Class: Rex::Proto::Kerberos::Model::PreAuthS4uX509User

Inherits:

Element

• Object
• Element
• Rex::Proto::Kerberos::Model::PreAuthS4uX509User

Defined in:

lib/rex/proto/kerberos/model/pre_auth_s4u_x509_user.rb

Overview

This class provides a representation of the PA-S4U-X509-USER structure as defined in the Kerberos protocol.

Constant Summary

Constants included from Rex::Proto::Kerberos::Model

AP_REP, AP_REQ, AS_REP, AS_REQ, AUTHENTICATOR, ENC_AP_REP_PART, ENC_KRB_CRED_PART, KRB_CRED, KRB_ERROR, TGS_REP, TGS_REQ, TICKET, VERSION

Instance Attribute Summary

• #checksum ⇒ Rex::Proto::Kerberos::Model::Checksum

  The checksum.

• #user_id ⇒ Rex::Proto::Kerberos::Model::S4uUserId

  The user ID.

Instance Method Summary

• #decode(input) ⇒ self

  Decodes the PA-S4U-X509-USER structure from an input.

• #decode_asn1(input) ⇒ Object

  Decodes the PA-S4U-X509-USER structure from an OpenSSL::ASN1::Sequence.

• #decode_string(input) ⇒ Object

  Decodes the PA-S4U-X509-USER structure from a String.

• #encode ⇒ String

  Encodes the PA-S4U-X509-USER structure into an ASN.1 String.

• #get_checksum(key, data) ⇒ Object
• #initialize(key, impersonate, impersonate_type, realm, nonce, e_type: Rex::Proto::Kerberos::Crypto::Encryption::AES256) ⇒ PreAuthS4uX509User constructor

  Initializes the PA-S4U-X509-USER structure.

Methods inherited from Element

attr_accessor, attributes, #attributes, decode

Constructor Details

#initialize(key, impersonate, impersonate_type, realm, nonce, e_type: Rex::Proto::Kerberos::Crypto::Encryption::AES256) ⇒ PreAuthS4uX509User

Initializes the PA-S4U-X509-USER structure

Parameters:

• key (String) —

  The encryption key

• impersonate (String) —

  The impersonation principal name

• impersonate_type (String) —

  The impersonation principal name

• realm (String) —

  The realm

• nonce (Integer) —

  The nonce

• e_type (Symbol) (defaults to: Rex::Proto::Kerberos::Crypto::Encryption::AES256) —

  The encryption type

# File 'lib/rex/proto/kerberos/model/pre_auth_s4u_x509_user.rb', line 34

def initialize(key, impersonate, impersonate_type, realm, nonce, e_type: Rex::Proto::Kerberos::Crypto::Encryption::AES256)
  self.user_id = Rex::Proto::Kerberos::Model::S4uUserId.new(impersonate, impersonate_type, realm, nonce)
  self.checksum = Rex::Proto::Kerberos::Model::Checksum.new(type: Rex::Proto::Kerberos::Crypto::Encryption::DES3_CBC_SHA1, checksum: get_checksum(key.value, user_id.encode))
end

Instance Attribute Details

#checksum ⇒ Rex::Proto::Kerberos::Model::Checksum

Returns The checksum.

Returns:

• (Rex::Proto::Kerberos::Model::Checksum) —

  The checksum

# File 'lib/rex/proto/kerberos/model/pre_auth_s4u_x509_user.rb', line 17

def checksum
  @checksum
end

#user_id ⇒ Rex::Proto::Kerberos::Model::S4uUserId

Returns The user ID.

Returns:

• (Rex::Proto::Kerberos::Model::S4uUserId) —

  The user ID

# File 'lib/rex/proto/kerberos/model/pre_auth_s4u_x509_user.rb', line 14

def user_id
  @user_id
end

Instance Method Details

#decode(input) ⇒ self

Decodes the PA-S4U-X509-USER structure from an input

Parameters:

• input (String, OpenSSL::ASN1::ASN1Data) —

  the input to decode from

Returns:

• (self) —

  if decoding succeeds

Raises:

• (Rex::Proto::Kerberos::Model::Error::KerberosDecodingError) —

  if decoding doesn't succeed

# File 'lib/rex/proto/kerberos/model/pre_auth_s4u_x509_user.rb', line 57

def decode(input)
  case input
  when String
    decode_string(input)
  when OpenSSL::ASN1::ASN1Data
    decode_asn1(input)
  else
    raise ::Rex::Proto::Kerberos::Model::Error::KerberosDecodingError, 'Failed to decode PA-S4U-X509-USER, invalid input'
  end

  self
end

#decode_asn1(input) ⇒ Object

Decodes the PA-S4U-X509-USER structure from an OpenSSL::ASN1::Sequence

Parameters:

• input (OpenSSL::ASN1::Sequence) —

  the input to decode from

# File 'lib/rex/proto/kerberos/model/pre_auth_s4u_x509_user.rb', line 81

def decode_asn1(input)
  seq_values = input.value

  seq_values.each do |val|
    case val.tag
    when 0
      self.user_id = S4uUserId.decode(val.value[0])
    when 1
      self.checksum = Checksum.new.decode(val.value[0])
    else
      raise ::Rex::Proto::Kerberos::Model::Error::KerberosDecodingError, 'Failed to decode PA-S4U-X509-USER SEQUENCE'
    end
  end
end

#decode_string(input) ⇒ Object

Decodes the PA-S4U-X509-USER structure from a String

Parameters:

• input (String) —

  the input to decode from

# File 'lib/rex/proto/kerberos/model/pre_auth_s4u_x509_user.rb', line 73

def decode_string(input)
  asn1 = OpenSSL::ASN1.decode(input)
  decode_asn1(asn1)
end

#encode ⇒ String

Encodes the PA-S4U-X509-USER structure into an ASN.1 String

Returns:

• (String)

# File 'lib/rex/proto/kerberos/model/pre_auth_s4u_x509_user.rb', line 42

def encode
 elems = []
 elems << OpenSSL::ASN1::ASN1Data.new([user_id.encode], 0, :CONTEXT_SPECIFIC)
 elems << OpenSSL::ASN1::ASN1Data.new([checksum.encode], 1, :CONTEXT_SPECIFIC)

 seq = OpenSSL::ASN1::Sequence.new(elems)

 seq.to_der
end

#get_checksum(key, data) ⇒ Object

# File 'lib/rex/proto/kerberos/model/pre_auth_s4u_x509_user.rb', line 19

def get_checksum(key, data)
  checksum_type = Rex::Proto::Kerberos::Crypto::Checksum::SHA1_AES256
  cksum_key_usage = Rex::Proto::Kerberos::Crypto::KeyUsage::PA_S4U_X509_USER
  checksummer = Rex::Proto::Kerberos::Crypto::Checksum::from_checksum_type(checksum_type)
  checksummer.checksum(key, cksum_key_usage, data)
end