PADATA_ETYPE_INFO,
PADATA_ETYPE_INFO2,
PADATA_FOR_USER,
+ PADATA_FX_FAST,
PADATA_KDC_REQ,
PADATA_PAC_REQUEST,
PADATA_PK_AS_REQ,
check_kdc_private_fn = kdc_exchange_dict['check_kdc_private_fn']
rep_encpart_asn1Spec = kdc_exchange_dict['rep_encpart_asn1Spec']
msg_type = kdc_exchange_dict['rep_msg_type']
+ armor_key = kdc_exchange_dict['armor_key']
self.assertElementEqual(rep, 'msg-type', msg_type) # AS-REP | TGS-REP
padata = self.getElementValue(rep, 'padata')
self.assertElementPresent(encpart, 'cipher')
encpart_cipher = self.getElementValue(encpart, 'cipher')
+ ticket_checksum = None
+
encpart_decryption_key = None
self.assertIsNotNone(check_padata_fn)
if check_padata_fn is not None:
check_padata_fn(kdc_exchange_dict, callback_dict,
rep, padata))
+ if armor_key is not None:
+ pa_dict = self.get_pa_dict(padata)
+
+ if PADATA_FX_FAST in pa_dict:
+ fx_fast_data = pa_dict[PADATA_FX_FAST]
+ fast_response = self.check_fx_fast_data(kdc_exchange_dict,
+ fx_fast_data,
+ armor_key,
+ finished=True)
+
+ if 'strengthen-key' in fast_response:
+ strengthen_key = self.EncryptionKey_import(
+ fast_response['strengthen-key'])
+ encpart_decryption_key = (
+ self.generate_strengthen_reply_key(
+ strengthen_key,
+ encpart_decryption_key))
+
+ fast_finished = fast_response.get('finished', None)
+ if fast_finished is not None:
+ ticket_checksum = fast_finished['ticket-checksum']
+
+ self.check_rep_padata(kdc_exchange_dict,
+ callback_dict,
+ rep,
+ fast_response['padata'])
+
ticket_private = None
self.assertIsNotNone(ticket_decryption_key)
if ticket_decryption_key is not None:
self.assertIsNotNone(check_kdc_private_fn)
if check_kdc_private_fn is not None:
check_kdc_private_fn(kdc_exchange_dict, callback_dict,
- rep, ticket_private, encpart_private)
+ rep, ticket_private, encpart_private,
+ ticket_checksum)
return rep
callback_dict,
rep,
ticket_private,
- encpart_private):
+ encpart_private,
+ ticket_checksum):
expected_crealm = kdc_exchange_dict['expected_crealm']
expected_cname = kdc_exchange_dict['expected_cname']
ticket = self.getElementValue(rep, 'ticket')
+ if ticket_checksum is not None:
+ armor_key = kdc_exchange_dict['armor_key']
+ self.verify_ticket_checksum(ticket, ticket_checksum, armor_key)
+
ticket_session_key = None
if ticket_private is not None:
self.assertElementPresent(ticket_private, 'flags')