/// <summary> /// Accept client token. /// </summary> /// <param name="inToken">The client's token.</param> /// <exception cref="System.ArgumentNullException">Thrown when the input parameter is null.</exception> /// <exception cref="System.FormatException">Thrown when the token format is invalid.</exception> public override void Accept(byte[] inToken) { if (inToken == null) { throw new ArgumentNullException("inToken"); } if (isInitialToken) { KileApRequest apRequest = new KileApRequest(server.Context); apRequest.FromBytes(inToken, ticketEncryptKey); bool isMutualAuth = (apRequest.Request.ap_options.ByteArrayValue[0] << 24 & (int)ApOptions.MutualRequired) == (int)ApOptions.MutualRequired; bool isDceStyle = inToken[0] != ConstValue.KERBEROS_TAG; if (isMutualAuth || isDceStyle) { EncryptionKey apSubKey = new EncryptionKey(new KerbInt32((int)EncryptionType.RC4_HMAC), new Asn1OctetString(Guid.NewGuid().ToByteArray())); KileApResponse apResponse = server.CreateApResponse(apSubKey); // Set a random sequence number Random randomNumber = new Random(); apResponse.ApEncPart.seq_number = new KerbUInt32(randomNumber.Next()); server.context.currentLocalSequenceNumber = (ulong)apResponse.ApEncPart.seq_number.Value; token = apResponse.ToBytes(); } isInitialToken = false; if (inToken[0] != ConstValue.KERBEROS_TAG) { // SEC_I_CONTINUE_NEEDED; continueProcess = true; } else { // SEC_E_OK; continueProcess = false; } } else { KileApResponse apResponse = new KileApResponse(server.Context); apResponse.FromBytes(inToken); if (server.Context.CurrentLocalSequenceNumber != (ulong)apResponse.ApEncPart.seq_number.Value) { throw new FormatException("Sequence number does not match."); } // SEC_E_OK; continueProcess = false; token = null; } }
/// <summary> /// AP exchange. /// Typically AP request and AP response start with /// GSSAPI token (asn.1 header + 1.2.840.113554.1.2.2), /// or a TokId (Krb5ApReq:0x100) /// </summary> /// <param name="apReq">AP request</param> /// <param name="apRep">AP response</param> /// <exception cref="ArgumentNullException"> /// Thrown when apReq or apRep is null. /// </exception> public void ApExchange(byte[] apReq, byte[] apRep) { if (apReq == null) { throw new ArgumentNullException(nameof(apReq)); } if (apRep == null) { throw new ArgumentNullException(nameof(apRep)); } var apReqPdu = new KileApRequest(kileDecoder.serverContext); apReqPdu.FromBytes(apReq); kileDecoder.clientContext.UpdateContext(apReqPdu); var apRepPdu = new KileApResponse(kileDecoder.clientContext); apRepPdu.FromBytes(apRep); kileDecoder.serverContext.UpdateContext(apRepPdu); }
/// <summary> /// Accept client token. /// </summary> /// <param name="inToken">The client's token.</param> /// <exception cref="System.ArgumentNullException">Thrown when the input parameter is null.</exception> /// <exception cref="System.FormatException">Thrown when the token format is invalid.</exception> public override void Accept(byte[] inToken) { if (inToken == null) { throw new ArgumentNullException("inToken"); } if (isInitialToken) { KileApRequest apRequest = new KileApRequest(server.Context); apRequest.FromBytes(inToken, ticketEncryptKey); bool isMutualAuth = (apRequest.Request.ap_options.mValue[0] << 24 & (int)ApOptions.MutualRequired) == (int)ApOptions.MutualRequired; bool isDceStyle = inToken[0] != ConstValue.KERBEROS_TAG; if (isMutualAuth || isDceStyle) { EncryptionKey apSubKey = new EncryptionKey((int)EncryptionType.RC4_HMAC, Guid.NewGuid().ToByteArray()); KileApResponse apResponse = server.CreateApResponse(apSubKey); // Set a random sequence number Random randomNumber = new Random(); apResponse.ApEncPart.seq_number = new UInt32(randomNumber.Next()); server.context.currentLocalSequenceNumber = (ulong)apResponse.ApEncPart.seq_number.mValue; token = apResponse.ToBytes(); } isInitialToken = false; if (inToken[0] != ConstValue.KERBEROS_TAG) { // SEC_I_CONTINUE_NEEDED; continueProcess = true; } else { // SEC_E_OK; continueProcess = false; } } else { KileApResponse apResponse = new KileApResponse(server.Context); apResponse.FromBytes(inToken); if (server.Context.CurrentLocalSequenceNumber != (ulong)apResponse.ApEncPart.seq_number.mValue) { throw new FormatException("Sequence number does not match."); } // SEC_E_OK; continueProcess = false; token = null; } }