public void PacHandlesCustomKdcSignatureType()
{
var principal = new FakeKerberosPrincipal("*****@*****.**");
var pac = principal.GeneratePac();
var kdcKey = new KerberosKey(new byte[234], etype: (EncryptionType)(-1));
var serverKey = new KerberosKey(new byte[32], etype: EncryptionType.AES256_CTS_HMAC_SHA1_96);
CryptoService.RegisterChecksumAlgorithm((ChecksumType)(-1), (signature, signatureData) => new FakeChecksum(signature, signatureData));
CryptoService.RegisterCryptographicAlgorithm((EncryptionType)(-1), () => new FakeCryptoTransform());
var encoded = pac.Encode(kdcKey, serverKey);
var roundtrip = new PrivilegedAttributeCertificate(
new KrbAuthorizationData
{
Type = AuthorizationDataType.AdWin2kPac,
Data = encoded
},
SignatureMode.Kdc
);
Assert.IsNotNull(roundtrip);
roundtrip.ServerSignature.Validate(serverKey);
Assert.AreEqual((ChecksumType)(-1), roundtrip.KdcSignature.Type);
roundtrip.KdcSignature.Validate(serverKey);
}
public IKerberosPrincipal Find(KrbPrincipalName principalName, string realm = null)
{
IKerberosPrincipal principal = null;
if (principalName.FullyQualifiedName.EndsWith(this.realm, StringComparison.InvariantCultureIgnoreCase) ||
principalName.FullyQualifiedName.StartsWith("krbtgt", StringComparison.InvariantCultureIgnoreCase) ||
principalName.Type == PrincipalNameType.NT_PRINCIPAL)
{
principal = new FakeKerberosPrincipal(principalName.FullyQualifiedName);
}
return(principal);
}
public void ThrowsUnknownChecksumType()
{
var principal = new FakeKerberosPrincipal("*****@*****.**");
var pac = principal.GeneratePac();
var kdcKey = new KerberosKey(new byte[234], etype: (EncryptionType)(-1));
var serverKey = new KerberosKey(new byte[32], etype: EncryptionType.AES256_CTS_HMAC_SHA1_96);
CryptoService.UnregisterChecksumAlgorithm((ChecksumType)(-1));
CryptoService.UnregisterCryptographicAlgorithm((EncryptionType)(-1));
pac.Encode(kdcKey, serverKey);
}
public void MarshalNativeFromManaged_Baseline_DoesntExplode()
{
var principal = new FakeKerberosPrincipal("*****@*****.**");
var pac = principal.GeneratePac();
var encodedLogonInfo = pac.LogonInfo.Encode();
Assert.IsNotNull(encodedLogonInfo);
Assert.IsTrue(encodedLogonInfo.Length > 0);
var logonInfoDecoded = new PacLogonInfo();
logonInfoDecoded.Unmarshal(encodedLogonInfo);
Assert.AreEqual("*****@*****.**", logonInfoDecoded.UserName.ToString());
AssertManagedMatchesNative(logonInfoDecoded, encodedLogonInfo);
}
public void MarshalNativeFromManaged_Groups_ExtraSids_ResourceDomain_ResourceDomainGroups()
{
var principal = new FakeKerberosPrincipal("*****@*****.**");
var pac = principal.GeneratePac();
GeneratePacExtensions(pac, includeGroups: true, includeExtraIds: true, includeResourceDomain: true, includeResourceGroups: true);
var encodedLogonInfo = pac.LogonInfo.Encode();
Assert.IsNotNull(encodedLogonInfo);
Assert.IsTrue(encodedLogonInfo.Length > 0);
var logonInfoDecoded = new PacLogonInfo();
logonInfoDecoded.Unmarshal(encodedLogonInfo);
Assert.AreEqual("*****@*****.**", logonInfoDecoded.UserName.ToString());
AssertManagedMatchesNative(logonInfoDecoded, encodedLogonInfo);
}
public IKerberosPrincipal Find(KrbPrincipalName principalName, string realm = null)
{
IKerberosPrincipal principal = null;
bool fallback = false;
if (principalName.FullyQualifiedName.Contains("-fallback", StringComparison.OrdinalIgnoreCase) &&
principalName.Type == PrincipalNameType.NT_ENTERPRISE)
{
principal = null;
fallback = true;
}
if ((principalName.FullyQualifiedName.EndsWith(this.realm, StringComparison.InvariantCultureIgnoreCase) ||
principalName.FullyQualifiedName.StartsWith("krbtgt", StringComparison.InvariantCultureIgnoreCase) ||
principalName.Type == PrincipalNameType.NT_PRINCIPAL) &&
!fallback)
{
principal = new FakeKerberosPrincipal(principalName.FullyQualifiedName);
}
return(principal);
}
public void PacFailsOnUnknownKdcSignatureType()
{
var principal = new FakeKerberosPrincipal("*****@*****.**");
var pac = principal.GeneratePac();
var kdcKey = new KerberosKey(new byte[234], etype: (EncryptionType)(-1));
var serverKey = new KerberosKey(new byte[32], etype: EncryptionType.AES256_CTS_HMAC_SHA1_96);
CryptoService.RegisterChecksumAlgorithm((ChecksumType)(-1), (signature, signatureData) => new FakeChecksum(signature, signatureData));
CryptoService.RegisterCryptographicAlgorithm((EncryptionType)(-1), () => new FakeCryptoTransform());
var encoded = pac.Encode(kdcKey, serverKey);
CryptoService.UnregisterChecksumAlgorithm((ChecksumType)(-1));
CryptoService.UnregisterCryptographicAlgorithm((EncryptionType)(-1));
bool threw = false;
try
{
_ = new PrivilegedAttributeCertificate(
new KrbAuthorizationData
{
Type = AuthorizationDataType.AdWin2kPac,
Data = encoded
},
SignatureMode.Kdc
);
}
catch (InvalidOperationException)
{
threw = true;
}
Assert.IsTrue(threw);
}
public Task <IKerberosPrincipal> RetrieveKrbtgt()
{
IKerberosPrincipal krbtgt = new FakeKerberosPrincipal("krbtgt");
return(Task.FromResult(krbtgt));
}
public Task <IKerberosPrincipal> Find(string principalName)
{
IKerberosPrincipal principal = new FakeKerberosPrincipal(principalName);
return(Task.FromResult(principal));
}
