/// <summary>
/// SPNG Client Packet API, which is to generate SpngNegotiationToken.
/// </summary>
/// <param name="payloadType">An enum parameter, indicates the inner payload type,
/// e.g. PayloadType.NegInit is for NegTokenInit</param>
/// <param name="negotiationState">Indicate the negotation status, e.g. incomplete, completed.</param>
/// <param name="responseToken">Byte array of responseToken.
/// This field could be null when the first time invoked.</param>
/// <param name="mechListMIC">This field, if present, contains an MIC token for
/// the mechanism list in the initial negotiation message.
/// This field could be null.</param>
/// <returns>SpngNegotiationToken packet</returns>
/// <exception cref="ArgumentOutOfRangeException">PayloadType is not in scope. </exception>
public SpngNegotiationToken CreateNegotiationToken(
SpngPayloadType payloadType, NegState negotiationState, byte[] responseToken, byte[] mechListMIC)
{
NegotiationToken token;
switch (payloadType)
{
case SpngPayloadType.NegResp:
SpngNegTokenResp negResp = CreateNegTokenResp(negotiationState, responseToken, mechListMIC);
token = new NegotiationToken(NegotiationToken.negTokenResp, negResp.Asn1Token);
break;
case SpngPayloadType.NegInit:
NegTokenInit negInit = new NegTokenInit(
this.config.MechList,
SpngUtility.ConvertUintToContextFlags(this.config.ContextAttributes),
new Asn1OctetString(responseToken),
new Asn1OctetString(mechListMIC)
);
token = new NegotiationToken(NegotiationToken.negTokenInit, negInit);
break;
default:
throw new ArgumentOutOfRangeException("payloadType");
}
return(new SpngNegotiationToken(token));
}
/// <summary>
/// Initialize the securityMechContext based on the security package type
/// </summary>
/// <param name="mechType">security mechanism type</param>
/// <param name="inToken">the input security token</param>
/// <exception cref="InvalidOperationException">Thrown if could not find the configuration.</exception>
/// <exception cref="InvalidOperationException">Thrown when security configuration is unknown</exception>
private void InitializeSecurityContext(MechType mechType, byte[] inToken)
{
SpngClientContext clientContext = this.client.Context as SpngClientContext;
SecurityPackageType authType = SpngUtility.ConvertMechType(mechType);
CurrentSecurityConfig = SpngUtility.GetSecurityConfig(this.securityConfigList, authType);
if (CurrentSecurityConfig == null)
{
throw new InvalidOperationException("Missing configuration for " + authType.ToString());
}
if (securityMechContext != null)
{
// re-enter. Nothing need to do
return;
}
if (CurrentSecurityConfig.GetType() == typeof(KerberosClientSecurityConfig))
{
KerberosClientSecurityConfig kileConfig = CurrentSecurityConfig as KerberosClientSecurityConfig;
securityMechContext = new KerberosClientSecurityContext(
kileConfig.ServiceName,
kileConfig.ClientCredential,
KerberosAccountType.User,
kileConfig.KdcIpAddress,
kileConfig.KdcPort,
kileConfig.TransportType,
kileConfig.SecurityAttributes);
}
else if (CurrentSecurityConfig.GetType() == typeof(NlmpClientSecurityConfig))
{
NlmpClientSecurityConfig nlmpConfig = CurrentSecurityConfig as NlmpClientSecurityConfig;
NlmpClientCredential cred = new NlmpClientCredential(
nlmpConfig.TargetName,
nlmpConfig.DomainName,
nlmpConfig.AccountName,
nlmpConfig.Password);
securityMechContext = new NlmpClientSecurityContext(cred, nlmpConfig.SecurityAttributes);
}
else if (CurrentSecurityConfig.GetType() == typeof(SspiClientSecurityConfig))
{
throw new InvalidOperationException("Only support Kerberos security config and NTLM security config");
}
else
{
throw new InvalidOperationException("unknown security config");
}
}
/// <summary>
/// Decode the SPNG payload from the message bytes.
/// Should be overridden in the inheriting classes
/// </summary>
/// <param name="buffer">The byte array to be decoded.</param>
public override void FromBytes(byte[] buffer)
{
this.Asn1Token = SpngUtility.DecodeAsn1 <InitialNegToken2>(buffer);
}
/// <summary>
/// Decode the SPNG payload from the message bytes.
/// Should be overridden in the inheriting classes
/// </summary>
/// <param name="buffer">The byte array to be decoded.</param>
public override void FromBytes(byte[] buffer)
{
this.Asn1Token = SpngUtility.DecodeAsn1 <NegotiationToken>(buffer);
}
public override byte[] ToBytes()
{
return(SpngUtility.EncodeAsn1(this.asn1Token));
}
/// <summary>
/// Verify the MechListMIC based on initial MechType list of the current packet
/// </summary>
/// <param name="securityContext">Specific security context</param>
/// <param name="signature">Signature of the initial MechListMIC</param>
/// <returns>True if the signature matches the signed message, otherwise false</returns>
internal bool VerifyMechListMIC(SecurityContext securityContext, byte[] signature)
{
byte[] unsignedMechList = SpngUtility.EncodeAsn1(context.InitMechTypeList);
return(securityContext.Verify(unsignedMechList, signature));
}
/// <summary>
/// Generate the MechListMIC based on MechType list of the current packet
/// </summary>
/// <param name="securityContext">Specific security context</param>
/// <returns>MechListMIC</returns>
internal byte[] GenerateMechListMIC(SecurityContext securityContext)
{
byte[] unsignedMechList = SpngUtility.EncodeAsn1(context.InitMechTypeList);
return(securityContext.Sign(unsignedMechList));
}