hc-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kwri...@apache.org
Subject svn commit: r1787189 - in /httpcomponents/httpclient/branches/pull-66/httpclient/src/main/java/org/apache/http/impl/auth: CredSspScheme.java NTLMEngineImpl.java
Date Thu, 16 Mar 2017 14:00:59 GMT
Author: kwright
Date: Thu Mar 16 14:00:59 2017
New Revision: 1787189

URL: http://svn.apache.org/viewvc?rev=1787189&view=rev
Log:
Remove statefulness of NTLMEngineImpl

Modified:
    httpcomponents/httpclient/branches/pull-66/httpclient/src/main/java/org/apache/http/impl/auth/CredSspScheme.java
    httpcomponents/httpclient/branches/pull-66/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java

Modified: httpcomponents/httpclient/branches/pull-66/httpclient/src/main/java/org/apache/http/impl/auth/CredSspScheme.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/branches/pull-66/httpclient/src/main/java/org/apache/http/impl/auth/CredSspScheme.java?rev=1787189&r1=1787188&r2=1787189&view=diff
==============================================================================
--- httpcomponents/httpclient/branches/pull-66/httpclient/src/main/java/org/apache/http/impl/auth/CredSspScheme.java
(original)
+++ httpcomponents/httpclient/branches/pull-66/httpclient/src/main/java/org/apache/http/impl/auth/CredSspScheme.java
Thu Mar 16 14:00:59 2017
@@ -116,7 +116,9 @@ public class CredSspScheme extends AuthS
 
     private State state;
     private SSLEngine sslEngine;
-    private NTLMEngineImpl ntlmEngine;
+    private NTLMEngineImpl.Type1Message type1Message;
+    private NTLMEngineImpl.Type2Message type2Message;
+    private NTLMEngineImpl.Type3Message type3Message;
     private CredSspTsRequest lastReceivedTsRequest;
     private NTLMEngineImpl.Handle ntlmOutgoingHandle;
     private NTLMEngineImpl.Handle ntlmIncomingHandle;
@@ -327,12 +329,6 @@ public class CredSspScheme extends AuthS
                     + credentials.getClass().getName() );
         }
 
-        if ( ntlmEngine == null )
-        {
-
-            ntlmEngine = new NTLMEngineImpl( ntcredentials, true );
-        }
-
         String outputString = null;
 
         if ( state == State.UNINITIATED )
@@ -352,8 +348,9 @@ public class CredSspScheme extends AuthS
 
             final int ntlmFlags = getNtlmFlags();
             final ByteBuffer buf = allocateOutBuffer();
-            final NTLMEngineImpl.Type1Message ntlmNegoMessage = ntlmEngine.generateType1MsgObject(
ntlmFlags );
-            final byte[] ntlmNegoMessageEncoded = ntlmNegoMessage.getBytes();
+            type1Message = new NTLMEngineImpl.Type1Message(
+                ntcredentials.getDomain(), ntcredentials.getWorkstation(), ntlmFlags);
+            final byte[] ntlmNegoMessageEncoded = type1Message.getBytes();
             final CredSspTsRequest req = CredSspTsRequest.createNegoToken( ntlmNegoMessageEncoded
);
             req.encode( buf );
             buf.flip();
@@ -364,17 +361,30 @@ public class CredSspScheme extends AuthS
         else if ( state == State.NEGO_TOKEN_RECEIVED )
         {
             final ByteBuffer buf = allocateOutBuffer();
-            final NTLMEngineImpl.Type2Message ntlmType2Message = ntlmEngine
-                .parseType2Message( lastReceivedTsRequest.getNegoToken() );
+            type2Message = new NTLMEngineImpl.Type2Message(
+                lastReceivedTsRequest.getNegoToken());
 
             final X509Certificate peerServerCertificate = getPeerServerCertificate();
 
-            final NTLMEngineImpl.Type3Message ntlmAuthenticateMessage = ntlmEngine
-                .generateType3MsgObject( peerServerCertificate );
-            final byte[] ntlmAuthenticateMessageEncoded = ntlmAuthenticateMessage.getBytes();
+            type3Message = new NTLMEngineImpl.Type3Message(
+                ntcredentials.getDomain(),
+                ntcredentials.getWorkstation(),
+                ntcredentials.getUserName(),
+                ntcredentials.getPassword(),
+                type2Message.getChallenge(),
+                type2Message.getFlags(),
+                type2Message.getTarget(),
+                type2Message.getTargetInfo(),
+                peerServerCertificate,
+                type1Message.getBytes(),
+                type2Message.getBytes());
+
+            final byte[] ntlmAuthenticateMessageEncoded = type3Message.getBytes();
+
+            final byte[] exportedSessionKey = type3Message.getExportedSessionKey();
 
-            ntlmOutgoingHandle = ntlmEngine.createClientHandle();
-            ntlmIncomingHandle = ntlmEngine.createServer();
+            ntlmOutgoingHandle = new NTLMEngineImpl.Handle(exportedSessionKey, NTLMEngineImpl.Mode.CLIENT,
true);
+            ntlmIncomingHandle = new NTLMEngineImpl.Handle(exportedSessionKey, NTLMEngineImpl.Mode.SERVER,
true);
 
             final CredSspTsRequest req = CredSspTsRequest.createNegoToken( ntlmAuthenticateMessageEncoded
);
             peerPublicKey = getSubjectPublicKeyDer( peerServerCertificate.getPublicKey()
);

Modified: httpcomponents/httpclient/branches/pull-66/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/branches/pull-66/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java?rev=1787189&r1=1787188&r2=1787189&view=diff
==============================================================================
--- httpcomponents/httpclient/branches/pull-66/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java
(original)
+++ httpcomponents/httpclient/branches/pull-66/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java
Thu Mar 16 14:00:59 2017
@@ -40,7 +40,6 @@ import java.security.cert.CertificateEnc
 import java.security.cert.X509Certificate;
 
 import org.apache.commons.codec.binary.Base64;
-import org.apache.http.auth.NTCredentials;
 
 /**
  * Provides an implementation for NTLMv1, NTLMv2, and NTLM2 Session forms of the NTLM
@@ -60,40 +59,40 @@ final class NTLMEngineImpl implements NT
     // and
     // http://msdn.microsoft.com/en-us/library/cc236650%28v=prot.20%29.aspx
     // [MS-NLMP] section 2.2.2.5
-    public static final int FLAG_REQUEST_UNICODE_ENCODING = 0x00000001;      // Unicode string
encoding requested
-    public static final int FLAG_REQUEST_OEM_ENCODING = 0x00000002;      // OEM string encoding
requested
-    public static final int FLAG_REQUEST_TARGET = 0x00000004;                      // Requests
target field
-    public static final int FLAG_REQUEST_SIGN = 0x00000010;  // Requests all messages have
a signature attached, in NEGOTIATE message.
-    public static final int FLAG_REQUEST_SEAL = 0x00000020;  // Request key exchange for
message confidentiality in NEGOTIATE message.  MUST be used in conjunction with 56BIT.
-    public static final int FLAG_REQUEST_LAN_MANAGER_KEY = 0x00000080;    // Request Lan
Manager key instead of user session key
-    public static final int FLAG_REQUEST_NTLMv1 = 0x00000200; // Request NTLMv1 security.
 MUST be set in NEGOTIATE and CHALLENGE both
-    public static final int FLAG_DOMAIN_PRESENT = 0x00001000;        // Domain is present
in message
-    public static final int FLAG_WORKSTATION_PRESENT = 0x00002000;   // Workstation is present
in message
-    public static final int FLAG_REQUEST_ALWAYS_SIGN = 0x00008000;   // Requests a signature
block on all messages.  Overridden by REQUEST_SIGN and REQUEST_SEAL.
-    public static final int FLAG_REQUEST_NTLM2_SESSION = 0x00080000; // From server in challenge,
requesting NTLM2 session security
-    public static final int FLAG_REQUEST_VERSION = 0x02000000;       // Request protocol
version
-    public static final int FLAG_TARGETINFO_PRESENT = 0x00800000;    // From server in challenge
message, indicating targetinfo is present
-    public static final int FLAG_REQUEST_128BIT_KEY_EXCH = 0x20000000; // Request explicit
128-bit key exchange
-    public static final int FLAG_REQUEST_EXPLICIT_KEY_EXCH = 0x40000000;     // Request explicit
key exchange
-    public static final int FLAG_REQUEST_56BIT_ENCRYPTION = 0x80000000;      // Must be used
in conjunction with SEAL
+    static final int FLAG_REQUEST_UNICODE_ENCODING = 0x00000001;      // Unicode string encoding
requested
+    static final int FLAG_REQUEST_OEM_ENCODING = 0x00000002;      // OEM string encoding
requested
+    static final int FLAG_REQUEST_TARGET = 0x00000004;                      // Requests target
field
+    static final int FLAG_REQUEST_SIGN = 0x00000010;  // Requests all messages have a signature
attached, in NEGOTIATE message.
+    static final int FLAG_REQUEST_SEAL = 0x00000020;  // Request key exchange for message
confidentiality in NEGOTIATE message.  MUST be used in conjunction with 56BIT.
+    static final int FLAG_REQUEST_LAN_MANAGER_KEY = 0x00000080;    // Request Lan Manager
key instead of user session key
+    static final int FLAG_REQUEST_NTLMv1 = 0x00000200; // Request NTLMv1 security.  MUST
be set in NEGOTIATE and CHALLENGE both
+    static final int FLAG_DOMAIN_PRESENT = 0x00001000;        // Domain is present in message
+    static final int FLAG_WORKSTATION_PRESENT = 0x00002000;   // Workstation is present in
message
+    static final int FLAG_REQUEST_ALWAYS_SIGN = 0x00008000;   // Requests a signature block
on all messages.  Overridden by REQUEST_SIGN and REQUEST_SEAL.
+    static final int FLAG_REQUEST_NTLM2_SESSION = 0x00080000; // From server in challenge,
requesting NTLM2 session security
+    static final int FLAG_REQUEST_VERSION = 0x02000000;       // Request protocol version
+    static final int FLAG_TARGETINFO_PRESENT = 0x00800000;    // From server in challenge
message, indicating targetinfo is present
+    static final int FLAG_REQUEST_128BIT_KEY_EXCH = 0x20000000; // Request explicit 128-bit
key exchange
+    static final int FLAG_REQUEST_EXPLICIT_KEY_EXCH = 0x40000000;     // Request explicit
key exchange
+    static final int FLAG_REQUEST_56BIT_ENCRYPTION = 0x80000000;      // Must be used in
conjunction with SEAL
 
     // Attribute-value identifiers (AvId)
     // according to [MS-NLMP] section 2.2.2.1
-    public static final int MSV_AV_EOL = 0x0000; // Indicates that this is the last AV_PAIR
in the list.
-    public static final int MSV_AV_NB_COMPUTER_NAME = 0x0001; // The server's NetBIOS computer
name.
-    public static final int MSV_AV_NB_DOMAIN_NAME = 0x0002; // The server's NetBIOS domain
name.
-    public static final int MSV_AV_DNS_COMPUTER_NAME = 0x0003; // The fully qualified domain
name (FQDN) of the computer.
-    public static final int MSV_AV_DNS_DOMAIN_NAME = 0x0004; // The FQDN of the domain.
-    public static final int MSV_AV_DNS_TREE_NAME = 0x0005; // The FQDN of the forest.
-    public static final int MSV_AV_FLAGS = 0x0006; // A 32-bit value indicating server or
client configuration.
-    public static final int MSV_AV_TIMESTAMP = 0x0007; // server local time
-    public static final int MSV_AV_SINGLE_HOST = 0x0008; // A Single_Host_Data structure.
-    public static final int MSV_AV_TARGET_NAME = 0x0009; // The SPN of the target server.
-    public static final int MSV_AV_CHANNEL_BINDINGS = 0x000A; // A channel bindings hash.
-
-    public static final int MSV_AV_FLAGS_ACCOUNT_AUTH_CONSTAINED = 0x00000001; // Indicates
to the client that the account authentication is constrained.
-    public static final int MSV_AV_FLAGS_MIC = 0x00000002; // Indicates that the client is
providing message integrity in the MIC field in the AUTHENTICATE_MESSAGE.
-    public static final int MSV_AV_FLAGS_UNTRUSTED_TARGET_SPN = 0x00000004; // Indicates
that the client is providing a target SPN generated from an untrusted source.
+    static final int MSV_AV_EOL = 0x0000; // Indicates that this is the last AV_PAIR in the
list.
+    static final int MSV_AV_NB_COMPUTER_NAME = 0x0001; // The server's NetBIOS computer name.
+    static final int MSV_AV_NB_DOMAIN_NAME = 0x0002; // The server's NetBIOS domain name.
+    static final int MSV_AV_DNS_COMPUTER_NAME = 0x0003; // The fully qualified domain name
(FQDN) of the computer.
+    static final int MSV_AV_DNS_DOMAIN_NAME = 0x0004; // The FQDN of the domain.
+    static final int MSV_AV_DNS_TREE_NAME = 0x0005; // The FQDN of the forest.
+    static final int MSV_AV_FLAGS = 0x0006; // A 32-bit value indicating server or client
configuration.
+    static final int MSV_AV_TIMESTAMP = 0x0007; // server local time
+    static final int MSV_AV_SINGLE_HOST = 0x0008; // A Single_Host_Data structure.
+    static final int MSV_AV_TARGET_NAME = 0x0009; // The SPN of the target server.
+    static final int MSV_AV_CHANNEL_BINDINGS = 0x000A; // A channel bindings hash.
+
+    static final int MSV_AV_FLAGS_ACCOUNT_AUTH_CONSTAINED = 0x00000001; // Indicates to the
client that the account authentication is constrained.
+    static final int MSV_AV_FLAGS_MIC = 0x00000002; // Indicates that the client is providing
message integrity in the MIC field in the AUTHENTICATE_MESSAGE.
+    static final int MSV_AV_FLAGS_UNTRUSTED_TARGET_SPN = 0x00000004; // Indicates that the
client is providing a target SPN generated from an untrusted source.
 
     /** Secure random generator */
     private static final java.security.SecureRandom RND_GEN;
@@ -134,142 +133,7 @@ final class NTLMEngineImpl implements NT
 
     private static final String TYPE_1_MESSAGE = new Type1Message().getResponse();
 
-    final NTCredentials credentials;
-    final private boolean isConnection;
-
-    /**
-     * Type 1 (NEGOTIATE) message sent by the client.
-     */
-    private Type1Message type1Message;
-
-    /**
-     * Type 2 (CHALLENGE) message received by the client.
-     */
-    private Type2Message type2Message;
-
-    /**
-     * Type 3 (AUTHENTICATE) message sent by the client.
-     */
-    private Type3Message type3Message;
-
-    /**
-     * The key that is result of the NTLM key exchange.
-     */
-    private byte[] exportedSessionKey;
-
-    // just for compatibility
-    public NTLMEngineImpl() {
-        this( null, true );
-    }
-
-
-    /**
-     * Creates a new instance of NTLM engine.
-     *
-     * @param credentials NT credentials that will be used in the message exchange.
-     * @param isConnection true for connection mode, false for connection-less mode.
-     */
-    public NTLMEngineImpl( final NTCredentials credentials, final boolean isConnection )
{
-        super();
-        this.credentials = credentials;
-        this.isConnection = isConnection;
-    }
-
-
-    /**
-     * Generate (create) new NTLM AUTHENTICATE (type 1) message in a form of Java object.
-     * The generated message is remembered by the engine, e.g. for the purpose of MIC computation.
-     *
-     * @param ntlmFlags initial flags for the message. These flags influence the behavior
of
-     *                  entire protocol exchange.
-     * @return NTLM AUTHENTICATE (type 1) message in a form of Java object
-     * @throws NTLMEngineException in case of any (foreseeable) error
-     */
-    public Type1Message generateType1MsgObject( final Integer ntlmFlags ) throws NTLMEngineException
-    {
-        if ( type1Message != null )
-        {
-            throw new NTLMEngineException( "Type 1 message already generated" );
-        }
-        if ( credentials == null )
-        {
-            throw new NTLMEngineException( "No credentials" );
-        }
-        type1Message = new Type1Message(
-            credentials.getDomain(),
-            credentials.getWorkstation(),
-            ntlmFlags );
-        return type1Message;
-    }
-
-
-    /**
-     * Parse NTLM CHALLENGE (type 2) message in a base64-encoded format. The message is remembered
by the engine.
-     *
-     * @param type2MessageBase64 base64 encoded NTLM challenge message
-     * @return NTLM challenge message in a form of Java object.
-     * @throws NTLMEngineException in case of any (foreseeable) error
-     */
-    public Type2Message parseType2Message( final String type2MessageBase64 ) throws NTLMEngineException
-    {
-        return parseType2Message( Base64.decodeBase64( type2MessageBase64.getBytes( DEFAULT_CHARSET
) ) );
-    }
-
-
-    /**
-     * Parse NTLM CHALLENGE (type 2) message in a binary format. The message is remembered
by the engine.
-     *
-     * @param type2MessageBytes binary (byte array) NTLM challenge message
-     * @return NTLM challenge message in a form of Java object.
-     * @throws NTLMEngineException in case of any (foreseeable) error
-     */
-    public Type2Message parseType2Message( final byte[] type2MessageBytes ) throws NTLMEngineException
-    {
-        if ( type2Message != null )
-        {
-            throw new NTLMEngineException( "Type 2 message already parsed" );
-        }
-        type2Message = new Type2Message( type2MessageBytes );
-        return type2Message;
-    }
-
-
-    /**
-     * Generate NTLM AUTHENTICATE (type 3) message based on previous messages that were seen
by the engine.
-     *
-     * @param peerServerCertificate optional peer certificate. If present then it will be
used to set up
-     *                              GSS API channel binding.
-     * @return NTLM authenticate message in a form of Java object.
-     * @throws NTLMEngineException in case of any (foreseeable) error
-     */
-    public Type3Message generateType3MsgObject( final X509Certificate peerServerCertificate
) throws NTLMEngineException
-    {
-        if ( type3Message != null )
-        {
-            throw new NTLMEngineException( "Type 3 message already generated" );
-        }
-        if ( type2Message == null )
-        {
-            throw new NTLMEngineException( "Type 2 message was not yet parsed" );
-        }
-        if ( credentials == null )
-        {
-            throw new NTLMEngineException( "No credentials" );
-        }
-        type3Message = new Type3Message(
-            credentials.getDomain(),
-            credentials.getWorkstation(),
-            credentials.getUserName(),
-            credentials.getPassword(),
-            type2Message.getChallenge(),
-            type2Message.getFlags(),
-            type2Message.getTarget(),
-            type2Message.getTargetInfo(),
-            peerServerCertificate,
-            type1Message.getBytes(),
-            type2Message.getBytes());
-        this.exportedSessionKey = type3Message.getExportedSessionKey();
-        return type3Message;
+    NTLMEngineImpl() {
     }
 
     /**
@@ -932,26 +796,12 @@ final class NTLMEngineImpl implements NT
         return lmv2Response;
     }
 
-    public static enum Mode
+    static enum Mode
     {
         CLIENT, SERVER;
     }
 
-
-    public Handle createClientHandle() throws NTLMEngineException
-    {
-        final Handle handle = new Handle( exportedSessionKey, Mode.CLIENT, isConnection );
-        return handle;
-    }
-
-
-    public Handle createServer() throws NTLMEngineException
-    {
-        final Handle handle = new Handle( exportedSessionKey, Mode.SERVER, isConnection );
-        return handle;
-    }
-
-    public static class Handle
+    static class Handle
     {
         final private byte[] exportedSessionKey;
         private byte[] signingKey;



Mime
View raw message