test(sspi): implement simple KDC mock (#429)

Author: TheBestTvarynka

Cargo.lock

@@ -54,7 +54,13 @@ use crate::{ClientRequestFlags, Error, ErrorKind, Result};
 
 const TGT_TICKET_LIFETIME_DAYS: i64 = 3;
 const NONCE_LEN: usize = 4;
-pub const MAX_MICROSECONDS_IN_SECOND: u32 = 999_999;
+/// [Microseconds](https://www.rfc-editor.org/rfc/rfc4120#section-5.2.4).
+/// The maximum microseconds value.
+///
+/// ```not_rust
+/// Microseconds    ::= INTEGER (0..999999)
+/// ```
+pub const MAX_MICROSECONDS: u32 = 999_999;
 const MD5_CHECKSUM_TYPE: [u8; 1] = [0x07];
 
 // Renewable, Canonicalize, and Renewable-ok are on by default
@@ -155,7 +161,7 @@ pub fn generate_pa_datas_for_as_req(options: &GenerateAsPaDataOptions) -> Result
 
     let mut pa_datas = if *with_pre_auth {
         let current_date = OffsetDateTime::now_utc();
-        let microseconds = current_date.microsecond().min(MAX_MICROSECONDS_IN_SECOND);
+        let microseconds = current_date.microsecond().min(MAX_MICROSECONDS);
 
         let timestamp = PaEncTsEnc {
             patimestamp: ExplicitContextTag0::from(KerberosTime::from(GeneralizedTime::from(current_date))),
@@ -548,8 +554,8 @@ pub fn generate_authenticator(options: GenerateAuthenticatorOptions) -> Result<A
 
     let current_date = OffsetDateTime::now_utc();
     let mut microseconds = current_date.microsecond();
-    if microseconds > MAX_MICROSECONDS_IN_SECOND {
-        microseconds = MAX_MICROSECONDS_IN_SECOND;
+    if microseconds > MAX_MICROSECONDS {
+        microseconds = MAX_MICROSECONDS;
     }
 
     let authorization_data = Optional::from(channel_bindings.as_ref().map(|_| {
@@ -611,7 +617,7 @@ pub fn generate_authenticator(options: GenerateAuthenticatorOptions) -> Result<A
 #[instrument(level = "trace", skip_all, ret)]
 pub fn generate_ap_rep(session_key: &[u8], seq_number: Vec<u8>, enc_params: &EncryptionParams) -> Result<ApRep> {
     let current_date = OffsetDateTime::now_utc();
-    let microseconds = current_date.microsecond().min(MAX_MICROSECONDS_IN_SECOND);
+    let microseconds = current_date.microsecond().min(MAX_MICROSECONDS);
 
     let encryption_type = enc_params.encryption_type.as_ref().unwrap_or(&DEFAULT_ENCRYPTION_TYPE);
 

src/kerberos/client/generators.rs

@@ -28,7 +28,7 @@ use serde::{Deserialize, Serialize};
 use sha1::{Digest, Sha1};
 use time::OffsetDateTime;
 
-use crate::kerberos::client::generators::MAX_MICROSECONDS_IN_SECOND;
+use crate::kerberos::client::generators::MAX_MICROSECONDS;
 use crate::{Error, ErrorKind, Result};
 
 /// [Generation of Client Request](https://www.rfc-editor.org/rfc/rfc4556.html#section-3.2.1)
@@ -101,8 +101,8 @@ pub fn generate_pa_datas_for_as_req(options: &GenerateAsPaDataOptions<'_>) -> Re
 
     let current_date = OffsetDateTime::now_utc();
     let mut microseconds = current_date.microsecond();
-    if microseconds > MAX_MICROSECONDS_IN_SECOND {
-        microseconds = MAX_MICROSECONDS_IN_SECOND;
+    if microseconds > MAX_MICROSECONDS {
+        microseconds = MAX_MICROSECONDS;
     }
 
     // [Generation of Client Request](https://www.rfc-editor.org/rfc/rfc4556.html#section-3.2.1)

src/pk_init.rs

@@ -32,7 +32,7 @@ use time::OffsetDateTime;
 use super::Pku2uConfig;
 use crate::crypto::compute_md5_channel_bindings_hash;
 use crate::kerberos::client::generators::{
-    AuthenticatorChecksumExtension, ChecksumOptions, EncKey, GenerateAuthenticatorOptions, MAX_MICROSECONDS_IN_SECOND,
+    AuthenticatorChecksumExtension, ChecksumOptions, EncKey, GenerateAuthenticatorOptions, MAX_MICROSECONDS,
 };
 use crate::pk_init::DhParameters;
 use crate::{Error, ErrorKind, Result, KERBEROS_VERSION};
@@ -217,8 +217,8 @@ pub fn generate_authenticator(options: GenerateAuthenticatorOptions) -> Result<A
 
     let current_date = OffsetDateTime::now_utc();
     let mut microseconds = current_date.microsecond();
-    if microseconds > MAX_MICROSECONDS_IN_SECOND {
-        microseconds = MAX_MICROSECONDS_IN_SECOND;
+    if microseconds > MAX_MICROSECONDS {
+        microseconds = MAX_MICROSECONDS;
     }
 
     let lsap_token = LsapTokenInfoIntegrity {