public async Task Authenticator_SerializedKeytab()
{
var key = new KerberosKey(
password: "******",
principalName: new PrincipalName(
PrincipalNameType.NT_SRV_INST,
"IDENTITYINTERVENTION.COM",
new[] { "host", "aadg.windows.net.nsatc.net" }
),
etype: EncryptionType.RC4_HMAC_NT
);
var keytab = new KeyTable(key);
var buffer = new MemoryStream();
keytab.Write(new BinaryWriter(buffer));
var secondKeytab = new KeyTable(buffer.ToArray());
var authenticator = new KerberosAuthenticator(
new KerberosValidator(secondKeytab)
{
ValidateAfterDecrypt = DefaultActions
});
Assert.IsNotNull(authenticator);
var result = await authenticator.Authenticate(RC4Header);
Assert.IsNotNull(result);
Assert.AreEqual("*****@*****.**", result.Name);
}
public async Task Authenticator_RoundtripKeytab()
{
var keytab = new KeyTable(ReadDataFile("sample.keytab"));
var buffer = new MemoryStream();
using (var writer = new BinaryWriter(buffer))
{
keytab.Write(writer);
var secondKeytab = new KeyTable(buffer.ToArray());
var authenticator = new KerberosAuthenticator(
new KerberosValidator(secondKeytab)
{
ValidateAfterDecrypt = DefaultActions
});
Assert.IsNotNull(authenticator);
var result = await authenticator.Authenticate(RC4Header);
Assert.IsNotNull(result);
Assert.AreEqual("*****@*****.**", result.Name);
}
}
public void KeyGeneration()
{
var keys = new[]
{
new KerberosKey(
"password",
new PrincipalName(PrincipalNameType.NT_PRINCIPAL, "REALM.COM", new[] { "host/appservice" }),
host: "appservice",
etype: EncryptionType.AES256_CTS_HMAC_SHA1_96
)
};
var keytable = new KeyTable(keys);
var buffer = new MemoryStream();
using (var writer = new BinaryWriter(buffer))
{
keytable.Write(writer);
var secondKeytab = new KeyTable(buffer.ToArray());
AssertKeytablesAreEqual(keytable, secondKeytab);
}
}
public void RoundtripSimple()
{
var keytable = new KeyTable(ReadDataFile("sample.keytab"));
Assert.IsNotNull(keytable);
Assert.AreEqual(5, keytable.Entries.Count);
var buffer = new MemoryStream();
keytable.Write(new BinaryWriter(buffer));
var secondKeyTable = new KeyTable(buffer.ToArray());
Assert.IsNotNull(secondKeyTable);
Assert.AreEqual(5, secondKeyTable.Entries.Count);
AssertKeytablesAreEqual(keytable, secondKeyTable);
}
public void Roundtrip32bOverride()
{
var keytable = new KeyTable(ReadDataFile("sample_with_32_bit_version_override.keytab"));
Assert.IsNotNull(keytable);
Assert.AreEqual(1, keytable.Entries.Count);
var buffer = new MemoryStream();
keytable.Write(new BinaryWriter(buffer));
var secondKeyTable = new KeyTable(buffer.ToArray());
Assert.IsNotNull(secondKeyTable);
Assert.AreEqual(1, secondKeyTable.Entries.Count);
AssertKeytablesAreEqual(keytable, secondKeyTable);
}
private async Task PrepareInvoke()
{
// Start the KDC server
var endpoint = await _kdcListener.Start();
// Generate krb5.conf
_krb5Path = Path.GetTempFileName();
File.WriteAllText(_krb5Path,
OperatingSystem.IsLinux() ?
$"[realms]\n{_options.DefaultRealm} = {{\n master_kdc = {endpoint}\n kdc = {endpoint}\n}}\n" :
$"[realms]\n{_options.DefaultRealm} = {{\n kdc = tcp/{endpoint}\n}}\n");
// Generate keytab file
_keytabPath = Path.GetTempFileName();
var keyTable = new KeyTable();
var etypes = _options.Configuration.Defaults.DefaultTgsEncTypes;
//byte[] passwordBytes = FakeKerberosPrincipal.FakePassword;
foreach (var servicePrincipal in _servicePrincipals)
{
foreach (var etype in etypes.Where(CryptoService.SupportsEType))
{
var kerbKey = servicePrincipal.RetrieveLongTermCredential(etype);
keyTable.Entries.Add(new KeyEntry(kerbKey));
}
}
using (var fs = new FileStream(_keytabPath, FileMode.Create))
using (var writer = new BinaryWriter(fs))
{
keyTable.Write(writer);
writer.Flush();
}
_tracePath = Path.GetTempFileName();
// Set environment variables for GSSAPI
Environment.SetEnvironmentVariable("KRB5_CONFIG", _krb5Path);
Environment.SetEnvironmentVariable("KRB5_KTNAME", _keytabPath);
Environment.SetEnvironmentVariable("KRB5_TRACE", _tracePath);
}
public void RoundtripTrailingPadding()
{
var keytable = new KeyTable(ReadDataFile("sample_with_padding.keytab"));
Assert.IsNotNull(keytable);
Assert.AreEqual(15, keytable.Entries.Count);
var buffer = new MemoryStream();
using (var writer = new BinaryWriter(buffer))
{
keytable.Write(writer);
var secondKeyTable = new KeyTable(buffer.ToArray());
Assert.IsNotNull(secondKeyTable);
Assert.AreEqual(15, secondKeyTable.Entries.Count);
AssertKeytablesAreEqual(keytable, secondKeyTable);
}
}
public void EncodeDecodeEmptyKey()
{
var kt = new KeyTable(
new KerberosKey(key: new byte[16], etype: EncryptionType.AES128_CTS_HMAC_SHA1_96,
principal: PrincipalName.FromKrbPrincipalName(KrbPrincipalName.FromString("*****@*****.**"), "domain.com")),
null,
new KerberosKey(key: new byte[16], etype: EncryptionType.AES128_CTS_HMAC_SHA1_96,
principal: PrincipalName.FromKrbPrincipalName(KrbPrincipalName.FromString("*****@*****.**"), "domain.com"))
);
var buffer = new MemoryStream();
using (var writer = new BinaryWriter(buffer))
{
kt.Write(writer);
}
var arr = buffer.ToArray();
var kt2 = new KeyTable(arr);
Assert.AreEqual(2, kt2.Entries.Count);
}