public async Task LogsKeyTableDataOnFailure()
{
FakeExceptionLoggerFactory logger = new FakeExceptionLoggerFactory();
var data = ReadDataFile("rc4-kerberos-data");
var key = ReadDataFile("aes128-key-data");
var validator = new KerberosValidator(new KerberosKey(key, etype: EncryptionType.RC4_HMAC_NT), logger)
{
ValidateAfterDecrypt = DefaultActions
};
bool throws = false;
try
{
await validator.Validate(data);
}
catch (SecurityException ex)
{
throws = true;
Assert.AreEqual(ex, logger.Exceptions.First());
}
Assert.IsTrue(throws);
Assert.IsTrue(logger.Logs.Any(l => l.ToLowerInvariant().Contains("keytab")));
}
public async Task ReceiveTimeout()
{
var port = NextPort();
var log = new FakeExceptionLoggerFactory();
var options = new ListenerOptions
{
ListeningOn = new IPEndPoint(IPAddress.Loopback, port),
DefaultRealm = "corp2.identityintervention.com".ToUpper(),
IsDebug = true,
RealmLocator = realm => LocateRealm(realm, slow: true),
ReceiveTimeout = TimeSpan.FromMilliseconds(1),
Log = log
};
KdcServiceListener listener = new KdcServiceListener(options);
_ = listener.Start();
try
{
await RequestAndValidateTickets(AdminAtCorpUserName, FakeAdminAtCorpPassword, $"127.0.0.1:{port}");
}
catch
{
}
listener.Stop();
var timeout = log.Exceptions.FirstOrDefault(e => e is TimeoutException);
Assert.IsNotNull(timeout);
throw timeout;
}
public async Task ValidatorMemoryCacheExpirationExpired()
{
var config = Krb5Config.Default();
config.Defaults.ClockSkew = TimeSpan.Zero;
using (var logger = new FakeExceptionLoggerFactory())
using (var replay = new TicketReplayValidator(config, logger))
{
var entry = new TicketCacheEntry
{
Key = "blargh",
Expires = DateTimeOffset.UtcNow.AddMilliseconds(100)
};
var added = await replay.Add(entry);
Assert.IsTrue(added);
await Task.Delay(TimeSpan.FromSeconds(1));
added = await replay.Add(entry);
Assert.IsTrue(added);
Assert.IsTrue(logger.Logs.Count() > 1);
}
}
public async Task TcpClientConnectExceptional()
{
using (var logger = new FakeExceptionLoggerFactory())
{
var tcp = new NoDnsTcpTransport(logger)
{
ConnectTimeout = TimeSpan.FromSeconds(1),
MaximumAttempts = 1
};
await tcp.SendMessage <KrbApReq>("blah.com", default);
tcp.Dispose();
}
}
public async Task ValidatorMemoryCacheExpiration()
{
var logger = new FakeExceptionLoggerFactory();
var replay = new TicketReplayValidator(logger);
var entry = new TicketCacheEntry
{
Key = "blargh",
Expires = DateTimeOffset.UtcNow.AddHours(1)
};
var added = await replay.Add(entry);
Assert.IsTrue(added);
Assert.AreEqual(1, logger.Logs.Count());
added = await replay.Add(entry);
Assert.IsFalse(added);
}
public async Task ValidatorMemoryCacheExpirationExpired_WithinSkew()
{
using (var logger = new FakeExceptionLoggerFactory())
using (var replay = new TicketReplayValidator(logger))
{
var entry = new TicketCacheEntry
{
Key = "blargh",
Expires = DateTimeOffset.UtcNow.AddMilliseconds(100)
};
var added = await replay.Add(entry);
Assert.IsTrue(added);
await Task.Delay(TimeSpan.FromSeconds(1));
added = await replay.Add(entry);
Assert.IsFalse(added);
}
}
public async Task ValidatorMemoryCacheExpirationExpired()
{
var logger = new FakeExceptionLoggerFactory();
var replay = new TicketReplayValidator(logger);
var entry = new TicketCacheEntry
{
Key = "blargh",
Expires = DateTimeOffset.UtcNow.AddMilliseconds(100)
};
var added = await replay.Add(entry);
Assert.IsTrue(added);
await Task.Delay(TimeSpan.FromSeconds(5));
added = await replay.Add(entry);
Assert.IsTrue(added);
Assert.AreEqual(2, logger.Logs.Count());
}
