Home Esplora Aiuto
Registrati Accedi
publics
/
gokrb5.v7
0
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Ramo (Branch): master
Rami (Branch) Tag
gokrb5.v7
/
messages
/
KDCRep_test.go

KDCRep_test.go 21 KB
Permalink Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315 
  1. package messages
    2. 

  2. 

  3. import (
    4. 

  4. 	"encoding/hex"
    5. 

  5. 	"fmt"
    6. 

  6. 	"testing"
    7. 

  7. 	"time"
    8. 

  8. 

  9. 	"github.com/stretchr/testify/assert"
    10. 

  10. 	"gopkg.in/jcmturner/gokrb5.v7/credentials"
    11. 

  11. 	"gopkg.in/jcmturner/gokrb5.v7/iana"
    12. 

  12. 	"gopkg.in/jcmturner/gokrb5.v7/iana/etypeID"
    13. 

  13. 	"gopkg.in/jcmturner/gokrb5.v7/iana/msgtype"
    14. 

  14. 	"gopkg.in/jcmturner/gokrb5.v7/iana/nametype"
    15. 

  15. 	"gopkg.in/jcmturner/gokrb5.v7/iana/patype"
    16. 

  16. 	"gopkg.in/jcmturner/gokrb5.v7/keytab"
    17. 

  17. 	"gopkg.in/jcmturner/gokrb5.v7/test/testdata"
    18. 

  18. )
    19. 

  19. 

  20. const (
    21. 

  21. 	testuser1EType18Keytab = "05020000004b0001000b544553542e474f4b5242350009746573747573657231000000015898e0770100120020bbdc430aab7e2d4622a0b6951481453b0962e9db8e2f168942ad175cda6d9de900000001"
    22. 

  22. 	testuser1EType18ASREP  = "6b8202f3308202efa003020105a10302010ba22e302c302aa103020113a2230421301f301da003020112a1161b14544553542e474f4b524235746573747573657231a30d1b0b544553542e474f4b524235a4163014a003020101a10d300b1b09746573747573657231a582015a6182015630820152a003020105a10d1b0b544553542e474f4b524235a220301ea003020102a11730151b066b72627467741b0b544553542e474f4b524235a382011830820114a003020112a103020101a28201060482010237e486e32cd18ab1ac9f8d42e93f8babd7b3497084cc5599f18ec61961c6d5242d350354d99d67a7604c451116188d16cb719e84377212eac2743440e8c504ef69c755e489cc6b65f935dd032bfc076f9b2c56d816197845b8fe857d738bc59712787631a50e86833d1b0e4732c8712c856417a6a257758e7d01d3182adb3233f0dde65d228c240ed26aa1af69f8d765dc0bc69096fdb037a75af220fea176839528d44b70f7dabfaa2ea506de1296f847176a60c501fd8cef8e0a51399bb6d5f753962d96292e93ffe344c6630db912931d46d88c0279f00719e22d0efcfd4ee33a702d0b660c1f13970a9beec12c0c8af3dda68bd81ac1fe3f126d2a24ebb445c5a682012c30820128a003020112a282011f0482011bb149cc16018072c4c18788d95a33aba540e52c11b54a93e67e788d05de75d8f3d4aa1afafbbfa6fde3eb40e5aa1890644cea2607efd5213a3fd00345b02eeb9ae1b589f36c74c689cd4ec1239dfe61e42ba6afa33f6240e3cfab291e4abb465d273302dbf7dbd148a299a9369044dd03377c1687e7dd36aa66501284a4ca50c0a7b08f4f87aecfa23b0dd0b11490e3ad330906dab715de81fc52f120d09c39990b8b5330d4601cc396b2ed258834329c4cc02c563a12de3ef9bf11e946258bc2ab5257f4caa4d443a7daf0fc25f6f531c2fcba88af8ca55c85300997cd05abbea52811fe2d038ba8f62fc8e3bc71ce04362d356ea2e1df8ac55c784c53cfb07817d48e39fe99fc8788040d98209c79dcf044d97e80de9f47824646"
    23. 

  23. 	testRealm              = "TEST.GOKRB5"
    24. 

  24. 	testUser               = "testuser1"
    25. 

  25. 	testUserPassword       = "passwordvalue"
    26. 

  26. )
    27. 

  27. 

  28. func TestUnmarshalASRep(t *testing.T) {
    29. 

  29. 	t.Parallel()
    30. 

  30. 	var a ASRep
    31. 

  31. 	b, err := hex.DecodeString(testdata.MarshaledKRB5as_rep)
    32. 

  32. 	if err != nil {
    33. 

  33. 		t.Fatalf("Test vector read error: %v", err)
    34. 

  34. 	}
    35. 

  35. 	err = a.Unmarshal(b)
    36. 

  36. 	if err != nil {
    37. 

  37. 		t.Fatalf("Unmarshal error: %v", err)
    38. 

  38. 	}
    39. 

  39. 	assert.Equal(t, iana.PVNO, a.PVNO, "PVNO not as expected")
    40. 

  40. 	assert.Equal(t, msgtype.KRB_AS_REP, a.MsgType, "MsgType not as expected")
    41. 

  41. 	assert.Equal(t, 2, len(a.PAData), "Number of PAData items in the sequence not as expected")
    42. 

  42. 	for i, pa := range a.PAData {
    43. 

  43. 		assert.Equal(t, patype.PA_SAM_RESPONSE, pa.PADataType, fmt.Sprintf("PAData type for entry %d not as expected", i+1))
    44. 

  44. 		assert.Equal(t, []byte(testdata.TEST_PADATA_VALUE), pa.PADataValue, fmt.Sprintf("PAData valye for entry %d not as expected", i+1))
    45. 

  45. 	}
    46. 

  46. 	assert.Equal(t, testdata.TEST_REALM, a.CRealm, "Client Realm not as expected")
    47. 

  47. 	assert.Equal(t, nametype.KRB_NT_PRINCIPAL, a.CName.NameType, "CName NameType not as expected")
    48. 

  48. 	assert.Equal(t, len(testdata.TEST_PRINCIPALNAME_NAMESTRING), len(a.CName.NameString), "CName does not have the expected number of NameStrings")
    49. 

  49. 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.CName.NameString, "CName entries not as expected")
    50. 

  50. 	assert.Equal(t, iana.PVNO, a.Ticket.TktVNO, "TktVNO not as expected")
    51. 

  51. 	assert.Equal(t, testdata.TEST_REALM, a.Ticket.Realm, "Ticket Realm not as expected")
    52. 

  52. 	assert.Equal(t, nametype.KRB_NT_PRINCIPAL, a.Ticket.SName.NameType, "Ticket service nametype not as expected")
    53. 

  53. 	assert.Equal(t, len(testdata.TEST_PRINCIPALNAME_NAMESTRING), len(a.Ticket.SName.NameString), "SName in ticket does not have the expected number of NameStrings")
    54. 

  54. 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.Ticket.SName.NameString, "Ticket SName entries not as expected")
    55. 

  55. 	assert.Equal(t, testdata.TEST_ETYPE, a.Ticket.EncPart.EType, "Etype of ticket encrypted part not as expected")
    56. 

  56. 	assert.Equal(t, iana.PVNO, a.Ticket.EncPart.KVNO, "Ticket encrypted part KVNO not as expected")
    57. 

  57. 	assert.Equal(t, testdata.TEST_CIPHERTEXT, string(a.Ticket.EncPart.Cipher), "Ticket encrypted part cipher not as expected")
    58. 

  58. 	assert.Equal(t, testdata.TEST_ETYPE, a.EncPart.EType, "Etype of encrypted part not as expected")
    59. 

  59. 	assert.Equal(t, iana.PVNO, a.EncPart.KVNO, "Encrypted part KVNO not as expected")
    60. 

  60. 	assert.Equal(t, testdata.TEST_CIPHERTEXT, string(a.EncPart.Cipher), "Ticket encrypted part cipher not as expected")
    61. 

  61. }
    62. 

  62. 

  63. func TestUnmarshalASRep_optionalsNULL(t *testing.T) {
    64. 

  64. 	t.Parallel()
    65. 

  65. 	var a ASRep
    66. 

  66. 	b, err := hex.DecodeString(testdata.MarshaledKRB5as_repOptionalsNULL)
    67. 

  67. 	if err != nil {
    68. 

  68. 		t.Fatalf("Test vector read error: %v", err)
    69. 

  69. 	}
    70. 

  70. 	err = a.Unmarshal(b)
    71. 

  71. 	if err != nil {
    72. 

  72. 		t.Fatalf("Unmarshal error: %v", err)
    73. 

  73. 	}
    74. 

  74. 	assert.Equal(t, iana.PVNO, a.PVNO, "PVNO not as expected")
    75. 

  75. 	assert.Equal(t, msgtype.KRB_AS_REP, a.MsgType, "MsgType not as expected")
    76. 

  76. 	assert.Equal(t, 0, len(a.PAData), "Number of PAData items in the sequence not as expected")
    77. 

  77. 	assert.Equal(t, testdata.TEST_REALM, a.CRealm, "Client Realm not as expected")
    78. 

  78. 	assert.Equal(t, nametype.KRB_NT_PRINCIPAL, a.CName.NameType, "CName NameType not as expected")
    79. 

  79. 	assert.Equal(t, len(testdata.TEST_PRINCIPALNAME_NAMESTRING), len(a.CName.NameString), "CName does not have the expected number of NameStrings")
    80. 

  80. 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.CName.NameString, "CName entries not as expected")
    81. 

  81. 	assert.Equal(t, iana.PVNO, a.Ticket.TktVNO, "TktVNO not as expected")
    82. 

  82. 	assert.Equal(t, testdata.TEST_REALM, a.Ticket.Realm, "Ticket Realm not as expected")
    83. 

  83. 	assert.Equal(t, nametype.KRB_NT_PRINCIPAL, a.Ticket.SName.NameType, "Ticket service nametype not as expected")
    84. 

  84. 	assert.Equal(t, len(testdata.TEST_PRINCIPALNAME_NAMESTRING), len(a.Ticket.SName.NameString), "SName in ticket does not have the expected number of NameStrings")
    85. 

  85. 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.Ticket.SName.NameString, "Ticket SName entries not as expected")
    86. 

  86. 	assert.Equal(t, testdata.TEST_ETYPE, a.Ticket.EncPart.EType, "Etype of ticket encrypted part not as expected")
    87. 

  87. 	assert.Equal(t, iana.PVNO, a.Ticket.EncPart.KVNO, "Ticket encrypted part KVNO not as expected")
    88. 

  88. 	assert.Equal(t, testdata.TEST_CIPHERTEXT, string(a.Ticket.EncPart.Cipher), "Ticket encrypted part cipher not as expected")
    89. 

  89. 	assert.Equal(t, testdata.TEST_ETYPE, a.EncPart.EType, "Etype of encrypted part not as expected")
    90. 

  90. 	assert.Equal(t, iana.PVNO, a.EncPart.KVNO, "Encrypted part KVNO not as expected")
    91. 

  91. 	assert.Equal(t, testdata.TEST_CIPHERTEXT, string(a.EncPart.Cipher), "Ticket encrypted part cipher not as expected")
    92. 

  92. }
    93. 

  93. 

  94. func TestUnmarshalTGSRep(t *testing.T) {
    95. 

  95. 	t.Parallel()
    96. 

  96. 	var a TGSRep
    97. 

  97. 	b, err := hex.DecodeString(testdata.MarshaledKRB5tgs_rep)
    98. 

  98. 	if err != nil {
    99. 

  99. 		t.Fatalf("Test vector read error: %v", err)
    100. 

  100. 	}
    101. 

  101. 	err = a.Unmarshal(b)
    102. 

  102. 	if err != nil {
    103. 

  103. 		t.Fatalf("Unmarshal error: %v", err)
    104. 

  104. 	}
    105. 

  105. 	assert.Equal(t, iana.PVNO, a.PVNO, "PVNO not as expected")
    106. 

  106. 	assert.Equal(t, msgtype.KRB_TGS_REP, a.MsgType, "MsgType not as expected")
    107. 

  107. 	assert.Equal(t, 2, len(a.PAData), "Number of PAData items in the sequence not as expected")
    108. 

  108. 	for i, pa := range a.PAData {
    109. 

  109. 		assert.Equal(t, patype.PA_SAM_RESPONSE, pa.PADataType, fmt.Sprintf("PAData type for entry %d not as expected", i+1))
    110. 

  110. 		assert.Equal(t, []byte(testdata.TEST_PADATA_VALUE), pa.PADataValue, fmt.Sprintf("PAData valye for entry %d not as expected", i+1))
    111. 

  111. 	}
    112. 

  112. 	assert.Equal(t, testdata.TEST_REALM, a.CRealm, "Client Realm not as expected")
    113. 

  113. 	assert.Equal(t, nametype.KRB_NT_PRINCIPAL, a.CName.NameType, "CName NameType not as expected")
    114. 

  114. 	assert.Equal(t, len(testdata.TEST_PRINCIPALNAME_NAMESTRING), len(a.CName.NameString), "CName does not have the expected number of NameStrings")
    115. 

  115. 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.CName.NameString, "CName entries not as expected")
    116. 

  116. 	assert.Equal(t, iana.PVNO, a.Ticket.TktVNO, "TktVNO not as expected")
    117. 

  117. 	assert.Equal(t, testdata.TEST_REALM, a.Ticket.Realm, "Ticket Realm not as expected")
    118. 

  118. 	assert.Equal(t, nametype.KRB_NT_PRINCIPAL, a.Ticket.SName.NameType, "Ticket service nametype not as expected")
    119. 

  119. 	assert.Equal(t, len(testdata.TEST_PRINCIPALNAME_NAMESTRING), len(a.Ticket.SName.NameString), "SName in ticket does not have the expected number of NameStrings")
    120. 

  120. 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.Ticket.SName.NameString, "Ticket SName entries not as expected")
    121. 

  121. 	assert.Equal(t, testdata.TEST_ETYPE, a.Ticket.EncPart.EType, "Etype of ticket encrypted part not as expected")
    122. 

  122. 	assert.Equal(t, iana.PVNO, a.Ticket.EncPart.KVNO, "Ticket encrypted part KVNO not as expected")
    123. 

  123. 	assert.Equal(t, testdata.TEST_CIPHERTEXT, string(a.Ticket.EncPart.Cipher), "Ticket encrypted part cipher not as expected")
    124. 

  124. 	assert.Equal(t, testdata.TEST_ETYPE, a.EncPart.EType, "Etype of encrypted part not as expected")
    125. 

  125. 	assert.Equal(t, iana.PVNO, a.EncPart.KVNO, "Encrypted part KVNO not as expected")
    126. 

  126. 	assert.Equal(t, testdata.TEST_CIPHERTEXT, string(a.EncPart.Cipher), "Ticket encrypted part cipher not as expected")
    127. 

  127. }
    128. 

  128. 

  129. func TestUnmarshalTGSRep_optionalsNULL(t *testing.T) {
    130. 

  130. 	t.Parallel()
    131. 

  131. 	var a TGSRep
    132. 

  132. 	b, err := hex.DecodeString(testdata.MarshaledKRB5tgs_repOptionalsNULL)
    133. 

  133. 	if err != nil {
    134. 

  134. 		t.Fatalf("Test vector read error: %v", err)
    135. 

  135. 	}
    136. 

  136. 	err = a.Unmarshal(b)
    137. 

  137. 	if err != nil {
    138. 

  138. 		t.Fatalf("Unmarshal error: %v", err)
    139. 

  139. 	}
    140. 

  140. 	assert.Equal(t, iana.PVNO, a.PVNO, "PVNO not as expected")
    141. 

  141. 	assert.Equal(t, msgtype.KRB_TGS_REP, a.MsgType, "MsgType not as expected")
    142. 

  142. 	assert.Equal(t, 0, len(a.PAData), "Number of PAData items in the sequence not as expected")
    143. 

  143. 	assert.Equal(t, testdata.TEST_REALM, a.CRealm, "Client Realm not as expected")
    144. 

  144. 	assert.Equal(t, nametype.KRB_NT_PRINCIPAL, a.CName.NameType, "CName NameType not as expected")
    145. 

  145. 	assert.Equal(t, len(testdata.TEST_PRINCIPALNAME_NAMESTRING), len(a.CName.NameString), "CName does not have the expected number of NameStrings")
    146. 

  146. 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.CName.NameString, "CName entries not as expected")
    147. 

  147. 	assert.Equal(t, iana.PVNO, a.Ticket.TktVNO, "TktVNO not as expected")
    148. 

  148. 	assert.Equal(t, testdata.TEST_REALM, a.Ticket.Realm, "Ticket Realm not as expected")
    149. 

  149. 	assert.Equal(t, nametype.KRB_NT_PRINCIPAL, a.Ticket.SName.NameType, "Ticket service nametype not as expected")
    150. 

  150. 	assert.Equal(t, len(testdata.TEST_PRINCIPALNAME_NAMESTRING), len(a.Ticket.SName.NameString), "SName in ticket does not have the expected number of NameStrings")
    151. 

  151. 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.Ticket.SName.NameString, "Ticket SName entries not as expected")
    152. 

  152. 	assert.Equal(t, testdata.TEST_ETYPE, a.Ticket.EncPart.EType, "Etype of ticket encrypted part not as expected")
    153. 

  153. 	assert.Equal(t, iana.PVNO, a.Ticket.EncPart.KVNO, "Ticket encrypted part KVNO not as expected")
    154. 

  154. 	assert.Equal(t, testdata.TEST_CIPHERTEXT, string(a.Ticket.EncPart.Cipher), "Ticket encrypted part cipher not as expected")
    155. 

  155. 	assert.Equal(t, testdata.TEST_ETYPE, a.EncPart.EType, "Etype of encrypted part not as expected")
    156. 

  156. 	assert.Equal(t, iana.PVNO, a.EncPart.KVNO, "Encrypted part KVNO not as expected")
    157. 

  157. 	assert.Equal(t, testdata.TEST_CIPHERTEXT, string(a.EncPart.Cipher), "Ticket encrypted part cipher not as expected")
    158. 

  158. }
    159. 

  159. 

  160. func TestUnmarshalEncKDCRepPart(t *testing.T) {
    161. 

  161. 	t.Parallel()
    162. 

  162. 	var a EncKDCRepPart
    163. 

  163. 	b, err := hex.DecodeString(testdata.MarshaledKRB5enc_kdc_rep_part)
    164. 

  164. 	if err != nil {
    165. 

  165. 		t.Fatalf("Test vector read error: %v", err)
    166. 

  166. 	}
    167. 

  167. 	err = a.Unmarshal(b)
    168. 

  168. 	if err != nil {
    169. 

  169. 		t.Fatalf("Unmarshal error: %v", err)
    170. 

  170. 	}
    171. 

  171. 	//Parse the test time value into a time.Time type
    172. 

  172. 	tt, _ := time.Parse(testdata.TEST_TIME_FORMAT, testdata.TEST_TIME)
    173. 

  173. 

  174. 	assert.Equal(t, int32(1), a.Key.KeyType, "Key type not as expected")
    175. 

  175. 	assert.Equal(t, []byte("12345678"), a.Key.KeyValue, "Key value not as expected")
    176. 

  176. 	assert.Equal(t, 2, len(a.LastReqs), "Number of last request entries not as expected")
    177. 

  177. 	for i, r := range a.LastReqs {
    178. 

  178. 		assert.Equal(t, int32(-5), r.LRType, fmt.Sprintf("Last request typ not as expected for last request entry %d", i+1))
    179. 

  179. 		assert.Equal(t, tt, r.LRValue, fmt.Sprintf("Last request time value not as expected for last request entry %d", i+1))
    180. 

  180. 	}
    181. 

  181. 	assert.Equal(t, testdata.TEST_NONCE, a.Nonce, "Nonce not as expected")
    182. 

  182. 	assert.Equal(t, tt, a.KeyExpiration, "key expiration time not as expected")
    183. 

  183. 	assert.Equal(t, "fedcba98", hex.EncodeToString(a.Flags.Bytes), "Flags not as expected")
    184. 

  184. 	assert.Equal(t, tt, a.AuthTime, "Auth time not as expected")
    185. 

  185. 	assert.Equal(t, tt, a.StartTime, "Start time not as expected")
    186. 

  186. 	assert.Equal(t, tt, a.EndTime, "End time not as expected")
    187. 

  187. 	assert.Equal(t, tt, a.RenewTill, "Renew Till time not as expected")
    188. 

  188. 	assert.Equal(t, testdata.TEST_REALM, a.SRealm, "SRealm not as expected")
    189. 

  189. 	assert.Equal(t, nametype.KRB_NT_PRINCIPAL, a.SName.NameType, "SName type not as expected")
    190. 

  190. 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.SName.NameString, "SName string entries not as expected")
    191. 

  191. 	assert.Equal(t, 2, len(a.CAddr), "Number of client addresses not as expected")
    192. 

  192. 	for i, addr := range a.CAddr {
    193. 

  193. 		assert.Equal(t, int32(2), addr.AddrType, fmt.Sprintf("Host address type not as expected for address item %d", i+1))
    194. 

  194. 		assert.Equal(t, "12d00023", hex.EncodeToString(addr.Address), fmt.Sprintf("Host address not as expected for address item %d", i+1))
    195. 

  195. 	}
    196. 

  196. }
    197. 

  197. 

  198. func TestUnmarshalEncKDCRepPart_optionalsNULL(t *testing.T) {
    199. 

  199. 	t.Parallel()
    200. 

  200. 	var a EncKDCRepPart
    201. 

  201. 	b, err := hex.DecodeString(testdata.MarshaledKRB5enc_kdc_rep_partOptionalsNULL)
    202. 

  202. 	if err != nil {
    203. 

  203. 		t.Fatalf("Test vector read error: %v", err)
    204. 

  204. 	}
    205. 

  205. 	err = a.Unmarshal(b)
    206. 

  206. 	if err != nil {
    207. 

  207. 		t.Fatalf("Unmarshal error: %v", err)
    208. 

  208. 	}
    209. 

  209. 	//Parse the test time value into a time.Time type
    210. 

  210. 	tt, _ := time.Parse(testdata.TEST_TIME_FORMAT, testdata.TEST_TIME)
    211. 

  211. 

  212. 	assert.Equal(t, int32(1), a.Key.KeyType, "Key type not as expected")
    213. 

  213. 	assert.Equal(t, []byte("12345678"), a.Key.KeyValue, "Key value not as expected")
    214. 

  214. 	assert.Equal(t, 2, len(a.LastReqs), "Number of last request entries not as expected")
    215. 

  215. 	for i, r := range a.LastReqs {
    216. 

  216. 		assert.Equal(t, int32(-5), r.LRType, fmt.Sprintf("Last request typ not as expected for last request entry %d", i+1))
    217. 

  217. 		assert.Equal(t, tt, r.LRValue, fmt.Sprintf("Last request time value not as expected for last request entry %d", i+1))
    218. 

  218. 	}
    219. 

  219. 	assert.Equal(t, testdata.TEST_NONCE, a.Nonce, "Nonce not as expected")
    220. 

  220. 	assert.Equal(t, "fe5cba98", hex.EncodeToString(a.Flags.Bytes), "Flags not as expected")
    221. 

  221. 	assert.Equal(t, tt, a.AuthTime, "Auth time not as expected")
    222. 

  222. 	assert.Equal(t, tt, a.EndTime, "End time not as expected")
    223. 

  223. 	assert.Equal(t, testdata.TEST_REALM, a.SRealm, "SRealm not as expected")
    224. 

  224. 	assert.Equal(t, nametype.KRB_NT_PRINCIPAL, a.SName.NameType, "SName type not as expected")
    225. 

  225. 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.SName.NameString, "SName string entries not as expected")
    226. 

  226. }
    227. 

  227. 

  228. func TestUnmarshalASRepDecodeAndDecrypt(t *testing.T) {
    229. 

  229. 	t.Parallel()
    230. 

  230. 	var asRep ASRep
    231. 

  231. 	b, _ := hex.DecodeString(testuser1EType18ASREP)
    232. 

  232. 	err := asRep.Unmarshal(b)
    233. 

  233. 	if err != nil {
    234. 

  234. 		t.Fatalf("AS REP Unmarshal error: %v\n", err)
    235. 

  235. 	}
    236. 

  236. 	assert.Equal(t, 5, asRep.PVNO, "PVNO not as expected")
    237. 

  237. 	assert.Equal(t, 11, asRep.MsgType, "MsgType not as expected")
    238. 

  238. 	assert.Equal(t, testRealm, asRep.CRealm, "Client Realm not as expected")
    239. 

  239. 	assert.Equal(t, int32(1), asRep.CName.NameType, "CName NameType not as expected")
    240. 

  240. 	assert.Equal(t, testUser, asRep.CName.NameString[0], "CName NameType not as expected")
    241. 

  241. 	assert.Equal(t, int32(19), asRep.PAData[0].PADataType, "PADataType not as expected")
    242. 

  242. 	assert.Equal(t, 5, asRep.Ticket.TktVNO, "TktVNO not as expected")
    243. 

  243. 	assert.Equal(t, testRealm, asRep.Ticket.Realm, "Ticket Realm not as expected")
    244. 

  244. 	assert.Equal(t, int32(2), asRep.Ticket.SName.NameType, "Ticket service nametype not as expected")
    245. 

  245. 	assert.Equal(t, "krbtgt", asRep.Ticket.SName.NameString[0], "Ticket service name string not as expected")
    246. 

  246. 	assert.Equal(t, testRealm, asRep.Ticket.SName.NameString[1], "Ticket service name string not as expected")
    247. 

  247. 	assert.Equal(t, etypeID.ETypesByName["aes256-cts-hmac-sha1-96"], asRep.Ticket.EncPart.EType, "Etype of ticket encrypted part not as expected")
    248. 

  248. 	assert.Equal(t, 1, asRep.Ticket.EncPart.KVNO, "Ticket encrypted part KVNO not as expected")
    249. 

  249. 	assert.Equal(t, etypeID.ETypesByName["aes256-cts-hmac-sha1-96"], asRep.EncPart.EType, "Etype of encrypted part not as expected")
    250. 

  250. 	assert.Equal(t, 0, asRep.EncPart.KVNO, "Encrypted part KVNO not as expected")
    251. 

  251. 	//t.Log("Finished testing unecrypted parts of AS REP")
    252. 

  252. 	ktb, _ := hex.DecodeString(testuser1EType18Keytab)
    253. 

  253. 	kt := keytab.New()
    254. 

  254. 	err = kt.Unmarshal(ktb)
    255. 

  255. 	if err != nil {
    256. 

  256. 		t.Fatalf("keytab parse error: %v\n", err)
    257. 

  257. 	}
    258. 

  258. 	cred := credentials.New(testUser, testRealm)
    259. 

  259. 	_, err = asRep.DecryptEncPart(cred.WithKeytab(kt))
    260. 

  260. 	if err != nil {
    261. 

  261. 		t.Fatalf("Decryption of AS_REP EncPart failed: %v", err)
    262. 

  262. 	}
    263. 

  263. 	assert.Equal(t, int32(18), asRep.DecryptedEncPart.Key.KeyType, "KeyType in decrypted EncPart not as expected")
    264. 

  264. 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.LastReqs[0].LRValue, "LastReqs did not have a time value")
    265. 

  265. 	assert.Equal(t, 2069991465, asRep.DecryptedEncPart.Nonce, "Nonce value not as expected")
    266. 

  266. 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.KeyExpiration, "Key expiration not a time type")
    267. 

  267. 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.AuthTime, "AuthTime not a time type")
    268. 

  268. 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.StartTime, "StartTime not a time type")
    269. 

  269. 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.EndTime, "StartTime not a time type")
    270. 

  270. 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.RenewTill, "RenewTill not a time type")
    271. 

  271. 	assert.Equal(t, testRealm, asRep.DecryptedEncPart.SRealm, "Service realm not as expected")
    272. 

  272. 	assert.Equal(t, int32(2), asRep.DecryptedEncPart.SName.NameType, "Name type for AS_REP not as expected")
    273. 

  273. 	assert.Equal(t, []string{"krbtgt", testRealm}, asRep.DecryptedEncPart.SName.NameString, "Service name string not as expected")
    274. 

  274. }
    275. 

  275. 

  276. func TestUnmarshalASRepDecodeAndDecrypt_withPassword(t *testing.T) {
    277. 

  277. 	t.Parallel()
    278. 

  278. 	var asRep ASRep
    279. 

  279. 	b, _ := hex.DecodeString(testuser1EType18ASREP)
    280. 

  280. 	err := asRep.Unmarshal(b)
    281. 

  281. 	if err != nil {
    282. 

  282. 		t.Fatalf("AS REP Unmarshal error: %v\n", err)
    283. 

  283. 	}
    284. 

  284. 	assert.Equal(t, 5, asRep.PVNO, "PVNO not as expected")
    285. 

  285. 	assert.Equal(t, 11, asRep.MsgType, "MsgType not as expected")
    286. 

  286. 	assert.Equal(t, testRealm, asRep.CRealm, "Client Realm not as expected")
    287. 

  287. 	assert.Equal(t, int32(1), asRep.CName.NameType, "CName NameType not as expected")
    288. 

  288. 	assert.Equal(t, testUser, asRep.CName.NameString[0], "CName NameType not as expected")
    289. 

  289. 	assert.Equal(t, int32(19), asRep.PAData[0].PADataType, "PADataType not as expected")
    290. 

  290. 	assert.Equal(t, 5, asRep.Ticket.TktVNO, "TktVNO not as expected")
    291. 

  291. 	assert.Equal(t, testRealm, asRep.Ticket.Realm, "Ticket Realm not as expected")
    292. 

  292. 	assert.Equal(t, int32(2), asRep.Ticket.SName.NameType, "Ticket service nametype not as expected")
    293. 

  293. 	assert.Equal(t, "krbtgt", asRep.Ticket.SName.NameString[0], "Ticket service name string not as expected")
    294. 

  294. 	assert.Equal(t, testRealm, asRep.Ticket.SName.NameString[1], "Ticket service name string not as expected")
    295. 

  295. 	assert.Equal(t, etypeID.AES256_CTS_HMAC_SHA1_96, asRep.Ticket.EncPart.EType, "Etype of ticket encrypted part not as expected")
    296. 

  296. 	assert.Equal(t, 1, asRep.Ticket.EncPart.KVNO, "Ticket encrypted part KVNO not as expected")
    297. 

  297. 	assert.Equal(t, etypeID.AES256_CTS_HMAC_SHA1_96, asRep.EncPart.EType, "Etype of encrypted part not as expected")
    298. 

  298. 	assert.Equal(t, 0, asRep.EncPart.KVNO, "Encrypted part KVNO not as expected")
    299. 

  299. 	cred := credentials.New(testUser, testRealm)
    300. 

  300. 	_, err = asRep.DecryptEncPart(cred.WithPassword(testUserPassword))
    301. 

  301. 	if err != nil {
    302. 

  302. 		t.Fatalf("Decryption of AS_REP EncPart failed: %v", err)
    303. 

  303. 	}
    304. 

  304. 	assert.Equal(t, int32(18), asRep.DecryptedEncPart.Key.KeyType, "KeyType in decrypted EncPart not as expected")
    305. 

  305. 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.LastReqs[0].LRValue, "LastReqs did not have a time value")
    306. 

  306. 	assert.Equal(t, 2069991465, asRep.DecryptedEncPart.Nonce, "Nonce value not as expected")
    307. 

  307. 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.KeyExpiration, "Key expiration not a time type")
    308. 

  308. 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.AuthTime, "AuthTime not a time type")
    309. 

  309. 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.StartTime, "StartTime not a time type")
    310. 

  310. 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.EndTime, "StartTime not a time type")
    311. 

  311. 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.RenewTill, "RenewTill not a time type")
    312. 

  312. 	assert.Equal(t, testRealm, asRep.DecryptedEncPart.SRealm, "Service realm not as expected")
    313. 

  313. 	assert.Equal(t, nametype.KRB_NT_SRV_INST, asRep.DecryptedEncPart.SName.NameType, "Name type for AS_REP not as expected")
    314. 

  314. 	assert.Equal(t, []string{"krbtgt", testRealm}, asRep.DecryptedEncPart.SName.NameString, "Service name string not as expected")
    315. 

  315. }
    316.