private Authenticator CreateAuthenticator(PrincipalName cname, Realm realm, EncryptionKey subkey = null, AuthorizationData data = null)
{
BaseTestSite.Log.Add(LogEntryKind.TestStep, "Create authenticator");
Random r = new Random();
int seqNum = r.Next();
Authenticator plaintextAuthenticator = new Authenticator
{
authenticator_vno = new Asn1Integer(KerberosConstValue.KERBEROSV5),
crealm = realm,
cusec = new Microseconds(0),
ctime = KerberosUtility.CurrentKerberosTime,
seq_number = new KerbUInt32(seqNum),
cname = cname,
subkey = subkey,
authorization_data = data
};
AuthCheckSum checksum = new AuthCheckSum {
Lgth = KerberosConstValue.AUTHENTICATOR_CHECKSUM_LENGTH
};
checksum.Bnd = new byte[checksum.Lgth];
checksum.Flags = (int)(ChecksumFlags.GSS_C_MUTUAL_FLAG | ChecksumFlags.GSS_C_INTEG_FLAG);
byte[] checkData = ArrayUtility.ConcatenateArrays(BitConverter.GetBytes(checksum.Lgth),
checksum.Bnd, BitConverter.GetBytes(checksum.Flags));
plaintextAuthenticator.cksum = new Checksum(new KerbInt32((int)ChecksumType.ap_authenticator_8003), new Asn1OctetString(checkData));
return(plaintextAuthenticator);
}
/// <summary>
/// Create authenticator for AP request or part of PA-DATA for TGS request.
/// </summary>
/// <param name="cRealm">This field contains the name of the realm in which the client is registered and in
/// which initial authentication took place.</param>
/// <param name="cName">This field contains the name part of the client's principal identifier.</param>
/// <param name="checksumType">The checksum type selected.</param>
/// <param name="seqNumber">The current local sequence number.</param>
/// <param name="flag">The flag set in checksum field of Authenticator.</param>
/// <param name="subkey">Specify the new subkey used in the following exchange. This field is optional.
/// This argument can be got with method GenerateKey(ApSessionKey).
/// This argument can be null. If this argument is null, no subkey will be sent.</param>
/// <param name="authorizationData">The authentication data of authenticator. This field is optional.
/// This argument can be generated by method ConstructAuthorizationData. This argument can be null.
/// If this argument is null, no Authorization Data will be sent.</param>
/// <param name="key">The key to do checksum.</param>
/// <param name="checksumBody">The data to compute checksum.</param>
/// <returns>The created authenticator.</returns>
private Authenticator CreateAuthenticator(Realm cRealm,
PrincipalName cName,
ChecksumType checksumType,
int seqNumber,
ChecksumFlags flag,
EncryptionKey subkey,
AuthorizationData authorizationData,
EncryptionKey key,
byte[] checksumBody)
{
Authenticator plaintextAuthenticator = new Authenticator();
plaintextAuthenticator.authenticator_vno = new Asn1Integer(ConstValue.KERBEROSV5);
plaintextAuthenticator.crealm = cRealm;
plaintextAuthenticator.cname = cName;
plaintextAuthenticator.cusec = new Microseconds(0);
plaintextAuthenticator.ctime = KileUtility.CurrentKerberosTime;
plaintextAuthenticator.seq_number = new KerbUInt32(seqNumber);
plaintextAuthenticator.subkey = subkey;
plaintextAuthenticator.authorization_data = authorizationData;
if (checksumType == ChecksumType.ap_authenticator_8003)
{
// compute the checksum
AuthCheckSum checksum = new AuthCheckSum();
checksum.Lgth = ConstValue.AUTHENTICATOR_CHECKSUM_LENGTH;
checksum.Bnd = new byte[checksum.Lgth];
checksum.Flags = (int)flag;
byte[] checkData = ArrayUtility.ConcatenateArrays(BitConverter.GetBytes(checksum.Lgth),
checksum.Bnd,
BitConverter.GetBytes(checksum.Flags));
// in AP request
plaintextAuthenticator.cksum = new Checksum(new KerbInt32((int)checksumType), new Asn1OctetString(checkData));
}
else
{
// in TGS PA data
byte[] checkData = KileUtility.GetChecksum(
key.keyvalue.ByteArrayValue,
checksumBody,
(int)KeyUsageNumber.TGS_REQ_PA_TGS_REQ_adataOR_AP_REQ_Authenticator_cksum,
checksumType);
plaintextAuthenticator.cksum = new Checksum(new KerbInt32((int)checksumType), new Asn1OctetString(checkData));
}
return(plaintextAuthenticator);
}
/// <summary>
/// Create authenticator for AP request or part of PA-DATA for TGS request.
/// </summary>
/// <param name="cRealm">This field contains the name of the realm in which the client is registered and in
/// which initial authentication took place.</param>
/// <param name="cName">This field contains the name part of the client's principal identifier.</param>
/// <param name="checksumType">The checksum type selected.</param>
/// <param name="seqNumber">The current local sequence number.</param>
/// <param name="flag">The flag set in checksum field of Authenticator.</param>
/// <param name="subkey">Specify the new subkey used in the following exchange. This field is optional.
/// This argument can be got with method GenerateKey(ApSessionKey).
/// This argument can be null. If this argument is null, no subkey will be sent.</param>
/// <param name="authorizationData">The authentication data of authenticator. This field is optional.
/// This argument can be generated by method ConstructAuthorizationData. This argument can be null.
/// If this argument is null, no Authorization Data will be sent.</param>
/// <param name="key">The key to do checksum.</param>
/// <param name="checksumBody">The data to compute checksum.</param>
/// <returns>The created authenticator.</returns>
private Authenticator CreateAuthenticator(
ChecksumType checksumType,
int seqNumber,
ChecksumFlags flag,
EncryptionKey subkey,
AuthorizationData authorizationData,
EncryptionKey key,
byte[] checksumBody)
{
var plaintextAuthenticator = CreateAuthenticator(authorizationData, subkey, seqNumber);
if (checksumType == ChecksumType.ap_authenticator_8003)
{
// compute the checksum
var checksum = new AuthCheckSum();
checksum.Lgth = ConstValue.AUTHENTICATOR_CHECKSUM_LENGTH;
checksum.Bnd = new byte[checksum.Lgth];
checksum.Flags = (int)flag;
byte[] checkData = ArrayUtility.ConcatenateArrays(BitConverter.GetBytes(checksum.Lgth),
checksum.Bnd,
BitConverter.GetBytes(checksum.Flags));
// in AP request
plaintextAuthenticator.cksum = new Checksum(new KerbInt32((int)checksumType), new Asn1OctetString(checkData));
}
else
{
// in TGS PA data
byte[] checkData = KerberosUtility.GetChecksum(
key.keyvalue.ByteArrayValue,
checksumBody,
(int)KeyUsageNumber.TGS_REQ_PA_TGS_REQ_adataOR_AP_REQ_Authenticator_cksum,
checksumType);
plaintextAuthenticator.cksum = new Checksum(new KerbInt32((int)checksumType), new Asn1OctetString(checkData));
}
return(plaintextAuthenticator);
}
