Package org.apache.hc.client5.http.impl.auth

Class NTLMEngineImpl

  • All Implemented Interfaces:
    NTLMEngine
    final class NTLMEngineImpl
extends java.lang.Object
implements NTLMEngine
    Provides an implementation for NTLMv1, NTLMv2, and NTLM2 Session forms of the NTLM authentication protocol.
    Since:
    4.1

    • Constructor Summary

      Constructors 
      Constructor Description
      NTLMEngineImpl()  

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      private static byte[] createBlob​(byte[] clientChallenge, byte[] targetInformation, byte[] timestamp)
      Creates the NTLMv2 blob from the given target information block and client challenge.
      private static java.security.Key createDESKey​(byte[] bytes, int offset)
      Creates a DES encryption key from the given key material.
      private static void encodeLong​(byte[] buf, int offset, int value)  
      private static byte[] encodeLong​(int value)  
      (package private) static int F​(int x, int y, int z)  
      (package private) static int G​(int x, int y, int z)  
      java.lang.String generateType1Msg​(java.lang.String domain, java.lang.String workstation)
      Generates a Type1 message given the domain and workstation.
      java.lang.String generateType3Msg​(java.lang.String username, char[] password, java.lang.String domain, java.lang.String workstation, java.lang.String challenge)
      Generates a Type3 message given the user credentials and the authentication challenge.
      private static java.nio.charset.Charset getCharset​(int flags)
      Find the character set based on the flags.
      (package private) static java.security.MessageDigest getMD5()  
      private static byte[] getNullTerminatedAsciiString​(java.lang.String source)  
      (package private) static java.lang.String getResponseFor​(java.lang.String message, java.lang.String username, char[] password, java.lang.String host, java.lang.String domain)
      Returns the response for the given message.
      (package private) static java.lang.String getResponseFor​(java.lang.String message, java.lang.String username, char[] password, java.lang.String host, java.lang.String domain, java.security.cert.Certificate peerServerCertificate)
      Returns the response for the given message.
      (package private) static java.lang.String getType1Message​(java.lang.String host, java.lang.String domain)
      Creates the first message (type 1 message) in the NTLM authentication sequence.
      (package private) static java.lang.String getType3Message​(java.lang.String user, char[] password, java.lang.String host, java.lang.String domain, byte[] nonce, int type2Flags, java.lang.String target, byte[] targetInformation)
      Creates the type 3 message using the given server nonce.
      (package private) static java.lang.String getType3Message​(java.lang.String user, char[] password, java.lang.String host, java.lang.String domain, byte[] nonce, int type2Flags, java.lang.String target, byte[] targetInformation, java.security.cert.Certificate peerServerCertificate, byte[] type1Message, byte[] type2Message)
      Creates the type 3 message using the given server nonce.
      (package private) static int H​(int x, int y, int z)  
      (package private) static byte[] hmacMD5​(byte[] value, byte[] key)
      Calculates HMAC-MD5
      private static byte[] lmHash​(char[] password)
      Creates the LM Hash of the user's password.
      private static byte[] lmResponse​(byte[] hash, byte[] challenge)
      Creates the LM Response from the given hash and Type 2 challenge.
      private static byte[] lmv2Hash​(java.lang.String domain, java.lang.String user, byte[] ntlmHash)
      Creates the LMv2 Hash of the user's password.
      private static byte[] lmv2Response​(byte[] hash, byte[] challenge, byte[] clientData)
      Creates the LMv2 Response from the given hash, client data, and Type 2 challenge.
      private static byte[] makeRandomChallenge​(java.util.Random random)
      Calculate a challenge block
      private static byte[] makeSecondaryKey​(java.util.Random random)
      Calculate a 16-byte secondary key
      (package private) static byte[] ntlm2SessionResponse​(byte[] ntlmHash, byte[] challenge, byte[] clientChallenge)
      Calculates the NTLM2 Session Response for the given challenge, using the specified password and client challenge.
      private static byte[] ntlmHash​(char[] password)
      Creates the NTLM Hash of the user's password.
      private static byte[] ntlmv2Hash​(java.lang.String domain, java.lang.String user, byte[] ntlmHash)
      Creates the NTLMv2 Hash of the user's password.
      private static void oddParity​(byte[] bytes)
      Applies odd parity to the given byte array.
      (package private) static byte[] RC4​(byte[] value, byte[] key)
      Calculates RC4
      private static byte[] readSecurityBuffer​(byte[] src, int index)  
      private static int readULong​(byte[] src, int index)  
      private static int readUShort​(byte[] src, int index)  
      (package private) static int rotintlft​(int val, int numbits)  
      (package private) static void writeULong​(byte[] buffer, int value, int offset)  
      (package private) static void writeUShort​(byte[] buffer, int value, int offset)  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • UNICODE_LITTLE_UNMARKED

        private static final java.nio.charset.Charset UNICODE_LITTLE_UNMARKED
        Unicode encoding

      • DEFAULT_CHARSET

        private static final java.nio.charset.Charset DEFAULT_CHARSET
        Character encoding

      • FLAG_REQUEST_UNICODE_ENCODING

        static final int FLAG_REQUEST_UNICODE_ENCODING
        See Also:
        Constant Field Values

      • FLAG_REQUEST_LAN_MANAGER_KEY

        static final int FLAG_REQUEST_LAN_MANAGER_KEY
        See Also:
        Constant Field Values

      • FLAG_REQUEST_NTLM2_SESSION

        static final int FLAG_REQUEST_NTLM2_SESSION
        See Also:
        Constant Field Values

      • FLAG_REQUEST_128BIT_KEY_EXCH

        static final int FLAG_REQUEST_128BIT_KEY_EXCH
        See Also:
        Constant Field Values

      • FLAG_REQUEST_EXPLICIT_KEY_EXCH

        static final int FLAG_REQUEST_EXPLICIT_KEY_EXCH
        See Also:
        Constant Field Values

      • FLAG_REQUEST_56BIT_ENCRYPTION

        static final int FLAG_REQUEST_56BIT_ENCRYPTION
        See Also:
        Constant Field Values

      • MSV_AV_FLAGS_ACCOUNT_AUTH_CONSTAINED

        static final int MSV_AV_FLAGS_ACCOUNT_AUTH_CONSTAINED
        See Also:
        Constant Field Values

      • MSV_AV_FLAGS_UNTRUSTED_TARGET_SPN

        static final int MSV_AV_FLAGS_UNTRUSTED_TARGET_SPN
        See Also:
        Constant Field Values

      • RND_GEN

        private static final java.security.SecureRandom RND_GEN
        Secure random generator

      • SIGNATURE

        private static final byte[] SIGNATURE
        The signature string as bytes in the default encoding

      • SIGN_MAGIC_SERVER

        private static final byte[] SIGN_MAGIC_SERVER

      • SIGN_MAGIC_CLIENT

        private static final byte[] SIGN_MAGIC_CLIENT

      • SEAL_MAGIC_SERVER

        private static final byte[] SEAL_MAGIC_SERVER

      • SEAL_MAGIC_CLIENT

        private static final byte[] SEAL_MAGIC_CLIENT

      • MAGIC_TLS_SERVER_ENDPOINT

        private static final byte[] MAGIC_TLS_SERVER_ENDPOINT

      • TYPE_1_MESSAGE

        private static final java.lang.String TYPE_1_MESSAGE

    • Constructor Detail

      • NTLMEngineImpl

        NTLMEngineImpl()

    • Method Detail

      • getNullTerminatedAsciiString

        private static byte[] getNullTerminatedAsciiString​(java.lang.String source)

      • getResponseFor

        static java.lang.String getResponseFor​(java.lang.String message,
                                       java.lang.String username,
                                       char[] password,
                                       java.lang.String host,
                                       java.lang.String domain)
                                throws NTLMEngineException
        Returns the response for the given message.
        Parameters:
        message - the message that was received from the server.
        username - the username to authenticate with.
        password - the password to authenticate with.
        host - The host.
        domain - the NT domain to authenticate in.
        Returns:
        The response.
        Throws:
        NTLMEngineException

      • getResponseFor

        static java.lang.String getResponseFor​(java.lang.String message,
                                       java.lang.String username,
                                       char[] password,
                                       java.lang.String host,
                                       java.lang.String domain,
                                       java.security.cert.Certificate peerServerCertificate)
                                throws NTLMEngineException
        Returns the response for the given message.
        Parameters:
        message - the message that was received from the server.
        username - the username to authenticate with.
        password - the password to authenticate with.
        host - The host.
        domain - the NT domain to authenticate in.
        Returns:
        The response.
        Throws:
        NTLMEngineException

      • getType1Message

        static java.lang.String getType1Message​(java.lang.String host,
                                        java.lang.String domain)
        Creates the first message (type 1 message) in the NTLM authentication sequence. This message includes the user name, domain and host for the authentication session.
        Parameters:
        host - the computer name of the host requesting authentication.
        domain - The domain to authenticate with.
        Returns:
        String the message to add to the HTTP request header.

      • getType3Message

        static java.lang.String getType3Message​(java.lang.String user,
                                        char[] password,
                                        java.lang.String host,
                                        java.lang.String domain,
                                        byte[] nonce,
                                        int type2Flags,
                                        java.lang.String target,
                                        byte[] targetInformation)
                                 throws NTLMEngineException
        Creates the type 3 message using the given server nonce. The type 3 message includes all the information for authentication, host, domain, username and the result of encrypting the nonce sent by the server using the user's password as the key.
        Parameters:
        user - The user name. This should not include the domain name.
        password - The password.
        host - The host that is originating the authentication request.
        domain - The domain to authenticate within.
        nonce - the 8 byte array the server sent.
        Returns:
        The type 3 message.
        Throws:
        NTLMEngineException - If Type3Message(String, String, String, char[], byte[], int, String, byte[]) fails.

      • getType3Message

        static java.lang.String getType3Message​(java.lang.String user,
                                        char[] password,
                                        java.lang.String host,
                                        java.lang.String domain,
                                        byte[] nonce,
                                        int type2Flags,
                                        java.lang.String target,
                                        byte[] targetInformation,
                                        java.security.cert.Certificate peerServerCertificate,
                                        byte[] type1Message,
                                        byte[] type2Message)
                                 throws NTLMEngineException
        Creates the type 3 message using the given server nonce. The type 3 message includes all the information for authentication, host, domain, username and the result of encrypting the nonce sent by the server using the user's password as the key.
        Parameters:
        user - The user name. This should not include the domain name.
        password - The password.
        host - The host that is originating the authentication request.
        domain - The domain to authenticate within.
        nonce - the 8 byte array the server sent.
        Returns:
        The type 3 message.
        Throws:
        NTLMEngineException

      • readULong

        private static int readULong​(byte[] src,
                             int index)

      • readUShort

        private static int readUShort​(byte[] src,
                              int index)

      • readSecurityBuffer

        private static byte[] readSecurityBuffer​(byte[] src,
                                         int index)

      • makeRandomChallenge

        private static byte[] makeRandomChallenge​(java.util.Random random)
        Calculate a challenge block

      • makeSecondaryKey

        private static byte[] makeSecondaryKey​(java.util.Random random)
        Calculate a 16-byte secondary key

      • hmacMD5

        static byte[] hmacMD5​(byte[] value,
                      byte[] key)
        Calculates HMAC-MD5

      • ntlm2SessionResponse

        static byte[] ntlm2SessionResponse​(byte[] ntlmHash,
                                   byte[] challenge,
                                   byte[] clientChallenge)
                            throws NTLMEngineException
        Calculates the NTLM2 Session Response for the given challenge, using the specified password and client challenge.
        Returns:
        The NTLM2 Session Response. This is placed in the NTLM response field of the Type 3 message; the LM response field contains the client challenge, null-padded to 24 bytes.
        Throws:
        NTLMEngineException

      • lmHash

        private static byte[] lmHash​(char[] password)
                      throws NTLMEngineException
        Creates the LM Hash of the user's password.
        Parameters:
        password - The password.
        Returns:
        The LM Hash of the given password, used in the calculation of the LM Response.
        Throws:
        NTLMEngineException

      • ntlmHash

        private static byte[] ntlmHash​(char[] password)
                        throws NTLMEngineException
        Creates the NTLM Hash of the user's password.
        Parameters:
        password - The password.
        Returns:
        The NTLM Hash of the given password, used in the calculation of the NTLM Response and the NTLMv2 and LMv2 Hashes.
        Throws:
        NTLMEngineException

      • lmv2Hash

        private static byte[] lmv2Hash​(java.lang.String domain,
                               java.lang.String user,
                               byte[] ntlmHash)
                        throws NTLMEngineException
        Creates the LMv2 Hash of the user's password.
        Returns:
        The LMv2 Hash, used in the calculation of the NTLMv2 and LMv2 Responses.
        Throws:
        NTLMEngineException

      • ntlmv2Hash

        private static byte[] ntlmv2Hash​(java.lang.String domain,
                                 java.lang.String user,
                                 byte[] ntlmHash)
                          throws NTLMEngineException
        Creates the NTLMv2 Hash of the user's password.
        Returns:
        The NTLMv2 Hash, used in the calculation of the NTLMv2 and LMv2 Responses.
        Throws:
        NTLMEngineException

      • lmResponse

        private static byte[] lmResponse​(byte[] hash,
                                 byte[] challenge)
                          throws NTLMEngineException
        Creates the LM Response from the given hash and Type 2 challenge.
        Parameters:
        hash - The LM or NTLM Hash.
        challenge - The server challenge from the Type 2 message.
        Returns:
        The response (either LM or NTLM, depending on the provided hash).
        Throws:
        NTLMEngineException

      • lmv2Response

        private static byte[] lmv2Response​(byte[] hash,
                                   byte[] challenge,
                                   byte[] clientData)
        Creates the LMv2 Response from the given hash, client data, and Type 2 challenge.
        Parameters:
        hash - The NTLMv2 Hash.
        clientData - The client data (blob or client challenge).
        challenge - The server challenge from the Type 2 message.
        Returns:
        The response (either NTLMv2 or LMv2, depending on the client data).

      • encodeLong

        private static byte[] encodeLong​(int value)

      • encodeLong

        private static void encodeLong​(byte[] buf,
                               int offset,
                               int value)

      • createBlob

        private static byte[] createBlob​(byte[] clientChallenge,
                                 byte[] targetInformation,
                                 byte[] timestamp)
        Creates the NTLMv2 blob from the given target information block and client challenge.
        Parameters:
        targetInformation - The target information block from the Type 2 message.
        clientChallenge - The random 8-byte client challenge.
        Returns:
        The blob, used in the calculation of the NTLMv2 Response.

      • createDESKey

        private static java.security.Key createDESKey​(byte[] bytes,
                                              int offset)
        Creates a DES encryption key from the given key material.
        Parameters:
        bytes - A byte array containing the DES key material.
        offset - The offset in the given byte array at which the 7-byte key material starts.
        Returns:
        A DES encryption key created from the key material starting at the specified offset in the given byte array.

      • oddParity

        private static void oddParity​(byte[] bytes)
        Applies odd parity to the given byte array.
        Parameters:
        bytes - The data whose parity bits are to be adjusted for odd parity.

      • getCharset

        private static java.nio.charset.Charset getCharset​(int flags)
                                            throws NTLMEngineException
        Find the character set based on the flags.
        Parameters:
        flags - is the flags.
        Returns:
        the character set.
        Throws:
        NTLMEngineException

      • writeUShort

        static void writeUShort​(byte[] buffer,
                        int value,
                        int offset)

      • writeULong

        static void writeULong​(byte[] buffer,
                       int value,
                       int offset)

      • F

        static int F​(int x,
             int y,
             int z)

      • G

        static int G​(int x,
             int y,
             int z)

      • H

        static int H​(int x,
             int y,
             int z)

      • rotintlft

        static int rotintlft​(int val,
                     int numbits)

      • getMD5

        static java.security.MessageDigest getMD5()

      • generateType1Msg

        public java.lang.String generateType1Msg​(java.lang.String domain,
                                         java.lang.String workstation)
                                  throws NTLMEngineException
        Description copied from interface: NTLMEngine
        Generates a Type1 message given the domain and workstation.
        Specified by:
        generateType1Msg in interface NTLMEngine
        Parameters:
        domain - Optional Windows domain name. Can be null.
        workstation - Optional Windows workstation name. Can be null.
        Returns:
        Type1 message
        Throws:
        NTLMEngineException

      • generateType3Msg

        public java.lang.String generateType3Msg​(java.lang.String username,
                                         char[] password,
                                         java.lang.String domain,
                                         java.lang.String workstation,
                                         java.lang.String challenge)
                                  throws NTLMEngineException
        Description copied from interface: NTLMEngine
        Generates a Type3 message given the user credentials and the authentication challenge.
        Specified by:
        generateType3Msg in interface NTLMEngine
        Parameters:
        username - Windows user name
        password - Password
        domain - Windows domain name
        workstation - Windows workstation name
        challenge - Type2 challenge.
        Returns:
        Type3 response.
        Throws:
        NTLMEngineException