public Task Setup()
{
this.Port = new Random().Next(20000, 40000);
var options = new ListenerOptions
{
DefaultRealm = "corp2.identityintervention.com".ToUpper(),
RealmLocator = realm => LocateRealm(realm),
Log = Logger
};
options.Configuration.KdcDefaults.TcpListenBacklog = int.MaxValue;
options.Configuration.KdcDefaults.ReceiveTimeout = TimeSpan.FromSeconds(15);
options.Configuration.KdcDefaults.KdcTcpListenEndpoints.Clear();
options.Configuration.KdcDefaults.KdcTcpListenEndpoints.Add($"127.0.0.1:{this.Port}");
this.listener = new KdcServiceListener(options);
_ = this.listener.Start();
this.credential = Creds.GetOrAdd(this.AlgorithmType, a => new KerberosPasswordCredential(a + this.user, this.password));
this.asReq = new ReadOnlySequence <byte>(KrbAsReq.CreateAsReq(this.credential, DefaultAuthentication).EncodeApplication());
return(Task.CompletedTask);
}
static async Task Main()
{
var builder = new HostBuilder()
.ConfigureLogging((_, factory) =>
{
factory.AddConsole(opt => opt.IncludeScopes = true);
factory.AddFilter <ConsoleLoggerProvider>(level => level >= LogLevel.Trace);
});
var host = builder.Build();
var logger = (ILoggerFactory)host.Services.GetService(typeof(ILoggerFactory));
KdcServiceListener listener = new KdcServiceListener(new ListenerOptions
{
ListeningOn = new IPEndPoint(IPAddress.Loopback, 8888),
Log = logger,
DefaultRealm = "corp2.identityintervention.com".ToUpper(),
IsDebug = true,
RealmLocator = realm => LocateRealm(realm),
ReceiveTimeout = TimeSpan.FromHours(1)
});
await listener.Start();
listener.Dispose();
}
public async Task ReceiveTimeout()
{
var port = NextPort();
var log = new FakeExceptionLoggerFactory();
var options = new ListenerOptions
{
ListeningOn = new IPEndPoint(IPAddress.Loopback, port),
DefaultRealm = "corp2.identityintervention.com".ToUpper(),
IsDebug = true,
RealmLocator = realm => LocateRealm(realm, slow: true),
ReceiveTimeout = TimeSpan.FromMilliseconds(1),
Log = log
};
KdcServiceListener listener = new KdcServiceListener(options);
_ = listener.Start();
try
{
await RequestAndValidateTickets(AdminAtCorpUserName, FakeAdminAtCorpPassword, $"127.0.0.1:{port}");
}
catch
{
}
listener.Stop();
var timeout = log.Exceptions.FirstOrDefault(e => e is TimeoutException);
Assert.IsNotNull(timeout);
throw timeout;
}
static async Task Main()
{
var builder = new HostBuilder()
.ConfigureLogging((_, factory) =>
{
factory.AddConsole(opt => opt.IncludeScopes = true);
factory.AddFilter <ConsoleLoggerProvider>(level => level >= LogLevel.Trace);
});
var host = builder.Build();
var logger = (ILoggerFactory)host.Services.GetService(typeof(ILoggerFactory));
var options = new ListenerOptions
{
Log = logger,
DefaultRealm = "corp2.identityintervention.com".ToUpper(),
IsDebug = true,
RealmLocator = realm => new FakeRealmService(realm)
};
options.Configuration.KdcDefaults.KdcTcpListenEndpoints.Clear();
options.Configuration.KdcDefaults.KdcTcpListenEndpoints.Add("127.0.0.1:8888");
options.Configuration.KdcDefaults.ReceiveTimeout = TimeSpan.FromHours(1);
var listener = new KdcServiceListener(options);
await listener.Start();
listener.Dispose();
}
static async Task Main(string[] args)
{
KdcServiceListener listener = new KdcServiceListener(new ListenerOptions
{
ListeningOn = new IPEndPoint(IPAddress.Loopback, 8888),
Log = new ConsoleLogger(),
DefaultRealm = "corp2.identityintervention.com".ToUpper(),
IsDebug = true,
RealmLocator = realm => LocateRealm(realm),
ReceiveTimeout = TimeSpan.FromHours(1)
});
await listener.Start();
}
public async Task U2U()
{
var port = new Random().Next(20000, 40000);
var options = new ListenerOptions
{
ListeningOn = new IPEndPoint(IPAddress.Loopback, port),
DefaultRealm = "corp2.identityintervention.com".ToUpper(),
IsDebug = true,
RealmLocator = realm => LocateRealm(realm),
ReceiveTimeout = TimeSpan.FromHours(1)
};
KdcServiceListener listener = new KdcServiceListener(options);
_ = listener.Start();
var kerbClientCred = new KerberosPasswordCredential("*****@*****.**", "P@ssw0rd!");
var client = new KerberosClient($"127.0.0.1:{port}");
await client.Authenticate(kerbClientCred);
var kerbServerCred = new KerberosPasswordCredential("*****@*****.**", "P@ssw0rd!");
var server = new KerberosClient($"127.0.0.1:{port}");
await server.Authenticate(kerbClientCred);
var serverEntry = await server.Cache.Get <KerberosClientCacheEntry>($"krbtgt/{server.DefaultDomain}");
var serverTgt = serverEntry.Ticket.Ticket;
var apReq = await client.GetServiceTicket("host/u2u", ApOptions.MutualRequired | ApOptions.UseSessionKey, u2uServerTicket : serverTgt);
Assert.IsNotNull(apReq);
var decrypted = new DecryptedKrbApReq(apReq);
Assert.IsNull(decrypted.Ticket);
decrypted.Decrypt(serverEntry.SessionKey.AsKey());
decrypted.Validate(ValidationActions.All);
Assert.IsNotNull(decrypted.Ticket);
Assert.AreEqual("host/u2u/CORP.IDENTITYINTERVENTION.COM", decrypted.SName.FullyQualifiedName);
listener.Stop();
}
public static TcpKdcListener StartTcpListener(int port, bool slow = false)
{
var options = new KdcServerOptions
{
ListeningOn = new IPEndPoint(IPAddress.Loopback, port),
DefaultRealm = "corp2.identityintervention.com".ToUpper(CultureInfo.InvariantCulture),
IsDebug = true,
RealmLocator = realm => LocateRealm(realm, slow),
ReceiveTimeout = TimeSpan.FromHours(1)
};
KdcServiceListener server = new KdcServiceListener(options);
return(new TcpKdcListener(server));
}
public void Setup()
{
port = new Random().Next(20000, 40000);
var options = new ListenerOptions
{
ListeningOn = new IPEndPoint(IPAddress.Loopback, port),
DefaultRealm = "corp2.identityintervention.com".ToUpper(),
IsDebug = true,
RealmLocator = realm => LocateRealm(realm),
ReceiveTimeout = TimeSpan.FromHours(1)
};
listener = new KdcServiceListener(options);
_ = listener.Start();
}
public static KdcServiceListener StartListener(int port, bool slow = false)
{
var options = new ListenerOptions
{
ListeningOn = new IPEndPoint(IPAddress.Loopback, port),
DefaultRealm = "corp2.identityintervention.com".ToUpper(),
IsDebug = true,
RealmLocator = realm => LocateRealm(realm, slow),
ReceiveTimeout = TimeSpan.FromHours(1)
};
var listener = new KdcServiceListener(options);
_ = listener.Start();
return(listener);
}
public void Setup()
{
Port = new Random().Next(20000, 40000);
var options = new ListenerOptions
{
ListeningOn = new IPEndPoint(IPAddress.Loopback, Port),
DefaultRealm = "corp2.identityintervention.com".ToUpper(),
RealmLocator = realm => LocateRealm(realm),
QueueLength = 10 * 1000,
ReceiveTimeout = TimeSpan.FromMinutes(60),
Log = null
};
listener = new KdcServiceListener(options);
_ = listener.Start();
}
public void Setup()
{
this.port = new Random().Next(20000, 40000);
var options = new ListenerOptions
{
DefaultRealm = "corp2.identityintervention.com".ToUpper(),
IsDebug = true,
RealmLocator = realm => this.LocateRealm(realm)
};
options.Configuration.KdcDefaults.ReceiveTimeout = TimeSpan.FromHours(1);
options.Configuration.KdcDefaults.KdcTcpListenEndpoints.Clear();
options.Configuration.KdcDefaults.KdcTcpListenEndpoints.Add($"127.0.0.1:{this.port}");
this.listener = new KdcServiceListener(options);
_ = this.listener.Start();
}
public static TcpKdcListener StartTcpListener(int port, bool slow = false)
{
KdcServerOptions options = null;
options = new KdcServerOptions
{
DefaultRealm = "corp2.identityintervention.com".ToUpper(CultureInfo.InvariantCulture),
IsDebug = true,
RealmLocator = realm => LocateRealm(realm, slow, options.Configuration)
};
options.Configuration.KdcDefaults.ReceiveTimeout = TimeSpan.FromHours(1);
options.Configuration.KdcDefaults.KdcTcpListenEndpoints.Clear();
options.Configuration.KdcDefaults.KdcTcpListenEndpoints.Add($"127.0.0.1:{port}");
var server = new KdcServiceListener(options);
return(new TcpKdcListener(server));
}
public async Task TestE2E()
{
var port = new Random().Next(20000, 40000);
var options = new ListenerOptions
{
ListeningOn = new IPEndPoint(IPAddress.Loopback, port),
DefaultRealm = "corp2.identityintervention.com".ToUpper(),
IsDebug = true,
RealmLocator = realm => LocateRealm(realm),
ReceiveTimeout = TimeSpan.FromHours(1)
};
using (KdcServiceListener listener = new KdcServiceListener(options))
{
_ = listener.Start();
await RequestAndValidateTickets("*****@*****.**", "P@ssw0rd!", $"127.0.0.1:{port}");
listener.Stop();
}
}
public async Task TestReceiveTimeout()
{
var port = new Random().Next(20000, 40000);
var log = new ExceptionTraceLog();
var options = new ListenerOptions
{
ListeningOn = new IPEndPoint(IPAddress.Loopback, port),
DefaultRealm = "corp2.identityintervention.com".ToUpper(),
IsDebug = true,
RealmLocator = realm => LocateRealm(realm, slow: true),
ReceiveTimeout = TimeSpan.FromMilliseconds(1),
Log = log
};
options.Log.Enabled = true;
options.Log.Level = LogLevel.Verbose;
KdcServiceListener listener = new KdcServiceListener(options);
_ = listener.Start();
try
{
await RequestAndValidateTickets("*****@*****.**", "P@ssw0rd!", $"127.0.0.1:{port}");
}
catch
{
}
listener.Stop();
var timeout = log.Exceptions.FirstOrDefault(e => e is TimeoutException);
Assert.IsNotNull(timeout);
throw timeout;
}
public Task Setup()
{
Port = new Random().Next(20000, 40000);
var options = new ListenerOptions
{
ListeningOn = new IPEndPoint(IPAddress.Loopback, Port),
DefaultRealm = "corp2.identityintervention.com".ToUpper(),
RealmLocator = realm => LocateRealm(realm),
QueueLength = 10 * 1000,
ReceiveTimeout = TimeSpan.FromMinutes(60),
Log = null
};
listener = new KdcServiceListener(options);
_ = listener.Start();
credential = Creds.GetOrAdd(AlgorithmType, a => new KerberosPasswordCredential(a + user, password));
asReq = new ReadOnlySequence <byte>(KrbAsReq.CreateAsReq(credential, DefaultAuthentication).EncodeApplication());
return(Task.CompletedTask);
}
public async Task E2EMultithreadedClient()
{
var port = new Random().Next(20000, 40000);
var options = new ListenerOptions
{
ListeningOn = new IPEndPoint(IPAddress.Loopback, port),
DefaultRealm = "corp2.identityintervention.com".ToUpper(),
IsDebug = true,
RealmLocator = realm => LocateRealm(realm),
ReceiveTimeout = TimeSpan.FromHours(1)
};
using (KdcServiceListener listener = new KdcServiceListener(options))
{
_ = listener.Start();
var exceptions = new List <Exception>();
var kerbCred = new KerberosPasswordCredential("*****@*****.**", "P@ssw0rd!");
string kdc = $"127.0.0.1:{port}";
//string kdc = "10.0.0.21:88";
using (KerberosClient client = new KerberosClient(kdc))
{
client.CacheServiceTickets = false;
await client.Authenticate(kerbCred);
Task.WaitAll(Enumerable.Range(0, 2).Select(taskNum => Task.Run(async() =>
{
for (var i = 0; i < 100; i++)
{
try
{
if (i % 2 == 0)
{
await client.Authenticate(kerbCred);
}
var ticket = await client.GetServiceTicket(new RequestServiceTicket
{
ServicePrincipalName = "host/appservice.corp.identityintervention.com",
ApOptions = ApOptions.MutualRequired
});
Assert.IsNotNull(ticket.ApReq);
await ValidateTicket(ticket);
}
catch (Exception ex)
{
exceptions.Add(ex);
}
}
})).ToArray());
}
listener.Stop();
if (exceptions.Count > 0)
{
throw new AggregateException($"Failed {exceptions.Count}", exceptions.GroupBy(e => e.GetType()).Select(e => e.First()));
}
}
}
public TcpKdcListener(KdcServiceListener server)
{
this.server = server;
}
