/// <summary> /// Create AP request and encode to GSSAPI token /// </summary> /// <param name="apOptions">AP options</param> /// <param name="data">Authorization data</param> /// <param name="subkey">Sub-session key in authenticator</param> /// <param name="checksumFlags">Checksum flags</param> /// <returns></returns> private byte[] CreateGssApiToken(ApOptions apOptions, AuthorizationData data, EncryptionKey subkey, ChecksumFlags checksumFlags, KerberosConstValue.GSSToken gssToken = KerberosConstValue.GSSToken.GSSSPNG) { APOptions options = new APOptions(KerberosUtility.ConvertInt2Flags((int)apOptions)); Authenticator authenticator = CreateAuthenticator(Context.Ticket, data, subkey, checksumFlags); this.ApRequestAuthenticator = authenticator; KerberosApRequest request = new KerberosApRequest( Context.Pvno, options, Context.Ticket, authenticator, KeyUsageNumber.AP_REQ_Authenticator ); this.client.UpdateContext(request); if ((this.Context.ChecksumFlag & ChecksumFlags.GSS_C_DCE_STYLE) == ChecksumFlags.GSS_C_DCE_STYLE) { return(request.ToBytes()); } else { return(KerberosUtility.AddGssApiTokenHeader(request, this.client.OidPkt, gssToken)); } }
public static byte[] AddGssApiTokenHeader(KerberosApRequest request, KerberosConstValue.OidPkt oidPkt = KerberosConstValue.OidPkt.KerberosToken, KerberosConstValue.GSSToken gssToken = KerberosConstValue.GSSToken.GSSSPNG) { byte[] encoded = request.ToBytes(); byte[] token = KerberosUtility.AddGssApiTokenHeader(ArrayUtility.ConcatenateArrays( BitConverter.GetBytes(KerberosUtility.ConvertEndian((ushort)TOK_ID.KRB_AP_REQ)), encoded), oidPkt, gssToken); return(token); }