3 files changed, 39 insertions, 66 deletions

diff --git a/src/libraries/System.Net.Security/tests/UnitTests/NTAuthenticationTests.cs b/src/libraries/System.Net.Security/tests/UnitTests/NTAuthenticationTests.cs
deleted file mode 100644
index da1e4d23e6d..00000000000
--- a/src/libraries/System.Net.Security/tests/UnitTests/NTAuthenticationTests.cs
+++ /dev/null
@@ -1,65 +0,0 @@
-// Licensed to the .NET Foundation under one or more agreements.
-// The .NET Foundation licenses this file to you under the MIT license.
-
-using System;
-using System.Buffers.Binary;
-using System.IO;
-using System.Net.Security;
-using System.Text;
-using System.Threading.Tasks;
-using System.Net.Test.Common;
-using Xunit;
-
-namespace System.Net.Security.Tests
-{
-    public class NTAuthenticationTests
-    {
-        private static bool IsNtlmInstalled => Capability.IsNtlmInstalled();
-
-        private static NetworkCredential s_testCredentialRight = new NetworkCredential("rightusername", "rightpassword");
-        private static readonly byte[] s_Hello = "Hello"u8.ToArray();
-
-        [ConditionalFact(nameof(IsNtlmInstalled))]
-        [ActiveIssue("https://github.com/dotnet/runtime/issues/65678", TestPlatforms.OSX | TestPlatforms.iOS | TestPlatforms.MacCatalyst)]
-        public void NtlmSignatureTest()
-        {
-            FakeNtlmServer fakeNtlmServer = new FakeNtlmServer(s_testCredentialRight);
-            NTAuthentication ntAuth = new NTAuthentication(
-                isServer: false, "NTLM", s_testCredentialRight, "HTTP/foo",
-                ContextFlagsPal.Connection | ContextFlagsPal.InitIntegrity | ContextFlagsPal.Confidentiality, null);
-
-            DoNtlmExchange(fakeNtlmServer, ntAuth);
-
-            Assert.True(fakeNtlmServer.IsAuthenticated);
-
-            // Test MakeSignature on client side and decoding it on server side
-            byte[]? output = null;
-            int len = ntAuth.Wrap(s_Hello, ref output, true);
-            Assert.NotNull(output);
-            Assert.Equal(16 + s_Hello.Length, len);
-            // Unseal the content and check it
-            byte[] temp = new byte[s_Hello.Length];
-            fakeNtlmServer.Unwrap(output, temp);
-            Assert.Equal(s_Hello, temp);
-
-            // Test creating signature on server side and decoding it with VerifySignature on client side 
-            byte[] serverSignedMessage = new byte[16 + s_Hello.Length];
-            fakeNtlmServer.Wrap(s_Hello, serverSignedMessage);
-            len = ntAuth.Unwrap(serverSignedMessage, out int newOffset, out _);
-            Assert.Equal(s_Hello.Length, len);
-            Assert.Equal(s_Hello, serverSignedMessage.AsSpan(newOffset, len).ToArray());
-        }
-
-        private void DoNtlmExchange(FakeNtlmServer fakeNtlmServer, NTAuthentication ntAuth)
-        {
-            byte[]? negotiateBlob = ntAuth.GetOutgoingBlob(null, throwOnError: false);
-            Assert.NotNull(negotiateBlob);
-            byte[]? challengeBlob = fakeNtlmServer.GetOutgoingBlob(negotiateBlob);
-            Assert.NotNull(challengeBlob);
-            byte[]? authenticateBlob = ntAuth.GetOutgoingBlob(challengeBlob, throwOnError: false);
-            Assert.NotNull(authenticateBlob);
-            byte[]? empty = fakeNtlmServer.GetOutgoingBlob(authenticateBlob);
-            Assert.Null(empty);
-        }
-    }
-}
diff --git a/src/libraries/System.Net.Security/tests/UnitTests/NegotiateAuthenticationTests.cs b/src/libraries/System.Net.Security/tests/UnitTests/NegotiateAuthenticationTests.cs
index 4cc089db463..0ccc266fa8e 100644
--- a/src/libraries/System.Net.Security/tests/UnitTests/NegotiateAuthenticationTests.cs
+++ b/src/libraries/System.Net.Security/tests/UnitTests/NegotiateAuthenticationTests.cs
@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System;
+using System.Buffers;
 using System.Buffers.Binary;
 using System.IO;
 using System.Net.Security;
@@ -186,6 +187,44 @@ namespace System.Net.Security.Tests
             Assert.False(fakeNtlmServer.IsAuthenticated);
         }
 
+        [ConditionalFact(nameof(IsNtlmAvailable))]
+        [ActiveIssue("https://github.com/dotnet/runtime/issues/65678", TestPlatforms.OSX | TestPlatforms.iOS | TestPlatforms.MacCatalyst)]
+        public void NtlmSignatureTest()
+        {
+            FakeNtlmServer fakeNtlmServer = new FakeNtlmServer(s_testCredentialRight);
+            NegotiateAuthentication ntAuth = new NegotiateAuthentication(
+                new NegotiateAuthenticationClientOptions
+                {
+                    Package = "NTLM",
+                    Credential = s_testCredentialRight,
+                    TargetName = "HTTP/foo",
+                    RequiredProtectionLevel = ProtectionLevel.EncryptAndSign
+                });
+
+            DoNtlmExchange(fakeNtlmServer, ntAuth);
+
+            Assert.True(fakeNtlmServer.IsAuthenticated);
+
+            // Test MakeSignature on client side and decoding it on server side
+            ArrayBufferWriter<byte> output = new ArrayBufferWriter<byte>();
+            NegotiateAuthenticationStatusCode statusCode;
+            statusCode = ntAuth.Wrap(s_Hello, output, ntAuth.IsEncrypted, out bool isEncrypted);
+            Assert.Equal(16 + s_Hello.Length, output.WrittenCount);
+            // Unseal the content and check it
+            byte[] temp = new byte[s_Hello.Length];
+            fakeNtlmServer.Unwrap(output.WrittenSpan, temp);
+            Assert.Equal(s_Hello, temp);
+
+            // Test creating signature on server side and decoding it with VerifySignature on client side 
+            byte[] serverSignedMessage = new byte[16 + s_Hello.Length];
+            fakeNtlmServer.Wrap(s_Hello, serverSignedMessage);
+            output.Clear();
+            statusCode = ntAuth.Unwrap(serverSignedMessage, output, out isEncrypted);
+            Assert.Equal(NegotiateAuthenticationStatusCode.Completed, statusCode);
+            Assert.Equal(s_Hello.Length, output.WrittenCount);
+            Assert.Equal(s_Hello, output.WrittenSpan.ToArray());
+        }
+
         private void DoNtlmExchange(FakeNtlmServer fakeNtlmServer, NegotiateAuthentication ntAuth)
         {
             NegotiateAuthenticationStatusCode statusCode;
diff --git a/src/libraries/System.Net.Security/tests/UnitTests/System.Net.Security.Unit.Tests.csproj b/src/libraries/System.Net.Security/tests/UnitTests/System.Net.Security.Unit.Tests.csproj
index 6492a3369b9..123346f7960 100644
--- a/src/libraries/System.Net.Security/tests/UnitTests/System.Net.Security.Unit.Tests.csproj
+++ b/src/libraries/System.Net.Security/tests/UnitTests/System.Net.Security.Unit.Tests.csproj
@@ -28,7 +28,6 @@
     <Compile Include="System\Security\Authentication\InvalidCredentialExceptionTest.cs" />
     <Compile Include="TlsAlertsMatchWindowsInterop.cs" />
     <Compile Include="MD4Tests.cs" />
-    <Compile Include="NTAuthenticationTests.cs" />
     <Compile Include="NegotiateAuthenticationTests.cs" />
     <!-- Fakes -->
     <Compile Include="Fakes\FakeSslStream.Implementation.cs" />