internal static byte[] CreateGssApiWrapper(byte[] inner_token, string oid, ushort token_id) { var builder = new DERBuilder(); using (var app = builder.CreateApplication(0)) { app.WriteObjectId(oid); byte[] ba = BitConverter.GetBytes(token_id); Array.Reverse(ba); app.WriteRawBytes(ba); app.WriteRawBytes(inner_token); } return(builder.ToArray()); }
/// <summary> /// Create a new KRB-ERROR authentication token. /// </summary> /// <param name="client_time">Optional client time.</param> /// <param name="server_time">Server time.</param> /// <param name="error_code">Error code.</param> /// <param name="client_realm">Optional client realm.</param> /// <param name="client_name">Optional client name.</param> /// <param name="server_realm">Server realm</param> /// <param name="server_name">Server name.</param> /// <param name="error_text">Optional error text.</param> /// <param name="error_data">Optional error data.</param> /// <returns>The KRB-ERROR authentication token.</returns> public static KerberosErrorAuthenticationToken Create(DateTime server_time, KerberosErrorType error_code, string server_realm, KerberosPrincipalName server_name, DateTime?client_time = null, string client_realm = null, KerberosPrincipalName client_name = null, string error_text = null, byte[] error_data = null) { if (server_realm is null) { throw new ArgumentNullException(nameof(server_realm)); } if (server_name is null) { throw new ArgumentNullException(nameof(server_name)); } DERBuilder builder = new DERBuilder(); using (var app = builder.CreateApplication(30)) { using (var seq = app.CreateSequence()) { seq.WriteKerberosHeader(KerberosMessageType.KRB_ERROR); if (client_time.HasValue) { seq.WriteKerberosTime(2, client_time.Value); } seq.WriteKerberosTime(4, server_time); seq.WriteContextSpecific(6, b => b.WriteInt32((int)error_code)); if (client_realm != null) { seq.WriteContextSpecific(7, b => b.WriteGeneralString(client_realm)); } if (client_name != null) { seq.WriteContextSpecific(8, b => b.WritePrincipalName(client_name)); } seq.WriteContextSpecific(9, b => b.WriteGeneralString(server_realm)); seq.WriteContextSpecific(10, b => b.WritePrincipalName(server_name)); if (error_text != null) { seq.WriteContextSpecific(11, b => b.WriteGeneralString(error_text)); } if (error_data != null) { seq.WriteContextSpecific(12, b => b.WriteOctetString(error_data)); } } } return((KerberosErrorAuthenticationToken)Parse(builder.CreateGssApiWrapper(OIDValues.KERBEROS, 0x300))); }