public void Test(string packageName, SspiContextFlags contextFlags)
{
var clientCredential = new SecurityCredential(packageName, SecurityCredentialUse.Outbound);
clientCredential.Acquire();
var serverCredential = new SecurityCredential(packageName, SecurityCredentialUse.Inbound);
serverCredential.Acquire();
var clientContext = new SecurityContext(clientCredential, contextFlags);
var serverContext = new SecurityContext(serverCredential, contextFlags);
byte[] clientToken;
clientContext.Initialize(serverCredential.PrincipalName, null, out clientToken);
while (true)
{
byte[] serverToken;
serverContext.AcceptToken(clientToken, out serverToken);
if (serverContext.IsInitialized && clientContext.IsInitialized)
break;
clientContext.Initialize(serverCredential.PrincipalName, serverToken, out clientToken);
if (clientContext.IsInitialized && serverContext.IsInitialized)
break;
}
clientContext.Dispose();
serverContext.Dispose();
clientCredential.Dispose();
serverCredential.Dispose();
}
public void ShouldAquireCredentials(string packageName, SecurityCredentialUse credentialUse)
{
var credential = new SecurityCredential(packageName, credentialUse);
credential.Acquire();
credential.Dispose();
}
// public methods
/// <summary>
/// Transitions to the next step in the conversation.
/// </summary>
/// <param name="conversation">The conversation.</param>
/// <param name="bytesReceivedFromServer">The bytes received from the server.</param>
/// <returns>An ISaslStep.</returns>
public ISaslStep Transition(SaslConversation conversation, byte[] bytesReceivedFromServer)
{
SecurityCredential securityCredential;
try
{
securityCredential = SecurityCredential.Acquire(SspiPackage.Kerberos, _authorizationId, _evidence);
conversation.RegisterItemForDisposal(securityCredential);
}
catch (Win32Exception ex)
{
throw new MongoSecurityException("Unable to acquire security credential.", ex);
}
byte[] bytesToSendToServer;
SecurityContext context;
try
{
context = SecurityContext.Initialize(securityCredential, _servicePrincipalName, bytesReceivedFromServer, out bytesToSendToServer);
}
catch (Win32Exception ex)
{
if (_evidence is PasswordEvidence)
{
throw new MongoSecurityException("Unable to initialize security context. Ensure the username and password are correct.", ex);
}
else
{
throw new MongoSecurityException("Unable to initialize security context.", ex);
}
}
if (!context.IsInitialized)
{
return(new SspiInitializeStep(_servicePrincipalName, _authorizationId, context, bytesToSendToServer));
}
return(new SspiNegotiateStep(_authorizationId, context, bytesToSendToServer));
}
public FirstStep(string serviceName, string hostName, string realm, string username, SecureString password, SaslConversation conversation)
{
_authorizationId = username;
_password = password;
_servicePrincipalName = string.Format("{0}/{1}", serviceName, hostName);
if (!string.IsNullOrEmpty(realm))
{
_servicePrincipalName += "@" + realm;
}
SecurityCredential securityCredential;
try
{
securityCredential = SecurityCredential.Acquire(SspiPackage.Kerberos, _authorizationId, _password);
conversation.RegisterItemForDisposal(securityCredential);
}
catch (Win32Exception ex)
{
throw new MongoAuthenticationException(conversation.ConnectionId, "Unable to acquire security credential.", ex);
}
try
{
_context = Sspi.SecurityContext.Initialize(securityCredential, _servicePrincipalName, null, out _bytesToSendToServer);
}
catch (Win32Exception ex)
{
if (_password != null)
{
throw new MongoAuthenticationException(conversation.ConnectionId, "Unable to initialize security context. Ensure the username and password are correct.", ex);
}
else
{
throw new MongoAuthenticationException(conversation.ConnectionId, "Unable to initialize security context.", ex);
}
}
}
public void Test(string packageName, SspiContextFlags contextFlags)
{
var clientCredential = new SecurityCredential(packageName, SecurityCredentialUse.Outbound);
clientCredential.Acquire();
var serverCredential = new SecurityCredential(packageName, SecurityCredentialUse.Inbound);
serverCredential.Acquire();
var clientContext = new SecurityContext(clientCredential, contextFlags);
var serverContext = new SecurityContext(serverCredential, contextFlags);
byte[] clientToken;
clientContext.Initialize(serverCredential.PrincipalName, null, out clientToken);
while (true)
{
byte[] serverToken;
serverContext.AcceptToken(clientToken, out serverToken);
if (serverContext.IsInitialized && clientContext.IsInitialized)
{
break;
}
clientContext.Initialize(serverCredential.PrincipalName, serverToken, out clientToken);
if (clientContext.IsInitialized && serverContext.IsInitialized)
{
break;
}
}
clientContext.Dispose();
serverContext.Dispose();
clientCredential.Dispose();
serverCredential.Dispose();
}
public void ShouldAquireCredentials(string packageName, SecurityCredentialUse credentialUse)
{
var credential = new SecurityCredential(packageName, credentialUse);
credential.Acquire();
credential.Dispose();
}