public byte[] EncryptMessage(byte[] plainTextBytes)
{
using var inputBuffer = new GssInputBuffer(plainTextBytes);
using var outputBuffer = new GssOutputBuffer();
var majorStatus = NativeMethods.gss_wrap(out uint minorStatus, handle, 0, 0, inputBuffer, out int _, outputBuffer);
Gss.ThrowIfError(majorStatus, minorStatus);
return(outputBuffer.ToByteArray());
}
public byte[] DecryptMessage(int messageLength, byte[] encryptedBytes)
{
using var inputBuffer = new GssInputBuffer(encryptedBytes);
using var outputBuffer = new GssOutputBuffer();
var majorStatus = NativeMethods.gss_unwrap(out uint minorStatus, handle, inputBuffer, outputBuffer, out int _, out int _);
Gss.ThrowIfError(majorStatus, minorStatus);
return(outputBuffer.ToByteArray());
}
public byte[] Next(byte[] challenge)
{
using var inputToken = new GssInputBuffer(challenge);
using var outputToken = new GssOutputBuffer();
const GssFlags authenticationFlags = GssFlags.GSS_C_MUTUAL_FLAG | GssFlags.GSS_C_SEQUENCE_FLAG;
var majorStatus = NativeMethods.gss_init_sec_context(out var minorStatus, _credential, in handle, _servicePrincipalName, IntPtr.Zero, authenticationFlags, 0, IntPtr.Zero, inputToken, out var _, outputToken, out var _, out var _);
Gss.ThrowIfError(majorStatus, minorStatus);
_isInitialized = true;
return(outputToken.ToByteArray());
}
public static GssapiServicePrincipalName Create(string service, string host, string realm)
{
var servicePrincipalName = $"{service}@{host}";
if (!string.IsNullOrEmpty(realm))
{
servicePrincipalName += $"@{realm}";
}
using (var spnBuffer = new GssInputBuffer(servicePrincipalName))
{
var majorStatus = NativeMethods.gss_import_name(out var minorStatus, spnBuffer, in Oid.GSS_C_NT_HOSTBASED_SERVICE, out var spnName);
Gss.ThrowIfError(majorStatus, minorStatus);
return(new GssapiServicePrincipalName(spnName));
}
}
public static GssapiSecurityCredential Acquire(string username, SecureString password)
{
var gssName = IntPtr.Zero;
try
{
using (var nameBuffer = new GssInputBuffer(username))
{
uint minorStatus, majorStatus;
majorStatus = NativeMethods.gss_import_name(out minorStatus, nameBuffer, in Oid.GSS_C_NT_USER_NAME, out gssName);
Gss.ThrowIfError(majorStatus, minorStatus);
GssapiSecurityCredential securityCredential;
if (password != null)
{
using (var passwordBuffer = new GssInputBuffer(SecureStringHelper.ToInsecureString(password)))
{
majorStatus = NativeMethods.gss_acquire_cred_with_password(out minorStatus, gssName, passwordBuffer, uint.MaxValue, IntPtr.Zero, GssCredentialUsage.GSS_C_INITIATE, out securityCredential, IntPtr.Zero, out uint _);
}
}
else
{
majorStatus = NativeMethods.gss_acquire_cred(out minorStatus, gssName, uint.MaxValue, IntPtr.Zero, GssCredentialUsage.GSS_C_INITIATE, out securityCredential, IntPtr.Zero, out uint _);
}
Gss.ThrowIfError(majorStatus, minorStatus);
return(securityCredential);
}
}
finally
{
if (gssName != IntPtr.Zero)
{
_ = NativeMethods.gss_release_name(out _, gssName);
}
}
}
