github.com/jcmturner/gokrb5/v8@v8.4.4/messages/KDCRep_test.go (about) 1 package messages 2 3 import ( 4 "encoding/hex" 5 "fmt" 6 "testing" 7 "time" 8 9 "github.com/jcmturner/gokrb5/v8/credentials" 10 "github.com/jcmturner/gokrb5/v8/iana" 11 "github.com/jcmturner/gokrb5/v8/iana/etypeID" 12 "github.com/jcmturner/gokrb5/v8/iana/msgtype" 13 "github.com/jcmturner/gokrb5/v8/iana/nametype" 14 "github.com/jcmturner/gokrb5/v8/iana/patype" 15 "github.com/jcmturner/gokrb5/v8/keytab" 16 "github.com/jcmturner/gokrb5/v8/test/testdata" 17 "github.com/stretchr/testify/assert" 18 ) 19 20 const ( 21 testuser1EType18Keytab = "05020000004b0001000b544553542e474f4b5242350009746573747573657231000000015898e0770100120020bbdc430aab7e2d4622a0b6951481453b0962e9db8e2f168942ad175cda6d9de900000001" 22 testuser1EType18ASREP = "6b8202f3308202efa003020105a10302010ba22e302c302aa103020113a2230421301f301da003020112a1161b14544553542e474f4b524235746573747573657231a30d1b0b544553542e474f4b524235a4163014a003020101a10d300b1b09746573747573657231a582015a6182015630820152a003020105a10d1b0b544553542e474f4b524235a220301ea003020102a11730151b066b72627467741b0b544553542e474f4b524235a382011830820114a003020112a103020101a28201060482010237e486e32cd18ab1ac9f8d42e93f8babd7b3497084cc5599f18ec61961c6d5242d350354d99d67a7604c451116188d16cb719e84377212eac2743440e8c504ef69c755e489cc6b65f935dd032bfc076f9b2c56d816197845b8fe857d738bc59712787631a50e86833d1b0e4732c8712c856417a6a257758e7d01d3182adb3233f0dde65d228c240ed26aa1af69f8d765dc0bc69096fdb037a75af220fea176839528d44b70f7dabfaa2ea506de1296f847176a60c501fd8cef8e0a51399bb6d5f753962d96292e93ffe344c6630db912931d46d88c0279f00719e22d0efcfd4ee33a702d0b660c1f13970a9beec12c0c8af3dda68bd81ac1fe3f126d2a24ebb445c5a682012c30820128a003020112a282011f0482011bb149cc16018072c4c18788d95a33aba540e52c11b54a93e67e788d05de75d8f3d4aa1afafbbfa6fde3eb40e5aa1890644cea2607efd5213a3fd00345b02eeb9ae1b589f36c74c689cd4ec1239dfe61e42ba6afa33f6240e3cfab291e4abb465d273302dbf7dbd148a299a9369044dd03377c1687e7dd36aa66501284a4ca50c0a7b08f4f87aecfa23b0dd0b11490e3ad330906dab715de81fc52f120d09c39990b8b5330d4601cc396b2ed258834329c4cc02c563a12de3ef9bf11e946258bc2ab5257f4caa4d443a7daf0fc25f6f531c2fcba88af8ca55c85300997cd05abbea52811fe2d038ba8f62fc8e3bc71ce04362d356ea2e1df8ac55c784c53cfb07817d48e39fe99fc8788040d98209c79dcf044d97e80de9f47824646" 23 testRealm = "TEST.GOKRB5" 24 testUser = "testuser1" 25 testUserPassword = "passwordvalue" 26 ) 27 28 func TestUnmarshalASRep(t *testing.T) { 29 t.Parallel() 30 var a ASRep 31 b, err := hex.DecodeString(testdata.MarshaledKRB5as_rep) 32 if err != nil { 33 t.Fatalf("Test vector read error: %v", err) 34 } 35 err = a.Unmarshal(b) 36 if err != nil { 37 t.Fatalf("Unmarshal error: %v", err) 38 } 39 assert.Equal(t, iana.PVNO, a.PVNO, "PVNO not as expected") 40 assert.Equal(t, msgtype.KRB_AS_REP, a.MsgType, "MsgType not as expected") 41 assert.Equal(t, 2, len(a.PAData), "Number of PAData items in the sequence not as expected") 42 for i, pa := range a.PAData { 43 assert.Equal(t, patype.PA_SAM_RESPONSE, pa.PADataType, fmt.Sprintf("PAData type for entry %d not as expected", i+1)) 44 assert.Equal(t, []byte(testdata.TEST_PADATA_VALUE), pa.PADataValue, fmt.Sprintf("PAData valye for entry %d not as expected", i+1)) 45 } 46 assert.Equal(t, testdata.TEST_REALM, a.CRealm, "Client Realm not as expected") 47 assert.Equal(t, nametype.KRB_NT_PRINCIPAL, a.CName.NameType, "CName NameType not as expected") 48 assert.Equal(t, len(testdata.TEST_PRINCIPALNAME_NAMESTRING), len(a.CName.NameString), "CName does not have the expected number of NameStrings") 49 assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.CName.NameString, "CName entries not as expected") 50 assert.Equal(t, iana.PVNO, a.Ticket.TktVNO, "TktVNO not as expected") 51 assert.Equal(t, testdata.TEST_REALM, a.Ticket.Realm, "Ticket Realm not as expected") 52 assert.Equal(t, nametype.KRB_NT_PRINCIPAL, a.Ticket.SName.NameType, "Ticket service nametype not as expected") 53 assert.Equal(t, len(testdata.TEST_PRINCIPALNAME_NAMESTRING), len(a.Ticket.SName.NameString), "SName in ticket does not have the expected number of NameStrings") 54 assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.Ticket.SName.NameString, "Ticket SName entries not as expected") 55 assert.Equal(t, testdata.TEST_ETYPE, a.Ticket.EncPart.EType, "Etype of ticket encrypted part not as expected") 56 assert.Equal(t, iana.PVNO, a.Ticket.EncPart.KVNO, "Ticket encrypted part KVNO not as expected") 57 assert.Equal(t, testdata.TEST_CIPHERTEXT, string(a.Ticket.EncPart.Cipher), "Ticket encrypted part cipher not as expected") 58 assert.Equal(t, testdata.TEST_ETYPE, a.EncPart.EType, "Etype of encrypted part not as expected") 59 assert.Equal(t, iana.PVNO, a.EncPart.KVNO, "Encrypted part KVNO not as expected") 60 assert.Equal(t, testdata.TEST_CIPHERTEXT, string(a.EncPart.Cipher), "Ticket encrypted part cipher not as expected") 61 } 62 63 func TestUnmarshalASRep_optionalsNULL(t *testing.T) { 64 t.Parallel() 65 var a ASRep 66 b, err := hex.DecodeString(testdata.MarshaledKRB5as_repOptionalsNULL) 67 if err != nil { 68 t.Fatalf("Test vector read error: %v", err) 69 } 70 err = a.Unmarshal(b) 71 if err != nil { 72 t.Fatalf("Unmarshal error: %v", err) 73 } 74 assert.Equal(t, iana.PVNO, a.PVNO, "PVNO not as expected") 75 assert.Equal(t, msgtype.KRB_AS_REP, a.MsgType, "MsgType not as expected") 76 assert.Equal(t, 0, len(a.PAData), "Number of PAData items in the sequence not as expected") 77 assert.Equal(t, testdata.TEST_REALM, a.CRealm, "Client Realm not as expected") 78 assert.Equal(t, nametype.KRB_NT_PRINCIPAL, a.CName.NameType, "CName NameType not as expected") 79 assert.Equal(t, len(testdata.TEST_PRINCIPALNAME_NAMESTRING), len(a.CName.NameString), "CName does not have the expected number of NameStrings") 80 assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.CName.NameString, "CName entries not as expected") 81 assert.Equal(t, iana.PVNO, a.Ticket.TktVNO, "TktVNO not as expected") 82 assert.Equal(t, testdata.TEST_REALM, a.Ticket.Realm, "Ticket Realm not as expected") 83 assert.Equal(t, nametype.KRB_NT_PRINCIPAL, a.Ticket.SName.NameType, "Ticket service nametype not as expected") 84 assert.Equal(t, len(testdata.TEST_PRINCIPALNAME_NAMESTRING), len(a.Ticket.SName.NameString), "SName in ticket does not have the expected number of NameStrings") 85 assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.Ticket.SName.NameString, "Ticket SName entries not as expected") 86 assert.Equal(t, testdata.TEST_ETYPE, a.Ticket.EncPart.EType, "Etype of ticket encrypted part not as expected") 87 assert.Equal(t, iana.PVNO, a.Ticket.EncPart.KVNO, "Ticket encrypted part KVNO not as expected") 88 assert.Equal(t, testdata.TEST_CIPHERTEXT, string(a.Ticket.EncPart.Cipher), "Ticket encrypted part cipher not as expected") 89 assert.Equal(t, testdata.TEST_ETYPE, a.EncPart.EType, "Etype of encrypted part not as expected") 90 assert.Equal(t, iana.PVNO, a.EncPart.KVNO, "Encrypted part KVNO not as expected") 91 assert.Equal(t, testdata.TEST_CIPHERTEXT, string(a.EncPart.Cipher), "Ticket encrypted part cipher not as expected") 92 } 93 94 func TestMarshalASRep(t *testing.T) { 95 t.Parallel() 96 var a ASRep 97 b, err := hex.DecodeString(testdata.MarshaledKRB5as_rep) 98 if err != nil { 99 t.Fatalf("Test vector read error: %v", err) 100 } 101 err = a.Unmarshal(b) 102 if err != nil { 103 t.Fatalf("Unmarshal error: %v", err) 104 } 105 mb, err := a.Marshal() 106 if err != nil { 107 t.Fatalf("Marshal errored: %v", err) 108 } 109 assert.Equal(t, b, mb, "Marshal bytes of ASRep not as expected") 110 } 111 112 func TestUnmarshalTGSRep(t *testing.T) { 113 t.Parallel() 114 var a TGSRep 115 b, err := hex.DecodeString(testdata.MarshaledKRB5tgs_rep) 116 if err != nil { 117 t.Fatalf("Test vector read error: %v", err) 118 } 119 err = a.Unmarshal(b) 120 if err != nil { 121 t.Fatalf("Unmarshal error: %v", err) 122 } 123 assert.Equal(t, iana.PVNO, a.PVNO, "PVNO not as expected") 124 assert.Equal(t, msgtype.KRB_TGS_REP, a.MsgType, "MsgType not as expected") 125 assert.Equal(t, 2, len(a.PAData), "Number of PAData items in the sequence not as expected") 126 for i, pa := range a.PAData { 127 assert.Equal(t, patype.PA_SAM_RESPONSE, pa.PADataType, fmt.Sprintf("PAData type for entry %d not as expected", i+1)) 128 assert.Equal(t, []byte(testdata.TEST_PADATA_VALUE), pa.PADataValue, fmt.Sprintf("PAData valye for entry %d not as expected", i+1)) 129 } 130 assert.Equal(t, testdata.TEST_REALM, a.CRealm, "Client Realm not as expected") 131 assert.Equal(t, nametype.KRB_NT_PRINCIPAL, a.CName.NameType, "CName NameType not as expected") 132 assert.Equal(t, len(testdata.TEST_PRINCIPALNAME_NAMESTRING), len(a.CName.NameString), "CName does not have the expected number of NameStrings") 133 assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.CName.NameString, "CName entries not as expected") 134 assert.Equal(t, iana.PVNO, a.Ticket.TktVNO, "TktVNO not as expected") 135 assert.Equal(t, testdata.TEST_REALM, a.Ticket.Realm, "Ticket Realm not as expected") 136 assert.Equal(t, nametype.KRB_NT_PRINCIPAL, a.Ticket.SName.NameType, "Ticket service nametype not as expected") 137 assert.Equal(t, len(testdata.TEST_PRINCIPALNAME_NAMESTRING), len(a.Ticket.SName.NameString), "SName in ticket does not have the expected number of NameStrings") 138 assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.Ticket.SName.NameString, "Ticket SName entries not as expected") 139 assert.Equal(t, testdata.TEST_ETYPE, a.Ticket.EncPart.EType, "Etype of ticket encrypted part not as expected") 140 assert.Equal(t, iana.PVNO, a.Ticket.EncPart.KVNO, "Ticket encrypted part KVNO not as expected") 141 assert.Equal(t, testdata.TEST_CIPHERTEXT, string(a.Ticket.EncPart.Cipher), "Ticket encrypted part cipher not as expected") 142 assert.Equal(t, testdata.TEST_ETYPE, a.EncPart.EType, "Etype of encrypted part not as expected") 143 assert.Equal(t, iana.PVNO, a.EncPart.KVNO, "Encrypted part KVNO not as expected") 144 assert.Equal(t, testdata.TEST_CIPHERTEXT, string(a.EncPart.Cipher), "Ticket encrypted part cipher not as expected") 145 } 146 147 func TestUnmarshalTGSRep_optionalsNULL(t *testing.T) { 148 t.Parallel() 149 var a TGSRep 150 b, err := hex.DecodeString(testdata.MarshaledKRB5tgs_repOptionalsNULL) 151 if err != nil { 152 t.Fatalf("Test vector read error: %v", err) 153 } 154 err = a.Unmarshal(b) 155 if err != nil { 156 t.Fatalf("Unmarshal error: %v", err) 157 } 158 assert.Equal(t, iana.PVNO, a.PVNO, "PVNO not as expected") 159 assert.Equal(t, msgtype.KRB_TGS_REP, a.MsgType, "MsgType not as expected") 160 assert.Equal(t, 0, len(a.PAData), "Number of PAData items in the sequence not as expected") 161 assert.Equal(t, testdata.TEST_REALM, a.CRealm, "Client Realm not as expected") 162 assert.Equal(t, nametype.KRB_NT_PRINCIPAL, a.CName.NameType, "CName NameType not as expected") 163 assert.Equal(t, len(testdata.TEST_PRINCIPALNAME_NAMESTRING), len(a.CName.NameString), "CName does not have the expected number of NameStrings") 164 assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.CName.NameString, "CName entries not as expected") 165 assert.Equal(t, iana.PVNO, a.Ticket.TktVNO, "TktVNO not as expected") 166 assert.Equal(t, testdata.TEST_REALM, a.Ticket.Realm, "Ticket Realm not as expected") 167 assert.Equal(t, nametype.KRB_NT_PRINCIPAL, a.Ticket.SName.NameType, "Ticket service nametype not as expected") 168 assert.Equal(t, len(testdata.TEST_PRINCIPALNAME_NAMESTRING), len(a.Ticket.SName.NameString), "SName in ticket does not have the expected number of NameStrings") 169 assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.Ticket.SName.NameString, "Ticket SName entries not as expected") 170 assert.Equal(t, testdata.TEST_ETYPE, a.Ticket.EncPart.EType, "Etype of ticket encrypted part not as expected") 171 assert.Equal(t, iana.PVNO, a.Ticket.EncPart.KVNO, "Ticket encrypted part KVNO not as expected") 172 assert.Equal(t, testdata.TEST_CIPHERTEXT, string(a.Ticket.EncPart.Cipher), "Ticket encrypted part cipher not as expected") 173 assert.Equal(t, testdata.TEST_ETYPE, a.EncPart.EType, "Etype of encrypted part not as expected") 174 assert.Equal(t, iana.PVNO, a.EncPart.KVNO, "Encrypted part KVNO not as expected") 175 assert.Equal(t, testdata.TEST_CIPHERTEXT, string(a.EncPart.Cipher), "Ticket encrypted part cipher not as expected") 176 } 177 178 func TestMarshalTGSRep(t *testing.T) { 179 t.Parallel() 180 var a TGSRep 181 b, err := hex.DecodeString(testdata.MarshaledKRB5tgs_rep) 182 if err != nil { 183 t.Fatalf("Test vector read error: %v", err) 184 } 185 err = a.Unmarshal(b) 186 if err != nil { 187 t.Fatalf("Unmarshal error: %v", err) 188 } 189 mb, err := a.Marshal() 190 if err != nil { 191 t.Fatalf("Marshal errored: %v", err) 192 } 193 assert.Equal(t, b, mb, "Marshal bytes of TGSRep not as expected") 194 } 195 196 func TestUnmarshalEncKDCRepPart(t *testing.T) { 197 t.Parallel() 198 var a EncKDCRepPart 199 b, err := hex.DecodeString(testdata.MarshaledKRB5enc_kdc_rep_part) 200 if err != nil { 201 t.Fatalf("Test vector read error: %v", err) 202 } 203 err = a.Unmarshal(b) 204 if err != nil { 205 t.Fatalf("Unmarshal error: %v", err) 206 } 207 //Parse the test time value into a time.Time type 208 tt, _ := time.Parse(testdata.TEST_TIME_FORMAT, testdata.TEST_TIME) 209 210 assert.Equal(t, int32(1), a.Key.KeyType, "Key type not as expected") 211 assert.Equal(t, []byte("12345678"), a.Key.KeyValue, "Key value not as expected") 212 assert.Equal(t, 2, len(a.LastReqs), "Number of last request entries not as expected") 213 for i, r := range a.LastReqs { 214 assert.Equal(t, int32(-5), r.LRType, fmt.Sprintf("Last request typ not as expected for last request entry %d", i+1)) 215 assert.Equal(t, tt, r.LRValue, fmt.Sprintf("Last request time value not as expected for last request entry %d", i+1)) 216 } 217 assert.Equal(t, testdata.TEST_NONCE, a.Nonce, "Nonce not as expected") 218 assert.Equal(t, tt, a.KeyExpiration, "key expiration time not as expected") 219 assert.Equal(t, "fedcba98", hex.EncodeToString(a.Flags.Bytes), "Flags not as expected") 220 assert.Equal(t, tt, a.AuthTime, "Auth time not as expected") 221 assert.Equal(t, tt, a.StartTime, "Start time not as expected") 222 assert.Equal(t, tt, a.EndTime, "End time not as expected") 223 assert.Equal(t, tt, a.RenewTill, "Renew Till time not as expected") 224 assert.Equal(t, testdata.TEST_REALM, a.SRealm, "SRealm not as expected") 225 assert.Equal(t, nametype.KRB_NT_PRINCIPAL, a.SName.NameType, "SName type not as expected") 226 assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.SName.NameString, "SName string entries not as expected") 227 assert.Equal(t, 2, len(a.CAddr), "Number of client addresses not as expected") 228 for i, addr := range a.CAddr { 229 assert.Equal(t, int32(2), addr.AddrType, fmt.Sprintf("Host address type not as expected for address item %d", i+1)) 230 assert.Equal(t, "12d00023", hex.EncodeToString(addr.Address), fmt.Sprintf("Host address not as expected for address item %d", i+1)) 231 } 232 } 233 234 func TestUnmarshalEncKDCRepPart_optionalsNULL(t *testing.T) { 235 t.Parallel() 236 var a EncKDCRepPart 237 b, err := hex.DecodeString(testdata.MarshaledKRB5enc_kdc_rep_partOptionalsNULL) 238 if err != nil { 239 t.Fatalf("Test vector read error: %v", err) 240 } 241 err = a.Unmarshal(b) 242 if err != nil { 243 t.Fatalf("Unmarshal error: %v", err) 244 } 245 //Parse the test time value into a time.Time type 246 tt, _ := time.Parse(testdata.TEST_TIME_FORMAT, testdata.TEST_TIME) 247 248 assert.Equal(t, int32(1), a.Key.KeyType, "Key type not as expected") 249 assert.Equal(t, []byte("12345678"), a.Key.KeyValue, "Key value not as expected") 250 assert.Equal(t, 2, len(a.LastReqs), "Number of last request entries not as expected") 251 for i, r := range a.LastReqs { 252 assert.Equal(t, int32(-5), r.LRType, fmt.Sprintf("Last request typ not as expected for last request entry %d", i+1)) 253 assert.Equal(t, tt, r.LRValue, fmt.Sprintf("Last request time value not as expected for last request entry %d", i+1)) 254 } 255 assert.Equal(t, testdata.TEST_NONCE, a.Nonce, "Nonce not as expected") 256 assert.Equal(t, "fe5cba98", hex.EncodeToString(a.Flags.Bytes), "Flags not as expected") 257 assert.Equal(t, tt, a.AuthTime, "Auth time not as expected") 258 assert.Equal(t, tt, a.EndTime, "End time not as expected") 259 assert.Equal(t, testdata.TEST_REALM, a.SRealm, "SRealm not as expected") 260 assert.Equal(t, nametype.KRB_NT_PRINCIPAL, a.SName.NameType, "SName type not as expected") 261 assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.SName.NameString, "SName string entries not as expected") 262 } 263 264 func TestUnmarshalASRepDecodeAndDecrypt(t *testing.T) { 265 t.Parallel() 266 var asRep ASRep 267 b, _ := hex.DecodeString(testuser1EType18ASREP) 268 err := asRep.Unmarshal(b) 269 if err != nil { 270 t.Fatalf("AS REP Unmarshal error: %v\n", err) 271 } 272 assert.Equal(t, 5, asRep.PVNO, "PVNO not as expected") 273 assert.Equal(t, 11, asRep.MsgType, "MsgType not as expected") 274 assert.Equal(t, testRealm, asRep.CRealm, "Client Realm not as expected") 275 assert.Equal(t, int32(1), asRep.CName.NameType, "CName NameType not as expected") 276 assert.Equal(t, testUser, asRep.CName.NameString[0], "CName NameType not as expected") 277 assert.Equal(t, int32(19), asRep.PAData[0].PADataType, "PADataType not as expected") 278 assert.Equal(t, 5, asRep.Ticket.TktVNO, "TktVNO not as expected") 279 assert.Equal(t, testRealm, asRep.Ticket.Realm, "Ticket Realm not as expected") 280 assert.Equal(t, int32(2), asRep.Ticket.SName.NameType, "Ticket service nametype not as expected") 281 assert.Equal(t, "krbtgt", asRep.Ticket.SName.NameString[0], "Ticket service name string not as expected") 282 assert.Equal(t, testRealm, asRep.Ticket.SName.NameString[1], "Ticket service name string not as expected") 283 assert.Equal(t, etypeID.ETypesByName["aes256-cts-hmac-sha1-96"], asRep.Ticket.EncPart.EType, "Etype of ticket encrypted part not as expected") 284 assert.Equal(t, 1, asRep.Ticket.EncPart.KVNO, "Ticket encrypted part KVNO not as expected") 285 assert.Equal(t, etypeID.ETypesByName["aes256-cts-hmac-sha1-96"], asRep.EncPart.EType, "Etype of encrypted part not as expected") 286 assert.Equal(t, 0, asRep.EncPart.KVNO, "Encrypted part KVNO not as expected") 287 //t.Log("Finished testing unecrypted parts of AS REP") 288 ktb, _ := hex.DecodeString(testuser1EType18Keytab) 289 kt := keytab.New() 290 err = kt.Unmarshal(ktb) 291 if err != nil { 292 t.Fatalf("keytab parse error: %v\n", err) 293 } 294 cred := credentials.New(testUser, testRealm) 295 _, err = asRep.DecryptEncPart(cred.WithKeytab(kt)) 296 if err != nil { 297 t.Fatalf("Decryption of AS_REP EncPart failed: %v", err) 298 } 299 assert.Equal(t, int32(18), asRep.DecryptedEncPart.Key.KeyType, "KeyType in decrypted EncPart not as expected") 300 assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.LastReqs[0].LRValue, "LastReqs did not have a time value") 301 assert.Equal(t, 2069991465, asRep.DecryptedEncPart.Nonce, "Nonce value not as expected") 302 assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.KeyExpiration, "Key expiration not a time type") 303 assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.AuthTime, "AuthTime not a time type") 304 assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.StartTime, "StartTime not a time type") 305 assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.EndTime, "StartTime not a time type") 306 assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.RenewTill, "RenewTill not a time type") 307 assert.Equal(t, testRealm, asRep.DecryptedEncPart.SRealm, "Service realm not as expected") 308 assert.Equal(t, int32(2), asRep.DecryptedEncPart.SName.NameType, "Name type for AS_REP not as expected") 309 assert.Equal(t, []string{"krbtgt", testRealm}, asRep.DecryptedEncPart.SName.NameString, "Service name string not as expected") 310 } 311 312 func TestUnmarshalASRepDecodeAndDecrypt_withPassword(t *testing.T) { 313 t.Parallel() 314 var asRep ASRep 315 b, _ := hex.DecodeString(testuser1EType18ASREP) 316 err := asRep.Unmarshal(b) 317 if err != nil { 318 t.Fatalf("AS REP Unmarshal error: %v\n", err) 319 } 320 assert.Equal(t, 5, asRep.PVNO, "PVNO not as expected") 321 assert.Equal(t, 11, asRep.MsgType, "MsgType not as expected") 322 assert.Equal(t, testRealm, asRep.CRealm, "Client Realm not as expected") 323 assert.Equal(t, int32(1), asRep.CName.NameType, "CName NameType not as expected") 324 assert.Equal(t, testUser, asRep.CName.NameString[0], "CName NameType not as expected") 325 assert.Equal(t, int32(19), asRep.PAData[0].PADataType, "PADataType not as expected") 326 assert.Equal(t, 5, asRep.Ticket.TktVNO, "TktVNO not as expected") 327 assert.Equal(t, testRealm, asRep.Ticket.Realm, "Ticket Realm not as expected") 328 assert.Equal(t, int32(2), asRep.Ticket.SName.NameType, "Ticket service nametype not as expected") 329 assert.Equal(t, "krbtgt", asRep.Ticket.SName.NameString[0], "Ticket service name string not as expected") 330 assert.Equal(t, testRealm, asRep.Ticket.SName.NameString[1], "Ticket service name string not as expected") 331 assert.Equal(t, etypeID.AES256_CTS_HMAC_SHA1_96, asRep.Ticket.EncPart.EType, "Etype of ticket encrypted part not as expected") 332 assert.Equal(t, 1, asRep.Ticket.EncPart.KVNO, "Ticket encrypted part KVNO not as expected") 333 assert.Equal(t, etypeID.AES256_CTS_HMAC_SHA1_96, asRep.EncPart.EType, "Etype of encrypted part not as expected") 334 assert.Equal(t, 0, asRep.EncPart.KVNO, "Encrypted part KVNO not as expected") 335 cred := credentials.New(testUser, testRealm) 336 _, err = asRep.DecryptEncPart(cred.WithPassword(testUserPassword)) 337 if err != nil { 338 t.Fatalf("Decryption of AS_REP EncPart failed: %v", err) 339 } 340 assert.Equal(t, int32(18), asRep.DecryptedEncPart.Key.KeyType, "KeyType in decrypted EncPart not as expected") 341 assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.LastReqs[0].LRValue, "LastReqs did not have a time value") 342 assert.Equal(t, 2069991465, asRep.DecryptedEncPart.Nonce, "Nonce value not as expected") 343 assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.KeyExpiration, "Key expiration not a time type") 344 assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.AuthTime, "AuthTime not a time type") 345 assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.StartTime, "StartTime not a time type") 346 assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.EndTime, "StartTime not a time type") 347 assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.RenewTill, "RenewTill not a time type") 348 assert.Equal(t, testRealm, asRep.DecryptedEncPart.SRealm, "Service realm not as expected") 349 assert.Equal(t, nametype.KRB_NT_SRV_INST, asRep.DecryptedEncPart.SName.NameType, "Name type for AS_REP not as expected") 350 assert.Equal(t, []string{"krbtgt", testRealm}, asRep.DecryptedEncPart.SName.NameString, "Service name string not as expected") 351 }