrypt(
authenticator.EncodeApplication(),
tgtSessionKey.AsKey(),
KeyUsage.PaTgsReqAuthenticator
);
var apReq = new KrbApReq
{
Ticket = tgt,
Authenticator = encryptedAuthenticator
};
return(apReq);
}
public static KrbApReq CreateApReq(
KrbKdcRep tgsRep,
KerberosKey authenticatorKey,
RequestServiceTicket rst,
out KrbAuthenticator authenticator
)
{
if (tgsRep == null)
{
throw new ArgumentNullException(nameof(tgsRep));
}
if (authenticatorKey == null)
{
throw new ArgumentNullException(nameof(authenticatorKey));
}
authenticator = new KrbAuthenticator
{
CName = tgsRep.CName,
Realm = tgsRep.CRealm
};
if (rst.AuthenticatorChecksum != null)
{
authenticator.Checksum = rst.AuthenticatorChecksum;
}
else if (!rst.AuthenticatorChecksumSource.IsEmpty)
{
authenticator.Checksum = KrbChecksum.Create(
rst.AuthenticatorChecksumSource,
authenticatorKey,
KeyUsage.AuthenticatorChecksum
);
}
else if (rst.GssContextFlags != GssContextEstablishmentFlag.GSS_C_NONE)
{
authenticator.Checksum = KrbChecksum.EncodeDelegationChecksum(new DelegationInfo(rst));
}
if (rst.IncludeSequenceNumber ?? true)
{
authenticator.SequenceNumber = GetNonce();
}
if (rst.ApOptions.HasFlag(ApOptions.MutualRequired))
{
authenticator.Subkey = KrbEncryptionKey.Generate(authenticatorKey.EncryptionType);
}
Now(out DateTimeOffset ctime, out int usec);
authenticator.CTime = ctime;
authenticator.CuSec = usec;
var apReq = new KrbApReq
{
Ticket = tgsRep.Ticket,
ApOptions = rst.ApOptions,
Authenticator = KrbEncryptedData.Encrypt(
authenticator.EncodeApplication(),
authenticatorKey,
KeyUsage.ApReqAuthenticator
)
};
return(apReq);
}
