Java源码示例:org.apache.commons.httpclient.auth.AuthenticationException
示例1
/** Constructor to use when message contents are known */
NTLMMessage(String messageBody, int expectedType) throws AuthenticationException {
messageContents = Base64.decodeBase64(EncodingUtils.getBytes(messageBody,
DEFAULT_CHARSET));
// Look for NTLM message
if (messageContents.length < SIGNATURE.length) {
throw new AuthenticationException("NTLM message decoding error - packet too short");
}
int i = 0;
while (i < SIGNATURE.length) {
if (messageContents[i] != SIGNATURE[i]) {
throw new AuthenticationException(
"NTLM message expected - instead got unrecognized bytes");
}
i++;
}
// Check to be sure there's a type 2 message indicator next
int type = readULong(SIGNATURE.length);
if (type != expectedType) {
throw new AuthenticationException("NTLM type " + Integer.toString(expectedType)
+ " message expected - instead got type " + Integer.toString(type));
}
currentOutputPosition = messageContents.length;
}
示例2
public String generateType3Msg(
final String username,
final String password,
final String domain,
final String workstation,
final String challenge) throws AuthenticationException {
Type2Message t2m = new Type2Message(challenge);
return getType3Message(
username,
password,
workstation,
domain,
t2m.getChallenge(),
t2m.getFlags(),
t2m.getTarget(),
t2m.getTargetInfo());
}
示例3
/**
* Implementation method for authentication
*/
private String authenticate(Credentials credentials) throws AuthenticationException {
if (!(credentials instanceof EsApiKeyCredentials)) {
throw new AuthenticationException("Incorrect credentials type provided. Expected [" + EsApiKeyCredentials.class.getName()
+ "] but got [" + credentials.getClass().getName() + "]");
}
EsApiKeyCredentials esApiKeyCredentials = ((EsApiKeyCredentials) credentials);
String authString = null;
if (esApiKeyCredentials.getToken() != null && StringUtils.hasText(esApiKeyCredentials.getToken().getName())) {
EsToken token = esApiKeyCredentials.getToken();
String keyComponents = token.getId() + ":" + token.getApiKey();
byte[] base64Encoded = Base64.encodeBase64(keyComponents.getBytes(StringUtils.UTF_8));
String tokenText = new String(base64Encoded, StringUtils.UTF_8);
authString = EsHadoopAuthPolicies.APIKEY + " " + tokenText;
}
return authString;
}
示例4
/**
* Creates the negotiator if it is not yet created, or does nothing if the negotiator is already initialized.
* @param requestURI request being authenticated
* @param spnegoCredentials The user and service principals
* @throws UnknownHostException If the service principal is host based, and if the request URI cannot be resolved to a FQDN
* @throws AuthenticationException If the service principal is malformed
* @throws GSSException If the negotiator cannot be created.
*/
private void initializeNegotiator(URI requestURI, SpnegoCredentials spnegoCredentials) throws UnknownHostException, AuthenticationException, GSSException {
// Initialize negotiator
if (spnegoNegotiator == null) {
// Determine host principal
String servicePrincipal = spnegoCredentials.getServicePrincipalName();
if (spnegoCredentials.getServicePrincipalName().contains(HOSTNAME_PATTERN)) {
String fqdn = getFQDN(requestURI);
String[] components = spnegoCredentials.getServicePrincipalName().split("[/@]");
if (components.length != 3 || !components[1].equals(HOSTNAME_PATTERN)) {
throw new AuthenticationException("Malformed service principal name [" + spnegoCredentials.getServicePrincipalName()
+ "]. To use host substitution, the principal must be of the format [serviceName/[email protected]].");
}
servicePrincipal = components[0] + "/" + fqdn.toLowerCase() + "@" + components[2];
}
User userInfo = spnegoCredentials.getUserProvider().getUser();
KerberosPrincipal principal = userInfo.getKerberosPrincipal();
if (principal == null) {
throw new EsHadoopIllegalArgumentException("Could not locate Kerberos Principal on currently logged in user.");
}
spnegoNegotiator = new SpnegoNegotiator(principal.getName(), servicePrincipal);
}
}
示例5
/**
* Authenticating requests with SPNEGO means that a request will execute before the client is sure that the
* server is mutually authenticated. This means that, at best, if mutual auth is requested, the client cannot
* trust that the server is giving accurate information, or in the case that the client has already sent data,
* further communication with the server should not happen.
* @param returnChallenge The Negotiate challenge from the response headers of a successful executed request
* @throws AuthenticationException If the response header does not allow for mutual authentication to be established.
*/
public void ensureMutualAuth(String returnChallenge) throws AuthenticationException {
try {
processChallenge(returnChallenge);
} catch (MalformedChallengeException mce) {
throw new AuthenticationException("Received invalid response header for mutual authentication", mce);
}
try {
String token = getNegotiateToken();
if (!spnegoNegotiator.established() || token != null) {
throw new AuthenticationException("Could not complete SPNEGO Authentication, Mutual Authentication Failed");
}
} catch (GSSException gsse) {
throw new AuthenticationException("Could not complete SPNEGO Authentication", gsse);
}
}
示例6
private void authenticate(final HttpMethod method) {
try {
if (this.conn.isProxied() && !this.conn.isSecure()) {
authenticateProxy(method);
}
authenticateHost(method);
} catch (AuthenticationException e) {
LOG.error(e.getMessage(), e);
}
}
示例7
private void authenticateProxy(final HttpMethod method) throws AuthenticationException {
// Clean up existing authentication headers
if (!cleanAuthHeaders(method, PROXY_AUTH_RESP)) {
// User defined authentication header(s) present
return;
}
AuthState authstate = method.getProxyAuthState();
AuthScheme authscheme = authstate.getAuthScheme();
if (authscheme == null) {
return;
}
if (authstate.isAuthRequested() || !authscheme.isConnectionBased()) {
AuthScope authscope = new AuthScope(
conn.getProxyHost(), conn.getProxyPort(),
authscheme.getRealm(),
authscheme.getSchemeName());
if (LOG.isDebugEnabled()) {
LOG.debug("Authenticating with " + authscope);
}
Credentials credentials = this.state.getProxyCredentials(authscope);
if (credentials != null) {
String authstring = authscheme.authenticate(credentials, method);
if (authstring != null) {
method.addRequestHeader(new Header(PROXY_AUTH_RESP, authstring, true));
}
} else {
if (LOG.isWarnEnabled()) {
LOG.warn("Required proxy credentials not available for " + authscope);
if (method.getProxyAuthState().isPreemptive()) {
LOG.warn("Preemptive authentication requested but no default " +
"proxy credentials available");
}
}
}
}
}
示例8
private void authenticate(final HttpMethod method) {
try {
if (this.conn.isProxied() && !this.conn.isSecure()) {
authenticateProxy(method);
}
authenticateHost(method);
} catch (AuthenticationException e) {
LOG.error(e.getMessage(), e);
}
}
示例9
private void authenticateProxy(final HttpMethod method) throws AuthenticationException {
// Clean up existing authentication headers
if (!cleanAuthHeaders(method, PROXY_AUTH_RESP)) {
// User defined authentication header(s) present
return;
}
AuthState authstate = method.getProxyAuthState();
AuthScheme authscheme = authstate.getAuthScheme();
if (authscheme == null) {
return;
}
if (authstate.isAuthRequested() || !authscheme.isConnectionBased()) {
AuthScope authscope = new AuthScope(
conn.getProxyHost(), conn.getProxyPort(),
authscheme.getRealm(),
authscheme.getSchemeName());
if (LOG.isDebugEnabled()) {
LOG.debug("Authenticating with " + authscope);
}
Credentials credentials = this.state.getProxyCredentials(authscope);
if (credentials != null) {
String authstring = authscheme.authenticate(credentials, method);
if (authstring != null) {
method.addRequestHeader(new Header(PROXY_AUTH_RESP, authstring, true));
}
} else {
if (LOG.isWarnEnabled()) {
LOG.warn("Required proxy credentials not available for " + authscope);
if (method.getProxyAuthState().isPreemptive()) {
LOG.warn("Preemptive authentication requested but no default " +
"proxy credentials available");
}
}
}
}
}
示例10
private static int readULong(byte[] src, int index) throws AuthenticationException {
if (src.length < index + 4) {
throw new AuthenticationException("NTLM authentication - buffer too small for DWORD");
}
return (src[index] & 0xff) | ((src[index + 1] & 0xff) << 8)
| ((src[index + 2] & 0xff) << 16) | ((src[index + 3] & 0xff) << 24);
}
示例11
private static byte[] readSecurityBuffer(byte[] src, int index) throws AuthenticationException {
int length = readUShort(src, index);
int offset = readULong(src, index + 4);
if (src.length < offset + length) {
throw new AuthenticationException(
"NTLM authentication - buffer too small for data item");
}
byte[] buffer = new byte[length];
System.arraycopy(src, offset, buffer, 0, length);
return buffer;
}
示例12
/** Calculate a challenge block */
private static byte[] makeRandomChallenge() throws AuthenticationException {
if (RND_GEN == null) {
throw new AuthenticationException("Random generator not available");
}
byte[] rval = new byte[8];
synchronized (RND_GEN) {
RND_GEN.nextBytes(rval);
}
return rval;
}
示例13
/** Calculate a 16-byte secondary key */
private static byte[] makeSecondaryKey() throws AuthenticationException {
if (RND_GEN == null) {
throw new AuthenticationException("Random generator not available");
}
byte[] rval = new byte[16];
synchronized (RND_GEN) {
RND_GEN.nextBytes(rval);
}
return rval;
}
示例14
/** Calculate and return client challenge */
public byte[] getClientChallenge()
throws AuthenticationException {
if (clientChallenge == null) {
clientChallenge = makeRandomChallenge();
}
return clientChallenge;
}
示例15
/** Calculate and return random secondary key */
public byte[] getSecondaryKey()
throws AuthenticationException {
if (secondaryKey == null) {
secondaryKey = makeSecondaryKey();
}
return secondaryKey;
}
示例16
/** Calculate and return the LMHash */
public byte[] getLMHash()
throws AuthenticationException {
if (lmHash == null) {
lmHash = lmHash(password);
}
return lmHash;
}
示例17
/** Calculate and return the LMResponse */
public byte[] getLMResponse()
throws AuthenticationException {
if (lmResponse == null) {
lmResponse = lmResponse(getLMHash(), challenge);
}
return lmResponse;
}
示例18
/** Calculate and return the NTLMHash */
public byte[] getNTLMHash()
throws AuthenticationException {
if (ntlmHash == null) {
ntlmHash = ntlmHash(password);
}
return ntlmHash;
}
示例19
/** Calculate and return the NTLMResponse */
public byte[] getNTLMResponse()
throws AuthenticationException {
if (ntlmResponse == null) {
ntlmResponse = lmResponse(getNTLMHash(), challenge);
}
return ntlmResponse;
}
示例20
/** Calculate the NTLMv2 hash */
public byte[] getNTLMv2Hash()
throws AuthenticationException {
if (ntlmv2Hash == null) {
ntlmv2Hash = ntlmv2Hash(target, user, password);
}
return ntlmv2Hash;
}
示例21
/** Calculate the NTLMv2Blob */
public byte[] getNTLMv2Blob()
throws AuthenticationException {
if (ntlmv2Blob == null) {
ntlmv2Blob = createBlob(getClientChallenge(), targetInformation, getTimestamp());
}
return ntlmv2Blob;
}
示例22
/** Calculate the NTLMv2Response */
public byte[] getNTLMv2Response()
throws AuthenticationException {
if (ntlmv2Response == null) {
ntlmv2Response = lmv2Response(getNTLMv2Hash(), challenge, getNTLMv2Blob());
}
return ntlmv2Response;
}
示例23
/** Calculate the LMv2Response */
public byte[] getLMv2Response()
throws AuthenticationException {
if (lmv2Response == null) {
lmv2Response = lmv2Response(getNTLMv2Hash(), challenge, getClientChallenge());
}
return lmv2Response;
}
示例24
/** Get NTLM2SessionResponse */
public byte[] getNTLM2SessionResponse()
throws AuthenticationException {
if (ntlm2SessionResponse == null) {
ntlm2SessionResponse = ntlm2SessionResponse(getNTLMHash(), challenge, getClientChallenge());
}
return ntlm2SessionResponse;
}
示例25
/** Calculate and return LM2 session response */
public byte[] getLM2SessionResponse()
throws AuthenticationException {
if (lm2SessionResponse == null) {
byte[] clientChallenge = getClientChallenge();
lm2SessionResponse = new byte[24];
System.arraycopy(clientChallenge, 0, lm2SessionResponse, 0, clientChallenge.length);
Arrays.fill(lm2SessionResponse, clientChallenge.length, lm2SessionResponse.length, (byte) 0x00);
}
return lm2SessionResponse;
}
示例26
/** Get LMUserSessionKey */
public byte[] getLMUserSessionKey()
throws AuthenticationException {
if (lmUserSessionKey == null) {
byte[] lmHash = getLMHash();
lmUserSessionKey = new byte[16];
System.arraycopy(lmHash, 0, lmUserSessionKey, 0, 8);
Arrays.fill(lmUserSessionKey, 8, 16, (byte) 0x00);
}
return lmUserSessionKey;
}
示例27
/** Get NTLMUserSessionKey */
public byte[] getNTLMUserSessionKey()
throws AuthenticationException {
if (ntlmUserSessionKey == null) {
byte[] ntlmHash = getNTLMHash();
MD4 md4 = new MD4();
md4.update(ntlmHash);
ntlmUserSessionKey = md4.getOutput();
}
return ntlmUserSessionKey;
}
示例28
/** GetNTLMv2UserSessionKey */
public byte[] getNTLMv2UserSessionKey()
throws AuthenticationException {
if (ntlmv2UserSessionKey == null) {
byte[] ntlmv2Hash = getNTLMv2Hash();
byte[] ntlmv2Blob = getNTLMv2Blob();
byte[] temp = new byte[ntlmv2Blob.length + challenge.length];
// "The challenge is concatenated with the blob" - check this (MHL)
System.arraycopy(challenge, 0, temp, 0, challenge.length);
System.arraycopy(ntlmv2Blob, 0, temp, challenge.length, ntlmv2Blob.length);
byte[] partial = hmacMD5(temp, ntlmv2Hash);
ntlmv2UserSessionKey = hmacMD5(partial, ntlmv2Hash);
}
return ntlmv2UserSessionKey;
}
示例29
/** Get NTLM2SessionResponseUserSessionKey */
public byte[] getNTLM2SessionResponseUserSessionKey()
throws AuthenticationException {
if (ntlm2SessionResponseUserSessionKey == null) {
byte[] ntlmUserSessionKey = getNTLMUserSessionKey();
byte[] ntlm2SessionResponseNonce = getLM2SessionResponse();
byte[] sessionNonce = new byte[challenge.length + ntlm2SessionResponseNonce.length];
System.arraycopy(challenge, 0, sessionNonce, 0, challenge.length);
System.arraycopy(ntlm2SessionResponseNonce, 0, sessionNonce, challenge.length,
ntlm2SessionResponseNonce.length);
ntlm2SessionResponseUserSessionKey = hmacMD5(sessionNonce, ntlmUserSessionKey);
}
return ntlm2SessionResponseUserSessionKey;
}
示例30
/** Get LAN Manager session key */
public byte[] getLanManagerSessionKey()
throws AuthenticationException {
if (lanManagerSessionKey == null) {
byte[] lmHash = getLMHash();
byte[] lmResponse = getLMResponse();
try {
byte[] keyBytes = new byte[14];
System.arraycopy(lmHash, 0, keyBytes, 0, 8);
Arrays.fill(keyBytes, 8, keyBytes.length, (byte) 0xbd);
Key lowKey = createDESKey(keyBytes, 0);
Key highKey = createDESKey(keyBytes, 7);
byte[] truncatedResponse = new byte[8];
System.arraycopy(lmResponse, 0, truncatedResponse, 0, truncatedResponse.length);
Cipher des = Cipher.getInstance("DES/ECB/NoPadding");
des.init(Cipher.ENCRYPT_MODE, lowKey);
byte[] lowPart = des.doFinal(truncatedResponse);
des = Cipher.getInstance("DES/ECB/NoPadding");
des.init(Cipher.ENCRYPT_MODE, highKey);
byte[] highPart = des.doFinal(truncatedResponse);
lanManagerSessionKey = new byte[16];
System.arraycopy(lowPart, 0, lanManagerSessionKey, 0, lowPart.length);
System.arraycopy(highPart, 0, lanManagerSessionKey, lowPart.length, highPart.length);
} catch (Exception e) {
throw new AuthenticationException(e.getMessage(), e);
}
}
return lanManagerSessionKey;
}
