Package org.apache.http.impl.auth
Class NTLMEngineImpl
java.lang.Object
org.apache.http.impl.auth.NTLMEngineImpl
- All Implemented Interfaces:
NTLMEngine
Provides an implementation for NTLMv1, NTLMv2, and NTLM2 Session forms of the NTLM
authentication protocol.
- Since:
- 4.1
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprotected static class
(package private) static class
(package private) static class
Cryptography support - HMACMD5 - algorithmically based on various web resources by Karl Wright(package private) static class
Cryptography support - MD4.(package private) static enum
(package private) static class
NTLM message generation, base class(package private) static class
Type 1 message assembly class(package private) static class
Type 2 message class(package private) static class
Type 3 message assembly class -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static final Charset
Character encoding(package private) static final int
(package private) static final int
(package private) static final int
(package private) static final int
(package private) static final int
(package private) static final int
(package private) static final int
(package private) static final int
(package private) static final int
(package private) static final int
(package private) static final int
(package private) static final int
(package private) static final int
(package private) static final int
(package private) static final int
(package private) static final int
private static final byte[]
(package private) static final int
(package private) static final int
(package private) static final int
(package private) static final int
(package private) static final int
(package private) static final int
(package private) static final int
(package private) static final int
(package private) static final int
(package private) static final int
(package private) static final int
(package private) static final int
(package private) static final int
(package private) static final int
private static final SecureRandom
Secure random generatorprivate static final byte[]
private static final byte[]
private static final byte[]
private static final byte[]
private static final byte[]
The signature string as bytes in the default encodingprivate static final String
private static final Charset
Unicode encoding -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate static String
convertDomain
(String domain) Convert domain to standard formprivate static String
convertHost
(String host) Convert host to standard formprivate static byte[]
createBlob
(byte[] clientChallenge, byte[] targetInformation, byte[] timestamp) Creates the NTLMv2 blob from the given target information block and client challenge.private static Key
createDESKey
(byte[] bytes, int offset) Creates a DES encryption key from the given key material.private static void
encodeLong
(byte[] buf, int offset, int value) private static byte[]
encodeLong
(int value) (package private) static int
F
(int x, int y, int z) (package private) static int
G
(int x, int y, int z) generateType1Msg
(String domain, String workstation) Generates a Type1 message given the domain and workstation.generateType3Msg
(String username, String password, String domain, String workstation, String challenge) Generates a Type3 message given the user credentials and the authentication challenge.private static Charset
getCharset
(int flags) Find the character set based on the flags.(package private) static MessageDigest
getMD5()
private static byte[]
getNullTerminatedAsciiString
(String source) (package private) static String
getType1Message
(String host, String domain) Creates the first message (type 1 message) in the NTLM authentication sequence.(package private) static String
getType3Message
(String user, String password, String host, String domain, byte[] nonce, int type2Flags, String target, byte[] targetInformation) Creates the type 3 message using the given server nonce.(package private) static String
getType3Message
(String user, String password, String host, String domain, byte[] nonce, int type2Flags, String target, byte[] targetInformation, Certificate peerServerCertificate, byte[] type1Message, byte[] type2Message) Creates the type 3 message using the given server nonce.(package private) static int
H
(int x, int y, int z) (package private) static byte[]
hmacMD5
(byte[] value, byte[] key) Calculates HMAC-MD5private static byte[]
Creates the LM Hash of the user's password.private static byte[]
lmResponse
(byte[] hash, byte[] challenge) Creates the LM Response from the given hash and Type 2 challenge.private static byte[]
Creates the LMv2 Hash of the user's password.private static byte[]
lmv2Response
(byte[] hash, byte[] challenge, byte[] clientData) Creates the LMv2 Response from the given hash, client data, and Type 2 challenge.private static byte[]
makeRandomChallenge
(Random random) Calculate a challenge blockprivate static byte[]
makeSecondaryKey
(Random random) Calculate a 16-byte secondary key(package private) static byte[]
ntlm2SessionResponse
(byte[] ntlmHash, byte[] challenge, byte[] clientChallenge) Calculates the NTLM2 Session Response for the given challenge, using the specified password and client challenge.private static byte[]
Creates the NTLM Hash of the user's password.private static byte[]
ntlmv2Hash
(String domain, String user, byte[] ntlmHash) Creates the NTLMv2 Hash of the user's password.private static void
oddParity
(byte[] bytes) Applies odd parity to the given byte array.(package private) static byte[]
RC4
(byte[] value, byte[] key) Calculates RC4private static byte[]
readSecurityBuffer
(byte[] src, int index) private static int
readULong
(byte[] src, int index) private static int
readUShort
(byte[] src, int index) (package private) static int
rotintlft
(int val, int numbits) private static String
stripDotSuffix
(String value) Strip dot suffix from a name(package private) static void
writeULong
(byte[] buffer, int value, int offset) (package private) static void
writeUShort
(byte[] buffer, int value, int offset)
-
Field Details
-
UNICODE_LITTLE_UNMARKED
Unicode encoding -
DEFAULT_CHARSET
Character encoding -
FLAG_REQUEST_UNICODE_ENCODING
static final int FLAG_REQUEST_UNICODE_ENCODING- See Also:
-
FLAG_REQUEST_OEM_ENCODING
static final int FLAG_REQUEST_OEM_ENCODING- See Also:
-
FLAG_REQUEST_TARGET
static final int FLAG_REQUEST_TARGET- See Also:
-
FLAG_REQUEST_SIGN
static final int FLAG_REQUEST_SIGN- See Also:
-
FLAG_REQUEST_SEAL
static final int FLAG_REQUEST_SEAL- See Also:
-
FLAG_REQUEST_LAN_MANAGER_KEY
static final int FLAG_REQUEST_LAN_MANAGER_KEY- See Also:
-
FLAG_REQUEST_NTLMv1
static final int FLAG_REQUEST_NTLMv1- See Also:
-
FLAG_DOMAIN_PRESENT
static final int FLAG_DOMAIN_PRESENT- See Also:
-
FLAG_WORKSTATION_PRESENT
static final int FLAG_WORKSTATION_PRESENT- See Also:
-
FLAG_REQUEST_ALWAYS_SIGN
static final int FLAG_REQUEST_ALWAYS_SIGN- See Also:
-
FLAG_REQUEST_NTLM2_SESSION
static final int FLAG_REQUEST_NTLM2_SESSION- See Also:
-
FLAG_REQUEST_VERSION
static final int FLAG_REQUEST_VERSION- See Also:
-
FLAG_TARGETINFO_PRESENT
static final int FLAG_TARGETINFO_PRESENT- See Also:
-
FLAG_REQUEST_128BIT_KEY_EXCH
static final int FLAG_REQUEST_128BIT_KEY_EXCH- See Also:
-
FLAG_REQUEST_EXPLICIT_KEY_EXCH
static final int FLAG_REQUEST_EXPLICIT_KEY_EXCH- See Also:
-
FLAG_REQUEST_56BIT_ENCRYPTION
static final int FLAG_REQUEST_56BIT_ENCRYPTION- See Also:
-
MSV_AV_EOL
static final int MSV_AV_EOL- See Also:
-
MSV_AV_NB_COMPUTER_NAME
static final int MSV_AV_NB_COMPUTER_NAME- See Also:
-
MSV_AV_NB_DOMAIN_NAME
static final int MSV_AV_NB_DOMAIN_NAME- See Also:
-
MSV_AV_DNS_COMPUTER_NAME
static final int MSV_AV_DNS_COMPUTER_NAME- See Also:
-
MSV_AV_DNS_DOMAIN_NAME
static final int MSV_AV_DNS_DOMAIN_NAME- See Also:
-
MSV_AV_DNS_TREE_NAME
static final int MSV_AV_DNS_TREE_NAME- See Also:
-
MSV_AV_FLAGS
static final int MSV_AV_FLAGS- See Also:
-
MSV_AV_TIMESTAMP
static final int MSV_AV_TIMESTAMP- See Also:
-
MSV_AV_SINGLE_HOST
static final int MSV_AV_SINGLE_HOST- See Also:
-
MSV_AV_TARGET_NAME
static final int MSV_AV_TARGET_NAME- See Also:
-
MSV_AV_CHANNEL_BINDINGS
static final int MSV_AV_CHANNEL_BINDINGS- See Also:
-
MSV_AV_FLAGS_ACCOUNT_AUTH_CONSTAINED
static final int MSV_AV_FLAGS_ACCOUNT_AUTH_CONSTAINED- See Also:
-
MSV_AV_FLAGS_MIC
static final int MSV_AV_FLAGS_MIC- See Also:
-
MSV_AV_FLAGS_UNTRUSTED_TARGET_SPN
static final int MSV_AV_FLAGS_UNTRUSTED_TARGET_SPN- See Also:
-
RND_GEN
Secure random generator -
SIGNATURE
private static final byte[] SIGNATUREThe signature string as bytes in the default encoding -
SIGN_MAGIC_SERVER
private static final byte[] SIGN_MAGIC_SERVER -
SIGN_MAGIC_CLIENT
private static final byte[] SIGN_MAGIC_CLIENT -
SEAL_MAGIC_SERVER
private static final byte[] SEAL_MAGIC_SERVER -
SEAL_MAGIC_CLIENT
private static final byte[] SEAL_MAGIC_CLIENT -
MAGIC_TLS_SERVER_ENDPOINT
private static final byte[] MAGIC_TLS_SERVER_ENDPOINT -
TYPE_1_MESSAGE
-
-
Constructor Details
-
NTLMEngineImpl
NTLMEngineImpl()
-
-
Method Details
-
getNullTerminatedAsciiString
-
getType1Message
Creates the first message (type 1 message) in the NTLM authentication sequence. This message includes the user name, domain and host for the authentication session.- Parameters:
host
- the computer name of the host requesting authentication.domain
- The domain to authenticate with.- Returns:
- String the message to add to the HTTP request header.
-
getType3Message
static String getType3Message(String user, String password, String host, String domain, byte[] nonce, int type2Flags, String target, byte[] targetInformation) throws NTLMEngineException Creates the type 3 message using the given server nonce. The type 3 message includes all the information for authentication, host, domain, username and the result of encrypting the nonce sent by the server using the user's password as the key.- Parameters:
user
- The user name. This should not include the domain name.password
- The password.host
- The host that is originating the authentication request.domain
- The domain to authenticate within.nonce
- the 8 byte array the server sent.- Returns:
- The type 3 message.
- Throws:
NTLMEngineException
- If(String, String, String, String, byte[], int, String, byte[])
fails.
-
getType3Message
static String getType3Message(String user, String password, String host, String domain, byte[] nonce, int type2Flags, String target, byte[] targetInformation, Certificate peerServerCertificate, byte[] type1Message, byte[] type2Message) throws NTLMEngineException Creates the type 3 message using the given server nonce. The type 3 message includes all the information for authentication, host, domain, username and the result of encrypting the nonce sent by the server using the user's password as the key.- Parameters:
user
- The user name. This should not include the domain name.password
- The password.host
- The host that is originating the authentication request.domain
- The domain to authenticate within.nonce
- the 8 byte array the server sent.- Returns:
- The type 3 message.
- Throws:
NTLMEngineException
- If(String, String, String, String, byte[], int, String, byte[], Certificate, byte[], byte[])
fails.
-
readULong
private static int readULong(byte[] src, int index) -
readUShort
private static int readUShort(byte[] src, int index) -
readSecurityBuffer
private static byte[] readSecurityBuffer(byte[] src, int index) -
makeRandomChallenge
Calculate a challenge block -
makeSecondaryKey
Calculate a 16-byte secondary key -
hmacMD5
Calculates HMAC-MD5- Throws:
NTLMEngineException
-
RC4
Calculates RC4- Throws:
NTLMEngineException
-
ntlm2SessionResponse
static byte[] ntlm2SessionResponse(byte[] ntlmHash, byte[] challenge, byte[] clientChallenge) throws NTLMEngineException Calculates the NTLM2 Session Response for the given challenge, using the specified password and client challenge.- Returns:
- The NTLM2 Session Response. This is placed in the NTLM response field of the Type 3 message; the LM response field contains the client challenge, null-padded to 24 bytes.
- Throws:
NTLMEngineException
-
lmHash
Creates the LM Hash of the user's password.- Parameters:
password
- The password.- Returns:
- The LM Hash of the given password, used in the calculation of the LM Response.
- Throws:
NTLMEngineException
-
ntlmHash
Creates the NTLM Hash of the user's password.- Parameters:
password
- The password.- Returns:
- The NTLM Hash of the given password, used in the calculation of the NTLM Response and the NTLMv2 and LMv2 Hashes.
- Throws:
NTLMEngineException
-
lmv2Hash
private static byte[] lmv2Hash(String domain, String user, byte[] ntlmHash) throws NTLMEngineException Creates the LMv2 Hash of the user's password.- Returns:
- The LMv2 Hash, used in the calculation of the NTLMv2 and LMv2 Responses.
- Throws:
NTLMEngineException
-
ntlmv2Hash
private static byte[] ntlmv2Hash(String domain, String user, byte[] ntlmHash) throws NTLMEngineException Creates the NTLMv2 Hash of the user's password.- Returns:
- The NTLMv2 Hash, used in the calculation of the NTLMv2 and LMv2 Responses.
- Throws:
NTLMEngineException
-
lmResponse
Creates the LM Response from the given hash and Type 2 challenge.- Parameters:
hash
- The LM or NTLM Hash.challenge
- The server challenge from the Type 2 message.- Returns:
- The response (either LM or NTLM, depending on the provided hash).
- Throws:
NTLMEngineException
-
lmv2Response
private static byte[] lmv2Response(byte[] hash, byte[] challenge, byte[] clientData) Creates the LMv2 Response from the given hash, client data, and Type 2 challenge.- Parameters:
hash
- The NTLMv2 Hash.clientData
- The client data (blob or client challenge).challenge
- The server challenge from the Type 2 message.- Returns:
- The response (either NTLMv2 or LMv2, depending on the client data).
-
encodeLong
private static byte[] encodeLong(int value) -
encodeLong
private static void encodeLong(byte[] buf, int offset, int value) -
createBlob
private static byte[] createBlob(byte[] clientChallenge, byte[] targetInformation, byte[] timestamp) Creates the NTLMv2 blob from the given target information block and client challenge.- Parameters:
targetInformation
- The target information block from the Type 2 message.clientChallenge
- The random 8-byte client challenge.- Returns:
- The blob, used in the calculation of the NTLMv2 Response.
-
createDESKey
Creates a DES encryption key from the given key material.- Parameters:
bytes
- A byte array containing the DES key material.offset
- The offset in the given byte array at which the 7-byte key material starts.- Returns:
- A DES encryption key created from the key material starting at the specified offset in the given byte array.
-
oddParity
private static void oddParity(byte[] bytes) Applies odd parity to the given byte array.- Parameters:
bytes
- The data whose parity bits are to be adjusted for odd parity.
-
getCharset
Find the character set based on the flags.- Parameters:
flags
- is the flags.- Returns:
- the character set.
- Throws:
NTLMEngineException
-
stripDotSuffix
Strip dot suffix from a name -
convertHost
Convert host to standard form -
convertDomain
Convert domain to standard form -
writeUShort
static void writeUShort(byte[] buffer, int value, int offset) -
writeULong
static void writeULong(byte[] buffer, int value, int offset) -
F
static int F(int x, int y, int z) -
G
static int G(int x, int y, int z) -
H
static int H(int x, int y, int z) -
rotintlft
static int rotintlft(int val, int numbits) -
getMD5
-
generateType1Msg
Description copied from interface:NTLMEngine
Generates a Type1 message given the domain and workstation.- Specified by:
generateType1Msg
in interfaceNTLMEngine
- Parameters:
domain
- Optional Windows domain name. Can benull
.workstation
- Optional Windows workstation name. Can benull
.- Returns:
- Type1 message
- Throws:
NTLMEngineException
-
generateType3Msg
public String generateType3Msg(String username, String password, String domain, String workstation, String challenge) throws NTLMEngineException Description copied from interface:NTLMEngine
Generates a Type3 message given the user credentials and the authentication challenge.- Specified by:
generateType3Msg
in interfaceNTLMEngine
- Parameters:
username
- Windows user namepassword
- Passworddomain
- Windows domain nameworkstation
- Windows workstation namechallenge
- Type2 challenge.- Returns:
- Type3 response.
- Throws:
NTLMEngineException
-