internal void Encode(AsnWriter writer, Asn1Tag tag)
{
writer.PushSequence(tag);
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
writer.WriteInteger(ProtocolVersionNumber);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 1));
writer.WriteInteger((long)MessageType);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 1));
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 2));
writer.PushSequence();
for (int i = 0; i < Tickets.Length; i++)
{
Tickets[i]?.Encode(writer);
}
writer.PopSequence();
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 2));
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 3));
EncryptedPart?.Encode(writer);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 3));
writer.PopSequence(tag);
}
internal void Encode(AsnWriter writer, Asn1Tag tag)
{
writer.PushSequence(tag);
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
writer.WriteInteger(ProtocolVersionNumber);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 1));
writer.WriteInteger((long)MessageType);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 1));
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 2));
EncryptedPart?.Encode(writer);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 2));
writer.PopSequence(tag);
}
internal void Encode(AsnWriter writer, Asn1Tag tag)
{
writer.PushSequence(tag);
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
writer.WriteInteger(TicketNumber);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 1));
writer.WriteCharacterString(UniversalTagNumber.GeneralString, Realm);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 1));
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 2));
SName?.Encode(writer);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 2));
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 3));
EncryptedPart?.Encode(writer);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 3));
writer.PopSequence(tag);
}
internal void Encode(AsnWriter writer, Asn1Tag tag)
{
writer.PushSequence(tag);
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
writer.WriteInteger(ProtocolVersionNumber);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 1));
writer.WriteInteger((long)MessageType);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 1));
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 2));
writer.WriteBitString(ApOptions.AsReadOnly());
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 2));
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 3));
Ticket?.Encode(writer);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 3));
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 4));
Authenticator?.Encode(writer);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 4));
writer.PopSequence(tag);
}
internal void Encode(AsnWriter writer, Asn1Tag tag)
{
writer.PushSequence(tag);
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
writer.WriteInteger(ProtocolVersionNumber);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 1));
writer.WriteInteger((long)MessageType);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 1));
if (Asn1Extension.HasValue(PaData))
{
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 2));
writer.PushSequence();
for (int i = 0; i < PaData.Length; i++)
{
PaData[i]?.Encode(writer);
}
writer.PopSequence();
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 2));
}
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 3));
writer.WriteCharacterString(UniversalTagNumber.GeneralString, CRealm);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 3));
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 4));
CName?.Encode(writer);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 4));
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 5));
Ticket?.Encode(writer);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 5));
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 6));
EncPart?.Encode(writer);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 6));
writer.PopSequence(tag);
}
public static KrbAsReq CreateAsReq(KerberosCredential credential, AuthenticationOptions options)
{
var kdcOptions = (KdcOptions)(options & ~AuthenticationOptions.AllAuthentication);
var hostAddress = Environment.MachineName;
var padata = new List <KrbPaData>()
{
new KrbPaData
{
Type = PaDataType.PA_PAC_REQUEST,
Value = new KrbPaPacRequest
{
IncludePac = options.HasFlag(AuthenticationOptions.IncludePacRequest)
}.Encode().AsMemory()
}
};
if (options.HasFlag(AuthenticationOptions.PreAuthenticate))
{
KerberosConstants.Now(out DateTimeOffset timestamp, out int usec);
var ts = new KrbPaEncTsEnc
{
PaTimestamp = timestamp,
PaUSec = usec
};
var tsEncoded = ts.Encode().AsMemory();
KrbEncryptedData encData = KrbEncryptedData.Encrypt(
tsEncoded,
credential.CreateKey(),
KeyUsage.PaEncTs
);
padata.Add(new KrbPaData
{
Type = PaDataType.PA_ENC_TIMESTAMP,
Value = encData.Encode().AsMemory()
});
}
var asreq = new KrbAsReq()
{
MessageType = MessageType.KRB_AS_REQ,
Body = new KrbKdcReqBody
{
Addresses = new[] {
new KrbHostAddress {
AddressType = AddressType.NetBios,
Address = Encoding.ASCII.GetBytes(hostAddress.PadRight(16, ' '))
}
},
CName = new KrbPrincipalName
{
Name = new[] { $"{credential.UserName}@{credential.Domain}" },
Type = PrincipalNameType.NT_ENTERPRISE
},
EType = KerberosConstants.ETypes.ToArray(),
KdcOptions = kdcOptions,
Nonce = KerberosConstants.GetNonce(),
RTime = KerberosConstants.EndOfTime,
Realm = credential.Domain,
SName = new KrbPrincipalName
{
Type = PrincipalNameType.NT_SRV_INST,
Name = new[] { "krbtgt", credential.Domain }
},
Till = KerberosConstants.EndOfTime
},
PaData = padata.ToArray()
};
return(asreq);
}
internal void Encode(AsnWriter writer, Asn1Tag tag)
{
writer.PushSequence(tag);
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
writer.WriteBitString(KdcOptions.AsReadOnly());
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
if (HasValue(CName))
{
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 1));
CName?.Encode(writer);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 1));
}
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 2));
writer.WriteCharacterString(UniversalTagNumber.GeneralString, Realm);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 2));
if (HasValue(SName))
{
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 3));
SName?.Encode(writer);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 3));
}
if (HasValue(From))
{
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 4));
writer.WriteGeneralizedTime(From.Value);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 4));
}
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 5));
writer.WriteGeneralizedTime(Till);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 5));
if (HasValue(RTime))
{
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 6));
writer.WriteGeneralizedTime(RTime.Value);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 6));
}
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 7));
writer.WriteInteger(Nonce);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 7));
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 8));
writer.PushSequence();
for (int i = 0; i < EType.Length; i++)
{
writer.WriteInteger((long)EType[i]);
}
writer.PopSequence();
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 8));
if (HasValue(Addresses))
{
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 9));
writer.PushSequence();
for (int i = 0; i < Addresses.Length; i++)
{
Addresses[i]?.Encode(writer);
}
writer.PopSequence();
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 9));
}
if (HasValue(EncAuthorizationData))
{
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 10));
EncAuthorizationData?.Encode(writer);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 10));
}
if (HasValue(AdditionalTickets))
{
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 11));
writer.PushSequence();
for (int i = 0; i < AdditionalTickets.Length; i++)
{
AdditionalTickets[i]?.Encode(writer);
}
writer.PopSequence();
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 11));
}
writer.PopSequence(tag);
}