private Authenticator CreateAuthenticator(PrincipalName cname, Realm realm, EncryptionKey subkey = null, AuthorizationData data = null) { BaseTestSite.Log.Add(LogEntryKind.TestStep, "Create authenticator"); Random r = new Random(); int seqNum = r.Next(); Authenticator plaintextAuthenticator = new Authenticator { authenticator_vno = new Asn1Integer(KerberosConstValue.KERBEROSV5), crealm = realm, cusec = new Microseconds(0), ctime = KerberosUtility.CurrentKerberosTime, seq_number = new KerbUInt32(seqNum), cname = cname, subkey = subkey, authorization_data = data }; AuthCheckSum checksum = new AuthCheckSum { Lgth = KerberosConstValue.AUTHENTICATOR_CHECKSUM_LENGTH }; checksum.Bnd = new byte[checksum.Lgth]; checksum.Flags = (int)(ChecksumFlags.GSS_C_MUTUAL_FLAG | ChecksumFlags.GSS_C_INTEG_FLAG); byte[] checkData = ArrayUtility.ConcatenateArrays(BitConverter.GetBytes(checksum.Lgth), checksum.Bnd, BitConverter.GetBytes(checksum.Flags)); plaintextAuthenticator.cksum = new Checksum(new KerbInt32((int)ChecksumType.ap_authenticator_8003), new Asn1OctetString(checkData)); return(plaintextAuthenticator); }
/// <summary> /// Create authenticator for AP request or part of PA-DATA for TGS request. /// </summary> /// <param name="cRealm">This field contains the name of the realm in which the client is registered and in /// which initial authentication took place.</param> /// <param name="cName">This field contains the name part of the client's principal identifier.</param> /// <param name="checksumType">The checksum type selected.</param> /// <param name="seqNumber">The current local sequence number.</param> /// <param name="flag">The flag set in checksum field of Authenticator.</param> /// <param name="subkey">Specify the new subkey used in the following exchange. This field is optional. /// This argument can be got with method GenerateKey(ApSessionKey). /// This argument can be null. If this argument is null, no subkey will be sent.</param> /// <param name="authorizationData">The authentication data of authenticator. This field is optional. /// This argument can be generated by method ConstructAuthorizationData. This argument can be null. /// If this argument is null, no Authorization Data will be sent.</param> /// <param name="key">The key to do checksum.</param> /// <param name="checksumBody">The data to compute checksum.</param> /// <returns>The created authenticator.</returns> private Authenticator CreateAuthenticator(Realm cRealm, PrincipalName cName, ChecksumType checksumType, int seqNumber, ChecksumFlags flag, EncryptionKey subkey, AuthorizationData authorizationData, EncryptionKey key, byte[] checksumBody) { Authenticator plaintextAuthenticator = new Authenticator(); plaintextAuthenticator.authenticator_vno = new Asn1Integer(ConstValue.KERBEROSV5); plaintextAuthenticator.crealm = cRealm; plaintextAuthenticator.cname = cName; plaintextAuthenticator.cusec = new Microseconds(0); plaintextAuthenticator.ctime = KileUtility.CurrentKerberosTime; plaintextAuthenticator.seq_number = new KerbUInt32(seqNumber); plaintextAuthenticator.subkey = subkey; plaintextAuthenticator.authorization_data = authorizationData; if (checksumType == ChecksumType.ap_authenticator_8003) { // compute the checksum AuthCheckSum checksum = new AuthCheckSum(); checksum.Lgth = ConstValue.AUTHENTICATOR_CHECKSUM_LENGTH; checksum.Bnd = new byte[checksum.Lgth]; checksum.Flags = (int)flag; byte[] checkData = ArrayUtility.ConcatenateArrays(BitConverter.GetBytes(checksum.Lgth), checksum.Bnd, BitConverter.GetBytes(checksum.Flags)); // in AP request plaintextAuthenticator.cksum = new Checksum(new KerbInt32((int)checksumType), new Asn1OctetString(checkData)); } else { // in TGS PA data byte[] checkData = KileUtility.GetChecksum( key.keyvalue.ByteArrayValue, checksumBody, (int)KeyUsageNumber.TGS_REQ_PA_TGS_REQ_adataOR_AP_REQ_Authenticator_cksum, checksumType); plaintextAuthenticator.cksum = new Checksum(new KerbInt32((int)checksumType), new Asn1OctetString(checkData)); } return(plaintextAuthenticator); }
/// <summary> /// Create authenticator for AP request or part of PA-DATA for TGS request. /// </summary> /// <param name="cRealm">This field contains the name of the realm in which the client is registered and in /// which initial authentication took place.</param> /// <param name="cName">This field contains the name part of the client's principal identifier.</param> /// <param name="checksumType">The checksum type selected.</param> /// <param name="seqNumber">The current local sequence number.</param> /// <param name="flag">The flag set in checksum field of Authenticator.</param> /// <param name="subkey">Specify the new subkey used in the following exchange. This field is optional. /// This argument can be got with method GenerateKey(ApSessionKey). /// This argument can be null. If this argument is null, no subkey will be sent.</param> /// <param name="authorizationData">The authentication data of authenticator. This field is optional. /// This argument can be generated by method ConstructAuthorizationData. This argument can be null. /// If this argument is null, no Authorization Data will be sent.</param> /// <param name="key">The key to do checksum.</param> /// <param name="checksumBody">The data to compute checksum.</param> /// <returns>The created authenticator.</returns> private Authenticator CreateAuthenticator( ChecksumType checksumType, int seqNumber, ChecksumFlags flag, EncryptionKey subkey, AuthorizationData authorizationData, EncryptionKey key, byte[] checksumBody) { var plaintextAuthenticator = CreateAuthenticator(authorizationData, subkey, seqNumber); if (checksumType == ChecksumType.ap_authenticator_8003) { // compute the checksum var checksum = new AuthCheckSum(); checksum.Lgth = ConstValue.AUTHENTICATOR_CHECKSUM_LENGTH; checksum.Bnd = new byte[checksum.Lgth]; checksum.Flags = (int)flag; byte[] checkData = ArrayUtility.ConcatenateArrays(BitConverter.GetBytes(checksum.Lgth), checksum.Bnd, BitConverter.GetBytes(checksum.Flags)); // in AP request plaintextAuthenticator.cksum = new Checksum(new KerbInt32((int)checksumType), new Asn1OctetString(checkData)); } else { // in TGS PA data byte[] checkData = KerberosUtility.GetChecksum( key.keyvalue.ByteArrayValue, checksumBody, (int)KeyUsageNumber.TGS_REQ_PA_TGS_REQ_adataOR_AP_REQ_Authenticator_cksum, checksumType); plaintextAuthenticator.cksum = new Checksum(new KerbInt32((int)checksumType), new Asn1OctetString(checkData)); } return(plaintextAuthenticator); }