private static DecryptedKrbApReq CreateDecryptedApReq(DateTimeOffset now, DateTimeOffset notBefore, DateTimeOffset notAfter, DateTimeOffset renewUntil) { var key = new KerberosKey(key: new byte[16], etype: EncryptionType.AES128_CTS_HMAC_SHA1_96); var tgsRep = KrbKdcRep.GenerateServiceTicket <KrbTgsRep>(new ServiceTicketRequest { EncryptedPartKey = key, Principal = new FakeKerberosPrincipal("*****@*****.**"), ServicePrincipal = new FakeKerberosPrincipal("host/test.com"), ServicePrincipalKey = key, IncludePac = false, RealmName = "test.com", Now = now, StartTime = notBefore, EndTime = notAfter, RenewTill = renewUntil, Flags = TicketFlags.Renewable }); var encKdcRepPart = tgsRep.EncPart.Decrypt( key, KeyUsage.EncTgsRepPartSessionKey, d => KrbEncTgsRepPart.DecodeApplication(d) ); var apReq = KrbApReq.CreateApReq(tgsRep, encKdcRepPart.Key.AsKey(), default, out KrbAuthenticator authenticator);
private static KrbApReq GenerateApReq(RequestServiceTicket rst, out KrbAuthenticator authenticator) { var key = new KerberosKey(key: new byte[32], etype: EncryptionType.AES256_CTS_HMAC_SHA1_96); var now = DateTimeOffset.UtcNow; var notBefore = now.AddMinutes(-5); var notAfter = now.AddMinutes(55); var renewUntil = now.AddMinutes(555); var tgsRep = KrbTgsRep.GenerateServiceTicket <KrbTgsRep>(new ServiceTicketRequest { EncryptedPartKey = key, Principal = new FakeKerberosPrincipal("*****@*****.**"), ServicePrincipal = new FakeKerberosPrincipal("host/test.com"), ServicePrincipalKey = key, IncludePac = false, RealmName = "test.com", Now = now, StartTime = notBefore, EndTime = notAfter, RenewTill = renewUntil, Flags = TicketFlags.Renewable }); return(KrbApReq.CreateApReq(tgsRep, key, rst, out authenticator)); }