jcifs.ntlmssp.NtlmFlags Java Exaples

Source File: NtlmContext.java From jcifs with GNU Lesser General Public License v2.1

6 votes

/**
 * @param tc
 *            context to use
 * @param auth
 *            credentials
 * @param doSigning
 *            whether signing is requested
 */
public NtlmContext ( CIFSContext tc, NtlmPasswordAuthenticator auth, boolean doSigning ) {
    this.transportContext = tc;
    this.auth = auth;
    this.ntlmsspFlags = this.ntlmsspFlags | NtlmFlags.NTLMSSP_REQUEST_TARGET | NtlmFlags.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
            | NtlmFlags.NTLMSSP_NEGOTIATE_128;
    if ( !auth.isAnonymous() ) {
        this.ntlmsspFlags |= NtlmFlags.NTLMSSP_NEGOTIATE_SIGN | NtlmFlags.NTLMSSP_NEGOTIATE_ALWAYS_SIGN | NtlmFlags.NTLMSSP_NEGOTIATE_KEY_EXCH;
    }
    else if ( auth.isGuest() ) {
        this.ntlmsspFlags |= NtlmFlags.NTLMSSP_NEGOTIATE_KEY_EXCH;
    }
    else {
        this.ntlmsspFlags |= NtlmFlags.NTLMSSP_NEGOTIATE_ANONYMOUS;
    }
    this.requireKeyExchange = doSigning;
    this.workstation = tc.getConfig().getNetbiosHostname();
}

Source File: NtlmContext.java From jcifs-ng with GNU Lesser General Public License v2.1

6 votes

/**
 * @param tc
 *            context to use
 * @param auth
 *            credentials
 * @param doSigning
 *            whether signing is requested
 */
public NtlmContext ( CIFSContext tc, NtlmPasswordAuthenticator auth, boolean doSigning ) {
    this.transportContext = tc;
    this.auth = auth;
    this.ntlmsspFlags = this.ntlmsspFlags | NtlmFlags.NTLMSSP_REQUEST_TARGET | NtlmFlags.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
            | NtlmFlags.NTLMSSP_NEGOTIATE_128;
    if ( !auth.isAnonymous() ) {
        this.ntlmsspFlags |= NtlmFlags.NTLMSSP_NEGOTIATE_SIGN | NtlmFlags.NTLMSSP_NEGOTIATE_ALWAYS_SIGN | NtlmFlags.NTLMSSP_NEGOTIATE_KEY_EXCH;
    }
    else if ( auth.isGuest() ) {
        this.ntlmsspFlags |= NtlmFlags.NTLMSSP_NEGOTIATE_KEY_EXCH;
    }
    else {
        this.ntlmsspFlags |= NtlmFlags.NTLMSSP_NEGOTIATE_ANONYMOUS;
    }
    this.requireKeyExchange = doSigning;
    this.workstation = tc.getConfig().getNetbiosHostname();
}

Source File: NtlmTest.java From jcifs with GNU Lesser General Public License v2.1

5 votes

@Test
public void testParsingType2Target () throws IOException {
    int flags = NtlmFlags.NTLMSSP_REQUEST_TARGET;
    String target = "TARGET";
    byte[] challenge = new byte[] {
        0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8
    };

    Type2Message t2 = new Type2Message(this.context, flags, challenge, target);
    Type2Message parsed = new Type2Message(t2.toByteArray());
    assertArrayEquals(challenge, parsed.getChallenge());
    assertEquals(target, parsed.getTarget());
}

Source File: NtlmTest.java From jcifs-ng with GNU Lesser General Public License v2.1

5 votes

@Test
public void testParsingType1 () throws IOException {
    int flags = 0x80000000;
    String suppliedDomain = "TESTDOM";
    String suppliedWorkstation = "TESTWS";
    Type1Message t1 = new Type1Message(this.context, flags, suppliedDomain, suppliedWorkstation);

    int origFlags = t1.getFlags();

    Type1Message parsed = new Type1Message(t1.toByteArray());

    assertEquals(origFlags, parsed.getFlags());

    if ( parsed.getFlag(NtlmFlags.NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED) ) {
        assertEquals(suppliedDomain, parsed.getSuppliedDomain());
    }

    if ( parsed.getFlag(NtlmFlags.NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED) ) {
        assertEquals(suppliedWorkstation, parsed.getSuppliedWorkstation());
    }
}

Source File: NtlmTest.java From jcifs-ng with GNU Lesser General Public License v2.1

5 votes

@Test
public void testParsingType2Target () throws IOException {
    int flags = NtlmFlags.NTLMSSP_REQUEST_TARGET;
    String target = "TARGET";
    byte[] challenge = new byte[] {
        0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8
    };

    Type2Message t2 = new Type2Message(this.context, flags, challenge, target);
    Type2Message parsed = new Type2Message(t2.toByteArray());
    assertArrayEquals(challenge, parsed.getChallenge());
    assertEquals(target, parsed.getTarget());
}

Source File: NtlmContext.java From jcifs with GNU Lesser General Public License v2.1

4 votes

@Override
public byte[] calculateMIC ( byte[] data ) throws CIFSException {
    byte[] sk = this.signKey;
    if ( sk == null ) {
        throw new CIFSException("Signing is not initialized");
    }

    int seqNum = this.signSequence.getAndIncrement();
    byte[] seqBytes = new byte[4];
    SMBUtil.writeInt4(seqNum, seqBytes, 0);

    MessageDigest mac = Crypto.getHMACT64(sk);
    mac.update(seqBytes); // sequence
    mac.update(data); // data
    byte[] dgst = mac.digest();
    byte[] trunc = new byte[8];
    System.arraycopy(dgst, 0, trunc, 0, 8);

    if ( log.isDebugEnabled() ) {
        log.debug("Digest " + Hexdump.toHexString(dgst));
        log.debug("Truncated " + Hexdump.toHexString(trunc));
    }

    if ( ( this.ntlmsspFlags & NtlmFlags.NTLMSSP_NEGOTIATE_KEY_EXCH ) != 0 ) {
        try {
            trunc = this.sealClientHandle.doFinal(trunc);
            if ( log.isDebugEnabled() ) {
                log.debug("Encrypted " + Hexdump.toHexString(trunc));
            }
        }
        catch ( GeneralSecurityException e ) {
            throw new CIFSException("Failed to encrypt MIC", e);
        }
    }

    byte[] sig = new byte[16];
    SMBUtil.writeInt4(1, sig, 0); // version
    System.arraycopy(trunc, 0, sig, 4, 8); // checksum
    SMBUtil.writeInt4(seqNum, sig, 12); // seqNum

    return sig;
}

Source File: NtlmContext.java From jcifs with GNU Lesser General Public License v2.1

4 votes

@Override
public void verifyMIC ( byte[] data, byte[] mic ) throws CIFSException {
    byte[] sk = this.verifyKey;
    if ( sk == null ) {
        throw new CIFSException("Signing is not initialized");
    }

    int ver = SMBUtil.readInt4(mic, 0);
    if ( ver != 1 ) {
        throw new SmbUnsupportedOperationException("Invalid signature version");
    }

    MessageDigest mac = Crypto.getHMACT64(sk);
    int seq = SMBUtil.readInt4(mic, 12);
    mac.update(mic, 12, 4); // sequence
    byte[] dgst = mac.digest(data); // data
    byte[] trunc = Arrays.copyOf(dgst, 8);

    if ( log.isDebugEnabled() ) {
        log.debug("Digest " + Hexdump.toHexString(dgst));
        log.debug("Truncated " + Hexdump.toHexString(trunc));
    }

    boolean encrypted = ( this.ntlmsspFlags & NtlmFlags.NTLMSSP_NEGOTIATE_KEY_EXCH ) != 0;
    if ( encrypted ) {
        try {
            trunc = this.sealServerHandle.doFinal(trunc);
            if ( log.isDebugEnabled() ) {
                log.debug("Decrypted " + Hexdump.toHexString(trunc));
            }
        }
        catch ( GeneralSecurityException e ) {
            throw new CIFSException("Failed to decrypt MIC", e);
        }
    }

    int expectSeq = this.verifySequence.getAndIncrement();
    if ( expectSeq != seq ) {
        throw new CIFSException(String.format("Invalid MIC sequence, expect %d have %d", expectSeq, seq));
    }

    byte[] verify = new byte[8];
    System.arraycopy(mic, 4, verify, 0, 8);
    if ( !MessageDigest.isEqual(trunc, verify) ) {
        if ( log.isDebugEnabled() ) {
            log.debug(String.format("Seq = %d ver = %d encrypted = %s", seq, ver, encrypted));
            log.debug(String.format("Expected MIC %s != %s", Hexdump.toHexString(trunc), Hexdump.toHexString(verify)));
        }
        throw new CIFSException("Invalid MIC");
    }

}

Source File: NtlmTest.java From jcifs with GNU Lesser General Public License v2.1

4 votes

@Test
public void testParsingType1 () throws IOException {
    int flags = 0x80000000;
    String suppliedDomain = "TESTDOM";
    String suppliedWorkstation = "TESTWS";
    Type1Message t1 = new Type1Message(this.context, flags, suppliedDomain, suppliedWorkstation);

    int origFlags = t1.getFlags();

    Type1Message parsed = new Type1Message(t1.toByteArray());

    assertEquals(origFlags, parsed.getFlags());

    if ( parsed.getFlag(NtlmFlags.NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED) ) {
        assertEquals(suppliedDomain, parsed.getSuppliedDomain());
    }

    if ( parsed.getFlag(NtlmFlags.NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED) ) {
        assertEquals(suppliedWorkstation, parsed.getSuppliedWorkstation());
    }
}

Source File: NtlmContext.java From jcifs-ng with GNU Lesser General Public License v2.1

4 votes

@Override
public byte[] calculateMIC ( byte[] data ) throws CIFSException {
    byte[] sk = this.signKey;
    if ( sk == null ) {
        throw new CIFSException("Signing is not initialized");
    }

    int seqNum = this.signSequence.getAndIncrement();
    byte[] seqBytes = new byte[4];
    SMBUtil.writeInt4(seqNum, seqBytes, 0);

    MessageDigest mac = Crypto.getHMACT64(sk);
    mac.update(seqBytes); // sequence
    mac.update(data); // data
    byte[] dgst = mac.digest();
    byte[] trunc = new byte[8];
    System.arraycopy(dgst, 0, trunc, 0, 8);

    if ( log.isDebugEnabled() ) {
        log.debug("Digest " + Hexdump.toHexString(dgst));
        log.debug("Truncated " + Hexdump.toHexString(trunc));
    }

    if ( ( this.ntlmsspFlags & NtlmFlags.NTLMSSP_NEGOTIATE_KEY_EXCH ) != 0 ) {
        try {
            trunc = this.sealClientHandle.doFinal(trunc);
            if ( log.isDebugEnabled() ) {
                log.debug("Encrypted " + Hexdump.toHexString(trunc));
            }
        }
        catch ( GeneralSecurityException e ) {
            throw new CIFSException("Failed to encrypt MIC", e);
        }
    }

    byte[] sig = new byte[16];
    SMBUtil.writeInt4(1, sig, 0); // version
    System.arraycopy(trunc, 0, sig, 4, 8); // checksum
    SMBUtil.writeInt4(seqNum, sig, 12); // seqNum

    return sig;
}

Source File: NtlmContext.java From jcifs-ng with GNU Lesser General Public License v2.1

4 votes

@Override
public void verifyMIC ( byte[] data, byte[] mic ) throws CIFSException {
    byte[] sk = this.verifyKey;
    if ( sk == null ) {
        throw new CIFSException("Signing is not initialized");
    }

    int ver = SMBUtil.readInt4(mic, 0);
    if ( ver != 1 ) {
        throw new SmbUnsupportedOperationException("Invalid signature version");
    }

    MessageDigest mac = Crypto.getHMACT64(sk);
    int seq = SMBUtil.readInt4(mic, 12);
    mac.update(mic, 12, 4); // sequence
    byte[] dgst = mac.digest(data); // data
    byte[] trunc = Arrays.copyOf(dgst, 8);

    if ( log.isDebugEnabled() ) {
        log.debug("Digest " + Hexdump.toHexString(dgst));
        log.debug("Truncated " + Hexdump.toHexString(trunc));
    }

    boolean encrypted = ( this.ntlmsspFlags & NtlmFlags.NTLMSSP_NEGOTIATE_KEY_EXCH ) != 0;
    if ( encrypted ) {
        try {
            trunc = this.sealServerHandle.doFinal(trunc);
            if ( log.isDebugEnabled() ) {
                log.debug("Decrypted " + Hexdump.toHexString(trunc));
            }
        }
        catch ( GeneralSecurityException e ) {
            throw new CIFSException("Failed to decrypt MIC", e);
        }
    }

    int expectSeq = this.verifySequence.getAndIncrement();
    if ( expectSeq != seq ) {
        throw new CIFSException(String.format("Invalid MIC sequence, expect %d have %d", expectSeq, seq));
    }

    byte[] verify = new byte[8];
    System.arraycopy(mic, 4, verify, 0, 8);
    if ( !MessageDigest.isEqual(trunc, verify) ) {
        if ( log.isDebugEnabled() ) {
            log.debug(String.format("Seq = %d ver = %d encrypted = %s", seq, ver, encrypted));
            log.debug(String.format("Expected MIC %s != %s", Hexdump.toHexString(trunc), Hexdump.toHexString(verify)));
        }
        throw new CIFSException("Invalid MIC");
    }

}

jcifs.ntlmssp.NtlmFlags Java Examples