Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
# -*- coding: binary -*-
2

3
module Rex
4
  module Proto
5
    module Kerberos
6
      module Model
7
        # This class provides a representation of a Kerberos AuthorizationData data
8
        # definition.
9
        class AuthorizationData < Element
10
          # @!attribute elements
11
          #   @return [Array<Hash{Symbol => Integer, String)}>] The type of the authorization data
12
          #   @option [Integer] :type
13
          #   @option [String] :data
14
          attr_accessor :elements
15

16
          # Decodes the Rex::Proto::Kerberos::Model::AuthorizationData from an input
17
          #
18
          # @param input [String, OpenSSL::ASN1::Sequence] the input to decode from
19
          # @return [self] if decoding succeeds
20
          # @raise [Rex::Proto::Kerberos::Model::Error::KerberosDecodingError] if decoding doesn't succeed
21
          def decode(input)
22
            case input
23
            when String
24
              decode_string(input)
25
            when OpenSSL::ASN1::ASN1Data
26
              decode_asn1(input)
27
            else
28
              raise ::Rex::Proto::Kerberos::Model::Error::KerberosDecodingError, 'Failed to decode AuthorizationData, invalid input'
29
            end
30

31
            self
32
          end
33

34
          # Encodes a Rex::Proto::Kerberos::Model::AuthorizationData into an ASN.1 String
35
          #
36
          # @return [String]
37
          def encode
38
            seqs = []
39
            elements.each do |elem|
40
              elems = []
41
              type_asn1 = OpenSSL::ASN1::ASN1Data.new([encode_type(elem[:type])], 0, :CONTEXT_SPECIFIC)
42
              elems << type_asn1
43
              data_asn1 = OpenSSL::ASN1::ASN1Data.new([encode_data(elem[:data])], 1, :CONTEXT_SPECIFIC)
44
              elems << data_asn1
45
              seqs << OpenSSL::ASN1::Sequence.new(elems)
46
            end
47

48
            seq = OpenSSL::ASN1::Sequence.new(seqs)
49

50
            seq.to_der
51
          end
52

53
          # Decodes a Rex::Proto::Kerberos::Model::AuthorizationData from an String
54
          #
55
          # @param input [String] the input to decode from
56
          def decode_string(input)
57
            asn1 = OpenSSL::ASN1.decode(input)
58

59
            decode_asn1(asn1)
60
          end
61

62
          # Decodes a Rex::Proto::Kerberos::Model::AuthorizationData
63
          #
64
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
65
          # @raise [Rex::Proto::Kerberos::Model::Error::KerberosDecodingError] if decoding doesn't succeed
66
          #
67
          #    TransitedEncoding       ::= SEQUENCE {
68
          #            ad-type         [0] Int32 -- must be registered --,
69
          #            ad-data         [1] OCTET STRING
70
          #    }
71
          def decode_asn1(input)
72
            self.elements = []
73
            input.each do |elem|
74
              element = {}
75
              elem.value.each do |val|
76
                case val.tag
77
                when 0  # ad-type         [0] Int32
78
                  element[:type] = decode_type(val)
79
                when 1  # ad-data        [1] OCTET STRING
80
                  element[:data] = decode_data(val)
81
                else
82
                  raise ::Rex::Proto::Kerberos::Model::Error::KerberosDecodingError, 'Failed to decode AuthorizationData SEQUENCE'
83
                end
84
              end
85
              self.elements << element
86
            end
87
          end
88

89
          # Encrypts the Rex::Proto::Kerberos::Model::AuthorizationData
90
          #
91
          # @param etype [Integer] the crypto schema to encrypt
92
          # @param key [String] the key to encrypt
93
          # @return [String] the encrypted result
94
          # @raise [NotImplementedError] if encryption schema isn't supported
95
          def encrypt(etype, key)
96
            data = self.encode
97

98
            encryptor = Rex::Proto::Kerberos::Crypto::Encryption::from_etype(etype)
99
            encryptor.encrypt(data, key, 5)
100
          end
101

102

103
          private
104

105
          # Decodes the type from an OpenSSL::ASN1::ASN1Data
106
          #
107
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
108
          # @return [Integer]
109
          def decode_type(input)
110
            input.value[0].value.to_i
111
          end
112

113
          # Encodes the type
114
          #
115
          # @return [OpenSSL::ASN1::Integer]
116
          def encode_type(type)
117
            bn = OpenSSL::BN.new(type.to_s)
118
            int = OpenSSL::ASN1::Integer.new(bn)
119

120
            int
121
          end
122

123
          # Decodes the value from an OpenSSL::ASN1::ASN1Data
124
          #
125
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
126
          # @return [String]
127
          def decode_data(input)
128
            input.value[0].value
129
          end
130

131
          # Encodes the data
132
          #
133
          # @return [OpenSSL::ASN1::OctetString]
134
          def encode_data(data)
135
            OpenSSL::ASN1::OctetString.new(data)
136
          end
137
        end
138
      end
139
    end
140
  end
141
end
142

143