public void ProcessAsReq()
{
for (var i = 0; i < AuthenticationAttempts; i++)
{
KdcAsReqMessageHandler handler = new KdcAsReqMessageHandler(asReq, options);
var response = handler.Execute();
Assert.IsNotNull(response);
}
}
public void AsReqPreAuth_PkinitCertificateAccessible()
{
var credCert = new X509Certificate2(ReadDataFile("testuser.pfx"), "p");
var cred = new TrustedAsymmetricCredential(credCert, "*****@*****.**");
var asReq = KrbAsReq.CreateAsReq(cred, AuthenticationOptions.AllAuthentication);
var handler = new KdcAsReqMessageHandler(
asReq.EncodeApplication(),
new ListenerOptions
{
DefaultRealm = "corp.identityintervention.com",
RealmLocator = realm => new FakeRealmService(realm)
});
handler.PreAuthHandlers[PaDataType.PA_PK_AS_REQ] = service => new PaDataPkAsReqHandler(service)
{
IncludeOption = X509IncludeOption.EndCertOnly
};
var context = new PreAuthenticationContext();
handler.DecodeMessage(context);
handler.ExecutePreValidate(context);
handler.QueryPreValidate(context);
handler.ValidateTicketRequest(context);
handler.QueryPreExecute(context);
handler.ExecuteCore(context);
Assert.AreEqual(PaDataType.PA_PK_AS_REQ, context.ClientAuthority);
Assert.AreEqual(1, context.PreAuthenticationState.Count);
Assert.IsTrue(context.PreAuthenticationState.TryGetValue(PaDataType.PA_PK_AS_REQ, out PaDataState paState));
var state = paState as PkInitState;
Assert.IsNotNull(state);
Assert.IsNotNull(state.ClientCertificate);
Assert.AreEqual(1, state.ClientCertificate.Count);
var clientCert = state.ClientCertificate[0];
Assert.IsFalse(clientCert.HasPrivateKey);
Assert.AreEqual(credCert.Thumbprint, clientCert.Thumbprint);
}
private static KrbAsRep RequestTgt(out KrbEncryptionKey sessionKey)
{
var cred = new KerberosPasswordCredential(Upn, "P@ssw0rd!")
{
// cheating by skipping the initial leg of requesting PA-type
Salts = new[]
{
new KeyValuePair <EncryptionType, string>(
EncryptionType.AES256_CTS_HMAC_SHA1_96,
"*****@*****.**"
)
},
Configuration = Krb5Config.Default()
};
var asReq = KrbAsReq.CreateAsReq(
cred,
AuthenticationOptions.AllAuthentication
);
var handler = new KdcAsReqMessageHandler(asReq.EncodeApplication(), new KdcServerOptions
{
DefaultRealm = Realm,
IsDebug = true,
RealmLocator = realm => new FakeRealmService(realm)
});
handler.PreAuthHandlers[PaDataType.PA_ENC_TIMESTAMP] = service => new PaDataTimestampHandler(service);
var results = handler.Execute();
var decoded = KrbAsRep.DecodeApplication(results);
var decrypted = cred.DecryptKdcRep(
decoded,
KeyUsage.EncAsRepPart,
d => KrbEncAsRepPart.DecodeApplication(d)
);
sessionKey = decrypted.Key;
return(decoded);
}
public async Task ProcessAsReq()
{
var requestCounter = 0;
for (var i = 0; i < AuthenticationAttempts; i++)
{
var credential = Creds.GetOrAdd(AlgorithmType, a => new KerberosPasswordCredential(a + user, password));
var asReq = KrbAsReq.CreateAsReq(credential, DefaultAuthentication).EncodeApplication();
var message = new ReadOnlySequence <byte>(asReq);
KdcAsReqMessageHandler handler = new KdcAsReqMessageHandler(message, listener.Options);
var response = await handler.Execute();
Assert.IsNotNull(response);
if (DisplayProgress)
{
CountItOut(ref requestCounter);
}
}
}
