Closed pboyd04 closed 3 years ago
Resolving this then results in an exception about CipherParameters which BCFIPS also doesn't have....
Exception in thread "main" java.lang.NoClassDefFoundError: org/bouncycastle/crypto/CipherParameters
at com.hierynomus.security.bc.BCSecurityProvider.getMac(BCSecurityProvider.java:45)
at com.hierynomus.ntlm.functions.NtlmFunctions.hmac_md5(NtlmFunctions.java:121)
at com.hierynomus.ntlm.functions.NtlmFunctions.NTOWFv2(NtlmFunctions.java:65)
at com.hierynomus.smbj.auth.NtlmAuthenticator.authenticate(NtlmAuthenticator.java:96)
at com.hierynomus.smbj.connection.SMBSessionBuilder.processAuthenticationToken(SMBSessionBuilder.java:178)
at com.hierynomus.smbj.connection.SMBSessionBuilder.setupSession(SMBSessionBuilder.java:141)
at com.hierynomus.smbj.connection.SMBSessionBuilder.establish(SMBSessionBuilder.java:109)
at com.hierynomus.smbj.connection.Connection.authenticate(Connection.java:202)
at com.pboyd.App.main(App.java:52)
Caused by: java.lang.ClassNotFoundException: org.bouncycastle.crypto.CipherParameters
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:581)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522)
Hi @pboyd04 ,
if you are using SMBJ 0.11.1 and JDK 11 and getting this exception then try to add below dependency.
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.65</version>
</dependency>
Thanks, R Ramarajan.
`
<artifactId>smbj</artifactId>
<version>${version.smbj}</version>
<exclusions>
<!-- Already provided by camel-core -->
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
<exclusion>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.65</version>
</dependency>`
@vrr6, that undoes bouncy castle running in FIPS mode. FIPS is needed for any application purchased or used by the US federal government and BC does provide a FIPS module, but it doesn't have some of the same behavior as the standard BC module (because certain algorithms aren't allowed in this mode and such).
Hello @pboyd04,
I'm also trying to connect to a fips compliant smb share here. I tried to import bc-fips
and saw the same exception you did. I see there is a PR you created about JceSecurityProvider
. I tried and it helped to get rid of the exception above. But it still cannot allow me to connect to the smb share. Here is my sample code
Security.addProvider(new BouncyCastleFipsProvider());
System.setProperty("crypto.policy", "limited");
SmbConfig.Builder smbConfig = SmbConfig.builder()
.withDialects(SMB2Dialect.SMB_3_1_1)
.withSecurityProvider(new JceSecurityProvider())
.withEncryptData(true)
.withSigningRequired(true);
SMBClient client = new SMBClient(smbConfig.build());
try (Connection connection = client.connect("<smb address>")) {
String username = "<ad user>";
String password = "<password>";
AuthenticationContext authContext = new AuthenticationContext(username, password.toCharArray(), "<ad domain>");
// Create session
Session session = connection.authenticate(authContext);
DiskShare share = (DiskShare) session.connectShare("smbshare1");
// Now you can interact with the share
System.out.println("Connected to share successfully!");
} catch (IOException e) {
e.printStackTrace();
}
And it always get STATUS_LOGON_FAILURE
even though smbclient command works with the same address/user/password. Could you or anyone else here give me any advice about this issue?
Appreciate it!
Sheldon
When using the BC FIPS library the BCSecurityProvider throws an exception related to the fact that BCFIPS doesn't have org.bouncycastle.crypto.Digest. The BCSecurityProvider also doesn't seem to have the code to work around FIPS lacking MD4 functionality.