From b2e8daf3207f2e82a8b55b064c9407df5708848d Mon Sep 17 00:00:00 2001
From: Filip Navara <navara@emclient.com>
Date: Tue, 12 Jul 2022 20:33:55 +0200
Subject: [PATCH] Add test for #71463 with invalid tokens

---
 .../NegotiateAuthenticationKerberosTest.cs    | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/src/libraries/System.Net.Security/tests/FunctionalTests/NegotiateAuthenticationKerberosTest.cs b/src/libraries/System.Net.Security/tests/FunctionalTests/NegotiateAuthenticationKerberosTest.cs
index 7cfdf5455b01e7..3bb9a1ad5cc2f8 100644
--- a/src/libraries/System.Net.Security/tests/FunctionalTests/NegotiateAuthenticationKerberosTest.cs
+++ b/src/libraries/System.Net.Security/tests/FunctionalTests/NegotiateAuthenticationKerberosTest.cs
@@ -60,5 +60,25 @@ await kerberosExecutor.Invoke(() =>
                 Assert.True(serverNegotiateAuthentication.IsAuthenticated);
             });
         }
+
+        [Fact]
+        public async void Invalid_Token()
+        {
+            using var kerberosExecutor = new KerberosExecutor(_testOutputHelper, "LINUX.CONTOSO.COM");
+            // Force a non-empty keytab to make macOS happy
+            kerberosExecutor.AddService("HTTP/linux.contoso.com");
+            await kerberosExecutor.Invoke(() =>
+            {
+                NegotiateAuthentication ntAuth = new NegotiateAuthentication(new NegotiateAuthenticationServerOptions { });
+                // Ask for NegHints
+                byte[] blob = ntAuth.GetOutgoingBlob((ReadOnlySpan<byte>)default, out NegotiateAuthenticationStatusCode statusCode);
+                Assert.Equal(NegotiateAuthenticationStatusCode.ContinueNeeded, statusCode);
+                Assert.NotNull(blob);
+                // Send garbage token
+                blob = ntAuth.GetOutgoingBlob(new byte[3], out statusCode);
+                Assert.True(statusCode >= NegotiateAuthenticationStatusCode.GenericFailure);
+                Assert.Null(blob);
+            });
+        }
     }
 }