private SecStatusCode CallAccept(List <SecurityBuffer> input_buffers, List <SecurityBuffer> output_buffers, bool throw_on_error)
{
var token_buffer = new SecurityBufferAllocMem(SecurityBufferType.Token);
output_buffers.Insert(0, token_buffer);
if (ChannelBinding != null)
{
input_buffers.Add(new SecurityBufferChannelBinding(ChannelBinding));
}
LargeInteger expiry = new LargeInteger();
SecHandle new_context = _context ?? new SecHandle();
SecStatusCode result = SecurityContextUtils.AcceptSecurityContext(_creds, _context,
RequestAttributes | AcceptContextReqFlags.AllocateMemory, DataRepresentation, input_buffers, new_context, output_buffers,
out AcceptContextRetFlags context_attr, expiry, throw_on_error);
if (!result.IsSuccess())
{
return(result);
}
_context = new_context;
ReturnAttributes = context_attr & ~AcceptContextRetFlags.AllocatedMemory;
Expiry = expiry.QuadPart;
Token = AuthenticationToken.Parse(_creds.PackageName, _token_count++, false, token_buffer.ToArray());
Done = !(result == SecStatusCode.SEC_I_CONTINUE_NEEDED || result == SecStatusCode.SEC_I_COMPLETE_AND_CONTINUE);
return(result);
}
private SecStatusCode CallInitialize(List <SecurityBuffer> input_buffers, List <SecurityBuffer> output_buffers, bool throw_on_error)
{
var token_buffer = new SecurityBufferAllocMem(SecurityBufferType.Token);
output_buffers.Insert(0, token_buffer);
if (ChannelBinding != null)
{
input_buffers.Add(new SecurityBufferChannelBinding(ChannelBinding));
}
string target_name = string.IsNullOrEmpty(Target) ? null : Target;
LargeInteger expiry = new LargeInteger();
SecHandle new_context = _context ?? new SecHandle();
SecStatusCode result = SecurityContextUtils.InitializeSecurityContext(_creds, _context, target_name,
RequestAttributes | InitializeContextReqFlags.AllocateMemory, DataRepresentation, input_buffers, new_context,
output_buffers, out InitializeContextRetFlags flags, expiry, throw_on_error);
if (!result.IsSuccess())
{
return(result);
}
_context = new_context;
Expiry = expiry.QuadPart;
ReturnAttributes = flags & ~InitializeContextRetFlags.AllocatedMemory;
Token = AuthenticationToken.Parse(_creds.PackageName, _token_count++, true, token_buffer.ToArray());
Done = !(result == SecStatusCode.SEC_I_CONTINUE_NEEDED || result == SecStatusCode.SEC_I_COMPLETE_AND_CONTINUE);
return(result);
}
/// <summary>
/// Export and delete the current security context.
/// </summary>
/// <returns>The exported security context.</returns>
/// <remarks>The security context will not longer be usable afterwards.</remarks>
public ExportedSecurityContext Export()
{
var context = SecurityContextUtils.ExportContext(_context, SecPkgContextExportFlags.DeleteOld, _creds.PackageName, true);
Dispose();
return(context);
}
private string GetTargetName()
{
var target = SecurityContextUtils.QueryContextAttributeNoThrow <SecPkgContext_ClientSpecifiedTarget>(_context, SECPKG_ATTR.CLIENT_SPECIFIED_TARGET);
if (target.Item2 == SecStatusCode.SUCCESS)
{
try
{
return(Marshal.PtrToStringUni(target.Item1.sTargetName));
}
finally
{
SecurityNativeMethods.FreeContextBuffer(target.Item1.sTargetName);
}
}
return(string.Empty);
}
/// <summary>
/// Verify a signature for this context.
/// </summary>
/// <param name="message">The message to verify.</param>
/// <param name="signature">The signature blob for the message.</param>
/// <param name="sequence_no">The sequence number.</param>
/// <returns>True if the signature is valid, otherwise false.</returns>
public bool VerifySignature(byte[] message, byte[] signature, int sequence_no)
{
return(SecurityContextUtils.VerifySignature(Context, message, signature, sequence_no));
}
/// <summary>
/// Decrypt a message for this context.
/// </summary>
/// <param name="messages">The messages to decrypt.</param>
/// <param name="sequence_no">The sequence number.</param>
/// <remarks>The messages are decrypted in place. You can add buffers with the ReadOnly flag to prevent them being decrypted.
/// If you need to specify a signature you need to add a buffer.</remarks>
public void DecryptMessageNoSignature(IEnumerable <SecurityBuffer> messages, int sequence_no)
{
SecurityContextUtils.DecryptMessageNoSignature(Context, messages, sequence_no);
}
/// <summary>
/// Query the context's package info.
/// </summary>
/// <returns>The authentication package info,</returns>
public AuthenticationPackage GetAuthenticationPackage()
{
return(SecurityContextUtils.GetAuthenticationPackage(Context));
}
/// <summary>
/// Encrypt a message for this context with no specific signature.
/// </summary>
/// <param name="messages">The messages to encrypt.</param>
/// <param name="quality_of_protection">Quality of protection flags.</param>
/// <param name="sequence_no">The sequence number.</param>
/// <remarks>The messages are encrypted in place. You can add buffers with the ReadOnly flag to prevent them being encrypted.
/// If you need to return a signature then it must be specified in a buffer.</remarks>
public void EncryptMessageNoSignature(IEnumerable <SecurityBuffer> messages, SecurityQualityOfProtectionFlags quality_of_protection, int sequence_no)
{
SecurityContextUtils.EncryptMessage(Context, quality_of_protection, messages, sequence_no);
}
/// <summary>
/// Decrypt a message for this context.
/// </summary>
/// <param name="message">The message to decrypt.</param>
/// <param name="sequence_no">The sequence number.</param>
/// <returns>The decrypted message.</returns>
public byte[] DecryptMessage(EncryptedMessage message, int sequence_no)
{
return(SecurityContextUtils.DecryptMessage(Context, message, sequence_no));
}
/// <summary>
/// Encrypt a message for this context.
/// </summary>
/// <param name="message">The message to encrypt.</param>
/// <param name="quality_of_protection">Quality of protection flags.</param>
/// <returns>The encrypted message.</returns>
/// <param name="sequence_no">The sequence number.</param>
public EncryptedMessage EncryptMessage(byte[] message, SecurityQualityOfProtectionFlags quality_of_protection, int sequence_no)
{
return(SecurityContextUtils.EncryptMessage(Context, quality_of_protection, message, sequence_no));
}
/// <summary>
/// Encrypt a message for this context.
/// </summary>
/// <param name="messages">The messages to encrypt.</param>
/// <param name="quality_of_protection">Quality of protection flags.</param>
/// <returns>The signature for the messages.</returns>
/// <remarks>The messages are encrypted in place. You can add buffers with the ReadOnly flag to prevent them being encrypted.</remarks>
/// <param name="sequence_no">The sequence number.</param>
public byte[] EncryptMessage(IEnumerable <SecurityBuffer> messages, SecurityQualityOfProtectionFlags quality_of_protection, int sequence_no)
{
return(SecurityContextUtils.EncryptMessage(Context, quality_of_protection, messages, sequence_no));
}
/// <summary>
/// Export the security context.
/// </summary>
/// <returns>The exported security context.</returns>
public ExportedSecurityContext Export()
{
return(SecurityContextUtils.ExportContext(_context, SecPkgContextExportFlags.None, _creds.PackageName));
}
/// <summary>
/// Verify a signature for this context.
/// </summary>
/// <param name="messages">The messages to verify.</param>
/// <param name="signature">The signature blob for the message.</param>
/// <param name="sequence_no">The sequence number.</param>
/// <returns>True if the signature is valid, otherwise false.</returns>
public bool VerifySignature(IEnumerable <SecurityBuffer> messages, byte[] signature, int sequence_no)
{
return(SecurityContextUtils.VerifySignature(Context, messages, signature, sequence_no));
}
/// <summary>
/// Make a signature for this context.
/// </summary>
/// <param name="message">The message to sign.</param>
/// <param name="sequence_no">The sequence number.</param>
/// <returns>The signature blob.</returns>
public byte[] MakeSignature(byte[] message, int sequence_no)
{
return(SecurityContextUtils.MakeSignature(Context, 0, message, sequence_no));
}
/// <summary>
/// Make a signature for this context.
/// </summary>
/// <param name="messages">The message buffers to sign.</param>
/// <param name="sequence_no">The sequence number.</param>
/// <returns>The signature blob.</returns>
public byte[] MakeSignature(IEnumerable <SecurityBuffer> messages, int sequence_no)
{
return(SecurityContextUtils.MakeSignature(Context, 0, messages, sequence_no));
}
/// <summary>
/// Encrypt a message for this context.
/// </summary>
/// <param name="message">The message to encrypt.</param>
/// <param name="sequence_no">The sequence number.</param>
/// <returns>The encrypted message.</returns>
public EncryptedMessage EncryptMessage(byte[] message, int sequence_no)
{
return(SecurityContextUtils.EncryptMessage(_context, 0, message, sequence_no));
}
/// <summary>
/// Encrypt a message for this context.
/// </summary>
/// <param name="messages">The messages to encrypt.</param>
/// <param name="sequence_no">The sequence number.</param>
/// <returns>The signature for the messages.</returns>
/// <remarks>The messages are encrypted in place. You can add buffers with the ReadOnly flag to prevent them being encrypted.</remarks>
public byte[] EncryptMessage(IEnumerable <SecurityBuffer> messages, int sequence_no)
{
return(SecurityContextUtils.EncryptMessage(_context, 0, messages, sequence_no));
}
/// <summary>
/// Decrypt a message for this context.
/// </summary>
/// <param name="messages">The messages to decrypt.</param>
/// <param name="sequence_no">The sequence number.</param>
/// <param name="signature">The signature for the messages.</param>
/// <remarks>The messages are decrypted in place. You can add buffers with the ReadOnly flag to prevent them being decrypted.</remarks>
public void DecryptMessage(IEnumerable <SecurityBuffer> messages, byte[] signature, int sequence_no)
{
SecurityContextUtils.DecryptMessage(_context, messages, signature, sequence_no);
}
