public KerberosKey GetKey(EncryptionType type, KrbPrincipalName sname)
{
// Match on type (e.g. RC4_HMAC_NT) and name (Realm + Name)
var entry = Entries
.Where(e => e.EncryptionType == type && sname.Matches(e.Principal))
.OrderByDescending(x => x.Version)
.FirstOrDefault();
// Fall back to first entry with matching type (RC4_HMAC_NT)
if (entry == null)
{
entry = Entries
.Where(e => e.EncryptionType == type)
.OrderByDescending(x => x.Version)
.FirstOrDefault();;
}
// Fall back to first entry
if (entry == null)
{
entry = Entries.FirstOrDefault();
}
return(entry?.Key);
}
protected virtual void ValidateClientPrincipalIdentifier(KrbPrincipalName leftName, KrbPrincipalName rightName)
{
if (!leftName.Matches(rightName))
{
throw new KerberosValidationException(
"Ticket CName " +
$"({leftName.Type}: {leftName.Type})" +
" does not match Authenticator CName " +
$"({rightName.Type}: {rightName.Name})"
);
}
}