下面列出了org.apache.http.impl.auth.NTLMEngineException#jcifs.ntlmssp.Type2Message 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
/**
* Processes the NTLM challenge.
*
* @param challenge the challenge string
* @throws MalformedChallengeException is thrown if the authentication challenge
* is malformed
*/
public void processChallenge(final String challenge) throws MalformedChallengeException {
String authScheme = AuthChallengeParser.extractScheme(challenge);
if (!authScheme.equalsIgnoreCase(getSchemeName())) {
throw new MalformedChallengeException("Invalid NTLM challenge: " + challenge);
}
int spaceIndex = challenge.indexOf(' ');
if (spaceIndex != -1) {
try {
type2Message = new Type2Message(Base64.decodeBase64(EncodingUtil.getBytes(
challenge.substring(spaceIndex).trim(), "ASCII")));
} catch (IOException e) {
throw new MalformedChallengeException("Invalid NTLM challenge: " + challenge, e);
}
this.state = TYPE2_MSG_RECEIVED;
} else {
this.type2Message = null;
if (this.state == UNINITIATED) {
this.state = INITIATED;
} else {
this.state = FAILED;
}
}
}
@Test
public void testParsingType2TargetInformation () throws IOException {
int flags = 0;
byte[] challenge = new byte[] {
0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8
};
byte[] ti = new byte[] {
0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8
};
Type2Message t2 = new Type2Message(this.context, flags, challenge, null);
t2.setTargetInformation(ti);
Type2Message parsed = new Type2Message(t2.toByteArray());
assertArrayEquals(challenge, parsed.getChallenge());
assertNull(parsed.getTarget());
assertArrayEquals(ti, parsed.getTargetInformation());
}
@Test
public void testParsingType2TargetInformation () throws IOException {
int flags = 0;
byte[] challenge = new byte[] {
0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8
};
byte[] ti = new byte[] {
0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8
};
Type2Message t2 = new Type2Message(this.context, flags, challenge, null);
t2.setTargetInformation(ti);
Type2Message parsed = new Type2Message(t2.toByteArray());
assertArrayEquals(challenge, parsed.getChallenge());
assertNull(parsed.getTarget());
assertArrayEquals(ti, parsed.getTargetInformation());
}
private Type2Message decodeType2Message(String challenge) throws NTLMEngineException {
try {
return new Type2Message(Base64.decode(challenge));
} catch (final IOException exception) {
throw new NTLMEngineException("Invalid Type2 message", exception);
}
}
private Type2Message decodeType2Message(String challenge) throws NTLMEngineException {
try {
return new Type2Message(Base64.decode(challenge));
} catch (final IOException exception) {
throw new NTLMEngineException("Invalid Type2 message", exception);
}
}
/**
* Performs NTLM authentication for the servlet request.
*
* @param tc
* context to use
*
* @param req
* The request being serviced.
* @param resp
* The response.
* @param challenge
* The domain controller challenge.
* @return credentials passed in the servlet request
* @throws IOException
* If an IO error occurs.
*/
public static NtlmPasswordAuthentication authenticate ( CIFSContext tc, HttpServletRequest req, HttpServletResponse resp, byte[] challenge )
throws IOException {
String msg = req.getHeader("Authorization");
if ( msg != null && msg.startsWith("NTLM ") ) {
byte[] src = Base64.decode(msg.substring(5));
if ( src[ 8 ] == 1 ) {
Type1Message type1 = new Type1Message(src);
Type2Message type2 = new Type2Message(tc, type1, challenge, null);
msg = new String(Base64.encode(type2.toByteArray()), "US-ASCII");
resp.setHeader("WWW-Authenticate", "NTLM " + msg);
}
else if ( src[ 8 ] == 3 ) {
Type3Message type3 = new Type3Message(src);
byte[] lmResponse = type3.getLMResponse();
if ( lmResponse == null )
lmResponse = new byte[0];
byte[] ntResponse = type3.getNTResponse();
if ( ntResponse == null )
ntResponse = new byte[0];
return new NtlmPasswordAuthentication(type3.getDomain(), type3.getUser(), challenge, lmResponse, ntResponse);
}
}
else {
resp.setHeader("WWW-Authenticate", "NTLM");
}
resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
resp.setContentLength(0);
resp.flushBuffer();
return null;
}
@Test
public void testParsingType2Target () throws IOException {
int flags = NtlmFlags.NTLMSSP_REQUEST_TARGET;
String target = "TARGET";
byte[] challenge = new byte[] {
0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8
};
Type2Message t2 = new Type2Message(this.context, flags, challenge, target);
Type2Message parsed = new Type2Message(t2.toByteArray());
assertArrayEquals(challenge, parsed.getChallenge());
assertEquals(target, parsed.getTarget());
}
@Test
public void testParsingType2NoTarget () throws IOException {
int flags = 0;
byte[] challenge = new byte[] {
0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8
};
Type2Message t2 = new Type2Message(this.context, flags, challenge, null);
Type2Message parsed = new Type2Message(t2.toByteArray());
assertArrayEquals(challenge, parsed.getChallenge());
assertNull(parsed.getTarget());
assertNull(parsed.getTargetInformation());
}
/**
* Performs NTLM authentication for the servlet request.
*
* @param tc
* context to use
*
* @param req
* The request being serviced.
* @param resp
* The response.
* @param challenge
* The domain controller challenge.
* @return credentials passed in the servlet request
* @throws IOException
* If an IO error occurs.
*/
public static NtlmPasswordAuthentication authenticate ( CIFSContext tc, HttpServletRequest req, HttpServletResponse resp, byte[] challenge )
throws IOException {
String msg = req.getHeader("Authorization");
if ( msg != null && msg.startsWith("NTLM ") ) {
byte[] src = Base64.decode(msg.substring(5));
if ( src[ 8 ] == 1 ) {
Type1Message type1 = new Type1Message(src);
Type2Message type2 = new Type2Message(tc, type1, challenge, null);
msg = new String(Base64.encode(type2.toByteArray()), "US-ASCII");
resp.setHeader("WWW-Authenticate", "NTLM " + msg);
}
else if ( src[ 8 ] == 3 ) {
Type3Message type3 = new Type3Message(src);
byte[] lmResponse = type3.getLMResponse();
if ( lmResponse == null )
lmResponse = new byte[0];
byte[] ntResponse = type3.getNTResponse();
if ( ntResponse == null )
ntResponse = new byte[0];
return new NtlmPasswordAuthentication(type3.getDomain(), type3.getUser(), challenge, lmResponse, ntResponse);
}
}
else {
resp.setHeader("WWW-Authenticate", "NTLM");
}
resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
resp.setContentLength(0);
resp.flushBuffer();
return null;
}
@Test
public void testParsingType2Target () throws IOException {
int flags = NtlmFlags.NTLMSSP_REQUEST_TARGET;
String target = "TARGET";
byte[] challenge = new byte[] {
0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8
};
Type2Message t2 = new Type2Message(this.context, flags, challenge, target);
Type2Message parsed = new Type2Message(t2.toByteArray());
assertArrayEquals(challenge, parsed.getChallenge());
assertEquals(target, parsed.getTarget());
}
@Test
public void testParsingType2NoTarget () throws IOException {
int flags = 0;
byte[] challenge = new byte[] {
0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8
};
Type2Message t2 = new Type2Message(this.context, flags, challenge, null);
Type2Message parsed = new Type2Message(t2.toByteArray());
assertArrayEquals(challenge, parsed.getChallenge());
assertNull(parsed.getTarget());
assertNull(parsed.getTargetInformation());
}
private Type2Message decodeType2Message(String challenge) throws NTLMEngineException {
try {
return new Type2Message(Base64.decode(challenge));
} catch (final IOException exception) {
throw new NTLMEngineException("Invalid Type2 message", exception);
}
}
private Type2Message decodeType2Message(String challenge) throws NTLMEngineException {
try {
return new Type2Message(Base64.decode(challenge));
} catch (final IOException exception) {
throw new NTLMEngineException("Invalid Type2 message", exception);
}
}
public String generateType3Msg(String username, String password, String domain, String workstation, String challenge) throws NTLMEngineException {
Type2Message type2Message = decodeType2Message(challenge);
Type3Message type3Message = new Type3Message(type2Message, password, domain, username, workstation, Type3Message.getDefaultFlags());
return Base64.encode(type3Message.toByteArray());
}
public String generateType3Msg(String username, String password, String domain, String workstation, String challenge) throws NTLMEngineException {
Type2Message type2Message = decodeType2Message(challenge);
Type3Message type3Message = new Type3Message(type2Message, password, domain, username, workstation, Type3Message.getDefaultFlags());
return Base64.encode(type3Message.toByteArray());
}
@Override
protected final HandlerResult doAuthentication(
final Credential credential) throws GeneralSecurityException, PreventedException {
final SpnegoCredential ntlmCredential = (SpnegoCredential) credential;
final byte[] src = ntlmCredential.getInitToken();
UniAddress dc = null;
boolean success = false;
try {
if (this.loadBalance) {
// find the first dc that matches the includepattern
if (this.includePattern != null) {
final NbtAddress[] dcs= NbtAddress.getAllByName(this.domainController, NBT_ADDRESS_TYPE, null, null);
for (final NbtAddress dc2 : dcs) {
if(dc2.getHostAddress().matches(this.includePattern)){
dc = new UniAddress(dc2);
break;
}
}
} else {
dc = new UniAddress(NbtAddress.getByName(this.domainController, NBT_ADDRESS_TYPE, null));
}
} else {
dc = UniAddress.getByName(this.domainController, true);
}
final byte[] challenge = SmbSession.getChallenge(dc);
switch (src[NTLM_TOKEN_TYPE_FIELD_INDEX]) {
case NTLM_TOKEN_TYPE_ONE:
logger.debug("Type 1 received");
final Type1Message type1 = new Type1Message(src);
final Type2Message type2 = new Type2Message(type1,
challenge, null);
logger.debug("Type 2 returned. Setting next token.");
ntlmCredential.setNextToken(type2.toByteArray());
break;
case NTLM_TOKEN_TYPE_THREE:
logger.debug("Type 3 received");
final Type3Message type3 = new Type3Message(src);
final byte[] lmResponse = type3.getLMResponse() == null ? new byte[0] : type3.getLMResponse();
final byte[] ntResponse = type3.getNTResponse() == null ? new byte[0] : type3.getNTResponse();
final NtlmPasswordAuthentication ntlm = new NtlmPasswordAuthentication(
type3.getDomain(), type3.getUser(), challenge,
lmResponse, ntResponse);
logger.debug("Trying to authenticate {} with domain controller", type3.getUser());
try {
SmbSession.logon(dc, ntlm);
ntlmCredential.setPrincipal(this.principalFactory.createPrincipal(type3.getUser()));
success = true;
} catch (final SmbAuthException sae) {
throw new FailedLoginException(sae.getMessage());
}
break;
default:
logger.debug("Unknown type: {}", src[NTLM_TOKEN_TYPE_FIELD_INDEX]);
}
} catch (final Exception e) {
throw new FailedLoginException(e.getMessage());
}
if (!success) {
throw new FailedLoginException();
}
return new DefaultHandlerResult(this, new BasicCredentialMetaData(ntlmCredential), ntlmCredential.getPrincipal());
}
@Override
protected final HandlerResult doAuthentication(
final Credential credential) throws GeneralSecurityException, PreventedException {
final SpnegoCredential ntlmCredential = (SpnegoCredential) credential;
final byte[] src = ntlmCredential.getInitToken();
UniAddress dc = null;
boolean success = false;
try {
if (this.loadBalance) {
// find the first dc that matches the includepattern
if(this.includePattern != null){
NbtAddress [] dcs = NbtAddress.getAllByName(this.domainController, 0x1C, null, null);
for (NbtAddress dc2 : dcs) {
if(dc2.getHostAddress().matches(this.includePattern)){
dc = new UniAddress(dc2);
break;
}
}
} else {
dc = new UniAddress(NbtAddress.getByName(this.domainController,
0x1C, null));
}
} else {
dc = UniAddress.getByName(this.domainController, true);
}
final byte[] challenge = SmbSession.getChallenge(dc);
switch (src[8]) {
case 1:
logger.debug("Type 1 received");
final Type1Message type1 = new Type1Message(src);
final Type2Message type2 = new Type2Message(type1,
challenge, null);
logger.debug("Type 2 returned. Setting next token.");
ntlmCredential.setNextToken(type2.toByteArray());
case 3:
logger.debug("Type 3 received");
final Type3Message type3 = new Type3Message(src);
final byte[] lmResponse = type3.getLMResponse() == null ? new byte[0] : type3.getLMResponse();
byte[] ntResponse = type3.getNTResponse() == null ? new byte[0] : type3.getNTResponse();
final NtlmPasswordAuthentication ntlm = new NtlmPasswordAuthentication(
type3.getDomain(), type3.getUser(), challenge,
lmResponse, ntResponse);
logger.debug("Trying to authenticate {} with domain controller", type3.getUser());
try {
SmbSession.logon(dc, ntlm);
ntlmCredential.setPrincipal(new SimplePrincipal(type3.getUser()));
success = true;
} catch (final SmbAuthException sae) {
throw new FailedLoginException(sae.getMessage());
}
default:
logger.debug("Unknown type: {}", src[8]);
}
} catch (final Exception e) {
throw new FailedLoginException(e.getMessage());
}
if (!success) {
throw new FailedLoginException();
}
return new HandlerResult(this, new BasicCredentialMetaData(ntlmCredential), ntlmCredential.getPrincipal());
}
public String generateType3Msg(String username, String password, String domain, String workstation, String challenge) throws NTLMEngineException {
Type2Message type2Message = decodeType2Message(challenge);
Type3Message type3Message = new Type3Message(type2Message, password, domain, username, workstation, Type3Message.getDefaultFlags());
return Base64.encode(type3Message.toByteArray());
}
public String generateType3Msg(String username, String password, String domain, String workstation, String challenge) throws NTLMEngineException {
Type2Message type2Message = decodeType2Message(challenge);
Type3Message type3Message = new Type3Message(type2Message, password, domain, username, workstation, Type3Message.getDefaultFlags());
return Base64.encode(type3Message.toByteArray());
}