public async Task ReceiveTimeout()
{
var port = NextPort();
var log = new FakeExceptionLoggerFactory();
var options = new ListenerOptions
{
ListeningOn = new IPEndPoint(IPAddress.Loopback, port),
DefaultRealm = "corp2.identityintervention.com".ToUpper(),
IsDebug = true,
RealmLocator = realm => LocateRealm(realm, slow: true),
ReceiveTimeout = TimeSpan.FromMilliseconds(1),
Log = log
};
KdcServiceListener listener = new KdcServiceListener(options);
_ = listener.Start();
try
{
await RequestAndValidateTickets(AdminAtCorpUserName, FakeAdminAtCorpPassword, $"127.0.0.1:{port}");
}
catch
{
}
listener.Stop();
var timeout = log.Exceptions.FirstOrDefault(e => e is TimeoutException);
Assert.IsNotNull(timeout);
throw timeout;
}
public void Teardown()
{
if (listener != null)
{
listener.Stop();
}
}
public async Task U2U()
{
var port = new Random().Next(20000, 40000);
var options = new ListenerOptions
{
ListeningOn = new IPEndPoint(IPAddress.Loopback, port),
DefaultRealm = "corp2.identityintervention.com".ToUpper(),
IsDebug = true,
RealmLocator = realm => LocateRealm(realm),
ReceiveTimeout = TimeSpan.FromHours(1)
};
KdcServiceListener listener = new KdcServiceListener(options);
_ = listener.Start();
var kerbClientCred = new KerberosPasswordCredential("*****@*****.**", "P@ssw0rd!");
var client = new KerberosClient($"127.0.0.1:{port}");
await client.Authenticate(kerbClientCred);
var kerbServerCred = new KerberosPasswordCredential("*****@*****.**", "P@ssw0rd!");
var server = new KerberosClient($"127.0.0.1:{port}");
await server.Authenticate(kerbClientCred);
var serverEntry = await server.Cache.Get <KerberosClientCacheEntry>($"krbtgt/{server.DefaultDomain}");
var serverTgt = serverEntry.Ticket.Ticket;
var apReq = await client.GetServiceTicket("host/u2u", ApOptions.MutualRequired | ApOptions.UseSessionKey, u2uServerTicket : serverTgt);
Assert.IsNotNull(apReq);
var decrypted = new DecryptedKrbApReq(apReq);
Assert.IsNull(decrypted.Ticket);
decrypted.Decrypt(serverEntry.SessionKey.AsKey());
decrypted.Validate(ValidationActions.All);
Assert.IsNotNull(decrypted.Ticket);
Assert.AreEqual("host/u2u/CORP.IDENTITYINTERVENTION.COM", decrypted.SName.FullyQualifiedName);
listener.Stop();
}
public async Task TestE2E()
{
var port = new Random().Next(20000, 40000);
var options = new ListenerOptions
{
ListeningOn = new IPEndPoint(IPAddress.Loopback, port),
DefaultRealm = "corp2.identityintervention.com".ToUpper(),
IsDebug = true,
RealmLocator = realm => LocateRealm(realm),
ReceiveTimeout = TimeSpan.FromHours(1)
};
using (KdcServiceListener listener = new KdcServiceListener(options))
{
_ = listener.Start();
await RequestAndValidateTickets("*****@*****.**", "P@ssw0rd!", $"127.0.0.1:{port}");
listener.Stop();
}
}
public async Task TestReceiveTimeout()
{
var port = new Random().Next(20000, 40000);
var log = new ExceptionTraceLog();
var options = new ListenerOptions
{
ListeningOn = new IPEndPoint(IPAddress.Loopback, port),
DefaultRealm = "corp2.identityintervention.com".ToUpper(),
IsDebug = true,
RealmLocator = realm => LocateRealm(realm, slow: true),
ReceiveTimeout = TimeSpan.FromMilliseconds(1),
Log = log
};
options.Log.Enabled = true;
options.Log.Level = LogLevel.Verbose;
KdcServiceListener listener = new KdcServiceListener(options);
_ = listener.Start();
try
{
await RequestAndValidateTickets("*****@*****.**", "P@ssw0rd!", $"127.0.0.1:{port}");
}
catch
{
}
listener.Stop();
var timeout = log.Exceptions.FirstOrDefault(e => e is TimeoutException);
Assert.IsNotNull(timeout);
throw timeout;
}
public void Teardown()
{
listener.Stop();
}
public void Dispose()
{
server.Stop();
server.Dispose();
}
public async Task E2EMultithreadedClient()
{
var port = new Random().Next(20000, 40000);
var options = new ListenerOptions
{
ListeningOn = new IPEndPoint(IPAddress.Loopback, port),
DefaultRealm = "corp2.identityintervention.com".ToUpper(),
IsDebug = true,
RealmLocator = realm => LocateRealm(realm),
ReceiveTimeout = TimeSpan.FromHours(1)
};
using (KdcServiceListener listener = new KdcServiceListener(options))
{
_ = listener.Start();
var exceptions = new List <Exception>();
var kerbCred = new KerberosPasswordCredential("*****@*****.**", "P@ssw0rd!");
string kdc = $"127.0.0.1:{port}";
//string kdc = "10.0.0.21:88";
using (KerberosClient client = new KerberosClient(kdc))
{
client.CacheServiceTickets = false;
await client.Authenticate(kerbCred);
Task.WaitAll(Enumerable.Range(0, 2).Select(taskNum => Task.Run(async() =>
{
for (var i = 0; i < 100; i++)
{
try
{
if (i % 2 == 0)
{
await client.Authenticate(kerbCred);
}
var ticket = await client.GetServiceTicket(new RequestServiceTicket
{
ServicePrincipalName = "host/appservice.corp.identityintervention.com",
ApOptions = ApOptions.MutualRequired
});
Assert.IsNotNull(ticket.ApReq);
await ValidateTicket(ticket);
}
catch (Exception ex)
{
exceptions.Add(ex);
}
}
})).ToArray());
}
listener.Stop();
if (exceptions.Count > 0)
{
throw new AggregateException($"Failed {exceptions.Count}", exceptions.GroupBy(e => e.GetType()).Select(e => e.First()));
}
}
}