adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/Remote/Kerberos/Client/Pkinit.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

1409 lines
90 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Exploit::Remote::Kerberos::Client::Pkinit
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::Remote::Kerberos::Client::Pkinit";
relpath = '../../../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../../../_index.html">Index (P)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../Kerberos.html" title="Msf::Exploit::Remote::Kerberos (module)">Kerberos</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../Client.html" title="Msf::Exploit::Remote::Kerberos::Client (module)">Client</a></span></span>
&raquo;
<span class="title">Pkinit</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Exploit::Remote::Kerberos::Client::Pkinit
</h1>
<div class="box_info">
<dl>
<dt>Included in:</dt>
<dd><span class='object_link'><a href="../Client.html" title="Msf::Exploit::Remote::Kerberos::Client (module)">Msf::Exploit::Remote::Kerberos::Client</a></span></dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/remote/kerberos/client/pkinit.rb</dd>
</dl>
</div>
<h2>Overview</h2><div class="docstring">
<div class="discussion">
<p>Methods for interacting with Kerbeross PKINIT extension for obtaining a TGT from a certificate</p>
<p><a href="https://www.rfc-editor.org/rfc/rfc4556">www.rfc-editor.org/rfc/rfc4556</a> <a href="https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-pkca/d0cf1763-3541-4008-a75f-a577fa5e8c5b">learn.microsoft.com/en-us/openspecs/windows_protocols/ms-pkca/d0cf1763-3541-4008-a75f-a577fa5e8c5b</a></p>
</div>
</div>
<div class="tags">
</div>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#build_dh-instance_method" title="#build_dh (instance method)">#<strong>build_dh</strong> &#x21d2; OpenSSL::PKey::DH, string </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Builds a Diffie Helman object with parameters set up.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#build_pa_pk_as_req-instance_method" title="#build_pa_pk_as_req (instance method)">#<strong>build_pa_pk_as_req</strong>(pfx, dh, dh_nonce, request_body, opts) &#x21d2; Rex::Proto::Kerberos::Model::PreAuthDataEntry </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Build a PreAuth data entry structure for negotiating a shared DH key with the server.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#calculate_shared_key-instance_method" title="#calculate_shared_key (instance method)">#<strong>calculate_shared_key</strong>(pa_pk_as_rep, dh, dh_nonce, etype) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Given all the Diffie Hellman parameters and response from the server, calculate the shared key using the steps described in <a href="https://www.rfc-editor.org/rfc/rfc4556#section-3.2.3.1">www.rfc-editor.org/rfc/rfc4556#section-3.2.3.1</a>.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#extract_user_and_realm-instance_method" title="#extract_user_and_realm (instance method)">#<strong>extract_user_and_realm</strong>(certificate, username, realm) &#x21d2; Array&lt;String&gt; </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Extracts the user and realm from a certificate, deferring to the provided values if they are not nil.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#k_truncate-instance_method" title="#k_truncate (instance method)">#<strong>k_truncate</strong>(data, etype) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Transform a key into a key of a certain size, using the k-truncate algorithm described in <a href="https://www.rfc-editor.org/rfc/rfc4556#section-3.2.3.1">www.rfc-editor.org/rfc/rfc4556#section-3.2.3.1</a>.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#sign_auth_pack-instance_method" title="#sign_auth_pack (instance method)">#<strong>sign_auth_pack</strong>(auth_pack, key, certificate) &#x21d2; Rex::Proto::CryptoAsn1::Cms::ContentInfo </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Calculate the cryptographic signatures over the AuthPack, and create the appropriate ASN.1-encoded structure, per <a href="https://www.rfc-editor.org/rfc/rfc4556#section-3.2.1">www.rfc-editor.org/rfc/rfc4556#section-3.2.1</a>.</p>
</div></span>
</li>
</ul>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="build_dh-instance_method">
#<strong>build_dh</strong> &#x21d2; <tt>OpenSSL::PKey::DH</tt>, <tt>string</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Builds a Diffie Helman object with parameters set up</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>OpenSSL::PKey::DH</tt>, <tt>string</tt>)</span>
&mdash;
<div class='inline'>
<p>The Diffie Hellman object, and a random client nonce</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/kerberos/client/pkinit.rb', line 19</span>
<span class='kw'>def</span> <span class='id identifier rubyid_build_dh'>build_dh</span>
<span class='comment'># When using the Diffie-Hellman key agreement method, implementations MUST support Oakley 1024-bit Modular
</span> <span class='comment'># Exponential (MODP) well-known group 2 RFC2412
</span> <span class='comment'># Kerberos spec: https://www.rfc-editor.org/rfc/rfc4556
</span> <span class='comment'># Value: https://www.rfc-editor.org/rfc/rfc2412#appendix-E.2
</span> <span class='id identifier rubyid_prime_modulus'>prime_modulus</span> <span class='op'>=</span> <span class='int'>0</span> <span class='comment'># built 256 bits at a time
</span> <span class='id identifier rubyid_prime_modulus'>prime_modulus</span> <span class='op'>|=</span> <span class='int'>0xffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74</span> <span class='op'>&lt;&lt;</span> <span class='lparen'>(</span><span class='int'>256</span> <span class='op'>*</span> <span class='int'>3</span><span class='rparen'>)</span>
<span class='id identifier rubyid_prime_modulus'>prime_modulus</span> <span class='op'>|=</span> <span class='int'>0x020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f1437</span> <span class='op'>&lt;&lt;</span> <span class='lparen'>(</span><span class='int'>256</span> <span class='op'>*</span> <span class='int'>2</span><span class='rparen'>)</span>
<span class='id identifier rubyid_prime_modulus'>prime_modulus</span> <span class='op'>|=</span> <span class='int'>0x4fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7ed</span> <span class='op'>&lt;&lt;</span> <span class='lparen'>(</span><span class='int'>256</span> <span class='op'>*</span> <span class='int'>1</span><span class='rparen'>)</span>
<span class='id identifier rubyid_prime_modulus'>prime_modulus</span> <span class='op'>|=</span> <span class='int'>0xee386bfb5a899fa5ae9f24117c4b1fe649286651ece65381ffffffffffffffff</span>
<span class='id identifier rubyid_dh'>dh</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKey</span><span class='op'>::</span><span class='const'>DH</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span>
<span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>ASN1</span><span class='op'>::</span><span class='const'>Sequence</span><span class='lparen'>(</span><span class='lbracket'>[</span>
<span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>ASN1</span><span class='op'>::</span><span class='const'>Integer</span><span class='lparen'>(</span><span class='id identifier rubyid_prime_modulus'>prime_modulus</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>ASN1</span><span class='op'>::</span><span class='const'>Integer</span><span class='lparen'>(</span><span class='int'>2</span><span class='rparen'>)</span>
<span class='rbracket'>]</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_to_der'>to_der</span>
<span class='rparen'>)</span>
<span class='kw'>if</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKey</span><span class='period'>.</span><span class='id identifier rubyid_respond_to?'>respond_to?</span><span class='lparen'>(</span><span class='symbol'>:generate_key</span><span class='rparen'>)</span>
<span class='comment'># OpenSSL v3.x path
</span> <span class='comment'># see:
</span> <span class='comment'># * https://github.com/rapid7/metasploit-framework/pull/17308
</span> <span class='comment'># * https://ruby-doc.org/stdlib-3.1.0/libdoc/openssl/rdoc/OpenSSL/PKey/DH.html#method-i-generate_key-21
</span> <span class='id identifier rubyid_dh'>dh</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKey</span><span class='period'>.</span><span class='id identifier rubyid_generate_key'>generate_key</span><span class='lparen'>(</span><span class='id identifier rubyid_dh'>dh</span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_dh'>dh</span><span class='period'>.</span><span class='id identifier rubyid_generate_key!'>generate_key!</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_dh_nonce'>dh_nonce</span> <span class='op'>=</span> <span class='const'>SecureRandom</span><span class='period'>.</span><span class='id identifier rubyid_random_bytes'>random_bytes</span><span class='lparen'>(</span><span class='int'>32</span><span class='rparen'>)</span>
<span class='lbracket'>[</span><span class='id identifier rubyid_dh'>dh</span><span class='comma'>,</span> <span class='id identifier rubyid_dh_nonce'>dh_nonce</span><span class='rbracket'>]</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="build_pa_pk_as_req-instance_method">
#<strong>build_pa_pk_as_req</strong>(pfx, dh, dh_nonce, request_body, opts) &#x21d2; <tt><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/PreAuthDataEntry.html" title="Rex::Proto::Kerberos::Model::PreAuthDataEntry (class)">Rex::Proto::Kerberos::Model::PreAuthDataEntry</a></span></tt>
</h3><div class="docstring">
<div class="discussion">
<p>Build a PreAuth data entry structure for negotiating a shared DH key with the server</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>pfx</span>
<span class='type'>(<tt>OpenSSL::PKCS12</tt>)</span>
&mdash;
<div class='inline'>
<p>A PKCS12-encoded certificate</p>
</div>
</li>
<li>
<span class='name'>dh</span>
<span class='type'>(<tt>OpenSSL::PKey::DH</tt>, <tt>string</tt>)</span>
&mdash;
<div class='inline'>
<p>The Diffie Hellman object</p>
</div>
</li>
<li>
<span class='name'>dh_nonce</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The random client nonce we sent to the server</p>
</div>
</li>
<li>
<span class='name'>request_body</span>
<span class='type'>(<tt><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/KdcRequest.html" title="Rex::Proto::Kerberos::Model::KdcRequest (class)">Rex::Proto::Kerberos::Model::KdcRequest</a></span></tt>)</span>
&mdash;
<div class='inline'>
<p>The request body accompanying this PreAuth entry</p>
</div>
</li>
<li>
<span class='name'>opts</span>
<span class='type'>(<tt>Hash</tt>)</span>
&mdash;
<div class='inline'>
<p>Options to override default values for certain PreAuth entry fields</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/PreAuthDataEntry.html" title="Rex::Proto::Kerberos::Model::PreAuthDataEntry (class)">Rex::Proto::Kerberos::Model::PreAuthDataEntry</a></span></tt>)</span>
&mdash;
<div class='inline'>
<p>The constructed PreAuth data entry request</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/kerberos/client/pkinit.rb', line 203</span>
<span class='kw'>def</span> <span class='id identifier rubyid_build_pa_pk_as_req'>build_pa_pk_as_req</span><span class='lparen'>(</span><span class='id identifier rubyid_pfx'>pfx</span><span class='comma'>,</span> <span class='id identifier rubyid_dh'>dh</span><span class='comma'>,</span> <span class='id identifier rubyid_dh_nonce'>dh_nonce</span><span class='comma'>,</span> <span class='id identifier rubyid_request_body'>request_body</span><span class='comma'>,</span> <span class='id identifier rubyid_opts'>opts</span><span class='rparen'>)</span>
<span class='id identifier rubyid_certificate'>certificate</span> <span class='op'>=</span> <span class='id identifier rubyid_pfx'>pfx</span><span class='period'>.</span><span class='id identifier rubyid_certificate'>certificate</span>
<span class='id identifier rubyid_now_time'>now_time</span> <span class='op'>=</span> <span class='id identifier rubyid_kerberos_time'>kerberos_time</span>
<span class='id identifier rubyid_now_ctime'>now_ctime</span> <span class='op'>=</span> <span class='id identifier rubyid_now_time'>now_time</span><span class='period'>.</span><span class='id identifier rubyid_round'>round</span>
<span class='id identifier rubyid_ctime'>ctime</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_fetch'>fetch</span><span class='lparen'>(</span><span class='symbol'>:ctime</span><span class='rparen'>)</span> <span class='lbrace'>{</span> <span class='id identifier rubyid_now_ctime'>now_ctime</span> <span class='rbrace'>}</span>
<span class='id identifier rubyid_cusec'>cusec</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_fetch'>fetch</span><span class='lparen'>(</span><span class='symbol'>:cusec</span><span class='rparen'>)</span> <span class='lbrace'>{</span> <span class='id identifier rubyid_now_time'>now_time</span><span class='op'>&amp;.</span><span class='id identifier rubyid_usec'>usec</span> <span class='op'>||</span> <span class='int'>0</span> <span class='rbrace'>}</span>
<span class='id identifier rubyid_nonce'>nonce</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_fetch'>fetch</span><span class='lparen'>(</span><span class='symbol'>:nonce</span><span class='rparen'>)</span> <span class='lbrace'>{</span> <span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>1</span> <span class='op'>&lt;&lt;</span> <span class='int'>31</span><span class='rparen'>)</span> <span class='rbrace'>}</span>
<span class='id identifier rubyid_data'>data</span> <span class='op'>=</span> <span class='id identifier rubyid_request_body'>request_body</span><span class='period'>.</span><span class='id identifier rubyid_encode'>encode</span>
<span class='id identifier rubyid_checksum'>checksum</span> <span class='op'>=</span> <span class='const'>Digest</span><span class='op'>::</span><span class='const'>SHA1</span><span class='period'>.</span><span class='id identifier rubyid_digest'>digest</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_pub_key_encoded'>pub_key_encoded</span> <span class='op'>=</span> <span class='const'>RASN1</span><span class='op'>::</span><span class='const'>Types</span><span class='op'>::</span><span class='const'>Integer</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='label'>value:</span> <span class='id identifier rubyid_dh'>dh</span><span class='period'>.</span><span class='id identifier rubyid_pub_key'>pub_key</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_to_der'>to_der</span>
<span class='id identifier rubyid_auth_pack'>auth_pack</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model.html" title="Rex::Proto::Kerberos::Model (module)">Model</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/Pkinit.html" title="Rex::Proto::Kerberos::Model::Pkinit (module)">Pkinit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/Pkinit/AuthPack.html" title="Rex::Proto::Kerberos::Model::Pkinit::AuthPack (class)">AuthPack</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span>
<span class='label'>pk_authenticator:</span> <span class='lbrace'>{</span>
<span class='label'>cusec:</span> <span class='id identifier rubyid_cusec'>cusec</span><span class='comma'>,</span>
<span class='label'>ctime:</span> <span class='id identifier rubyid_ctime'>ctime</span><span class='comma'>,</span>
<span class='label'>nonce:</span> <span class='id identifier rubyid_nonce'>nonce</span><span class='comma'>,</span>
<span class='label'>pa_checksum:</span> <span class='id identifier rubyid_checksum'>checksum</span>
<span class='rbrace'>}</span><span class='comma'>,</span>
<span class='label'>client_public_value:</span> <span class='lbrace'>{</span>
<span class='label'>algorithm:</span> <span class='lbrace'>{</span>
<span class='label'>algorithm:</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model.html" title="Rex::Proto::Kerberos::Model (module)">Model</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/OID.html" title="Rex::Proto::Kerberos::Model::OID (module)">OID</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/OID.html#DiffieHellman-constant" title="Rex::Proto::Kerberos::Model::OID::DiffieHellman (constant)">DiffieHellman</a></span></span><span class='comma'>,</span> <span class='comment'># Diffie-Hellman
</span> <span class='label'>parameters:</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model.html" title="Rex::Proto::Kerberos::Model (module)">Model</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/Pkinit.html" title="Rex::Proto::Kerberos::Model::Pkinit (module)">Pkinit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/Pkinit/DomainParameters.html" title="Rex::Proto::Kerberos::Model::Pkinit::DomainParameters (class)">DomainParameters</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span>
<span class='label'>p:</span> <span class='id identifier rubyid_dh'>dh</span><span class='period'>.</span><span class='id identifier rubyid_p'>p</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span><span class='comma'>,</span>
<span class='label'>g:</span> <span class='id identifier rubyid_dh'>dh</span><span class='period'>.</span><span class='id identifier rubyid_g'>g</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span><span class='comma'>,</span>
<span class='label'>q:</span> <span class='int'>0</span>
<span class='rparen'>)</span>
<span class='rbrace'>}</span><span class='comma'>,</span>
<span class='label'>subject_public_key:</span> <span class='id identifier rubyid_pub_key_encoded'>pub_key_encoded</span>
<span class='rbrace'>}</span><span class='comma'>,</span>
<span class='label'>client_dh_nonce:</span> <span class='const'>RASN1</span><span class='op'>::</span><span class='const'>Types</span><span class='op'>::</span><span class='const'>OctetString</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='label'>value:</span> <span class='id identifier rubyid_dh_nonce'>dh_nonce</span><span class='rparen'>)</span>
<span class='rparen'>)</span>
<span class='id identifier rubyid_auth_pack'>auth_pack</span><span class='lbracket'>[</span><span class='symbol'>:client_public_value</span><span class='rbracket'>]</span><span class='lbracket'>[</span><span class='symbol'>:subject_public_key</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_bit_length'>bit_length</span> <span class='op'>=</span> <span class='id identifier rubyid_pub_key_encoded'>pub_key_encoded</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>*</span> <span class='int'>8</span>
<span class='id identifier rubyid_signed_auth_pack'>signed_auth_pack</span> <span class='op'>=</span> <span class='id identifier rubyid_sign_auth_pack'>sign_auth_pack</span><span class='lparen'>(</span><span class='id identifier rubyid_auth_pack'>auth_pack</span><span class='comma'>,</span> <span class='id identifier rubyid_pfx'>pfx</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='id identifier rubyid_certificate'>certificate</span><span class='rparen'>)</span>
<span class='id identifier rubyid_pa_as_req'>pa_as_req</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model.html" title="Rex::Proto::Kerberos::Model (module)">Model</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/PreAuthPkAsReq.html" title="Rex::Proto::Kerberos::Model::PreAuthPkAsReq (class)">PreAuthPkAsReq</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
<span class='id identifier rubyid_pa_as_req'>pa_as_req</span><span class='period'>.</span><span class='id identifier rubyid_signed_auth_pack'>signed_auth_pack</span> <span class='op'>=</span> <span class='id identifier rubyid_signed_auth_pack'>signed_auth_pack</span>
<span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model.html" title="Rex::Proto::Kerberos::Model (module)">Model</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/PreAuthDataEntry.html" title="Rex::Proto::Kerberos::Model::PreAuthDataEntry (class)">PreAuthDataEntry</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/Element.html#initialize-instance_method" title="Rex::Proto::Kerberos::Model::Element#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='label'>type:</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model.html" title="Rex::Proto::Kerberos::Model (module)">Model</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/PreAuthType.html" title="Rex::Proto::Kerberos::Model::PreAuthType (module)">PreAuthType</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/PreAuthType.html#PA_PK_AS_REQ-constant" title="Rex::Proto::Kerberos::Model::PreAuthType::PA_PK_AS_REQ (constant)">PA_PK_AS_REQ</a></span></span><span class='comma'>,</span>
<span class='label'>value:</span> <span class='id identifier rubyid_pa_as_req'>pa_as_req</span><span class='period'>.</span><span class='id identifier rubyid_to_der'>to_der</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="calculate_shared_key-instance_method">
#<strong>calculate_shared_key</strong>(pa_pk_as_rep, dh, dh_nonce, etype) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Given all the Diffie Hellman parameters and response from the server, calculate the shared key using the steps described in <a href="https://www.rfc-editor.org/rfc/rfc4556#section-3.2.3.1">www.rfc-editor.org/rfc/rfc4556#section-3.2.3.1</a></p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>pa_pk_as_rep</span>
<span class='type'>(<tt><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/PreAuthPkAsRep.html" title="Rex::Proto::Kerberos::Model::PreAuthPkAsRep (class)">Rex::Proto::Kerberos::Model::PreAuthPkAsRep</a></span></tt>)</span>
&mdash;
<div class='inline'>
<p>The PA_DATA response from the server containing the server's public key</p>
</div>
</li>
<li>
<span class='name'>dh</span>
<span class='type'>(<tt>OpenSSL::PKey::DH</tt>, <tt>string</tt>)</span>
&mdash;
<div class='inline'>
<p>The Diffie Hellman object</p>
</div>
</li>
<li>
<span class='name'>dh_nonce</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The random client nonce we sent to the server</p>
</div>
</li>
<li>
<span class='name'>etype</span>
<span class='type'>(<tt>Integer</tt>)</span>
&mdash;
<div class='inline'>
<p>The encryption type, from Rex::Proto::Kerberos::Crypto::Encryption</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The calculated shared key</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
184
185
186
187
188
189
190
191
192
193</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/kerberos/client/pkinit.rb', line 184</span>
<span class='kw'>def</span> <span class='id identifier rubyid_calculate_shared_key'>calculate_shared_key</span><span class='lparen'>(</span><span class='id identifier rubyid_pa_pk_as_rep'>pa_pk_as_rep</span><span class='comma'>,</span> <span class='id identifier rubyid_dh'>dh</span><span class='comma'>,</span> <span class='id identifier rubyid_dh_nonce'>dh_nonce</span><span class='comma'>,</span> <span class='id identifier rubyid_etype'>etype</span><span class='rparen'>)</span>
<span class='id identifier rubyid_dh_rep_info'>dh_rep_info</span> <span class='op'>=</span> <span class='id identifier rubyid_pa_pk_as_rep'>pa_pk_as_rep</span><span class='period'>.</span><span class='id identifier rubyid_dh_rep_info'>dh_rep_info</span>
<span class='id identifier rubyid_signed_data'>signed_data</span> <span class='op'>=</span> <span class='id identifier rubyid_dh_rep_info'>dh_rep_info</span><span class='period'>.</span><span class='id identifier rubyid_signed_data'>signed_data</span>
<span class='id identifier rubyid_dh_key_info'>dh_key_info</span> <span class='op'>=</span> <span class='id identifier rubyid_signed_data'>signed_data</span><span class='lbracket'>[</span><span class='symbol'>:encap_content_info</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_econtent'>econtent</span>
<span class='id identifier rubyid_server_public_key'>server_public_key</span> <span class='op'>=</span> <span class='const'>RASN1</span><span class='op'>::</span><span class='const'>Types</span><span class='op'>::</span><span class='const'>Integer</span><span class='period'>.</span><span class='id identifier rubyid_parse'>parse</span><span class='lparen'>(</span><span class='id identifier rubyid_dh_key_info'>dh_key_info</span><span class='lbracket'>[</span><span class='symbol'>:subject_public_key</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span>
<span class='id identifier rubyid_shared_key'>shared_key</span> <span class='op'>=</span> <span class='id identifier rubyid_dh'>dh</span><span class='period'>.</span><span class='id identifier rubyid_compute_key'>compute_key</span><span class='lparen'>(</span><span class='id identifier rubyid_server_public_key'>server_public_key</span><span class='period'>.</span><span class='id identifier rubyid_to_bn'>to_bn</span><span class='rparen'>)</span>
<span class='id identifier rubyid_server_nonce'>server_nonce</span> <span class='op'>=</span> <span class='id identifier rubyid_pa_pk_as_rep'>pa_pk_as_rep</span><span class='lbracket'>[</span><span class='symbol'>:server_dh_nonce</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span>
<span class='id identifier rubyid_full_key'>full_key</span> <span class='op'>=</span> <span class='id identifier rubyid_shared_key'>shared_key</span> <span class='op'>+</span> <span class='id identifier rubyid_dh_nonce'>dh_nonce</span> <span class='op'>+</span> <span class='id identifier rubyid_server_nonce'>server_nonce</span>
<span class='id identifier rubyid_k_truncate'>k_truncate</span><span class='lparen'>(</span><span class='id identifier rubyid_full_key'>full_key</span><span class='comma'>,</span> <span class='id identifier rubyid_etype'>etype</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="extract_user_and_realm-instance_method">
#<strong>extract_user_and_realm</strong>(certificate, username, realm) &#x21d2; <tt>Array&lt;String&gt;</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Extracts the user and realm from a certificate, deferring to the provided values if they are not nil.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>certificate</span>
<span class='type'>(<tt>OpenSSL::X509::Certificate</tt>)</span>
</li>
<li>
<span class='name'>username</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>A default value for username. A warning is presented if this is not in the certificate.</p>
</div>
</li>
<li>
<span class='name'>realm</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>A default value for realm. A warning is presented if this is not in the certificate.</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Array&lt;String&gt;</tt>)</span>
&mdash;
<div class='inline'>
<p>A tuple of the username and realm retrieved from the certificate, or parameters provided</p>
</div>
</li>
</ul>
<p class="tag_title">Raises:</p>
<ul class="raise">
<li>
<span class='type'>(<tt>ArgumentError</tt>)</span>
&mdash;
<div class='inline'>
<p>If the certificate contains a corrupted SAN</p>
</div>
</li>
<li>
<span class='type'>(<tt>ArgumentError</tt>)</span>
&mdash;
<div class='inline'>
<p>If a username is provided without also providing a realm; or vice versa</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/kerberos/client/pkinit.rb', line 58</span>
<span class='kw'>def</span> <span class='id identifier rubyid_extract_user_and_realm'>extract_user_and_realm</span><span class='lparen'>(</span><span class='id identifier rubyid_certificate'>certificate</span><span class='comma'>,</span> <span class='id identifier rubyid_username'>username</span><span class='comma'>,</span> <span class='id identifier rubyid_realm'>realm</span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Must provide username if providing realm</span><span class='tstring_end'>&#39;</span></span> <span class='kw'>if</span> <span class='id identifier rubyid_username'>username</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span> <span class='op'>&amp;&amp;</span> <span class='op'>!</span><span class='id identifier rubyid_realm'>realm</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Must provide realm if providing username</span><span class='tstring_end'>&#39;</span></span> <span class='kw'>if</span> <span class='id identifier rubyid_realm'>realm</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span> <span class='op'>&amp;&amp;</span> <span class='op'>!</span><span class='id identifier rubyid_username'>username</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='id identifier rubyid_results'>results</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_asn_san_seq'>asn_san_seq</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='rbracket'>]</span>
<span class='comment'># MS&#39;s SAN extension isn&#39;t handled nicely by OpenSSL, so we need to read it ourselves
</span> <span class='comment'># https://manas.tech/blog/2013/01/29/extracting-subject-alternative-name-from-microsoft-authentication-client-certificates/
</span> <span class='id identifier rubyid_certificate'>certificate</span><span class='period'>.</span><span class='id identifier rubyid_extensions'>extensions</span><span class='period'>.</span><span class='id identifier rubyid_select'>select</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_ext'>ext</span><span class='op'>|</span> <span class='id identifier rubyid_ext'>ext</span><span class='period'>.</span><span class='id identifier rubyid_oid'>oid</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>subjectAltName</span><span class='tstring_end'>&#39;</span></span> <span class='rbrace'>}</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_san_extension'>san_extension</span><span class='op'>|</span>
<span class='kw'>begin</span>
<span class='id identifier rubyid_asn_san'>asn_san</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>ASN1</span><span class='period'>.</span><span class='id identifier rubyid_decode'>decode</span><span class='lparen'>(</span><span class='id identifier rubyid_san_extension'>san_extension</span><span class='rparen'>)</span>
<span class='id identifier rubyid_asn_san_value'>asn_san_value</span> <span class='op'>=</span> <span class='id identifier rubyid_asn_san'>asn_san</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_find'>find</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_value'>value</span><span class='op'>|</span> <span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_is_a?'>is_a?</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>ASN1</span><span class='op'>::</span><span class='const'>OctetString</span> <span class='rbrace'>}</span>
<span class='kw'>if</span> <span class='id identifier rubyid_asn_san_value'>asn_san_value</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Invalid certificate provided: unable to decode SAN</span><span class='tstring_end'>&#39;</span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_asn_san_seq'>asn_san_seq</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>ASN1</span><span class='period'>.</span><span class='id identifier rubyid_decode'>decode</span><span class='lparen'>(</span><span class='id identifier rubyid_asn_san_value'>asn_san_value</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='rparen'>)</span>
<span class='kw'>rescue</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>ASN1</span><span class='op'>::</span><span class='const'>ASN1Error</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Invalid certificate provided: unable to decode SAN</span><span class='tstring_end'>&#39;</span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_asn_san_seq'>asn_san_seq</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_san_entry'>san_entry</span><span class='op'>|</span>
<span class='kw'>if</span> <span class='id identifier rubyid_san_entry'>san_entry</span><span class='period'>.</span><span class='id identifier rubyid_tag'>tag</span> <span class='op'>==</span> <span class='int'>0</span> <span class='comment'># x509.OtherName
</span> <span class='id identifier rubyid_key'>key</span> <span class='op'>=</span> <span class='id identifier rubyid_san_entry'>san_entry</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span><span class='op'>&amp;.</span><span class='id identifier rubyid_value'>value</span>
<span class='kw'>next</span> <span class='kw'>if</span> <span class='id identifier rubyid_key'>key</span> <span class='op'>!=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>msUPN</span><span class='tstring_end'>&#39;</span></span> <span class='comment'># Principal Name
</span>
<span class='id identifier rubyid_principal'>principal</span> <span class='op'>=</span> <span class='id identifier rubyid_san_entry'>san_entry</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='lbracket'>[</span><span class='int'>1</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span>
<span class='id identifier rubyid_parts'>parts</span> <span class='op'>=</span> <span class='id identifier rubyid_principal'>principal</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>@</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_parts'>parts</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>==</span> <span class='int'>1</span>
<span class='id identifier rubyid_user'>user</span> <span class='op'>=</span> <span class='id identifier rubyid_principal'>principal</span>
<span class='id identifier rubyid_domain'>domain</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span>
<span class='kw'>else</span>
<span class='id identifier rubyid_user'>user</span> <span class='op'>=</span> <span class='id identifier rubyid_parts'>parts</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='op'>-</span><span class='int'>2</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_join'><span class='object_link'><a href="../../../../../top-level-namespace.html#join-instance_method" title="#join (method)">join</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>@</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_domain'>domain</span> <span class='op'>=</span> <span class='id identifier rubyid_parts'>parts</span><span class='lbracket'>[</span><span class='op'>-</span><span class='int'>1</span><span class='rbracket'>]</span>
<span class='kw'>end</span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_san_entry'>san_entry</span><span class='period'>.</span><span class='id identifier rubyid_tag'>tag</span> <span class='op'>==</span> <span class='int'>2</span> <span class='comment'># dNSName
</span> <span class='id identifier rubyid_parts'>parts</span> <span class='op'>=</span> <span class='id identifier rubyid_san_entry'>san_entry</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>.</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_parts'>parts</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>==</span> <span class='int'>1</span>
<span class='id identifier rubyid_user'>user</span> <span class='op'>=</span> <span class='id identifier rubyid_san_entry'>san_entry</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span> <span class='comment'># Corrected to extract string value
</span> <span class='id identifier rubyid_domain'>domain</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span>
<span class='kw'>else</span>
<span class='id identifier rubyid_user'>user</span> <span class='op'>=</span> <span class='id identifier rubyid_parts'>parts</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span> <span class='op'>+</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>$</span><span class='tstring_end'>&#39;</span></span>
<span class='id identifier rubyid_domain'>domain</span> <span class='op'>=</span> <span class='id identifier rubyid_parts'>parts</span><span class='lbracket'>[</span><span class='int'>1</span><span class='op'>..</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_join'><span class='object_link'><a href="../../../../../top-level-namespace.html#join-instance_method" title="#join (method)">join</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>.</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>else</span>
<span class='kw'>next</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_results'>results</span><span class='period'>.</span><span class='id identifier rubyid_append'>append</span><span class='lparen'>(</span><span class='lbracket'>[</span><span class='id identifier rubyid_user'>user</span><span class='comma'>,</span> <span class='id identifier rubyid_domain'>domain</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_realm'>realm</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span> <span class='comment'># and also username, since it&#39;s both or neither
</span> <span class='id identifier rubyid_normalized_results'>normalized_results</span> <span class='op'>=</span> <span class='id identifier rubyid_results'>results</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_pair'>pair</span><span class='op'>|</span>
<span class='id identifier rubyid_pair'>pair</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_value'>value</span><span class='op'>|</span>
<span class='kw'>if</span> <span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_is_a?'>is_a?</span><span class='lparen'>(</span><span class='const'>String</span><span class='rparen'>)</span>
<span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_downcase'>downcase</span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_is_a?'>is_a?</span><span class='lparen'>(</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>ASN1</span><span class='op'>::</span><span class='const'>ASN1Data</span><span class='rparen'>)</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_respond_to?'>respond_to?</span><span class='lparen'>(</span><span class='symbol'>:value</span><span class='rparen'>)</span>
<span class='id identifier rubyid_val'>val</span> <span class='op'>=</span> <span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span>
<span class='id identifier rubyid_val'>val</span><span class='period'>.</span><span class='id identifier rubyid_is_a?'>is_a?</span><span class='lparen'>(</span><span class='const'>String</span><span class='rparen'>)</span> <span class='op'>?</span> <span class='id identifier rubyid_val'>val</span><span class='period'>.</span><span class='id identifier rubyid_downcase'>downcase</span> <span class='op'>:</span> <span class='id identifier rubyid_val'>val</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='period'>.</span><span class='id identifier rubyid_downcase'>downcase</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='period'>.</span><span class='id identifier rubyid_downcase'>downcase</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_normalized_results'>normalized_results</span><span class='period'>.</span><span class='id identifier rubyid_include?'>include?</span><span class='lparen'>(</span><span class='lbracket'>[</span><span class='id identifier rubyid_username'>username</span><span class='period'>.</span><span class='id identifier rubyid_downcase'>downcase</span><span class='comma'>,</span> <span class='id identifier rubyid_realm'>realm</span><span class='period'>.</span><span class='id identifier rubyid_downcase'>downcase</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='id identifier rubyid_print_warning'>print_warning</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Warning: Provided principal and realm (</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_username'>username</span><span class='embexpr_end'>}</span><span class='tstring_content'>@</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_realm'>realm</span><span class='embexpr_end'>}</span><span class='tstring_content'>) do not match entries in certificate:</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_results'>results</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_cert_username'>cert_username</span><span class='comma'>,</span> <span class='id identifier rubyid_cert_realm'>cert_realm</span><span class='op'>|</span>
<span class='id identifier rubyid_print_warning'>print_warning</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'> * </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cert_username'>cert_username</span><span class='embexpr_end'>}</span><span class='tstring_content'>@</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cert_realm'>cert_realm</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>return</span> <span class='lbracket'>[</span><span class='id identifier rubyid_username'>username</span><span class='comma'>,</span> <span class='id identifier rubyid_realm'>realm</span><span class='rbracket'>]</span>
<span class='kw'>end</span>
<span class='comment'># No override was provided, so hopefully we only extracted one value from the certificate
</span> <span class='kw'>if</span> <span class='id identifier rubyid_results'>results</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>==</span> <span class='int'>1</span>
<span class='kw'>return</span> <span class='id identifier rubyid_results'>results</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Failed to retrieve Principal from certificate (contained </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_results'>results</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span><span class='embexpr_end'>}</span><span class='tstring_content'> SAN entries). Provide an override user and domain.</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="k_truncate-instance_method">
#<strong>k_truncate</strong>(data, etype) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Transform a key into a key of a certain size, using the k-truncate algorithm described in <a href="https://www.rfc-editor.org/rfc/rfc4556#section-3.2.3.1">www.rfc-editor.org/rfc/rfc4556#section-3.2.3.1</a></p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>data</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The full key to transform</p>
</div>
</li>
<li>
<span class='name'>etype</span>
<span class='type'>(<tt>Integer</tt>)</span>
&mdash;
<div class='inline'>
<p>The encryption type, from Rex::Proto::Kerberos::Crypto::Encryption</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The truncated key</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/kerberos/client/pkinit.rb', line 150</span>
<span class='kw'>def</span> <span class='id identifier rubyid_k_truncate'>k_truncate</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='comma'>,</span> <span class='id identifier rubyid_etype'>etype</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_etype'>etype</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Crypto.html" title="Rex::Proto::Kerberos::Crypto (module)">Crypto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Crypto/Encryption.html" title="Rex::Proto::Kerberos::Crypto::Encryption (module)">Encryption</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Crypto/Encryption.html#AES256-constant" title="Rex::Proto::Kerberos::Crypto::Encryption::AES256 (constant)">AES256</a></span></span>
<span class='id identifier rubyid_keysize'>keysize</span> <span class='op'>=</span> <span class='int'>32</span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_etype'>etype</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Crypto.html" title="Rex::Proto::Kerberos::Crypto (module)">Crypto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Crypto/Encryption.html" title="Rex::Proto::Kerberos::Crypto::Encryption (module)">Encryption</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Crypto/Encryption.html#AES128-constant" title="Rex::Proto::Kerberos::Crypto::Encryption::AES128 (constant)">AES128</a></span></span>
<span class='id identifier rubyid_keysize'>keysize</span> <span class='op'>=</span> <span class='int'>16</span>
<span class='kw'>else</span>
<span class='comment'># This is unsupported per the spec
</span> <span class='id identifier rubyid_raise'>raise</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model.html" title="Rex::Proto::Kerberos::Model (module)">Model</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/Error.html" title="Rex::Proto::Kerberos::Model::Error (module)">Error</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/Error/KerberosEncryptionNotSupported.html" title="Rex::Proto::Kerberos::Model::Error::KerberosEncryptionNotSupported (class)">KerberosEncryptionNotSupported</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/Error/KerberosEncryptionNotSupported.html#initialize-instance_method" title="Rex::Proto::Kerberos::Model::Error::KerberosEncryptionNotSupported#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Unsupported DH Key exchange encryption type </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_etype'>etype</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='label'>encryption_type:</span> <span class='id identifier rubyid_etype'>etype</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_result'>result</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span>
<span class='id identifier rubyid_x'>x</span> <span class='op'>=</span> <span class='int'>0</span>
<span class='kw'>while</span> <span class='id identifier rubyid_result'>result</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>&lt;</span> <span class='id identifier rubyid_keysize'>keysize</span>
<span class='id identifier rubyid_digest'>digest</span> <span class='op'>=</span> <span class='const'>Digest</span><span class='op'>::</span><span class='const'>SHA1</span><span class='period'>.</span><span class='id identifier rubyid_digest'>digest</span><span class='lparen'>(</span><span class='id identifier rubyid_x'>x</span><span class='period'>.</span><span class='id identifier rubyid_chr'>chr</span> <span class='op'>+</span> <span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_result'>result</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>+</span> <span class='id identifier rubyid_digest'>digest</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>&gt;</span> <span class='id identifier rubyid_keysize'>keysize</span>
<span class='id identifier rubyid_result'>result</span> <span class='op'>+=</span> <span class='id identifier rubyid_digest'>digest</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='lparen'>(</span><span class='id identifier rubyid_keysize'>keysize</span> <span class='op'>-</span> <span class='id identifier rubyid_result'>result</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>-</span> <span class='int'>1</span><span class='rparen'>)</span><span class='rbracket'>]</span> <span class='comment'># Just take the first few bytes until we reach the desired length
</span> <span class='kw'>return</span> <span class='id identifier rubyid_result'>result</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_result'>result</span> <span class='op'>+=</span> <span class='id identifier rubyid_digest'>digest</span>
<span class='id identifier rubyid_x'>x</span> <span class='op'>+=</span> <span class='int'>1</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_result'>result</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="sign_auth_pack-instance_method">
#<strong>sign_auth_pack</strong>(auth_pack, key, certificate) &#x21d2; <tt><span class='object_link'><a href="../../../../../Rex/Proto/CryptoAsn1/Cms/ContentInfo.html" title="Rex::Proto::CryptoAsn1::Cms::ContentInfo (class)">Rex::Proto::CryptoAsn1::Cms::ContentInfo</a></span></tt>
</h3><div class="docstring">
<div class="discussion">
<p>Calculate the cryptographic signatures over the AuthPack, and create the appropriate ASN.1-encoded structure, per <a href="https://www.rfc-editor.org/rfc/rfc4556#section-3.2.1">www.rfc-editor.org/rfc/rfc4556#section-3.2.1</a></p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>auth_pack</span>
<span class='type'>(<tt><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/Pkinit/AuthPack.html" title="Rex::Proto::Kerberos::Model::Pkinit::AuthPack (class)">Rex::Proto::Kerberos::Model::Pkinit::AuthPack</a></span></tt>)</span>
&mdash;
<div class='inline'>
<p>The AuthPack to sign</p>
</div>
</li>
<li>
<span class='name'>key</span>
<span class='type'>(<tt>OpenSSL::PKey</tt>)</span>
&mdash;
<div class='inline'>
<p>The private key to digitally sign the data</p>
</div>
</li>
<li>
<span class='name'>dh</span>
<span class='type'>(<tt>OpenSSL::X509::Certificate</tt>)</span>
&mdash;
<div class='inline'>
<p>The certificate associated with the private key</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt><span class='object_link'><a href="../../../../../Rex/Proto/CryptoAsn1/Cms/ContentInfo.html" title="Rex::Proto::CryptoAsn1::Cms::ContentInfo (class)">Rex::Proto::CryptoAsn1::Cms::ContentInfo</a></span></tt>)</span>
&mdash;
<div class='inline'>
<p>The signed AuthPack</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/kerberos/client/pkinit.rb', line 258</span>
<span class='kw'>def</span> <span class='id identifier rubyid_sign_auth_pack'>sign_auth_pack</span><span class='lparen'>(</span><span class='id identifier rubyid_auth_pack'>auth_pack</span><span class='comma'>,</span> <span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='id identifier rubyid_certificate'>certificate</span><span class='rparen'>)</span>
<span class='id identifier rubyid_signer_info'>signer_info</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/CryptoAsn1.html" title="Rex::Proto::CryptoAsn1 (module)">CryptoAsn1</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/CryptoAsn1/Cms.html" title="Rex::Proto::CryptoAsn1::Cms (module)">Cms</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/CryptoAsn1/Cms/SignerInfo.html" title="Rex::Proto::CryptoAsn1::Cms::SignerInfo (class)">SignerInfo</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span>
<span class='label'>version:</span> <span class='int'>1</span><span class='comma'>,</span>
<span class='label'>sid:</span> <span class='lbrace'>{</span>
<span class='label'>issuer:</span> <span class='id identifier rubyid_certificate'>certificate</span><span class='period'>.</span><span class='id identifier rubyid_issuer'>issuer</span><span class='comma'>,</span>
<span class='label'>serial_number:</span> <span class='id identifier rubyid_certificate'>certificate</span><span class='period'>.</span><span class='id identifier rubyid_serial'>serial</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span>
<span class='rbrace'>}</span><span class='comma'>,</span>
<span class='label'>digest_algorithm:</span> <span class='lbrace'>{</span>
<span class='label'>algorithm:</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model.html" title="Rex::Proto::Kerberos::Model (module)">Model</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/OID.html" title="Rex::Proto::Kerberos::Model::OID (module)">OID</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/OID.html#SHA1-constant" title="Rex::Proto::Kerberos::Model::OID::SHA1 (constant)">SHA1</a></span></span>
<span class='rbrace'>}</span><span class='comma'>,</span>
<span class='label'>signed_attrs:</span> <span class='lbracket'>[</span>
<span class='lbrace'>{</span>
<span class='label'>attribute_type:</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model.html" title="Rex::Proto::Kerberos::Model (module)">Model</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/OID.html" title="Rex::Proto::Kerberos::Model::OID (module)">OID</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/OID.html#ContentType-constant" title="Rex::Proto::Kerberos::Model::OID::ContentType (constant)">ContentType</a></span></span><span class='comma'>,</span>
<span class='label'>attribute_values:</span> <span class='lbracket'>[</span><span class='const'>RASN1</span><span class='op'>::</span><span class='const'>Types</span><span class='op'>::</span><span class='const'>Any</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='label'>value:</span> <span class='const'>RASN1</span><span class='op'>::</span><span class='const'>Types</span><span class='op'>::</span><span class='const'>ObjectId</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='label'>value:</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model.html" title="Rex::Proto::Kerberos::Model (module)">Model</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/OID.html" title="Rex::Proto::Kerberos::Model::OID (module)">OID</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/OID.html#PkinitAuthData-constant" title="Rex::Proto::Kerberos::Model::OID::PkinitAuthData (constant)">PkinitAuthData</a></span></span><span class='rparen'>)</span><span class='rparen'>)</span><span class='rbracket'>]</span>
<span class='rbrace'>}</span><span class='comma'>,</span>
<span class='lbrace'>{</span>
<span class='label'>attribute_type:</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model.html" title="Rex::Proto::Kerberos::Model (module)">Model</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/OID.html" title="Rex::Proto::Kerberos::Model::OID (module)">OID</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/OID.html#MessageDigest-constant" title="Rex::Proto::Kerberos::Model::OID::MessageDigest (constant)">MessageDigest</a></span></span><span class='comma'>,</span>
<span class='label'>attribute_values:</span> <span class='lbracket'>[</span><span class='const'>RASN1</span><span class='op'>::</span><span class='const'>Types</span><span class='op'>::</span><span class='const'>Any</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='label'>value:</span> <span class='const'>RASN1</span><span class='op'>::</span><span class='const'>Types</span><span class='op'>::</span><span class='const'>OctetString</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='label'>value:</span> <span class='const'>Digest</span><span class='op'>::</span><span class='const'>SHA1</span><span class='period'>.</span><span class='id identifier rubyid_digest'>digest</span><span class='lparen'>(</span><span class='id identifier rubyid_auth_pack'>auth_pack</span><span class='period'>.</span><span class='id identifier rubyid_to_der'>to_der</span><span class='rparen'>)</span><span class='rparen'>)</span><span class='rparen'>)</span><span class='rbracket'>]</span>
<span class='rbrace'>}</span>
<span class='rbracket'>]</span><span class='comma'>,</span>
<span class='label'>signature_algorithm:</span> <span class='lbrace'>{</span>
<span class='label'>algorithm:</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model.html" title="Rex::Proto::Kerberos::Model (module)">Model</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/OID.html" title="Rex::Proto::Kerberos::Model::OID (module)">OID</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/OID.html#RSAWithSHA1-constant" title="Rex::Proto::Kerberos::Model::OID::RSAWithSHA1 (constant)">RSAWithSHA1</a></span></span>
<span class='rbrace'>}</span>
<span class='rparen'>)</span>
<span class='id identifier rubyid_data'>data</span> <span class='op'>=</span> <span class='const'>RASN1</span><span class='op'>::</span><span class='const'>Types</span><span class='op'>::</span><span class='const'>Set</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='label'>value:</span> <span class='id identifier rubyid_signer_info'>signer_info</span><span class='lbracket'>[</span><span class='symbol'>:signed_attrs</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_to_der'>to_der</span>
<span class='id identifier rubyid_signature'>signature</span> <span class='op'>=</span> <span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_sign'>sign</span><span class='lparen'>(</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>Digest</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>SHA1</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_signer_info'>signer_info</span><span class='lbracket'>[</span><span class='symbol'>:signature</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_signature'>signature</span>
<span class='id identifier rubyid_signed_data'>signed_data</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/CryptoAsn1.html" title="Rex::Proto::CryptoAsn1 (module)">CryptoAsn1</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/CryptoAsn1/Cms.html" title="Rex::Proto::CryptoAsn1::Cms (module)">Cms</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/CryptoAsn1/Cms/SignedData.html" title="Rex::Proto::CryptoAsn1::Cms::SignedData (class)">SignedData</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span>
<span class='label'>version:</span> <span class='int'>3</span><span class='comma'>,</span>
<span class='label'>digest_algorithms:</span> <span class='lbracket'>[</span>
<span class='lbrace'>{</span>
<span class='label'>algorithm:</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model.html" title="Rex::Proto::Kerberos::Model (module)">Model</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/OID.html" title="Rex::Proto::Kerberos::Model::OID (module)">OID</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/OID.html#SHA1-constant" title="Rex::Proto::Kerberos::Model::OID::SHA1 (constant)">SHA1</a></span></span>
<span class='rbrace'>}</span>
<span class='rbracket'>]</span><span class='comma'>,</span>
<span class='label'>encap_content_info:</span> <span class='lbrace'>{</span>
<span class='label'>econtent_type:</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model.html" title="Rex::Proto::Kerberos::Model (module)">Model</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/OID.html" title="Rex::Proto::Kerberos::Model::OID (module)">OID</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/OID.html#PkinitAuthData-constant" title="Rex::Proto::Kerberos::Model::OID::PkinitAuthData (constant)">PkinitAuthData</a></span></span><span class='comma'>,</span>
<span class='label'>econtent:</span> <span class='id identifier rubyid_auth_pack'>auth_pack</span><span class='period'>.</span><span class='id identifier rubyid_to_der'>to_der</span>
<span class='rbrace'>}</span><span class='comma'>,</span>
<span class='label'>certificates:</span> <span class='lbracket'>[</span><span class='lbrace'>{</span> <span class='label'>openssl_certificate:</span> <span class='id identifier rubyid_certificate'>certificate</span> <span class='rbrace'>}</span><span class='rbracket'>]</span><span class='comma'>,</span>
<span class='label'>signer_infos:</span> <span class='lbracket'>[</span><span class='id identifier rubyid_signer_info'>signer_info</span><span class='rbracket'>]</span>
<span class='rparen'>)</span>
<span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/CryptoAsn1.html" title="Rex::Proto::CryptoAsn1 (module)">CryptoAsn1</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/CryptoAsn1/Cms.html" title="Rex::Proto::CryptoAsn1::Cms (module)">Cms</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/CryptoAsn1/Cms/ContentInfo.html" title="Rex::Proto::CryptoAsn1::Cms::ContentInfo (class)">ContentInfo</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span>
<span class='label'>content_type:</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model.html" title="Rex::Proto::Kerberos::Model (module)">Model</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/OID.html" title="Rex::Proto::Kerberos::Model::OID (module)">OID</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/OID.html#SignedData-constant" title="Rex::Proto::Kerberos::Model::OID::SignedData (constant)">SignedData</a></span></span><span class='comma'>,</span>
<span class='label'>data:</span> <span class='id identifier rubyid_signed_data'>signed_data</span>
<span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:02:37 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink