1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.mina.proxy.handlers.http.ntlm;
21
22 import java.io.IOException;
23 import java.util.HashMap;
24 import java.util.List;
25 import java.util.Map;
26
27 import org.apache.mina.core.filterchain.IoFilter.NextFilter;
28 import org.apache.mina.proxy.ProxyAuthException;
29 import org.apache.mina.proxy.handlers.http.AbstractAuthLogicHandler;
30 import org.apache.mina.proxy.handlers.http.HttpProxyConstants;
31 import org.apache.mina.proxy.handlers.http.HttpProxyRequest;
32 import org.apache.mina.proxy.handlers.http.HttpProxyResponse;
33 import org.apache.mina.proxy.session.ProxyIoSession;
34 import org.apache.mina.proxy.utils.StringUtilities;
35 import org.apache.mina.util.Base64;
36 import org.slf4j.Logger;
37 import org.slf4j.LoggerFactory;
38
39
40
41
42
43
44
45
46 public class HttpNTLMAuthLogicHandler extends AbstractAuthLogicHandler {
47
48 private final static Logger logger = LoggerFactory
49 .getLogger(HttpNTLMAuthLogicHandler.class);
50
51
52
53
54 private byte[] challengePacket = null;
55
56
57
58
59 public HttpNTLMAuthLogicHandler(final ProxyIoSession proxyIoSession)
60 throws ProxyAuthException {
61 super(proxyIoSession);
62
63 if (request == null || !(request instanceof HttpProxyRequest)) {
64 throw new IllegalArgumentException(
65 "request parameter should be a non null HttpProxyRequest instance");
66 }
67
68 ((HttpProxyRequest) request).checkRequiredProperties(
69 HttpProxyConstants.USER_PROPERTY,
70 HttpProxyConstants.PWD_PROPERTY,
71 HttpProxyConstants.DOMAIN_PROPERTY,
72 HttpProxyConstants.WORKSTATION_PROPERTY);
73 }
74
75
76
77
78 @Override
79 public void doHandshake(NextFilter nextFilter) throws ProxyAuthException {
80 logger.debug(" doHandshake()");
81
82 if (step > 0 && challengePacket == null) {
83 throw new IllegalStateException("Challenge packet not received");
84 } else {
85 HttpProxyRequest req = (HttpProxyRequest) request;
86 Map<String, List<String>> headers = req.getHeaders() != null ? req
87 .getHeaders() : new HashMap<String, List<String>>();
88
89 String domain = req.getProperties().get(
90 HttpProxyConstants.DOMAIN_PROPERTY);
91 String workstation = req.getProperties().get(
92 HttpProxyConstants.WORKSTATION_PROPERTY);
93
94 if (step > 0) {
95 logger.debug(" sending NTLM challenge response");
96
97 byte[] challenge = NTLMUtilities
98 .extractChallengeFromType2Message(challengePacket);
99 int serverFlags = NTLMUtilities
100 .extractFlagsFromType2Message(challengePacket);
101
102 String username = req.getProperties().get(
103 HttpProxyConstants.USER_PROPERTY);
104 String password = req.getProperties().get(
105 HttpProxyConstants.PWD_PROPERTY);
106
107 byte[] authenticationPacket = NTLMUtilities.createType3Message(
108 username, password, challenge, domain, workstation,
109 serverFlags, null);
110
111 StringUtilities.addValueToHeader(headers,
112 "Proxy-Authorization", "NTLM "
113 + new String(Base64
114 .encodeBase64(authenticationPacket)),
115 true);
116
117 } else {
118 logger.debug(" sending HTTP request");
119
120 byte[] negotiationPacket = NTLMUtilities.createType1Message(
121 workstation, domain, null, null);
122 StringUtilities
123 .addValueToHeader(
124 headers,
125 "Proxy-Authorization",
126 "NTLM "
127 + new String(
128 Base64
129 .encodeBase64(negotiationPacket)),
130 true);
131 }
132
133 StringUtilities.addValueToHeader(headers, "Keep-Alive",
134 HttpProxyConstants.DEFAULT_KEEP_ALIVE_TIME, true);
135 StringUtilities.addValueToHeader(headers, "Proxy-Connection",
136 "keep-Alive", true);
137 req.setHeaders(headers);
138
139 writeRequest(nextFilter, req);
140 step++;
141 }
142 }
143
144
145
146
147 private String getNTLMHeader(final HttpProxyResponse response) {
148 List<String> values = response.getHeaders().get("Proxy-Authenticate");
149
150 for (String s : values) {
151 if (s.startsWith("NTLM")) {
152 return s;
153 }
154 }
155
156 return null;
157 }
158
159
160
161
162 @Override
163 public void handleResponse(final HttpProxyResponse response)
164 throws ProxyAuthException {
165 if (step == 0) {
166 String challengeResponse = getNTLMHeader(response);
167 step = 1;
168
169 if (challengeResponse == null || challengeResponse.length() < 5) {
170
171
172 return;
173 }
174
175
176 }
177
178 if (step == 1) {
179
180
181 String challengeResponse = getNTLMHeader(response);
182
183 if (challengeResponse == null || challengeResponse.length() < 5) {
184 throw new ProxyAuthException(
185 "Unexpected error while reading server challenge !");
186 }
187
188 try {
189 challengePacket = Base64
190 .decodeBase64(challengeResponse.substring(5).getBytes(
191 proxyIoSession.getCharsetName()));
192 } catch (IOException e) {
193 throw new ProxyAuthException(
194 "Unable to decode the base64 encoded NTLM challenge", e);
195 }
196 step = 2;
197 } else {
198 throw new ProxyAuthException("Received unexpected response code ("
199 + response.getStatusLine() + ").");
200 }
201 }
202 }