Print this page


Split Close
Expand all
Collapse all
          --- old/src/solaris/classes/sun/net/www/protocol/http/NTLMAuthentication.java
          +++ new/src/solaris/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java
↓ open down ↓ 15 lines elided ↑ open up ↑
  16   16   *
  17   17   * You should have received a copy of the GNU General Public License version
  18   18   * 2 along with this work; if not, write to the Free Software Foundation,
  19   19   * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20   20   *
  21   21   * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
  22   22   * CA 95054 USA or visit www.sun.com if you need additional information or
  23   23   * have any questions.
  24   24   */
  25   25  
  26      -package sun.net.www.protocol.http;
       26 +package sun.net.www.protocol.http.ntlm;
  27   27  
  28   28  import java.io.IOException;
  29   29  import java.io.UnsupportedEncodingException;
  30   30  import java.net.InetAddress;
  31   31  import java.net.PasswordAuthentication;
  32   32  import java.net.UnknownHostException;
  33   33  import java.net.URL;
  34   34  import java.security.GeneralSecurityException;
  35   35  import java.security.MessageDigest;
  36   36  import java.security.NoSuchAlgorithmException;
  37   37  import javax.crypto.Cipher;
  38   38  import javax.crypto.NoSuchPaddingException;
  39   39  import javax.crypto.SecretKey;
  40   40  import javax.crypto.SecretKeyFactory;
  41   41  import javax.crypto.spec.DESKeySpec;
  42   42  
  43   43  import sun.net.www.HeaderParser;
       44 +import sun.net.www.protocol.http.AuthenticationInfo;
       45 +import sun.net.www.protocol.http.AuthScheme;
       46 +import sun.net.www.protocol.http.HttpURLConnection;
  44   47  
  45   48  /**
  46   49   * NTLMAuthentication:
  47   50   *
  48   51   * @author Michael McMahon
  49   52   */
  50   53  
  51   54  /*
  52   55   * NTLM authentication is nominally based on the framework defined in RFC2617,
  53   56   * but differs from the standard (Basic & Digest) schemes as follows:
↓ open down ↓ 7 lines elided ↑ open up ↑
  61   64   *            <---- 401 (with type 2 NTLM msg) ---
  62   65   *
  63   66   *            REQ (with type3 NTLM msg) --------->
  64   67   *            <---- OK ---------------------------
  65   68   *
  66   69   * 2. The scope of the authentication is the TCP connection (which must be kept-alive)
  67   70   *    after the type2 response is received. This means that NTLM does not work end-to-end
  68   71   *    through a proxy, rather between client and proxy, or between client and server (with no proxy)
  69   72   */
  70   73  
  71      -class NTLMAuthentication extends AuthenticationInfo {
       74 +public class NTLMAuthentication extends AuthenticationInfo {
  72   75      private static final long serialVersionUID = -2403849171106437142L;
  73   76  
  74   77      private byte[] type1;
  75   78      private byte[] type3;
  76   79  
  77   80      private SecretKeyFactory fac;
  78   81      private Cipher cipher;
  79   82      private MessageDigest md4;
  80   83      private String hostname;
  81   84      private static String defaultDomain; /* Domain to use if not specified by user */
  82   85  
  83   86      static {
  84   87          defaultDomain = java.security.AccessController.doPrivileged(
  85   88              new sun.security.action.GetPropertyAction("http.auth.ntlm.domain",
  86   89                                                        "domain"));
  87   90      };
  88   91  
  89      -    static boolean supportsTransparentAuth () {
       92 +    public static boolean supportsTransparentAuth () {
  90   93          return false;
  91   94      }
  92   95  
  93   96      private void init0() {
  94   97          type1 = new byte[256];
  95   98          type3 = new byte[256];
  96   99          System.arraycopy (new byte[] {'N','T','L','M','S','S','P',0,1}, 0, type1, 0, 9);
  97  100          type1[12] = (byte) 3;
  98  101          type1[13] = (byte) 0xb2;
  99  102          type1[28] = (byte) 0x20;
↓ open down ↓ 76 lines elided ↑ open up ↑
 176  179                  AuthScheme.NTLM,
 177  180                  host,
 178  181                  port,
 179  182                  "");
 180  183          init (pw);
 181  184      }
 182  185  
 183  186      /**
 184  187       * @return true if this authentication supports preemptive authorization
 185  188       */
 186      -    boolean supportsPreemptiveAuthorization() {
      189 +    @Override
      190 +    public boolean supportsPreemptiveAuthorization() {
 187  191          return false;
 188  192      }
 189  193  
 190  194      /**
 191      -     * @return the name of the HTTP header this authentication wants set
 192      -     */
 193      -    String getHeaderName() {
 194      -        if (type == SERVER_AUTHENTICATION) {
 195      -            return "Authorization";
 196      -        } else {
 197      -            return "Proxy-authorization";
 198      -        }
 199      -    }
 200      -
 201      -    /**
 202  195       * Not supported. Must use the setHeaders() method
 203  196       */
 204      -    String getHeaderValue(URL url, String method) {
      197 +    @Override
      198 +    public String getHeaderValue(URL url, String method) {
 205  199          throw new RuntimeException ("getHeaderValue not supported");
 206  200      }
 207  201  
 208  202      /**
 209  203       * Check if the header indicates that the current auth. parameters are stale.
 210  204       * If so, then replace the relevant field with the new value
 211  205       * and return true. Otherwise return false.
 212  206       * returning true means the request can be retried with the same userid/password
 213  207       * returning false means we have to go back to the user to ask for a new
 214  208       * username password.
 215  209       */
 216      -    boolean isAuthorizationStale (String header) {
      210 +    @Override
      211 +    public boolean isAuthorizationStale (String header) {
 217  212          return false; /* should not be called for ntlm */
 218  213      }
 219  214  
 220  215      /**
 221  216       * Set header(s) on the given connection.
 222  217       * @param conn The connection to apply the header(s) to
 223  218       * @param p A source of header values for this connection, not used because
 224  219       *          HeaderParser converts the fields to lower case, use raw instead
 225  220       * @param raw The raw header field.
 226  221       * @return true if all goes well, false if no headers were set.
 227  222       */
 228      -    synchronized boolean setHeaders(HttpURLConnection conn, HeaderParser p, String raw) {
      223 +    @Override
      224 +    public synchronized boolean setHeaders(HttpURLConnection conn, HeaderParser p, String raw) {
 229  225  
 230  226          try {
 231  227              String response;
 232  228              if (raw.length() < 6) { /* NTLM<sp> */
 233  229                  response = buildType1Msg ();
 234  230              } else {
 235  231                  String msg = raw.substring (5); /* skip NTLM<sp> */
 236  232                  response = buildType3Msg (msg);
 237  233              }
 238  234              conn.setAuthenticationProperty(getHeaderName(), response);
↓ open down ↓ 189 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX