Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
# -*- coding: binary -*-
2

3
module Rex
4
  module Proto
5
    module Kerberos
6
      module Model
7
        # This class provides a representation of a Kerberos ticket that helps
8
        # a client authenticate to a service.
9
        class Ticket < Element
10
          # @!attribute tkt_vno
11
          #   @return [Integer] The ticket version number
12
          attr_accessor :tkt_vno
13
          # @!attribute realm
14
          #   @return [String] The realm that issued the ticket
15
          attr_accessor :realm
16
          # @!attribute sname
17
          #   @return [Rex::Proto::Kerberos::Model::PrincipalName] The name part of the server's identity
18
          attr_accessor :sname
19
          # @!attribute enc_part
20
          #   @return [Rex::Proto::Kerberos::Model::EncryptedData] The encrypted part of the ticket
21
          attr_accessor :enc_part
22

23
          def ==(other)
24
            tkt_vno == other.tkt_vno &&
25
              realm == other.realm &&
26
              sname == other.sname &&
27
              enc_part == other.enc_part
28
          end
29

30
          # Decodes the Rex::Proto::Kerberos::Model::KrbError from an input
31
          #
32
          # @param input [String, OpenSSL::ASN1::ASN1Data] the input to decode from
33
          # @return [self] if decoding succeeds
34
          # @raise [Rex::Proto::Kerberos::Model::Error::KerberosDecodingError] if decoding doesn't succeed
35
          def decode(input)
36
            case input
37
            when String
38
              decode_string(input)
39
            when OpenSSL::ASN1::ASN1Data
40
              decode_asn1(input)
41
            else
42
              raise ::Rex::Proto::Kerberos::Model::Error::KerberosDecodingError, 'Failed to decode Ticket, invalid input'
43
            end
44

45
            self
46
          end
47

48
          def encode
49
            elems = []
50
            elems << OpenSSL::ASN1::ASN1Data.new([encode_tkt_vno], 0, :CONTEXT_SPECIFIC)
51
            elems << OpenSSL::ASN1::ASN1Data.new([encode_realm], 1, :CONTEXT_SPECIFIC)
52
            elems << OpenSSL::ASN1::ASN1Data.new([encode_sname], 2, :CONTEXT_SPECIFIC)
53
            elems << OpenSSL::ASN1::ASN1Data.new([encode_enc_part], 3, :CONTEXT_SPECIFIC)
54
            seq = OpenSSL::ASN1::Sequence.new(elems)
55

56
            seq_asn1 = OpenSSL::ASN1::ASN1Data.new([seq], TICKET, :APPLICATION)
57

58
            seq_asn1.to_der
59
          end
60

61
          private
62

63
          # Encodes the tkt_vno field
64
          #
65
          # @return [OpenSSL::ASN1::Integer]
66
          def encode_tkt_vno
67
            bn = OpenSSL::BN.new(tkt_vno.to_s)
68
            int = OpenSSL::ASN1::Integer.new(bn)
69

70
            int
71
          end
72

73
          # Encodes the realm field
74
          #
75
          # @return [OpenSSL::ASN1::GeneralString]
76
          def encode_realm
77
            OpenSSL::ASN1::GeneralString.new(realm)
78
          end
79

80
          # Encodes the sname field
81
          #
82
          # @return [String]
83
          def encode_sname
84
            sname.encode
85
          end
86

87
          # Encodes the enc_part field
88
          #
89
          # @return [String]
90
          def encode_enc_part
91
            enc_part.encode
92
          end
93

94
          # Decodes a Rex::Proto::Kerberos::Model::Ticket from an String
95
          #
96
          # @param input [String] the input to decode from
97
          def decode_string(input)
98
            asn1 = OpenSSL::ASN1.decode(input)
99

100
            decode_asn1(asn1)
101
          end
102

103
          # Decodes a Rex::Proto::Kerberos::Model::Ticket
104
          #
105
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
106
          # @raise [Rex::Proto::Kerberos::Model::Error::KerberosDecodingError] if decoding doesn't succeed
107
          def decode_asn1(input)
108
            input.value[0].value.each do |val|
109
              case val.tag
110
              when 0
111
                self.tkt_vno = decode_tkt_vno(val)
112
              when 1
113
                self.realm = decode_realm(val)
114
              when 2
115
                self.sname = decode_sname(val)
116
              when 3
117
                self.enc_part = decode_enc_part(val)
118
              else
119
                raise ::Rex::Proto::Kerberos::Model::Error::KerberosDecodingError, 'Failed to decode Ticket SEQUENCE'
120
              end
121
            end
122
          end
123

124
          # Decodes the tkt_vno from an OpenSSL::ASN1::ASN1Data
125
          #
126
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
127
          # @return [Integer]
128
          def decode_tkt_vno(input)
129
            input.value[0].value.to_i
130
          end
131

132
          #
133
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
134
          # @return [String]
135
          def decode_realm(input)
136
            input.value[0].value
137
          end
138

139
          # Decodes the sname field
140
          #
141
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
142
          # @return [Rex::Proto::Kerberos::Model::PrincipalName]
143
          def decode_sname(input)
144
            Rex::Proto::Kerberos::Model::PrincipalName.decode(input.value[0])
145
          end
146

147
          # Decodes the enc_part from an OpenSSL::ASN1::ASN1Data
148
          #
149
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
150
          # @return [Rex::Proto::Kerberos::Model::EncryptedData]
151
          def decode_enc_part(input)
152
            Rex::Proto::Kerberos::Model::EncryptedData.decode(input.value[0])
153
          end
154
        end
155
      end
156
    end
157
  end
158
end
159

160