private static DecryptedKrbApReq CreateDecryptedApReq(DateTimeOffset now, DateTimeOffset notBefore, DateTimeOffset notAfter, DateTimeOffset renewUntil)
{
var key = new KerberosKey(key: new byte[16], etype: EncryptionType.AES128_CTS_HMAC_SHA1_96);
var tgsRep = KrbKdcRep.GenerateServiceTicket <KrbTgsRep>(new ServiceTicketRequest
{
EncryptedPartKey = key,
Principal = new FakeKerberosPrincipal("*****@*****.**"),
ServicePrincipal = new FakeKerberosPrincipal("host/test.com"),
ServicePrincipalKey = key,
IncludePac = false,
RealmName = "test.com",
Now = now,
StartTime = notBefore,
EndTime = notAfter,
RenewTill = renewUntil,
Flags = TicketFlags.Renewable
});
var encKdcRepPart = tgsRep.EncPart.Decrypt(
key,
KeyUsage.EncTgsRepPartSessionKey,
d => KrbEncTgsRepPart.DecodeApplication(d)
);
var apReq = KrbApReq.CreateApReq(tgsRep, encKdcRepPart.Key.AsKey(), default, out KrbAuthenticator authenticator);
private static KrbApReq GenerateApReq(RequestServiceTicket rst, out KrbAuthenticator authenticator)
{
var key = new KerberosKey(key: new byte[32], etype: EncryptionType.AES256_CTS_HMAC_SHA1_96);
var now = DateTimeOffset.UtcNow;
var notBefore = now.AddMinutes(-5);
var notAfter = now.AddMinutes(55);
var renewUntil = now.AddMinutes(555);
var tgsRep = KrbTgsRep.GenerateServiceTicket <KrbTgsRep>(new ServiceTicketRequest
{
EncryptedPartKey = key,
Principal = new FakeKerberosPrincipal("*****@*****.**"),
ServicePrincipal = new FakeKerberosPrincipal("host/test.com"),
ServicePrincipalKey = key,
IncludePac = false,
RealmName = "test.com",
Now = now,
StartTime = notBefore,
EndTime = notAfter,
RenewTill = renewUntil,
Flags = TicketFlags.Renewable
});
return(KrbApReq.CreateApReq(tgsRep, key, rst, out authenticator));
}
