Ejemplo n.º 1
0
 public KrbPkAuthenticator(uint cuSec, DateTime cTime, int nonce, KDCReqBody reqBody)
 {
     CuSec       = cuSec;
     CTime       = cTime;
     Nonce       = nonce;
     RequestBody = reqBody;
 }
Ejemplo n.º 2
0
 public TGS_REQ()
 {
     // default, for creation
     pvno = 5;
     // msg-type [2] INTEGER (12 -- TGS)
     msg_type = 12;
     padata   = new List <PA_DATA>();
     req_body = new KDCReqBody();
 }
Ejemplo n.º 3
0
        public AS_REQ(byte[] data)
        {
            // decode the supplied bytes to an AsnElt object
            data = AsnIO.FindBER(data);
            AsnElt asn_AS_REQ = AsnElt.Decode(data);

            padata = new List <PA_DATA>();

            // AS-REQ::= [APPLICATION 10] KDC-REQ
            //  tag class == 1
            //  tag class == 10
            //  SEQUENCE
            if (asn_AS_REQ.TagValue != (int)Interop.KERB_MESSAGE_TYPE.AS_REQ)
            {
                throw new System.Exception("AS-REQ tag value should be 10");
            }

            if ((asn_AS_REQ.Sub.Length != 1) || (asn_AS_REQ.Sub[0].TagValue != 16))
            {
                throw new System.Exception("First AS-REQ sub should be a sequence");
            }

            // extract the KDC-REP out
            AsnElt[] kdc_req = asn_AS_REQ.Sub[0].Sub;

            foreach (AsnElt s in kdc_req)
            {
                switch (s.TagValue)
                {
                case 1:
                    pvno = s.Sub[0].GetInteger();
                    break;

                case 2:
                    msg_type = s.Sub[0].GetInteger();
                    break;

                case 3:
                    // sequence of pa-data
                    foreach (AsnElt pa in s.Sub[0].Sub)
                    {
                        padata.Add(new PA_DATA(pa));
                    }
                    break;

                case 4:
                    // KDC-REQ-BODY
                    req_body = new KDCReqBody(s.Sub[0]);
                    break;

                default:
                    throw new System.Exception(String.Format("Invalid tag AS-REQ value : {0}", s.TagValue));
                }
            }
        }
Ejemplo n.º 4
0
        public AS_REQ()
        {
            // default, for creation
            pvno     = 5;
            msg_type = 10;

            padata = new List <PA_DATA>();
            padata.Add(new PA_DATA());

            req_body = new KDCReqBody();
        }
Ejemplo n.º 5
0
        public AS_REQ(bool opsec = false)
        {
            // default, for creation
            pvno     = 5;
            msg_type = (long)Interop.KERB_MESSAGE_TYPE.AS_REQ;

            padata = new List <PA_DATA>();
            padata.Add(new PA_DATA());

            req_body = new KDCReqBody(true, opsec);
        }
Ejemplo n.º 6
0
        public AS_REQ(byte[] data)
        {
            // decode the supplied bytes to an AsnElt object
            data = AsnIO.FindBER(data);
            AsnElt asn_AS_REQ = AsnElt.Decode(data);

            padata = new List <PA_DATA>();

            // AS-REQ::= [APPLICATION 10] KDC-REQ
            //  tag class == 1
            //  tag class == 10
            //  SEQUENCE
            if (asn_AS_REQ.TagValue != 10)
            {
                throw new System.Exception("AS-REQ tag value should be 10");
            }
            if ((asn_AS_REQ.Count != 1) || (asn_AS_REQ.FirstElement.TagValue != 16))
            {
                throw new System.Exception("First AS-REQ sub should be a sequence");
            }

            // extract the KDC-REP out
            foreach (AsnElt s in asn_AS_REQ.FirstElement.EnumerateElements())
            {
                AsnElt firstElement = s.FirstElement;
                switch (s.TagValue)
                {
                case 1:
                    pvno = firstElement.GetInteger();
                    break;

                case 2:
                    msg_type = firstElement.GetInteger();
                    break;

                case 3:
                    // sequence of pa-data
                    foreach (AsnElt pa in firstElement.EnumerateElements())
                    {
                        padata.Add(new PA_DATA(pa));
                    }
                    break;

                case 4:
                    // KDC-REQ-BODY
                    req_body = new KDCReqBody(firstElement);
                    break;

                default:
                    throw new System.Exception(String.Format("Invalid tag AS-REQ value : {0}", s.TagValue));
                }
            }
        }
Ejemplo n.º 7
0
        public TGS_REQ(bool cname = true)
        {
            // default, for creation
            pvno = 5;

            // msg-type        [2] INTEGER (12 -- TGS)
            msg_type = 12;

            padata = new List <PA_DATA>();

            // added ability to remove cname from TGS request
            // seemed to be useful for cross domain stuff
            // didn't see a cname in "real" S4U request traffic
            req_body = new KDCReqBody(c: cname);
        }
Ejemplo n.º 8
0
        public AS_REQ(string keyString, Interop.KERB_ETYPE etype)
        {
            // default, for creation
            pvno     = 5;
            msg_type = 10;

            padata = new List <PA_DATA>();

            // add the encrypted timestamp
            padata.Add(new PA_DATA(keyString, etype));

            // add the include-pac == true
            padata.Add(new PA_DATA());

            req_body = new KDCReqBody();
        }
Ejemplo n.º 9
0
        public AS_REQ(X509Certificate2 pkCert, KDCKeyAgreement agreement, bool verifyCerts = false)
        {
            // default, for creation
            pvno     = 5;
            msg_type = 10;

            padata = new List <PA_DATA>();

            req_body = new KDCReqBody();

            // add the include-pac == true
            padata.Add(new PA_DATA());

            // add the encrypted timestamp
            padata.Add(new PA_DATA(pkCert, agreement, req_body, verifyCerts));
        }
Ejemplo n.º 10
0
        public PA_DATA(X509Certificate2 pkInitCert, KDCKeyAgreement agreement, KDCReqBody kdcRequestBody, bool verifyCerts = false)
        {
            DateTime           now           = DateTime.UtcNow;
            KrbPkAuthenticator authenticator = new KrbPkAuthenticator((uint)now.Millisecond, now, now.Millisecond, kdcRequestBody);
            KrbAuthPack        authPack      = new KrbAuthPack(authenticator, pkInitCert);

            byte[] pubKeyInfo = AsnElt.Make(AsnElt.SEQUENCE, new AsnElt[] {
                AsnElt.MakeInteger(agreement.P),
                AsnElt.MakeInteger(agreement.G),
            }).Encode();

            authPack.ClientPublicValue = new KrbSubjectPublicKeyInfo(new KrbAlgorithmIdentifier(DiffieHellman, pubKeyInfo),
                                                                     AsnElt.MakeInteger(agreement.Y).Encode());

            type  = Interop.PADATA_TYPE.PK_AS_REQ;
            value = new PA_PK_AS_REQ(authPack, pkInitCert, agreement, verifyCerts);
        }
Ejemplo n.º 11
0
        public AS_REQ(string keyString, Interop.KERB_ETYPE etype, bool opsec = false)
        {
            // default, for creation
            pvno     = 5;
            msg_type = (long)Interop.KERB_MESSAGE_TYPE.AS_REQ;

            padata = new List <PA_DATA>();

            // add the encrypted timestamp
            padata.Add(new PA_DATA(keyString, etype));

            // add the include-pac == true
            padata.Add(new PA_DATA());

            req_body = new KDCReqBody(true, opsec);

            this.keyString = keyString;
        }