public void PacHandlesCustomKdcSignatureType() { var principal = new FakeKerberosPrincipal("*****@*****.**"); var pac = principal.GeneratePac(); var kdcKey = new KerberosKey(new byte[234], etype: (EncryptionType)(-1)); var serverKey = new KerberosKey(new byte[32], etype: EncryptionType.AES256_CTS_HMAC_SHA1_96); CryptoService.RegisterChecksumAlgorithm((ChecksumType)(-1), (signature, signatureData) => new FakeChecksum(signature, signatureData)); CryptoService.RegisterCryptographicAlgorithm((EncryptionType)(-1), () => new FakeCryptoTransform()); var encoded = pac.Encode(kdcKey, serverKey); var roundtrip = new PrivilegedAttributeCertificate( new KrbAuthorizationData { Type = AuthorizationDataType.AdWin2kPac, Data = encoded }, SignatureMode.Kdc ); Assert.IsNotNull(roundtrip); roundtrip.ServerSignature.Validate(serverKey); Assert.AreEqual((ChecksumType)(-1), roundtrip.KdcSignature.Type); roundtrip.KdcSignature.Validate(serverKey); }
public IKerberosPrincipal Find(KrbPrincipalName principalName, string realm = null) { IKerberosPrincipal principal = null; if (principalName.FullyQualifiedName.EndsWith(this.realm, StringComparison.InvariantCultureIgnoreCase) || principalName.FullyQualifiedName.StartsWith("krbtgt", StringComparison.InvariantCultureIgnoreCase) || principalName.Type == PrincipalNameType.NT_PRINCIPAL) { principal = new FakeKerberosPrincipal(principalName.FullyQualifiedName); } return(principal); }
public void ThrowsUnknownChecksumType() { var principal = new FakeKerberosPrincipal("*****@*****.**"); var pac = principal.GeneratePac(); var kdcKey = new KerberosKey(new byte[234], etype: (EncryptionType)(-1)); var serverKey = new KerberosKey(new byte[32], etype: EncryptionType.AES256_CTS_HMAC_SHA1_96); CryptoService.UnregisterChecksumAlgorithm((ChecksumType)(-1)); CryptoService.UnregisterCryptographicAlgorithm((EncryptionType)(-1)); pac.Encode(kdcKey, serverKey); }
public void MarshalNativeFromManaged_Baseline_DoesntExplode() { var principal = new FakeKerberosPrincipal("*****@*****.**"); var pac = principal.GeneratePac(); var encodedLogonInfo = pac.LogonInfo.Encode(); Assert.IsNotNull(encodedLogonInfo); Assert.IsTrue(encodedLogonInfo.Length > 0); var logonInfoDecoded = new PacLogonInfo(); logonInfoDecoded.Unmarshal(encodedLogonInfo); Assert.AreEqual("*****@*****.**", logonInfoDecoded.UserName.ToString()); AssertManagedMatchesNative(logonInfoDecoded, encodedLogonInfo); }
public void MarshalNativeFromManaged_Groups_ExtraSids_ResourceDomain_ResourceDomainGroups() { var principal = new FakeKerberosPrincipal("*****@*****.**"); var pac = principal.GeneratePac(); GeneratePacExtensions(pac, includeGroups: true, includeExtraIds: true, includeResourceDomain: true, includeResourceGroups: true); var encodedLogonInfo = pac.LogonInfo.Encode(); Assert.IsNotNull(encodedLogonInfo); Assert.IsTrue(encodedLogonInfo.Length > 0); var logonInfoDecoded = new PacLogonInfo(); logonInfoDecoded.Unmarshal(encodedLogonInfo); Assert.AreEqual("*****@*****.**", logonInfoDecoded.UserName.ToString()); AssertManagedMatchesNative(logonInfoDecoded, encodedLogonInfo); }
public IKerberosPrincipal Find(KrbPrincipalName principalName, string realm = null) { IKerberosPrincipal principal = null; bool fallback = false; if (principalName.FullyQualifiedName.Contains("-fallback", StringComparison.OrdinalIgnoreCase) && principalName.Type == PrincipalNameType.NT_ENTERPRISE) { principal = null; fallback = true; } if ((principalName.FullyQualifiedName.EndsWith(this.realm, StringComparison.InvariantCultureIgnoreCase) || principalName.FullyQualifiedName.StartsWith("krbtgt", StringComparison.InvariantCultureIgnoreCase) || principalName.Type == PrincipalNameType.NT_PRINCIPAL) && !fallback) { principal = new FakeKerberosPrincipal(principalName.FullyQualifiedName); } return(principal); }
public void PacFailsOnUnknownKdcSignatureType() { var principal = new FakeKerberosPrincipal("*****@*****.**"); var pac = principal.GeneratePac(); var kdcKey = new KerberosKey(new byte[234], etype: (EncryptionType)(-1)); var serverKey = new KerberosKey(new byte[32], etype: EncryptionType.AES256_CTS_HMAC_SHA1_96); CryptoService.RegisterChecksumAlgorithm((ChecksumType)(-1), (signature, signatureData) => new FakeChecksum(signature, signatureData)); CryptoService.RegisterCryptographicAlgorithm((EncryptionType)(-1), () => new FakeCryptoTransform()); var encoded = pac.Encode(kdcKey, serverKey); CryptoService.UnregisterChecksumAlgorithm((ChecksumType)(-1)); CryptoService.UnregisterCryptographicAlgorithm((EncryptionType)(-1)); bool threw = false; try { _ = new PrivilegedAttributeCertificate( new KrbAuthorizationData { Type = AuthorizationDataType.AdWin2kPac, Data = encoded }, SignatureMode.Kdc ); } catch (InvalidOperationException) { threw = true; } Assert.IsTrue(threw); }
public Task <IKerberosPrincipal> RetrieveKrbtgt() { IKerberosPrincipal krbtgt = new FakeKerberosPrincipal("krbtgt"); return(Task.FromResult(krbtgt)); }
public Task <IKerberosPrincipal> Find(string principalName) { IKerberosPrincipal principal = new FakeKerberosPrincipal(principalName); return(Task.FromResult(principal)); }