java.lang.Object
org.tmatesoft.svn.core.internal.io.dav.http.NTLMEngine
All Implemented Interfaces:
INTLMEngine

final class NTLMEngine extends java.lang.Object implements INTLMEngine
Provides an implementation for NTLMv1, NTLMv2, and NTLM2 Session forms of the NTLM authentication protocol.
Since:
4.1
  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Class
    Description
    protected static class 
     
    (package private) static class 
    Cryptography support - HMACMD5 - algorithmically based on various web resources by Karl Wright
    (package private) static class 
    Cryptography support - MD4.
    (package private) static class 
    NTLM message generation, base class
    (package private) static class 
    Type 1 message assembly class
    (package private) static class 
    Type 2 message class
    (package private) static class 
    Type 3 message assembly class
  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    private java.lang.String
    The character set to use for encoding the credentials
    (package private) static final java.lang.String
    Character encoding
    protected static final int
     
    protected static final int
     
    protected static final int
     
    protected static final int
     
    protected static final int
     
    protected static final int
     
    protected static final int
     
    protected static final int
     
    protected static final int
     
    protected static final int
     
    protected static final int
     
    protected static final int
     
    protected static final int
     
    protected static final int
     
    protected static final int
     
    private static final java.security.SecureRandom
    Secure random generator
    private static final byte[]
    The signature string as bytes in the default encoding
  • Constructor Summary

    Constructors
    Constructor
    Description
     
  • Method Summary

    Modifier and Type
    Method
    Description
    private static java.lang.String
    convertDomain(java.lang.String domain)
    Convert domain to standard form
    private static java.lang.String
    convertHost(java.lang.String host)
    Convert host to standard form
    private static byte[]
    createBlob(byte[] clientChallenge, byte[] targetInformation, byte[] timestamp)
    Creates the NTLMv2 blob from the given target information block and client challenge.
    private static java.security.Key
    createDESKey(byte[] bytes, int offset)
    Creates a DES encryption key from the given key material.
    (package private) static int
    F(int x, int y, int z)
     
    (package private) static int
    G(int x, int y, int z)
     
    java.lang.String
    generateType1Msg(java.lang.String domain, java.lang.String workstation)
     
    java.lang.String
    generateType3Msg(java.lang.String username, char[] password, java.lang.String domain, java.lang.String workstation, java.lang.String challenge)
     
    (package private) java.lang.String
     
    (package private) final java.lang.String
    getResponseFor(java.lang.String message, java.lang.String username, char[] password, java.lang.String host, java.lang.String domain)
    Returns the response for the given message.
    (package private) java.lang.String
    getType1Message(java.lang.String host, java.lang.String domain)
    Creates the first message (type 1 message) in the NTLM authentication sequence.
    (package private) java.lang.String
    getType3Message(java.lang.String user, char[] password, java.lang.String host, java.lang.String domain, byte[] nonce, int type2Flags, java.lang.String target, byte[] targetInformation)
    Creates the type 3 message using the given server nonce.
    (package private) static int
    H(int x, int y, int z)
     
    (package private) static byte[]
    hmacMD5(byte[] value, byte[] key)
    Calculates HMAC-MD5
    private static byte[]
    lmHash(char[] password)
    Creates the LM Hash of the user's password.
    private static byte[]
    lmResponse(byte[] hash, byte[] challenge)
    Creates the LM Response from the given hash and Type 2 challenge.
    private static byte[]
    lmv2Hash(java.lang.String domain, java.lang.String user, byte[] ntlmHash)
    Creates the LMv2 Hash of the user's password.
    private static byte[]
    lmv2Response(byte[] hash, byte[] challenge, byte[] clientData)
    Creates the LMv2 Response from the given hash, client data, and Type 2 challenge.
    private static byte[]
    Calculate a challenge block
    private static byte[]
    Calculate a 16-byte secondary key
    (package private) static byte[]
    ntlm2SessionResponse(byte[] ntlmHash, byte[] challenge, byte[] clientChallenge)
    Calculates the NTLM2 Session Response for the given challenge, using the specified password and client challenge.
    private static byte[]
    ntlmHash(char[] password)
    Creates the NTLM Hash of the user's password.
    private static byte[]
    ntlmv2Hash(java.lang.String domain, java.lang.String user, byte[] ntlmHash)
    Creates the NTLMv2 Hash of the user's password.
    private static void
    oddParity(byte[] bytes)
    Applies odd parity to the given byte array.
    (package private) static byte[]
    RC4(byte[] value, byte[] key)
    Calculates RC4
    private static byte[]
    readSecurityBuffer(byte[] src, int index)
     
    private static int
    readULong(byte[] src, int index)
     
    private static int
    readUShort(byte[] src, int index)
     
    (package private) static int
    rotintlft(int val, int numbits)
     
    (package private) void
    setCredentialCharset(java.lang.String credentialCharset)
     
    private static java.lang.String
    stripDotSuffix(java.lang.String value)
    Strip dot suffix from a name
    (package private) static void
    writeULong(byte[] buffer, int value, int offset)
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Field Details

    • FLAG_REQUEST_UNICODE_ENCODING

      protected static final int FLAG_REQUEST_UNICODE_ENCODING
      See Also:
    • FLAG_REQUEST_TARGET

      protected static final int FLAG_REQUEST_TARGET
      See Also:
    • FLAG_REQUEST_SIGN

      protected static final int FLAG_REQUEST_SIGN
      See Also:
    • FLAG_REQUEST_SEAL

      protected static final int FLAG_REQUEST_SEAL
      See Also:
    • FLAG_REQUEST_LAN_MANAGER_KEY

      protected static final int FLAG_REQUEST_LAN_MANAGER_KEY
      See Also:
    • FLAG_REQUEST_NTLMv1

      protected static final int FLAG_REQUEST_NTLMv1
      See Also:
    • FLAG_DOMAIN_PRESENT

      protected static final int FLAG_DOMAIN_PRESENT
      See Also:
    • FLAG_WORKSTATION_PRESENT

      protected static final int FLAG_WORKSTATION_PRESENT
      See Also:
    • FLAG_REQUEST_ALWAYS_SIGN

      protected static final int FLAG_REQUEST_ALWAYS_SIGN
      See Also:
    • FLAG_REQUEST_NTLM2_SESSION

      protected static final int FLAG_REQUEST_NTLM2_SESSION
      See Also:
    • FLAG_REQUEST_VERSION

      protected static final int FLAG_REQUEST_VERSION
      See Also:
    • FLAG_TARGETINFO_PRESENT

      protected static final int FLAG_TARGETINFO_PRESENT
      See Also:
    • FLAG_REQUEST_128BIT_KEY_EXCH

      protected static final int FLAG_REQUEST_128BIT_KEY_EXCH
      See Also:
    • FLAG_REQUEST_EXPLICIT_KEY_EXCH

      protected static final int FLAG_REQUEST_EXPLICIT_KEY_EXCH
      See Also:
    • FLAG_REQUEST_56BIT_ENCRYPTION

      protected static final int FLAG_REQUEST_56BIT_ENCRYPTION
      See Also:
    • RND_GEN

      private static final java.security.SecureRandom RND_GEN
      Secure random generator
    • DEFAULT_CHARSET

      static final java.lang.String DEFAULT_CHARSET
      Character encoding
      See Also:
    • credentialCharset

      private java.lang.String credentialCharset
      The character set to use for encoding the credentials
    • SIGNATURE

      private static final byte[] SIGNATURE
      The signature string as bytes in the default encoding
  • Constructor Details

    • NTLMEngine

      NTLMEngine()
  • Method Details

    • getResponseFor

      final java.lang.String getResponseFor(java.lang.String message, java.lang.String username, char[] password, java.lang.String host, java.lang.String domain) throws NTLMEngineException
      Returns the response for the given message.
      Parameters:
      message - the message that was received from the server.
      username - the username to authenticate with.
      password - the password to authenticate with.
      host - The host.
      domain - the NT domain to authenticate in.
      Returns:
      The response.
      Throws:
      NTLMEngineException - If the messages cannot be retrieved.
    • getType1Message

      java.lang.String getType1Message(java.lang.String host, java.lang.String domain) throws NTLMEngineException
      Creates the first message (type 1 message) in the NTLM authentication sequence. This message includes the user name, domain and host for the authentication session.
      Parameters:
      host - the computer name of the host requesting authentication.
      domain - The domain to authenticate with.
      Returns:
      String the message to add to the HTTP request header.
      Throws:
      NTLMEngineException
    • getType3Message

      java.lang.String getType3Message(java.lang.String user, char[] password, java.lang.String host, java.lang.String domain, byte[] nonce, int type2Flags, java.lang.String target, byte[] targetInformation) throws NTLMEngineException
      Creates the type 3 message using the given server nonce. The type 3 message includes all the information for authentication, host, domain, username and the result of encrypting the nonce sent by the server using the user's password as the key.
      Parameters:
      user - The user name. This should not include the domain name.
      password - The password.
      host - The host that is originating the authentication request.
      domain - The domain to authenticate within.
      nonce - the 8 byte array the server sent.
      Returns:
      The type 3 message.
      Throws:
      NTLMEngineException - If RC4(byte[],byte[]) fails.
    • getCredentialCharset

      java.lang.String getCredentialCharset()
      Returns:
      Returns the credentialCharset.
    • setCredentialCharset

      void setCredentialCharset(java.lang.String credentialCharset)
      Parameters:
      credentialCharset - The credentialCharset to set.
    • stripDotSuffix

      private static java.lang.String stripDotSuffix(java.lang.String value)
      Strip dot suffix from a name
    • convertHost

      private static java.lang.String convertHost(java.lang.String host)
      Convert host to standard form
    • convertDomain

      private static java.lang.String convertDomain(java.lang.String domain)
      Convert domain to standard form
    • readULong

      private static int readULong(byte[] src, int index) throws NTLMEngineException
      Throws:
      NTLMEngineException
    • readUShort

      private static int readUShort(byte[] src, int index) throws NTLMEngineException
      Throws:
      NTLMEngineException
    • readSecurityBuffer

      private static byte[] readSecurityBuffer(byte[] src, int index) throws NTLMEngineException
      Throws:
      NTLMEngineException
    • makeRandomChallenge

      private static byte[] makeRandomChallenge() throws NTLMEngineException
      Calculate a challenge block
      Throws:
      NTLMEngineException
    • makeSecondaryKey

      private static byte[] makeSecondaryKey() throws NTLMEngineException
      Calculate a 16-byte secondary key
      Throws:
      NTLMEngineException
    • hmacMD5

      static byte[] hmacMD5(byte[] value, byte[] key) throws NTLMEngineException
      Calculates HMAC-MD5
      Throws:
      NTLMEngineException
    • RC4

      static byte[] RC4(byte[] value, byte[] key) throws NTLMEngineException
      Calculates RC4
      Throws:
      NTLMEngineException
    • ntlm2SessionResponse

      static byte[] ntlm2SessionResponse(byte[] ntlmHash, byte[] challenge, byte[] clientChallenge) throws NTLMEngineException
      Calculates the NTLM2 Session Response for the given challenge, using the specified password and client challenge.
      Returns:
      The NTLM2 Session Response. This is placed in the NTLM response field of the Type 3 message; the LM response field contains the client challenge, null-padded to 24 bytes.
      Throws:
      NTLMEngineException
    • lmHash

      private static byte[] lmHash(char[] password) throws NTLMEngineException
      Creates the LM Hash of the user's password.
      Parameters:
      password - The password.
      Returns:
      The LM Hash of the given password, used in the calculation of the LM Response.
      Throws:
      NTLMEngineException
    • ntlmHash

      private static byte[] ntlmHash(char[] password) throws NTLMEngineException
      Creates the NTLM Hash of the user's password.
      Parameters:
      password - The password.
      Returns:
      The NTLM Hash of the given password, used in the calculation of the NTLM Response and the NTLMv2 and LMv2 Hashes.
      Throws:
      NTLMEngineException
    • lmv2Hash

      private static byte[] lmv2Hash(java.lang.String domain, java.lang.String user, byte[] ntlmHash) throws NTLMEngineException
      Creates the LMv2 Hash of the user's password.
      Returns:
      The LMv2 Hash, used in the calculation of the NTLMv2 and LMv2 Responses.
      Throws:
      NTLMEngineException
    • ntlmv2Hash

      private static byte[] ntlmv2Hash(java.lang.String domain, java.lang.String user, byte[] ntlmHash) throws NTLMEngineException
      Creates the NTLMv2 Hash of the user's password.
      Returns:
      The NTLMv2 Hash, used in the calculation of the NTLMv2 and LMv2 Responses.
      Throws:
      NTLMEngineException
    • lmResponse

      private static byte[] lmResponse(byte[] hash, byte[] challenge) throws NTLMEngineException
      Creates the LM Response from the given hash and Type 2 challenge.
      Parameters:
      hash - The LM or NTLM Hash.
      challenge - The server challenge from the Type 2 message.
      Returns:
      The response (either LM or NTLM, depending on the provided hash).
      Throws:
      NTLMEngineException
    • lmv2Response

      private static byte[] lmv2Response(byte[] hash, byte[] challenge, byte[] clientData) throws NTLMEngineException
      Creates the LMv2 Response from the given hash, client data, and Type 2 challenge.
      Parameters:
      hash - The NTLMv2 Hash.
      clientData - The client data (blob or client challenge).
      challenge - The server challenge from the Type 2 message.
      Returns:
      The response (either NTLMv2 or LMv2, depending on the client data).
      Throws:
      NTLMEngineException
    • createBlob

      private static byte[] createBlob(byte[] clientChallenge, byte[] targetInformation, byte[] timestamp)
      Creates the NTLMv2 blob from the given target information block and client challenge.
      Parameters:
      targetInformation - The target information block from the Type 2 message.
      clientChallenge - The random 8-byte client challenge.
      Returns:
      The blob, used in the calculation of the NTLMv2 Response.
    • createDESKey

      private static java.security.Key createDESKey(byte[] bytes, int offset)
      Creates a DES encryption key from the given key material.
      Parameters:
      bytes - A byte array containing the DES key material.
      offset - The offset in the given byte array at which the 7-byte key material starts.
      Returns:
      A DES encryption key created from the key material starting at the specified offset in the given byte array.
    • oddParity

      private static void oddParity(byte[] bytes)
      Applies odd parity to the given byte array.
      Parameters:
      bytes - The data whose parity bits are to be adjusted for odd parity.
    • writeULong

      static void writeULong(byte[] buffer, int value, int offset)
    • F

      static int F(int x, int y, int z)
    • G

      static int G(int x, int y, int z)
    • H

      static int H(int x, int y, int z)
    • rotintlft

      static int rotintlft(int val, int numbits)
    • generateType1Msg

      public java.lang.String generateType1Msg(java.lang.String domain, java.lang.String workstation) throws NTLMEngineException
      Specified by:
      generateType1Msg in interface INTLMEngine
      Throws:
      NTLMEngineException
    • generateType3Msg

      public java.lang.String generateType3Msg(java.lang.String username, char[] password, java.lang.String domain, java.lang.String workstation, java.lang.String challenge) throws NTLMEngineException
      Specified by:
      generateType3Msg in interface INTLMEngine
      Throws:
      NTLMEngineException