1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.mina.proxy.handlers.http.ntlm;
21
22 import java.io.IOException;
23 import java.util.HashMap;
24 import java.util.List;
25 import java.util.Map;
26
27 import org.apache.mina.core.filterchain.IoFilter.NextFilter;
28 import org.apache.mina.proxy.ProxyAuthException;
29 import org.apache.mina.proxy.handlers.http.AbstractAuthLogicHandler;
30 import org.apache.mina.proxy.handlers.http.HttpProxyConstants;
31 import org.apache.mina.proxy.handlers.http.HttpProxyRequest;
32 import org.apache.mina.proxy.handlers.http.HttpProxyResponse;
33 import org.apache.mina.proxy.session.ProxyIoSession;
34 import org.apache.mina.proxy.utils.StringUtilities;
35 import org.apache.mina.util.Base64;
36 import org.slf4j.Logger;
37 import org.slf4j.LoggerFactory;
38
39
40
41
42
43
44
45 public class HttpNTLMAuthLogicHandler extends AbstractAuthLogicHandler {
46
47 private static final Logger LOGGER = LoggerFactory.getLogger(HttpNTLMAuthLogicHandler.class);
48
49
50
51
52 private byte[] challengePacket = null;
53
54
55
56
57
58
59
60 public HttpNTLMAuthLogicHandler(final ProxyIoSession proxyIoSession) throws ProxyAuthException {
61 super(proxyIoSession);
62
63 ((HttpProxyRequest) request).checkRequiredProperties(HttpProxyConstants.USER_PROPERTY,
64 HttpProxyConstants.PWD_PROPERTY, HttpProxyConstants.DOMAIN_PROPERTY,
65 HttpProxyConstants.WORKSTATION_PROPERTY);
66 }
67
68
69
70
71 @Override
72 public void doHandshake(NextFilter nextFilter) throws ProxyAuthException {
73 LOGGER.debug(" doHandshake()");
74
75 if (step > 0 && challengePacket == null) {
76 throw new IllegalStateException("NTLM Challenge packet not received");
77 }
78
79 HttpProxyRequest./../../../../org/apache/mina/proxy/handlers/http/HttpProxyRequest.html#HttpProxyRequest">HttpProxyRequest req = (HttpProxyRequest) request;
80 Map<String, List<String>> headers = req.getHeaders() != null ? req.getHeaders()
81 : new HashMap<String, List<String>>();
82
83 String domain = req.getProperties().get(HttpProxyConstants.DOMAIN_PROPERTY);
84 String workstation = req.getProperties().get(HttpProxyConstants.WORKSTATION_PROPERTY);
85
86 if (step > 0) {
87 LOGGER.debug(" sending NTLM challenge response");
88
89 byte[] challenge = NTLMUtilities.extractChallengeFromType2Message(challengePacket);
90 int serverFlags = NTLMUtilities.extractFlagsFromType2Message(challengePacket);
91
92 String username = req.getProperties().get(HttpProxyConstants.USER_PROPERTY);
93 String password = req.getProperties().get(HttpProxyConstants.PWD_PROPERTY);
94
95 byte[] authenticationPacket = NTLMUtilities.createType3Message(username, password, challenge, domain,
96 workstation, serverFlags, null);
97
98 StringUtilities.addValueToHeader(headers, "Proxy-Authorization",
99 "NTLM " + new String(Base64.encodeBase64(authenticationPacket)), true);
100
101 } else {
102 LOGGER.debug(" sending NTLM negotiation packet");
103
104 byte[] negotiationPacket = NTLMUtilities.createType1Message(workstation, domain, null, null);
105 StringUtilities.addValueToHeader(headers, "Proxy-Authorization",
106 "NTLM " + new String(Base64.encodeBase64(negotiationPacket)), true);
107 }
108
109 addKeepAliveHeaders(headers);
110 req.setHeaders(headers);
111
112 writeRequest(nextFilter, req);
113 step++;
114 }
115
116
117
118
119
120
121 private String getNTLMHeader(final HttpProxyResponse response) {
122 List<String> values = response.getHeaders().get("Proxy-Authenticate");
123
124 for (String s : values) {
125 if (s.startsWith("NTLM")) {
126 return s;
127 }
128 }
129
130 return null;
131 }
132
133
134
135
136 @Override
137 public void handleResponse(final HttpProxyResponse response) throws ProxyAuthException {
138 if (step == 0) {
139 String challengeResponse = getNTLMHeader(response);
140 step = 1;
141
142 if (challengeResponse == null || challengeResponse.length() < 5) {
143
144
145 return;
146 }
147
148
149 }
150
151 if (step == 1) {
152
153
154 String challengeResponse = getNTLMHeader(response);
155
156 if (challengeResponse == null || challengeResponse.length() < 5) {
157 throw new ProxyAuthException("Unexpected error while reading server challenge !");
158 }
159
160 try {
161 challengePacket = Base64.decodeBase64(challengeResponse.substring(5).getBytes(
162 proxyIoSession.getCharsetName()));
163 } catch (IOException e) {
164 throw new ProxyAuthException("Unable to decode the base64 encoded NTLM challenge", e);
165 }
166 step = 2;
167 } else {
168 throw new ProxyAuthException("Received unexpected response code (" + response.getStatusLine() + ").");
169 }
170 }
171 }