internal static IEnumerable <KerberosAuthorizationData> Parse(DERValue value) { if (!value.CheckSequence()) { throw new InvalidDataException(); } KerberosAuthorizationDataType type = 0; byte[] data = null; foreach (var next in value.Children) { if (next.Type != DERTagType.ContextSpecific) { throw new InvalidDataException(); } switch (next.Tag) { case 0: type = (KerberosAuthorizationDataType)next.ReadChildInteger(); break; case 1: data = next.ReadChildOctetString(); break; default: throw new InvalidDataException(); } } if (type == 0 || data == null) { throw new InvalidDataException(); } List <KerberosAuthorizationData> ret = new List <KerberosAuthorizationData>(); if (type == KerberosAuthorizationDataType.AD_IF_RELEVANT) { DERValue[] values = DERParser.ParseData(data, 0); if (values.Length != 1 || !values[0].CheckSequence() || !values[0].HasChildren()) { throw new InvalidDataException(); } ret.AddRange(values[0].Children.SelectMany(c => Parse(c))); } else if (type == KerberosAuthorizationDataType.KERB_AD_RESTRICTION_ENTRY) { if (KerberosAuthorizationDataRestrictionEntry.Parse(data, out KerberosAuthorizationDataRestrictionEntry entry)) { ret.Add(entry); } } else if (type == KerberosAuthorizationDataType.AD_ETYPE_NEGOTIATION) { if (KerberosAuthorizationDataEncryptionNegotiation.Parse(data, out KerberosAuthorizationDataEncryptionNegotiation entry)) { ret.Add(entry); } } else if (type == KerberosAuthorizationDataType.AD_WIN2K_PAC) { if (KerberosAuthorizationDataPAC.Parse(data, out KerberosAuthorizationDataPAC entry)) { ret.Add(entry); } } else if (type == KerberosAuthorizationDataType.AD_AUTH_DATA_AP_OPTIONS) { if (KerberosAuthorizationDataApOptions.Parse(data, out KerberosAuthorizationDataApOptions entry)) { ret.Add(entry); } } else if (type == KerberosAuthorizationDataType.AD_AUTH_DATA_TARGET_NAME) { if (KerberosAuthorizationDataTargetName.Parse(data, out KerberosAuthorizationDataTargetName entry)) { ret.Add(entry); } } else if (type == KerberosAuthorizationDataType.KERB_LOCAL) { if (KerberosAuthorizationDataKerbLocal.Parse(data, out KerberosAuthorizationDataKerbLocal entry)) { ret.Add(entry); } } if (ret.Count == 0) { ret.Add(new KerberosAuthorizationData(type, data)); } return(ret); }
internal static KerberosAuthorizationData Parse(DERValue value) { if (!value.CheckSequence()) { throw new InvalidDataException(); } KerberosAuthorizationDataType type = 0; byte[] data = null; foreach (var next in value.Children) { if (next.Type != DERTagType.ContextSpecific) { throw new InvalidDataException(); } switch (next.Tag) { case 0: type = (KerberosAuthorizationDataType)next.ReadChildInteger(); break; case 1: data = next.ReadChildOctetString(); break; default: throw new InvalidDataException(); } } if (type == 0 || data == null) { throw new InvalidDataException(); } if (type == KerberosAuthorizationDataType.AD_IF_RELEVANT) { DERValue[] values = DERParser.ParseData(data, 0); if (values.Length != 1 || !values[0].CheckSequence() || !values[0].HasChildren()) { throw new InvalidDataException(); } return(Parse(values[0].Children[0])); } else if (type == KerberosAuthorizationDataType.KERB_AD_RESTRICTION_ENTRY) { if (KerberosAuthorizationDataRestrictionEntry.Parse(data, out KerberosAuthorizationDataRestrictionEntry entry)) { return(entry); } } else if (type == KerberosAuthorizationDataType.AD_ETYPE_NEGOTIATION) { if (KerberosAuthorizationDataEncryptionNegotiation.Parse(data, out KerberosAuthorizationDataEncryptionNegotiation entry)) { return(entry); } } else if (type == KerberosAuthorizationDataType.AD_WIN2K_PAC) { if (KerberosAuthorizationDataPAC.Parse(data, out KerberosAuthorizationDataPAC entry)) { return(entry); } } return(new KerberosAuthorizationData(type, data)); }
internal static bool Parse(byte[] data, out KerberosAuthorizationDataPAC auth_data) { auth_data = null; if (data.Length < 8) { return(false); } BinaryReader reader = new BinaryReader(new MemoryStream(data)); long count = reader.ReadInt32(); int version = reader.ReadInt32(); if (version != 0) { return(false); } if (reader.RemainingLength() < count * 16) { return(false); } List <KerberosAuthorizationDataPACEntry> entries = new List <KerberosAuthorizationDataPACEntry>(); for (long i = 0; i < count; ++i) { int type = reader.ReadInt32(); int length = reader.ReadInt32(); long offset = reader.ReadInt64(); if (offset >= data.LongLength || (offset + length) > data.LongLength) { return(false); } byte[] entry_data = new byte[length]; Buffer.BlockCopy(data, (int)offset, entry_data, 0, length); KerberosAuthorizationDataPACEntryType entry_type = (KerberosAuthorizationDataPACEntryType)type; KerberosAuthorizationDataPACEntry pac_entry = null; switch (entry_type) { case KerberosAuthorizationDataPACEntryType.UserClaims: case KerberosAuthorizationDataPACEntryType.DeviceClaims: if (!KerberosAuthorizationDataPACClaimSet.Parse(entry_type, entry_data, out pac_entry)) { pac_entry = null; } break; case KerberosAuthorizationDataPACEntryType.KDCChecksum: case KerberosAuthorizationDataPACEntryType.ServerChecksum: if (!KerberosAuthorizationDataPACSignature.Parse(entry_type, entry_data, out pac_entry)) { pac_entry = null; } break; case KerberosAuthorizationDataPACEntryType.ClientInfo: if (!KerberosAuthorizationDataPACClientInfo.Parse(entry_type, entry_data, out pac_entry)) { pac_entry = null; } break; case KerberosAuthorizationDataPACEntryType.UserPrincipalName: if (!KerberosAuthorizationDataPACUpnDnsInfo.Parse(entry_type, entry_data, out pac_entry)) { pac_entry = null; } break; } if (pac_entry == null) { pac_entry = new KerberosAuthorizationDataPACEntry(entry_type, entry_data); } entries.Add(pac_entry); } auth_data = new KerberosAuthorizationDataPAC(data, entries.AsReadOnly()); return(true); }