public void MarshalNativeFromManaged_Groups_ExtraSids_ResourceDomain() { var principal = new FakeKerberosPrincipal("*****@*****.**"); var pac = principal.GeneratePac(); GeneratePacExtensions(pac, includeGroups: true, includeExtraIds: true, includeResourceDomain: true, includeResourceGroups: false); var encodedLogonInfo = pac.LogonInfo.Encode(); Assert.IsNotNull(encodedLogonInfo); Assert.IsTrue(encodedLogonInfo.Length > 0); var logonInfoDecoded = new PacLogonInfo(); logonInfoDecoded.Unmarshal(encodedLogonInfo); Assert.AreEqual("*****@*****.**", logonInfoDecoded.UserName.ToString()); AssertManagedMatchesNative(logonInfoDecoded, encodedLogonInfo); }
public void PacFailsOnUnknownKdcSignatureType() { var principal = new FakeKerberosPrincipal("*****@*****.**"); var pac = principal.GeneratePac(); var kdcKey = new KerberosKey(new byte[234], etype: (EncryptionType)(-1)); var serverKey = new KerberosKey(new byte[32], etype: EncryptionType.AES256_CTS_HMAC_SHA1_96); CryptoService.RegisterChecksumAlgorithm((ChecksumType)(-1), (signature, signatureData) => new FakeChecksum(signature, signatureData)); CryptoService.RegisterCryptographicAlgorithm((EncryptionType)(-1), () => new FakeCryptoTransform()); var encoded = pac.Encode(kdcKey, serverKey); CryptoService.UnregisterChecksumAlgorithm((ChecksumType)(-1)); CryptoService.UnregisterCryptographicAlgorithm((EncryptionType)(-1)); bool threw = false; try { _ = new PrivilegedAttributeCertificate( new KrbAuthorizationData { Type = AuthorizationDataType.AdWin2kPac, Data = encoded }, SignatureMode.Kdc ); } catch (InvalidOperationException) { threw = true; } Assert.IsTrue(threw); }