public IEnumerable <KrbPaData> DecodePreAuthentication()
{
if (this.ErrorCode != KerberosErrorCode.KDC_ERR_PREAUTH_REQUIRED)
{
throw new InvalidOperationException($"Cannot parse Pre-Auth PaData because error is {this.ErrorCode}");
}
if (!this.EData.HasValue)
{
throw new InvalidOperationException("Pre-Auth data isn't present in EData");
}
var krbMethod = KrbMethodData.Decode(this.EData.Value, AsnEncodingRules.DER);
return(krbMethod.MethodData);
}
internal static void Decode <T>(AsnReader reader, Asn1Tag expectedTag, out T decoded)
where T : KrbEncKdcRepPart, new()
{
if (reader == null)
{
throw new ArgumentNullException(nameof(reader));
}
decoded = new T();
AsnReader sequenceReader = reader.ReadSequence(expectedTag);
AsnReader explicitReader;
AsnReader collectionReader;
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
KrbEncryptionKey.Decode <KrbEncryptionKey>(explicitReader, out KrbEncryptionKey tmpKey);
decoded.Key = tmpKey;
explicitReader.ThrowIfNotEmpty();
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 1));
// Decode SEQUENCE OF for LastReq
{
collectionReader = explicitReader.ReadSequence();
var tmpList = new List <KrbLastReq>();
KrbLastReq tmpItem;
while (collectionReader.HasData)
{
KrbLastReq.Decode <KrbLastReq>(collectionReader, out KrbLastReq tmp);
tmpItem = tmp;
tmpList.Add(tmpItem);
}
decoded.LastReq = tmpList.ToArray();
}
explicitReader.ThrowIfNotEmpty();
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 2));
if (!explicitReader.TryReadInt32(out int tmpNonce))
{
explicitReader.ThrowIfNotEmpty();
}
decoded.Nonce = tmpNonce;
explicitReader.ThrowIfNotEmpty();
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 3)))
{
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 3));
decoded.KeyExpiration = explicitReader.ReadGeneralizedTime();
explicitReader.ThrowIfNotEmpty();
}
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 4));
if (explicitReader.TryReadPrimitiveBitStringValue(out _, out ReadOnlyMemory <byte> tmpFlags))
{
decoded.Flags = (TicketFlags)tmpFlags.AsLong();
}
else
{
decoded.Flags = (TicketFlags)explicitReader.ReadBitString(out _).AsLong();
}
explicitReader.ThrowIfNotEmpty();
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 5));
decoded.AuthTime = explicitReader.ReadGeneralizedTime();
explicitReader.ThrowIfNotEmpty();
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 6)))
{
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 6));
decoded.StartTime = explicitReader.ReadGeneralizedTime();
explicitReader.ThrowIfNotEmpty();
}
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 7));
decoded.EndTime = explicitReader.ReadGeneralizedTime();
explicitReader.ThrowIfNotEmpty();
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 8)))
{
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 8));
decoded.RenewTill = explicitReader.ReadGeneralizedTime();
explicitReader.ThrowIfNotEmpty();
}
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 9));
decoded.Realm = explicitReader.ReadCharacterString(UniversalTagNumber.GeneralString);
explicitReader.ThrowIfNotEmpty();
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 10));
KrbPrincipalName.Decode <KrbPrincipalName>(explicitReader, out KrbPrincipalName tmpSName);
decoded.SName = tmpSName;
explicitReader.ThrowIfNotEmpty();
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 11)))
{
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 11));
// Decode SEQUENCE OF for CAddr
{
collectionReader = explicitReader.ReadSequence();
var tmpList = new List <KrbHostAddress>();
KrbHostAddress tmpItem;
while (collectionReader.HasData)
{
KrbHostAddress.Decode <KrbHostAddress>(collectionReader, out KrbHostAddress tmp);
tmpItem = tmp;
tmpList.Add(tmpItem);
}
decoded.CAddr = tmpList.ToArray();
}
explicitReader.ThrowIfNotEmpty();
}
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 12)))
{
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 12));
KrbMethodData.Decode <KrbMethodData>(explicitReader, out KrbMethodData tmpEncryptedPaData);
decoded.EncryptedPaData = tmpEncryptedPaData;
explicitReader.ThrowIfNotEmpty();
}
sequenceReader.ThrowIfNotEmpty();
}