private static KrbApReq CreateApReq(KrbKdcRep kdcRep, KrbEncryptionKey tgtSessionKey, KrbChecksum checksum, out KrbEncryptionKey sessionKey) { var tgt = kdcRep.Ticket; var authenticator = new KrbAuthenticator { CName = kdcRep.CName, Realm = kdcRep.CRealm, SequenceNumber = KerberosConstants.GetNonce(), Checksum = checksum }; sessionKey = KrbEncryptionKey.Generate(tgtSessionKey.EType); sessionKey.Usage = KeyUsage.EncTgsRepPartSubSessionKey; authenticator.Subkey = sessionKey; KerberosConstants.Now(out authenticator.CTime, out authenticator.CuSec); var encryptedAuthenticator = KrbEncryptedData.Encrypt( authenticator.EncodeApplication(), tgtSessionKey.AsKey(), KeyUsage.PaTgsReqAuthenticator ); var apReq = new KrbApReq { Ticket = tgt, Authenticator = encryptedAuthenticator }; return(apReq); }
private static KrbApReq CreateApReq(KrbKdcRep kdcRep, KrbEncryptionKey tgtSessionKey) { var tgt = kdcRep.Ticket; KerberosConstants.Now(out DateTimeOffset time, out int usec); var authenticator = new KrbAuthenticator { CName = kdcRep.CName, CTime = time, Cusec = usec, Realm = tgt.Realm, SequenceNumber = KerberosConstants.GetNonce(), Subkey = tgtSessionKey, AuthenticatorVersionNumber = 5 }; var encryptedAuthenticator = KrbEncryptedData.Encrypt( authenticator.EncodeApplication(), tgtSessionKey.AsKey(), KeyUsage.PaTgsReqAuthenticator ); var apReq = new KrbApReq { Ticket = tgt, Authenticator = encryptedAuthenticator }; return(apReq); }
private void ProcessedAsKerberos(Asn1Element sequence, MechType firstMech) { for (var i = 0; i < sequence.Count; i++) { var node = sequence[i]; switch (node.Class) { case TagClass.Universal: switch (node.UniversalTag) { case 0: break; case 1: break; case MechType.UniversalTag: ThisMech = new MechType(node.AsString()); break; } break; case TagClass.Application: switch (node.ApplicationTag) { case KrbApReq.ApplicationTag: InnerContextToken = new KrbApReq().Decode(node[0]); break; } break; } } }
protected override void ParseApplication(Asn1Element element) { switch (element.ApplicationTag) { case KrbApReq.ApplicationTag: KrbApReq = new KrbApReq().Decode(element[0]); break; case KrbApRep.ApplicationTag: KrbApRep = new KrbApRep().Decode(element[0]); break; } }
public KerberosContextToken(GssApiToken gssToken = null, ReadOnlyMemory <byte>?data = null) { var kerb = data ?? gssToken?.Token; if (KrbApReq.CanDecode(kerb.Value)) { KrbApReq = KrbApReq.DecodeApplication(kerb.Value); } else if (KrbApRep.CanDecode(kerb.Value)) { KrbApRep = KrbApRep.DecodeApplication(kerb.Value); } }
protected static DecryptedKrbApReq DecryptApReq(KrbApReq token, KeyTable keytab) { if (token.Ticket == null) { return(null); } var decryptedApReq = new DecryptedKrbApReq(token); decryptedApReq.Decrypt(keytab); return(decryptedApReq); }
public static ReadOnlyMemory <byte> Encode(Oid oid, KrbApReq krbApReq) { using (var writer = new AsnWriter(AsnEncodingRules.DER)) { writer.PushSequence(ApplicationTag); writer.WriteObjectIdentifier(oid); writer.WriteEncodedValue(new byte[] { 0x01, 0x0 }); writer.WriteEncodedValue(krbApReq.EncodeApplication().Span); writer.PopSequence(ApplicationTag); return(writer.Encode()); } }
protected static DecryptedData Decrypt(KrbApReq token, KeyTable keytab) { if (token?.Ticket?.EncPart == null) { return(null); } DecryptedData decryptor = null; if (Decryptors.TryGetValue(token.Ticket.EncPart.EType, out Func <KrbApReq, DecryptedData> func) && func != null) { decryptor = func(token); } if (decryptor != null) { decryptor.Decrypt(keytab); } return(decryptor); }
public InitialContextToken(Asn1Element sequence, IEnumerable <MechType> mechTypes) { var childNode = new Asn1Element(sequence.Value); if (childNode.Count <= 0 && mechTypes.Any(a => a.Oid == MechType.NEGOEX)) { NegotiateExtension = new NegotiateExtension(sequence.Value); } for (var i = 0; i < childNode.Count; i++) { var node = childNode[i]; if (node.ContextSpecificTag == MechType.ContextTag) { ThisMech = new MechType(node.AsString()); } else if (node.Count > 0) { InnerContextToken = new KrbApReq(node[0]); } } }
public RC4DecryptedData(KrbApReq token) { this.token = token; }
public KerberosContextToken(GssApiToken gssToken = null, ReadOnlyMemory <byte>?data = null) { var kerb = data ?? gssToken?.Token; this.KrbApReq = KrbApReq.DecodeApplication(kerb.Value); }