View Javadoc
1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License.
18   *
19   */
20  package org.apache.mina.proxy.handlers.http.ntlm;
21  
22  import java.io.IOException;
23  import java.util.HashMap;
24  import java.util.List;
25  import java.util.Map;
26  
27  import org.apache.mina.core.filterchain.IoFilter.NextFilter;
28  import org.apache.mina.proxy.ProxyAuthException;
29  import org.apache.mina.proxy.handlers.http.AbstractAuthLogicHandler;
30  import org.apache.mina.proxy.handlers.http.HttpProxyConstants;
31  import org.apache.mina.proxy.handlers.http.HttpProxyRequest;
32  import org.apache.mina.proxy.handlers.http.HttpProxyResponse;
33  import org.apache.mina.proxy.session.ProxyIoSession;
34  import org.apache.mina.proxy.utils.StringUtilities;
35  import org.apache.mina.util.Base64;
36  import org.slf4j.Logger;
37  import org.slf4j.LoggerFactory;
38  
39  /**
40   * HttpNTLMAuthLogicHandler.java - HTTP NTLM authentication mechanism logic handler.
41   * 
42   * @author <a href="http://mina.apache.org">Apache MINA Project</a>
43   * @since MINA 2.0.0-M3
44   */
45  public class HttpNTLMAuthLogicHandler extends AbstractAuthLogicHandler {
46  
47      private static final Logger LOGGER = LoggerFactory.getLogger(HttpNTLMAuthLogicHandler.class);
48  
49      /**
50       * The challenge provided by the server.
51       */
52      private byte[] challengePacket = null;
53  
54      /**
55       * Build an HttpNTLMAuthLogicHandler
56       * 
57       * @param proxyIoSession The original session
58       * @throws ProxyAuthException If we get an error during the proxy authentication
59       */
60      public HttpNTLMAuthLogicHandler(final ProxyIoSession proxyIoSession) throws ProxyAuthException {
61          super(proxyIoSession);
62  
63          ((HttpProxyRequest) request).checkRequiredProperties(HttpProxyConstants.USER_PROPERTY,
64                  HttpProxyConstants.PWD_PROPERTY, HttpProxyConstants.DOMAIN_PROPERTY,
65                  HttpProxyConstants.WORKSTATION_PROPERTY);
66      }
67  
68      /**
69       * {@inheritDoc}
70       */
71      @Override
72      public void doHandshake(NextFilter nextFilter) throws ProxyAuthException {
73          LOGGER.debug(" doHandshake()");
74  
75          if (step > 0 && challengePacket == null) {
76              throw new IllegalStateException("NTLM Challenge packet not received");
77          }
78  
79          HttpProxyRequest./../../../../org/apache/mina/proxy/handlers/http/HttpProxyRequest.html#HttpProxyRequest">HttpProxyRequest req = (HttpProxyRequest) request;
80          Map<String, List<String>> headers = req.getHeaders() != null ? req.getHeaders()
81                  : new HashMap<String, List<String>>();
82  
83          String domain = req.getProperties().get(HttpProxyConstants.DOMAIN_PROPERTY);
84          String workstation = req.getProperties().get(HttpProxyConstants.WORKSTATION_PROPERTY);
85  
86          if (step > 0) {
87              LOGGER.debug("  sending NTLM challenge response");
88  
89              byte[] challenge = NTLMUtilities.extractChallengeFromType2Message(challengePacket);
90              int serverFlags = NTLMUtilities.extractFlagsFromType2Message(challengePacket);
91  
92              String username = req.getProperties().get(HttpProxyConstants.USER_PROPERTY);
93              String password = req.getProperties().get(HttpProxyConstants.PWD_PROPERTY);
94  
95              byte[] authenticationPacket = NTLMUtilities.createType3Message(username, password, challenge, domain,
96                      workstation, serverFlags, null);
97  
98              StringUtilities.addValueToHeader(headers, "Proxy-Authorization",
99                      "NTLM " + new String(Base64.encodeBase64(authenticationPacket)), true);
100 
101         } else {
102             LOGGER.debug("  sending NTLM negotiation packet");
103 
104             byte[] negotiationPacket = NTLMUtilities.createType1Message(workstation, domain, null, null);
105             StringUtilities.addValueToHeader(headers, "Proxy-Authorization",
106                     "NTLM " + new String(Base64.encodeBase64(negotiationPacket)), true);
107         }
108 
109         addKeepAliveHeaders(headers);
110         req.setHeaders(headers);
111 
112         writeRequest(nextFilter, req);
113         step++;
114     }
115 
116     /**
117      * @return the value of the NTLM Proxy-Authenticate header.
118      * 
119      * @param response the proxy response
120      */
121     private String getNTLMHeader(final HttpProxyResponse response) {
122         List<String> values = response.getHeaders().get("Proxy-Authenticate");
123 
124         for (String s : values) {
125             if (s.startsWith("NTLM")) {
126                 return s;
127             }
128         }
129 
130         return null;
131     }
132 
133     /**
134      * {@inheritDoc}
135      */
136     @Override
137     public void handleResponse(final HttpProxyResponse response) throws ProxyAuthException {
138         if (step == 0) {
139             String challengeResponse = getNTLMHeader(response);
140             step = 1;
141 
142             if (challengeResponse == null || challengeResponse.length() < 5) {
143                 // Nothing to handle at this step. 
144                 // Just need to send a reply type 1 message in doHandshake().
145                 return;
146             }
147 
148             // else there was no step 0 so continue to step 1.
149         }
150 
151         if (step == 1) {
152             // Header should look like :
153             // Proxy-Authenticate: NTLM still_some_more_stuff
154             String challengeResponse = getNTLMHeader(response);
155 
156             if (challengeResponse == null || challengeResponse.length() < 5) {
157                 throw new ProxyAuthException("Unexpected error while reading server challenge !");
158             }
159 
160             try {
161                 challengePacket = Base64.decodeBase64(challengeResponse.substring(5).getBytes(
162                         proxyIoSession.getCharsetName()));
163             } catch (IOException e) {
164                 throw new ProxyAuthException("Unable to decode the base64 encoded NTLM challenge", e);
165             }
166             step = 2;
167         } else {
168             throw new ProxyAuthException("Received unexpected response code (" + response.getStatusLine() + ").");
169         }
170     }
171 }