internal static void WritePrincipalName(this DERBuilder builder, KerberosPrincipalName name)
{
using (var seq = builder.CreateSequence())
{
seq.WriteContextSpecific(0, b => b.WriteInt32((int)name.NameType));
seq.WriteContextSpecific(1, b => b.WriteSequence(name.Names,
(s, v) => s.WriteGeneralString(v)));
}
}
internal static byte[] CreateGssApiWrapper(byte[] inner_token, string oid, ushort token_id)
{
var builder = new DERBuilder();
using (var app = builder.CreateApplication(0))
{
app.WriteObjectId(oid);
byte[] ba = BitConverter.GetBytes(token_id);
Array.Reverse(ba);
app.WriteRawBytes(ba);
app.WriteRawBytes(inner_token);
}
return(builder.ToArray());
}
/// <summary>
/// Create a new KRB-ERROR authentication token.
/// </summary>
/// <param name="client_time">Optional client time.</param>
/// <param name="server_time">Server time.</param>
/// <param name="error_code">Error code.</param>
/// <param name="client_realm">Optional client realm.</param>
/// <param name="client_name">Optional client name.</param>
/// <param name="server_realm">Server realm</param>
/// <param name="server_name">Server name.</param>
/// <param name="error_text">Optional error text.</param>
/// <param name="error_data">Optional error data.</param>
/// <returns>The KRB-ERROR authentication token.</returns>
public static KerberosErrorAuthenticationToken Create(DateTime server_time, KerberosErrorType error_code,
string server_realm, KerberosPrincipalName server_name, DateTime?client_time = null, string client_realm = null,
KerberosPrincipalName client_name = null, string error_text = null, byte[] error_data = null)
{
if (server_realm is null)
{
throw new ArgumentNullException(nameof(server_realm));
}
if (server_name is null)
{
throw new ArgumentNullException(nameof(server_name));
}
DERBuilder builder = new DERBuilder();
using (var app = builder.CreateApplication(30))
{
using (var seq = app.CreateSequence())
{
seq.WriteKerberosHeader(KerberosMessageType.KRB_ERROR);
if (client_time.HasValue)
{
seq.WriteKerberosTime(2, client_time.Value);
}
seq.WriteKerberosTime(4, server_time);
seq.WriteContextSpecific(6, b => b.WriteInt32((int)error_code));
if (client_realm != null)
{
seq.WriteContextSpecific(7, b => b.WriteGeneralString(client_realm));
}
if (client_name != null)
{
seq.WriteContextSpecific(8, b => b.WritePrincipalName(client_name));
}
seq.WriteContextSpecific(9, b => b.WriteGeneralString(server_realm));
seq.WriteContextSpecific(10, b => b.WritePrincipalName(server_name));
if (error_text != null)
{
seq.WriteContextSpecific(11, b => b.WriteGeneralString(error_text));
}
if (error_data != null)
{
seq.WriteContextSpecific(12, b => b.WriteOctetString(error_data));
}
}
}
return((KerberosErrorAuthenticationToken)Parse(builder.CreateGssApiWrapper(OIDValues.KERBEROS, 0x300)));
}
private static DERBuilder CreateBuilder(KerberosTicket ticket)
{
if (ticket is null)
{
throw new ArgumentNullException(nameof(ticket));
}
DERBuilder builder = new DERBuilder();
using (var seq = builder.CreateSequence())
{
seq.WriteKerberosHeader(KerberosMessageType.KRB_TGT_REP);
seq.WriteContextSpecific(2, ticket.TicketData);
}
return(builder);
}
private static DERBuilder CreateBuilder(string realm, KerberosPrincipalName server_name)
{
DERBuilder builder = new DERBuilder();
using (var seq = builder.CreateSequence())
{
seq.WriteKerberosHeader(KerberosMessageType.KRB_TGT_REQ);
if (server_name != null)
{
seq.WriteContextSpecific(2, b => b.WritePrincipalName(server_name));
}
if (realm != null)
{
seq.WriteContextSpecific(3, b => b.WriteGeneralString(realm));
}
}
return(builder);
}
internal static byte[] CreateGssApiWrapper(this DERBuilder inner_token, string oid, ushort token_id)
{
return(CreateGssApiWrapper(inner_token.ToArray(), oid, token_id));
}
internal static void WriteKerberosTime(this DERBuilder builder, int context, DateTime time)
{
builder.WriteContextSpecific(context, b => b.WriteGeneralizedTime(time));
builder.WriteContextSpecific(context + 1, b => b.WriteInt32(time.Millisecond * 1000));
}
internal static void WriteKerberosHeader(this DERBuilder builder, KerberosMessageType msg_type)
{
builder.WriteContextSpecific(0, b => b.WriteInt32(5));
builder.WriteContextSpecific(1, b => b.WriteInt32((int)msg_type));
}