public void MultipleVersionsInSameKeytab()
{
var keys = new[] {
new KerberosKey(
"password",
new PrincipalName(PrincipalNameType.NT_PRINCIPAL, "REALM.COM", new[] { "host/appservice" }),
host: "appservice",
etype: EncryptionType.AES256_CTS_HMAC_SHA1_96,
kvno: 1
),
new KerberosKey(
"password",
new PrincipalName(PrincipalNameType.NT_PRINCIPAL, "REALM.COM", new[] { "host/appservice" }),
host: "appservice",
etype: EncryptionType.AES256_CTS_HMAC_SHA1_96,
kvno: 2
),
new KerberosKey(
"password",
new PrincipalName(PrincipalNameType.NT_PRINCIPAL, "REALM.COM", new[] { "host/appservice" }),
host: "appservice",
etype: EncryptionType.AES256_CTS_HMAC_SHA1_96,
kvno: 12
)
};
var keytable = new KeyTable(keys);
var key = keytable.GetKey(EncryptionType.AES256_CTS_HMAC_SHA1_96, KrbPrincipalName.FromString("host/appservice"));
Assert.AreEqual(12, key.Version);
}
internal void Validate(KeyTable keytab, KrbPrincipalName sname)
{
var key = keytab.GetKey(Type, sname);
Validator.Validate(key);
Validated = true;
}
public override KerberosKey CreateKey()
{
Validate();
var principalName = KrbPrincipalName.FromString(UserName);
if (Salts == null || !Salts.Any())
{
return(keytab.GetKey(EncryptionType.RC4_HMAC_NT, principalName));
}
foreach (var salt in Salts)
{
var key = keytab.GetKey(salt.Key, principalName);
if (key != null)
{
return(key);
}
}
return(null);
}
public override void Decrypt(KeyTable keytab)
{
var ciphertext = token.Ticket.EncPart.Cipher;
var key = keytab.GetKey(token);
var output = Decrypt(key.GetKey(MD4Encryptor), ciphertext, KeyUsage.KU_TICKET);
Ticket = new EncTicketPart(new Asn1Element(output));
var decryptedAuthenticator = Decrypt(
Ticket.EncryptionKey,
token.Authenticator.Cipher,
KeyUsage.KU_AP_REQ_AUTHENTICATOR
);
Authenticator = new Authenticator(new Asn1Element(decryptedAuthenticator));
}
internal void Validate(KeyTable keytab, KrbPrincipalName sname)
{
var key = keytab.GetKey(this.Type, sname);
this.Validate(key);
}