/// <summary>
/// Constructor.
/// </summary>
/// <param name="creds">Credential handle.</param>
/// <param name="req_attributes">Request attribute flags.</param>
/// <param name="channel_binding">Optional channel binding token.</param>
/// <param name="data_rep">Data representation.</param>
public ServerAuthenticationContext(CredentialHandle creds, AcceptContextReqFlags req_attributes,
byte[] channel_binding, SecDataRep data_rep)
{
_creds = creds;
RequestAttributes = req_attributes & ~AcceptContextReqFlags.AllocateMemory;
DataRepresentation = data_rep;
_token_count = 0;
ChannelBinding = channel_binding;
}
/// <summary>
/// Constructor.
/// </summary>
/// <param name="creds">Credential handle.</param>
/// <param name="req_attributes">Request attribute flags.</param>
/// <param name="data_rep">Data representation.</param>
/// <param name="token">Initial authentication token.</param>
public ServerAuthenticationContext(CredentialHandle creds, byte[] token,
AcceptContextReqFlags req_attributes, SecDataRep data_rep)
{
_creds = creds;
_context = new SecHandle();
_req_flags = req_attributes & ~AcceptContextReqFlags.AllocateMemory;
_data_rep = data_rep;
Done = GenServerContext(true, token);
}
/// <summary>
/// Constructor.
/// </summary>
/// <param name="creds">Credential handle.</param>
/// <param name="req_attributes">Request attribute flags.</param>
/// <param name="target">Target SPN (optional).</param>
/// <param name="data_rep">Data representation.</param>
public ClientAuthenticationContext(CredentialHandle creds, InitializeContextReqFlags req_attributes,
string target, SecDataRep data_rep)
{
_creds = creds;
_req_attributes = req_attributes & ~InitializeContextReqFlags.AllocateMemory;
_context = new SecHandle();
_target = target;
_data_rep = data_rep;
Continue(null);
}
internal static extern SecStatusCode AcceptSecurityContext(
[In] SecHandle phCredential,
[In] SecHandle phContext,
SecBufferDesc pInput,
AcceptContextReqFlags fContextReq,
SecDataRep TargetDataRep,
[In, Out] SecHandle phNewContext,
[In, Out] SecBufferDesc pOutput,
out AcceptContextRetFlags pfContextAttr,
[Out] LargeInteger ptsExpiry
);
/// <summary>
/// Constructor.
/// </summary>
/// <param name="creds">Credential handle.</param>
/// <param name="req_attributes">Request attribute flags.</param>
/// <param name="channel_binding">Optional channel binding token.</param>
/// <param name="data_rep">Data representation.</param>
public ServerAuthenticationContext(CredentialHandle creds, AcceptContextReqFlags req_attributes,
byte[] channel_binding, SecDataRep data_rep)
{
_creds = creds;
_context = new SecHandle();
_req_flags = req_attributes & ~AcceptContextReqFlags.AllocateMemory;
_data_rep = data_rep;
_new_context = true;
_token_count = 0;
_channel_binding = channel_binding;
}
/// <summary>
/// Constructor.
/// </summary>
/// <param name="creds">Credential handle.</param>
/// <param name="req_attributes">Request attribute flags.</param>
/// <param name="target">Target SPN (optional).</param>
/// <param name="data_rep">Data representation.</param>
/// <param name="channel_binding">Optional channel binding token.</param>
public ClientAuthenticationContext(CredentialHandle creds,
InitializeContextReqFlags req_attributes,
string target, byte[] channel_binding, SecDataRep data_rep)
{
_creds = creds;
_req_attributes = req_attributes & ~InitializeContextReqFlags.AllocateMemory;
_context = new SecHandle();
_target = target == string.Empty ? null : target;
_data_rep = data_rep;
_token_count = 0;
_channel_binding = channel_binding;
Continue(null);
}
internal static SecStatusCode InitializeSecurityContext(
CredentialHandle credential,
SecHandle context,
string target_name,
InitializeContextReqFlags req_attributes,
SecDataRep data_rep,
IList <SecurityBuffer> input,
SecHandle new_context,
IList <SecurityBuffer> output,
out InitializeContextRetFlags ret_attributes,
LargeInteger expiry,
bool throw_on_error)
{
using (DisposableList list = new DisposableList())
{
var input_buffers = input?.ToBufferList(list);
var output_buffers = output?.ToBufferList(list);
var in_buffer_desc = input_buffers.ToDesc(list);
var out_buffer_desc = output_buffers.ToDesc(list);
var result = SecurityNativeMethods.InitializeSecurityContext(credential.CredHandle,
context, target_name, req_attributes, 0, data_rep, in_buffer_desc, 0,
new_context, out_buffer_desc, out ret_attributes, expiry).CheckResult(throw_on_error);
if (!result.IsSuccess())
{
return(result);
}
try
{
if (result == SecStatusCode.SEC_I_COMPLETE_NEEDED || result == SecStatusCode.SEC_I_COMPLETE_AND_CONTINUE)
{
var comp_result = SecurityNativeMethods.CompleteAuthToken(new_context, out_buffer_desc).CheckResult(throw_on_error);
if (!comp_result.IsSuccess())
{
return(comp_result);
}
}
}
finally
{
if (result.IsSuccess())
{
output?.UpdateBuffers(out_buffer_desc);
}
}
return(result);
}
}
internal static extern SecStatusCode InitializeSecurityContext(
[In] SecHandle phCredential,
[In] SecHandle phContext,
string pszTargetName,
InitializeContextReqFlags fContextReq,
int Reserved1,
SecDataRep TargetDataRep,
SecBufferDesc pInput,
int Reserved2,
[Out] SecHandle phNewContext,
[In, Out] SecBufferDesc pOutput,
out InitializeContextRetFlags pfContextAttr,
[Out] LargeInteger ptsExpiry
);
/// <summary>
/// Constructor.
/// </summary>
/// <param name="creds">Credential handle.</param>
/// <param name="req_attributes">Request attribute flags.</param>
/// <param name="target">Target SPN (optional).</param>
/// <param name="data_rep">Data representation.</param>
/// <param name="channel_binding">Optional channel binding token.</param>
/// <param name="initialize">Specify to default initialize the context. Must call Continue with an auth token to initialize.</param>
public ClientAuthenticationContext(CredentialHandle creds,
InitializeContextReqFlags req_attributes,
string target, byte[] channel_binding, SecDataRep data_rep, bool initialize)
{
_creds = creds;
_token_count = 0;
RequestAttributes = req_attributes;
Target = target;
DataRepresentation = data_rep;
ChannelBinding = channel_binding;
if (initialize)
{
Continue();
}
}
/// <summary>
/// Constructor.
/// </summary>
/// <param name="creds">Credential handle.</param>
/// <param name="req_attributes">Request attribute flags.</param>
/// <param name="data_rep">Data representation.</param>
public ClientAuthenticationContext(CredentialHandle creds,
InitializeContextReqFlags req_attributes, SecDataRep data_rep)
: this(creds, req_attributes, null, data_rep)
{
}
/// <summary>
/// Constructor.
/// </summary>
/// <param name="creds">Credential handle.</param>
/// <param name="req_attributes">Request attribute flags.</param>
/// <param name="target">Target SPN (optional).</param>
/// <param name="data_rep">Data representation.</param>
/// <param name="channel_binding">Optional channel binding token.</param>
public ClientAuthenticationContext(CredentialHandle creds,
InitializeContextReqFlags req_attributes,
string target, byte[] channel_binding, SecDataRep data_rep)
: this(creds, req_attributes, target, channel_binding, data_rep, true)
{
}
/// <summary>
/// Constructor.
/// </summary>
/// <param name="creds">Credential handle.</param>
/// <param name="req_attributes">Request attribute flags.</param>
/// <param name="data_rep">Data representation.</param>
public ServerAuthenticationContext(CredentialHandle creds,
AcceptContextReqFlags req_attributes, SecDataRep data_rep)
: this(creds, req_attributes, null, data_rep)
{
}
