Example #1
0
        /// <summary>
        /// Try and parse data into an ASN1 authentication token.
        /// </summary>
        /// <param name="data">The data to parse.</param>
        /// <param name="token">The Negotiate authentication token.</param>
        /// <param name="values">Parsed DER Values.</param>
        internal static bool TryParse(byte[] data, DERValue[] values, out KerberosAuthenticationToken token)
        {
            token = null;
            try
            {
                var ret = new KerberosAPReplyAuthenticationToken(data, values);

                if (values.Length != 1 || !values[0].CheckApplication(15) || !values[0].HasChildren())
                {
                    return(false);
                }

                values = values[0].Children;
                if (values.Length != 1 || !values[0].CheckSequence() || !values[0].HasChildren())
                {
                    return(false);
                }

                foreach (var next in values[0].Children)
                {
                    if (next.Type != DERTagType.ContextSpecific)
                    {
                        return(false);
                    }
                    switch (next.Tag)
                    {
                    case 0:
                        if (next.ReadChildInteger() != 5)
                        {
                            return(false);
                        }
                        break;

                    case 1:
                        if ((KerberosMessageType)next.ReadChildInteger() != KerberosMessageType.KRB_AP_REP)
                        {
                            return(false);
                        }
                        break;

                    case 2:
                        if (!next.HasChildren())
                        {
                            return(false);
                        }
                        ret.EncryptedPart = KerberosEncryptedData.Parse(next.Children[0]);
                        break;

                    default:
                        return(false);
                    }
                }
                token = ret;
                return(true);
            }
            catch (InvalidDataException)
            {
                return(false);
            }
        }
Example #2
0
        /// <summary>
        /// Try and parse data into an ASN1 authentication token.
        /// </summary>
        /// <param name="data">The data to parse.</param>
        /// <param name="token">The Negotiate authentication token.</param>
        /// <param name="values">Parsed DER Values.</param>
        internal static bool TryParse(byte[] data, DERValue[] values, out KerberosAuthenticationToken token)
        {
            token = null;
            try
            {
                var ret = new KerberosTGTRequestAuthenticationToken(data, values);

                if (values.Length != 1 || !values[0].HasChildren())
                {
                    return(false);
                }

                Queue <DERValue> queue = new Queue <DERValue>(values[0].Children);
                while (queue.Count > 0)
                {
                    var next = queue.Dequeue();
                    if (next.Type != DERTagType.ContextSpecific)
                    {
                        return(false);
                    }
                    switch (next.Tag)
                    {
                    case 0:
                        if (next.ReadChildInteger() != 5)
                        {
                            return(false);
                        }
                        break;

                    case 1:
                        if ((KRB_MSG_TYPE)next.ReadChildInteger() != KRB_MSG_TYPE.KRB_TGT_REQ)
                        {
                            return(false);
                        }
                        break;

                    case 2:
                        if (!next.Children[0].CheckSequence())
                        {
                            return(false);
                        }
                        ret.ServerName = KerberosPrincipalName.Parse(next.Children[0]);
                        break;

                    case 3:
                        ret.Realm = next.ReadChildGeneralString();
                        break;

                    default:
                        return(false);
                    }
                }
                token = ret;
                return(true);
            }
            catch (InvalidDataException)
            {
                return(false);
            }
        }
Example #3
0
        /// <summary>
        /// Try and parse data into an ASN1 authentication token.
        /// </summary>
        /// <param name="data">The data to parse.</param>
        /// <param name="token">The Negotiate authentication token.</param>
        /// <param name="values">Parsed DER Values.</param>
        internal static bool TryParse(byte[] data, DERValue[] values, out KerberosAuthenticationToken token)
        {
            token = null;
            try {
                var ret = new KerberosErrorAuthenticationToken(data, values);

                if (values.Length != 1 || !values[0].CheckMsg(KerberosMessageType.KRB_ERROR) || !values[0].HasChildren())
                {
                    return(false);
                }

                values = values[0].Children;
                if (values.Length != 1 || !values[0].CheckSequence() || !values[0].HasChildren())
                {
                    return(false);
                }

                foreach (var next in values[0].Children)
                {
                    if (next.Type != DERTagType.ContextSpecific)
                    {
                        return(false);
                    }
                    switch (next.Tag)
                    {
                    case 0:
                        if (next.ReadChildInteger() != 5)
                        {
                            return(false);
                        }
                        break;

                    case 1:
                        if ((KerberosMessageType)next.ReadChildInteger() != KerberosMessageType.KRB_ERROR)
                        {
                            return(false);
                        }
                        break;

                    case 2:
                        ret.ClientTime = next.ReadChildGeneralizedTime();
                        break;

                    case 3:
                        ret.ClientUSec = next.ReadChildInteger();
                        break;

                    case 4:
                        ret.ServerTime = next.ReadChildGeneralizedTime();
                        break;

                    case 5:
                        ret.ServerUSec = next.ReadChildInteger();
                        break;

                    case 6:
                        ret.ErrorCode = (KerberosErrorType)next.ReadChildInteger();
                        break;

                    case 7:
                        ret.ClientRealm = next.ReadChildGeneralString();
                        break;

                    case 8:
                        if (!next.Children[0].CheckSequence())
                        {
                            throw new InvalidDataException();
                        }
                        ret.ClientName = KerberosPrincipalName.Parse(next.Children[0]);
                        break;

                    case 9:
                        ret.ServerRealm = next.ReadChildGeneralString();
                        break;

                    case 10:
                        if (!next.Children[0].CheckSequence())
                        {
                            throw new InvalidDataException();
                        }
                        ret.ServerName = KerberosPrincipalName.Parse(next.Children[0]);
                        break;

                    case 11:
                        ret.ErrorText = next.ReadChildGeneralString();
                        break;

                    case 12:
                        ret.ErrorData = next.ReadChildOctetString();
                        break;

                    default:
                        return(false);
                    }
                }
                token = ret;
                return(true);
            } catch (InvalidDataException) {
                return(false);
            }
        }
Example #4
0
 /// <summary>
 /// Try and parse data into an Kerberos authentication token.
 /// </summary>
 /// <param name="data">The data to parse.</param>
 /// <param name="token">The Kerberos authentication token.</param>
 /// <param name="client">True if this is a token from a client.</param>
 /// <param name="token_count">The token count number.</param>
 /// <returns>True if parsed successfully.</returns>
 internal static bool TryParse(byte[] data, int token_count, bool client, out KerberosAuthenticationToken token)
 {
     token = null;
     try
     {
         if (!GSSAPIUtils.TryParse(data, out byte[] inner_token, out string oid))
Example #5
0
        /// <summary>
        /// Try and parse data into an ASN1 authentication token.
        /// </summary>
        /// <param name="data">The data to parse.</param>
        /// <param name="token">The Negotiate authentication token.</param>
        /// <param name="values">Parsed DER Values.</param>
        internal static bool TryParse(byte[] data, DERValue[] values, out KerberosAuthenticationToken token)
        {
            token = null;
            try
            {
                var ret = new KerberosAPRequestAuthenticationToken(data, values);

                if (values.Length != 1 || !values[0].CheckApplication(14) || !values[0].HasChildren())
                {
                    return(false);
                }

                values = values[0].Children;
                if (values.Length != 1 || !values[0].CheckSequence() || !values[0].HasChildren())
                {
                    return(false);
                }

                Queue <DERValue> queue = new Queue <DERValue>(values[0].Children);
                while (queue.Count > 0)
                {
                    var next = queue.Dequeue();
                    if (next.Type != DERTagType.ContextSpecific)
                    {
                        return(false);
                    }
                    switch (next.Tag)
                    {
                    case 0:
                        if (next.ReadChildInteger() != 5)
                        {
                            return(false);
                        }
                        break;

                    case 1:
                        if ((KRB_MSG_TYPE)next.ReadChildInteger() != KRB_MSG_TYPE.KRB_AP_REQ)
                        {
                            return(false);
                        }
                        break;

                    case 2:
                        if (!next.Children[0].CheckPrimitive(UniversalTag.BIT_STRING))
                        {
                            return(false);
                        }
                        var bits    = next.Children[0].ReadBitString();
                        var options = KerberosAPRequestOptions.None;
                        if (bits[1])
                        {
                            options |= KerberosAPRequestOptions.UseSessionKey;
                        }
                        if (bits[2])
                        {
                            options |= KerberosAPRequestOptions.MutualAuthRequired;
                        }
                        ret.Options = options;
                        break;

                    case 3:
                        if (!next.HasChildren())
                        {
                            return(false);
                        }
                        ret.Ticket = KerberosTicket.Parse(next.Children[0]);
                        break;

                    case 4:
                        if (!next.HasChildren())
                        {
                            return(false);
                        }
                        ret.Authenticator = KerberosEncryptedData.Parse(next.Children[0]);
                        break;

                    default:
                        return(false);
                    }
                }
                token = ret;
                return(true);
            }
            catch (InvalidDataException)
            {
                return(false);
            }
        }