internal static IEnumerable <KerberosAuthorizationData> Parse(DERValue value)
{
if (!value.CheckSequence())
{
throw new InvalidDataException();
}
KerberosAuthorizationDataType type = 0;
byte[] data = null;
foreach (var next in value.Children)
{
if (next.Type != DERTagType.ContextSpecific)
{
throw new InvalidDataException();
}
switch (next.Tag)
{
case 0:
type = (KerberosAuthorizationDataType)next.ReadChildInteger();
break;
case 1:
data = next.ReadChildOctetString();
break;
default:
throw new InvalidDataException();
}
}
if (type == 0 || data == null)
{
throw new InvalidDataException();
}
List <KerberosAuthorizationData> ret = new List <KerberosAuthorizationData>();
if (type == KerberosAuthorizationDataType.AD_IF_RELEVANT)
{
DERValue[] values = DERParser.ParseData(data, 0);
if (values.Length != 1 || !values[0].CheckSequence() || !values[0].HasChildren())
{
throw new InvalidDataException();
}
ret.AddRange(values[0].Children.SelectMany(c => Parse(c)));
}
else if (type == KerberosAuthorizationDataType.KERB_AD_RESTRICTION_ENTRY)
{
if (KerberosAuthorizationDataRestrictionEntry.Parse(data,
out KerberosAuthorizationDataRestrictionEntry entry))
{
ret.Add(entry);
}
}
else if (type == KerberosAuthorizationDataType.AD_ETYPE_NEGOTIATION)
{
if (KerberosAuthorizationDataEncryptionNegotiation.Parse(data,
out KerberosAuthorizationDataEncryptionNegotiation entry))
{
ret.Add(entry);
}
}
else if (type == KerberosAuthorizationDataType.AD_WIN2K_PAC)
{
if (KerberosAuthorizationDataPAC.Parse(data,
out KerberosAuthorizationDataPAC entry))
{
ret.Add(entry);
}
}
else if (type == KerberosAuthorizationDataType.AD_AUTH_DATA_AP_OPTIONS)
{
if (KerberosAuthorizationDataApOptions.Parse(data,
out KerberosAuthorizationDataApOptions entry))
{
ret.Add(entry);
}
}
else if (type == KerberosAuthorizationDataType.AD_AUTH_DATA_TARGET_NAME)
{
if (KerberosAuthorizationDataTargetName.Parse(data,
out KerberosAuthorizationDataTargetName entry))
{
ret.Add(entry);
}
}
else if (type == KerberosAuthorizationDataType.KERB_LOCAL)
{
if (KerberosAuthorizationDataKerbLocal.Parse(data,
out KerberosAuthorizationDataKerbLocal entry))
{
ret.Add(entry);
}
}
if (ret.Count == 0)
{
ret.Add(new KerberosAuthorizationData(type, data));
}
return(ret);
}
internal static KerberosAuthorizationData Parse(DERValue value)
{
if (!value.CheckSequence())
{
throw new InvalidDataException();
}
KerberosAuthorizationDataType type = 0;
byte[] data = null;
foreach (var next in value.Children)
{
if (next.Type != DERTagType.ContextSpecific)
{
throw new InvalidDataException();
}
switch (next.Tag)
{
case 0:
type = (KerberosAuthorizationDataType)next.ReadChildInteger();
break;
case 1:
data = next.ReadChildOctetString();
break;
default:
throw new InvalidDataException();
}
}
if (type == 0 || data == null)
{
throw new InvalidDataException();
}
if (type == KerberosAuthorizationDataType.AD_IF_RELEVANT)
{
DERValue[] values = DERParser.ParseData(data, 0);
if (values.Length != 1 || !values[0].CheckSequence() || !values[0].HasChildren())
{
throw new InvalidDataException();
}
return(Parse(values[0].Children[0]));
}
else if (type == KerberosAuthorizationDataType.KERB_AD_RESTRICTION_ENTRY)
{
if (KerberosAuthorizationDataRestrictionEntry.Parse(data,
out KerberosAuthorizationDataRestrictionEntry entry))
{
return(entry);
}
}
else if (type == KerberosAuthorizationDataType.AD_ETYPE_NEGOTIATION)
{
if (KerberosAuthorizationDataEncryptionNegotiation.Parse(data,
out KerberosAuthorizationDataEncryptionNegotiation entry))
{
return(entry);
}
}
else if (type == KerberosAuthorizationDataType.AD_WIN2K_PAC)
{
if (KerberosAuthorizationDataPAC.Parse(data,
out KerberosAuthorizationDataPAC entry))
{
return(entry);
}
}
return(new KerberosAuthorizationData(type, data));
}
internal static bool Parse(byte[] data, out KerberosAuthorizationDataPAC auth_data)
{
auth_data = null;
if (data.Length < 8)
{
return(false);
}
BinaryReader reader = new BinaryReader(new MemoryStream(data));
long count = reader.ReadInt32();
int version = reader.ReadInt32();
if (version != 0)
{
return(false);
}
if (reader.RemainingLength() < count * 16)
{
return(false);
}
List <KerberosAuthorizationDataPACEntry> entries = new List <KerberosAuthorizationDataPACEntry>();
for (long i = 0; i < count; ++i)
{
int type = reader.ReadInt32();
int length = reader.ReadInt32();
long offset = reader.ReadInt64();
if (offset >= data.LongLength || (offset + length) > data.LongLength)
{
return(false);
}
byte[] entry_data = new byte[length];
Buffer.BlockCopy(data, (int)offset, entry_data, 0, length);
KerberosAuthorizationDataPACEntryType entry_type = (KerberosAuthorizationDataPACEntryType)type;
KerberosAuthorizationDataPACEntry pac_entry = null;
switch (entry_type)
{
case KerberosAuthorizationDataPACEntryType.UserClaims:
case KerberosAuthorizationDataPACEntryType.DeviceClaims:
if (!KerberosAuthorizationDataPACClaimSet.Parse(entry_type, entry_data, out pac_entry))
{
pac_entry = null;
}
break;
case KerberosAuthorizationDataPACEntryType.KDCChecksum:
case KerberosAuthorizationDataPACEntryType.ServerChecksum:
if (!KerberosAuthorizationDataPACSignature.Parse(entry_type, entry_data, out pac_entry))
{
pac_entry = null;
}
break;
case KerberosAuthorizationDataPACEntryType.ClientInfo:
if (!KerberosAuthorizationDataPACClientInfo.Parse(entry_type, entry_data, out pac_entry))
{
pac_entry = null;
}
break;
case KerberosAuthorizationDataPACEntryType.UserPrincipalName:
if (!KerberosAuthorizationDataPACUpnDnsInfo.Parse(entry_type, entry_data, out pac_entry))
{
pac_entry = null;
}
break;
}
if (pac_entry == null)
{
pac_entry = new KerberosAuthorizationDataPACEntry(entry_type, entry_data);
}
entries.Add(pac_entry);
}
auth_data = new KerberosAuthorizationDataPAC(data, entries.AsReadOnly());
return(true);
}
