Example #1
0
        /// <summary>
        /// Calculate Server checksum (TD section 2.8.1) of the PAC message,
        /// place the checksum as a PacInfoBuffer whose ulType_Values is V3.
        /// Then calculate KDC checksum (TD section 2.8.2) of the PAC message,
        /// place the checksum as a PacInfoBuffer whose ulType_Values is V4.
        /// </summary>
        /// <param name="serverSignKey">The server signature key used to generate server signature.</param>
        /// <param name="kdcSignKey">The KDC signature key used to generate KDC signature.</param>
        /// <exception cref="ArgumentNullException">serverSignkey or kdcSignKey is null.</exception>
        public void Sign(byte[] serverSignKey, byte[] kdcSignKey)
        {
            // locate server and KDC signatures.
            PacSignatureData serverSign;
            PacSignatureData kdcSign;

            FindSignatures(out serverSign, out kdcSign);

            // types
            PAC_SIGNATURE_DATA_SignatureType_Values serversignType = serverSign.NativePacSignatureData.SignatureType;
            PAC_SIGNATURE_DATA_SignatureType_Values kdcSignType    = kdcSign.NativePacSignatureData.SignatureType;

            // clear signatures.
            int serverLength = PacSignatureData.CalculateSignatureLength(serversignType);

            serverSign.NativePacSignatureData.Signature = new byte[serverLength];

            int kdcLength = PacSignatureData.CalculateSignatureLength(kdcSignType);

            kdcSign.NativePacSignatureData.Signature = new byte[kdcLength];

            // sign server
            byte[] serverSignResult = PacSignatureData.Sign(
                ToBytes(), serversignType, serverSignKey);
            serverSign.NativePacSignatureData.Signature = serverSignResult;

            // sign KDC
            kdcSign.NativePacSignatureData.Signature = PacSignatureData.Sign(
                serverSignResult, kdcSignType, kdcSignKey);
        }
Example #2
0
        /// <summary>
        /// Verify Server checksum (TD section 2.8.1) and KDC checksum (TD section 2.8.2)
        /// of the PAC message.
        /// </summary>
        /// <param name="serverSignKey">The server signature key used to generate server signature.</param>
        /// <param name="kdcSignKey">The KDC signature key used to generate KDC signature.</param>
        /// <param name="isServerSignValid">true if server signature is valid.</param>
        /// <param name="isKdcSignValid">true if KDC signature is valid.</param>
        /// <exception cref="ArgumentNullException">serverSignkey or kdcSignKey is null.</exception>
        public void ValidateSign(byte[] serverSignKey, byte[] kdcSignKey,
                                 out bool isServerSignValid, out bool isKdcSignValid)
        {
            if (serverSignKey == null)
            {
                throw new ArgumentNullException("serverSignKey");
            }
            if (kdcSignKey == null)
            {
                throw new ArgumentNullException("kdcSignKey");
            }

            // locate server and KDC signatures.
            PacSignatureData serverSign;
            PacSignatureData kdcSign;

            FindSignatures(out serverSign, out kdcSign);

            // these validate operation will change signature values, so must backup and restore.
            byte[] oldServerSign = null;
            byte[] oldKdcSign    = null;

            isServerSignValid = false;
            isKdcSignValid    = false;

            try
            {
                // types
                PAC_SIGNATURE_DATA_SignatureType_Values serverSignType = serverSign.NativePacSignatureData.SignatureType;
                PAC_SIGNATURE_DATA_SignatureType_Values kdcSignType    = kdcSign.NativePacSignatureData.SignatureType;

                // backup and clear signatures.
                int serverLength = PacSignatureData.CalculateSignatureLength(serverSignType);
                oldServerSign = serverSign.NativePacSignatureData.Signature;
                serverSign.NativePacSignatureData.Signature = new byte[serverLength];

                int kdcLength = PacSignatureData.CalculateSignatureLength(kdcSignType);
                oldKdcSign = kdcSign.NativePacSignatureData.Signature;
                kdcSign.NativePacSignatureData.Signature = new byte[kdcLength];

                // validate server sign
                byte[] serverSignResult = PacSignatureData.Sign(
                    ToBytes(), serverSignType, serverSignKey);
                isServerSignValid = ArrayUtility.CompareArrays <byte>(serverSignResult, oldServerSign);

                // validate KDC sign
                byte[] kdcSignResult = PacSignatureData.Sign(
                    serverSignResult, kdcSignType, kdcSignKey);
                isKdcSignValid = ArrayUtility.CompareArrays <byte>(kdcSignResult, oldKdcSign);
            }
            finally
            {
                // restore server signature
                if (oldServerSign != null)
                {
                    serverSign.NativePacSignatureData.Signature = oldServerSign;
                }
                // restore KDC signature
                if (oldKdcSign != null)
                {
                    kdcSign.NativePacSignatureData.Signature = oldKdcSign;
                }
            }
        }