public static void AgreeWithWrongKey(KeyAgreementAlgorithm a)
 {
     using (var k = new Key(SignatureAlgorithm.Ed25519))
     {
         Assert.Throws <ArgumentException>("key", () => a.Agree(k, null));
     }
 }
Beispiel #2
0
 public static void AgreeSelf(KeyAgreementAlgorithm a)
 {
     using var k = new Key(a);
     using var s = a.Agree(k, k.PublicKey) ?? throw new Xunit.Sdk.NotNullException();
     Assert.NotNull(s);
     Assert.Equal(a.SharedSecretSize, s.Size);
 }
Beispiel #3
0
        public static void AgreeWithNullPublicKey(KeyAgreementAlgorithm a)
        {
            using var k = new Key(a);
            Assert.Same(a, k.Algorithm);

            Assert.Throws <ArgumentNullException>("otherPartyPublicKey", () => a.Agree(k, null !));
        }
 public static void AgreeSelf(KeyAgreementAlgorithm a)
 {
     using (var k = new Key(a))
         using (var s = a.Agree(k, k.PublicKey))
         {
             Assert.NotNull(s);
             Assert.Equal(a.SharedSecretSize, s.Size);
         }
 }
Beispiel #5
0
        private bool IsSupportedAlgorithm(KeyAgreementAlgorithm algorithm, ReadOnlyMemory <byte> expectedPVal, ReadOnlyMemory <byte> actualPVal)
        {
            if (!this.SupportedKeyAgreementAlgorithms.Contains(algorithm))
            {
                return(false);
            }

            return(expectedPVal.Span.SequenceEqual(actualPVal.Span));
        }
Beispiel #6
0
        public static void AgreeWithWrongPublicKey(KeyAgreementAlgorithm a)
        {
            using var k1 = new Key(a);
            using var k2 = new Key(SignatureAlgorithm.Ed25519);
            Assert.Same(a, k1.Algorithm);
            Assert.NotSame(a, k2.Algorithm);

            Assert.Throws <ArgumentException>("otherPartyPublicKey", () => a.Agree(k1, k2.PublicKey));
        }
 public static void AgreeWithDisposedKey(KeyAgreementAlgorithm a)
 {
     using (var k2 = new Key(a))
     {
         var k1 = new Key(a);
         k1.Dispose();
         Assert.Throws <ObjectDisposedException>(() => a.Agree(k1, k2.PublicKey));
     }
 }
Beispiel #8
0
        public static void AgreeSuccess(KeyAgreementAlgorithm a)
        {
            using var k1 = new Key(a);
            using var k2 = new Key(a);

            using var s1 = a.Agree(k1, k2.PublicKey) ?? throw new Xunit.Sdk.NotNullException();
            Assert.NotNull(s1);
            Assert.Equal(a.SharedSecretSize, s1.Size);

            using var s2 = a.Agree(k2, k1.PublicKey) ?? throw new Xunit.Sdk.NotNullException();
            Assert.NotNull(s2);
            Assert.Equal(a.SharedSecretSize, s2.Size);
        }
        public static void AgreeSuccess(KeyAgreementAlgorithm a)
        {
            using (var k1 = new Key(a))
                using (var k2 = new Key(a))
                    using (var s1 = a.Agree(k1, k2.PublicKey))
                        using (var s2 = a.Agree(k2, k1.PublicKey))
                        {
                            Assert.NotNull(s1);
                            Assert.Equal(a.SharedSecretSize, s1.Size);

                            Assert.NotNull(s2);
                            Assert.Equal(a.SharedSecretSize, s2.Size);
                        }
        }
Beispiel #10
0
        public Task <IExchangeKey> RetrieveKeyCache(KeyAgreementAlgorithm algorithm)
        {
            if (keyCache.TryGetValue(algorithm, out IExchangeKey key))
            {
                if (key.CacheExpiry < DateTimeOffset.UtcNow)
                {
                    keyCache.Remove(algorithm);
                }
                else
                {
                    return(Task.FromResult(key));
                }
            }

            return(Task.FromResult <IExchangeKey>(null));
        }
Beispiel #11
0
        public IExchangeKey RetrieveKeyCache(KeyAgreementAlgorithm algorithm)
        {
            if (keyCache.TryGetValue(algorithm, out IExchangeKey key))
            {
                if (key.CacheExpiry < DateTimeOffset.UtcNow)
                {
                    keyCache.Remove(algorithm);
                }
                else
                {
                    return(key);
                }
            }

            return(null);
        }
Beispiel #12
0
        public static void CreateKey(KeyAgreementAlgorithm a)
        {
            using var k = new Key(a, new KeyCreationParameters { ExportPolicy = KeyExportPolicies.AllowPlaintextArchiving });
            Assert.Same(a, k.Algorithm);
            Assert.True(k.HasPublicKey);
            Assert.NotNull(k.PublicKey);
            Assert.Same(a, k.PublicKey.Algorithm);
            Assert.Equal(a.PublicKeySize, k.PublicKey.Size);
            Assert.Equal(a.PrivateKeySize, k.Size);

            var actual = k.Export(KeyBlobFormat.RawPrivateKey);

            var unexpected = new byte[actual.Length];

            Utilities.Fill(unexpected, actual[0]);

            Assert.NotEqual(unexpected, actual);
        }
 public static void Properties(KeyAgreementAlgorithm a)
 {
     Assert.True(a.PublicKeySize > 0);
     Assert.True(a.PrivateKeySize > 0);
     Assert.True(a.SharedSecretSize > 0);
 }
Beispiel #14
0
        internal static async Task RequestAndValidateTickets(
            KdcListener listener,
            string user,
            string password       = null,
            string overrideKdc    = null,
            KeyTable keytab       = null,
            string s4u            = null,
            bool encodeNego       = false,
            bool caching          = false,
            bool includePac       = true,
            X509Certificate2 cert = null,
            string spn            = FakeAppServiceSpn,
            KeyAgreementAlgorithm keyAgreement = KeyAgreementAlgorithm.DiffieHellmanModp14
            )
        {
            KerberosCredential kerbCred;

            if (cert != null)
            {
                kerbCred = new TrustedAsymmetricCredential(cert, user)
                {
                    KeyAgreement = keyAgreement
                };
            }
            else if (keytab != null)
            {
                kerbCred = new KeytabCredential(user, keytab);
            }
            else
            {
                kerbCred = new KerberosPasswordCredential(user, password);
            }

            KerberosClient client = CreateClient(listener, overrideKdc, caching: caching);

            using (client)
            {
                if (!includePac)
                {
                    client.AuthenticationOptions &= ~AuthenticationOptions.IncludePacRequest;
                }

                await client.Authenticate(kerbCred);

                var ticket = await client.GetServiceTicket(
                    new RequestServiceTicket
                {
                    ServicePrincipalName = spn,
                    ApOptions            = ApOptions.MutualRequired
                }
                    );

                await ValidateTicket(ticket, includePac : includePac, spn : spn);

                await client.RenewTicket();

                ticket = await client.GetServiceTicket(
                    new RequestServiceTicket
                {
                    ServicePrincipalName = spn,
                    ApOptions            = ApOptions.MutualRequired
                }
                    );

                await ValidateTicket(ticket, encodeNego, includePac : includePac, spn : spn);

                ticket = await client.GetServiceTicket(
                    new RequestServiceTicket
                {
                    ServicePrincipalName = spn,
                    ApOptions            = ApOptions.MutualRequired,
                    S4uTarget            = s4u
                }
                    );

                await ValidateTicket(ticket, includePac : includePac, spn : spn);
            }
        }
        internal static async Task RequestAndValidateTicketsWithCaches(
            KdcListener listener,
            string user,
            string password       = null,
            string overrideKdc    = null,
            KeyTable keytab       = null,
            string s4u            = null,
            bool encodeNego       = false,
            bool caching          = false,
            bool includePac       = true,
            X509Certificate2 cert = null,
            string spn            = FakeAppServiceSpn,
            KeyAgreementAlgorithm keyAgreement = KeyAgreementAlgorithm.DiffieHellmanModp14,
            bool allowWeakCrypto    = false,
            bool useWeakCrypto      = false,
            bool mutualAuth         = true,
            KrbTicket s4uTicket     = null,
            bool useKrb5TicketCache = false
            )
        {
            KerberosCredential kerbCred;

            if (cert != null)
            {
                kerbCred = new TrustedAsymmetricCredential(cert, user)
                {
                    KeyAgreement = keyAgreement
                };
            }
            else if (keytab != null)
            {
                kerbCred = new KeytabCredential(user, keytab);
            }
            else
            {
                kerbCred = new KerberosPasswordCredential(user, password);
            }

            KerberosClient client = CreateClient(
                listener,
                overrideKdc,
                caching: caching,
                allowWeakCrypto: allowWeakCrypto,
                useWeakCrypto: useWeakCrypto,
                useKrb5TicketCache: useKrb5TicketCache
                );

            using (kerbCred as IDisposable)
                using (client)
                {
                    if (!includePac)
                    {
                        client.AuthenticationOptions &= ~AuthenticationOptions.IncludePacRequest;
                    }

                    await client.Authenticate(kerbCred);

                    var ticket = await client.GetServiceTicket(
                        new RequestServiceTicket
                    {
                        ServicePrincipalName = spn,
                        ApOptions            = mutualAuth ? ApOptions.MutualRequired : 0
                    }
                        );

                    await ValidateTicket(ticket, includePac : includePac, spn : spn, mutualAuth : mutualAuth);

                    await client.RenewTicket();

                    ticket = await client.GetServiceTicket(
                        new RequestServiceTicket
                    {
                        ServicePrincipalName = spn,
                        ApOptions            = mutualAuth ? ApOptions.MutualRequired : 0
                    }
                        );

                    await ValidateTicket(ticket, encodeNego, includePac : includePac, spn : spn, mutualAuth : mutualAuth);

                    ticket = await client.GetServiceTicket(
                        new RequestServiceTicket
                    {
                        ServicePrincipalName = spn,
                        ApOptions            = mutualAuth ? ApOptions.MutualRequired : 0,
                        S4uTarget            = s4u,
                        S4uTicket            = s4uTicket
                    }
                        );

                    await ValidateTicket(ticket, includePac : includePac, spn : spn, mutualAuth : mutualAuth);
                }

            if (user.Contains("-fallback"))
            {
                Assert.AreEqual(PrincipalNameType.NT_PRINCIPAL, kerbCred.PrincipalNameType);
            }
            else
            {
                Assert.AreEqual(PrincipalNameType.NT_ENTERPRISE, kerbCred.PrincipalNameType);
            }
        }
        internal static async Task RequestAndValidateTickets(
            KdcListener listener,
            string user,
            string password       = null,
            string overrideKdc    = null,
            KeyTable keytab       = null,
            string s4u            = null,
            bool encodeNego       = false,
            bool caching          = false,
            bool includePac       = true,
            X509Certificate2 cert = null,
            string spn            = FakeAppServiceSpn,
            KeyAgreementAlgorithm keyAgreement = KeyAgreementAlgorithm.DiffieHellmanModp14,
            bool allowWeakCrypto = false,
            bool useWeakCrypto   = false,
            bool mutualAuth      = true,
            KrbTicket s4uTicket  = null
            )
        {
            await RequestAndValidateTicketsWithCaches(
                listener,
                user,
                password,
                overrideKdc,
                keytab,
                s4u,
                encodeNego,
                caching,
                includePac,
                cert,
                spn,
                keyAgreement,
                allowWeakCrypto,
                useWeakCrypto,
                mutualAuth,
                s4uTicket
                );

            if (caching)
            {
                await RequestAndValidateTicketsWithCaches(
                    listener,
                    user,
                    password,
                    overrideKdc,
                    keytab,
                    s4u,
                    encodeNego,
                    caching,
                    includePac,
                    cert,
                    spn,
                    keyAgreement,
                    allowWeakCrypto,
                    useWeakCrypto,
                    mutualAuth,
                    s4uTicket,
                    useKrb5TicketCache : true
                    );
            }
        }
 public static void AgreeWithNullKey(KeyAgreementAlgorithm a)
 {
     Assert.Throws <ArgumentNullException>("key", () => a.Agree(null, null));
 }