Example #1
0
        public void ProcessAsReq()
        {
            for (var i = 0; i < AuthenticationAttempts; i++)
            {
                KdcAsReqMessageHandler handler = new KdcAsReqMessageHandler(asReq, options);

                var response = handler.Execute();

                Assert.IsNotNull(response);
            }
        }
Example #2
0
        public void AsReqPreAuth_PkinitCertificateAccessible()
        {
            var credCert = new X509Certificate2(ReadDataFile("testuser.pfx"), "p");

            var cred = new TrustedAsymmetricCredential(credCert, "*****@*****.**");

            var asReq = KrbAsReq.CreateAsReq(cred, AuthenticationOptions.AllAuthentication);

            var handler = new KdcAsReqMessageHandler(
                asReq.EncodeApplication(),
                new ListenerOptions
            {
                DefaultRealm = "corp.identityintervention.com",
                RealmLocator = realm => new FakeRealmService(realm)
            });

            handler.PreAuthHandlers[PaDataType.PA_PK_AS_REQ] = service => new PaDataPkAsReqHandler(service)
            {
                IncludeOption = X509IncludeOption.EndCertOnly
            };

            var context = new PreAuthenticationContext();

            handler.DecodeMessage(context);
            handler.ExecutePreValidate(context);
            handler.QueryPreValidate(context);
            handler.ValidateTicketRequest(context);
            handler.QueryPreExecute(context);
            handler.ExecuteCore(context);

            Assert.AreEqual(PaDataType.PA_PK_AS_REQ, context.ClientAuthority);

            Assert.AreEqual(1, context.PreAuthenticationState.Count);

            Assert.IsTrue(context.PreAuthenticationState.TryGetValue(PaDataType.PA_PK_AS_REQ, out PaDataState paState));

            var state = paState as PkInitState;

            Assert.IsNotNull(state);

            Assert.IsNotNull(state.ClientCertificate);
            Assert.AreEqual(1, state.ClientCertificate.Count);

            var clientCert = state.ClientCertificate[0];

            Assert.IsFalse(clientCert.HasPrivateKey);

            Assert.AreEqual(credCert.Thumbprint, clientCert.Thumbprint);
        }
Example #3
0
        private static KrbAsRep RequestTgt(out KrbEncryptionKey sessionKey)
        {
            var cred = new KerberosPasswordCredential(Upn, "P@ssw0rd!")
            {
                // cheating by skipping the initial leg of requesting PA-type

                Salts = new[]
                {
                    new KeyValuePair <EncryptionType, string>(
                        EncryptionType.AES256_CTS_HMAC_SHA1_96,
                        "*****@*****.**"
                        )
                },
                Configuration = Krb5Config.Default()
            };

            var asReq = KrbAsReq.CreateAsReq(
                cred,
                AuthenticationOptions.AllAuthentication
                );

            var handler = new KdcAsReqMessageHandler(asReq.EncodeApplication(), new KdcServerOptions
            {
                DefaultRealm = Realm,
                IsDebug      = true,
                RealmLocator = realm => new FakeRealmService(realm)
            });

            handler.PreAuthHandlers[PaDataType.PA_ENC_TIMESTAMP] = service => new PaDataTimestampHandler(service);

            var results = handler.Execute();

            var decoded = KrbAsRep.DecodeApplication(results);

            var decrypted = cred.DecryptKdcRep(
                decoded,
                KeyUsage.EncAsRepPart,
                d => KrbEncAsRepPart.DecodeApplication(d)
                );

            sessionKey = decrypted.Key;

            return(decoded);
        }
Example #4
0
        public async Task ProcessAsReq()
        {
            var requestCounter = 0;

            for (var i = 0; i < AuthenticationAttempts; i++)
            {
                var credential = Creds.GetOrAdd(AlgorithmType, a => new KerberosPasswordCredential(a + user, password));

                var asReq = KrbAsReq.CreateAsReq(credential, DefaultAuthentication).EncodeApplication();

                var message = new ReadOnlySequence <byte>(asReq);

                KdcAsReqMessageHandler handler = new KdcAsReqMessageHandler(message, listener.Options);

                var response = await handler.Execute();

                Assert.IsNotNull(response);

                if (DisplayProgress)
                {
                    CountItOut(ref requestCounter);
                }
            }
        }