internal static bool Parse(byte[] data, out KerberosAuthorizationDataRestrictionEntry entry) { entry = null; DERValue[] values = DERParser.ParseData(data, 0); if (!values.CheckValueSequence()) { return(false); } values = values[0].Children; if (!values.CheckValueSequence()) { return(false); } byte[] lsap_data = null; try { foreach (var next in values[0].Children) { if (next.Type != DERTagType.ContextSpecific) { return(false); } switch (next.Tag) { case 0: // Ignore, should always be 0. break; case 1: lsap_data = next.ReadChildOctetString(); break; } } } catch (InvalidDataException) { return(false); } if (lsap_data == null || lsap_data.Length != 40) { return(false); } int flags = BitConverter.ToInt32(lsap_data, 0); int il = BitConverter.ToInt32(lsap_data, 4); byte[] machine_id = new byte[32]; Buffer.BlockCopy(lsap_data, 8, machine_id, 0, 32); entry = new KerberosAuthorizationDataRestrictionEntry(data, (KerberosRestrictionEntryFlags)flags, (TokenIntegrityLevel)il, machine_id); return(true); }
internal static KerberosAuthorizationData Parse(DERValue value) { if (!value.CheckSequence()) { throw new InvalidDataException(); } KerberosAuthorizationDataType type = 0; byte[] data = null; foreach (var next in value.Children) { if (next.Type != DERTagType.ContextSpecific) { throw new InvalidDataException(); } switch (next.Tag) { case 0: type = (KerberosAuthorizationDataType)next.ReadChildInteger(); break; case 1: data = next.ReadChildOctetString(); break; default: throw new InvalidDataException(); } } if (type == 0 || data == null) { throw new InvalidDataException(); } if (type == KerberosAuthorizationDataType.AD_IF_RELEVANT) { DERValue[] values = DERParser.ParseData(data, 0); if (values.Length != 1 || !values[0].CheckSequence() || !values[0].HasChildren()) { throw new InvalidDataException(); } return(Parse(values[0].Children[0])); } else if (type == KerberosAuthorizationDataType.KERB_AD_RESTRICTION_ENTRY) { if (KerberosAuthorizationDataRestrictionEntry.Parse(data, out KerberosAuthorizationDataRestrictionEntry entry)) { return(entry); } } else if (type == KerberosAuthorizationDataType.AD_ETYPE_NEGOTIATION) { if (KerberosAuthorizationDataEncryptionNegotiation.Parse(data, out KerberosAuthorizationDataEncryptionNegotiation entry)) { return(entry); } } else if (type == KerberosAuthorizationDataType.AD_WIN2K_PAC) { if (KerberosAuthorizationDataPAC.Parse(data, out KerberosAuthorizationDataPAC entry)) { return(entry); } } return(new KerberosAuthorizationData(type, data)); }
internal static IEnumerable <KerberosAuthorizationData> Parse(DERValue value) { if (!value.CheckSequence()) { throw new InvalidDataException(); } KerberosAuthorizationDataType type = 0; byte[] data = null; foreach (var next in value.Children) { if (next.Type != DERTagType.ContextSpecific) { throw new InvalidDataException(); } switch (next.Tag) { case 0: type = (KerberosAuthorizationDataType)next.ReadChildInteger(); break; case 1: data = next.ReadChildOctetString(); break; default: throw new InvalidDataException(); } } if (type == 0 || data == null) { throw new InvalidDataException(); } List <KerberosAuthorizationData> ret = new List <KerberosAuthorizationData>(); if (type == KerberosAuthorizationDataType.AD_IF_RELEVANT) { DERValue[] values = DERParser.ParseData(data, 0); if (values.Length != 1 || !values[0].CheckSequence() || !values[0].HasChildren()) { throw new InvalidDataException(); } ret.AddRange(values[0].Children.SelectMany(c => Parse(c))); } else if (type == KerberosAuthorizationDataType.KERB_AD_RESTRICTION_ENTRY) { if (KerberosAuthorizationDataRestrictionEntry.Parse(data, out KerberosAuthorizationDataRestrictionEntry entry)) { ret.Add(entry); } } else if (type == KerberosAuthorizationDataType.AD_ETYPE_NEGOTIATION) { if (KerberosAuthorizationDataEncryptionNegotiation.Parse(data, out KerberosAuthorizationDataEncryptionNegotiation entry)) { ret.Add(entry); } } else if (type == KerberosAuthorizationDataType.AD_WIN2K_PAC) { if (KerberosAuthorizationDataPAC.Parse(data, out KerberosAuthorizationDataPAC entry)) { ret.Add(entry); } } else if (type == KerberosAuthorizationDataType.AD_AUTH_DATA_AP_OPTIONS) { if (KerberosAuthorizationDataApOptions.Parse(data, out KerberosAuthorizationDataApOptions entry)) { ret.Add(entry); } } else if (type == KerberosAuthorizationDataType.AD_AUTH_DATA_TARGET_NAME) { if (KerberosAuthorizationDataTargetName.Parse(data, out KerberosAuthorizationDataTargetName entry)) { ret.Add(entry); } } else if (type == KerberosAuthorizationDataType.KERB_LOCAL) { if (KerberosAuthorizationDataKerbLocal.Parse(data, out KerberosAuthorizationDataKerbLocal entry)) { ret.Add(entry); } } if (ret.Count == 0) { ret.Add(new KerberosAuthorizationData(type, data)); } return(ret); }