/// <summary>
/// Initializes the specified service principal name.
/// </summary>
/// <param name="servicePrincipalName">Name of the service principal.</param>
/// <param name="inBytes">The in bytes.</param>
/// <param name="outBytes">The out bytes.</param>
public void Initialize(string servicePrincipalName, byte[] inBytes, out byte[] outBytes)
{
outBytes = null;
var outputBuffer = new SecurityBufferDescriptor(__maxTokenSize);
bool credentialAddRefSuccess = false;
bool contextAddRefSuccess = false;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
_credential.DangerousAddRef(ref credentialAddRefSuccess);
DangerousAddRef(ref contextAddRefSuccess);
}
catch (Exception ex)
{
if (credentialAddRefSuccess)
{
_credential.DangerousRelease();
credentialAddRefSuccess = false;
}
if (contextAddRefSuccess)
{
DangerousRelease();
contextAddRefSuccess = false;
}
if (!(ex is ObjectDisposedException))
{
throw;
}
}
finally
{
try
{
var flags = SspiContextFlags.MutualAuth;
uint result;
long timestamp;
var credentialHandle = _credential._sspiHandle;
if (inBytes == null || inBytes.Length == 0)
{
result = Win32.InitializeSecurityContext(
ref credentialHandle,
IntPtr.Zero,
servicePrincipalName,
flags,
0,
DataRepresentation.Network,
IntPtr.Zero,
0,
ref _sspiHandle,
ref outputBuffer,
out flags,
out timestamp);
}
else
{
var serverToken = new SecurityBufferDescriptor(inBytes);
try
{
result = Win32.InitializeSecurityContext(
ref credentialHandle,
ref _sspiHandle,
servicePrincipalName,
flags,
0,
DataRepresentation.Network,
ref serverToken,
0,
ref _sspiHandle,
ref outputBuffer,
out flags,
out timestamp);
}
finally
{
serverToken.Dispose();
}
}
_credential.DangerousRelease();
DangerousRelease();
if (result != Win32.SEC_E_OK && result != Win32.SEC_I_CONTINUE_NEEDED)
{
throw Win32.CreateException(result, "Unable to initialize security context.");
}
outBytes = outputBuffer.ToByteArray();
_isInitialized = result == Win32.SEC_E_OK;
}
finally
{
outputBuffer.Dispose();
}
}
}
/// <summary>
/// Encrypts the message.
/// </summary>
/// <param name="inBytes">The in bytes.</param>
/// <param name="outBytes">The out bytes.</param>
/// <returns>A result code.</returns>
public void EncryptMessage(byte[] inBytes, out byte[] outBytes)
{
outBytes = null;
bool contextAddRefSuccess = false;
SecurityPackageContextSizes sizes;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
DangerousAddRef(ref contextAddRefSuccess);
}
catch (Exception ex)
{
if (contextAddRefSuccess)
{
DangerousRelease();
contextAddRefSuccess = false;
}
if (!(ex is ObjectDisposedException))
{
throw;
}
}
finally
{
uint result = Win32.QueryContextAttributes(
ref _sspiHandle,
QueryContextAttributes.Sizes,
out sizes);
DangerousRelease();
if (result != Win32.SEC_E_OK)
{
throw Win32.CreateException(result, "Unable to get the query context attribute sizes.");
}
}
var buffers = new SecurityBuffer[]
{
new SecurityBuffer(new byte[sizes.SecurityTrailer], SecurityBufferType.Token),
new SecurityBuffer(inBytes, SecurityBufferType.Data),
new SecurityBuffer(new byte[sizes.BlockSize], SecurityBufferType.Padding)
};
var descriptor = new SecurityBufferDescriptor(buffers);
RuntimeHelpers.PrepareConstrainedRegions();
try
{
DangerousAddRef(ref contextAddRefSuccess);
}
catch (Exception ex)
{
if (contextAddRefSuccess)
{
DangerousRelease();
contextAddRefSuccess = false;
}
if (!(ex is ObjectDisposedException))
{
throw;
}
}
finally
{
try
{
uint result = Win32.EncryptMessage(
ref _sspiHandle,
EncryptQualityOfProtection.WrapNoEncrypt,
ref descriptor,
0);
DangerousRelease();
if (result != Win32.SEC_E_OK)
{
throw Win32.CreateException(result, "Unable to encrypt message.");
}
outBytes = descriptor.ToByteArray();
}
finally
{
descriptor.Dispose();
}
}
}
// public methods
/// <summary>
/// Decrypts the message.
/// </summary>
/// <param name="messageLength">Length of the message.</param>
/// <param name="encryptedBytes">The encrypted bytes.</param>
/// <param name="decryptedBytes">The decrypted bytes.</param>
/// <returns>A result code.</returns>
public void DecryptMessage(int messageLength, byte[] encryptedBytes, out byte[] decryptedBytes)
{
decryptedBytes = null;
byte[] encryptedMessage = new byte[messageLength];
Array.Copy(encryptedBytes, 0, encryptedMessage, 0, messageLength);
int securityTrailerLength = encryptedBytes.Length - messageLength;
byte[] securityTrailer = new byte[securityTrailerLength];
Array.Copy(encryptedBytes, messageLength, securityTrailer, 0, securityTrailerLength);
var buffers = new SecurityBuffer[]
{
new SecurityBuffer(encryptedBytes, SecurityBufferType.Data),
new SecurityBuffer(securityTrailer, SecurityBufferType.Stream)
};
var descriptor = new SecurityBufferDescriptor(buffers);
bool contextAddRefSuccess = false;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
DangerousAddRef(ref contextAddRefSuccess);
}
catch (Exception ex)
{
if (contextAddRefSuccess)
{
DangerousRelease();
contextAddRefSuccess = false;
}
if (!(ex is ObjectDisposedException))
{
throw;
}
}
finally
{
try
{
uint quality;
var result = Win32.DecryptMessage(
ref _sspiHandle,
ref descriptor,
0,
out quality);
if (result != Win32.SEC_E_OK)
{
throw Win32.CreateException(result, "Unable to decrypt message.");
}
decryptedBytes = descriptor.ToByteArray();
}
finally
{
descriptor.Dispose();
}
}
}
public void Initialize(string servicePrincipalName, byte[] inBytes, out byte[] outBytes)
{
outBytes = null;
var outputBuffer = new SecurityBufferDescriptor(__maxTokenSize);
bool credentialAddRefSuccess = false;
bool contextAddRefSuccess = false;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
_credential.DangerousAddRef(ref credentialAddRefSuccess);
DangerousAddRef(ref contextAddRefSuccess);
}
catch (Exception ex)
{
if (credentialAddRefSuccess)
{
_credential.DangerousRelease();
credentialAddRefSuccess = false;
}
if (contextAddRefSuccess)
{
DangerousRelease();
contextAddRefSuccess = false;
}
if (!(ex is ObjectDisposedException))
{
throw;
}
}
finally
{
try
{
var flags = SspiContextFlags.MutualAuth;
uint result;
long timestamp;
var credentialHandle = _credential._sspiHandle;
if (inBytes == null || inBytes.Length == 0)
{
result = Win32.InitializeSecurityContext(
ref credentialHandle,
IntPtr.Zero,
servicePrincipalName,
flags,
0,
DataRepresentation.Network,
IntPtr.Zero,
0,
ref _sspiHandle,
ref outputBuffer,
out flags,
out timestamp);
}
else
{
var serverToken = new SecurityBufferDescriptor(inBytes);
try
{
result = Win32.InitializeSecurityContext(
ref credentialHandle,
ref _sspiHandle,
servicePrincipalName,
flags,
0,
DataRepresentation.Network,
ref serverToken,
0,
ref _sspiHandle,
ref outputBuffer,
out flags,
out timestamp);
}
finally
{
serverToken.Dispose();
}
}
_credential.DangerousRelease();
DangerousRelease();
if (result != Win32.SEC_E_OK && result != Win32.SEC_I_CONTINUE_NEEDED)
{
throw Win32.CreateException(result, "Unable to initialize security context.");
}
outBytes = outputBuffer.ToByteArray();
_isInitialized = result == Win32.SEC_E_OK;
}
finally
{
outputBuffer.Dispose();
}
}
}
public void EncryptMessage(byte[] inBytes, out byte[] outBytes)
{
outBytes = null;
bool contextAddRefSuccess = false;
SecurityPackageContextSizes sizes;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
DangerousAddRef(ref contextAddRefSuccess);
}
catch (Exception ex)
{
if (contextAddRefSuccess)
{
DangerousRelease();
contextAddRefSuccess = false;
}
if (!(ex is ObjectDisposedException))
{
throw;
}
}
finally
{
uint result = Win32.QueryContextAttributes(
ref _sspiHandle,
QueryContextAttributes.Sizes,
out sizes);
DangerousRelease();
if (result != Win32.SEC_E_OK)
{
throw Win32.CreateException(result, "Unable to get the query context attribute sizes.");
}
}
var buffers = new SecurityBuffer[]
{
new SecurityBuffer(new byte[sizes.SecurityTrailer], SecurityBufferType.Token),
new SecurityBuffer(inBytes, SecurityBufferType.Data),
new SecurityBuffer(new byte[sizes.BlockSize], SecurityBufferType.Padding)
};
var descriptor = new SecurityBufferDescriptor(buffers);
RuntimeHelpers.PrepareConstrainedRegions();
try
{
DangerousAddRef(ref contextAddRefSuccess);
}
catch (Exception ex)
{
if (contextAddRefSuccess)
{
DangerousRelease();
contextAddRefSuccess = false;
}
if (!(ex is ObjectDisposedException))
{
throw;
}
}
finally
{
try
{
uint result = Win32.EncryptMessage(
ref _sspiHandle,
EncryptQualityOfProtection.WrapNoEncrypt,
ref descriptor,
0);
DangerousRelease();
if (result != Win32.SEC_E_OK)
{
throw Win32.CreateException(result, "Unable to encrypt message.");
}
outBytes = descriptor.ToByteArray();
}
finally
{
descriptor.Dispose();
}
}
}
public void DecryptMessage(int messageLength, byte[] encryptedBytes, out byte[] decryptedBytes)
{
decryptedBytes = null;
byte[] encryptedMessage = new byte[messageLength];
Array.Copy(encryptedBytes, 0, encryptedMessage, 0, messageLength);
int securityTrailerLength = encryptedBytes.Length - messageLength;
byte[] securityTrailer = new byte[securityTrailerLength];
Array.Copy(encryptedBytes, messageLength, securityTrailer, 0, securityTrailerLength);
var buffers = new SecurityBuffer[]
{
new SecurityBuffer(encryptedBytes, SecurityBufferType.Data),
new SecurityBuffer(securityTrailer, SecurityBufferType.Stream)
};
var descriptor = new SecurityBufferDescriptor(buffers);
bool contextAddRefSuccess = false;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
DangerousAddRef(ref contextAddRefSuccess);
}
catch (Exception ex)
{
if (contextAddRefSuccess)
{
DangerousRelease();
contextAddRefSuccess = false;
}
if (!(ex is ObjectDisposedException))
{
throw;
}
}
finally
{
try
{
uint quality;
var result = Win32.DecryptMessage(
ref _sspiHandle,
ref descriptor,
0,
out quality);
if (result != Win32.SEC_E_OK)
{
throw Win32.CreateException(result, "Unable to decrypt message.");
}
decryptedBytes = descriptor.ToByteArray();
}
finally
{
descriptor.Dispose();
}
}
}