private static KrbApReq CreateApReq(KrbKdcRep kdcRep, KrbEncryptionKey tgtSessionKey, KrbChecksum checksum, out KrbEncryptionKey sessionKey)
{
var tgt = kdcRep.Ticket;
var authenticator = new KrbAuthenticator
{
CName = kdcRep.CName,
Realm = kdcRep.CRealm,
SequenceNumber = KerberosConstants.GetNonce(),
Checksum = checksum
};
sessionKey = KrbEncryptionKey.Generate(tgtSessionKey.EType);
sessionKey.Usage = KeyUsage.EncTgsRepPartSubSessionKey;
authenticator.Subkey = sessionKey;
KerberosConstants.Now(out authenticator.CTime, out authenticator.CuSec);
var encryptedAuthenticator = KrbEncryptedData.Encrypt(
authenticator.EncodeApplication(),
tgtSessionKey.AsKey(),
KeyUsage.PaTgsReqAuthenticator
);
var apReq = new KrbApReq
{
Ticket = tgt,
Authenticator = encryptedAuthenticator
};
return(apReq);
}
public static KrbApReq CreateApReq(
KrbKdcRep tgsRep,
KerberosKey authenticatorKey,
ApOptions options,
out KrbAuthenticator authenticator
)
{
var ticket = tgsRep.Ticket;
authenticator = new KrbAuthenticator
{
CName = tgsRep.CName,
Realm = ticket.Realm,
SequenceNumber = KerberosConstants.GetNonce(),
Subkey = KrbEncryptionKey.Generate(authenticatorKey.EncryptionType),
Checksum = KrbChecksum.EncodeDelegationChecksum(new DelegationInfo())
};
KerberosConstants.Now(out authenticator.CTime, out authenticator.CuSec);
var apReq = new KrbApReq
{
Ticket = ticket,
ApOptions = options,
Authenticator = KrbEncryptedData.Encrypt(
authenticator.EncodeApplication(),
authenticatorKey,
KeyUsage.ApReqAuthenticator
)
};
return(apReq);
}
public void StampServerTime()
{
KerberosConstants.Now(out this.STime, out this.Susc);
}