private static IEnumerable <AuthorizationDataElement> ExtractRestrictions(Asn1Element restrictions)
{
var elements = new List <AuthorizationDataElement>();
AuthorizationDataValueType type = 0;
for (var i = 0; i < restrictions.Count; i++)
{
switch (restrictions[i].ContextSpecificTag)
{
case 0:
type = (AuthorizationDataValueType)restrictions[i][0].AsInt();
break;
case 1:
var rel = ParseAdIfRelevant(restrictions[i], type);
if (rel != null)
{
elements.Add(rel);
}
break;
}
}
return(elements);
}
private static AuthorizationDataElement ParseIfRelevant(Asn1Element restriction)
{
AuthorizationDataValueType type = 0;
switch (restriction.ContextSpecificTag)
{
case 0:
type = (AuthorizationDataValueType)restriction[0].AsInt();
break;
case 1:
return(ParseAdIfRelevant(restriction, type));
}
throw new InvalidDataException();
}
private static AuthorizationDataElement ParseAdIfRelevant(Asn1Element restriction, AuthorizationDataValueType type)
{
switch (type)
{
case AuthorizationDataValueType.AD_WIN2K_PAC:
return(new PacElement(restriction[0].Value));
case AuthorizationDataValueType.AD_ETYPE_NEGOTIATION:
return(ParseETypes(restriction.AsEncapsulatedElement()));
case AuthorizationDataValueType.KERB_AUTH_DATA_TOKEN_RESTRICTIONS:
return(new RestrictionEntry().Decode(restriction.AsEncapsulatedElement()));
case AuthorizationDataValueType.KERB_AP_OPTIONS:
return(new KerbApOptions(restriction[0].AsInt(reverse: true)));
case AuthorizationDataValueType.KERB_LOCAL:
return(new KerbLocal(restriction[0].Value));
case AuthorizationDataValueType.KERB_SERVICE_TARGET:
return(new KerbServiceName(restriction[0].Value));
default:
return(null);
}
}