github.com/jcmturner/gokrb5/v8@v8.4.4/pac/pac_type_test.go (about) 1 package pac 2 3 import ( 4 "bytes" 5 "encoding/hex" 6 "fmt" 7 "log" 8 "testing" 9 10 "github.com/jcmturner/gokrb5/v8/keytab" 11 "github.com/jcmturner/gokrb5/v8/test/testdata" 12 "github.com/jcmturner/gokrb5/v8/types" 13 "github.com/stretchr/testify/assert" 14 ) 15 16 func TestPACTypeVerify(t *testing.T) { 17 t.Parallel() 18 b, err := hex.DecodeString(testdata.MarshaledPAC_AD_WIN2K_PAC) 19 if err != nil { 20 t.Fatalf("Test vector read error: %v", err) 21 } 22 var pac PACType 23 err = pac.Unmarshal(b) 24 if err != nil { 25 t.Fatalf("Error unmarshaling test data: %v", err) 26 } 27 28 b, _ = hex.DecodeString(testdata.KEYTAB_SYSHTTP_TEST_GOKRB5) 29 kt := keytab.New() 30 kt.Unmarshal(b) 31 pn, _ := types.ParseSPNString("sysHTTP") 32 key, _, err := kt.GetEncryptionKey(pn, "TEST.GOKRB5", 2, 18) 33 if err != nil { 34 t.Fatalf("Error getting key: %v", err) 35 } 36 w := bytes.NewBufferString("") 37 l := log.New(w, "", 0) 38 err = pac.ProcessPACInfoBuffers(key, l) 39 if err != nil { 40 t.Fatalf("Processing reference pac error: %v", err) 41 } 42 43 pacInvalidServerSig := pac 44 // Check the signature to force failure 45 pacInvalidServerSig.ServerChecksum.Signature[0] ^= 0xFF 46 pacInvalidNilKerbValidationInfo := pac 47 pacInvalidNilKerbValidationInfo.KerbValidationInfo = nil 48 pacInvalidNilServerSig := pac 49 pacInvalidNilServerSig.ServerChecksum = nil 50 pacInvalidNilKdcSig := pac 51 pacInvalidNilKdcSig.KDCChecksum = nil 52 pacInvalidClientInfo := pac 53 pacInvalidClientInfo.ClientInfo = nil 54 55 var pacs = []struct { 56 pac PACType 57 }{ 58 {pacInvalidServerSig}, 59 {pacInvalidNilKerbValidationInfo}, 60 {pacInvalidNilServerSig}, 61 {pacInvalidNilKdcSig}, 62 {pacInvalidClientInfo}, 63 } 64 for i, s := range pacs { 65 v, _ := s.pac.verify(key) 66 assert.False(t, v, fmt.Sprintf("Validation should have failed for test %v", i)) 67 } 68 69 }