private static KrbApReq CreateApReq(KrbKdcRep kdcRep, KrbEncryptionKey tgtSessionKey, KrbChecksum checksum, out KrbEncryptionKey sessionKey)
{
var tgt = kdcRep.Ticket;
var authenticator = new KrbAuthenticator
{
CName = kdcRep.CName,
Realm = kdcRep.CRealm,
SequenceNumber = KerberosConstants.GetNonce(),
Checksum = checksum
};
sessionKey = KrbEncryptionKey.Generate(tgtSessionKey.EType);
sessionKey.Usage = KeyUsage.EncTgsRepPartSubSessionKey;
authenticator.Subkey = sessionKey;
KerberosConstants.Now(out authenticator.CTime, out authenticator.CuSec);
var encryptedAuthenticator = KrbEncryptedData.Encrypt(
authenticator.EncodeApplication(),
tgtSessionKey.AsKey(),
KeyUsage.PaTgsReqAuthenticator
);
var apReq = new KrbApReq
{
Ticket = tgt,
Authenticator = encryptedAuthenticator
};
return(apReq);
}
private static KrbApReq CreateApReq(KrbKdcRep kdcRep, KrbEncryptionKey tgtSessionKey)
{
var tgt = kdcRep.Ticket;
KerberosConstants.Now(out DateTimeOffset time, out int usec);
var authenticator = new KrbAuthenticator
{
CName = kdcRep.CName,
CTime = time,
Cusec = usec,
Realm = tgt.Realm,
SequenceNumber = KerberosConstants.GetNonce(),
Subkey = tgtSessionKey,
AuthenticatorVersionNumber = 5
};
var encryptedAuthenticator = KrbEncryptedData.Encrypt(
authenticator.EncodeApplication(),
tgtSessionKey.AsKey(),
KeyUsage.PaTgsReqAuthenticator
);
var apReq = new KrbApReq
{
Ticket = tgt,
Authenticator = encryptedAuthenticator
};
return(apReq);
}
private void ProcessedAsKerberos(Asn1Element sequence, MechType firstMech)
{
for (var i = 0; i < sequence.Count; i++)
{
var node = sequence[i];
switch (node.Class)
{
case TagClass.Universal:
switch (node.UniversalTag)
{
case 0:
break;
case 1:
break;
case MechType.UniversalTag:
ThisMech = new MechType(node.AsString());
break;
}
break;
case TagClass.Application:
switch (node.ApplicationTag)
{
case KrbApReq.ApplicationTag:
InnerContextToken = new KrbApReq().Decode(node[0]);
break;
}
break;
}
}
}
protected override void ParseApplication(Asn1Element element)
{
switch (element.ApplicationTag)
{
case KrbApReq.ApplicationTag:
KrbApReq = new KrbApReq().Decode(element[0]);
break;
case KrbApRep.ApplicationTag:
KrbApRep = new KrbApRep().Decode(element[0]);
break;
}
}
public KerberosContextToken(GssApiToken gssToken = null, ReadOnlyMemory <byte>?data = null)
{
var kerb = data ?? gssToken?.Token;
if (KrbApReq.CanDecode(kerb.Value))
{
KrbApReq = KrbApReq.DecodeApplication(kerb.Value);
}
else if (KrbApRep.CanDecode(kerb.Value))
{
KrbApRep = KrbApRep.DecodeApplication(kerb.Value);
}
}
protected static DecryptedKrbApReq DecryptApReq(KrbApReq token, KeyTable keytab)
{
if (token.Ticket == null)
{
return(null);
}
var decryptedApReq = new DecryptedKrbApReq(token);
decryptedApReq.Decrypt(keytab);
return(decryptedApReq);
}
public static ReadOnlyMemory <byte> Encode(Oid oid, KrbApReq krbApReq)
{
using (var writer = new AsnWriter(AsnEncodingRules.DER))
{
writer.PushSequence(ApplicationTag);
writer.WriteObjectIdentifier(oid);
writer.WriteEncodedValue(new byte[] { 0x01, 0x0 });
writer.WriteEncodedValue(krbApReq.EncodeApplication().Span);
writer.PopSequence(ApplicationTag);
return(writer.Encode());
}
}
protected static DecryptedData Decrypt(KrbApReq token, KeyTable keytab)
{
if (token?.Ticket?.EncPart == null)
{
return(null);
}
DecryptedData decryptor = null;
if (Decryptors.TryGetValue(token.Ticket.EncPart.EType, out Func <KrbApReq, DecryptedData> func) && func != null)
{
decryptor = func(token);
}
if (decryptor != null)
{
decryptor.Decrypt(keytab);
}
return(decryptor);
}
public InitialContextToken(Asn1Element sequence, IEnumerable <MechType> mechTypes)
{
var childNode = new Asn1Element(sequence.Value);
if (childNode.Count <= 0 && mechTypes.Any(a => a.Oid == MechType.NEGOEX))
{
NegotiateExtension = new NegotiateExtension(sequence.Value);
}
for (var i = 0; i < childNode.Count; i++)
{
var node = childNode[i];
if (node.ContextSpecificTag == MechType.ContextTag)
{
ThisMech = new MechType(node.AsString());
}
else if (node.Count > 0)
{
InnerContextToken = new KrbApReq(node[0]);
}
}
}
public RC4DecryptedData(KrbApReq token)
{
this.token = token;
}
public KerberosContextToken(GssApiToken gssToken = null, ReadOnlyMemory <byte>?data = null)
{
var kerb = data ?? gssToken?.Token;
this.KrbApReq = KrbApReq.DecodeApplication(kerb.Value);
}
