public override void Validate(ValidationActions validation) { var now = this.Now(); var ctime = this.Response.CTime.AddTicks(this.Response.CuSec / 10); if (validation.HasFlag(ValidationActions.TokenWindow)) { this.ValidateTicketSkew(now, this.Skew, ctime); } if (!TimeEquals(this.CTime, this.Response.CTime)) { throw new KerberosValidationException( $"CTime does not match. Sent: {this.CTime.Ticks}; Received: {this.Response.CTime.Ticks}", nameof(this.CTime) ); } if (this.CuSec != this.Response.CuSec) { throw new KerberosValidationException( $"CuSec does not match. Sent: {this.CuSec}; Received: {this.Response.CuSec}", nameof(this.CuSec) ); } if (this.SequenceNumber != this.Response.SequenceNumber) { throw new KerberosValidationException( $"SequenceNumber does not match. Sent: {this.SequenceNumber}; Received: {this.Response.SequenceNumber}", nameof(this.SequenceNumber) ); } }
public override void Validate(ValidationActions validation) { var now = Now(); var ctime = Response.CTime.AddTicks(Response.CuSec / 10); if (validation.HasFlag(ValidationActions.TokenWindow)) { ValidateTicketSkew(now, Skew, ctime); } if (KerberosConstants.TimeEquals(CTime, Response.CTime)) { throw new KerberosValidationException( $"CTime does not match. Sent: {CTime.Ticks}; Received: {Response.CTime.Ticks}" ); } if (CuSec != Response.CuSec) { throw new KerberosValidationException( $"CuSec does not match. Sent: {CuSec}; Received: {Response.CuSec}" ); } if (SequenceNumber != Response.SequenceNumber) { throw new KerberosValidationException( $"SequenceNumber does not match. Sent: {SequenceNumber}; Received: {Response.SequenceNumber}" ); } }
public virtual void Validate(ValidationActions validation) { // As defined in https://tools.ietf.org/html/rfc1510 A.10 KRB_AP_REQ verification if (Ticket == null) { throw new KerberosValidationException("Ticket is null"); } if (Authenticator == null) { throw new KerberosValidationException("Authenticator is null"); } if (validation.HasFlag(ValidationActions.ClientPrincipalIdentifier)) { ValidateClientPrincipalIdentifier(); } if (validation.HasFlag(ValidationActions.Realm)) { ValidateRealm(); } var now = Now(); var ctime = Authenticator.CTime.AddTicks(Authenticator.CuSec / 10); if (validation.HasFlag(ValidationActions.TokenWindow)) { ValidateTicketSkew(now, Skew, ctime); } if (validation.HasFlag(ValidationActions.StartTime)) { ValidateTicketStart(now, Skew); } if (validation.HasFlag(ValidationActions.EndTime)) { ValidateTicketEnd(now, Skew); } }