1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.mina.proxy.handlers.http.ntlm;
21
22 import java.io.IOException;
23 import java.util.HashMap;
24 import java.util.List;
25 import java.util.Map;
26
27 import org.apache.mina.core.filterchain.IoFilter.NextFilter;
28 import org.apache.mina.proxy.ProxyAuthException;
29 import org.apache.mina.proxy.handlers.http.AbstractAuthLogicHandler;
30 import org.apache.mina.proxy.handlers.http.HttpProxyConstants;
31 import org.apache.mina.proxy.handlers.http.HttpProxyRequest;
32 import org.apache.mina.proxy.handlers.http.HttpProxyResponse;
33 import org.apache.mina.proxy.session.ProxyIoSession;
34 import org.apache.mina.proxy.utils.StringUtilities;
35 import org.apache.mina.util.Base64;
36 import org.slf4j.Logger;
37 import org.slf4j.LoggerFactory;
38
39
40
41
42
43
44
45 public class HttpNTLMAuthLogicHandler extends AbstractAuthLogicHandler {
46
47 private final static Logger LOGGER = LoggerFactory.getLogger(HttpNTLMAuthLogicHandler.class);
48
49
50
51
52 private byte[] challengePacket = null;
53
54
55
56
57 public HttpNTLMAuthLogicHandler(final ProxyIoSession proxyIoSession) throws ProxyAuthException {
58 super(proxyIoSession);
59
60 ((HttpProxyRequest) request).checkRequiredProperties(HttpProxyConstants.USER_PROPERTY,
61 HttpProxyConstants.PWD_PROPERTY, HttpProxyConstants.DOMAIN_PROPERTY,
62 HttpProxyConstants.WORKSTATION_PROPERTY);
63 }
64
65
66
67
68 @Override
69 public void doHandshake(NextFilter nextFilter) throws ProxyAuthException {
70 LOGGER.debug(" doHandshake()");
71
72 if (step > 0 && challengePacket == null) {
73 throw new IllegalStateException("NTLM Challenge packet not received");
74 }
75
76 HttpProxyRequest req = (HttpProxyRequest) request;
77 Map<String, List<String>> headers = req.getHeaders() != null ? req.getHeaders()
78 : new HashMap<String, List<String>>();
79
80 String domain = req.getProperties().get(HttpProxyConstants.DOMAIN_PROPERTY);
81 String workstation = req.getProperties().get(HttpProxyConstants.WORKSTATION_PROPERTY);
82
83 if (step > 0) {
84 LOGGER.debug(" sending NTLM challenge response");
85
86 byte[] challenge = NTLMUtilities.extractChallengeFromType2Message(challengePacket);
87 int serverFlags = NTLMUtilities.extractFlagsFromType2Message(challengePacket);
88
89 String username = req.getProperties().get(HttpProxyConstants.USER_PROPERTY);
90 String password = req.getProperties().get(HttpProxyConstants.PWD_PROPERTY);
91
92 byte[] authenticationPacket = NTLMUtilities.createType3Message(username, password, challenge, domain,
93 workstation, serverFlags, null);
94
95 StringUtilities.addValueToHeader(headers, "Proxy-Authorization",
96 "NTLM " + new String(Base64.encodeBase64(authenticationPacket)), true);
97
98 } else {
99 LOGGER.debug(" sending NTLM negotiation packet");
100
101 byte[] negotiationPacket = NTLMUtilities.createType1Message(workstation, domain, null, null);
102 StringUtilities.addValueToHeader(headers, "Proxy-Authorization",
103 "NTLM " + new String(Base64.encodeBase64(negotiationPacket)), true);
104 }
105
106 addKeepAliveHeaders(headers);
107 req.setHeaders(headers);
108
109 writeRequest(nextFilter, req);
110 step++;
111 }
112
113
114
115
116
117
118 private String getNTLMHeader(final HttpProxyResponse response) {
119 List<String> values = response.getHeaders().get("Proxy-Authenticate");
120
121 for (String s : values) {
122 if (s.startsWith("NTLM")) {
123 return s;
124 }
125 }
126
127 return null;
128 }
129
130
131
132
133 @Override
134 public void handleResponse(final HttpProxyResponse response) throws ProxyAuthException {
135 if (step == 0) {
136 String challengeResponse = getNTLMHeader(response);
137 step = 1;
138
139 if (challengeResponse == null || challengeResponse.length() < 5) {
140
141
142 return;
143 }
144
145
146 }
147
148 if (step == 1) {
149
150
151 String challengeResponse = getNTLMHeader(response);
152
153 if (challengeResponse == null || challengeResponse.length() < 5) {
154 throw new ProxyAuthException("Unexpected error while reading server challenge !");
155 }
156
157 try {
158 challengePacket = Base64.decodeBase64(challengeResponse.substring(5).getBytes(
159 proxyIoSession.getCharsetName()));
160 } catch (IOException e) {
161 throw new ProxyAuthException("Unable to decode the base64 encoded NTLM challenge", e);
162 }
163 step = 2;
164 } else {
165 throw new ProxyAuthException("Received unexpected response code (" + response.getStatusLine() + ").");
166 }
167 }
168 }