// Example from http://davenport.sourceforge.net/ntlm.html#NtlmChallengeMessageExample
public void TestEncodeDavenportExample()
{
var type2 = new NtlmChallengeMessage(NtlmFlags.NegotiateUnicode | NtlmFlags.NegotiateNtlm | NtlmFlags.TargetTypeDomain | NtlmFlags.NegotiateTargetInfo)
{
TargetInfo = new NtlmTargetInfo()
{
DomainName = "DOMAIN",
ServerName = "SERVER",
DnsDomainName = "domain.com",
DnsServerName = "server.domain.com"
},
ServerChallenge = DavenportExampleNonce,
TargetName = "DOMAIN"
};
Assert.AreEqual(2, type2.Type, "Type");
Assert.AreEqual((NtlmFlags)0x00810201, type2.Flags, "Flags");
Assert.AreEqual("DOMAIN", type2.TargetName, "TargetName");
Assert.AreEqual("SERVER", type2.TargetInfo.ServerName, "ServerName");
Assert.AreEqual("DOMAIN", type2.TargetInfo.DomainName, "DomainName");
Assert.AreEqual("server.domain.com", type2.TargetInfo.DnsServerName, "DnsServerName");
Assert.AreEqual("domain.com", type2.TargetInfo.DnsDomainName, "DnsDomainName");
Assert.AreEqual("01-23-45-67-89-AB-CD-EF", BitConverter.ToString(type2.ServerChallenge), "ServerChallenge");
Assert.AreEqual("4E-54-4C-4D-53-53-50-00-02-00-00-00-0C-00-0C-00-30-00-00-00-01-02-81-00-01-23-45-67-89-AB-CD-EF-00-00-00-00-00-00-00-00-62-00-62-00-3C-00-00-00-44-00-4F-00-4D-00-41-00-49-00-4E-00-02-00-0C-00-44-00-4F-00-4D-00-41-00-49-00-4E-00-01-00-0C-00-53-00-45-00-52-00-56-00-45-00-52-00-04-00-14-00-64-00-6F-00-6D-00-61-00-69-00-6E-00-2E-00-63-00-6F-00-6D-00-03-00-22-00-73-00-65-00-72-00-76-00-65-00-72-00-2E-00-64-00-6F-00-6D-00-61-00-69-00-6E-00-2E-00-63-00-6F-00-6D-00-00-00-00-00", BitConverter.ToString(type2.Encode()), "Encode");
}
NtlmAuthenticateMessage GetChallengeResponse(string domain, string userName, string password, byte[] token, int startIndex, int length)
{
var challenge = new NtlmChallengeMessage(token, startIndex, length);
var authenticate = new NtlmAuthenticateMessage(negotiate, challenge, userName, password, domain, Workstation)
{
ClientChallenge = Nonce,
Timestamp = Timestamp
};
byte[] channelBindingToken = null;
if (AllowChannelBinding && challenge.TargetInfo != null)
{
// Only bother with attempting to channel-bind if the CHALLENGE_MESSAGE's TargetInfo is not NULL.
// Not sure which channel-binding types are supported by NTLM, but I am told that supposedly the
// System.Net.Mail.SmtpClient uses tls-unique, so we'll go with that...
negotiatedChannelBinding = TryGetChannelBindingToken(ChannelBindingKind.Endpoint, out channelBindingToken);
}
authenticate.ComputeNtlmV2(ServicePrincipalName, IsUnverifiedServicePrincipalName, channelBindingToken);
if (channelBindingToken != null)
{
Array.Clear(channelBindingToken, 0, channelBindingToken.Length);
}
negotiate = null;
return(authenticate);
}
// Example from http://davenport.sourceforge.net/ntlm.html#NtlmChallengeMessageExample
public void TestEncodeDavenportExample()
{
var type2 = new NtlmChallengeMessage(NtlmFlags.NegotiateUnicode | NtlmFlags.NegotiateNtlm | NtlmFlags.TargetTypeDomain | NtlmFlags.NegotiateTargetInfo)
{
TargetInfo = new NtlmTargetInfo()
{
DomainName = "DOMAIN",
ServerName = "SERVER",
DnsDomainName = "domain.com",
DnsServerName = "server.domain.com"
},
ServerChallenge = DavenportExampleNonce,
TargetName = "DOMAIN"
};
Assert.AreEqual(2, type2.Type, "Type");
Assert.AreEqual((NtlmFlags)0x00810201, type2.Flags, "Flags");
Assert.AreEqual("DOMAIN", type2.TargetName, "TargetName");
Assert.AreEqual("SERVER", type2.TargetInfo.ServerName, "ServerName");
Assert.AreEqual("DOMAIN", type2.TargetInfo.DomainName, "DomainName");
Assert.AreEqual("server.domain.com", type2.TargetInfo.DnsServerName, "DnsServerName");
Assert.AreEqual("domain.com", type2.TargetInfo.DnsDomainName, "DnsDomainName");
Assert.AreEqual("01-23-45-67-89-AB-CD-EF", BitConverter.ToString(type2.ServerChallenge), "ServerChallenge");
Assert.AreEqual("TlRMTVNTUAACAAAADAAMADgAAAABAoEAASNFZ4mrze8AAAAAAAAAAGIAYgBEAAAAAAAAAAAAAABEAE8ATQBBAEkATgACAAwARABPAE0AQQBJAE4AAQAMAFMARQBSAFYARQBSAAQAFABkAG8AbQBhAGkAbgAuAGMAbwBtAAMAIgBzAGUAcgB2AGUAcgAuAGQAbwBtAGEAaQBuAC4AYwBvAG0AAAAAAA==", Convert.ToBase64String(type2.Encode()), "Encode");
}
public void TestCreateChallengeMessage()
{
var data = Convert.FromBase64String("TlRMTVNTUAACAAAACAAIADgAAAAFgoqiNDsqUEfiH5QAAAAAAAAAAEAAQABAAAAABgGxHQAAAA9EAFAAQwAyAAIACABEAFAAQwAyAAEACABEAFAAQwAyAAQACABEAFAAQwAyAAMACABEAFAAQwAyAAcACADK7TsuuPvSAQAAAAA=");
var message = new NtlmChallengeMessage(data);
Assert.IsTrue(message.Type == MessageType.Challenge);
}
// Example from http://www.innovation.ch/java/ntlm.html
public void TestDecodeJavaExample()
{
byte[] rawData = { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x82, 0x00, 0x00, 0x53, 0x72, 0x76, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
var type2 = new NtlmChallengeMessage(rawData, 0, rawData.Length);
Assert.AreEqual(2, type2.Type, "Type");
Assert.AreEqual((NtlmFlags)0x8201, type2.Flags, "Flags");
Assert.AreEqual(BitConverter.ToString(JavaExampleNonce), BitConverter.ToString(type2.ServerChallenge), "ServerChallenge");
}
// Example from http://www.innovation.ch/java/ntlm.html
public void TestEncodeJavaExample()
{
var type2 = new NtlmChallengeMessage(NtlmFlags.NegotiateUnicode | NtlmFlags.NegotiateNtlm | NtlmFlags.NegotiateAlwaysSign)
{
ServerChallenge = JavaExampleNonce
};
Assert.AreEqual(2, type2.Type, "Type");
Assert.AreEqual((NtlmFlags)0x8201, type2.Flags, "Flags");
Assert.AreEqual("4E-54-4C-4D-53-53-50-00-02-00-00-00-00-00-00-00-00-00-00-00-01-82-00-00-53-72-76-4E-6F-6E-63-65-00-00-00-00-00-00-00-00", BitConverter.ToString(type2.Encode()), "Encode");
}
// Example from http://www.innovation.ch/java/ntlm.html
public void TestEncodeJavaExample()
{
var type2 = new NtlmChallengeMessage(NtlmFlags.NegotiateUnicode | NtlmFlags.NegotiateNtlm | NtlmFlags.NegotiateAlwaysSign)
{
ServerChallenge = JavaExampleNonce
};
Assert.AreEqual(2, type2.Type, "Type");
Assert.AreEqual((NtlmFlags)0x8201, type2.Flags, "Flags");
Assert.AreEqual("TlRMTVNTUAACAAAAAAAAAAAAAAABggAAU3J2Tm9uY2UAAAAAAAAAAAAAAAAAAAAA", Convert.ToBase64String(type2.Encode()), "Encode");
}
public void TestArgumentExceptions()
{
byte[] badMessageData = { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x01, 0x00, 0x00, 0x00, 0x00 };
var type2 = new NtlmChallengeMessage();
Assert.Throws <ArgumentNullException> (() => new NtlmChallengeMessage(null, 0, 16));
Assert.Throws <ArgumentOutOfRangeException> (() => new NtlmChallengeMessage(new byte[8], 0, 8));
Assert.Throws <ArgumentOutOfRangeException> (() => new NtlmChallengeMessage(new byte[8], -1, 8));
Assert.Throws <ArgumentException> (() => new NtlmChallengeMessage(badMessageData, 0, badMessageData.Length));
Assert.Throws <ArgumentNullException> (() => type2.ServerChallenge = null);
Assert.Throws <ArgumentException> (() => type2.ServerChallenge = new byte[9]);
}
// Example from http://davenport.sourceforge.net/ntlm.html#NtlmChallengeMessageExample
public void TestDecodeDavenportExample()
{
byte[] rawData = { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x0c, 0x00, 0x30, 0x00, 0x00, 0x00, 0x01, 0x02, 0x81, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x62, 0x00, 0x62, 0x00, 0x3c, 0x00, 0x00, 0x00, 0x44, 0x00, 0x4f, 0x00, 0x4d, 0x00, 0x41, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x02, 0x00, 0x0c, 0x00, 0x44, 0x00, 0x4f, 0x00, 0x4d, 0x00, 0x41, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x01, 0x00, 0x0c, 0x00, 0x53, 0x00, 0x45, 0x00, 0x52, 0x00, 0x56, 0x00, 0x45, 0x00, 0x52, 0x00, 0x04, 0x00, 0x14, 0x00, 0x64, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x2e, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x03, 0x00, 0x22, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x2e, 0x00, 0x64, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x2e, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x00, 0x00, 0x00, 0x00 };
var type2 = new NtlmChallengeMessage(rawData, 0, rawData.Length);
Assert.AreEqual(2, type2.Type, "Type");
Assert.AreEqual((NtlmFlags)0x00810201, type2.Flags, "Flags");
Assert.AreEqual("DOMAIN", type2.TargetName, "TargetName");
Assert.AreEqual("SERVER", type2.TargetInfo.ServerName, "ServerName");
Assert.AreEqual("DOMAIN", type2.TargetInfo.DomainName, "DomainName");
Assert.AreEqual("server.domain.com", type2.TargetInfo.DnsServerName, "DnsServerName");
Assert.AreEqual("domain.com", type2.TargetInfo.DnsDomainName, "DnsDomainName");
Assert.AreEqual("01-23-45-67-89-AB-CD-EF", BitConverter.ToString(type2.ServerChallenge), "ServerChallenge");
}
public void TestParseNtlmChallengeMessage()
{
const string originHex = "4e544c4d53535000020000000c000c0030000000010281000123456789abcdef0000000000000000620062003c00000044004f004d00410049004e0002000c0044004f004d00410049004e0001000c005300450052005600450052000400140064006f006d00610069006e002e0063006f006d00030022007300650072007600650072002e0064006f006d00610069006e002e0063006f006d0000000000";
var message = NtlmChallengeMessage.Parse(originHex.HexToBytes());
Assert.IsTrue(message.Signature == Constants.Ntlmssp);
Assert.IsTrue(message.Type == MessageType.Challenge);
Assert.IsTrue(message.Flags == (MessageFlag.NegotiateUnicode
| MessageFlag.NegotiateNtlm
| MessageFlag.TargetTypeDomain
| MessageFlag.NegotiateTargetInfo));
const string challengeHex = "0123456789abcdef";
Assert.IsTrue(message.Message.Challenge.BytesToHex()
.Equals(challengeHex, StringComparison.InvariantCultureIgnoreCase));
Assert.IsTrue(message.Message.TargetNameLength == 12);
Assert.IsTrue(message.Message.TargetNameSpace == 12);
Assert.IsTrue(message.Message.TargetNameOffset == 48);
Assert.IsTrue(message.TargetName == "DOMAIN");
Assert.IsTrue(message.Message.TargetInfosLength == 98);
Assert.IsTrue(message.Message.TargetInfosSpace == 98);
Assert.IsTrue(message.Message.TargetInfosOffset == 60);
var info = message.TargetInfoList;
Assert.IsTrue(info.Count == 5);
Assert.IsTrue(info[0].TargetInfoType == TargetInfoType.DomainName);
Assert.IsTrue(info[0].TargetContent == "DOMAIN");
Assert.IsTrue(info[1].TargetInfoType == TargetInfoType.ServerName);
Assert.IsTrue(info[1].TargetContent == "SERVER");
Assert.IsTrue(info[2].TargetInfoType == TargetInfoType.DnsDomainName);
Assert.IsTrue(info[2].TargetContent == "domain.com");
Assert.IsTrue(info[3].TargetInfoType == TargetInfoType.FQDN);
Assert.IsTrue(info[3].TargetContent == "server.domain.com");
Assert.IsTrue(info[4].TargetInfoType == TargetInfoType.Terminator);
Assert.IsTrue(info[4].TargetContent == null);
var actualHex = message.ToBytes().BytesToHex();
Assert.IsTrue(originHex.Equals(actualHex, StringComparison.InvariantCultureIgnoreCase));
}
public void TestArgumentExceptions()
{
byte[] badMessageData = { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x01, 0x00, 0x00, 0x00, 0x00 };
var NtlmNegotiate = new NtlmNegotiateMessage();
var NtlmChallenge = new NtlmChallengeMessage();
var NtlmAuthenticate = new NtlmAuthenticateMessage(NtlmNegotiate, NtlmChallenge, "username", "password", "domain", "workstation");
Assert.Throws <ArgumentNullException> (() => new NtlmAuthenticateMessage(null, NtlmChallenge, "username", "password", "domain", "workstation"));
Assert.Throws <ArgumentNullException> (() => new NtlmAuthenticateMessage(NtlmNegotiate, null, "username", "password", "domain", "workstation"));
Assert.Throws <ArgumentNullException> (() => new NtlmAuthenticateMessage(NtlmNegotiate, NtlmChallenge, null, "password", "domain", "workstation"));
Assert.Throws <ArgumentNullException> (() => new NtlmAuthenticateMessage(NtlmNegotiate, NtlmChallenge, "username", null, "domain", "workstation"));
Assert.Throws <ArgumentNullException> (() => new NtlmAuthenticateMessage(null, 0, 16));
Assert.Throws <ArgumentOutOfRangeException> (() => new NtlmAuthenticateMessage(new byte[8], 0, 8));
Assert.Throws <ArgumentOutOfRangeException> (() => new NtlmAuthenticateMessage(new byte[8], -1, 8));
Assert.Throws <ArgumentException> (() => new NtlmAuthenticateMessage(badMessageData, 0, badMessageData.Length));
Assert.DoesNotThrow(() => NtlmAuthenticate.ClientChallenge = null);
Assert.Throws <ArgumentException> (() => NtlmAuthenticate.ClientChallenge = new byte[9]);
}
