public override void PreValidate(PreAuthenticationContext preauth)
{
if (preauth == null)
{
throw new ArgumentNullException(nameof(preauth));
}
var asReq = (KrbKdcReq)preauth.Message;
var paPk = asReq.PaData.FirstOrDefault(p => p.Type == PaDataType.PA_PK_AS_REQ);
if (paPk == null)
{
return;
}
var pkreq = KrbPaPkAsReq.Decode(paPk.Value);
var signedCms = new SignedCms();
signedCms.Decode(pkreq.SignedAuthPack.ToArray());
var state = new PkInitState
{
PkInitRequest = pkreq,
Cms = signedCms
};
state.ClientCertificate.AddRange(signedCms.Certificates);
preauth.PreAuthenticationState[PaDataType.PA_PK_AS_REQ] = state;
}
private static KrbAuthPack ValidateAuthPack(PreAuthenticationContext preauth, PkInitState state)
{
state.Cms.CheckSignature(verifySignatureOnly: true);
preauth.Principal.Validate(state.Cms.Certificates);
var authPack = KrbAuthPack.Decode(state.Cms.ContentInfo.Content);
return(authPack);
}
