File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -76,16 +76,21 @@ public void Write(BinaryWriter writer)
7676
7777 public ICollection < KeyEntry > Entries => this . entries ??= new List < KeyEntry > ( ) ;
7878
79- public KerberosKey GetKey ( ChecksumType type , KrbPrincipalName sname )
80- {
81- var etype = type switch
79+ private static EncryptionType EncryptionTypeForChecksumType ( ChecksumType type )
80+ => type switch
8281 {
8382 ChecksumType . HMAC_SHA1_96_AES128 => EncryptionType . AES128_CTS_HMAC_SHA1_96 ,
8483 ChecksumType . HMAC_SHA1_96_AES256 => EncryptionType . AES256_CTS_HMAC_SHA1_96 ,
84+ ChecksumType . HMAC_SHA256_128_AES128 => EncryptionType . AES128_CTS_HMAC_SHA256_128 ,
85+ ChecksumType . HMAC_SHA384_192_AES256 => EncryptionType . AES256_CTS_HMAC_SHA384_192 ,
8586 _ => EncryptionType . RC4_HMAC_NT ,
8687 } ;
87- return this . GetKey ( etype , sname ) ;
88- }
88+
89+ public IEnumerable < KerberosKey > GetKeys ( ChecksumType type , KrbPrincipalName sname )
90+ => this . GetKeys ( EncryptionTypeForChecksumType ( type ) , sname ) ;
91+
92+ public KerberosKey GetKey ( ChecksumType type , KrbPrincipalName sname )
93+ => this . GetKey ( EncryptionTypeForChecksumType ( type ) , sname ) ;
8994
9095 public IEnumerable < KerberosKey > GetKeys ( EncryptionType type , KrbPrincipalName sname )
9196 {
Original file line number Diff line number Diff line change 44// -----------------------------------------------------------------------
55
66using System ;
7+ using System . Linq ;
78using System . Runtime . InteropServices ;
9+ using System . Security . Cryptography ;
10+ using System . Security ;
811using Kerberos . NET . Crypto ;
912using Kerberos . NET . Ndr ;
1013
@@ -113,9 +116,38 @@ public void Validate(KerberosKey key)
113116
114117 internal void Validate ( KeyTable keytab , KrbPrincipalName sname )
115118 {
116- var key = keytab . GetKey ( this . Type , sname ) ;
119+ var keys = keytab . GetKeys ( this . Type , sname ) ;
117120
118- this . Validate ( key ) ;
121+ if ( ! keys . Any ( ) )
122+ {
123+ throw new InvalidOperationException ( $ "Could not find a key for { this . Type } and { sname . FullyQualifiedName } ") ;
124+ }
125+
126+ Exception ex = null ;
127+
128+ foreach ( var key in keys )
129+ {
130+ try
131+ {
132+ this . Validate ( key ) ;
133+ return ;
134+ }
135+ catch ( CryptographicException cex )
136+ {
137+ ex = cex ;
138+ continue ;
139+ }
140+ catch ( SecurityException secx )
141+ {
142+ ex = secx ;
143+ continue ;
144+ }
145+ }
146+
147+ if ( ex != null )
148+ {
149+ throw ex ;
150+ }
119151 }
120152
121153 internal void Sign ( Memory < byte > pacUnsigned , KerberosKey key )
You can’t perform that action at this time.
0 commit comments