Home Explore Help
Register Sign In
publics
/
gokrb5.v7
0
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 6bb6f3f81c
Branches Tags
gokrb5.v7
/
gssapi
/
krb5Token_test.go

krb5Token_test.go 5.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102 
  1. package gssapi
    2. 

  2. 

  3. import (
    4. 

  4. 	"encoding/hex"
    5. 

  5. 	"github.com/stretchr/testify/assert"
    6. 

  6. 	"gopkg.in/jcmturner/gokrb5.v2/credentials"
    7. 

  7. 	"gopkg.in/jcmturner/gokrb5.v2/iana/msgtype"
    8. 

  8. 	"gopkg.in/jcmturner/gokrb5.v2/messages"
    9. 

  9. 	"gopkg.in/jcmturner/gokrb5.v2/testdata"
    10. 

  10. 	"gopkg.in/jcmturner/gokrb5.v2/types"
    11. 

  11. 	"math"
    12. 

  12. 	"testing"
    13. 

  13. )
    14. 

  14. 

  15. const (
    16. 

  16. 	MechTokenHex = "6082026306092a864886f71201020201006e8202523082024ea003020105a10302010ea20703050000000000a382015d6182015930820155a003020105a10d1b0b544553542e474f4b524235a2233021a003020101a11a30181b04485454501b10686f73742e746573742e676f6b726235a382011830820114a003020112a103020103a28201060482010230621d868c97f30bf401e03bbffcd724bd9d067dce2afc31f71a356449b070cdafcc1ff372d0eb1e7a708b50c0152f3996c45b1ea312a803907fb97192d39f20cdcaea29876190f51de6e2b4a4df0460122ed97f363434e1e120b0e76c172b4424a536987152ac0b73013ab88af4b13a3fcdc63f739039dd46d839709cf5b51bb0ce6cb3af05fab3844caac280929955495235e9d0424f8a1fb9b4bd4f6bba971f40b97e9da60b9dabfcf0b1feebfca02c9a19b327a0004aa8e19192726cf347561fa8ac74afad5d6a264e50cf495b93aac86c77b2bc2d184234f6c2767dbea431485a25687b9044a20b601e968efaefffa1fc5283ff32aa6a53cb6c5cdd2eddcb26a481d73081d4a003020112a103020103a281c70481c4a1b29e420324f7edf9efae39df7bcaaf196a3160cf07e72f52a4ef8a965721b2f3343719c50699046e4fcc18ca26c2bfc7e4a9eddfc9d9cfc57ff2f6bdbbd1fc40ac442195bc669b9a0dbba12563b3e4cac9f4022fc01b8aa2d1ab84815bb078399ff7f4d5f9815eef896a0c7e3c049e6fd9932b97096cdb5861425b9d81753d0743212ded1a0fb55a00bf71a46be5ce5e1c8a5cc327b914347d9efcb6cb31ca363b1850d95c7b6c4c3cc6301615ad907318a0c5379d343610fab17eca9c7dc0a5a60658"
    17. 

  17. 	AuthChksum   = "100000000000000000000000000000000000000030000000"
    18. 

  18. )
    19. 

  19. 

  20. func TestMechToken_Unmarshal(t *testing.T) {
    21. 

  21. 	b, err := hex.DecodeString(MechTokenHex)
    22. 

  22. 	if err != nil {
    23. 

  23. 		t.Fatalf("Error decoding MechToken hex: %v", err)
    24. 

  24. 	}
    25. 

  25. 	var mt MechToken
    26. 

  26. 	err = mt.Unmarshal(b)
    27. 

  27. 	if err != nil {
    28. 

  28. 		t.Fatalf("Error unmarshalling MechToken: %v", err)
    29. 

  29. 	}
    30. 

  30. 	assert.Equal(t, MechTypeOIDKRB5, mt.OID, "MechToken OID not as expected.")
    31. 

  31. 	assert.Equal(t, []byte{1, 0}, mt.TokID, "TokID not as expected")
    32. 

  32. 	assert.Equal(t, msgtype.KRB_AP_REQ, mt.APReq.MsgType, "MechToken AP_REQ does not have the right message type.")
    33. 

  33. 	assert.Equal(t, 0, mt.KRBError.ErrorCode, "KRBError in MechToken does not indicate no error.")
    34. 

  34. 	assert.Equal(t, 18, mt.APReq.Authenticator.EType, "Authenticator within AP_REQ does not have the etype expected.")
    35. 

  35. }
    36. 

  36. 

  37. func TestMechToken_newAuthenticatorChksum(t *testing.T) {
    38. 

  38. 	b, err := hex.DecodeString(AuthChksum)
    39. 

  39. 	if err != nil {
    40. 

  40. 		t.Fatalf("Error decoding MechToken hex: %v", err)
    41. 

  41. 	}
    42. 

  42. 	cb := newAuthenticatorChksum([]int{GSS_C_INTEG_FLAG, GSS_C_CONF_FLAG})
    43. 

  43. 	assert.Equal(t, b, cb, "SPNEGO Authenticator checksum not as expected")
    44. 

  44. }
    45. 

  45. 

  46. func TestMechToken_newAuthenticator(t *testing.T) {
    47. 

  47. 	creds := credentials.NewCredentials("hftsai", testdata.TEST_REALM)
    48. 

  48. 	creds.CName.NameString = testdata.TEST_PRINCIPALNAME_NAMESTRING
    49. 

  49. 	etypeID := 18
    50. 

  50. 	a, err := newAuthenticator(creds, etypeID)
    51. 

  51. 	if err != nil {
    52. 

  52. 		t.Fatalf("Error creating authenticator: %v", err)
    53. 

  53. 	}
    54. 

  54. 	assert.Equal(t, 32771, a.Cksum.CksumType, "Checksum type in authenticator for SPNEGO mechtoken not as expected.")
    55. 

  55. 	assert.Equal(t, 18, a.SubKey.KeyType, "Subkey not of the expected type.")
    56. 

  56. 	assert.Equal(t, 32, len(a.SubKey.KeyValue), "Subkey value not of the right length")
    57. 

  57. 	// Test the subkey is initialised to random non-zero values. Not a perfect test but better than nothing.
    58. 

  58. 	assert.Condition(t, assert.Comparison(func() bool {
    59. 

  59. 		return a.SubKey.KeyValue[0] != 0 && a.SubKey.KeyValue[1] != 0 && a.SubKey.KeyValue[0] != a.SubKey.KeyValue[1]
    60. 

  60. 	}))
    61. 

  61. 	assert.Condition(t, assert.Comparison(func() bool {
    62. 

  62. 		return a.SeqNumber > 0
    63. 

  63. 	}), "Sequence number is not greater than zero")
    64. 

  64. 	assert.Condition(t, assert.Comparison(func() bool {
    65. 

  65. 		return a.SeqNumber <= math.MaxUint32
    66. 

  66. 	}))
    67. 

  67. }
    68. 

  68. 

  69. func TestNewKRB5APREQMechToken(t *testing.T) {
    70. 

  70. 	creds := credentials.NewCredentials("hftsai", testdata.TEST_REALM)
    71. 

  71. 	creds.CName.NameString = testdata.TEST_PRINCIPALNAME_NAMESTRING
    72. 

  72. 

  73. 	var tkt messages.Ticket
    74. 

  74. 	v := "encode_krb5_ticket"
    75. 

  75. 	b, err := hex.DecodeString(testdata.TestVectors[v])
    76. 

  76. 	if err != nil {
    77. 

  77. 		t.Fatalf("Test vector read error of %s: %v\n", v, err)
    78. 

  78. 	}
    79. 

  79. 	err = tkt.Unmarshal(b)
    80. 

  80. 	if err != nil {
    81. 

  81. 		t.Fatalf("Unmarshal error of %s: %v\n", v, err)
    82. 

  82. 	}
    83. 

  83. 

  84. 	key := types.EncryptionKey{
    85. 

  85. 		KeyType:  18,
    86. 

  86. 		KeyValue: make([]byte, 32),
    87. 

  87. 	}
    88. 

  88. 

  89. 	mb, err := NewKRB5APREQMechToken(creds, tkt, key)
    90. 

  90. 	var mt MechToken
    91. 

  91. 	err = mt.Unmarshal(mb)
    92. 

  92. 	if err != nil {
    93. 

  93. 		t.Fatalf("Error unmarshalling MechToken: %v", err)
    94. 

  94. 	}
    95. 

  95. 	assert.Equal(t, MechTypeOIDKRB5, mt.OID, "MechToken OID not as expected.")
    96. 

  96. 	assert.Equal(t, []byte{1, 0}, mt.TokID, "TokID not as expected")
    97. 

  97. 	assert.Equal(t, msgtype.KRB_AP_REQ, mt.APReq.MsgType, "MechToken AP_REQ does not have the right message type.")
    98. 

  98. 	assert.Equal(t, 0, mt.KRBError.ErrorCode, "KRBError in MechToken does not indicate no error.")
    99. 

  99. 	assert.Equal(t, testdata.TEST_REALM, mt.APReq.Ticket.Realm, "Realm in ticket within the AP_REQ of the MechToken not as expected.")
    100. 

  100. 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, mt.APReq.Ticket.SName.NameString, "SName in ticket within the AP_REQ of the MechToken not as expected.")
    101. 

  101. 	assert.Equal(t, 18, mt.APReq.Authenticator.EType, "Authenticator within AP_REQ does not have the etype expected.")
    102. 

  102. }
    103.