@@ -74,28 +74,44 @@ public void Write(BinaryWriter writer)
7474
7575 private ICollection < KeyEntry > entries ;
7676
77- public ICollection < KeyEntry > Entries => this . entries ?? ( this . entries = new List < KeyEntry > ( ) ) ;
77+ public ICollection < KeyEntry > Entries => this . entries ??= new List < KeyEntry > ( ) ;
7878
7979 public KerberosKey GetKey ( ChecksumType type , KrbPrincipalName sname )
8080 {
81- EncryptionType etype ;
81+ var etype = type switch
82+ {
83+ ChecksumType . HMAC_SHA1_96_AES128 => EncryptionType . AES128_CTS_HMAC_SHA1_96 ,
84+ ChecksumType . HMAC_SHA1_96_AES256 => EncryptionType . AES256_CTS_HMAC_SHA1_96 ,
85+ _ => EncryptionType . RC4_HMAC_NT ,
86+ } ;
87+ return this . GetKey ( etype , sname ) ;
88+ }
89+
90+ public IEnumerable < KerberosKey > GetKeys ( EncryptionType type , KrbPrincipalName sname )
91+ {
92+ // try and find a matching entry
93+
94+ var entries = this . Entries
95+ . Where ( e => e . EncryptionType == type && ( sname ? . Matches ( e . Principal ) ?? true ) )
96+ . OrderByDescending ( x => x . Version ) ;
97+
98+ if ( ! entries . Any ( ) )
99+ {
100+ // Fall back to first entry with matching type
82101
83- switch ( type )
102+ entries = this . Entries
103+ . Where ( e => e . EncryptionType == type )
104+ . OrderByDescending ( x => x . Version ) ;
105+ }
106+
107+ if ( ! entries . Any ( ) )
84108 {
85- case ChecksumType . HMAC_SHA1_96_AES128 :
86- etype = EncryptionType . AES128_CTS_HMAC_SHA1_96 ;
87- break ;
88- case ChecksumType . HMAC_SHA1_96_AES256 :
89- etype = EncryptionType . AES256_CTS_HMAC_SHA1_96 ;
90- break ;
91-
92- case ChecksumType . KERB_CHECKSUM_HMAC_MD5 :
93- default :
94- etype = EncryptionType . RC4_HMAC_NT ;
95- break ;
109+ // fall back to first entry
110+
111+ entries = this . Entries . OrderByDescending ( x => x . Version ) ;
96112 }
97113
98- return this . GetKey ( etype , sname ) ;
114+ return entries . Select ( e => e . Key ) ;
99115 }
100116
101117 public KerberosKey GetKey ( EncryptionType type , KrbPrincipalName sname )
@@ -107,22 +123,16 @@ public KerberosKey GetKey(EncryptionType type, KrbPrincipalName sname)
107123 . OrderByDescending ( x => x . Version )
108124 . FirstOrDefault ( ) ;
109125
110- // Fall back to first entry with matching type (RC4_HMAC_NT)
126+ // Fall back to first entry with matching type
111127
112- if ( entry == null )
113- {
114- entry = this . Entries
128+ entry ??= this . Entries
115129 . Where ( e => e . EncryptionType == type )
116130 . OrderByDescending ( x => x . Version )
117131 . FirstOrDefault ( ) ;
118- }
119132
120133 // Fall back to first entry
121134
122- if ( entry == null )
123- {
124- entry = this . Entries . FirstOrDefault ( ) ;
125- }
135+ entry ??= this . Entries . FirstOrDefault ( ) ;
126136
127137 return entry ? . Key ;
128138 }
0 commit comments