protected override async Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
var realmService = new FakeRealmService(Realm);
var principal = await realmService.Principals.Find(UserUpn);
var principalKey = await principal.RetrieveLongTermCredential();
var rst = new ServiceTicketRequest
{
Principal = principal,
EncryptedPartKey = principalKey,
ServicePrincipalKey = new KerberosKey(key: TgtKey, etype: EncryptionType.AES256_CTS_HMAC_SHA1_96)
};
var tgt = await KrbAsRep.GenerateTgt(rst, realmService);
var encoded = tgt.EncodeApplication();
var response = new Memory <byte>(new byte[encoded.Length + 4]);
Endian.ConvertToBigEndian(encoded.Length, response.Slice(0, 4));
encoded.CopyTo(response.Slice(4));
var kdcMessage = new KdcProxyMessage
{
KerbMessage = response
};
return(new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new ByteArrayContent(kdcMessage.Encode().ToArray())
});
}
public static IRealmService LocateRealm(string realm, bool slow = false)
{
IRealmService service = new FakeRealmService(realm);
if (slow)
{
Thread.Sleep(500);
}
return(service);
}
public static async Task <IRealmService> LocateRealm(string realm, bool slow = false)
{
IRealmService service = new FakeRealmService(realm);
if (slow)
{
await Task.Delay(500);
}
return(service);
}
public static IRealmService LocateRealm(string realm, bool slow = false, Krb5Config config = null)
{
IRealmService service = new FakeRealmService(realm, config);
if (slow)
{
Thread.Sleep(500);
}
return(service);
}
public void PacGenerationRoundtrip()
{
var realmService = new FakeRealmService("foo.com");
var krbtgt = realmService.Principals.Find(KrbPrincipalName.WellKnown.Krbtgt());
var key = krbtgt.RetrieveLongTermCredential();
var user = realmService.Principals.Find(KrbPrincipalName.FromString("*****@*****.**"));
var pac = user.GeneratePac();
Assert.IsNotNull(pac);
var encoded = pac.Encode(key, key);
var decoded = new PrivilegedAttributeCertificate(new KrbAuthorizationData {
Type = AuthorizationDataType.AdWin2kPac, Data = encoded
});
Assert.IsNotNull(decoded.LogonInfo);
}
public async Task PacGenerationRoundtrip()
{
var realmService = new FakeRealmService("foo.com");
var krbtgt = await realmService.Principals.RetrieveKrbtgt();
var key = await krbtgt.RetrieveLongTermCredential();
var user = await realmService.Principals.Find("*****@*****.**");
var pac = await user.GeneratePac();
Assert.IsNotNull(pac);
var encoded = pac.Encode(key, key);
var decoded = new PrivilegedAttributeCertificate(new KrbAuthorizationData {
Type = AuthorizationDataType.AdWin2kPac, Data = encoded
});
Assert.IsNotNull(decoded.LogonInfo);
}
public void GeneratedTgtMatchesActiveDirectory()
{
var realmService = new FakeRealmService(Realm);
var principal = realmService.Principals.Find(KrbPrincipalName.FromString(UserUpn));
var principalKey = principal.RetrieveLongTermCredential();
var rst = new ServiceTicketRequest
{
Flags = ExpectedFlags,
Principal = principal,
EncryptedPartKey = principalKey,
ServicePrincipalKey = new KerberosKey(key: TgtKey, etype: EncryptionType.AES256_CTS_HMAC_SHA1_96)
};
var tgt = KrbAsRep.GenerateTgt(rst, realmService);
Assert.IsNotNull(tgt);
var encoded = tgt.EncodeApplication();
AssertIsExpectedKrbtgt(principalKey, rst.ServicePrincipalKey, encoded.ToArray());
}
public async Task GeneratedTgtMatchesWithOnPremisesSamAccountName()
{
var realmService = new FakeRealmService(Realm);
var principal = await realmService.Principals.Find(UserUpn);
var principalKey = await principal.RetrieveLongTermCredential();
var rst = new ServiceTicketRequest
{
SamAccountName = TestSamAccountName,
Flags = ExpectedFlags,
Principal = principal,
EncryptedPartKey = principalKey,
ServicePrincipalKey = new KerberosKey(key: TgtKey, etype: EncryptionType.AES256_CTS_HMAC_SHA1_96)
};
var tgt = await KrbAsRep.GenerateTgt(rst, realmService);
Assert.IsNotNull(tgt);
var encoded = tgt.EncodeApplication();
AssertIsExpectedKrbtgtWithOnPremisesSamAccountName(principalKey, rst.ServicePrincipalKey, encoded.ToArray());
}
public void GeneratedTgtMatchesWithOnPremisesSamAccountName(string realm, KerberosCompatibilityFlags compatibilityFlags, string expectedRealm)
{
var realmService = new FakeRealmService(realm, compatibilityFlags: compatibilityFlags);
var principal = realmService.Principals.Find(KrbPrincipalName.FromString(UserUpn));
var principalKey = principal.RetrieveLongTermCredential();
var rst = new ServiceTicketRequest
{
SamAccountName = TestSamAccountName,
Flags = ExpectedFlags,
Principal = principal,
EncryptedPartKey = principalKey,
ServicePrincipalKey = new KerberosKey(key: TgtKey, etype: EncryptionType.AES256_CTS_HMAC_SHA1_96)
};
var tgt = KrbAsRep.GenerateTgt(rst, realmService);
Assert.IsNotNull(tgt);
var encoded = tgt.EncodeApplication();
AssertIsExpectedKrbtgtWithOnPremisesSamAccountName(principalKey, rst.ServicePrincipalKey, encoded.ToArray(), expectedRealm);
}
private static Task <IRealmService> LocateFakeRealm(string realm)
{
IRealmService service = new FakeRealmService(realm);
return(Task.FromResult(service));
}