private void UpdateContext(KerberosTgsResponse response)
{
if (response.Response != null)
{
if (response.Response.padata != null && response.Response.padata.Elements != null)
{
foreach (PA_DATA paData in response.Response.padata.Elements)
{
var parsedPaData = PaDataParser.ParseRepPaData(paData);
if (parsedPaData is PaFxFastRep)
{
var armoredRep = ((PaFxFastRep)parsedPaData).GetArmoredRep();
var kerbRep = ((PaFxFastRep)parsedPaData).GetKerberosFastRep(Context.FastArmorkey);
var strKey = kerbRep.FastResponse.strengthen_key;
Context.ReplyKey = KerberosUtility.KrbFxCf2(strKey, Context.ReplyKey, "strengthenkey", "replykey");
}
}
}
KeyUsageNumber usage =
Context.Subkey == null ? KeyUsageNumber.TGS_REP_encrypted_part : KeyUsageNumber.TGS_REP_encrypted_part_subkey;
response.DecryptTgsResponse(Context.ReplyKey.keyvalue.ByteArrayValue, usage);
Context.SessionKey = response.EncPart.key;
//Fix me: when hide-client-names is set to true, response.Response.cname is not the real CName.
Context.Ticket = new KerberosTicket(response.Response.ticket, response.Response.cname, response.EncPart.key);
Context.SelectedEType = (EncryptionType)Context.Ticket.Ticket.enc_part.etype.Value;
}
}
private KerberosTgsResponse ExpectTgsResponse(KeyUsageNumber usage = KeyUsageNumber.TGS_REP_encrypted_part)
{
var response = this.client.ExpectPdu(KerberosConstValue.TIMEOUT_DEFAULT, typeof(KerberosTgsResponse));
if (response == null || !(response is KerberosTgsResponse))
{
throw new Exception("Expected KerberosAsResponse data is null");
}
KerberosTgsResponse tgsResponse = response as KerberosTgsResponse;
if (this.Context.ReplyKey == null)
{
throw new Exception("Reply key is null");
}
tgsResponse.DecryptTgsResponse(this.Context.ReplyKey.keyvalue.ByteArrayValue, usage);
return(tgsResponse);
}
private void UpdateContext(KerberosTgsResponse response)
{
if (response.Response != null)
{
if (response.Response.padata != null && response.Response.padata.Elements != null)
{
foreach (PA_DATA paData in response.Response.padata.Elements)
{
var parsedPaData = PaDataParser.ParseRepPaData(paData);
if (parsedPaData is PaFxFastRep)
{
var armoredRep = ((PaFxFastRep)parsedPaData).GetArmoredRep();
var kerbRep = ((PaFxFastRep)parsedPaData).GetKerberosFastRep(Context.FastArmorkey);
var strKey = kerbRep.FastResponse.strengthen_key;
Context.ReplyKey = KerberosUtility.KrbFxCf2(strKey, Context.ReplyKey, "strengthenkey", "replykey");
}
}
}
KeyUsageNumber usage =
Context.Subkey == null ? KeyUsageNumber.TGS_REP_encrypted_part : KeyUsageNumber.TGS_REP_encrypted_part_subkey;
response.DecryptTgsResponse(Context.ReplyKey.keyvalue.ByteArrayValue, usage);
Context.SessionKey = response.EncPart.key;
//Fix me: when hide-client-names is set to true, response.Response.cname is not the real CName.
Context.Ticket = new KerberosTicket(response.Response.ticket, response.Response.cname, response.EncPart.key);
Context.SelectedEType = (EncryptionType)Context.Ticket.Ticket.enc_part.etype.Value;
}
}