CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/lib/rex/proto/kerberos/model/ticket_enc_part.rb
Views: 11766
1
# -*- coding: binary -*-

2


3
module Rex::Proto::Kerberos::Model

4
  # This class provides a representation of a Kerberos ticket encrypted part that helps

5
  # a client authenticate to a service.

6
  class TicketEncPart < Element

7


8
    attr_accessor :flags              # [0] TicketFlags,

9
    attr_accessor :key                # [1] EncryptionKey,

10
    attr_accessor :crealm             # [2] Realm,

11
    attr_accessor :cname              # [3] PrincipalName,

12
    attr_accessor :transited          # [4] TransitedEncoding,

13
    attr_accessor :authtime           # [5] KerberosTime,

14
    attr_accessor :starttime          # [6] KerberosTime OPTIONAL,

15
    attr_accessor :endtime            # [7] KerberosTime,

16
    attr_accessor :renew_till         # [8] KerberosTime OPTIONAL,

17
    attr_accessor :caddr              # [9] HostAddresses OPTIONAL,

18
    attr_accessor :authorization_data # [10] AuthorizationData OPTIONAL

19


20


21
    # Decodes the Rex::Proto::Kerberos::Model::TicketEncPart from an input

22
    #

23
    # @param input [String, OpenSSL::ASN1::ASN1Data] the input to decode from

24
    # @return [self] if decoding succeeds

25
    # @raise [Rex::Proto::Kerberos::Model::Error::KerberosDecodingError] if decoding doesn't succeed

26
    def decode(input)

27
      case input

28
      when String

29
        decode_string(input)

30
      when OpenSSL::ASN1::ASN1Data

31
        decode_asn1(input)

32
      else

33
        raise ::Rex::Proto::Kerberos::Model::Error::KerberosDecodingError, 'Failed to decode TicketEncPart, invalid input'

34
      end

35


36
      self

37
    end

38


39
    # Encodes a Rex::Proto::Kerberos::Model::TicketEncPart into an ASN.1 String

40
    #

41
    # @return [String]

42
    def encode

43
      to_asn1.to_der

44
    end

45


46


47
    # Encodes a Rex::Proto::Kerberos::Model::TicketEncPart into ASN.1

48
    #

49
    # @return [OpenSSL::ASN1::ASN1Data] The TicketEncPart ASN1Data

50
    def to_asn1

51
      elems = []

52
      elems << OpenSSL::ASN1::ASN1Data.new([encode_flags], 0, :CONTEXT_SPECIFIC)

53
      elems << OpenSSL::ASN1::ASN1Data.new([encode_key], 1, :CONTEXT_SPECIFIC)

54
      elems << OpenSSL::ASN1::ASN1Data.new([encode_crealm], 2, :CONTEXT_SPECIFIC)

55
      elems << OpenSSL::ASN1::ASN1Data.new([encode_cname], 3, :CONTEXT_SPECIFIC)

56
      elems << OpenSSL::ASN1::ASN1Data.new([encode_transited], 4, :CONTEXT_SPECIFIC)

57
      elems << OpenSSL::ASN1::ASN1Data.new([encode_authtime], 5, :CONTEXT_SPECIFIC)

58
      elems << OpenSSL::ASN1::ASN1Data.new([encode_starttime], 6, :CONTEXT_SPECIFIC) if starttime

59
      elems << OpenSSL::ASN1::ASN1Data.new([encode_endtime], 7, :CONTEXT_SPECIFIC)

60
      elems << OpenSSL::ASN1::ASN1Data.new([encode_renew_till], 8, :CONTEXT_SPECIFIC) if renew_till

61
      elems << OpenSSL::ASN1::ASN1Data.new([encode_caddr], 9, :CONTEXT_SPECIFIC) if caddr

62
      elems << OpenSSL::ASN1::ASN1Data.new([encode_authorization_data], 10, :CONTEXT_SPECIFIC) if authorization_data

63


64
      seq = OpenSSL::ASN1::Sequence.new(elems)

65
      OpenSSL::ASN1::ASN1Data.new([seq], 3, :APPLICATION)

66
    end

67


68
    private

69


70
    # Decodes a Rex::Proto::Kerberos::Model::TicketEncPart from an String

71
    #

72
    # @param input [String] the input to decode from

73
    def decode_string(input)

74
      asn1 = OpenSSL::ASN1.decode(input)

75


76
      decode_asn1(asn1)

77
    end

78


79
    # Decodes a Rex::Proto::Kerberos::Model::TicketEncPart

80
    #

81
    # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from

82
    # @raise [Rex::Proto::Kerberos::Model::Error::KerberosDecodingError] if decoding doesn't succeed

83
    #

84
    #    EncTicketPart   ::= [APPLICATION 3] SEQUENCE {

85
    #            flags               [0] TicketFlags,

86
    #            key                 [1] EncryptionKey,

87
    #            crealm              [2] Realm,

88
    #            cname               [3] PrincipalName,

89
    #            transited           [4] TransitedEncoding,

90
    #            authtime            [5] KerberosTime,

91
    #            starttime           [6] KerberosTime OPTIONAL,

92
    #            endtime             [7] KerberosTime,

93
    #            renew-till          [8] KerberosTime OPTIONAL,

94
    #            caddr               [9] HostAddresses OPTIONAL,

95
    #            authorization-data  [10] AuthorizationData OPTIONAL

96
    #    }

97
    def decode_asn1(input)

98
      input.value[0].value.each do |val|

99
        case val.tag

100
        when 0  # flags               [0] TicketFlags

101
          self.flags = decode_flags(val)

102
        when 1  # key                 [1] EncryptionKey

103
          self.key = decode_key(val)

104
        when 2  # crealm              [2] Realm

105
          self.crealm = decode_crealm(val)

106
        when 3  # cname               [3] PrincipalName

107
          self.cname = decode_cname(val)

108
        when 4  # transited           [4] TransitedEncoding

109
          self.transited = decode_transited(val)

110
        when 5  # authtime            [5] KerberosTime

111
          self.authtime = decode_authtime(val)

112
        when 6  # starttime           [6] KerberosTime OPTIONAL

113
          self.starttime = decode_starttime(val)

114
        when 7  # endtime             [7] KerberosTime

115
          self.endtime = decode_endtime(val)

116
        when 8  # renew-till          [8] KerberosTime OPTIONAL

117
          self.renew_till = decode_renew_till(val)

118
        when 9  # caddr               [9] HostAddresses OPTIONAL

119
          self.caddr = decode_caddr(val)

120
        when 10 # authorization-data  [10] AuthorizationData OPTIONAL

121
          self.authorization_data = decode_authorization_data(val)

122
        else

123
          raise ::Rex::Proto::Kerberos::Model::Error::KerberosDecodingError, 'Failed to decode TicketEncPart SEQUENCE'

124
        end

125
      end

126
    end

127


128
    # Decodes the flags from an OpenSSL::ASN1::ASN1Data

129
    #

130
    # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from

131
    # @return [TicketFlags]

132
    def decode_flags(input)

133
      Rex::Proto::Kerberos::Model::TicketFlags.new(input.value[0].value.unpack1('N'))

134
    end

135


136
    # Encodes the flags

137
    #

138
    # @return [OpenSSL::ASN1::BitString]

139
    def encode_flags

140
      OpenSSL::ASN1::BitString.new([flags.value].pack('N'))

141
    end

142


143
    # Decodes the key from an OpenSSL::ASN1::ASN1Data

144
    #

145
    # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from

146
    # @return [EncryptionKey]

147
    def decode_key(input)

148
      Rex::Proto::Kerberos::Model::EncryptionKey.decode(input.value[0])

149
    end

150


151
    # Encodes the key

152
    #

153
    # @return [OpenSSL::ASN1::Sequence]

154
    def encode_key

155
      key.encode

156
    end

157


158
    # Decodes the crealm from an OpenSSL::ASN1::ASN1Data

159
    #

160
    # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from

161
    # @return [String]

162
    def decode_crealm(input)

163
      input.value[0].value

164
    end

165


166
    # Encodes the crealm

167
    #

168
    # @return [OpenSSL::ASN1::GeneralString]

169
    def encode_crealm

170
      OpenSSL::ASN1::GeneralString.new(crealm)

171
    end

172


173
    # Decodes the cname from an OpenSSL::ASN1::ASN1Data

174
    #

175
    # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from

176
    # @return [PrincipalName]

177
    def decode_cname(input)

178
      Rex::Proto::Kerberos::Model::PrincipalName.decode(input.value[0])

179
    end

180


181
    # Encodes the cname

182
    #

183
    # @return [String]

184
    def encode_cname

185
      cname.encode

186
    end

187


188
    # Decodes the transited from an OpenSSL::ASN1::ASN1Data

189
    #

190
    # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from

191
    # @return [TransitedEncoding]

192
    def decode_transited(input)

193
      Rex::Proto::Kerberos::Model::TransitedEncoding.decode(input.value[0])

194
    end

195


196
    # Encodes the transited

197
    #

198
    # @return [String]

199
    def encode_transited

200
      transited.encode

201
    end

202


203
    # Decodes the authtime from an OpenSSL::ASN1::ASN1Data

204
    #

205
    # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from

206
    # @return [Time]

207
    def decode_authtime(input)

208
      input.value[0].value

209
    end

210


211
    # Encodes the authtime

212
    #

213
    # @return [OpenSSL::ASN1::GeneralizedTime]

214
    def encode_authtime

215
      OpenSSL::ASN1::GeneralizedTime.new(authtime)

216
    end

217


218
    # Decodes the starttime from an OpenSSL::ASN1::ASN1Data

219
    #

220
    # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from

221
    # @return [Time]

222
    def decode_starttime(input)

223
      input.value[0].value

224
    end

225


226
    # Encodes the starttime

227
    #

228
    # @return [OpenSSL::ASN1::GeneralizedTime]

229
    def encode_starttime

230
      OpenSSL::ASN1::GeneralizedTime.new(starttime)

231
    end

232


233
    # Decodes the endtime from an OpenSSL::ASN1::ASN1Data

234
    #

235
    # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from

236
    # @return [Time]

237
    def decode_endtime(input)

238
      input.value[0].value

239
    end

240


241
    # Encodes the endtime

242
    #

243
    # @return [OpenSSL::ASN1::GeneralizedTime]

244
    def encode_endtime

245
      OpenSSL::ASN1::GeneralizedTime.new(endtime)

246
    end

247


248
    # Decodes the renew_till from an OpenSSL::ASN1::ASN1Data

249
    #

250
    # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from

251
    # @return [Time]

252
    def decode_renew_till(input)

253
      input.value[0].value

254
    end

255


256
    # Encodes the renew_till

257
    #

258
    # @return [OpenSSL::ASN1::GeneralizedTime]

259
    def encode_renew_till

260
      OpenSSL::ASN1::GeneralizedTime.new(renew_till)

261
    end

262


263
    # Decodes the caddr from an OpenSSL::ASN1::ASN1Data

264
    #

265
    # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from

266
    # @return [HostAddress]

267
    def decode_caddr(input)

268
      Rex::Proto::Kerberos::Model::HostAddress.decode(input)

269
    end

270


271
    # Encodes the caddr

272
    #

273
    # @return [String]

274
    def encode_caddr

275
      caddr.encode

276
    end

277


278
    # Decodes the authorization_data from an OpenSSL::ASN1::ASN1Data

279
    #

280
    # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from

281
    # @return [AuthorizationData]

282
    def decode_authorization_data(input)

283
      Rex::Proto::Kerberos::Model::AuthorizationData.decode(input.value[0])

284
    end

285


286
    # Encodes the authorization_data

287
    #

288
    # @return [String]

289
    def encode_authorization_data

290
      authorization_data.encode

291
    end

292
  end

293
end

294


295