public void Kerberos_SingleRealm_ADSource_User_Only()
{
CLAIMS_SET?claims = GetADUserClaims_SingleRealm(
this.testConfig.LocalRealm.RealmName,
this.testConfig.LocalRealm.User[2].Username,
this.testConfig.LocalRealm.User[2].Password,
this.testConfig.LocalRealm.KDC[0].IPAddress,
this.testConfig.LocalRealm.FileServer[0].DefaultServiceName,
this.testConfig.LocalRealm.FileServer[0].Password);
BaseTestSite.Assert.IsTrue(claims.HasValue, "CLAIMS_SET is returned for user claims");
CLAIMS_SET val = claims.Value;
BaseTestSite.Log.Add(LogEntryKind.Checkpoint, "Start load claims from ad");
string ClaimLocalforestUserDN = "cn=" + this.testConfig.LocalRealm.User[2].Username + ",cn=users,dc=" + this.testConfig.LocalRealm.RealmName.Replace(".", ",dc=");
ClaimHelper.LoadClaims(ClaimLocalforestUserDN, ClaimsPrincipalClass.User,
this.testConfig.LocalRealm.KDC[0].IPAddress, this.testConfig.LocalRealm.RealmName, this.testConfig.LocalRealm.Admin.Username,
this.testConfig.LocalRealm.Admin.Password);
BaseTestSite.Log.Add(LogEntryKind.Checkpoint, "Start compare claims between AD and Kerberos Ticket");
for (int i = 0; i < val.ClaimsArrays.Length; i++)
{
for (int j = 0; j < val.ClaimsArrays[i].ClaimEntries.Length; j++)
{
CLAIM_ENTRY entry = val.ClaimsArrays[i].ClaimEntries[j];
string str = ClaimUtility.ConvertEntryUniontoString(entry.Type, entry.Values);
BaseTestSite.Assert.IsTrue(ClaimHelper.FoundMatchedClaim(this.testConfig.LocalRealm.User[2].Username,
ClaimsPrincipalClass.User,
CLAIMS_SOURCE_TYPE.CLAIMS_SOURCE_TYPE_AD,
entry.Id,
entry.Type,
str),
"Should find same claim in AD");
}
}
}
private static ClaimSecurityAttribute ConvertToClaim(CLAIM_ENTRY entry)
{
switch (entry.ClaimType.Value)
{
case 1:
return(new ClaimSecurityAttribute(entry.Id, ClaimSecurityValueType.Int64, 0, entry.Values.Arm_1.Int64Values.GetValue().Cast <object>()));
case 2:
return(new ClaimSecurityAttribute(entry.Id, ClaimSecurityValueType.UInt64, 0,
entry.Values.Arm_2.Uint64Values.GetValue().Select(l => (ulong)l).Cast <object>()));
case 3:
return(new ClaimSecurityAttribute(entry.Id, ClaimSecurityValueType.String, 0, entry.Values.Arm_3.StringValues.GetValue()));
case 4:
return(new ClaimSecurityAttribute(entry.Id, ClaimSecurityValueType.Boolean, 0,
entry.Values.Arm_6.BooleanValues.GetValue().Select(l => l != 0).Cast <object>()));
default:
return(new ClaimSecurityAttribute(entry.Id, ClaimSecurityValueType.Int64, 0, new object[0]));
}
}
/// <summary>
/// Find same claim record from internal database
/// </summary>
/// <param name="principalDN">Distinguished Name of principal</param>
/// <param name="principalClass">principal type</param>
/// <param name="sourceType">claim source type, AD or certificate</param>
/// <param name="claimID">ID of claim</param>
/// <param name="valueType">claim value type</param>
/// <param name="unobjected_values">values parsed into string and split with |ClaimUtilitySpliter|</param>
/// <returns>true if found matched</returns>
public static bool FoundMatchedClaim(string principalDN, ClaimsPrincipalClass principalClass, CLAIMS_SOURCE_TYPE sourceType, string claimID, CLAIM_TYPE valueType, string unobjected_values)
{
#region parse values from the string
object[] values = ClaimUtility.ConvertStringToEntryUnion(valueType, unobjected_values);
#endregion
#region find same claim record
for (int i = 0; i < sourceClaims.Length; i++)
{
if (sourceClaims[i].usClaimsSourceType == (short)sourceType)
{
for (int j = 0; j < sourceClaims[i].ClaimEntries.Length; j++)
{
CLAIM_ENTRY entry = sourceClaims[i].ClaimEntries[j];
if (entry.Id == claimID && entry.Type == valueType)
{
//found claim with same ID and value type, need to check values
switch (valueType)
{
case CLAIM_TYPE.CLAIM_TYPE_BOOLEAN:
{
if (entry.Values.Struct4.BooleanValues.Length != values.Length)
{
return(false);
}
for (int k = 0; k < entry.Values.Struct4.BooleanValues.Length; k++)
{
if ((bool)values[k] != entry.Values.Struct4.BooleanValues[k])
{
return(false);
}
}
return(true);
}
case CLAIM_TYPE.CLAIM_TYPE_INT64:
{
if (entry.Values.Struct1.Int64Values.Length != values.Length)
{
return(false);
}
for (int k = 0; k < entry.Values.Struct1.Int64Values.Length; k++)
{
if ((int)values[k] != entry.Values.Struct1.Int64Values[k])
{
return(false);
}
}
return(true);
}
case CLAIM_TYPE.CLAIM_TYPE_STRING:
{
if (entry.Values.Struct3.StringValues.Length != values.Length)
{
return(false);
}
for (int k = 0; k < entry.Values.Struct3.StringValues.Length; k++)
{
if ((string)values[k] != entry.Values.Struct3.StringValues[k])
{
return(false);
}
}
return(true);
}
case CLAIM_TYPE.CLAIM_TYPE_UINT64:
{
if (entry.Values.Struct2.Uint64Values.Length != values.Length)
{
return(false);
}
for (int k = 0; k < entry.Values.Struct2.Uint64Values.Length; k++)
{
if ((uint)values[k] != entry.Values.Struct2.Uint64Values[k])
{
return(false);
}
}
return(true);
}
}
}
}
}
}
#endregion
return(false);
}