KrbPrincipalName.FromString C# (CSharp)のコード例

コード例 #1

0

ファイルを表示

        public void PrincipalName_Equality_ServiceTypes_WithRealm()
        {
            var a = KrbPrincipalName.FromString("host/[email protected]");
            var b = KrbPrincipalName.FromString("host/[email protected]");

            Assert.IsTrue(a.Matches(b));
        }

コード例 #2

0

ファイルを表示

        public void KrbAuthenticator_Roundtrip()
        {
            var auth = new KrbAuthenticator
            {
                AuthorizationData = new[] { new KrbAuthorizationData {
                                                Data = new byte[16], Type = AuthorizationDataType.AdAndOr
                                            } },
                Checksum       = KrbChecksum.Create(new byte[16], new KerberosKey(key: new byte[16], etype: EncryptionType.AES128_CTS_HMAC_SHA1_96), KeyUsage.AdKdcIssuedChecksum),
                CName          = KrbPrincipalName.FromString("*****@*****.**"),
                CTime          = DateTimeOffset.UtcNow,
                CuSec          = 1234,
                Realm          = "blah.com",
                SequenceNumber = 123456,
                Subkey         = KrbEncryptionKey.Generate(EncryptionType.AES128_CTS_HMAC_SHA1_96)
            };

            var encoded = auth.EncodeApplication();

            var decoded = KrbAuthenticator.DecodeApplication(encoded);

            Assert.IsNotNull(decoded);
            Assert.IsNotNull(decoded.AuthorizationData);
            Assert.AreEqual(1, decoded.AuthorizationData.Length);
            Assert.AreEqual(AuthorizationDataType.AdAndOr, decoded.AuthorizationData[0].Type);
            Assert.AreEqual("*****@*****.**", decoded.CName.FullyQualifiedName);
        }

コード例 #3

0

ファイルを表示

ファイル: KeyTableTests.cs プロジェクト: dotnet/Kerberos.NET

        public void MultipleVersionsInSameKeytab()
        {
            var keys = new[] {
                new KerberosKey(
                    "password",
                    new PrincipalName(PrincipalNameType.NT_PRINCIPAL, "REALM.COM", new[] { "host/appservice" }),
                    host: "appservice",
                    etype: EncryptionType.AES256_CTS_HMAC_SHA1_96,
                    kvno: 1
                    ),
                new KerberosKey(
                    "password",
                    new PrincipalName(PrincipalNameType.NT_PRINCIPAL, "REALM.COM", new[] { "host/appservice" }),
                    host: "appservice",
                    etype: EncryptionType.AES256_CTS_HMAC_SHA1_96,
                    kvno: 2
                    ),
                new KerberosKey(
                    "password",
                    new PrincipalName(PrincipalNameType.NT_PRINCIPAL, "REALM.COM", new[] { "host/appservice" }),
                    host: "appservice",
                    etype: EncryptionType.AES256_CTS_HMAC_SHA1_96,
                    kvno: 12
                    )
            };

            var keytable = new KeyTable(keys);
            var key      = keytable.GetKey(EncryptionType.AES256_CTS_HMAC_SHA1_96, KrbPrincipalName.FromString("host/appservice"));

            Assert.AreEqual(12, key.Version);
        }

コード例 #4

0

ファイルを表示

        public void PrincipalName_Equality_DifferentServiceTypes()
        {
            var a = KrbPrincipalName.FromString("aaaa/aaaa");
            var b = KrbPrincipalName.FromString("bbbb/aaaa");

            Assert.IsFalse(a.Matches(b));
        }

コード例 #5

0

ファイルを表示

 private static object CredToCacheEntry(Krb5Credential cred)
 {
     return(new KerberosClientCacheEntry
     {
         KdcResponse = new KrbTgsRep
         {
             Ticket = KrbTicket.DecodeApplication(cred.Ticket),
             CName = KrbPrincipalName.FromString(cred.Client.FullyQualifiedName, cred.Client.Type),
             CRealm = cred.Client.Realm,
             EncPart = new KrbEncryptedData {
             }
         },
         SessionKey = new KrbEncryptionKey
         {
             EType = cred.KeyBlock.Key,
             KeyValue = cred.KeyBlock.Value
         },
         Flags = cred.Flags,
         SName = KrbPrincipalName.FromString(cred.Server.FullyQualifiedName),
         AuthTime = cred.AuthTime,
         StartTime = cred.StartTime,
         EndTime = cred.EndTime,
         RenewTill = cred.RenewTill <= DateTimeOffset.MinValue ? null : cred.RenewTill
     });
 }

コード例 #6

0

ファイルを表示

ファイル: KerberosMessageView.cs プロジェクト: ericlaw1979/Kerberos.NET

        private static KerberosKey ConvertKey(NetworkCredential creds, bool tryAsKey)
        {
            string domain = creds.Domain ?? "";

            var userSplit = creds.UserName.Split(new[] { '\\', '@' }, StringSplitOptions.RemoveEmptyEntries);

            string username = userSplit[0];

            if (userSplit.Length > 1)
            {
                domain = userSplit[1];
            }

            var name = KrbPrincipalName.FromString(username, realm: domain);

            if (tryAsKey)
            {
                return(new KerberosKey(
                           key: Convert.FromBase64String(creds.Password),
                           principal: new PrincipalName(PrincipalNameType.NT_SRV_HST, domain, name.Name),
                           host: username
                           ));
            }
            else
            {
                return(new KerberosKey(
                           creds.Password,
                           new PrincipalName(PrincipalNameType.NT_SRV_HST, domain, name.Name),
                           host: username
                           ));
            }
        }

コード例 #7

0

ファイルを表示

        internal object GetCacheItem(string key)
        {
            Krb5Credential cred = this.FindCredential(key);

            if (cred is null)
            {
                return(cred);
            }

            return(new KerberosClientCacheEntry
            {
                KdcResponse = new KrbTgsRep
                {
                    Ticket = KrbTicket.DecodeApplication(cred.Ticket),
                    CName = KrbPrincipalName.FromString(cred.Client.FullyQualifiedName),
                    CRealm = cred.Client.Realm,
                    EncPart = new KrbEncryptedData {
                    }
                },
                SessionKey = new KrbEncryptionKey
                {
                    EType = cred.KeyBlock.Key,
                    KeyValue = cred.KeyBlock.Value
                },
                Flags = cred.Flags,
                SName = KrbPrincipalName.FromString(cred.Server.FullyQualifiedName)
            });
        }

コード例 #8

0

ファイルを表示

        public void PrincipalName_Equality_Matches()
        {
            var a = KrbPrincipalName.FromString("*****@*****.**");
            var b = KrbPrincipalName.FromString("*****@*****.**");

            Assert.IsTrue(a.Matches(b));
        }

コード例 #9

0

ファイルを表示

        public void PrincipalName_X500_IncludeDomain()
        {
            var principal = KrbPrincipalName.FromString(principal: "CN=test,OU=blah", type: PrincipalNameType.NT_X500_PRINCIPAL, realm: "corp.test.internal");

            Assert.AreEqual("CN=test,OU=blah,DC=corp,DC=test,DC=internal", principal.FullyQualifiedName);
            Assert.AreEqual(5, principal.Name.Length);
        }

コード例 #10

0

ファイルを表示

        public void PrincipalName_Empty()
        {
            var principal = KrbPrincipalName.FromString(principal: "");

            Assert.IsNotNull(principal);
            Assert.AreEqual("", principal.FullyQualifiedName);
        }

コード例 #11

0

ファイルを表示

        public void PrincipalName_DifferentRealms()
        {
            var principal = KrbPrincipalName.FromString(principal: "*****@*****.**", realm: "corp.test.internal");

            Assert.AreEqual("*****@*****.**", principal.FullyQualifiedName);
            Assert.AreEqual(1, principal.Name.Length);
        }

コード例 #12

0

ファイルを表示

        public void PrincipalName_SrvInst()
        {
            var principal = KrbPrincipalName.FromString(principal: "krbtgt", type: PrincipalNameType.NT_SRV_INST, realm: "corp.test.internal");

            Assert.AreEqual("krbtgt/corp.test.internal", principal.FullyQualifiedName);
            Assert.AreEqual(2, principal.Name.Length);
        }

コード例 #13

0

ファイルを表示

        public void PrincipalName_Equality_DifferentNames()
        {
            var a = KrbPrincipalName.FromString("*****@*****.**");
            var b = KrbPrincipalName.FromString("*****@*****.**");

            Assert.IsFalse(a.Matches(b));
        }

コード例 #14

0

ファイルを表示

        public void PrincipalName_NoRealm_SrvInst()
        {
            var principal = KrbPrincipalName.FromString("host/test.internal", type: PrincipalNameType.NT_SRV_INST);

            Assert.AreEqual("host/test.internal", principal.FullyQualifiedName);
            Assert.AreEqual(2, principal.Name.Length);
        }

コード例 #15

0

ファイルを表示

            protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
            {
                var realmService = new FakeRealmService(Realm);
                var principal    = realmService.Principals.Find(KrbPrincipalName.FromString(UserUpn));

                var principalKey = principal.RetrieveLongTermCredential();

                var rst = new ServiceTicketRequest
                {
                    Principal           = principal,
                    EncryptedPartKey    = principalKey,
                    ServicePrincipalKey = new KerberosKey(key: TgtKey, etype: EncryptionType.AES256_CTS_HMAC_SHA1_96)
                };

                var tgt = KrbAsRep.GenerateTgt(rst, realmService);

                var encoded = tgt.EncodeApplication();

                var response = new Memory <byte>(new byte[encoded.Length + 4]);

                BinaryPrimitives.WriteInt32BigEndian(response.Span.Slice(0, 4), encoded.Length);
                encoded.CopyTo(response.Slice(4));

                var kdcMessage = new KdcProxyMessage
                {
                    KerbMessage = response
                };

                return(Task.FromResult(new HttpResponseMessage(HttpStatusCode.OK)
                {
                    Content = new ByteArrayContent(kdcMessage.Encode().ToArray())
                }));
            }

コード例 #16

0

ファイルを表示

        public void PrincipalName_Equality_Matches_DifferentNameTypes_Service()
        {
            var a = KrbPrincipalName.FromString("host/[email protected]", PrincipalNameType.NT_SRV_HST);
            var b = KrbPrincipalName.FromString("*****@*****.**", PrincipalNameType.NT_PRINCIPAL);

            Assert.IsFalse(a.Matches(b));
        }

コード例 #17

0

ファイルを表示

        public void PrincipalName_NoRealm()
        {
            var principal = KrbPrincipalName.FromString("*****@*****.**");

            Assert.AreEqual("*****@*****.**", principal.FullyQualifiedName);
            Assert.AreEqual(1, principal.Name.Length);
        }

コード例 #18

0

ファイルを表示

 private static TicketCacheEntry CreateCacheEntry(string key = "krbtgt/bar.com")
 {
     return(new TicketCacheEntry
     {
         Key = key,
         Value = new KerberosClientCacheEntry
         {
             KdcResponse = new KrbAsRep
             {
                 CName = KrbPrincipalName.FromString("*****@*****.**"),
                 CRealm = "bar.com",
                 Ticket = new KrbTicket
                 {
                     Realm = "bar.com",
                     SName = KrbPrincipalName.FromString(key),
                     EncryptedPart = new KrbEncryptedData
                     {
                         EType = EncryptionType.AES128_CTS_HMAC_SHA1_96,
                         Cipher = Array.Empty <byte>()
                     }
                 }
             },
             SessionKey = KrbEncryptionKey.Generate(EncryptionType.AES128_CTS_HMAC_SHA1_96),
             SName = KrbPrincipalName.FromString(key)
         }
     });
 }

コード例 #19

0

ファイルを表示

        public void KerberosKeyExportFile()
        {
            var file = KerberosKey.GenerateFile(
                "P@ssw0rd!",
                new Guid("0aa29dcb-3a9b-413f-aee2-8df91fd1118e"),
                KrbPrincipalName.FromString(
                    "host/test.identityintervention.com",
                    PrincipalNameType.NT_SRV_INST,
                    "corp.identityintervention.com"
                    )
                );

            var keytab = new KeyTable(file.ToArray());

            Assert.AreEqual(1, keytab.Entries.Count());

            var key = keytab.Entries.First();

            Assert.AreEqual(EncryptionType.AES256_CTS_HMAC_SHA1_96, key.EncryptionType);

            var derivedKey = key.Key.GetKey(null);

            Assert.IsNotNull(derivedKey);

            var expectedKey = new byte[]
            {
                0xbc, 0x31, 0x7e, 0x82, 0x48, 0x55, 0xcb, 0xa0, 0x3f, 0x70, 0xbe, 0x93, 0x0a, 0xa5, 0x0f, 0xef,
                0x6a, 0x64, 0x7c, 0xc3, 0x99, 0x36, 0x63, 0xee, 0xa5, 0x39, 0x2f, 0xab, 0xd9, 0x01, 0xad, 0xce
            };

            Assert.IsTrue(expectedKey.SequenceEqual(derivedKey.ToArray()));
        }

コード例 #20

0

ファイルを表示

        public void PrincipalName_Equality_ServiceTypeAliasesMatch()
        {
            var a = KrbPrincipalName.FromString("host/aaaa");
            var b = KrbPrincipalName.FromString("bbbb/aaaa");

            KrbPrincipalName.ServiceAliases["bbbb"] = "host";

            Assert.IsTrue(a.Matches(b));
        }

コード例 #21

0

ファイルを表示

ファイル: FakeRealmService.cs プロジェクト: zha0/Kerberos.NET

        public IKerberosPrincipal Refer()
        {
            var fqn            = body.SName.FullyQualifiedName;
            var predictedRealm = fqn.Substring(fqn.IndexOf('.') + 1);

            var krbName = KrbPrincipalName.FromString($"krbtgt/{predictedRealm}");

            return(new FakeKerberosPrincipal(krbName.FullyQualifiedName));
        }

コード例 #22

0

ファイルを表示

ファイル: Krb5CredentialCacheTests.cs プロジェクト: z0h3/Kerberos.NET

        public void ParseFileRoundTrip()
        {
            var tmp   = Path.GetTempFileName();
            var cache = new Krb5TicketCache(tmp);

            try
            {
                Assert.IsNotNull(cache);

                cache.Add(new TicketCacheEntry
                {
                    Key   = "krbtgt/bar.com",
                    Value = new KerberosClientCacheEntry
                    {
                        KdcResponse = new KrbAsRep
                        {
                            CName  = KrbPrincipalName.FromString("*****@*****.**"),
                            CRealm = "bar.com",
                            Ticket = new KrbTicket
                            {
                                Realm         = "bar.com",
                                SName         = KrbPrincipalName.FromString("krbtgt/bar.com"),
                                EncryptedPart = new KrbEncryptedData
                                {
                                    EType  = EncryptionType.AES128_CTS_HMAC_SHA1_96,
                                    Cipher = Array.Empty <byte>()
                                }
                            }
                        },
                        SessionKey = KrbEncryptionKey.Generate(EncryptionType.AES128_CTS_HMAC_SHA1_96),
                        SName      = KrbPrincipalName.FromString("krbtgt/bar.com")
                    }
                });

                using (var secondCache = new Krb5TicketCache(tmp))
                {
                    var entry = secondCache.GetCacheItem <KerberosClientCacheEntry>("krbtgt/bar.com");

                    Assert.IsNotNull(entry.KdcResponse);
                    Assert.AreEqual("bar.com", entry.KdcResponse.CRealm);
                    Assert.AreEqual("*****@*****.**", entry.KdcResponse.CName.FullyQualifiedName);
                }
            }
            finally
            {
                cache.Dispose();

                if (File.Exists(tmp))
                {
                    File.Delete(tmp);
                }
            }
        }

コード例 #23

0

ファイルを表示

        public void KerberosKeyIdMatches()
        {
            var key = KerberosKey.DeriveFromKeyId(
                "P@ssw0rd!",
                new Guid("0aa29dcb-3a9b-413f-aee2-8df91fd1118e"),
                KrbPrincipalName.FromString(
                    "host/test.identityintervention.com",
                    PrincipalNameType.NT_SRV_INST,
                    "corp.identityintervention.com"
                    )
                );

            AssertKeyMatchesGuid(key.EncryptionType, key);
        }

コード例 #24

0

ファイルを表示

        public void ValidateS4uSelf_Modified()
        {
            RetrieveS4u(out KrbTgsReq tgsReq, out KrbEncTicketPart krbtgt);

            var sessionKey = krbtgt.Key;

            var paForUserPaData = tgsReq.PaData.FirstOrDefault(pa => pa.Type == PaDataType.PA_FOR_USER);

            Assert.IsNotNull(paForUserPaData);

            var paForUser = KrbPaForUser.Decode(paForUserPaData.Value);

            paForUser.UserName = KrbPrincipalName.FromString("*****@*****.**");

            paForUser.ValidateChecksum(sessionKey.AsKey());
        }

コード例 #25

0

ファイルを表示

 private static KrbApReq CreateFakeApReq()
 {
     return(new KrbApReq
     {
         Authenticator = new KrbEncryptedData {
             Cipher = new byte[16], EType = EncryptionType.AES128_CTS_HMAC_SHA1_96
         },
         Ticket = new KrbTicket
         {
             EncryptedPart = new KrbEncryptedData {
                 Cipher = new byte[16], EType = EncryptionType.AES128_CTS_HMAC_SHA1_96
             },
             Realm = "test.com",
             SName = KrbPrincipalName.FromString("host/test.com")
         }
     });
 }

コード例 #26

0

ファイルを表示

ファイル: PacEncodingBenchmarks.cs プロジェクト: dotnet/Kerberos.NET

        public void Setup()
        {
            var realmService = new FakeRealmService("CORP.BLAH.COM");

            this.principal = realmService.Principals.Find(KrbPrincipalName.FromString("*****@*****.**"));
            this.pac       = this.principal.GeneratePac();
            this.key       = new KerberosKey(new byte[32], etype: EncryptionType.AES256_CTS_HMAC_SHA1_96);

            var groups = new List <GroupMembership>();

            for (var i = 0; i < this.GroupSize; i++)
            {
                groups.Add(new GroupMembership
                {
                    Attributes = SidAttributes.SE_GROUP_ENABLED | SidAttributes.SE_GROUP_MANDATORY,
                    RelativeId = (uint)i
                });
            }

            this.pac.LogonInfo.GroupIds = groups;

            var extra = new List <RpcSidAttributes>();

            for (var i = 0; i < this.ExtraSize; i++)
            {
                extra.Add(new RpcSidAttributes
                {
                    Attributes = SidAttributes.SE_GROUP_ENABLED | SidAttributes.SE_GROUP_MANDATORY,
                    Sid        = new RpcSid()
                    {
                        IdentifierAuthority = new RpcSidIdentifierAuthority
                        {
                            IdentifierAuthority = new byte[] { 0, 0, 0, 0, 0, (byte)IdentifierAuthority.NTAuthority }
                        },
                        SubAuthority = new uint[] { 21, 3333, 4444, 5555, 111 },
                        Revision     = 1
                    }
                });
            }

            this.pac.LogonInfo.ExtraIds = extra;
        }

コード例 #27

0

ファイルを表示

ファイル: PacTests.cs プロジェクト: rb12345/Kerberos.NET

        public void PacGenerationRoundtrip()
        {
            var realmService = new FakeRealmService("foo.com");
            var krbtgt       = realmService.Principals.Find(KrbPrincipalName.WellKnown.Krbtgt());
            var key          = krbtgt.RetrieveLongTermCredential();

            var user = realmService.Principals.Find(KrbPrincipalName.FromString("*****@*****.**"));

            var pac = user.GeneratePac();

            Assert.IsNotNull(pac);

            var encoded = pac.Encode(key, key);

            var decoded = new PrivilegedAttributeCertificate(new KrbAuthorizationData {
                Type = AuthorizationDataType.AdWin2kPac, Data = encoded
            });

            Assert.IsNotNull(decoded.LogonInfo);
        }

コード例 #28

0

ファイルを表示

        public void KerberosKeyExportFile()
        {
            var file = KerberosKey.GenerateFile(
                "P@ssw0rd!",
                new Guid("0aa29dcb-3a9b-413f-aee2-8df91fd1118e"),
                KrbPrincipalName.FromString(
                    "host/test.identityintervention.com",
                    PrincipalNameType.NT_SRV_INST,
                    "corp.identityintervention.com"
                    )
                );

            var keytab = new KeyTable(file.ToArray());

            Assert.AreEqual(1, keytab.Entries.Count());

            var key = keytab.Entries.First();

            var kerbKey = key.Key;

            AssertKeyMatchesGuid(key.EncryptionType.Value, kerbKey);
        }

コード例 #29

0

ファイルを表示

        public void GenerateTgt()
        {
            var realmService = new FakeRealmService(Realm);
            var principal    = realmService.Principals.Find(KrbPrincipalName.FromString(UserUpn));

            var principalKey = principal.RetrieveLongTermCredential();

            var rst = new ServiceTicketRequest
            {
                Flags               = TicketFlags.EncryptedPreAuthentication | TicketFlags.Renewable | TicketFlags.Forwardable,
                Principal           = principal,
                EncryptedPartKey    = principalKey,
                ServicePrincipalKey = new KerberosKey(key: TgtKey, etype: etype, kvno: 123)
            };

            for (var i = 0; i < AuthenticationAttempts; i++)
            {
                var tgt = KrbAsRep.GenerateTgt(rst, realmService);

                Assert.IsNotNull(tgt);
            }
        }

コード例 #30

0

ファイルを表示

        public void DelegationEncoding_Roundtrip()
        {
            var delegInfo = new DelegationInfo()
            {
                DelegationTicket = new KrbCred
                {
                    Tickets = new[]
                    {
                        new KrbTicket
                        {
                            EncryptedPart = new KrbEncryptedData {
                                Cipher = new byte[16], EType = EncryptionType.AES128_CTS_HMAC_SHA1_96
                            },
                            Realm        = "blah.test.com",
                            SName        = KrbPrincipalName.FromString("*****@*****.**"),
                            TicketNumber = 245
                        }
                    },
                    EncryptedPart = new KrbEncryptedData {
                        Cipher = new byte[16], EType = EncryptionType.AES128_CTS_HMAC_SHA1_96
                    }
                }
            };

            var encoded = delegInfo.Encode();

            Assert.IsNotNull(encoded);

            var decoded = new DelegationInfo().Decode(encoded);

            Assert.IsNotNull(decoded);
            Assert.IsNotNull(decoded.DelegationTicket);
            Assert.IsNotNull(decoded.DelegationTicket.Tickets);

            Assert.AreEqual(1, decoded.DelegationTicket.Tickets.Length);

            Assert.IsNotNull(decoded.DelegationTicket.EncryptedPart);
        }

C# (CSharp) KrbPrincipalName.FromStringの例