package pac

import (
	

	
	
)

/*
https://msdn.microsoft.com/en-us/library/cc237955.aspx

The Key Usage Value MUST be KERB_NON_KERB_CKSUM_SALT (17) [MS-KILE] (section 3.1.5.9).

Server Signature (SignatureType = 0x00000006)
https://msdn.microsoft.com/en-us/library/cc237957.aspx

KDC Signature (SignatureType = 0x00000007)
https://msdn.microsoft.com/en-us/library/dd357117.aspx
*/

// SignatureData implements https://msdn.microsoft.com/en-us/library/cc237955.aspx
type SignatureData struct {
	SignatureType  uint32 // A 32-bit unsigned integer value in little-endian format that defines the cryptographic system used to calculate the checksum. This MUST be one of the following checksum types: KERB_CHECKSUM_HMAC_MD5 (signature size = 16), HMAC_SHA1_96_AES128 (signature size = 12), HMAC_SHA1_96_AES256 (signature size = 12).
	Signature      []byte // Size depends on the type. See comment above.
	RODCIdentifier uint16 // A 16-bit unsigned integer value in little-endian format that contains the first 16 bits of the key version number ([MS-KILE] section 3.1.5.8) when the KDC is an RODC. When the KDC is not an RODC, this field does not exist.
}

// Unmarshal bytes into the SignatureData struct
func ( *SignatureData) ( []byte) ( []byte,  error) {
	 := mstypes.NewReader(bytes.NewReader())

	.SignatureType,  = .Uint32()
	if  != nil {
		return
	}

	var  int
	switch .SignatureType {
	case chksumtype.KERB_CHECKSUM_HMAC_MD5_UNSIGNED:
		 = 16
	case uint32(chksumtype.HMAC_SHA1_96_AES128):
		 = 12
	case uint32(chksumtype.HMAC_SHA1_96_AES256):
		 = 12
	}
	.Signature,  = .ReadBytes()
	if  != nil {
		return
	}

	// When the KDC is not an Read Only Domain Controller (RODC), this field does not exist.
	if len() >= 4++2 {
		.RODCIdentifier,  = .Uint16()
		if  != nil {
			return
		}
	}

	// Create bytes with zeroed signature needed for checksum verification
	 = make([]byte, len(), len())
	copy(, )
	 := make([]byte, len(), len())
	copy([4:4+], )

	return
}