/** Returns true if the given site is trusted, i.e. we can try transparent Authentication. */ public static boolean isTrustedSite(URL url) { return NTLMAuthCallback.isTrustedSite(url); }
public class NTLMAuthentication extends AuthenticationInfo { private static final long serialVersionUID = 170L; private static final NTLMAuthenticationCallback NTLMAuthCallback = NTLMAuthenticationCallback.getNTLMAuthenticationCallback(); private String hostname; private static String defaultDomain; /* Domain to use if not specified by user */ static { defaultDomain = java.security.AccessController.doPrivileged( new sun.security.action.GetPropertyAction("http.auth.ntlm.domain", "")); }; public static boolean supportsTransparentAuth() { return false; } /** Returns true if the given site is trusted, i.e. we can try transparent Authentication. */ public static boolean isTrustedSite(URL url) { return NTLMAuthCallback.isTrustedSite(url); } private void init0() { hostname = java.security.AccessController.doPrivileged( new java.security.PrivilegedAction<String>() { public String run() { String localhost; try { localhost = InetAddress.getLocalHost().getHostName(); } catch (UnknownHostException e) { localhost = "localhost"; } return localhost; } }); }; PasswordAuthentication pw; Client client; /** * Create a NTLMAuthentication: Username may be specified as domain<BACKSLASH>username in the * application Authenticator. If this notation is not used, then the domain will be taken from a * system property: "http.auth.ntlm.domain". */ public NTLMAuthentication(boolean isProxy, URL url, PasswordAuthentication pw) { super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION, AuthScheme.NTLM, url, ""); init(pw); } private void init(PasswordAuthentication pw) { String username; String ntdomain; char[] password; this.pw = pw; String s = pw.getUserName(); int i = s.indexOf('\\'); if (i == -1) { username = s; ntdomain = defaultDomain; } else { ntdomain = s.substring(0, i).toUpperCase(); username = s.substring(i + 1); } password = pw.getPassword(); init0(); try { client = new Client(System.getProperty("ntlm.version"), hostname, username, ntdomain, password); } catch (NTLMException ne) { try { client = new Client(null, hostname, username, ntdomain, password); } catch (NTLMException ne2) { // Will never happen throw new AssertionError("Really?"); } } } /** Constructor used for proxy entries */ public NTLMAuthentication(boolean isProxy, String host, int port, PasswordAuthentication pw) { super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION, AuthScheme.NTLM, host, port, ""); init(pw); } /** @return true if this authentication supports preemptive authorization */ @Override public boolean supportsPreemptiveAuthorization() { return false; } /** Not supported. Must use the setHeaders() method */ @Override public String getHeaderValue(URL url, String method) { throw new RuntimeException("getHeaderValue not supported"); } /** * Check if the header indicates that the current auth. parameters are stale. If so, then replace * the relevant field with the new value and return true. Otherwise return false. returning true * means the request can be retried with the same userid/password returning false means we have to * go back to the user to ask for a new username password. */ @Override public boolean isAuthorizationStale(String header) { return false; /* should not be called for ntlm */ } /** * Set header(s) on the given connection. * * @param conn The connection to apply the header(s) to * @param p A source of header values for this connection, not used because HeaderParser converts * the fields to lower case, use raw instead * @param raw The raw header field. * @return true if all goes well, false if no headers were set. */ @Override public synchronized boolean setHeaders(HttpURLConnection conn, HeaderParser p, String raw) { try { String response; if (raw.length() < 6) { /* NTLM<sp> */ response = buildType1Msg(); } else { String msg = raw.substring(5); /* skip NTLM<sp> */ response = buildType3Msg(msg); } conn.setAuthenticationProperty(getHeaderName(), response); return true; } catch (IOException e) { return false; } catch (GeneralSecurityException e) { return false; } } private String buildType1Msg() { byte[] msg = client.type1(); String result = "NTLM " + Base64.getEncoder().encodeToString(msg); return result; } private String buildType3Msg(String challenge) throws GeneralSecurityException, IOException { /* First decode the type2 message to get the server nonce */ /* nonce is located at type2[24] for 8 bytes */ byte[] type2 = Base64.getDecoder().decode(challenge); byte[] nonce = new byte[8]; new java.util.Random().nextBytes(nonce); byte[] msg = client.type3(type2, nonce); String result = "NTLM " + Base64.getEncoder().encodeToString(msg); return result; } }