internal static void Decode <T>(AsnReader reader, Asn1Tag expectedTag, out T decoded)
where T : KrbPaS4uX509User, new()
{
if (reader == null)
{
throw new ArgumentNullException(nameof(reader));
}
decoded = new T();
AsnReader sequenceReader = reader.ReadSequence(expectedTag);
AsnReader explicitReader;
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
KrbS4uUserId.Decode <KrbS4uUserId>(explicitReader, out KrbS4uUserId tmpUserId);
decoded.UserId = tmpUserId;
explicitReader.ThrowIfNotEmpty();
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 1));
KrbChecksum.Decode <KrbChecksum>(explicitReader, out KrbChecksum tmpChecksum);
decoded.Checksum = tmpChecksum;
explicitReader.ThrowIfNotEmpty();
sequenceReader.ThrowIfNotEmpty();
}
private static ReadOnlyMemory <byte> EncodeS4URequest(string s4u, X509Certificate2 certificate, int nonce, string realm, KrbEncryptionKey sessionKey)
{
var userId = new KrbS4uUserId()
{
CName = new KrbPrincipalName {
Type = PrincipalNameType.NT_ENTERPRISE, Name = new[] { s4u }
},
Nonce = nonce,
Realm = realm
};
if (certificate != null)
{
userId.SubjectCertificate = certificate.RawData;
}
var paX509 = new KrbPaS4uX509User
{
UserId = userId,
Checksum = KrbChecksum.Create(userId.Encode(), sessionKey.AsKey(), (KeyUsage)26)
};
return(paX509.Encode());
}
