private protected KerberosEncryptedData(KerberosEncryptionType type,
int?key_version, byte[] cipher_text)
{
EncryptionType = type;
KeyVersion = key_version;
CipherText = cipher_text;
}
/// <summary>
/// Find a key based on various parameters.
/// </summary>
/// <param name="enc_type">The encryption type.</param>
/// <param name="name_type">The name type.</param>
/// <param name="principal">The principal.</param>
/// <param name="key_version">The key version.</param>
/// <returns></returns>
public KerberosKey FindKey(KerberosEncryptionType enc_type, KerberosNameType name_type, string principal, int key_version)
{
return(Keys.Where(k => k.KeyEncryption == enc_type &&
k.NameType == name_type &&
k.Principal.Equals(principal, StringComparison.OrdinalIgnoreCase) &&
k.Version == (uint)key_version).FirstOrDefault());
}
/// <summary>
/// Derive a key from a password.
/// </summary>
/// <remarks>Not all encryption types are supported.</remarks>
/// <param name="key_encryption">The key encryption to use.</param>
/// <param name="password">The password to derice from.</param>
/// <param name="iterations">Iterations for the password derivation.</param>
/// <param name="name_type">The key name type.</param>
/// <param name="principal">Principal for key, in form TYPE/name@realm.</param>
/// <param name="salt">Salt for the key.</param>
/// <param name="version">Key Version Number (KVNO).</param>
/// <returns></returns>
public static KerberosAuthenticationKey DeriveKey(KerberosEncryptionType key_encryption, string password,
int iterations, KerberosNameType name_type, string principal, string salt, uint version)
{
if (principal is null)
{
throw new ArgumentNullException(nameof(principal));
}
byte[] key;
switch (key_encryption)
{
case KerberosEncryptionType.ARCFOUR_HMAC_MD5:
case KerberosEncryptionType.ARCFOUR_HMAC_MD5_56:
case KerberosEncryptionType.ARCFOUR_HMAC_OLD:
case KerberosEncryptionType.ARCFOUR_HMAC_OLD_EXP:
key = MD4.CalculateHash(Encoding.Unicode.GetBytes(password));
break;
case KerberosEncryptionType.AES128_CTS_HMAC_SHA1_96:
key = DeriveAesKey(password, MakeSalt(salt, principal), iterations, 16);
break;
case KerberosEncryptionType.AES256_CTS_HMAC_SHA1_96:
key = DeriveAesKey(password, MakeSalt(salt, principal), iterations, 32);
break;
default:
throw new ArgumentException($"Unsupported key type {key_encryption}", nameof(key_encryption));
}
return(new KerberosAuthenticationKey(key_encryption, key, name_type, principal, DateTime.Now, version));
}
internal KerberosTicketCacheInfo(KERB_TICKET_CACHE_INFO info)
{
ServerName = info.ServerName.ToString();
RealmName = info.RealmName.ToString();
StartTime = info.StartTime.ToDateTime();
EndTime = info.EndTime.ToDateTime();
RenewTime = info.RenewTime.ToDateTime();
EncryptionType = info.EncryptionType;
TicketFlags = (KerberosTicketFlags)info.TicketFlags.SwapEndian();
}
/// <summary>
/// Constructor.
/// </summary>
/// <param name="key_encryption">The Key encryption type.</param>
/// <param name="key">The key.</param>
/// <param name="name_type">The key name type.</param>
/// <param name="realm">The Realm for the key.</param>
/// <param name="components">The name components for the key.</param>
/// <param name="timestamp">Timestamp when key was created.</param>
/// <param name="version">Key Version Number (KVNO).</param>
public KerberosAuthenticationKey(KerberosEncryptionType key_encryption, byte[] key, KerberosNameType name_type,
string realm, string[] components, DateTime timestamp, uint version)
{
KeyEncryption = key_encryption;
_key = key;
NameType = name_type;
Realm = realm;
Components = components;
Timestamp = timestamp;
Version = version;
}
/// <summary>
/// Constructor.
/// </summary>
/// <param name="key_encryption">The Key encryption type.</param>
/// <param name="key">The key.</param>
/// <param name="name_type">The key name type.</param>
/// <param name="realm">The Realm for the key.</param>
/// <param name="components">The name components for the key.</param>
/// <param name="timestamp">Timestamp when key was created.</param>
/// <param name="version">Key Version Number (KVNO).</param>
public KerberosAuthenticationKey(KerberosEncryptionType key_encryption, byte[] key, KerberosNameType name_type,
string realm, IEnumerable <string> components, DateTime timestamp, uint version)
{
KeyEncryption = key_encryption;
_key = (byte[])key.Clone();
NameType = name_type;
Realm = realm;
Components = components.ToArray();
Timestamp = timestamp;
Version = version;
}
internal static KerberosAuthenticationKey Parse(DERValue value, string realm, KerberosPrincipalName name)
{
if (!value.CheckSequence())
{
throw new InvalidDataException();
}
KerberosEncryptionType enc_type = 0;
byte[] key = null;
foreach (var next in value.Children)
{
if (next.Type != DERTagType.ContextSpecific)
{
throw new InvalidDataException();
}
switch (next.Tag)
{
case 0:
enc_type = (KerberosEncryptionType)next.ReadChildInteger();
break;
case 1:
key = next.ReadChildOctetString();
break;
default:
throw new InvalidDataException();
}
}
if (enc_type == 0 || key == null)
{
throw new InvalidDataException();
}
return(new KerberosAuthenticationKey(enc_type, key, name.NameType, realm, name.Names.ToArray(), DateTime.Now, 0));
}
/// <summary>
/// Get keys which match the encryption type.
/// </summary>
/// <param name="enc_type">The encryption type.</param>
/// <returns>The list of keys which match the encryption type.</returns>
public IEnumerable <KerberosKey> GetKeysForEncryption(KerberosEncryptionType enc_type)
{
return(Keys.Where(k => k.KeyEncryption == enc_type));
}
/// <summary>
/// Constructor.
/// </summary>
/// <param name="key_encryption">The Key encryption type.</param>
/// <param name="key">The key as a hex string.</param>
/// <param name="name_type">The key name type.</param>
/// <param name="principal">Principal for key, in form TYPE/name@realm.</param>
/// <param name="timestamp">Timestamp when key was created.</param>
/// <param name="version">Key Version Number (KVNO).</param>
public KerberosAuthenticationKey(KerberosEncryptionType key_encryption, string key, KerberosNameType name_type,
string principal, DateTime timestamp, uint version)
: this(key_encryption, GetKey(key), name_type, principal, timestamp, version)
{
}
/// <summary>
/// Constructor.
/// </summary>
/// <param name="key_encryption">The Key encryption type.</param>
/// <param name="key">The key.</param>
/// <param name="name_type">The key name type.</param>
/// <param name="principal">Principal for key, in form TYPE/name@realm.</param>
/// <param name="timestamp">Timestamp when key was created.</param>
/// <param name="version">Key Version Number (KVNO).</param>
public KerberosAuthenticationKey(KerberosEncryptionType key_encryption, byte[] key, KerberosNameType name_type,
string principal, DateTime timestamp, uint version)
: this(key_encryption, key, name_type, GetRealm(principal),
GetComponents(principal), timestamp, version)
{
}
