public async Task <ReadOnlyMemory <byte> > ProcessMessage(ReadOnlyMemory <byte> request)
{
// This should probably only process AS-REQs and TGS-REQs
// Everything else should fail miserably with an error
// But we'll leave it to the registered handlers to decide
// what they are willing to process
// but we also need to process Kdc Proxy messages
var tag = KrbMessage.PeekTag(request);
if (tag == Asn1Tag.Sequence && options.ProxyEnabled)
{
try
{
return(await ProcessProxyMessageAsync(request));
}
catch (Exception ex) when(IsProtocolException(ex))
{
logger.LogWarning(ex, "Proxy message could not be parsed correctly");
return(KdcMessageHandlerBase.GenerateGenericError(ex, options));
}
}
return(await ProcessMessageCoreAsync(request, tag));
}
private KdcMessageHandlerBase LocateMessageHandler(ReadOnlyMemory <byte> request, Asn1Tag tag)
{
MessageType messageType = KrbMessage.DetectMessageType(tag);
ValidateSupportedMessageType(messageType);
if (!messageHandlers.TryGetValue(messageType, out MessageHandlerConstructor builder))
{
throw new KerberosProtocolException(
KerberosErrorCode.KRB_ERR_GENERIC,
$"Application tag {messageType} doesn't have a message handler registered"
);
}
var handler = builder(request, options);
if (handler == null)
{
throw new InvalidOperationException($"Message handler builder {messageType} must not return null");
}
handler.RegisterPreAuthHandlers(preAuthHandlers);
return(handler);
}
private async Task <ReadOnlyMemory <byte> > ProcessProxyMessageAsync(ReadOnlyMemory <byte> request)
{
var proxyMessage = KdcProxyMessage.Decode(request);
var unwrapped = proxyMessage.UnwrapMessage(out KdcProxyMessageMode mode);
var tag = KrbMessage.PeekTag(unwrapped);
var response = await ProcessMessageCoreAsync(unwrapped, tag);
return(EncodeProxyResponse(response, mode));
}
