/// <summary>
/// Update the Authorization Data part in Ticket with new value.
/// </summary>
/// <param name="ticket">Ticket to be updated with new authorizationData</param>
/// <param name="key">The key that encrypts ticket part.</param>
/// <param name="authorizationData">New authorizationData to update.</param>
public static void UpdateAuthDataInTicket(Ticket ticket, byte[] key, AuthorizationData authorizationData)
{
EncryptionType encryptType = (EncryptionType)ticket.enc_part.etype.Value;
byte[] clearText = KerberosUtility.Decrypt(
encryptType,
key,
ticket.enc_part.cipher.ByteArrayValue,
(int)KeyUsageNumber.AS_REP_TicketAndTGS_REP_Ticket);
// Decode the ticket.
Asn1DecodingBuffer decodeBuffer = new Asn1DecodingBuffer(clearText);
EncTicketPart encTicketPart = new EncTicketPart();
encTicketPart.BerDecode(decodeBuffer);
// Set with new authorization data
encTicketPart.authorization_data = authorizationData;
Asn1BerEncodingBuffer ticketBerBuffer = new Asn1BerEncodingBuffer();
encTicketPart.BerEncode(ticketBerBuffer, true);
byte[] cipherData = KerberosUtility.Encrypt(
encryptType,
key,
ticketBerBuffer.Data,
(int)KeyUsageNumber.AS_REP_TicketAndTGS_REP_Ticket);
ticket.enc_part = new EncryptedData(new KerbInt32((int)encryptType), null, new Asn1OctetString(cipherData));
}
private void DecryptTicket(EncryptionType type, byte[] sessionKey)
{
var ticketEncPartRawData = KerberosUtility.Decrypt(
type,
sessionKey,
Response.ticket.enc_part.cipher.ByteArrayValue,
(int)KeyUsageNumber.AS_REP_TicketAndTGS_REP_Ticket);
TicketEncPart = new EncTicketPart();
TicketEncPart.BerDecode(new Asn1DecodingBuffer(ticketEncPartRawData));
KerberosUtility.OnDumpMessage("KRB5:TicketEncPart",
"Encrypted Ticket in TGS-REP",
KerberosUtility.DumpLevel.PartialMessage,
ticketEncPartRawData);
}
/// <summary>
/// Get Authorization Data from Ticket in AS/TGS response
/// </summary>
/// <param name="ticket">Ticket part that includes Auth Data.</param>
/// <param name="key">The key that encrypts ticket part.</param>
/// <returns>Authorization Data in the ticket</returns>
public static AuthorizationData GetAuthDataInTicket(Ticket ticket, byte[] key)
{
EncryptionType encryptType = (EncryptionType)ticket.enc_part.etype.Value;
byte[] clearText = KerberosUtility.Decrypt(
encryptType,
key,
ticket.enc_part.cipher.ByteArrayValue,
(int)KeyUsageNumber.AS_REP_TicketAndTGS_REP_Ticket);
// Decode the ticket.
Asn1DecodingBuffer decodeBuffer = new Asn1DecodingBuffer(clearText);
EncTicketPart encTicketPart = new EncTicketPart();
encTicketPart.BerDecode(decodeBuffer);
return(encTicketPart.authorization_data);
}
private void DecryptTicket(EncryptionType type, byte[] sessionKey)
{
var ticketEncPartRawData = KerberosUtility.Decrypt(
type,
sessionKey,
Response.ticket.enc_part.cipher.ByteArrayValue,
(int)KeyUsageNumber.AS_REP_TicketAndTGS_REP_Ticket);
TicketEncPart = new EncTicketPart();
TicketEncPart.BerDecode(new Asn1DecodingBuffer(ticketEncPartRawData));
KerberosUtility.OnDumpMessage("KRB5:TicketEncPart",
"Encrypted Ticket in TGS-REP",
KerberosUtility.DumpLevel.PartialMessage,
ticketEncPartRawData);
}