private static KrbApReq CreateApReq(KrbKdcRep kdcRep, KrbEncryptionKey tgtSessionKey, KrbChecksum checksum, out KrbEncryptionKey subkey) { var tgt = kdcRep.Ticket; subkey = KrbEncryptionKey.Generate(tgtSessionKey.EType); var authenticator = new KrbAuthenticator { CName = kdcRep.CName, Realm = tgt.Realm, SequenceNumber = KerberosConstants.GetNonce(), Subkey = subkey, Checksum = checksum }; KerberosConstants.Now(out authenticator.CTime, out authenticator.CuSec); var encryptedAuthenticator = KrbEncryptedData.Encrypt( authenticator.EncodeApplication(), tgtSessionKey.AsKey(), KeyUsage.PaTgsReqAuthenticator ); var apReq = new KrbApReq { Ticket = tgt, Authenticator = encryptedAuthenticator }; return(apReq); }
public static KrbApReq CreateApReq( KrbKdcRep tgsRep, KerberosKey authenticatorKey, ApOptions options, out KrbAuthenticator authenticator ) { var ticket = tgsRep.Ticket; authenticator = new KrbAuthenticator { CName = tgsRep.CName, Realm = ticket.Realm, SequenceNumber = KerberosConstants.GetNonce(), Subkey = KrbEncryptionKey.Generate(authenticatorKey.EncryptionType), Checksum = KrbChecksum.EncodeDelegationChecksum(new DelegationInfo()) }; KerberosConstants.Now(out authenticator.CTime, out authenticator.CuSec); var apReq = new KrbApReq { Ticket = ticket, ApOptions = options, Authenticator = KrbEncryptedData.Encrypt( authenticator.EncodeApplication(), authenticatorKey, KeyUsage.ApReqAuthenticator ) }; return(apReq); }
public static KrbApReq CreateApReq( KrbKdcRep tgsRep, KerberosKey authenticatorKey, RequestServiceTicket rst, out KrbAuthenticator authenticator ) { if (tgsRep == null) { throw new ArgumentNullException(nameof(tgsRep)); } if (authenticatorKey == null) { throw new ArgumentNullException(nameof(authenticatorKey)); } var ticket = tgsRep.Ticket; authenticator = new KrbAuthenticator { CName = tgsRep.CName, Realm = ticket.Realm, SequenceNumber = KerberosConstants.GetNonce(), Subkey = KrbEncryptionKey.Generate(authenticatorKey.EncryptionType), Checksum = KrbChecksum.EncodeDelegationChecksum(new DelegationInfo(rst)) }; KerberosConstants.Now(out DateTimeOffset ctime, out int usec); authenticator.CTime = ctime; authenticator.CuSec = usec; var apReq = new KrbApReq { Ticket = ticket, ApOptions = rst.ApOptions, Authenticator = KrbEncryptedData.Encrypt( authenticator.EncodeApplication(), authenticatorKey, KeyUsage.ApReqAuthenticator ) }; return(apReq); }
private static KrbApReq CreateApReq(KrbKdcRep kdcRep, KrbEncryptionKey tgtSessionKey, KrbChecksum checksum, out KrbEncryptionKey sessionKey) { var tgt = kdcRep.Ticket; var authenticator = new KrbAuthenticator { CName = kdcRep.CName, Realm = kdcRep.CRealm, SequenceNumber = GetNonce(), Checksum = checksum }; sessionKey = KrbEncryptionKey.Generate(tgtSessionKey.EType); sessionKey.Usage = KeyUsage.EncTgsRepPartSubSessionKey; authenticator.Subkey = sessionKey; Now(out DateTimeOffset ctime, out int usec); authenticator.CTime = ctime; authenticator.CuSec = usec; var encryptedAuthenticator = KrbEncryptedData.Encrypt( authenticator.EncodeApplication(), tgtSessionKey.AsKey(), KeyUsage.PaTgsReqAuthenticator ); var apReq = new KrbApReq { Ticket = tgt, Authenticator = encryptedAuthenticator }; return(apReq); }
public static KrbApReq CreateApReq( KrbKdcRep tgsRep, KerberosKey authenticatorKey, RequestServiceTicket rst, out KrbAuthenticator authenticator ) { if (tgsRep == null) { throw new ArgumentNullException(nameof(tgsRep)); } if (authenticatorKey == null) { throw new ArgumentNullException(nameof(authenticatorKey)); } authenticator = new KrbAuthenticator { CName = tgsRep.CName, Realm = tgsRep.CRealm }; if (rst.AuthenticatorChecksum != null) { authenticator.Checksum = rst.AuthenticatorChecksum; } else if (!rst.AuthenticatorChecksumSource.IsEmpty) { authenticator.Checksum = KrbChecksum.Create( rst.AuthenticatorChecksumSource, authenticatorKey, KeyUsage.AuthenticatorChecksum ); } else if (rst.GssContextFlags != GssContextEstablishmentFlag.GSS_C_NONE) { authenticator.Checksum = KrbChecksum.EncodeDelegationChecksum(new DelegationInfo(rst)); } if (rst.IncludeSequenceNumber ?? true) { authenticator.SequenceNumber = GetNonce(); } if (rst.ApOptions.HasFlag(ApOptions.MutualRequired)) { authenticator.Subkey = KrbEncryptionKey.Generate(authenticatorKey.EncryptionType); } Now(out DateTimeOffset ctime, out int usec); authenticator.CTime = ctime; authenticator.CuSec = usec; var apReq = new KrbApReq { Ticket = tgsRep.Ticket, ApOptions = rst.ApOptions, Authenticator = KrbEncryptedData.Encrypt( authenticator.EncodeApplication(), authenticatorKey, KeyUsage.ApReqAuthenticator ) }; return(apReq); }