View Javadoc

1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License.
18   *
19   */
20  package org.apache.mina.proxy.handlers.http.ntlm;
21  
22  import java.io.IOException;
23  import java.util.HashMap;
24  import java.util.List;
25  import java.util.Map;
26  
27  import org.apache.mina.core.filterchain.IoFilter.NextFilter;
28  import org.apache.mina.proxy.ProxyAuthException;
29  import org.apache.mina.proxy.handlers.http.AbstractAuthLogicHandler;
30  import org.apache.mina.proxy.handlers.http.HttpProxyConstants;
31  import org.apache.mina.proxy.handlers.http.HttpProxyRequest;
32  import org.apache.mina.proxy.handlers.http.HttpProxyResponse;
33  import org.apache.mina.proxy.session.ProxyIoSession;
34  import org.apache.mina.proxy.utils.StringUtilities;
35  import org.apache.mina.util.Base64;
36  import org.slf4j.Logger;
37  import org.slf4j.LoggerFactory;
38  
39  /**
40   * HttpNTLMAuthLogicHandler.java - HTTP NTLM authentication mechanism logic handler.
41   * 
42   * @author <a href="http://mina.apache.org">Apache MINA Project</a>
43   * @since MINA 2.0.0-M3
44   */
45  public class HttpNTLMAuthLogicHandler extends AbstractAuthLogicHandler {
46  
47      private final static Logger LOGGER = LoggerFactory.getLogger(HttpNTLMAuthLogicHandler.class);
48  
49      /**
50       * The challenge provided by the server.
51       */
52      private byte[] challengePacket = null;
53  
54      /**
55       * {@inheritDoc}
56       */
57      public HttpNTLMAuthLogicHandler(final ProxyIoSession proxyIoSession) throws ProxyAuthException {
58          super(proxyIoSession);
59  
60          ((HttpProxyRequest) request).checkRequiredProperties(HttpProxyConstants.USER_PROPERTY,
61                  HttpProxyConstants.PWD_PROPERTY, HttpProxyConstants.DOMAIN_PROPERTY,
62                  HttpProxyConstants.WORKSTATION_PROPERTY);
63      }
64  
65      /**
66       * {@inheritDoc}
67       */
68      @Override
69      public void doHandshake(NextFilter nextFilter) throws ProxyAuthException {
70          LOGGER.debug(" doHandshake()");
71  
72          if (step > 0 && challengePacket == null) {
73              throw new IllegalStateException("NTLM Challenge packet not received");
74          }
75  
76          HttpProxyRequest req = (HttpProxyRequest) request;
77          Map<String, List<String>> headers = req.getHeaders() != null ? req.getHeaders()
78                  : new HashMap<String, List<String>>();
79  
80          String domain = req.getProperties().get(HttpProxyConstants.DOMAIN_PROPERTY);
81          String workstation = req.getProperties().get(HttpProxyConstants.WORKSTATION_PROPERTY);
82  
83          if (step > 0) {
84              LOGGER.debug("  sending NTLM challenge response");
85  
86              byte[] challenge = NTLMUtilities.extractChallengeFromType2Message(challengePacket);
87              int serverFlags = NTLMUtilities.extractFlagsFromType2Message(challengePacket);
88  
89              String username = req.getProperties().get(HttpProxyConstants.USER_PROPERTY);
90              String password = req.getProperties().get(HttpProxyConstants.PWD_PROPERTY);
91  
92              byte[] authenticationPacket = NTLMUtilities.createType3Message(username, password, challenge, domain,
93                      workstation, serverFlags, null);
94  
95              StringUtilities.addValueToHeader(headers, "Proxy-Authorization",
96                      "NTLM " + new String(Base64.encodeBase64(authenticationPacket)), true);
97  
98          } else {
99              LOGGER.debug("  sending NTLM negotiation packet");
100 
101             byte[] negotiationPacket = NTLMUtilities.createType1Message(workstation, domain, null, null);
102             StringUtilities.addValueToHeader(headers, "Proxy-Authorization",
103                     "NTLM " + new String(Base64.encodeBase64(negotiationPacket)), true);
104         }
105 
106         addKeepAliveHeaders(headers);
107         req.setHeaders(headers);
108 
109         writeRequest(nextFilter, req);
110         step++;
111     }
112 
113     /**
114      * Returns the value of the NTLM Proxy-Authenticate header.
115      * 
116      * @param response the proxy response
117      */
118     private String getNTLMHeader(final HttpProxyResponse response) {
119         List<String> values = response.getHeaders().get("Proxy-Authenticate");
120 
121         for (String s : values) {
122             if (s.startsWith("NTLM")) {
123                 return s;
124             }
125         }
126 
127         return null;
128     }
129 
130     /**
131      * {@inheritDoc}
132      */
133     @Override
134     public void handleResponse(final HttpProxyResponse response) throws ProxyAuthException {
135         if (step == 0) {
136             String challengeResponse = getNTLMHeader(response);
137             step = 1;
138 
139             if (challengeResponse == null || challengeResponse.length() < 5) {
140                 // Nothing to handle at this step. 
141                 // Just need to send a reply type 1 message in doHandshake().
142                 return;
143             }
144 
145             // else there was no step 0 so continue to step 1.
146         }
147 
148         if (step == 1) {
149             // Header should look like :
150             // Proxy-Authenticate: NTLM still_some_more_stuff
151             String challengeResponse = getNTLMHeader(response);
152 
153             if (challengeResponse == null || challengeResponse.length() < 5) {
154                 throw new ProxyAuthException("Unexpected error while reading server challenge !");
155             }
156 
157             try {
158                 challengePacket = Base64.decodeBase64(challengeResponse.substring(5).getBytes(
159                         proxyIoSession.getCharsetName()));
160             } catch (IOException e) {
161                 throw new ProxyAuthException("Unable to decode the base64 encoded NTLM challenge", e);
162             }
163             step = 2;
164         } else {
165             throw new ProxyAuthException("Received unexpected response code (" + response.getStatusLine() + ").");
166         }
167     }
168 }