/// <summary>
/// Accept client token.
/// </summary>
/// <param name="inToken">The client's token.</param>
/// <exception cref="System.ArgumentNullException">Thrown when the input parameter is null.</exception>
/// <exception cref="System.FormatException">Thrown when the token format is invalid.</exception>
public override void Accept(byte[] inToken)
{
if (inToken == null)
{
throw new ArgumentNullException("inToken");
}
if (isInitialToken)
{
KileApRequest apRequest = new KileApRequest(server.Context);
apRequest.FromBytes(inToken, ticketEncryptKey);
bool isMutualAuth = (apRequest.Request.ap_options.ByteArrayValue[0] << 24 & (int)ApOptions.MutualRequired)
== (int)ApOptions.MutualRequired;
bool isDceStyle = inToken[0] != ConstValue.KERBEROS_TAG;
if (isMutualAuth || isDceStyle)
{
EncryptionKey apSubKey = new EncryptionKey(new KerbInt32((int)EncryptionType.RC4_HMAC),
new Asn1OctetString(Guid.NewGuid().ToByteArray()));
KileApResponse apResponse = server.CreateApResponse(apSubKey);
// Set a random sequence number
Random randomNumber = new Random();
apResponse.ApEncPart.seq_number = new KerbUInt32(randomNumber.Next());
server.context.currentLocalSequenceNumber = (ulong)apResponse.ApEncPart.seq_number.Value;
token = apResponse.ToBytes();
}
isInitialToken = false;
if (inToken[0] != ConstValue.KERBEROS_TAG)
{
// SEC_I_CONTINUE_NEEDED;
continueProcess = true;
}
else
{
// SEC_E_OK;
continueProcess = false;
}
}
else
{
KileApResponse apResponse = new KileApResponse(server.Context);
apResponse.FromBytes(inToken);
if (server.Context.CurrentLocalSequenceNumber != (ulong)apResponse.ApEncPart.seq_number.Value)
{
throw new FormatException("Sequence number does not match.");
}
// SEC_E_OK;
continueProcess = false;
token = null;
}
}
/// <summary>
/// AP exchange.
/// Typically AP request and AP response start with
/// GSSAPI token (asn.1 header + 1.2.840.113554.1.2.2),
/// or a TokId (Krb5ApReq:0x100)
/// </summary>
/// <param name="apReq">AP request</param>
/// <param name="apRep">AP response</param>
/// <exception cref="ArgumentNullException">
/// Thrown when apReq or apRep is null.
/// </exception>
public void ApExchange(byte[] apReq, byte[] apRep)
{
if (apReq == null)
{
throw new ArgumentNullException(nameof(apReq));
}
if (apRep == null)
{
throw new ArgumentNullException(nameof(apRep));
}
var apReqPdu = new KileApRequest(kileDecoder.serverContext);
apReqPdu.FromBytes(apReq);
kileDecoder.clientContext.UpdateContext(apReqPdu);
var apRepPdu = new KileApResponse(kileDecoder.clientContext);
apRepPdu.FromBytes(apRep);
kileDecoder.serverContext.UpdateContext(apRepPdu);
}
/// <summary>
/// Accept client token.
/// </summary>
/// <param name="inToken">The client's token.</param>
/// <exception cref="System.ArgumentNullException">Thrown when the input parameter is null.</exception>
/// <exception cref="System.FormatException">Thrown when the token format is invalid.</exception>
public override void Accept(byte[] inToken)
{
if (inToken == null)
{
throw new ArgumentNullException("inToken");
}
if (isInitialToken)
{
KileApRequest apRequest = new KileApRequest(server.Context);
apRequest.FromBytes(inToken, ticketEncryptKey);
bool isMutualAuth = (apRequest.Request.ap_options.mValue[0] << 24 & (int)ApOptions.MutualRequired)
== (int)ApOptions.MutualRequired;
bool isDceStyle = inToken[0] != ConstValue.KERBEROS_TAG;
if (isMutualAuth || isDceStyle)
{
EncryptionKey apSubKey = new EncryptionKey((int)EncryptionType.RC4_HMAC,
Guid.NewGuid().ToByteArray());
KileApResponse apResponse = server.CreateApResponse(apSubKey);
// Set a random sequence number
Random randomNumber = new Random();
apResponse.ApEncPart.seq_number = new UInt32(randomNumber.Next());
server.context.currentLocalSequenceNumber = (ulong)apResponse.ApEncPart.seq_number.mValue;
token = apResponse.ToBytes();
}
isInitialToken = false;
if (inToken[0] != ConstValue.KERBEROS_TAG)
{
// SEC_I_CONTINUE_NEEDED;
continueProcess = true;
}
else
{
// SEC_E_OK;
continueProcess = false;
}
}
else
{
KileApResponse apResponse = new KileApResponse(server.Context);
apResponse.FromBytes(inToken);
if (server.Context.CurrentLocalSequenceNumber != (ulong)apResponse.ApEncPart.seq_number.mValue)
{
throw new FormatException("Sequence number does not match.");
}
// SEC_E_OK;
continueProcess = false;
token = null;
}
}
