/// <summary>
/// Try and parse data into an ASN1 authentication token.
/// </summary>
/// <param name="data">The data to parse.</param>
/// <param name="token">The Negotiate authentication token.</param>
/// <param name="values">Parsed DER Values.</param>
internal static bool TryParse(byte[] data, DERValue[] values, out KerberosAuthenticationToken token)
{
token = null;
try
{
var ret = new KerberosAPReplyAuthenticationToken(data, values);
if (values.Length != 1 || !values[0].CheckApplication(15) || !values[0].HasChildren())
{
return(false);
}
values = values[0].Children;
if (values.Length != 1 || !values[0].CheckSequence() || !values[0].HasChildren())
{
return(false);
}
foreach (var next in values[0].Children)
{
if (next.Type != DERTagType.ContextSpecific)
{
return(false);
}
switch (next.Tag)
{
case 0:
if (next.ReadChildInteger() != 5)
{
return(false);
}
break;
case 1:
if ((KerberosMessageType)next.ReadChildInteger() != KerberosMessageType.KRB_AP_REP)
{
return(false);
}
break;
case 2:
if (!next.HasChildren())
{
return(false);
}
ret.EncryptedPart = KerberosEncryptedData.Parse(next.Children[0]);
break;
default:
return(false);
}
}
token = ret;
return(true);
}
catch (InvalidDataException)
{
return(false);
}
}
/// <summary>
/// Try and parse data into an ASN1 authentication token.
/// </summary>
/// <param name="data">The data to parse.</param>
/// <param name="token">The Negotiate authentication token.</param>
/// <param name="values">Parsed DER Values.</param>
internal static bool TryParse(byte[] data, DERValue[] values, out KerberosAuthenticationToken token)
{
token = null;
try
{
var ret = new KerberosTGTRequestAuthenticationToken(data, values);
if (values.Length != 1 || !values[0].HasChildren())
{
return(false);
}
Queue <DERValue> queue = new Queue <DERValue>(values[0].Children);
while (queue.Count > 0)
{
var next = queue.Dequeue();
if (next.Type != DERTagType.ContextSpecific)
{
return(false);
}
switch (next.Tag)
{
case 0:
if (next.ReadChildInteger() != 5)
{
return(false);
}
break;
case 1:
if ((KRB_MSG_TYPE)next.ReadChildInteger() != KRB_MSG_TYPE.KRB_TGT_REQ)
{
return(false);
}
break;
case 2:
if (!next.Children[0].CheckSequence())
{
return(false);
}
ret.ServerName = KerberosPrincipalName.Parse(next.Children[0]);
break;
case 3:
ret.Realm = next.ReadChildGeneralString();
break;
default:
return(false);
}
}
token = ret;
return(true);
}
catch (InvalidDataException)
{
return(false);
}
}
/// <summary>
/// Try and parse data into an ASN1 authentication token.
/// </summary>
/// <param name="data">The data to parse.</param>
/// <param name="token">The Negotiate authentication token.</param>
/// <param name="values">Parsed DER Values.</param>
internal static bool TryParse(byte[] data, DERValue[] values, out KerberosAuthenticationToken token)
{
token = null;
try {
var ret = new KerberosErrorAuthenticationToken(data, values);
if (values.Length != 1 || !values[0].CheckMsg(KerberosMessageType.KRB_ERROR) || !values[0].HasChildren())
{
return(false);
}
values = values[0].Children;
if (values.Length != 1 || !values[0].CheckSequence() || !values[0].HasChildren())
{
return(false);
}
foreach (var next in values[0].Children)
{
if (next.Type != DERTagType.ContextSpecific)
{
return(false);
}
switch (next.Tag)
{
case 0:
if (next.ReadChildInteger() != 5)
{
return(false);
}
break;
case 1:
if ((KerberosMessageType)next.ReadChildInteger() != KerberosMessageType.KRB_ERROR)
{
return(false);
}
break;
case 2:
ret.ClientTime = next.ReadChildGeneralizedTime();
break;
case 3:
ret.ClientUSec = next.ReadChildInteger();
break;
case 4:
ret.ServerTime = next.ReadChildGeneralizedTime();
break;
case 5:
ret.ServerUSec = next.ReadChildInteger();
break;
case 6:
ret.ErrorCode = (KerberosErrorType)next.ReadChildInteger();
break;
case 7:
ret.ClientRealm = next.ReadChildGeneralString();
break;
case 8:
if (!next.Children[0].CheckSequence())
{
throw new InvalidDataException();
}
ret.ClientName = KerberosPrincipalName.Parse(next.Children[0]);
break;
case 9:
ret.ServerRealm = next.ReadChildGeneralString();
break;
case 10:
if (!next.Children[0].CheckSequence())
{
throw new InvalidDataException();
}
ret.ServerName = KerberosPrincipalName.Parse(next.Children[0]);
break;
case 11:
ret.ErrorText = next.ReadChildGeneralString();
break;
case 12:
ret.ErrorData = next.ReadChildOctetString();
break;
default:
return(false);
}
}
token = ret;
return(true);
} catch (InvalidDataException) {
return(false);
}
}
/// <summary>
/// Try and parse data into an Kerberos authentication token.
/// </summary>
/// <param name="data">The data to parse.</param>
/// <param name="token">The Kerberos authentication token.</param>
/// <param name="client">True if this is a token from a client.</param>
/// <param name="token_count">The token count number.</param>
/// <returns>True if parsed successfully.</returns>
internal static bool TryParse(byte[] data, int token_count, bool client, out KerberosAuthenticationToken token)
{
token = null;
try
{
if (!GSSAPIUtils.TryParse(data, out byte[] inner_token, out string oid))
/// <summary>
/// Try and parse data into an ASN1 authentication token.
/// </summary>
/// <param name="data">The data to parse.</param>
/// <param name="token">The Negotiate authentication token.</param>
/// <param name="values">Parsed DER Values.</param>
internal static bool TryParse(byte[] data, DERValue[] values, out KerberosAuthenticationToken token)
{
token = null;
try
{
var ret = new KerberosAPRequestAuthenticationToken(data, values);
if (values.Length != 1 || !values[0].CheckApplication(14) || !values[0].HasChildren())
{
return(false);
}
values = values[0].Children;
if (values.Length != 1 || !values[0].CheckSequence() || !values[0].HasChildren())
{
return(false);
}
Queue <DERValue> queue = new Queue <DERValue>(values[0].Children);
while (queue.Count > 0)
{
var next = queue.Dequeue();
if (next.Type != DERTagType.ContextSpecific)
{
return(false);
}
switch (next.Tag)
{
case 0:
if (next.ReadChildInteger() != 5)
{
return(false);
}
break;
case 1:
if ((KRB_MSG_TYPE)next.ReadChildInteger() != KRB_MSG_TYPE.KRB_AP_REQ)
{
return(false);
}
break;
case 2:
if (!next.Children[0].CheckPrimitive(UniversalTag.BIT_STRING))
{
return(false);
}
var bits = next.Children[0].ReadBitString();
var options = KerberosAPRequestOptions.None;
if (bits[1])
{
options |= KerberosAPRequestOptions.UseSessionKey;
}
if (bits[2])
{
options |= KerberosAPRequestOptions.MutualAuthRequired;
}
ret.Options = options;
break;
case 3:
if (!next.HasChildren())
{
return(false);
}
ret.Ticket = KerberosTicket.Parse(next.Children[0]);
break;
case 4:
if (!next.HasChildren())
{
return(false);
}
ret.Authenticator = KerberosEncryptedData.Parse(next.Children[0]);
break;
default:
return(false);
}
}
token = ret;
return(true);
}
catch (InvalidDataException)
{
return(false);
}
}
