public void MarshalNativeFromManaged_Groups_ExtraSids_ResourceDomain()
{
var principal = new FakeKerberosPrincipal("*****@*****.**");
var pac = principal.GeneratePac();
GeneratePacExtensions(pac, includeGroups: true, includeExtraIds: true, includeResourceDomain: true, includeResourceGroups: false);
var encodedLogonInfo = pac.LogonInfo.Encode();
Assert.IsNotNull(encodedLogonInfo);
Assert.IsTrue(encodedLogonInfo.Length > 0);
var logonInfoDecoded = new PacLogonInfo();
logonInfoDecoded.Unmarshal(encodedLogonInfo);
Assert.AreEqual("*****@*****.**", logonInfoDecoded.UserName.ToString());
AssertManagedMatchesNative(logonInfoDecoded, encodedLogonInfo);
}
public void PacFailsOnUnknownKdcSignatureType()
{
var principal = new FakeKerberosPrincipal("*****@*****.**");
var pac = principal.GeneratePac();
var kdcKey = new KerberosKey(new byte[234], etype: (EncryptionType)(-1));
var serverKey = new KerberosKey(new byte[32], etype: EncryptionType.AES256_CTS_HMAC_SHA1_96);
CryptoService.RegisterChecksumAlgorithm((ChecksumType)(-1), (signature, signatureData) => new FakeChecksum(signature, signatureData));
CryptoService.RegisterCryptographicAlgorithm((EncryptionType)(-1), () => new FakeCryptoTransform());
var encoded = pac.Encode(kdcKey, serverKey);
CryptoService.UnregisterChecksumAlgorithm((ChecksumType)(-1));
CryptoService.UnregisterCryptographicAlgorithm((EncryptionType)(-1));
bool threw = false;
try
{
_ = new PrivilegedAttributeCertificate(
new KrbAuthorizationData
{
Type = AuthorizationDataType.AdWin2kPac,
Data = encoded
},
SignatureMode.Kdc
);
}
catch (InvalidOperationException)
{
threw = true;
}
Assert.IsTrue(threw);
}
