public NegTokenInit Decode(Asn1Element sequence)
{
for (var i = 0; i < sequence.Count; i++)
{
var element = sequence[i];
switch (element.ContextSpecificTag)
{
case 0:
SetMechTypes(element);
break;
case 1: // reqFlags
break;
case 2:
MechToken = new MechToken().Decode(element, MechTypes);
break;
case 3: // mecListMIC
break;
}
}
return(this);
}
public EncryptedData Decode(Asn1Element element)
{
var childNode = element[0];
for (var i = 0; i < childNode.Count; i++)
{
var node = childNode[i];
switch (node.ContextSpecificTag)
{
case 0:
EType = (EncryptionType)node[0].AsInt();
break;
case 1:
KeyVersionNumber = node[0].AsInt();
break;
case 2:
Cipher = node[0].BlockCopy();
break;
}
}
return(this);
}
public void DecodeContextSpecificConstructedSet()
{
byte[] data = Convert.FromBase64String("MGACAQMgAwQBAAIBAiADBAEABCABfDdfwPehWBVL2KIcBZflxAraVzzPoB2bIb9ZUqt97gQQ7PlbfpnmqCgDZgrEb1eHiTARv4U9BgIEYWcoF6EFMQMCAQEwB7+FPgMCAQA=");
var element = Asn1Element.Decode(data);
Assert.Equal(Asn1Tag.Sequence, element.Tag);
Assert.Equal(8, element.Sequence.Count);
Assert.Equal(new[] { 2, 0, 2, 0, 4, 4, 16, 16 }, element.Sequence.Select(element => element.TagValue).ToArray());
var element6 = element[6];
var element6_1 = element[6][1];
var element6_1_0 = element[6][1][0];
var element6_1_0_0 = element[6][1][0][0];
Assert.True(element6.IsSequence);
Assert.Equal(701, element6[0].TagValue);
Assert.True(element6_1.IsConstructed);
Assert.Equal(TagClass.ContextSpecific, element6_1.TagClass);
Assert.Equal(1, element6_1.TagValue);
Assert.Equal(1, element6_1.Sequence.Count);
Assert.Equal(Asn1Tag.SetOf, element6_1_0.Tag);
Assert.Equal(2, element6_1_0_0.TagValue);
Assert.Equal(1, element6_1_0_0.GetInt32());
}
public KerberosRequest(byte[] data)
{
var element = new Asn1Element(data);
MechType = new MechType(element[0].AsString());
NegotiationToken = new NegTokenInit(element[1][0]);
}
private void ProcessedAsKerberos(Asn1Element sequence, MechType firstMech)
{
for (var i = 0; i < sequence.Count; i++)
{
var node = sequence[i];
switch (node.Class)
{
case TagClass.Universal:
switch (node.UniversalTag)
{
case 0:
break;
case 1:
break;
case MechType.UniversalTag:
ThisMech = new MechType(node.AsString());
break;
}
break;
case TagClass.Application:
switch (node.ApplicationTag)
{
case KrbApReq.ApplicationTag:
InnerContextToken = new KrbApReq().Decode(node[0]);
break;
}
break;
}
}
}
private void ExtractPacData(Asn1Element pacParent)
{
for (var i = 0; i < pacParent.Count; i++)
{
var ifRelevant = pacParent[i];
switch (ifRelevant.ContextSpecificTag)
{
case 0:
AdIfRelevant = ifRelevant[0].AsInt();
break;
case 1:
switch (AdIfRelevant)
{
case AD_WIN2K_PAC:
PrivilegedAttributeCertificate = new PrivilegedAttributeCertificate(ifRelevant[0].Value);
break;
case KERB_AUTH_DATA_TOKEN_RESTRICTIONS:
Restriction = new RestrictionEntry(ifRelevant[0].Value);
break;
}
break;
}
}
}
public AuthorizationData(Asn1Element element)
{
for (var c = 0; c < element.Count; c++)
{
var auth = new AuthorizationData();
for (var i = 0; i < element[c].Count; i++)
{
var child = element[c][i];
switch (child.ContextSpecificTag)
{
case 0:
auth.AdType = child.AsLong();
break;
case 1:
auth.Authorizations.Add(new AuthorizationData(child));
break;
case 128: // this isn't correct and wont ever be reached
auth.Authorizations.Add(new PrivilegedAttributeCertificate(child));
break;
default:
auth.AdData = child.Value;
break;
}
}
Authorizations.Add(auth);
}
}
public PrincipalName(Asn1Element element)
{
var childNode = element[0];
Asn1Value = childNode.Value;
for (var i = 0; i < childNode.Count; i++)
{
var node = childNode[i];
var listNode = node[0];
switch (node.ContextSpecificTag)
{
case 0:
NameType = (PrincipalNameType)listNode.AsLong();
break;
case 1:
for (int l = 0; l < listNode.Count; l++)
{
Names.Add(listNode[l].AsString());
}
break;
}
}
}
public EncryptedData(Asn1Element element)
{
var childNode = element[0];
for (var i = 0; i < childNode.Count; i++)
{
var node = childNode[i];
switch (node.ContextSpecificTag)
{
case 0:
EType = (EncryptionType)node[0].AsInt();
break;
case 1:
KeyVersionNumber = node[0].AsInt();
break;
case 2:
var cipherNode = node[0];
Cipher = new byte[cipherNode.Length];
Buffer.BlockCopy(cipherNode.Value, 0, Cipher, 0, Cipher.Length);
break;
}
}
}
private static AuthorizationDataElement ParseAdIfRelevant(Asn1Element restriction, AuthorizationDataValueType type)
{
switch (type)
{
case AuthorizationDataValueType.AD_WIN2K_PAC:
return(new PacElement(restriction[0].Value));
case AuthorizationDataValueType.AD_ETYPE_NEGOTIATION:
return(ParseETypes(restriction.AsEncapsulatedElement()));
case AuthorizationDataValueType.KERB_AUTH_DATA_TOKEN_RESTRICTIONS:
return(new RestrictionEntry().Decode(restriction.AsEncapsulatedElement()));
case AuthorizationDataValueType.KERB_AP_OPTIONS:
return(new KerbApOptions(restriction[0].AsInt(reverse: true)));
case AuthorizationDataValueType.KERB_LOCAL:
return(new KerbLocal(restriction[0].Value));
case AuthorizationDataValueType.KERB_SERVICE_TARGET:
return(new KerbServiceName(restriction[0].Value));
default:
return(null);
}
}
public Ticket Decode(Asn1Element element)
{
var childNode = element[0];
for (var i = 0; i < childNode.Count; i++)
{
var node = childNode[i];
switch (node.ContextSpecificTag)
{
case 0:
TicketVersionNumber = node[0].AsInt();
break;
case 1:
Realm = node[0].AsString();
break;
case 2:
SName = new PrincipalName().Decode(node[0], Realm);
break;
case 3:
EncPart = new EncryptedData().Decode(node);
break;
}
}
return(this);
}
private static IEnumerable <AuthorizationDataElement> ExtractRestrictions(Asn1Element restrictions)
{
var elements = new List <AuthorizationDataElement>();
AuthorizationDataValueType type = 0;
for (var i = 0; i < restrictions.Count; i++)
{
switch (restrictions[i].ContextSpecificTag)
{
case 0:
type = (AuthorizationDataValueType)restrictions[i][0].AsInt();
break;
case 1:
var rel = ParseAdIfRelevant(restrictions[i], type);
if (rel != null)
{
elements.Add(rel);
}
break;
}
}
return(elements);
}
public KrbApReq(Asn1Element asn1Element)
{
var childNode = asn1Element[0];
Asn1Value = childNode.Value;
for (var i = 0; i < childNode.Count; i++)
{
var node = childNode[i];
switch (node.ContextSpecificTag)
{
case 0:
ProtocolVersionNumber = node[0].AsInt();
break;
case 1:
MessageType = (MessageType)node[0].AsLong();
break;
case 2:
APOptions = (APOptions)node[0].AsLong();
break;
case 3:
Ticket = new Ticket(node);
break;
case 4:
Authenticator = new EncryptedData(node);
break;
}
}
}
public KrbApReq Decode(Asn1Element childNode)
{
for (var i = 0; i < childNode.Count; i++)
{
var node = childNode[i];
switch (node.ContextSpecificTag)
{
case 0:
ProtocolVersionNumber = node[0].AsInt();
break;
case 1:
MessageType = (MessageType)node[0].AsLong();
break;
case 2:
APOptions = (APOptions)node[0].AsLong();
break;
case 3:
Ticket = new Ticket().Decode(node[0]);
break;
case 4:
Authenticator = new EncryptedData().Decode(node);
break;
}
}
return(this);
}
public void Decode()
{
byte[] data = Convert.FromBase64String("MIHPAgECCgEAAgEBCgEABCDc0UoXtU1CwwItW3ne2faKDcFCabFI31BufXEFVK/ENwQAMGm/hT0IAgYBXtPjz6C/hUVZBFcwVTEvMC0EKGNvbS5hbmRyb2lkLmtleXN0b3JlLmFuZHJvaWRrZXlzdG9yZWRlbW8CAQExIgQgdM/LUHSI9SkQhZHHpQWRnzJ3MvvB2ANSauqYAAbS2JgwMqEFMQMCAQKiAwIBA6MEAgIBAKUFMQMCAQSqAwIBAb+DeAMCAQK/hT4DAgEAv4U/AgUA");
var element = Asn1Element.Decode(data);
Assert.Equal(Asn1Tag.Sequence, element.Tag);
Assert.Equal(8, element.Sequence.Count);
Assert.Equal(new[] { 2, 10, 2, 10, 4, 4, 16, 16 }, element.Sequence.Select(element => element.TagValue).ToArray());
Assert.Equal(Asn1Tag.Integer, element[0].Tag);
Assert.Equal(Asn1Tag.Enumerated, element[1].Tag);
Assert.Equal(Asn1Tag.Integer, element[2].Tag);
Assert.Equal(Asn1Tag.Enumerated, element[3].Tag);
Assert.Equal(Asn1Tag.PrimitiveOctetString, element[4].Tag);
Assert.Equal(Asn1Tag.PrimitiveOctetString, element[5].Tag);
Assert.Equal(Asn1Tag.Sequence, element[6].Tag);
Assert.Equal(Asn1Tag.Sequence, element[7].Tag);
Assert.True(element[0].IsInteger);
Assert.Equal(2, element[0].GetInt32());
Assert.True(element[4].IsOctetString);
Assert.True(element[6].IsSequence);
Assert.Equal(new[] { 701, 709 }, element[6].Sequence.Select(element => element.TagValue).ToArray());
}
public AuthorizationData(Asn1Element element)
{
for (var c = 0; c < element.Count; c++)
{
var child = element[c];
Authorizations.Add(new AuthorizationDataElement(child));
}
}
protected virtual void ParseUniversal(Asn1Element element)
{
switch (element.UniversalTag)
{
case MechType.UniversalTag:
MechType = new MechType(element.AsString());
break;
}
}
public Authenticator Decode(Asn1Element asn1Element)
{
Asn1Element childNode = asn1Element[0];
for (var i = 0; i < childNode.Count; i++)
{
var node = childNode[i];
switch (node.ContextSpecificTag)
{
case 0:
VersionNumber = node[0].AsLong();
break;
case 1:
Realm = node[0].AsString();
break;
case 2:
CName = new PrincipalName().Decode(node[0], Realm);
break;
case 3:
Checksum = node[0].Value;
break;
case 4:
CuSec = node[0].AsLong();
break;
case 5:
CTime = node[0].AsDateTimeOffset();
break;
case 6:
SubSessionKey = new EncryptionKey().Decode(node[0]);
break;
case 7:
SequenceNumber = node[0].AsLong();
break;
case 8:
var parent = node[0];
for (var p = 0; p < parent.Count; p++)
{
var azElements = AuthorizationDataElement.ParseElements(parent[p]);
Authorizations.AddRange(azElements);
}
break;
}
}
return(this);
}
private static Asn1Message ParseApplicationMessage(Asn1Element element)
{
switch (element.ApplicationTag)
{
case 0: // SPNEGO InitialContextToken
return(ContextToken.Parse(element));
}
throw new InvalidDataException();
}
public void DecodeBitString()
{
byte[] data = Convert.FromBase64String("AwIFIA==");
var element = Asn1Element.Decode(data);
Assert.Equal(Asn1Tag.PrimitiveBitString, element.Tag);
Assert.Equal("IA==", Convert.ToBase64String(element.GetBitString()));
}
private static object ParseContextMessage(Asn1Element element)
{
switch (element.ContextSpecificTag)
{
case 1:
return(new NegTokenTarg().Decode(element[0]));
}
throw new InvalidDataException();
}
public Authenticator(Asn1Element asn1Element)
{
Asn1Element childNode = asn1Element[0];
for (var i = 0; i < childNode.Count; i++)
{
var node = childNode[i];
switch (node.ContextSpecificTag)
{
case 0:
VersionNumber = node[0].AsLong();
break;
case 1:
Realm = node[0].AsString();
break;
case 2:
CName = new PrincipalName(node);
break;
case 3:
Checksum = node[0].Value;
break;
case 4:
CuSec = node[0].AsLong();
break;
case 5:
CTime = node[0].AsDateTimeOffset();
break;
case 6:
Subkey = node[0][1][0].Value;
break;
case 7:
SequenceNumber = node[0].AsLong();
break;
case 8: // this is not right. its ASN.1 plus vendor-specific data
var parent = node[0];
for (var p = 0; p < parent.Count; p++)
{
var child = parent[p];
Authorizations.Add(new AuthorizationData(parent));
}
break;
}
}
}
private static NegotiatedETypes ParseETypes(Asn1Element element)
{
var etypes = new List <EncryptionType>();
for (var i = 0; i < element.Count; i++)
{
etypes.Add((EncryptionType)element[i].AsInt());
}
return(new NegotiatedETypes(etypes));
}
public NegotiateContextToken(Asn1Element sequence, string mechType)
: base(sequence)
{
if (MechType.NTLM == mechType)
{
NegotiationToken = new NegTokenInit()
{
MechToken = new MechToken().DecodeNtlm(sequence)
};
}
}
private bool ProcessedAsNegoEx(Asn1Element sequence, MechType firstMech)
{
if (firstMech == null || firstMech.Oid != MechType.NEGOEX)
{
return(false);
}
NegotiateExtension = new NegotiateExtension(sequence.Value);
return(true);
}
private bool ProcessedAsNtlm(Asn1Element sequence, MechType firstMech)
{
if (firstMech == null || firstMech.Oid != MechType.NTLM)
{
return(false);
}
DecodeNtlm(sequence);
return(true);
}
public void DecodeObjectIdentifierAsOctetString()
{
byte[] data = Convert.FromBase64String("MD8wPaA7oDmGN2h0dHBzOi8vbWRzMy5jZXJ0aW5mcmEuZmlkb2FsbGlhbmNlLm9yZy9jcmwvTURTQ0EtMS5jcmw=");
var decoded = Asn1Element.Decode(data);
Assert.Equal(new Asn1Tag(TagClass.ContextSpecific, (int)UniversalTagNumber.ObjectIdentifier), decoded[0][0][0][0].Tag);
var cdp = Encoding.ASCII.GetString(decoded[0][0][0][0].GetOctetString(decoded[0][0][0][0].Tag));
Assert.Equal("https://mds3.certinfra.fidoalliance.org/crl/MDSCA-1.crl", cdp);
}
public void DecodeConstructedObject()
{
byte[] data = Convert.FromBase64String("MCShIgQgnGACFUCz4Zg03+N+xiRFyJ4bKU95LORrlBPDIw7zhoE=");
var element = Asn1Element.Decode(data);
Assert.True(element.IsConstructed);
element[0][0].CheckTag(Asn1Tag.PrimitiveOctetString);
Assert.Equal("nGACFUCz4Zg03+N+xiRFyJ4bKU95LORrlBPDIw7zhoE=", Convert.ToBase64String(element[0][0].GetOctetString()));
}
public void DecodeOctetString()
{
byte[] data = Convert.FromBase64String("MIHPAgECCgEAAgEBCgEABCDc0UoXtU1CwwItW3ne2faKDcFCabFI31BufXEFVK/ENwQAMGm/hT0IAgYBXtPjz6C/hUVZBFcwVTEvMC0EKGNvbS5hbmRyb2lkLmtleXN0b3JlLmFuZHJvaWRrZXlzdG9yZWRlbW8CAQExIgQgdM/LUHSI9SkQhZHHpQWRnzJ3MvvB2ANSauqYAAbS2JgwMqEFMQMCAQKiAwIBA6MEAgIBAKUFMQMCAQSqAwIBAb+DeAMCAQK/hT4DAgEAv4U/AgUA");
var element = Asn1Element.Decode(data);
Assert.True(element[4].IsOctetString);
Assert.Equal(Asn1Tag.PrimitiveOctetString, element[4].Tag);
Assert.Equal("3NFKF7VNQsMCLVt53tn2ig3BQmmxSN9Qbn1xBVSvxDc=", Convert.ToBase64String(element[4].GetOctetString()));
}
protected override void ParseApplication(Asn1Element element)
{
switch (element.ApplicationTag)
{
case KrbApReq.ApplicationTag:
KrbApReq = new KrbApReq().Decode(element[0]);
break;
case KrbApRep.ApplicationTag:
KrbApRep = new KrbApRep().Decode(element[0]);
break;
}
}
