internal static bool Parse(byte[] data, out KerberosAuthorizationDataRestrictionEntry entry)
{
entry = null;
DERValue[] values = DERParser.ParseData(data, 0);
if (!values.CheckValueSequence())
{
return(false);
}
values = values[0].Children;
if (!values.CheckValueSequence())
{
return(false);
}
byte[] lsap_data = null;
try
{
foreach (var next in values[0].Children)
{
if (next.Type != DERTagType.ContextSpecific)
{
return(false);
}
switch (next.Tag)
{
case 0:
// Ignore, should always be 0.
break;
case 1:
lsap_data = next.ReadChildOctetString();
break;
}
}
}
catch (InvalidDataException)
{
return(false);
}
if (lsap_data == null || lsap_data.Length != 40)
{
return(false);
}
int flags = BitConverter.ToInt32(lsap_data, 0);
int il = BitConverter.ToInt32(lsap_data, 4);
byte[] machine_id = new byte[32];
Buffer.BlockCopy(lsap_data, 8, machine_id, 0, 32);
entry = new KerberosAuthorizationDataRestrictionEntry(data, (KerberosRestrictionEntryFlags)flags, (TokenIntegrityLevel)il, machine_id);
return(true);
}
internal static KerberosAuthorizationData Parse(DERValue value)
{
if (!value.CheckSequence())
{
throw new InvalidDataException();
}
KerberosAuthorizationDataType type = 0;
byte[] data = null;
foreach (var next in value.Children)
{
if (next.Type != DERTagType.ContextSpecific)
{
throw new InvalidDataException();
}
switch (next.Tag)
{
case 0:
type = (KerberosAuthorizationDataType)next.ReadChildInteger();
break;
case 1:
data = next.ReadChildOctetString();
break;
default:
throw new InvalidDataException();
}
}
if (type == 0 || data == null)
{
throw new InvalidDataException();
}
if (type == KerberosAuthorizationDataType.AD_IF_RELEVANT)
{
DERValue[] values = DERParser.ParseData(data, 0);
if (values.Length != 1 || !values[0].CheckSequence() || !values[0].HasChildren())
{
throw new InvalidDataException();
}
return(Parse(values[0].Children[0]));
}
else if (type == KerberosAuthorizationDataType.KERB_AD_RESTRICTION_ENTRY)
{
if (KerberosAuthorizationDataRestrictionEntry.Parse(data,
out KerberosAuthorizationDataRestrictionEntry entry))
{
return(entry);
}
}
else if (type == KerberosAuthorizationDataType.AD_ETYPE_NEGOTIATION)
{
if (KerberosAuthorizationDataEncryptionNegotiation.Parse(data,
out KerberosAuthorizationDataEncryptionNegotiation entry))
{
return(entry);
}
}
else if (type == KerberosAuthorizationDataType.AD_WIN2K_PAC)
{
if (KerberosAuthorizationDataPAC.Parse(data,
out KerberosAuthorizationDataPAC entry))
{
return(entry);
}
}
return(new KerberosAuthorizationData(type, data));
}
internal static IEnumerable <KerberosAuthorizationData> Parse(DERValue value)
{
if (!value.CheckSequence())
{
throw new InvalidDataException();
}
KerberosAuthorizationDataType type = 0;
byte[] data = null;
foreach (var next in value.Children)
{
if (next.Type != DERTagType.ContextSpecific)
{
throw new InvalidDataException();
}
switch (next.Tag)
{
case 0:
type = (KerberosAuthorizationDataType)next.ReadChildInteger();
break;
case 1:
data = next.ReadChildOctetString();
break;
default:
throw new InvalidDataException();
}
}
if (type == 0 || data == null)
{
throw new InvalidDataException();
}
List <KerberosAuthorizationData> ret = new List <KerberosAuthorizationData>();
if (type == KerberosAuthorizationDataType.AD_IF_RELEVANT)
{
DERValue[] values = DERParser.ParseData(data, 0);
if (values.Length != 1 || !values[0].CheckSequence() || !values[0].HasChildren())
{
throw new InvalidDataException();
}
ret.AddRange(values[0].Children.SelectMany(c => Parse(c)));
}
else if (type == KerberosAuthorizationDataType.KERB_AD_RESTRICTION_ENTRY)
{
if (KerberosAuthorizationDataRestrictionEntry.Parse(data,
out KerberosAuthorizationDataRestrictionEntry entry))
{
ret.Add(entry);
}
}
else if (type == KerberosAuthorizationDataType.AD_ETYPE_NEGOTIATION)
{
if (KerberosAuthorizationDataEncryptionNegotiation.Parse(data,
out KerberosAuthorizationDataEncryptionNegotiation entry))
{
ret.Add(entry);
}
}
else if (type == KerberosAuthorizationDataType.AD_WIN2K_PAC)
{
if (KerberosAuthorizationDataPAC.Parse(data,
out KerberosAuthorizationDataPAC entry))
{
ret.Add(entry);
}
}
else if (type == KerberosAuthorizationDataType.AD_AUTH_DATA_AP_OPTIONS)
{
if (KerberosAuthorizationDataApOptions.Parse(data,
out KerberosAuthorizationDataApOptions entry))
{
ret.Add(entry);
}
}
else if (type == KerberosAuthorizationDataType.AD_AUTH_DATA_TARGET_NAME)
{
if (KerberosAuthorizationDataTargetName.Parse(data,
out KerberosAuthorizationDataTargetName entry))
{
ret.Add(entry);
}
}
else if (type == KerberosAuthorizationDataType.KERB_LOCAL)
{
if (KerberosAuthorizationDataKerbLocal.Parse(data,
out KerberosAuthorizationDataKerbLocal entry))
{
ret.Add(entry);
}
}
if (ret.Count == 0)
{
ret.Add(new KerberosAuthorizationData(type, data));
}
return(ret);
}
