View Javadoc

1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License.
18   *
19   */
20  package org.apache.mina.proxy.handlers.http.ntlm;
21  
22  import java.io.IOException;
23  import java.util.HashMap;
24  import java.util.List;
25  import java.util.Map;
26  
27  import org.apache.mina.core.filterchain.IoFilter.NextFilter;
28  import org.apache.mina.proxy.ProxyAuthException;
29  import org.apache.mina.proxy.handlers.http.AbstractAuthLogicHandler;
30  import org.apache.mina.proxy.handlers.http.HttpProxyConstants;
31  import org.apache.mina.proxy.handlers.http.HttpProxyRequest;
32  import org.apache.mina.proxy.handlers.http.HttpProxyResponse;
33  import org.apache.mina.proxy.session.ProxyIoSession;
34  import org.apache.mina.proxy.utils.StringUtilities;
35  import org.apache.mina.util.Base64;
36  import org.slf4j.Logger;
37  import org.slf4j.LoggerFactory;
38  
39  /**
40   * HttpNTLMAuthLogicHandler.java - HTTP NTLM authentication mechanism logic handler.
41   * 
42   * @author <a href="http://mina.apache.org">Apache MINA Project</a>
43   * @since MINA 2.0.0-M3
44   */
45  public class HttpNTLMAuthLogicHandler extends AbstractAuthLogicHandler {
46  
47      private final static Logger LOGGER = LoggerFactory
48              .getLogger(HttpNTLMAuthLogicHandler.class);
49  
50      /**
51       * The challenge provided by the server.
52       */
53      private byte[] challengePacket = null;
54  
55      /**
56       * {@inheritDoc}
57       */
58      public HttpNTLMAuthLogicHandler(final ProxyIoSession proxyIoSession)
59              throws ProxyAuthException {
60          super(proxyIoSession);
61  
62          ((HttpProxyRequest) request).checkRequiredProperties(
63                  HttpProxyConstants.USER_PROPERTY,
64                  HttpProxyConstants.PWD_PROPERTY,
65                  HttpProxyConstants.DOMAIN_PROPERTY,
66                  HttpProxyConstants.WORKSTATION_PROPERTY);
67      }
68  
69      /**
70       * {@inheritDoc}
71       */
72      @Override
73      public void doHandshake(NextFilter nextFilter) throws ProxyAuthException {
74          LOGGER.debug(" doHandshake()");
75  
76          if (step > 0 && challengePacket == null) {
77              throw new IllegalStateException("NTLM Challenge packet not received");
78          }
79          
80          HttpProxyRequest req = (HttpProxyRequest) request;
81          Map<String, List<String>> headers = req.getHeaders() != null ? req
82                  .getHeaders() : new HashMap<String, List<String>>();
83  
84          String domain = req.getProperties().get(
85                  HttpProxyConstants.DOMAIN_PROPERTY);
86          String workstation = req.getProperties().get(
87                  HttpProxyConstants.WORKSTATION_PROPERTY);
88  
89          if (step > 0) {
90              LOGGER.debug("  sending NTLM challenge response");
91  
92              byte[] challenge = NTLMUtilities
93                      .extractChallengeFromType2Message(challengePacket);
94              int serverFlags = NTLMUtilities
95                      .extractFlagsFromType2Message(challengePacket);
96  
97              String username = req.getProperties().get(
98                      HttpProxyConstants.USER_PROPERTY);
99              String password = req.getProperties().get(
100                     HttpProxyConstants.PWD_PROPERTY);
101 
102             byte[] authenticationPacket = NTLMUtilities.createType3Message(
103                     username, password, challenge, domain, workstation,
104                     serverFlags, null);
105 
106                 StringUtilities.addValueToHeader(headers,
107                         "Proxy-Authorization", 
108                         "NTLM "+ new String(Base64
109                                         .encodeBase64(authenticationPacket)),
110                         true);
111 
112             } else {
113                 LOGGER.debug("  sending NTLM negotiation packet");
114 
115                 byte[] negotiationPacket = NTLMUtilities.createType1Message(
116                         workstation, domain, null, null);
117                 StringUtilities
118                         .addValueToHeader(
119                                 headers,
120                                 "Proxy-Authorization",
121                                 "NTLM "+ new String(Base64
122                                           .encodeBase64(negotiationPacket)),
123                                 true);
124             }
125 
126             addKeepAliveHeaders(headers);
127             req.setHeaders(headers);
128 
129         writeRequest(nextFilter, req);
130         step++;
131     }
132 
133     /**
134      * Returns the value of the NTLM Proxy-Authenticate header.
135      * 
136      * @param response the proxy response
137      */
138     private String getNTLMHeader(final HttpProxyResponse response) {
139         List<String> values = response.getHeaders().get("Proxy-Authenticate");
140 
141         for (String s : values) {
142             if (s.startsWith("NTLM")) {
143                 return s;
144             }
145         }
146 
147         return null;
148     }
149 
150     /**
151      * {@inheritDoc}
152      */
153     @Override
154     public void handleResponse(final HttpProxyResponse response)
155             throws ProxyAuthException {
156         if (step == 0) {
157             String challengeResponse = getNTLMHeader(response);
158             step = 1;
159 
160             if (challengeResponse == null || challengeResponse.length() < 5) {
161                 // Nothing to handle at this step. 
162                 // Just need to send a reply type 1 message in doHandshake().
163                 return;
164             }
165 
166             // else there was no step 0 so continue to step 1.
167         }
168 
169         if (step == 1) {
170             // Header should look like :
171             // Proxy-Authenticate: NTLM still_some_more_stuff
172             String challengeResponse = getNTLMHeader(response);
173 
174             if (challengeResponse == null || challengeResponse.length() < 5) {
175                 throw new ProxyAuthException(
176                         "Unexpected error while reading server challenge !");
177             }
178 
179             try {
180                 challengePacket = Base64
181                         .decodeBase64(challengeResponse.substring(5).getBytes(
182                                 proxyIoSession.getCharsetName()));
183             } catch (IOException e) {
184                 throw new ProxyAuthException(
185                         "Unable to decode the base64 encoded NTLM challenge", e);
186             }
187             step = 2;
188         } else {
189             throw new ProxyAuthException("Received unexpected response code ("
190                     + response.getStatusLine() + ").");
191         }
192     }
193 }