org.apache.commons.httpclient.auth.AuthenticationException Java Examples
The following examples show how to use
org.apache.commons.httpclient.auth.AuthenticationException.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SpnegoAuthScheme.java From elasticsearch-hadoop with Apache License 2.0 | 6 votes |
/** * Authenticating requests with SPNEGO means that a request will execute before the client is sure that the * server is mutually authenticated. This means that, at best, if mutual auth is requested, the client cannot * trust that the server is giving accurate information, or in the case that the client has already sent data, * further communication with the server should not happen. * @param returnChallenge The Negotiate challenge from the response headers of a successful executed request * @throws AuthenticationException If the response header does not allow for mutual authentication to be established. */ public void ensureMutualAuth(String returnChallenge) throws AuthenticationException { try { processChallenge(returnChallenge); } catch (MalformedChallengeException mce) { throw new AuthenticationException("Received invalid response header for mutual authentication", mce); } try { String token = getNegotiateToken(); if (!spnegoNegotiator.established() || token != null) { throw new AuthenticationException("Could not complete SPNEGO Authentication, Mutual Authentication Failed"); } } catch (GSSException gsse) { throw new AuthenticationException("Could not complete SPNEGO Authentication", gsse); } }
Example #2
Source File: CustomNTLM2Engine.java From httpclientAuthHelper with Apache License 2.0 | 6 votes |
/** Constructor to use when message contents are known */ NTLMMessage(String messageBody, int expectedType) throws AuthenticationException { messageContents = Base64.decodeBase64(EncodingUtils.getBytes(messageBody, DEFAULT_CHARSET)); // Look for NTLM message if (messageContents.length < SIGNATURE.length) { throw new AuthenticationException("NTLM message decoding error - packet too short"); } int i = 0; while (i < SIGNATURE.length) { if (messageContents[i] != SIGNATURE[i]) { throw new AuthenticationException( "NTLM message expected - instead got unrecognized bytes"); } i++; } // Check to be sure there's a type 2 message indicator next int type = readULong(SIGNATURE.length); if (type != expectedType) { throw new AuthenticationException("NTLM type " + Integer.toString(expectedType) + " message expected - instead got type " + Integer.toString(type)); } currentOutputPosition = messageContents.length; }
Example #3
Source File: SpnegoAuthScheme.java From elasticsearch-hadoop with Apache License 2.0 | 6 votes |
/** * Creates the negotiator if it is not yet created, or does nothing if the negotiator is already initialized. * @param requestURI request being authenticated * @param spnegoCredentials The user and service principals * @throws UnknownHostException If the service principal is host based, and if the request URI cannot be resolved to a FQDN * @throws AuthenticationException If the service principal is malformed * @throws GSSException If the negotiator cannot be created. */ private void initializeNegotiator(URI requestURI, SpnegoCredentials spnegoCredentials) throws UnknownHostException, AuthenticationException, GSSException { // Initialize negotiator if (spnegoNegotiator == null) { // Determine host principal String servicePrincipal = spnegoCredentials.getServicePrincipalName(); if (spnegoCredentials.getServicePrincipalName().contains(HOSTNAME_PATTERN)) { String fqdn = getFQDN(requestURI); String[] components = spnegoCredentials.getServicePrincipalName().split("[/@]"); if (components.length != 3 || !components[1].equals(HOSTNAME_PATTERN)) { throw new AuthenticationException("Malformed service principal name [" + spnegoCredentials.getServicePrincipalName() + "]. To use host substitution, the principal must be of the format [serviceName/[email protected]]."); } servicePrincipal = components[0] + "/" + fqdn.toLowerCase() + "@" + components[2]; } User userInfo = spnegoCredentials.getUserProvider().getUser(); KerberosPrincipal principal = userInfo.getKerberosPrincipal(); if (principal == null) { throw new EsHadoopIllegalArgumentException("Could not locate Kerberos Principal on currently logged in user."); } spnegoNegotiator = new SpnegoNegotiator(principal.getName(), servicePrincipal); } }
Example #4
Source File: EsApiKeyAuthScheme.java From elasticsearch-hadoop with Apache License 2.0 | 6 votes |
/** * Implementation method for authentication */ private String authenticate(Credentials credentials) throws AuthenticationException { if (!(credentials instanceof EsApiKeyCredentials)) { throw new AuthenticationException("Incorrect credentials type provided. Expected [" + EsApiKeyCredentials.class.getName() + "] but got [" + credentials.getClass().getName() + "]"); } EsApiKeyCredentials esApiKeyCredentials = ((EsApiKeyCredentials) credentials); String authString = null; if (esApiKeyCredentials.getToken() != null && StringUtils.hasText(esApiKeyCredentials.getToken().getName())) { EsToken token = esApiKeyCredentials.getToken(); String keyComponents = token.getId() + ":" + token.getApiKey(); byte[] base64Encoded = Base64.encodeBase64(keyComponents.getBytes(StringUtils.UTF_8)); String tokenText = new String(base64Encoded, StringUtils.UTF_8); authString = EsHadoopAuthPolicies.APIKEY + " " + tokenText; } return authString; }
Example #5
Source File: CustomNTLM2Engine.java From httpclientAuthHelper with Apache License 2.0 | 6 votes |
public String generateType3Msg( final String username, final String password, final String domain, final String workstation, final String challenge) throws AuthenticationException { Type2Message t2m = new Type2Message(challenge); return getType3Message( username, password, workstation, domain, t2m.getChallenge(), t2m.getFlags(), t2m.getTarget(), t2m.getTargetInfo()); }
Example #6
Source File: CustomNTLM2Engine.java From httpclientAuthHelper with Apache License 2.0 | 5 votes |
/** Calculate the NTLMv2Blob */ public byte[] getNTLMv2Blob() throws AuthenticationException { if (ntlmv2Blob == null) { ntlmv2Blob = createBlob(getClientChallenge(), targetInformation, getTimestamp()); } return ntlmv2Blob; }
Example #7
Source File: CustomNTLM2Engine.java From httpclientAuthHelper with Apache License 2.0 | 5 votes |
/** Calculate and return the NTLMHash */ public byte[] getNTLMHash() throws AuthenticationException { if (ntlmHash == null) { ntlmHash = ntlmHash(password); } return ntlmHash; }
Example #8
Source File: CustomNTLM2Engine.java From httpclientAuthHelper with Apache License 2.0 | 5 votes |
/** Calculate the NTLMv2Response */ public byte[] getNTLMv2Response() throws AuthenticationException { if (ntlmv2Response == null) { ntlmv2Response = lmv2Response(getNTLMv2Hash(), challenge, getNTLMv2Blob()); } return ntlmv2Response; }
Example #9
Source File: CustomNTLM2Engine.java From httpclientAuthHelper with Apache License 2.0 | 5 votes |
/** Calculate the LMv2Response */ public byte[] getLMv2Response() throws AuthenticationException { if (lmv2Response == null) { lmv2Response = lmv2Response(getNTLMv2Hash(), challenge, getClientChallenge()); } return lmv2Response; }
Example #10
Source File: CustomNTLM2Engine.java From httpclientAuthHelper with Apache License 2.0 | 5 votes |
/** Get NTLM2SessionResponse */ public byte[] getNTLM2SessionResponse() throws AuthenticationException { if (ntlm2SessionResponse == null) { ntlm2SessionResponse = ntlm2SessionResponse(getNTLMHash(), challenge, getClientChallenge()); } return ntlm2SessionResponse; }
Example #11
Source File: CustomNTLM2Engine.java From httpclientAuthHelper with Apache License 2.0 | 5 votes |
/** Calculate and return LM2 session response */ public byte[] getLM2SessionResponse() throws AuthenticationException { if (lm2SessionResponse == null) { byte[] clientChallenge = getClientChallenge(); lm2SessionResponse = new byte[24]; System.arraycopy(clientChallenge, 0, lm2SessionResponse, 0, clientChallenge.length); Arrays.fill(lm2SessionResponse, clientChallenge.length, lm2SessionResponse.length, (byte) 0x00); } return lm2SessionResponse; }
Example #12
Source File: CustomNTLM2Engine.java From httpclientAuthHelper with Apache License 2.0 | 5 votes |
/** Get LMUserSessionKey */ public byte[] getLMUserSessionKey() throws AuthenticationException { if (lmUserSessionKey == null) { byte[] lmHash = getLMHash(); lmUserSessionKey = new byte[16]; System.arraycopy(lmHash, 0, lmUserSessionKey, 0, 8); Arrays.fill(lmUserSessionKey, 8, 16, (byte) 0x00); } return lmUserSessionKey; }
Example #13
Source File: CustomNTLM2Engine.java From httpclientAuthHelper with Apache License 2.0 | 5 votes |
/** Get NTLMUserSessionKey */ public byte[] getNTLMUserSessionKey() throws AuthenticationException { if (ntlmUserSessionKey == null) { byte[] ntlmHash = getNTLMHash(); MD4 md4 = new MD4(); md4.update(ntlmHash); ntlmUserSessionKey = md4.getOutput(); } return ntlmUserSessionKey; }
Example #14
Source File: CustomNTLM2Engine.java From httpclientAuthHelper with Apache License 2.0 | 5 votes |
/** GetNTLMv2UserSessionKey */ public byte[] getNTLMv2UserSessionKey() throws AuthenticationException { if (ntlmv2UserSessionKey == null) { byte[] ntlmv2Hash = getNTLMv2Hash(); byte[] ntlmv2Blob = getNTLMv2Blob(); byte[] temp = new byte[ntlmv2Blob.length + challenge.length]; // "The challenge is concatenated with the blob" - check this (MHL) System.arraycopy(challenge, 0, temp, 0, challenge.length); System.arraycopy(ntlmv2Blob, 0, temp, challenge.length, ntlmv2Blob.length); byte[] partial = hmacMD5(temp, ntlmv2Hash); ntlmv2UserSessionKey = hmacMD5(partial, ntlmv2Hash); } return ntlmv2UserSessionKey; }
Example #15
Source File: CustomNTLM2Engine.java From httpclientAuthHelper with Apache License 2.0 | 5 votes |
/** Get NTLM2SessionResponseUserSessionKey */ public byte[] getNTLM2SessionResponseUserSessionKey() throws AuthenticationException { if (ntlm2SessionResponseUserSessionKey == null) { byte[] ntlmUserSessionKey = getNTLMUserSessionKey(); byte[] ntlm2SessionResponseNonce = getLM2SessionResponse(); byte[] sessionNonce = new byte[challenge.length + ntlm2SessionResponseNonce.length]; System.arraycopy(challenge, 0, sessionNonce, 0, challenge.length); System.arraycopy(ntlm2SessionResponseNonce, 0, sessionNonce, challenge.length, ntlm2SessionResponseNonce.length); ntlm2SessionResponseUserSessionKey = hmacMD5(sessionNonce, ntlmUserSessionKey); } return ntlm2SessionResponseUserSessionKey; }
Example #16
Source File: CustomNTLM2Engine.java From httpclientAuthHelper with Apache License 2.0 | 5 votes |
/** Get LAN Manager session key */ public byte[] getLanManagerSessionKey() throws AuthenticationException { if (lanManagerSessionKey == null) { byte[] lmHash = getLMHash(); byte[] lmResponse = getLMResponse(); try { byte[] keyBytes = new byte[14]; System.arraycopy(lmHash, 0, keyBytes, 0, 8); Arrays.fill(keyBytes, 8, keyBytes.length, (byte) 0xbd); Key lowKey = createDESKey(keyBytes, 0); Key highKey = createDESKey(keyBytes, 7); byte[] truncatedResponse = new byte[8]; System.arraycopy(lmResponse, 0, truncatedResponse, 0, truncatedResponse.length); Cipher des = Cipher.getInstance("DES/ECB/NoPadding"); des.init(Cipher.ENCRYPT_MODE, lowKey); byte[] lowPart = des.doFinal(truncatedResponse); des = Cipher.getInstance("DES/ECB/NoPadding"); des.init(Cipher.ENCRYPT_MODE, highKey); byte[] highPart = des.doFinal(truncatedResponse); lanManagerSessionKey = new byte[16]; System.arraycopy(lowPart, 0, lanManagerSessionKey, 0, lowPart.length); System.arraycopy(highPart, 0, lanManagerSessionKey, lowPart.length, highPart.length); } catch (Exception e) { throw new AuthenticationException(e.getMessage(), e); } } return lanManagerSessionKey; }
Example #17
Source File: CustomNTLM2Engine.java From httpclientAuthHelper with Apache License 2.0 | 5 votes |
/** Calculates RC4 */ static byte[] RC4(byte[] value, byte[] key) throws AuthenticationException { try { Cipher rc4 = Cipher.getInstance("RC4"); rc4.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, "RC4")); return rc4.doFinal(value); } catch (Exception e) { throw new AuthenticationException(e.getMessage(), e); } }
Example #18
Source File: CustomNTLM2Engine.java From httpclientAuthHelper with Apache License 2.0 | 5 votes |
/** * Calculates the NTLM2 Session Response for the given challenge, using the * specified password and client challenge. * * @param ntlmHash * The user's password. * @param challenge * The Type 2 challenge from the server. * @param clientChallenge * The random 8-byte client challenge. * * @return The NTLM2 Session Response. This is placed in the NTLM response * field of the Type 3 message; the LM response field contains the * client challenge, null-padded to 24 bytes. */ static byte[] ntlm2SessionResponse(byte[] ntlmHash, byte[] challenge, byte[] clientChallenge) throws AuthenticationException { try { // Look up MD5 algorithm (was necessary on jdk 1.4.2) // This used to be needed, but java 1.5.0_07 includes the MD5 // algorithm (finally) // Class x = Class.forName("gnu.crypto.hash.MD5"); // Method updateMethod = x.getMethod("update",new // Class[]{byte[].class}); // Method digestMethod = x.getMethod("digest",new Class[0]); // Object mdInstance = x.newInstance(); // updateMethod.invoke(mdInstance,new Object[]{challenge}); // updateMethod.invoke(mdInstance,new Object[]{clientChallenge}); // byte[] digest = (byte[])digestMethod.invoke(mdInstance,new // Object[0]); MessageDigest md5 = MessageDigest.getInstance("MD5"); md5.update(challenge); md5.update(clientChallenge); byte[] digest = md5.digest(); byte[] sessionHash = new byte[8]; System.arraycopy(digest, 0, sessionHash, 0, 8); return lmResponse(ntlmHash, sessionHash); } catch (Exception e) { if (e instanceof AuthenticationException) { throw (AuthenticationException) e; } throw new AuthenticationException(e.getMessage(), e); } }
Example #19
Source File: CustomNTLM2Engine.java From httpclientAuthHelper with Apache License 2.0 | 5 votes |
/** * Creates the NTLM Hash of the user's password. * * @param password * The password. * * @return The NTLM Hash of the given password, used in the calculation of * the NTLM Response and the NTLMv2 and LMv2 Hashes. */ private static byte[] ntlmHash(String password) throws AuthenticationException { try { byte[] unicodePassword = password.getBytes("UnicodeLittleUnmarked"); MD4 md4 = new MD4(); md4.update(unicodePassword); return md4.getOutput(); } catch (java.io.UnsupportedEncodingException e) { throw new AuthenticationException("Unicode not supported: " + e.getMessage(), e); } }
Example #20
Source File: CustomNTLM2Engine.java From httpclientAuthHelper with Apache License 2.0 | 5 votes |
/** * Creates the NTLMv2 Hash of the user's password. * * @param target * The authentication target (i.e., domain). * @param user * The username. * @param password * The password. * * @return The NTLMv2 Hash, used in the calculation of the NTLMv2 and LMv2 * Responses. */ private static byte[] ntlmv2Hash(String target, String user, String password) throws AuthenticationException { try { byte[] ntlmHash = ntlmHash(password); HMACMD5 hmacMD5 = new HMACMD5(ntlmHash); // Upper case username, mixed case target!! hmacMD5.update(user.toUpperCase(Locale.US).getBytes("UnicodeLittleUnmarked")); hmacMD5.update(target.getBytes("UnicodeLittleUnmarked")); return hmacMD5.getOutput(); } catch (java.io.UnsupportedEncodingException e) { throw new AuthenticationException("Unicode not supported! " + e.getMessage(), e); } }
Example #21
Source File: CustomNTLM2Engine.java From httpclientAuthHelper with Apache License 2.0 | 5 votes |
/** Read a byte from a position within the message buffer */ protected byte readByte(int position) throws AuthenticationException { if (messageContents.length < position + 1) { throw new AuthenticationException("NTLM: Message too short"); } return messageContents[position]; }
Example #22
Source File: CustomNTLM2Engine.java From httpclientAuthHelper with Apache License 2.0 | 5 votes |
/** Read a bunch of bytes from a position in the message buffer */ protected void readBytes(byte[] buffer, int position) throws AuthenticationException { if (messageContents.length < position + buffer.length) { throw new AuthenticationException("NTLM: Message too short"); } System.arraycopy(messageContents, position, buffer, 0, buffer.length); }
Example #23
Source File: CustomNTLM2Engine.java From httpclientAuthHelper with Apache License 2.0 | 5 votes |
HMACMD5(byte[] key) throws AuthenticationException { try { md5 = MessageDigest.getInstance("MD5"); } catch (Exception ex) { // Umm, the algorithm doesn't exist - throw an // AuthenticationException! throw new AuthenticationException( "Error getting md5 message digest implementation: " + ex.getMessage(), ex); } // Initialize the pad buffers with the key ipad = new byte[64]; opad = new byte[64]; int keyLength = key.length; if (keyLength > 64) { // Use MD5 of the key instead, as described in RFC 2104 md5.update(key); key = md5.digest(); keyLength = key.length; } int i = 0; while (i < keyLength) { ipad[i] = (byte) (key[i] ^ (byte) 0x36); opad[i] = (byte) (key[i] ^ (byte) 0x5c); i++; } while (i < 64) { ipad[i] = (byte) 0x36; opad[i] = (byte) 0x5c; i++; } // Very important: update the digest with the ipad buffer md5.reset(); md5.update(ipad); }
Example #24
Source File: CustomNTLM2Engine.java From httpclientAuthHelper with Apache License 2.0 | 5 votes |
/** Constructor. Include the arguments the message will need */ Type1Message(String domain, String host) throws AuthenticationException { super(); try { // Strip off domain name from the host! host = convertHost(host); // Use only the base domain name! domain = convertDomain(domain); hostBytes = host.getBytes("UnicodeLittleUnmarked"); domainBytes = domain.toUpperCase(Locale.US).getBytes("UnicodeLittleUnmarked"); } catch (java.io.UnsupportedEncodingException e) { throw new AuthenticationException("Unicode unsupported: " + e.getMessage(), e); } }
Example #25
Source File: CustomNTLM2Engine.java From httpclientAuthHelper with Apache License 2.0 | 5 votes |
private static int readULong(byte[] src, int index) throws AuthenticationException { if (src.length < index + 4) { throw new AuthenticationException("NTLM authentication - buffer too small for DWORD"); } return (src[index] & 0xff) | ((src[index + 1] & 0xff) << 8) | ((src[index + 2] & 0xff) << 16) | ((src[index + 3] & 0xff) << 24); }
Example #26
Source File: HttpMethodDirector.java From http4e with Apache License 2.0 | 5 votes |
private void authenticate(final HttpMethod method) { try { if (this.conn.isProxied() && !this.conn.isSecure()) { authenticateProxy(method); } authenticateHost(method); } catch (AuthenticationException e) { LOG.error(e.getMessage(), e); } }
Example #27
Source File: HttpMethodDirector.java From http4e with Apache License 2.0 | 5 votes |
private void authenticateProxy(final HttpMethod method) throws AuthenticationException { // Clean up existing authentication headers if (!cleanAuthHeaders(method, PROXY_AUTH_RESP)) { // User defined authentication header(s) present return; } AuthState authstate = method.getProxyAuthState(); AuthScheme authscheme = authstate.getAuthScheme(); if (authscheme == null) { return; } if (authstate.isAuthRequested() || !authscheme.isConnectionBased()) { AuthScope authscope = new AuthScope( conn.getProxyHost(), conn.getProxyPort(), authscheme.getRealm(), authscheme.getSchemeName()); if (LOG.isDebugEnabled()) { LOG.debug("Authenticating with " + authscope); } Credentials credentials = this.state.getProxyCredentials(authscope); if (credentials != null) { String authstring = authscheme.authenticate(credentials, method); if (authstring != null) { method.addRequestHeader(new Header(PROXY_AUTH_RESP, authstring, true)); } } else { if (LOG.isWarnEnabled()) { LOG.warn("Required proxy credentials not available for " + authscope); if (method.getProxyAuthState().isPreemptive()) { LOG.warn("Preemptive authentication requested but no default " + "proxy credentials available"); } } } } }
Example #28
Source File: HttpMethodDirector.java From knopflerfish.org with BSD 3-Clause "New" or "Revised" License | 5 votes |
private void authenticate(final HttpMethod method) { try { if (this.conn.isProxied() && !this.conn.isSecure()) { authenticateProxy(method); } authenticateHost(method); } catch (AuthenticationException e) { LOG.error(e.getMessage(), e); } }
Example #29
Source File: HttpMethodDirector.java From knopflerfish.org with BSD 3-Clause "New" or "Revised" License | 5 votes |
private void authenticateProxy(final HttpMethod method) throws AuthenticationException { // Clean up existing authentication headers if (!cleanAuthHeaders(method, PROXY_AUTH_RESP)) { // User defined authentication header(s) present return; } AuthState authstate = method.getProxyAuthState(); AuthScheme authscheme = authstate.getAuthScheme(); if (authscheme == null) { return; } if (authstate.isAuthRequested() || !authscheme.isConnectionBased()) { AuthScope authscope = new AuthScope( conn.getProxyHost(), conn.getProxyPort(), authscheme.getRealm(), authscheme.getSchemeName()); if (LOG.isDebugEnabled()) { LOG.debug("Authenticating with " + authscope); } Credentials credentials = this.state.getProxyCredentials(authscope); if (credentials != null) { String authstring = authscheme.authenticate(credentials, method); if (authstring != null) { method.addRequestHeader(new Header(PROXY_AUTH_RESP, authstring, true)); } } else { if (LOG.isWarnEnabled()) { LOG.warn("Required proxy credentials not available for " + authscope); if (method.getProxyAuthState().isPreemptive()) { LOG.warn("Preemptive authentication requested but no default " + "proxy credentials available"); } } } } }
Example #30
Source File: SpnegoAuthScheme.java From elasticsearch-hadoop with Apache License 2.0 | 5 votes |
/** * Returns the text to send via the Authenticate header on the next request. */ @Override public String authenticate(Credentials credentials, HttpMethod method) throws AuthenticationException { try { return authenticate(credentials, URI.create(method.getURI().getURI())); } catch (URIException e) { throw new AuthenticationException("Could not determine request URI", e); } }