public void ProcessAsReq() { for (var i = 0; i < AuthenticationAttempts; i++) { KdcAsReqMessageHandler handler = new KdcAsReqMessageHandler(asReq, options); var response = handler.Execute(); Assert.IsNotNull(response); } }
public void AsReqPreAuth_PkinitCertificateAccessible() { var credCert = new X509Certificate2(ReadDataFile("testuser.pfx"), "p"); var cred = new TrustedAsymmetricCredential(credCert, "*****@*****.**"); var asReq = KrbAsReq.CreateAsReq(cred, AuthenticationOptions.AllAuthentication); var handler = new KdcAsReqMessageHandler( asReq.EncodeApplication(), new ListenerOptions { DefaultRealm = "corp.identityintervention.com", RealmLocator = realm => new FakeRealmService(realm) }); handler.PreAuthHandlers[PaDataType.PA_PK_AS_REQ] = service => new PaDataPkAsReqHandler(service) { IncludeOption = X509IncludeOption.EndCertOnly }; var context = new PreAuthenticationContext(); handler.DecodeMessage(context); handler.ExecutePreValidate(context); handler.QueryPreValidate(context); handler.ValidateTicketRequest(context); handler.QueryPreExecute(context); handler.ExecuteCore(context); Assert.AreEqual(PaDataType.PA_PK_AS_REQ, context.ClientAuthority); Assert.AreEqual(1, context.PreAuthenticationState.Count); Assert.IsTrue(context.PreAuthenticationState.TryGetValue(PaDataType.PA_PK_AS_REQ, out PaDataState paState)); var state = paState as PkInitState; Assert.IsNotNull(state); Assert.IsNotNull(state.ClientCertificate); Assert.AreEqual(1, state.ClientCertificate.Count); var clientCert = state.ClientCertificate[0]; Assert.IsFalse(clientCert.HasPrivateKey); Assert.AreEqual(credCert.Thumbprint, clientCert.Thumbprint); }
private static KrbAsRep RequestTgt(out KrbEncryptionKey sessionKey) { var cred = new KerberosPasswordCredential(Upn, "P@ssw0rd!") { // cheating by skipping the initial leg of requesting PA-type Salts = new[] { new KeyValuePair <EncryptionType, string>( EncryptionType.AES256_CTS_HMAC_SHA1_96, "*****@*****.**" ) }, Configuration = Krb5Config.Default() }; var asReq = KrbAsReq.CreateAsReq( cred, AuthenticationOptions.AllAuthentication ); var handler = new KdcAsReqMessageHandler(asReq.EncodeApplication(), new KdcServerOptions { DefaultRealm = Realm, IsDebug = true, RealmLocator = realm => new FakeRealmService(realm) }); handler.PreAuthHandlers[PaDataType.PA_ENC_TIMESTAMP] = service => new PaDataTimestampHandler(service); var results = handler.Execute(); var decoded = KrbAsRep.DecodeApplication(results); var decrypted = cred.DecryptKdcRep( decoded, KeyUsage.EncAsRepPart, d => KrbEncAsRepPart.DecodeApplication(d) ); sessionKey = decrypted.Key; return(decoded); }
public async Task ProcessAsReq() { var requestCounter = 0; for (var i = 0; i < AuthenticationAttempts; i++) { var credential = Creds.GetOrAdd(AlgorithmType, a => new KerberosPasswordCredential(a + user, password)); var asReq = KrbAsReq.CreateAsReq(credential, DefaultAuthentication).EncodeApplication(); var message = new ReadOnlySequence <byte>(asReq); KdcAsReqMessageHandler handler = new KdcAsReqMessageHandler(message, listener.Options); var response = await handler.Execute(); Assert.IsNotNull(response); if (DisplayProgress) { CountItOut(ref requestCounter); } } }