public void NegotiateStream_EchoServer_ClientWriteRead_Successive_Async_Success()
{
if (!_isKrbAvailable)
{
_output.WriteLine("skipping NegotiateStream_EchoServer_ClientWriteRead_Successive_Async_Success");
return;
}
VirtualNetwork network = new VirtualNetwork();
byte[] firstRecvBuffer = new byte[_firstMessage.Length];
byte[] secondRecvBuffer = new byte[_secondMessage.Length];
using (var clientStream = new VirtualNetworkStream(network, isServer: false))
using (var serverStream = new VirtualNetworkStream(network, isServer: true))
using (var client = new NegotiateStream(clientStream))
using (var server = new UnixGssFakeNegotiateStream(serverStream))
{
Assert.False(client.IsAuthenticated, "client is not authenticated before AuthenticateAsClient call");
Task[] auth = new Task[2];
string user = string.Format("{0}@{1}", TestConfiguration.KerberosUser, TestConfiguration.Realm);
string target = string.Format("{0}@{1}", TestConfiguration.HostTarget, TestConfiguration.Realm);
NetworkCredential credential = new NetworkCredential(user, _fixture.password);
auth[0] = client.AuthenticateAsClientAsync(credential, target);
auth[1] = server.AuthenticateAsServerAsync();
bool finished = Task.WaitAll(auth, TestConfiguration.PassingTestTimeoutMilliseconds);
Assert.True(finished, "Handshake completed in the allotted time");
Task serverTask = server.PollMessageAsync(2);
Task[] msgTasks = new Task[3];
msgTasks[0] = client.WriteAsync(_firstMessage, 0, _firstMessage.Length).ContinueWith((t) =>
client.WriteAsync(_secondMessage, 0, _secondMessage.Length));
msgTasks[1] = client.ReadAsync(firstRecvBuffer, 0, firstRecvBuffer.Length).ContinueWith((t) =>
client.ReadAsync(secondRecvBuffer, 0, secondRecvBuffer.Length));
msgTasks[2] = serverTask;
finished = Task.WaitAll(msgTasks, TestConfiguration.PassingTestTimeoutMilliseconds);
Assert.True(finished, "Messages sent and received in the allotted time");
Assert.True(_firstMessage.SequenceEqual(firstRecvBuffer), "The first message received is as expected");
Assert.True(_secondMessage.SequenceEqual(secondRecvBuffer), "The second message received is as expected");
}
}
public void NegotiateStream_StreamToStream_AuthToHttpTarget_Success()
{
if (!_isKrbAvailable)
{
_output.WriteLine("skipping NegotiateStream_StreamToStream_AuthToHttpTarget_Success");
return;
}
VirtualNetwork network = new VirtualNetwork();
using (var clientStream = new VirtualNetworkStream(network, isServer: false))
using (var serverStream = new VirtualNetworkStream(network, isServer: true))
using (var client = new NegotiateStream(clientStream))
using (var server = new UnixGssFakeNegotiateStream(serverStream))
{
Assert.False(client.IsAuthenticated);
Task[] auth = new Task[2];
string user = string.Format("{0}@{1}", TestConfiguration.KerberosUser, TestConfiguration.Realm);
string target = string.Format("{0}@{1}", TestConfiguration.HttpTarget, TestConfiguration.Realm);
NetworkCredential credential = new NetworkCredential(user, _fixture.password);
auth[0] = client.AuthenticateAsClientAsync(credential, target);
auth[1] = server.AuthenticateAsServerAsync();
bool finished = Task.WaitAll(auth, TestConfiguration.PassingTestTimeoutMilliseconds);
Assert.True(finished, "Handshake completed in the allotted time");
// Expected Client property values:
Assert.True(client.IsAuthenticated, "client.IsAuthenticated");
Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel);
Assert.True(client.IsEncrypted, "client.IsEncrypted");
Assert.True(client.IsMutuallyAuthenticated, "client.IsMutuallyAuthenticated");
Assert.False(client.IsServer, "client.IsServer");
Assert.True(client.IsSigned, "client.IsSigned");
Assert.False(client.LeaveInnerStreamOpen, "client.LeaveInnerStream");
IIdentity serverIdentity = client.RemoteIdentity;
Assert.Equal("Kerberos", serverIdentity.AuthenticationType);
Assert.True(serverIdentity.IsAuthenticated, "serverIdentity.IsAuthenticated");
IdentityValidator.AssertHasName(serverIdentity, target);
}
}
public void NegotiateStream_StreamToStream_NtlmAuthentication_Fallback_Success()
{
if (!_isNtlmAvailable)
{
_output.WriteLine("skipping NegotiateStream_StreamToStream_NtlmAuthentication_EmptyTarget_KerberosUser_Fallback_Success");
return;
}
VirtualNetwork network = new VirtualNetwork();
using (var clientStream = new VirtualNetworkStream(network, isServer: false))
using (var serverStream = new VirtualNetworkStream(network, isServer: true))
using (var client = new NegotiateStream(clientStream))
using (var server = new UnixGssFakeNegotiateStream(serverStream))
{
Assert.False(client.IsAuthenticated, "client.IsAuthenticated");
Assert.False(server.IsAuthenticated, "server.IsAuthenticated");
string user = string.Format("{0}@{1}", TestConfiguration.NtlmUser, TestConfiguration.Domain);
NetworkCredential credential = new NetworkCredential(user, TestConfiguration.NtlmPassword);
Task[] auth = new Task[] {
client.AuthenticateAsClientAsync(credential, TestConfiguration.HostTarget),
server.AuthenticateAsServerAsync()
};
bool finished = Task.WaitAll(auth, TestConfiguration.PassingTestTimeoutMilliseconds);
Assert.True(finished, "Handshake completed in the allotted time");
// Expected Client property values:
Assert.True(client.IsAuthenticated, "client.IsAuthenticated");
Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel);
Assert.True(client.IsEncrypted, "client.IsEncrypted");
Assert.False(client.IsMutuallyAuthenticated, "client.IsMutuallyAuthenticated");
Assert.False(client.IsServer, "client.IsServer");
Assert.True(client.IsSigned, "client.IsSigned");
Assert.False(client.LeaveInnerStreamOpen, "client.LeaveInnerStreamOpen");
IIdentity serverIdentity = client.RemoteIdentity;
Assert.Equal("NTLM", serverIdentity.AuthenticationType);
Assert.False(serverIdentity.IsAuthenticated, "serverIdentity.IsAuthenticated");
}
}
public void NegotiateStream_StreamToStream_NtlmAuthentication_NtlmUser_InvalidCredentials_Fail(NetworkCredential credential)
{
if (!_isNtlmAvailable)
{
_output.WriteLine("skipping NegotiateStream_StreamToStream_NtlmAuthentication_NtlmUser_InvalidCredentials_Fail");
return;
}
VirtualNetwork network = new VirtualNetwork();
using (var clientStream = new VirtualNetworkStream(network, isServer: false))
using (var serverStream = new VirtualNetworkStream(network, isServer: true))
using (var client = new NegotiateStream(clientStream))
using (var server = new UnixGssFakeNegotiateStream(serverStream))
{
Assert.False(client.IsAuthenticated, "client.IsAuthenticated");
Assert.ThrowsAsync <AuthenticationException>(() => server.AuthenticateAsServerAsync());
Assert.ThrowsAsync <AuthenticationException>(() => client.AuthenticateAsClientAsync(credential, _testTarget, ProtectionLevel.None, TokenImpersonationLevel.Identification));
}
}
public async Task NegotiateStream_StreamToStream_NtlmAuthentication_KerberosCreds_Success()
{
if (!_isNtlmAvailable)
{
_output.WriteLine("skipping NegotiateStream_StreamToStream_NtlmAuthentication_KerberosCreds_Success");
return;
}
VirtualNetwork network = new VirtualNetwork();
using (var clientStream = new VirtualNetworkStream(network, isServer: false))
using (var serverStream = new VirtualNetworkStream(network, isServer: true))
using (var client = new NegotiateStream(clientStream))
using (var server = new UnixGssFakeNegotiateStream(serverStream))
{
Assert.False(client.IsAuthenticated, "client.IsAuthenticated");
Assert.False(server.IsAuthenticated, "server.IsAuthenticated");
string user = string.Format("{0}@{1}", TestConfiguration.KerberosUser, TestConfiguration.Realm);
NetworkCredential credential = new NetworkCredential(user, _fixture.password);
Task[] auth = new Task[] {
client.AuthenticateAsClientAsync(credential, TestConfiguration.HttpTarget, ProtectionLevel.None, TokenImpersonationLevel.Identification),
server.AuthenticateAsServerAsync()
};
await TestConfiguration.WhenAllOrAnyFailedWithTimeout(auth);
// Expected Client property values:
Assert.True(client.IsAuthenticated, "client.IsAuthenticated");
Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel);
Assert.False(client.IsEncrypted, "client.IsEncrypted");
Assert.False(client.IsMutuallyAuthenticated, "client.IsMutuallyAuthenticated");
Assert.False(client.IsServer, "client.IsServer");
Assert.False(client.IsSigned, "client.IsSigned");
Assert.False(client.LeaveInnerStreamOpen, "client.LeaveInnerStreamOpen");
IIdentity serverIdentity = client.RemoteIdentity;
Assert.Equal("NTLM", serverIdentity.AuthenticationType);
Assert.True(serverIdentity.IsAuthenticated, "server identity is authenticated");
IdentityValidator.AssertHasName(serverIdentity, TestConfiguration.HttpTarget);
}
}
public void NegotiateStream_StreamToStream_NtlmAuthentication_ValidCredentials_Success(NetworkCredential credential)
{
if (!_isNtlmAvailable)
{
_output.WriteLine("skipping NegotiateStream_StreamToStream_NtlmAuthentication_ValidCredentials_Success");
return;
}
VirtualNetwork network = new VirtualNetwork();
using (var clientStream = new VirtualNetworkStream(network, isServer: false))
using (var serverStream = new VirtualNetworkStream(network, isServer: true))
using (var client = new NegotiateStream(clientStream))
using (var server = new UnixGssFakeNegotiateStream(serverStream))
{
Assert.False(client.IsAuthenticated, "client.IsAuthenticated");
Assert.False(server.IsAuthenticated, "server.IsAuthenticated");
Task[] auth = new Task[] {
client.AuthenticateAsClientAsync(credential, _testTarget, ProtectionLevel.None, TokenImpersonationLevel.Identification),
server.AuthenticateAsServerAsync()
};
bool finished = Task.WaitAll(auth, TestConfiguration.PassingTestTimeoutMilliseconds);
Assert.True(finished, "Handshake completed in the allotted time");
// Expected Client property values:
Assert.True(client.IsAuthenticated, "client.IsAuthenticated");
Assert.Equal(TokenImpersonationLevel.Identification, client.ImpersonationLevel);
Assert.False(client.IsEncrypted, "client.IsEncrypted");
Assert.False(client.IsMutuallyAuthenticated, "client.IsMutuallyAuthenticated");
Assert.False(client.IsServer, "client.IsServer");
Assert.False(client.IsSigned, "client.IsSigned");
Assert.False(client.LeaveInnerStreamOpen, "client.LeaveInnerStreamOpen");
IIdentity serverIdentity = client.RemoteIdentity;
Assert.Equal("NTLM", serverIdentity.AuthenticationType);
Assert.True(serverIdentity.IsAuthenticated, "serverIdentity.IsAuthenticated");
IdentityValidator.AssertHasName(serverIdentity, _testTarget);
}
}
public async Task NegotiateStream_EchoServer_ClientWriteRead_Successive_Sync_Success()
{
if (!_isKrbAvailable)
{
_output.WriteLine("skipping NegotiateStream_EchoServer_ClientWriteRead_Successive_Sync_Success");
return;
}
VirtualNetwork network = new VirtualNetwork();
byte[] firstRecvBuffer = new byte[_firstMessage.Length];
byte[] secondRecvBuffer = new byte[_secondMessage.Length];
using (var clientStream = new VirtualNetworkStream(network, isServer: false))
using (var serverStream = new VirtualNetworkStream(network, isServer: true))
using (var client = new NegotiateStream(clientStream))
using (var server = new UnixGssFakeNegotiateStream(serverStream))
{
Assert.False(client.IsAuthenticated, "client is not authenticated before AuthenticateAsClient call");
string user = string.Format("{0}@{1}", TestConfiguration.KerberosUser, TestConfiguration.Realm);
string target = string.Format("{0}@{1}", TestConfiguration.HostTarget, TestConfiguration.Realm);
NetworkCredential credential = new NetworkCredential(user, _fixture.password);
Task[] auth = new Task[] {
client.AuthenticateAsClientAsync(credential, target),
server.AuthenticateAsServerAsync()
};
await TestConfiguration.WhenAllOrAnyFailedWithTimeout(auth);
Task svrMsgTask = server.PollMessageAsync(2);
client.Write(_firstMessage, 0, _firstMessage.Length);
client.Write(_secondMessage, 0, _secondMessage.Length);
client.Read(firstRecvBuffer, 0, firstRecvBuffer.Length);
client.Read(secondRecvBuffer, 0, secondRecvBuffer.Length);
Assert.True(_firstMessage.SequenceEqual(firstRecvBuffer), "first message received is as expected");
Assert.True(_secondMessage.SequenceEqual(secondRecvBuffer), "second message received is as expected");
await svrMsgTask.TimeoutAfter(TestConfiguration.PassingTestTimeoutMilliseconds);
}
}
public void NegotiateStream_StreamToStream_KerberosAuthInvalidUser_Failure()
{
if (!_isKrbAvailable)
{
_output.WriteLine("skipping NegotiateStream_StreamToStream_KerberosAuthInvalidUser_Failure");
return;
}
VirtualNetwork network = new VirtualNetwork();
using (var clientStream = new VirtualNetworkStream(network, isServer: false))
using (var serverStream = new VirtualNetworkStream(network, isServer: true))
using (var client = new NegotiateStream(clientStream))
using (var server = new UnixGssFakeNegotiateStream(serverStream))
{
Assert.False(client.IsAuthenticated, "client is not authenticated by default");
string user = string.Format("{0}@{1}", TestConfiguration.KerberosUser, TestConfiguration.Realm);
string target = string.Format("{0}@{1}", TestConfiguration.HostTarget, TestConfiguration.Realm);
NetworkCredential credential = new NetworkCredential(user.Substring(1), _fixture.password);
Assert.ThrowsAsync <AuthenticationException>(() => client.AuthenticateAsClientAsync(credential, target));
Assert.ThrowsAsync <AuthenticationException>(() => server.AuthenticateAsServerAsync());
}
}