/** * Produces bearer authorization string for the given set of {@link Credentials}. * * @param credentials The set of credentials to be used for authentication * @param method The method being authenticated * @throws InvalidCredentialsException If authentication credentials are not valid or not applicable for this authentication * scheme. * @throws AuthenticationException If authorization string cannot be generated due to an authentication failure. * * @return a basic authorization string */ public String authenticate(Credentials credentials, HttpMethod method) throws AuthenticationException { Log_OC.d(TAG, "enter BearerScheme.authenticate(Credentials, HttpMethod)"); if (method == null) { throw new IllegalArgumentException("Method may not be null"); } BearerCredentials bearer = null; try { bearer = (BearerCredentials) credentials; } catch (ClassCastException e) { throw new InvalidCredentialsException( "Credentials cannot be used for bearer authentication: " + credentials.getClass().getName()); } return BearerAuthScheme.authenticate( bearer, method.getParams().getCredentialCharset()); }
private Definition readWsdl(WSDLReader wsdlReader, String uri, String username, String password) throws WSDLException, KettleException, AuthenticationException { try { HTTPProtocol http = new HTTPProtocol(); Document doc = XMLHandler.loadXMLString(http.get(wsdlURI.toString(), username, password), true, false); if (doc != null) { return(wsdlReader.readWSDL(doc.getBaseURI(), doc)); } else { throw new KettleException("Unable to get document."); } } catch (MalformedURLException mue) { throw new KettleException(mue); } catch (AuthenticationException ae) { // re-throw this. If not IOException seems to catch it throw ae; } catch (IOException ioe) { throw new KettleException(ioe); } }
/** Constructor to use when message contents are known */ NTLMMessage(String messageBody, int expectedType) throws AuthenticationException { messageContents = Base64.decodeBase64(EncodingUtils.getBytes(messageBody, DEFAULT_CHARSET)); // Look for NTLM message if (messageContents.length < SIGNATURE.length) { throw new AuthenticationException("NTLM message decoding error - packet too short"); } int i = 0; while (i < SIGNATURE.length) { if (messageContents[i] != SIGNATURE[i]) { throw new AuthenticationException( "NTLM message expected - instead got unrecognized bytes"); } i++; } // Check to be sure there's a type 2 message indicator next int type = readULong(SIGNATURE.length); if (type != expectedType) { throw new AuthenticationException("NTLM type " + Integer.toString(expectedType) + " message expected - instead got type " + Integer.toString(type)); } currentOutputPosition = messageContents.length; }
public String generateType3Msg( final String username, final String password, final String domain, final String workstation, final String challenge) throws AuthenticationException { Type2Message t2m = new Type2Message(challenge); return getType3Message( username, password, workstation, domain, t2m.getChallenge(), t2m.getFlags(), t2m.getTarget(), t2m.getTargetInfo()); }
private void authenticate(final HttpMethod method) { try { if (this.conn.isProxied() && !this.conn.isSecure()) { authenticateProxy(method); } authenticateHost(method); } catch (AuthenticationException e) { LOG.error(e.getMessage(), e); } }
private void authenticateProxy(final HttpMethod method) throws AuthenticationException { // Clean up existing authentication headers if (!cleanAuthHeaders(method, PROXY_AUTH_RESP)) { // User defined authentication header(s) present return; } AuthState authstate = method.getProxyAuthState(); AuthScheme authscheme = authstate.getAuthScheme(); if (authscheme == null) { return; } if (authstate.isAuthRequested() || !authscheme.isConnectionBased()) { AuthScope authscope = new AuthScope( conn.getProxyHost(), conn.getProxyPort(), authscheme.getRealm(), authscheme.getSchemeName()); if (LOG.isDebugEnabled()) { LOG.debug("Authenticating with " + authscope); } Credentials credentials = this.state.getProxyCredentials(authscope); if (credentials != null) { String authstring = authscheme.authenticate(credentials, method); if (authstring != null) { method.addRequestHeader(new Header(PROXY_AUTH_RESP, authstring, true)); } } else { if (LOG.isWarnEnabled()) { LOG.warn("Required proxy credentials not available for " + authscope); if (method.getProxyAuthState().isPreemptive()) { LOG.warn("Preemptive authentication requested but no default " + "proxy credentials available"); } } } } }
@Override protected String getType3MessageResponse(String type2message, NTCredentials ntcredentials, HttpMethodParams params) throws AuthenticationException { if (!params.getBooleanParameter(WebServiceHelper.USE_NATIVE_CREDENTIALS, false) || myAuthSequenceObject == null) { return super.getType3MessageResponse(type2message, ntcredentials, params); } try { return (String)myGetAuthHeaderMethod.invoke(myAuthSequenceObject, new Object[]{type2message}); } catch (Throwable t) { LOG.warn("Native authentication failed", t); return ""; } }
public EwsJCIFSNTLMScheme() throws AuthenticationException { // Check if JCIFS is present. If not present, do not proceed. try { Class.forName("jcifs.ntlmssp.NtlmMessage",false,this.getClass().getClassLoader()); } catch (ClassNotFoundException e) { throw new AuthenticationException("Unable to proceed as JCIFS library is not found."); } }
/** * Load and parse the WSDL file using the wsdlLocator. * * @param wsdlLocator A WSDLLocator instance. * @param username to use for authentication * @param password to use for authentication * @return wsdl Definition. * @throws WSDLException on error. */ private Definition parse(WSDLLocator wsdlLocator, String username, String password) throws WSDLException, KettleException, AuthenticationException { WSDLReader wsdlReader = getReader(); try { return wsdlReader.readWSDL(wsdlLocator); } catch (WSDLException we) { readWsdl(wsdlReader, wsdlURI.toString(), username, password); return null; } }
/** * Load and parse the WSDL file at the specified URI. * * @param wsdlURI URI of the WSDL file. * @param username to use for authentication * @param password to use for authentication * @return wsdl Definition * @throws WSDLException on error. */ private Definition parse(URI wsdlURI, String username, String password) throws WSDLException, KettleException, AuthenticationException { WSDLReader wsdlReader = getReader(); try { return wsdlReader.readWSDL(wsdlURI.toString()); } catch (WSDLException we) { return readWsdl(wsdlReader, wsdlURI.toString(), username, password); } }
/** * Performs a get on urlAsString using username and password as credentials. * * If the status code returned not -1 and 401 then the contents are returned. * If the status code is 401 an AuthenticationException is thrown. * * All other values of status code are not dealt with but logic can be * added as needed. * * @param urlAsString * @param username * @param password * @param encoding * @return * @throws MalformedURLException * @throws IOException */ public String get(String urlAsString, String username, String password) throws MalformedURLException, IOException, AuthenticationException { HttpClient httpClient = new HttpClient(); GetMethod getMethod = new GetMethod(urlAsString); httpClient.getParams().setAuthenticationPreemptive(true); Credentials defaultcreds = new UsernamePasswordCredentials(username, password); httpClient.getState().setCredentials(AuthScope.ANY, defaultcreds); int statusCode = httpClient.executeMethod(getMethod); StringBuffer bodyBuffer = new StringBuffer(); if (statusCode!= -1) { if (statusCode != 401) { // the response InputStreamReader inputStreamReader = new InputStreamReader(getMethod.getResponseBodyAsStream()); int c; while ( (c=inputStreamReader.read())!=-1) { bodyBuffer.append((char)c); } inputStreamReader.close(); } else { throw new AuthenticationException(); } } // Display response return bodyBuffer.toString(); }
private static int readULong(byte[] src, int index) throws AuthenticationException { if (src.length < index + 4) { throw new AuthenticationException("NTLM authentication - buffer too small for DWORD"); } return (src[index] & 0xff) | ((src[index + 1] & 0xff) << 8) | ((src[index + 2] & 0xff) << 16) | ((src[index + 3] & 0xff) << 24); }
private static byte[] readSecurityBuffer(byte[] src, int index) throws AuthenticationException { int length = readUShort(src, index); int offset = readULong(src, index + 4); if (src.length < offset + length) { throw new AuthenticationException( "NTLM authentication - buffer too small for data item"); } byte[] buffer = new byte[length]; System.arraycopy(src, offset, buffer, 0, length); return buffer; }
/** Calculate a challenge block */ private static byte[] makeRandomChallenge() throws AuthenticationException { if (RND_GEN == null) { throw new AuthenticationException("Random generator not available"); } byte[] rval = new byte[8]; synchronized (RND_GEN) { RND_GEN.nextBytes(rval); } return rval; }
/** Calculate a 16-byte secondary key */ private static byte[] makeSecondaryKey() throws AuthenticationException { if (RND_GEN == null) { throw new AuthenticationException("Random generator not available"); } byte[] rval = new byte[16]; synchronized (RND_GEN) { RND_GEN.nextBytes(rval); } return rval; }
/** Calculate and return client challenge */ public byte[] getClientChallenge() throws AuthenticationException { if (clientChallenge == null) { clientChallenge = makeRandomChallenge(); } return clientChallenge; }
/** Calculate and return random secondary key */ public byte[] getSecondaryKey() throws AuthenticationException { if (secondaryKey == null) { secondaryKey = makeSecondaryKey(); } return secondaryKey; }
/** Calculate and return the LMHash */ public byte[] getLMHash() throws AuthenticationException { if (lmHash == null) { lmHash = lmHash(password); } return lmHash; }
/** Calculate and return the LMResponse */ public byte[] getLMResponse() throws AuthenticationException { if (lmResponse == null) { lmResponse = lmResponse(getLMHash(), challenge); } return lmResponse; }
/** Calculate and return the NTLMHash */ public byte[] getNTLMHash() throws AuthenticationException { if (ntlmHash == null) { ntlmHash = ntlmHash(password); } return ntlmHash; }
/** Calculate and return the NTLMResponse */ public byte[] getNTLMResponse() throws AuthenticationException { if (ntlmResponse == null) { ntlmResponse = lmResponse(getNTLMHash(), challenge); } return ntlmResponse; }
/** Calculate the NTLMv2 hash */ public byte[] getNTLMv2Hash() throws AuthenticationException { if (ntlmv2Hash == null) { ntlmv2Hash = ntlmv2Hash(target, user, password); } return ntlmv2Hash; }
/** Calculate the NTLMv2Blob */ public byte[] getNTLMv2Blob() throws AuthenticationException { if (ntlmv2Blob == null) { ntlmv2Blob = createBlob(getClientChallenge(), targetInformation, getTimestamp()); } return ntlmv2Blob; }
/** Calculate the NTLMv2Response */ public byte[] getNTLMv2Response() throws AuthenticationException { if (ntlmv2Response == null) { ntlmv2Response = lmv2Response(getNTLMv2Hash(), challenge, getNTLMv2Blob()); } return ntlmv2Response; }
/** Calculate the LMv2Response */ public byte[] getLMv2Response() throws AuthenticationException { if (lmv2Response == null) { lmv2Response = lmv2Response(getNTLMv2Hash(), challenge, getClientChallenge()); } return lmv2Response; }
/** Get NTLM2SessionResponse */ public byte[] getNTLM2SessionResponse() throws AuthenticationException { if (ntlm2SessionResponse == null) { ntlm2SessionResponse = ntlm2SessionResponse(getNTLMHash(), challenge, getClientChallenge()); } return ntlm2SessionResponse; }
/** Calculate and return LM2 session response */ public byte[] getLM2SessionResponse() throws AuthenticationException { if (lm2SessionResponse == null) { byte[] clientChallenge = getClientChallenge(); lm2SessionResponse = new byte[24]; System.arraycopy(clientChallenge, 0, lm2SessionResponse, 0, clientChallenge.length); Arrays.fill(lm2SessionResponse, clientChallenge.length, lm2SessionResponse.length, (byte) 0x00); } return lm2SessionResponse; }
/** Get LMUserSessionKey */ public byte[] getLMUserSessionKey() throws AuthenticationException { if (lmUserSessionKey == null) { byte[] lmHash = getLMHash(); lmUserSessionKey = new byte[16]; System.arraycopy(lmHash, 0, lmUserSessionKey, 0, 8); Arrays.fill(lmUserSessionKey, 8, 16, (byte) 0x00); } return lmUserSessionKey; }
/** Get NTLMUserSessionKey */ public byte[] getNTLMUserSessionKey() throws AuthenticationException { if (ntlmUserSessionKey == null) { byte[] ntlmHash = getNTLMHash(); MD4 md4 = new MD4(); md4.update(ntlmHash); ntlmUserSessionKey = md4.getOutput(); } return ntlmUserSessionKey; }
/** GetNTLMv2UserSessionKey */ public byte[] getNTLMv2UserSessionKey() throws AuthenticationException { if (ntlmv2UserSessionKey == null) { byte[] ntlmv2Hash = getNTLMv2Hash(); byte[] ntlmv2Blob = getNTLMv2Blob(); byte[] temp = new byte[ntlmv2Blob.length + challenge.length]; // "The challenge is concatenated with the blob" - check this (MHL) System.arraycopy(challenge, 0, temp, 0, challenge.length); System.arraycopy(ntlmv2Blob, 0, temp, challenge.length, ntlmv2Blob.length); byte[] partial = hmacMD5(temp, ntlmv2Hash); ntlmv2UserSessionKey = hmacMD5(partial, ntlmv2Hash); } return ntlmv2UserSessionKey; }
/** Get NTLM2SessionResponseUserSessionKey */ public byte[] getNTLM2SessionResponseUserSessionKey() throws AuthenticationException { if (ntlm2SessionResponseUserSessionKey == null) { byte[] ntlmUserSessionKey = getNTLMUserSessionKey(); byte[] ntlm2SessionResponseNonce = getLM2SessionResponse(); byte[] sessionNonce = new byte[challenge.length + ntlm2SessionResponseNonce.length]; System.arraycopy(challenge, 0, sessionNonce, 0, challenge.length); System.arraycopy(ntlm2SessionResponseNonce, 0, sessionNonce, challenge.length, ntlm2SessionResponseNonce.length); ntlm2SessionResponseUserSessionKey = hmacMD5(sessionNonce, ntlmUserSessionKey); } return ntlm2SessionResponseUserSessionKey; }
/** Get LAN Manager session key */ public byte[] getLanManagerSessionKey() throws AuthenticationException { if (lanManagerSessionKey == null) { byte[] lmHash = getLMHash(); byte[] lmResponse = getLMResponse(); try { byte[] keyBytes = new byte[14]; System.arraycopy(lmHash, 0, keyBytes, 0, 8); Arrays.fill(keyBytes, 8, keyBytes.length, (byte) 0xbd); Key lowKey = createDESKey(keyBytes, 0); Key highKey = createDESKey(keyBytes, 7); byte[] truncatedResponse = new byte[8]; System.arraycopy(lmResponse, 0, truncatedResponse, 0, truncatedResponse.length); Cipher des = Cipher.getInstance("DES/ECB/NoPadding"); des.init(Cipher.ENCRYPT_MODE, lowKey); byte[] lowPart = des.doFinal(truncatedResponse); des = Cipher.getInstance("DES/ECB/NoPadding"); des.init(Cipher.ENCRYPT_MODE, highKey); byte[] highPart = des.doFinal(truncatedResponse); lanManagerSessionKey = new byte[16]; System.arraycopy(lowPart, 0, lanManagerSessionKey, 0, lowPart.length); System.arraycopy(highPart, 0, lanManagerSessionKey, lowPart.length, highPart.length); } catch (Exception e) { throw new AuthenticationException(e.getMessage(), e); } } return lanManagerSessionKey; }
/** Calculates RC4 */ static byte[] RC4(byte[] value, byte[] key) throws AuthenticationException { try { Cipher rc4 = Cipher.getInstance("RC4"); rc4.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, "RC4")); return rc4.doFinal(value); } catch (Exception e) { throw new AuthenticationException(e.getMessage(), e); } }
/** * Calculates the NTLM2 Session Response for the given challenge, using the * specified password and client challenge. * * @param ntlmHash * The user's password. * @param challenge * The Type 2 challenge from the server. * @param clientChallenge * The random 8-byte client challenge. * * @return The NTLM2 Session Response. This is placed in the NTLM response * field of the Type 3 message; the LM response field contains the * client challenge, null-padded to 24 bytes. */ static byte[] ntlm2SessionResponse(byte[] ntlmHash, byte[] challenge, byte[] clientChallenge) throws AuthenticationException { try { // Look up MD5 algorithm (was necessary on jdk 1.4.2) // This used to be needed, but java 1.5.0_07 includes the MD5 // algorithm (finally) // Class x = Class.forName("gnu.crypto.hash.MD5"); // Method updateMethod = x.getMethod("update",new // Class[]{byte[].class}); // Method digestMethod = x.getMethod("digest",new Class[0]); // Object mdInstance = x.newInstance(); // updateMethod.invoke(mdInstance,new Object[]{challenge}); // updateMethod.invoke(mdInstance,new Object[]{clientChallenge}); // byte[] digest = (byte[])digestMethod.invoke(mdInstance,new // Object[0]); MessageDigest md5 = MessageDigest.getInstance("MD5"); md5.update(challenge); md5.update(clientChallenge); byte[] digest = md5.digest(); byte[] sessionHash = new byte[8]; System.arraycopy(digest, 0, sessionHash, 0, 8); return lmResponse(ntlmHash, sessionHash); } catch (Exception e) { if (e instanceof AuthenticationException) { throw (AuthenticationException) e; } throw new AuthenticationException(e.getMessage(), e); } }
/** * Creates the NTLM Hash of the user's password. * * @param password * The password. * * @return The NTLM Hash of the given password, used in the calculation of * the NTLM Response and the NTLMv2 and LMv2 Hashes. */ private static byte[] ntlmHash(String password) throws AuthenticationException { try { byte[] unicodePassword = password.getBytes("UnicodeLittleUnmarked"); MD4 md4 = new MD4(); md4.update(unicodePassword); return md4.getOutput(); } catch (java.io.UnsupportedEncodingException e) { throw new AuthenticationException("Unicode not supported: " + e.getMessage(), e); } }
/** * Creates the NTLMv2 Hash of the user's password. * * @param target * The authentication target (i.e., domain). * @param user * The username. * @param password * The password. * * @return The NTLMv2 Hash, used in the calculation of the NTLMv2 and LMv2 * Responses. */ private static byte[] ntlmv2Hash(String target, String user, String password) throws AuthenticationException { try { byte[] ntlmHash = ntlmHash(password); HMACMD5 hmacMD5 = new HMACMD5(ntlmHash); // Upper case username, mixed case target!! hmacMD5.update(user.toUpperCase(Locale.US).getBytes("UnicodeLittleUnmarked")); hmacMD5.update(target.getBytes("UnicodeLittleUnmarked")); return hmacMD5.getOutput(); } catch (java.io.UnsupportedEncodingException e) { throw new AuthenticationException("Unicode not supported! " + e.getMessage(), e); } }