public KrbPkAuthenticator(uint cuSec, DateTime cTime, int nonce, KDCReqBody reqBody) { CuSec = cuSec; CTime = cTime; Nonce = nonce; RequestBody = reqBody; }
public TGS_REQ() { // default, for creation pvno = 5; // msg-type [2] INTEGER (12 -- TGS) msg_type = 12; padata = new List <PA_DATA>(); req_body = new KDCReqBody(); }
public AS_REQ(byte[] data) { // decode the supplied bytes to an AsnElt object data = AsnIO.FindBER(data); AsnElt asn_AS_REQ = AsnElt.Decode(data); padata = new List <PA_DATA>(); // AS-REQ::= [APPLICATION 10] KDC-REQ // tag class == 1 // tag class == 10 // SEQUENCE if (asn_AS_REQ.TagValue != (int)Interop.KERB_MESSAGE_TYPE.AS_REQ) { throw new System.Exception("AS-REQ tag value should be 10"); } if ((asn_AS_REQ.Sub.Length != 1) || (asn_AS_REQ.Sub[0].TagValue != 16)) { throw new System.Exception("First AS-REQ sub should be a sequence"); } // extract the KDC-REP out AsnElt[] kdc_req = asn_AS_REQ.Sub[0].Sub; foreach (AsnElt s in kdc_req) { switch (s.TagValue) { case 1: pvno = s.Sub[0].GetInteger(); break; case 2: msg_type = s.Sub[0].GetInteger(); break; case 3: // sequence of pa-data foreach (AsnElt pa in s.Sub[0].Sub) { padata.Add(new PA_DATA(pa)); } break; case 4: // KDC-REQ-BODY req_body = new KDCReqBody(s.Sub[0]); break; default: throw new System.Exception(String.Format("Invalid tag AS-REQ value : {0}", s.TagValue)); } } }
public AS_REQ() { // default, for creation pvno = 5; msg_type = 10; padata = new List <PA_DATA>(); padata.Add(new PA_DATA()); req_body = new KDCReqBody(); }
public AS_REQ(bool opsec = false) { // default, for creation pvno = 5; msg_type = (long)Interop.KERB_MESSAGE_TYPE.AS_REQ; padata = new List <PA_DATA>(); padata.Add(new PA_DATA()); req_body = new KDCReqBody(true, opsec); }
public AS_REQ(byte[] data) { // decode the supplied bytes to an AsnElt object data = AsnIO.FindBER(data); AsnElt asn_AS_REQ = AsnElt.Decode(data); padata = new List <PA_DATA>(); // AS-REQ::= [APPLICATION 10] KDC-REQ // tag class == 1 // tag class == 10 // SEQUENCE if (asn_AS_REQ.TagValue != 10) { throw new System.Exception("AS-REQ tag value should be 10"); } if ((asn_AS_REQ.Count != 1) || (asn_AS_REQ.FirstElement.TagValue != 16)) { throw new System.Exception("First AS-REQ sub should be a sequence"); } // extract the KDC-REP out foreach (AsnElt s in asn_AS_REQ.FirstElement.EnumerateElements()) { AsnElt firstElement = s.FirstElement; switch (s.TagValue) { case 1: pvno = firstElement.GetInteger(); break; case 2: msg_type = firstElement.GetInteger(); break; case 3: // sequence of pa-data foreach (AsnElt pa in firstElement.EnumerateElements()) { padata.Add(new PA_DATA(pa)); } break; case 4: // KDC-REQ-BODY req_body = new KDCReqBody(firstElement); break; default: throw new System.Exception(String.Format("Invalid tag AS-REQ value : {0}", s.TagValue)); } } }
public TGS_REQ(bool cname = true) { // default, for creation pvno = 5; // msg-type [2] INTEGER (12 -- TGS) msg_type = 12; padata = new List <PA_DATA>(); // added ability to remove cname from TGS request // seemed to be useful for cross domain stuff // didn't see a cname in "real" S4U request traffic req_body = new KDCReqBody(c: cname); }
public AS_REQ(string keyString, Interop.KERB_ETYPE etype) { // default, for creation pvno = 5; msg_type = 10; padata = new List <PA_DATA>(); // add the encrypted timestamp padata.Add(new PA_DATA(keyString, etype)); // add the include-pac == true padata.Add(new PA_DATA()); req_body = new KDCReqBody(); }
public AS_REQ(X509Certificate2 pkCert, KDCKeyAgreement agreement, bool verifyCerts = false) { // default, for creation pvno = 5; msg_type = 10; padata = new List <PA_DATA>(); req_body = new KDCReqBody(); // add the include-pac == true padata.Add(new PA_DATA()); // add the encrypted timestamp padata.Add(new PA_DATA(pkCert, agreement, req_body, verifyCerts)); }
public PA_DATA(X509Certificate2 pkInitCert, KDCKeyAgreement agreement, KDCReqBody kdcRequestBody, bool verifyCerts = false) { DateTime now = DateTime.UtcNow; KrbPkAuthenticator authenticator = new KrbPkAuthenticator((uint)now.Millisecond, now, now.Millisecond, kdcRequestBody); KrbAuthPack authPack = new KrbAuthPack(authenticator, pkInitCert); byte[] pubKeyInfo = AsnElt.Make(AsnElt.SEQUENCE, new AsnElt[] { AsnElt.MakeInteger(agreement.P), AsnElt.MakeInteger(agreement.G), }).Encode(); authPack.ClientPublicValue = new KrbSubjectPublicKeyInfo(new KrbAlgorithmIdentifier(DiffieHellman, pubKeyInfo), AsnElt.MakeInteger(agreement.Y).Encode()); type = Interop.PADATA_TYPE.PK_AS_REQ; value = new PA_PK_AS_REQ(authPack, pkInitCert, agreement, verifyCerts); }
public AS_REQ(string keyString, Interop.KERB_ETYPE etype, bool opsec = false) { // default, for creation pvno = 5; msg_type = (long)Interop.KERB_MESSAGE_TYPE.AS_REQ; padata = new List <PA_DATA>(); // add the encrypted timestamp padata.Add(new PA_DATA(keyString, etype)); // add the include-pac == true padata.Add(new PA_DATA()); req_body = new KDCReqBody(true, opsec); this.keyString = keyString; }