public void TryGettingSspiTicketTest()
{
using (var contextSender = new SspiContext($"host/{Environment.MachineName}", "negotiate"))
using (var contextReceiver = new SspiContext($"host/{Environment.MachineName}", "negotiate"))
{
byte[] token = null;
byte[] serverResponse = null;
do
{
token = contextSender.RequestToken(serverResponse);
Assert.IsNotNull(token);
if (token != null && token.Length > 0)
{
contextReceiver.AcceptToken(token, out serverResponse);
Assert.IsNotNull(serverResponse);
}
}while (token != null && token.Length > 0);
var serverContext = NegotiationToken.Decode(serverResponse);
Assert.IsNotNull(serverContext);
Assert.IsNotNull(serverContext.ResponseToken);
Assert.IsNull(serverContext.InitialToken);
Assert.IsNotNull(contextSender.SessionKey);
Assert.IsTrue(KerberosCryptoTransformer.AreEqualSlow(contextSender.SessionKey, contextReceiver.SessionKey));
}
}
protected AccessTokenRequest(Uri requestUri, ClientCredentials credentials, NegotiationToken negociationToken, string verifierCode)
{
this.requestUri = requestUri;
this.clientCredentials = credentials;
this.negotiationToken = negociationToken;
this.verifierCode = verifierCode;
}
static void Main(string[] args)
{
Uri requestTokenEndPoint = new Uri(REQUEST_TOKEN_END_POINT);
Uri authorizeEndPoint = new Uri(AUTHORIZE_END_POINT);
Uri accessTokenEndPoint = new Uri(ACCESS_TOKEN_END_POINT);
ClientCredentials credentials = new ClientCredentials(CLIENT_IDENTIFIER, CLIENT_SHARED_SECRET);
try
{
NegotiationTokenRequest negotiationTokenRequest = NegotiationTokenRequest.Create(requestTokenEndPoint, credentials);
NegotiationToken negotiationToken = negotiationTokenRequest.GetToken();
Console.WriteLine("Negotiation Token: " + negotiationToken.Value);
Console.WriteLine("Negotiation Token Secret: " + negotiationToken.Secret);
Uri authorizationUri = AuthorizationUri.Create(authorizeEndPoint, negotiationToken);
Console.WriteLine(authorizationUri);
Console.ReadLine(); // Wait for user authorization.
AccessTokenRequest accessTokenRequest = AccessTokenRequest.Create(accessTokenEndPoint, credentials, negotiationToken);
AccessToken accessToken = accessTokenRequest.GetToken();
Console.WriteLine("Access Token: " + accessToken.Value);
Console.WriteLine("Access Token Secret: " + accessToken.Secret);
}
catch (WebException ex)
{
Console.WriteLine(new StreamReader(ex.Response.GetResponseStream()).ReadToEnd());
Environment.Exit(0);
}
}
public void RetrieveRequestToken()
{
Uri uri = new Uri("http://term.ie/oauth/example/request_token.php");
NegotiationTokenRequest request = NegotiationTokenRequest.Create(uri, credentials);
NegotiationToken token = request.GetToken();
Assert.That(token.Value, Is.Not.Empty);
Assert.That(token.Secret, Is.Not.Empty);
}
public void RetrieveRequestToken()
{
Uri uri = new Uri(REQUEST_TOKEN_END_POINT);
NegotiationTokenRequest request = NegotiationTokenRequest.Create(uri, credentials);
NegotiationToken token = request.GetToken();
Assert.That(token.Value, Is.Not.Empty);
Assert.That(token.Secret, Is.Not.Empty);
}
internal void ProcessMessage(byte[] message, string source = null)
{
if (messageParsed)
{
return;
}
ResetLayout();
object parsedMessage = null;
try
{
parsedMessage = MessageParser.Parse(message);
}
catch { }
if (parsedMessage == null)
{
try
{
var nego = NegotiationToken.Decode(message);
if (nego.ResponseToken != null)
{
parsedMessage = MessageParser.Parse(nego.ResponseToken.ResponseToken.Value);
}
}
catch { }
}
if (parsedMessage is NtlmContextToken ntlm)
{
ProcessNtlm(ntlm, source);
}
else if (parsedMessage is NegotiateContextToken nego)
{
ProcessNegotiate(nego.Token, source);
}
else if (parsedMessage is KerberosContextToken kerb)
{
ProcessKerberos(kerb, source);
}
try
{
if (KdcProxyMessage.TryDecode(message, out KdcProxyMessage proxyMessage))
{
ProcessKdcProxy(proxyMessage, source);
}
}
catch { }
}
public static Uri Create(Uri authorize, NegotiationToken negotiationToken)
{
UriBuilder builder = new UriBuilder(authorize);
if (QueryStringContainsParameters(builder.Query))
{
builder.Query = builder.Query.Substring(1) + "&" + OAuthTokenParameter(negotiationToken);
}
else
{
builder.Query = OAuthTokenParameter(negotiationToken);
}
return(builder.Uri);
}
public static T DecodeNegotiationToken <T>(byte[] token) where T : class
{
var negotiationToken = new NegotiationToken();
negotiationToken.BerDecode(new Asn1DecodingBuffer(token));
var data = negotiationToken.GetData();
if (data is T)
{
return(data as T);
}
else
{
return(null);
}
}
public void SPNegoInitTokenRoundtrip()
{
NegotiationToken negToken = new NegotiationToken
{
InitialToken = new NegTokenInit
{
MechTypes = new Oid[] { new Oid(MechType.NTLM) },
MechToken = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7 }
}
};
var encoded = negToken.Encode();
var decoded = NegotiationToken.Decode(encoded);
Assert.IsNotNull(decoded);
Assert.IsNotNull(decoded.InitialToken);
Assert.IsNull(decoded.ResponseToken);
}
public void ChoiceEncoding()
{
NegotiationToken negToken = new NegotiationToken
{
InitialToken = new NegTokenInit
{
MechTypes = new Oid[] { new Oid(MechType.NTLM) },
MechToken = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7 }
},
ResponseToken = new NegTokenResp
{
State = NegotiateState.Rejected,
SupportedMech = new Oid(MechType.NTLM),
ResponseToken = new byte[] { 7, 6, 5, 4, 3, 2, 1, 0 }
}
};
negToken.Encode();
}
public void SPNegoResponseTokenRoundtrip()
{
NegotiationToken negToken = new NegotiationToken
{
ResponseToken = new NegTokenResp
{
State = NegotiateState.Rejected,
SupportedMech = new Oid(MechType.NTLM),
ResponseToken = new byte[] { 7, 6, 5, 4, 3, 2, 1, 0 }
}
};
var encoded = negToken.Encode();
var decoded = NegotiationToken.Decode(encoded);
Assert.IsNotNull(decoded);
Assert.IsNull(decoded.InitialToken);
Assert.IsNotNull(decoded.ResponseToken);
}
public static byte[] EncodeInitialNegToken(byte[] token,
KerberosConstValue.OidPkt oidPkt)
{
int[] oidInt;
if (oidPkt == KerberosConstValue.OidPkt.KerberosToken)
{
oidInt = KerberosConstValue.GetKerberosOidInt();
}
else if (oidPkt == KerberosConstValue.OidPkt.MSKerberosToken)
{
oidInt = KerberosConstValue.GetMsKerberosOidInt();
}
else
{
throw new NotSupportedException("oid not support");
}
MechTypeList mechTypeList = new MechTypeList(
new MechType[]
{
new MechType(oidInt)
}
);
Asn1OctetString octetString = new Asn1OctetString(token);
NegTokenInit init = new NegTokenInit(mechTypeList, null, new Asn1OctetString(octetString.ByteArrayValue), new Asn1OctetString((byte[])null));
NegotiationToken negToken = new NegotiationToken(NegotiationToken.negTokenInit, init);
MechType spnegoMech = new MechType(KerberosConstValue.GetSpngOidInt());
InitialNegToken initToken = new InitialNegToken(spnegoMech, negToken);
Asn1BerEncodingBuffer buffer = new Asn1BerEncodingBuffer();
initToken.BerEncode(buffer);
return(buffer.Data);
}
public static byte[] DecodeNegotiationToken(byte[] token)
{
NegotiationToken decoder = new NegotiationToken();
decoder.BerDecode(new Asn1DecodingBuffer(token));
Asn1Object type = decoder.GetData();
switch (decoder.SelectedChoice)
{
case NegotiationToken.negTokenInit:
return(((NegTokenInit)type).mechToken.ByteArrayValue);
case NegotiationToken.negTokenResp:
return(((NegTokenResp)type).responseToken.ByteArrayValue);
case NegotiationToken.negTokenInit2:
return(((NegTokenInit2)type).mechToken.ByteArrayValue);
default:
return(null);
}
}
public void TryGettingSspiTicketTest()
{
using (var contextSender = new SspiContext($"host/{Environment.MachineName}", "Negotiate"))
using (var contextReceiver = new SspiContext($"host/{Environment.MachineName}", "Negotiate"))
{
var token = contextSender.RequestToken();
Assert.IsNotNull(token);
var contextToken = MessageParser.Parse <NegotiateContextToken>(token);
Assert.IsNotNull(contextToken);
contextReceiver.AcceptToken(token, out byte[] serverResponse);
Assert.IsNotNull(serverResponse);
var serverContext = NegotiationToken.Decode(serverResponse);
Assert.IsNotNull(serverContext);
Assert.IsNotNull(serverContext.ResponseToken);
Assert.IsNull(serverContext.InitialToken);
}
}
public static AccessTokenRequest Create(Uri requestUri, ClientCredentials credentials, NegotiationToken negociationToken, string verifierCode)
{
return(new AccessTokenRequest(requestUri, credentials, negociationToken, verifierCode));
}
private void ProcessNegotiate(NegotiationToken token, string source)
{
var parsed = MessageParser.Parse(token.InitialToken.MechToken.Value);
ExplodeObject(parsed, $"Kerberos Message ({source})");
}
public static AccessTokenRequest Create(Uri requestUri, ClientCredentials credentials, NegotiationToken negociationToken)
{
return(new AccessTokenRequest(requestUri, credentials, negociationToken, ""));
}
public static Uri Create(string authorize, NegotiationToken negotiationToken)
{
return(Create(new Uri(authorize), negotiationToken));
}
private static string OAuthTokenParameter(NegotiationToken negotiationToken)
{
return(AuthorizationHeaderFields.TOKEN + "=" + negotiationToken.Value);
}
