public KerberosKey GetKey(EncryptionType type, KrbPrincipalName sname) { // Match on type (e.g. RC4_HMAC_NT) and name (Realm + Name) var entry = Entries .Where(e => e.EncryptionType == type && sname.Matches(e.Principal)) .OrderByDescending(x => x.Version) .FirstOrDefault(); // Fall back to first entry with matching type (RC4_HMAC_NT) if (entry == null) { entry = Entries .Where(e => e.EncryptionType == type) .OrderByDescending(x => x.Version) .FirstOrDefault();; } // Fall back to first entry if (entry == null) { entry = Entries.FirstOrDefault(); } return(entry?.Key); }
protected virtual void ValidateClientPrincipalIdentifier(KrbPrincipalName leftName, KrbPrincipalName rightName) { if (!leftName.Matches(rightName)) { throw new KerberosValidationException( "Ticket CName " + $"({leftName.Type}: {leftName.Type})" + " does not match Authenticator CName " + $"({rightName.Type}: {rightName.Name})" ); } }