public override bool Add(TicketCacheEntry entry)
{
if (entry.Value is KerberosClientCacheEntry cacheEntry)
{
var cred = KrbCred.WrapTicket(
cacheEntry.KdcResponse.Ticket,
new KrbCredInfo
{
Key = cacheEntry.SessionKey,
AuthTime = cacheEntry.AuthTime,
EndTime = cacheEntry.EndTime,
Flags = cacheEntry.Flags,
PName = cacheEntry.KdcResponse.CName,
Realm = cacheEntry.KdcResponse.CRealm,
RenewTill = cacheEntry.RenewTill,
SName = cacheEntry.KdcResponse.Ticket.SName,
SRealm = cacheEntry.KdcResponse.Ticket.Realm,
StartTime = cacheEntry.StartTime
}
);
lsa.ImportCredential(cred);
}
return(true);
}
public async Task ValidatorMemoryCacheExpirationExpired()
{
var config = Krb5Config.Default();
config.Defaults.ClockSkew = TimeSpan.Zero;
using (var logger = new FakeExceptionLoggerFactory())
using (var replay = new TicketReplayValidator(config, logger))
{
var entry = new TicketCacheEntry
{
Key = "blargh",
Expires = DateTimeOffset.UtcNow.AddMilliseconds(100)
};
var added = await replay.Add(entry);
Assert.IsTrue(added);
await Task.Delay(TimeSpan.FromSeconds(1));
added = await replay.Add(entry);
Assert.IsTrue(added);
Assert.IsTrue(logger.Logs.Count() > 1);
}
}
internal void Add(TicketCacheEntry entry)
{
var existing = this.FindCredential(entry.Key);
if (existing != null)
{
this.Credentials.Remove(existing);
}
if (entry.Value is KerberosClientCacheEntry entryValue)
{
if (entryValue.KdcResponse is KrbAsRep asRep && !this.Credentials.Any())
{
this.DefaultPrincipalName = FromResponse(asRep, asRep.CName);
}
this.Credentials.Add(new Krb5Credential
{
Ticket = entryValue.KdcResponse.Ticket.EncodeApplication(),
KeyBlock = new KeyValuePair <EncryptionType, ReadOnlyMemory <byte> >(entryValue.SessionKey.EType, entryValue.SessionKey.KeyValue),
Client = FromResponse(entryValue.KdcResponse, entryValue.KdcResponse.CName),
Server = FromResponse(entryValue.KdcResponse, entryValue.KdcResponse.Ticket.SName),
AuthData = new List <KrbAuthorizationData>(),
EndTime = entry.Expires,
RenewTill = entry.RenewUntil ?? DateTimeOffset.MinValue,
Addresses = new List <KrbHostAddress>(),
SecondTicket = Array.Empty <byte>(),
Flags = entryValue.Flags
});
}
}
public override ValueTask <bool> AddAsync(TicketCacheEntry entry)
{
if (this.Add(entry))
{
return(new ValueTask <bool>(true));
}
return(new ValueTask <bool>(false));
}
public async Task TestValidatorMemoryCacheExpiration()
{
var replay = new TicketReplayValidator();
var entry = new TicketCacheEntry {
Key = "blargh",
Expires = DateTimeOffset.UtcNow.AddHours(1)
};
var added = await replay.Add(entry);
Assert.IsTrue(added);
added = await replay.Add(entry);
Assert.IsFalse(added);
}
public async Task TestValidatorMemoryCacheExpirationExpired()
{
var replay = new TicketReplayValidator();
var entry = new TicketCacheEntry
{
Key = "blargh",
Expires = DateTimeOffset.UtcNow.AddSeconds(1)
};
var added = await replay.Add(entry);
Assert.IsTrue(added);
await Task.Delay(TimeSpan.FromSeconds(3));
added = await replay.Add(entry);
Assert.IsTrue(added);
}
public async Task ValidatorMemoryCacheExpiration()
{
var logger = new FakeExceptionLoggerFactory();
var replay = new TicketReplayValidator(logger);
var entry = new TicketCacheEntry
{
Key = "blargh",
Expires = DateTimeOffset.UtcNow.AddHours(1)
};
var added = await replay.Add(entry);
Assert.IsTrue(added);
Assert.AreEqual(1, logger.Logs.Count());
added = await replay.Add(entry);
Assert.IsFalse(added);
}
public async Task ValidatorMemoryCacheExpirationExpired_WithinSkew()
{
using (var logger = new FakeExceptionLoggerFactory())
using (var replay = new TicketReplayValidator(logger))
{
var entry = new TicketCacheEntry
{
Key = "blargh",
Expires = DateTimeOffset.UtcNow.AddMilliseconds(100)
};
var added = await replay.Add(entry);
Assert.IsTrue(added);
await Task.Delay(TimeSpan.FromSeconds(1));
added = await replay.Add(entry);
Assert.IsFalse(added);
}
}
public async Task ValidatorMemoryCacheExpirationExpired()
{
var logger = new FakeExceptionLoggerFactory();
var replay = new TicketReplayValidator(logger);
var entry = new TicketCacheEntry
{
Key = "blargh",
Expires = DateTimeOffset.UtcNow.AddMilliseconds(100)
};
var added = await replay.Add(entry);
Assert.IsTrue(added);
await Task.Delay(TimeSpan.FromSeconds(5));
added = await replay.Add(entry);
Assert.IsTrue(added);
Assert.AreEqual(2, logger.Logs.Count());
}
public override ValueTask <bool> ContainsAsync(TicketCacheEntry entry) => new(false);
internal bool Contains(TicketCacheEntry entry)
{
Krb5Credential cred = this.FindCredential(entry.Key);
return(cred != null);
}
public ValueTask <bool> ContainsAsync(TicketCacheEntry entry)
{
throw new NotImplementedException();
}
public bool Contains(TicketCacheEntry entry)
{
throw new NotImplementedException();
}
