public override void Validate(ValidationActions validation) { var now = this.Now(); var ctime = this.Response.CTime.AddTicks(this.Response.CuSec / 10); if (validation.HasFlag(ValidationActions.TokenWindow)) { this.ValidateTicketSkew(now, this.Skew, ctime); } if (!TimeEquals(this.CTime, this.Response.CTime)) { throw new KerberosValidationException( $"CTime does not match. Sent: {this.CTime.Ticks}; Received: {this.Response.CTime.Ticks}", nameof(this.CTime) ); } if (this.CuSec != this.Response.CuSec) { throw new KerberosValidationException( $"CuSec does not match. Sent: {this.CuSec}; Received: {this.Response.CuSec}", nameof(this.CuSec) ); } if (this.SequenceNumber != this.Response.SequenceNumber) { throw new KerberosValidationException( $"SequenceNumber does not match. Sent: {this.SequenceNumber}; Received: {this.Response.SequenceNumber}", nameof(this.SequenceNumber) ); } }
public override void Validate(ValidationActions validation) { var now = Now(); var ctime = Response.CTime.AddTicks(Response.CuSec / 10); if (validation.HasFlag(ValidationActions.TokenWindow)) { ValidateTicketSkew(now, Skew, ctime); } if (KerberosConstants.TimeEquals(CTime, Response.CTime)) { throw new KerberosValidationException( $"CTime does not match. Sent: {CTime.Ticks}; Received: {Response.CTime.Ticks}" ); } if (CuSec != Response.CuSec) { throw new KerberosValidationException( $"CuSec does not match. Sent: {CuSec}; Received: {Response.CuSec}" ); } if (SequenceNumber != Response.SequenceNumber) { throw new KerberosValidationException( $"SequenceNumber does not match. Sent: {SequenceNumber}; Received: {Response.SequenceNumber}" ); } }
internal KerberosIdentity( IEnumerable <Claim> userClaims, string authenticationType, string nameType, string roleType, IEnumerable <Restriction> restrictions, ValidationActions validationMode, string apRep ) : base(userClaims, authenticationType, nameType, roleType) { Restrictions = restrictions.GroupBy(r => r.Type).ToDictionary(r => r.Key, r => r.ToList().AsEnumerable()); ValidationMode = validationMode; ApRep = apRep; }
public virtual void Validate(ValidationActions validation) { // As defined in https://tools.ietf.org/html/rfc1510 A.10 KRB_AP_REQ verification if (Ticket == null) { throw new KerberosValidationException("Ticket is null"); } if (Authenticator == null) { throw new KerberosValidationException("Authenticator is null"); } if (validation.HasFlag(ValidationActions.ClientPrincipalIdentifier)) { ValidateClientPrincipalIdentifier(); } if (validation.HasFlag(ValidationActions.Realm)) { ValidateRealm(); } var now = Now(); var ctime = Authenticator.CTime.AddTicks(Authenticator.CuSec / 10); if (validation.HasFlag(ValidationActions.TokenWindow)) { ValidateTicketSkew(now, Skew, ctime); } if (validation.HasFlag(ValidationActions.StartTime)) { ValidateTicketStart(now, Skew); } if (validation.HasFlag(ValidationActions.EndTime)) { ValidateTicketEnd(now, Skew); } }
public abstract void Validate(ValidationActions validation);
public static ExtendedValidationResult Error(string message, ValidationActions actions = (ValidationActions.Block | ValidationActions.ShowIndication)) { return(new ExtendedValidationResult(ResultType.Error, message, actions)); }
public static ExtendedValidationResult Warning(string message, ValidationActions actions = ValidationActions.ShowIndication) { return(new ExtendedValidationResult(ResultType.Warning, message, actions)); }
private ExtendedValidationResult(ResultType result, object errorContent, ValidationActions actions) : base(result == ResultType.Valid, errorContent) { Result = result; Actions = actions; }