1 // Copyright 2003 Adam Megacz, see the COPYING file for licensing [GPL]
9 import org.bouncycastle.util.encoders.Base64;
10 import org.bouncycastle.crypto.digests.*;
13 * This object encapsulates a *single* HTTP connection. Multiple requests may be pipelined over a connection (thread-safe),
14 * although any IOException encountered in a request will invalidate all later requests.
18 /** the URL as passed to the original constructor; this is never changed */
19 final String originalUrl;
21 /** the URL to connect to; this is munged when the url is parsed */
24 /** the host to connect to */
27 /** the port to connect on */
30 /** true if SSL (HTTPS) should be used */
33 /** the path (URI) to retrieve on the server */
39 /** the socket's inputstream */
40 InputStream in = null;
42 /** the username and password portions of the URL */
43 String userInfo = null;
45 /** cache of userInfo strings, keyed on originalUrl */
46 private static Hashtable authCache = new Hashtable();
48 /** this is null if the current request is the first request on
49 * this HTTP connection; otherwise it is a Semaphore which will be
50 * released once the request ahead of us has recieved its response
52 Semaphore okToRecieve = null;
54 /** true iff this is the first request to be made on this socket */
55 boolean firstRequest = true;
57 /** cache for resolveAndCheckIfFirewalled() */
58 static Hashtable resolvedHosts = new Hashtable();
60 /** true iff we are allowed to skip the resolve check (only allowed when we're downloading the PAC script) */
61 boolean skipResolveCheck = false;
63 /** true iff we're using a proxy */
64 boolean proxied = false;
67 // Public Methods ////////////////////////////////////////////////////////////////////////////////////////
69 public HTTP(String url) { this(url, false); }
70 public HTTP(String url, boolean skipResolveCheck) {
72 this.skipResolveCheck = skipResolveCheck;
75 /** Performs an HTTP GET request */
76 public InputStream GET() throws IOException { return makeRequest(null, null); }
78 /** Performs an HTTP POST request; content is appended to the headers (so it should include a blank line to delimit the beginning of the body) */
79 public InputStream POST(String contentType, String content) throws IOException { return makeRequest(contentType, content); }
82 * This method isn't synchronized; however, only one thread can be in the inner synchronized block at a time, and the rest of
83 * the method is protected by in-order one-at-a-time semaphore lock-steps
85 private InputStream makeRequest(String contentType, String content) throws IOException {
87 // Step 1: send the request and establish a semaphore to stop any requests that pipeline after us
88 Semaphore blockOn = null;
89 Semaphore releaseMe = null;
93 sendRequest(contentType, content);
94 } catch (IOException e) {
98 blockOn = okToRecieve;
99 releaseMe = okToRecieve = new Semaphore();
102 // Step 2: wait for requests ahead of us to complete, then read the reply off the stream
103 boolean doRelease = true;
105 if (blockOn != null) blockOn.block();
107 // previous call wrecked the socket connection, but we already sent our request, so we can't just retry --
108 // this could cause the server to receive the request twice, which could be bad (think of the case where the
109 // server call causes Amazon.com to ship you an item with one-click purchasing).
111 throw new HTTPException("a previous pipelined call messed up the socket");
113 Hashtable h = in == null ? null : parseHeaders(in);
115 if (firstRequest) throw new HTTPException("server closed the socket with no response");
116 // sometimes the server chooses to close the stream between requests
119 return makeRequest(contentType, content);
122 String reply = h.get("STATUSLINE").toString();
124 if (reply.startsWith("407") || reply.startsWith("401")) {
126 if (reply.startsWith("407")) doProxyAuth(h, content == null ? "GET" : "POST");
127 else doWebAuth(h, content == null ? "GET" : "POST");
129 if (h.get("HTTP").equals("1.0") && h.get("content-length") == null) {
130 if (Log.on) Log.log(this, "proxy returned an HTTP/1.0 reply with no content-length...");
133 int cl = h.get("content-length") == null ? -1 : Integer.parseInt(h.get("content-length").toString());
134 new HTTPInputStream(in, cl, releaseMe).close();
137 return makeRequest(contentType, content);
139 } else if (reply.startsWith("2")) {
140 if (h.get("HTTP").equals("1.0") && h.get("content-length") == null)
141 throw new HTTPException("XWT does not support HTTP/1.0 servers which fail to return the Content-Length header");
142 int cl = h.get("content-length") == null ? -1 : Integer.parseInt(h.get("content-length").toString());
143 InputStream ret = new HTTPInputStream(in, cl, releaseMe);
144 if ("gzip".equals(h.get("content-encoding"))) ret = new java.util.zip.GZIPInputStream(ret);
149 throw new HTTPException("HTTP Error: " + reply);
153 } catch (IOException e) { reset(); throw e;
154 } finally { if (doRelease) releaseMe.release();
159 // Safeguarded DNS Resolver ///////////////////////////////////////////////////////////////////////////
162 * resolves the hostname and returns it as a string in the form "x.y.z.w"
163 * @throws HTTPException if the host falls within a firewalled netblock
165 private void resolveAndCheckIfFirewalled(String host) throws HTTPException {
168 if (resolvedHosts.get(host) != null) return;
170 // if all scripts are trustworthy (local FS), continue
171 if (Main.originAddr == null) return;
175 InetAddress addr = InetAddress.getByName(host);
176 byte[] quadbyte = addr.getAddress();
177 if ((quadbyte[0] == 10 ||
178 (quadbyte[0] == 192 && quadbyte[1] == 168) ||
179 (quadbyte[0] == 172 && (quadbyte[1] & 0xF0) == 16)) && !addr.equals(Main.originAddr))
180 throw new HTTPException("security violation: " + host + " [" + addr.getHostAddress() + "] is in a firewalled netblock");
182 } catch (UnknownHostException uhe) { }
184 if (Platform.detectProxy() == null) throw new HTTPException("could not resolve hostname \"" + host + "\" and no proxy configured");
185 if (Log.on) Log.log(this, " could not resolve host " + host + "; using xmlrpc.xwt.org to ensure security");
187 JS.Array args = new JS.Array();
188 args.addElement(host);
189 Object ret = new XMLRPC("http://xmlrpc.xwt.org/RPC2/", "dns.resolve").call(args);
190 if (ret == null || !(ret instanceof String)) throw new Exception(" xmlrpc.xwt.org returned non-String: " + ret);
191 resolvedHosts.put(host, ret);
193 } catch (Throwable e) {
194 throw new HTTPException("exception while attempting to use xmlrpc.xwt.org to resolve " + host + ": " + e);
199 // Methods to attempt socket creation /////////////////////////////////////////////////////////////////
201 /** Attempts a direct connection */
202 public Socket attemptDirect() {
204 if (Log.verbose) Log.log(this, "attempting to create unproxied socket to " + host + ":" + port + (ssl ? " [ssl]" : ""));
205 return Platform.getSocket(host, port, ssl, true);
206 } catch (IOException e) {
207 if (Log.on) Log.log(this, "exception in attemptDirect(): " + e);
212 /** Attempts to use an HTTP proxy, employing the CONNECT method if HTTPS is requested */
213 public Socket attemptHttpProxy(String proxyHost, int proxyPort) {
215 if (Log.verbose) Log.log(this, "attempting to create HTTP proxied socket using proxy " + proxyHost + ":" + proxyPort);
217 Socket sock = Platform.getSocket(proxyHost, proxyPort, ssl, false);
219 if (!path.startsWith("http://")) path = "http://" + host + ":" + port + path;
221 PrintWriter pw = new PrintWriter(new OutputStreamWriter(sock.getOutputStream()));
222 BufferedReader br = new BufferedReader(new InputStreamReader(sock.getInputStream()));
223 pw.print("CONNECT " + host + ":" + port + " HTTP/1.1\r\n\r\n");
225 String s = br.readLine();
226 if (s.charAt(9) != '2') throw new HTTPException("proxy refused CONNECT method: \"" + s + "\"");
227 while (br.readLine().length() > 0) { };
228 ((TinySSL)sock).negotiate();
232 } catch (IOException e) {
233 if (Log.on) Log.log(this, "exception in attemptHttpProxy(): " + e);
239 * Implements SOCKSv4 with v4a DNS extension
240 * @see http://www.socks.nec.com/protocol/socks4.protocol
241 * @see http://www.socks.nec.com/protocol/socks4a.protocol
243 public Socket attemptSocksProxy(String proxyHost, int proxyPort) {
245 // even if host is already a "x.y.z.w" string, we use this to parse it into bytes
246 InetAddress addr = null;
247 try { addr = InetAddress.getByName(host); } catch (Exception e) { }
249 if (Log.verbose) Log.log(this, "attempting to create SOCKSv4" + (addr == null ? "" : "a") +
250 " proxied socket using proxy " + proxyHost + ":" + proxyPort);
253 Socket sock = Platform.getSocket(proxyHost, proxyPort, ssl, false);
255 DataOutputStream dos = new DataOutputStream(sock.getOutputStream());
256 dos.writeByte(0x04); // SOCKSv4(a)
257 dos.writeByte(0x01); // CONNECT
258 dos.writeShort(port & 0xffff); // port
259 if (addr == null) dos.writeInt(0x00000001); // bogus IP
260 else dos.write(addr.getAddress()); // actual IP
261 dos.writeByte(0x00); // no userid
263 PrintWriter pw = new PrintWriter(new OutputStreamWriter(dos));
266 dos.writeByte(0x00); // hostname null terminator
270 DataInputStream dis = new DataInputStream(sock.getInputStream());
271 dis.readByte(); // reply version
272 byte success = dis.readByte(); // success/fail
273 dis.skip(6); // ip/port
275 if ((int)(success & 0xff) == 90) {
276 if (ssl) ((TinySSL)sock).negotiate();
279 if (Log.on) Log.log(this, "SOCKS server denied access, code " + (success & 0xff));
282 } catch (IOException e) {
283 if (Log.on) Log.log(this, "exception in attemptSocksProxy(): " + e);
288 /** executes the PAC script and dispatches a call to one of the other attempt methods based on the result */
289 public Socket attemptPAC(org.xwt.js.JS.Callable pacFunc) {
290 if (Log.verbose) Log.log(this, "evaluating PAC script");
293 org.xwt.js.JS.Array args = new org.xwt.js.JS.Array();
294 args.addElement(url.toString());
295 args.addElement(url.getHost());
296 Object obj = pacFunc.call(args);
297 if (Log.verbose) Log.log(this, " PAC script returned \"" + obj + "\"");
298 pac = obj.toString();
299 } catch (Throwable e) {
300 if (Log.on) Log.log(this, "PAC script threw exception " + e);
304 StringTokenizer st = new StringTokenizer(pac, ";", false);
305 while (st.hasMoreTokens()) {
306 String token = st.nextToken().trim();
307 if (Log.verbose) Log.log(this, " trying \"" + token + "\"...");
310 if (token.startsWith("DIRECT"))
311 ret = attemptDirect();
312 else if (token.startsWith("PROXY"))
313 ret = attemptHttpProxy(token.substring(token.indexOf(' ') + 1, token.indexOf(':')),
314 Integer.parseInt(token.substring(token.indexOf(':') + 1)));
315 else if (token.startsWith("SOCKS"))
316 ret = attemptSocksProxy(token.substring(token.indexOf(' ') + 1, token.indexOf(':')),
317 Integer.parseInt(token.substring(token.indexOf(':') + 1)));
318 if (ret != null) return ret;
319 } catch (Throwable e) {
320 if (Log.on) Log.log(this, "attempt at \"" + token + "\" failed due to " + e + "; trying next token");
323 if (Log.on) Log.log(this, "all PAC results exhausted");
328 // Everything Else ////////////////////////////////////////////////////////////////////////////
330 private synchronized void connect() throws IOException {
331 if (originalUrl.equals("stdio:")) {
332 in = new BufferedInputStream(System.in);
336 if (in == null) in = new BufferedInputStream(sock.getInputStream());
339 // grab the userinfo; gcj doesn't have java.net.URL.getUserInfo()
340 String url = originalUrl;
341 userInfo = url.substring(url.indexOf("://") + 3);
342 userInfo = userInfo.indexOf('/') == -1 ? userInfo : userInfo.substring(0, userInfo.indexOf('/'));
343 if (userInfo.indexOf('@') != -1) {
344 userInfo = userInfo.substring(0, userInfo.indexOf('@'));
345 url = url.substring(0, url.indexOf("://") + 3) + url.substring(url.indexOf('@') + 1);
350 if (url.startsWith("https:")) {
351 this.url = new URL("http" + url.substring(5));
353 } else if (!url.startsWith("http:")) {
354 throw new MalformedURLException("HTTP only supports http/https urls");
356 this.url = new URL(url);
358 if (!skipResolveCheck) resolveAndCheckIfFirewalled(this.url.getHost());
359 port = this.url.getPort();
360 path = this.url.getFile();
361 if (port == -1) port = ssl ? 443 : 80;
362 host = this.url.getHost();
363 if (Log.verbose) Log.log(this, "creating HTTP object for connection to " + host + ":" + port);
365 Proxy pi = Platform.detectProxy();
368 for(int i=0; i<pi.excluded.length; i++) if (host.equals(pi.excluded[i])) break OUTER;
369 if (sock == null && pi.proxyAutoConfigFunction != null) sock = attemptPAC(pi.proxyAutoConfigFunction);
370 if (sock == null && ssl && pi.httpsProxyHost != null) sock = attemptHttpProxy(pi.httpsProxyHost, pi.httpsProxyPort);
371 if (sock == null && pi.httpProxyHost != null) sock = attemptHttpProxy(pi.httpProxyHost, pi.httpProxyPort);
372 if (sock == null && pi.socksProxyHost != null) sock = attemptSocksProxy(pi.socksProxyHost, pi.socksProxyPort);
375 proxied = sock != null;
376 if (sock == null) sock = attemptDirect();
377 if (sock == null) throw new HTTPException("unable to contact host " + host);
378 if (in == null) in = new BufferedInputStream(sock.getInputStream());
381 public void sendRequest(String contentType, String content) throws IOException {
383 PrintWriter pw = new PrintWriter(new OutputStreamWriter(originalUrl.equals("stdio:") ? System.out : sock.getOutputStream()));
384 if (content != null) {
385 pw.print("POST " + path + " HTTP/1.1\r\n");
386 int contentLength = content.substring(0, 2).equals("\r\n") ?
387 content.length() - 2 :
388 (content.length() - content.indexOf("\r\n\r\n") - 4);
389 pw.print("Content-Length: " + contentLength + "\r\n");
390 if (contentType != null) pw.print("Content-Type: " + contentType + "\r\n");
392 pw.print("GET " + path + " HTTP/1.1\r\n");
395 pw.print("User-Agent: XWT\r\n");
396 pw.print("Accept-encoding: gzip\r\n");
397 pw.print("Host: " + (host + (port == 80 ? "" : (":" + port))) + "\r\n");
398 if (proxied) pw.print("X-RequestOrigin: " + Main.originHost + "\r\n");
400 if (Proxy.Authorization.authorization != null) pw.print("Proxy-Authorization: " + Proxy.Authorization.authorization2 + "\r\n");
401 if (authCache.get(originalUrl) != null) pw.print("Authorization: " + authCache.get(originalUrl) + "\r\n");
403 pw.print(content == null ? "\r\n" : content);
408 private void doWebAuth(Hashtable h0, String method) throws IOException {
409 if (userInfo == null) throw new HTTPException("web server demanded username/password, but none were supplied");
410 Hashtable h = parseAuthenticationChallenge(h0.get("www-authenticate").toString());
412 if (h.get("AUTHTYPE").equals("Basic")) {
413 if (authCache.get(originalUrl) != null) throw new HTTPException("username/password rejected");
414 authCache.put(originalUrl, "Basic " + new String(Base64.encode(userInfo.getBytes("US-ASCII"))));
416 } else if (h.get("AUTHTYPE").equals("Digest")) {
417 if (authCache.get(originalUrl) != null && !"true".equals(h.get("stale"))) throw new HTTPException("username/password rejected");
419 if (path2.startsWith("http://") || path2.startsWith("https://")) {
420 path2 = path2.substring(path2.indexOf("://") + 3);
421 path2 = path2.substring(path2.indexOf('/'));
423 String A1 = userInfo.substring(0, userInfo.indexOf(':')) + ":" + h.get("realm") + ":" + userInfo.substring(userInfo.indexOf(':') + 1);
424 String A2 = method + ":" + path2;
425 authCache.put(originalUrl,
427 "username=\"" + userInfo.substring(0, userInfo.indexOf(':')) + "\", " +
428 "realm=\"" + h.get("realm") + "\", " +
429 "nonce=\"" + h.get("nonce") + "\", " +
430 "uri=\"" + path2 + "\", " +
431 (h.get("opaque") == null ? "" : ("opaque=\"" + h.get("opaque") + "\", ")) +
432 "response=\"" + H(H(A1) + ":" + h.get("nonce") + ":" + H(A2)) + "\", " +
437 throw new HTTPException("unknown authentication type: " + h.get("AUTHTYPE"));
441 private void doProxyAuth(Hashtable h0, String method) throws IOException {
442 if (Log.on) Log.log(this, "Proxy AuthChallenge: " + h0.get("proxy-authenticate"));
443 Hashtable h = parseAuthenticationChallenge(h0.get("proxy-authenticate").toString());
444 String style = h.get("AUTHTYPE").toString();
445 String realm = (String)h.get("realm");
447 if (style.equals("NTLM") && Proxy.Authorization.authorization2 == null) {
448 Log.log(this, "Proxy identified itself as NTLM, sending Type 1 packet");
449 Proxy.Authorization.authorization2 = "NTLM " + Base64.encode(Proxy.NTLM.type1);
453 if (!realm.equals("Digest") || Proxy.Authorization.authorization2 == null || !"true".equals(h.get("stale")))
454 Proxy.Authorization.getPassword(realm, style, sock.getInetAddress().getHostAddress(), Proxy.Authorization.authorization);
456 if (style.equals("Basic")) {
457 Proxy.Authorization.authorization2 =
458 "Basic " + new String(Base64.encode(Proxy.Authorization.authorization.getBytes("US-ASCII")));
460 } else if (style.equals("Digest")) {
461 String A1 = Proxy.Authorization.authorization.substring(0, userInfo.indexOf(':')) + ":" + h.get("realm") + ":" +
462 Proxy.Authorization.authorization.substring(Proxy.Authorization.authorization.indexOf(':') + 1);
463 String A2 = method + ":" + path;
464 Proxy.Authorization.authorization2 =
466 "username=\"" + Proxy.Authorization.authorization.substring(0, Proxy.Authorization.authorization.indexOf(':')) + "\", " +
467 "realm=\"" + h.get("realm") + "\", " +
468 "nonce=\"" + h.get("nonce") + "\", " +
469 "uri=\"" + path + "\", " +
470 (h.get("opaque") == null ? "" : ("opaque=\"" + h.get("opaque") + "\", ")) +
471 "response=\"" + H(H(A1) + ":" + h.get("nonce") + ":" + H(A2)) + "\", " +
474 } else if (style.equals("NTLM")) {
475 Log.log(this, "Proxy identified itself as NTLM, got Type 2 packet");
476 byte[] type2 = Base64.decode(((String)h0.get("proxy-authenticate")).substring(5).trim());
477 for(int i=0; i<type2.length; i += 4) {
479 if (i<type2.length) log += Integer.toString(type2[i] & 0xff, 16) + " ";
480 if (i+1<type2.length) log += Integer.toString(type2[i+1] & 0xff, 16) + " ";
481 if (i+2<type2.length) log += Integer.toString(type2[i+2] & 0xff, 16) + " ";
482 if (i+3<type2.length) log += Integer.toString(type2[i+3] & 0xff, 16) + " ";
485 // FIXME: need to keep the connection open between type1 and type3
486 // FIXME: finish this
487 //byte[] type3 = Proxy.NTLM.getResponse(
488 //Proxy.Authorization.authorization2 = "NTLM " + Base64.encode(type3));
493 // HTTPException ///////////////////////////////////////////////////////////////////////////////////
495 static class HTTPException extends IOException { public HTTPException(String s) { super(s); } }
498 // HTTPInputStream ///////////////////////////////////////////////////////////////////////////////////
500 /** An input stream that represents a subset of a longer input stream. Supports HTTP chunking as well */
501 public class HTTPInputStream extends FilterInputStream implements KnownLength {
503 /** if chunking, the number of bytes remaining in this subset; otherwise the remainder of the chunk */
504 private int length = 0;
506 /** this semaphore will be released when the stream is closed */
507 private Semaphore releaseMe = null;
509 /** indicates that we have encountered the zero-length terminator chunk */
510 boolean chunkedDone = false;
512 /** if we're on the first chunk, we don't pre-read a CRLF */
513 boolean firstChunk = true;
515 /** the length of the entire content body; -1 if chunked */
516 private int contentLength = 0;
517 public int getContentLength() { return contentLength; }
519 HTTPInputStream(InputStream in, int length, Semaphore releaseMe) throws IOException {
521 this.releaseMe = releaseMe;
522 this.contentLength = length;
523 this.length = length == -1 ? 0 : length;
526 public int getLength() { return contentLength; }
527 public boolean markSupported() { return false; }
528 public int read(byte[] b) throws IOException { return read(b, 0, b.length); }
529 public long skip(long n) throws IOException { return read(null, -1, (int)n); }
530 public int available() throws IOException {
531 if (contentLength == -1) return java.lang.Math.min(super.available(), length);
532 return super.available();
535 public int read() throws IOException {
536 byte[] b = new byte[1];
537 int ret = read(b, 0, 1);
538 return ret == -1 ? -1 : b[0] & 0xff;
541 private void readChunk() throws IOException {
542 if (chunkedDone) return;
543 if (!firstChunk) super.skip(2); // CRLF
545 String chunkLen = "";
547 int i = super.read();
548 if (i == -1) throw new HTTPException("encountered end of stream while reading chunk length");
550 // FEATURE: handle chunking extensions
558 length = Integer.parseInt(chunkLen.trim(), 16);
559 if (length == 0) chunkedDone = true;
562 public int read(byte[] b, int off, int len) throws IOException {
563 boolean good = false;
565 if (length == 0 && contentLength == -1) {
567 if (chunkedDone) { good = true; return -1; }
569 if (length == 0) { good = true; return -1; }
571 if (len > length) len = length;
572 int ret = b == null ? (int)super.skip(len) : super.read(b, off, len);
583 public void close() throws IOException {
584 if (contentLength == -1) {
585 while(!chunkedDone) {
586 if (length != 0) skip(length);
591 if (length != 0) skip(length);
593 if (releaseMe != null) releaseMe.release();
604 // Misc Helpers ///////////////////////////////////////////////////////////////////////////////////
606 /** reads a set of HTTP headers off of the input stream, returning null if the stream is already at its end */
607 private Hashtable parseHeaders(InputStream in) throws IOException {
608 Hashtable ret = new Hashtable();
610 // we can't use a BufferedReader directly on the input stream, since it will buffer past the end of the headers
611 byte[] buf = new byte[4096];
614 int read = in.read();
615 if (read == -1 && buflen == 0) return null;
616 if (read == -1) throw new HTTPException("stream closed while reading headers");
617 buf[buflen++] = (byte)read;
618 if (buflen >= 4 && buf[buflen - 4] == '\r' && buf[buflen - 3] == '\n' && buf[buflen - 2] == '\r' && buf[buflen - 1] == '\n') break;
619 if (buflen == buf.length) {
620 byte[] newbuf = new byte[buf.length * 2];
621 System.arraycopy(buf, 0, newbuf, 0, buflen);
626 BufferedReader br = new BufferedReader(new InputStreamReader(new ByteArrayInputStream(buf, 0, buflen)));
627 String s = br.readLine();
628 if (!s.startsWith("HTTP/")) throw new HTTPException("Expected reply to start with \"HTTP/\", got: " + s);
629 ret.put("STATUSLINE", s.substring(s.indexOf(' ') + 1));
630 ret.put("HTTP", s.substring(5, s.indexOf(' ')));
632 while((s = br.readLine()) != null && s.length() > 0) {
633 String front = s.substring(0, s.indexOf(':')).toLowerCase();
634 String back = s.substring(s.indexOf(':') + 1).trim();
635 // ugly hack: we never replace a Digest-auth with a Basic-auth (proxy + www)
636 if (front.endsWith("-authenticate") && ret.get(front) != null && !back.equals("Digest")) continue;
637 ret.put(front, back);
642 private Hashtable parseAuthenticationChallenge(String s) {
643 Hashtable ret = new Hashtable();
646 ret.put("AUTHTYPE", s.substring(0, s.indexOf(' ')));
647 s = s.substring(s.indexOf(' ')).trim();
649 while (s.length() > 0) {
651 String key = s.substring(0, s.indexOf('='));
652 s = s.substring(s.indexOf('=') + 1);
653 if (s.charAt(0) == '\"') {
655 val = s.substring(0, s.indexOf('\"'));
656 s = s.substring(s.indexOf('\"') + 1);
658 val = s.indexOf(',') == -1 ? s : s.substring(0, s.indexOf(','));
659 s = s.indexOf(',') == -1 ? "" : s.substring(s.indexOf(',') + 1);
661 if (s.length() > 0 && s.charAt(0) == ',') s = s.substring(1);
668 private String H(String s) throws IOException {
669 byte[] b = s.getBytes("US-ASCII");
670 MD5Digest md5 = new MD5Digest();
671 md5.update(b, 0, b.length);
672 byte[] out = new byte[md5.getDigestSize()];
675 for(int i=0; i<out.length; i++) {
676 ret += "0123456789abcdef".charAt((out[i] & 0xf0) >> 4);
677 ret += "0123456789abcdef".charAt(out[i] & 0x0f);
683 // Proxy ///////////////////////////////////////////////////////////
685 /** encapsulates most of the proxy logic; some is shared in HTTP.java */
686 public static class Proxy {
690 /** the HTTP Proxy host to use */
691 public String httpProxyHost = null;
693 /** the HTTP Proxy port to use */
694 public int httpProxyPort = -1;
696 /** if a seperate proxy should be used for HTTPS, this is the hostname; otherwise, httpProxyHost is used */
697 public String httpsProxyHost = null;
699 /** if a seperate proxy should be used for HTTPS, this is the port */
700 public int httpsProxyPort = -1;
702 /** the SOCKS Proxy Host to use */
703 public String socksProxyHost = null;
705 /** the SOCKS Proxy Port to use */
706 public int socksProxyPort = -1;
708 /** hosts to be excluded from proxy use; wildcards permitted */
709 public String[] excluded = null;
711 /** the PAC script */
712 public JS.Callable proxyAutoConfigFunction = null;
714 public static Proxy detectProxyViaManual() {
715 Proxy ret = new Proxy();
717 ret.httpProxyHost = Platform.getEnv("http_proxy");
718 if (ret.httpProxyHost != null) {
719 if (ret.httpProxyHost.startsWith("http://")) ret.httpProxyHost = ret.httpProxyHost.substring(7);
720 if (ret.httpProxyHost.endsWith("/")) ret.httpProxyHost = ret.httpProxyHost.substring(0, ret.httpProxyHost.length() - 1);
721 if (ret.httpProxyHost.indexOf(':') != -1) {
722 ret.httpProxyPort = Integer.parseInt(ret.httpProxyHost.substring(ret.httpProxyHost.indexOf(':') + 1));
723 ret.httpProxyHost = ret.httpProxyHost.substring(0, ret.httpProxyHost.indexOf(':'));
725 ret.httpProxyPort = 80;
729 ret.httpsProxyHost = Platform.getEnv("https_proxy");
730 if (ret.httpsProxyHost != null) {
731 if (ret.httpsProxyHost.startsWith("https://")) ret.httpsProxyHost = ret.httpsProxyHost.substring(7);
732 if (ret.httpsProxyHost.endsWith("/")) ret.httpsProxyHost = ret.httpsProxyHost.substring(0, ret.httpsProxyHost.length() - 1);
733 if (ret.httpsProxyHost.indexOf(':') != -1) {
734 ret.httpsProxyPort = Integer.parseInt(ret.httpsProxyHost.substring(ret.httpsProxyHost.indexOf(':') + 1));
735 ret.httpsProxyHost = ret.httpsProxyHost.substring(0, ret.httpsProxyHost.indexOf(':'));
737 ret.httpsProxyPort = 80;
741 ret.socksProxyHost = Platform.getEnv("socks_proxy");
742 if (ret.socksProxyHost != null) {
743 if (ret.socksProxyHost.startsWith("socks://")) ret.socksProxyHost = ret.socksProxyHost.substring(7);
744 if (ret.socksProxyHost.endsWith("/")) ret.socksProxyHost = ret.socksProxyHost.substring(0, ret.socksProxyHost.length() - 1);
745 if (ret.socksProxyHost.indexOf(':') != -1) {
746 ret.socksProxyPort = Integer.parseInt(ret.socksProxyHost.substring(ret.socksProxyHost.indexOf(':') + 1));
747 ret.socksProxyHost = ret.socksProxyHost.substring(0, ret.socksProxyHost.indexOf(':'));
749 ret.socksProxyPort = 80;
753 String noproxy = Platform.getEnv("no_proxy");
754 if (noproxy != null) {
755 StringTokenizer st = new StringTokenizer(noproxy, ",");
756 ret.excluded = new String[st.countTokens()];
757 for(int i=0; st.hasMoreTokens(); i++) ret.excluded[i] = st.nextToken();
760 if (ret.httpProxyHost == null && ret.socksProxyHost == null) return null;
764 public static JS.Scope proxyAutoConfigRootScope = new ProxyAutoConfigRootScope();
765 public static JS.Callable getProxyAutoConfigFunction(String url) {
767 BufferedReader br = new BufferedReader(new InputStreamReader(new HTTP(url, true).GET()));
770 while((s = br.readLine()) != null) script += s + "\n";
771 if (Log.on) Log.log(Proxy.class, "successfully retrieved WPAD PAC:");
772 if (Log.on) Log.log(Proxy.class, script);
775 Vector carpHosts = new Vector();
776 for(int i=0; i<script.length(); i++)
777 if (script.regionMatches(i, "new Node(", 0, 9)) {
778 String host = script.substring(i + 10, script.indexOf('\"', i + 11));
779 if (Log.on) Log.log(Proxy.class, "Detected MS Proxy Server CARP Script, Host=" + host);
780 carpHosts.addElement(host);
782 if (carpHosts.size() > 0) {
783 script = "function FindProxyForURL(url, host) {\nreturn \"";
784 for(int i=0; i<carpHosts.size(); i++)
785 script += "PROXY " + carpHosts.elementAt(i) + "; ";
787 if (Log.on) Log.log(Proxy.class, "DeCARPed PAC script:");
788 if (Log.on) Log.log(Proxy.class, script);
791 JS.CompiledFunction scr = JS.parse("PAC script at " + url, 0, new StringReader(script));
792 scr.call(new JS.Array(), proxyAutoConfigRootScope);
793 return (JS.Callable)proxyAutoConfigRootScope.get("FindProxyForURL");
794 } catch (Exception e) {
796 Log.log(Platform.class, "WPAD detection failed due to:");
797 if (e instanceof JS.Exn) {
799 org.xwt.js.JS.Array arr = new org.xwt.js.JS.Array();
800 arr.addElement(((JS.Exn)e).getObject());
801 } catch (Exception e2) {
802 Log.log(Platform.class, e);
805 else Log.log(Platform.class, e);
812 // Authorization ///////////////////////////////////////////////////////////////////////////////////
814 public static class Authorization {
816 static public String authorization = null;
817 static public String authorization2 = null;
818 static public Semaphore waitingForUser = new Semaphore();
820 public static synchronized void getPassword(final String realm, final String style, final String proxyIP, String oldAuth) {
822 // this handles cases where multiple threads hit the proxy auth at the same time -- all but one will block on the
823 // synchronized keyword. If 'authorization' changed while the thread was blocked, it means that the user entered
824 // a password, so we should reattempt authorization.
826 if (authorization != oldAuth) return;
827 if (Log.on) Log.log(Authorization.class, "displaying proxy authorization dialog");
828 Message.Q.add(new Message() {
829 public void perform() {
831 Template t = Template.getTemplate((Res)Main.builtin.get("org/xwt/builtin/proxy_authorization.xwt"));
832 t.apply(b, null, null);
833 b.put("realm", realm);
834 b.put("proxyIP", proxyIP);
838 waitingForUser.block();
839 if (Log.on) Log.log(Authorization.class, "got proxy authorization info; re-attempting connection");
845 // ProxyAutoConfigRootScope ////////////////////////////////////////////////////////////////////
847 public static class ProxyAutoConfigRootScope extends JS.GlobalScope {
849 public ProxyAutoConfigRootScope() { super(null); }
851 public Object get(Object name) {
852 if (name.equals("isPlainHostName")) return isPlainHostName;
853 else if (name.equals("dnsDomainIs")) return dnsDomainIs;
854 else if (name.equals("localHostOrDomainIs")) return localHostOrDomainIs;
855 else if (name.equals("isResolvable")) return isResolvable;
856 else if (name.equals("isInNet")) return isInNet;
857 else if (name.equals("dnsResolve")) return dnsResolve;
858 else if (name.equals("myIpAddress")) return myIpAddress;
859 else if (name.equals("dnsDomainLevels")) return dnsDomainLevels;
860 else if (name.equals("shExpMatch")) return shExpMatch;
861 else if (name.equals("weekdayRange")) return weekdayRange;
862 else if (name.equals("dateRange")) return dateRange;
863 else if (name.equals("timeRange")) return timeRange;
864 else if (name.equals("ProxyConfig")) return ProxyConfig;
865 else return super.get(name);
868 private static final JS.Obj proxyConfigBindings = new JS.Obj();
869 private static final JS.Obj ProxyConfig = new JS.Obj() {
870 public Object get(Object name) {
871 if (name.equals("bindings")) return proxyConfigBindings;
876 private static final JS.Callable isPlainHostName = new JS.Callable() {
877 public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
878 return (args.elementAt(0).toString().indexOf('.') == -1) ? Boolean.TRUE : Boolean.FALSE;
882 private static final JS.Callable dnsDomainIs = new JS.Callable() {
883 public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
884 return (args.elementAt(0).toString().endsWith(args.elementAt(1).toString())) ? Boolean.TRUE : Boolean.FALSE;
888 private static final JS.Callable localHostOrDomainIs = new JS.Callable() {
889 public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
890 return (args.elementAt(0).toString().equals(args.elementAt(1).toString()) ||
891 (args.elementAt(0).toString().indexOf('.') == -1 && args.elementAt(1).toString().startsWith(args.elementAt(0).toString()))) ?
892 Boolean.TRUE : Boolean.FALSE;
896 private static final JS.Callable isResolvable = new JS.Callable() {
897 public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
899 return (InetAddress.getByName(args.elementAt(0).toString()) != null) ? Boolean.TRUE : Boolean.FALSE;
900 } catch (UnknownHostException e) {
901 return Boolean.FALSE;
906 private static final JS.Callable isInNet = new JS.Callable() {
907 public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
908 if (args.length() != 3) return Boolean.FALSE;
910 byte[] host = InetAddress.getByName(args.elementAt(0).toString()).getAddress();
911 byte[] net = InetAddress.getByName(args.elementAt(1).toString()).getAddress();
912 byte[] mask = InetAddress.getByName(args.elementAt(2).toString()).getAddress();
913 return ((host[0] & mask[0]) == net[0] &&
914 (host[1] & mask[1]) == net[1] &&
915 (host[2] & mask[2]) == net[2] &&
916 (host[3] & mask[3]) == net[3]) ?
917 Boolean.TRUE : Boolean.FALSE;
918 } catch (Exception e) {
919 throw new JS.Exn("exception in isInNet(): " + e);
924 private static final JS.Callable dnsResolve = new JS.Callable() {
925 public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
927 return InetAddress.getByName(args.elementAt(0).toString()).getHostAddress();
928 } catch (UnknownHostException e) {
934 private static final JS.Callable myIpAddress = new JS.Callable() {
935 public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
937 return InetAddress.getLocalHost().getHostAddress();
938 } catch (UnknownHostException e) {
939 if (Log.on) Log.log(this, "strange... host does not know its own address");
945 private static final JS.Callable dnsDomainLevels = new JS.Callable() {
946 public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
947 String s = args.elementAt(0).toString();
949 while((i = s.indexOf('.', i)) != -1) i++;
950 return new Integer(i);
954 private static boolean match(String[] arr, String s, int index) {
955 if (index >= arr.length) return true;
956 for(int i=0; i<s.length(); i++) {
957 String s2 = s.substring(i);
958 if (s2.startsWith(arr[index]) && match(arr, s2.substring(arr[index].length()), index + 1)) return true;
963 private static final JS.Callable shExpMatch = new JS.Callable() {
964 public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
965 StringTokenizer st = new StringTokenizer(args.elementAt(1).toString(), "*", false);
966 String[] arr = new String[st.countTokens()];
967 String s = args.elementAt(0).toString();
968 for (int i=0; st.hasMoreTokens(); i++) arr[i] = st.nextToken();
969 return match(arr, s, 0) ? Boolean.TRUE : Boolean.FALSE;
973 public static String[] days = { "SUN", "MON", "TUE", "WED", "THU", "FRI", "SAT" };
975 private static final JS.Callable weekdayRange = new JS.Callable() {
976 public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
977 TimeZone tz = (args.length() < 3 || args.elementAt(2) == null || !args.elementAt(2).equals("GMT")) ? TimeZone.getTimeZone("UTC") : TimeZone.getDefault();
978 Calendar c = new GregorianCalendar();
980 c.setTime(new java.util.Date());
981 java.util.Date d = c.getTime();
982 int day = d.getDay();
984 String d1s = args.elementAt(0).toString().toUpperCase();
986 for(int i=0; i<days.length; i++) if (days[i].equals(d1s)) d1 = i;
988 if (args.length() == 1)
989 return d1 == day ? Boolean.TRUE : Boolean.FALSE;
991 String d2s = args.elementAt(1).toString().toUpperCase();
992 for(int i=0; i<days.length; i++) if (days[i].equals(d2s)) d2 = i;
995 ((d1 <= d2 && day >= d1 && day <= d2) ||
996 (d1 > d2 && (day >= d1 || day <= d2))) ?
997 Boolean.TRUE : Boolean.FALSE;
1001 private static final JS.Callable dateRange = new JS.Callable() {
1002 public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
1003 throw new JS.Exn("XWT does not support dateRange() in PAC scripts");
1007 private static final JS.Callable timeRange = new JS.Callable() {
1008 public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
1009 throw new JS.Exn("XWT does not support timeRange() in PAC scripts");
1016 * An implementation of Microsoft's proprietary NTLM authentication protocol. This code was derived from Eric
1017 * Glass's work, and is copyright as follows:
1019 * Copyright (c) 2003 Eric Glass (eglass1 at comcast.net).
1021 * Permission to use, copy, modify, and distribute this document for any purpose and without any fee is hereby
1022 * granted, provided that the above copyright notice and this list of conditions appear in all copies.
1023 * The most current version of this document may be obtained from http://davenport.sourceforge.net/ntlm.html .
1025 public static class NTLM {
1027 public static final byte[] type1 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x01,
1028 0x00, 0x00, 0x00, 0x00, 0x02, 0x02, 0x00 };
1031 * Calculates the NTLM Response for the given challenge, using the
1032 * specified password.
1034 * @param password The user's password.
1035 * @param challenge The Type 2 challenge from the server.
1037 * @return The NTLM Response.
1039 public static byte[] getNTLMResponse(String password, byte[] challenge)
1041 byte[] ntlmHash = ntlmHash(password);
1042 return lmResponse(ntlmHash, challenge);
1046 * Calculates the LM Response for the given challenge, using the specified
1049 * @param password The user's password.
1050 * @param challenge The Type 2 challenge from the server.
1052 * @return The LM Response.
1054 public static byte[] getLMResponse(String password, byte[] challenge)
1056 byte[] lmHash = lmHash(password);
1057 return lmResponse(lmHash, challenge);
1061 * Calculates the NTLMv2 Response for the given challenge, using the
1062 * specified authentication target, username, password, target information
1063 * block, and client challenge.
1065 * @param target The authentication target (i.e., domain).
1066 * @param user The username.
1067 * @param password The user's password.
1068 * @param targetInformation The target information block from the Type 2
1070 * @param challenge The Type 2 challenge from the server.
1071 * @param clientChallenge The random 8-byte client challenge.
1073 * @return The NTLMv2 Response.
1075 public static byte[] getNTLMv2Response(String target, String user,
1076 String password, byte[] targetInformation, byte[] challenge,
1077 byte[] clientChallenge) throws Exception {
1078 byte[] ntlmv2Hash = ntlmv2Hash(target, user, password);
1079 byte[] blob = createBlob(targetInformation, clientChallenge);
1080 return lmv2Response(ntlmv2Hash, blob, challenge);
1084 * Calculates the LMv2 Response for the given challenge, using the
1085 * specified authentication target, username, password, and client
1088 * @param target The authentication target (i.e., domain).
1089 * @param user The username.
1090 * @param password The user's password.
1091 * @param challenge The Type 2 challenge from the server.
1092 * @param clientChallenge The random 8-byte client challenge.
1094 * @return The LMv2 Response.
1096 public static byte[] getLMv2Response(String target, String user,
1097 String password, byte[] challenge, byte[] clientChallenge)
1099 byte[] ntlmv2Hash = ntlmv2Hash(target, user, password);
1100 return lmv2Response(ntlmv2Hash, clientChallenge, challenge);
1104 * Calculates the NTLM2 Session Response for the given challenge, using the
1105 * specified password and client challenge.
1107 * @param password The user's password.
1108 * @param challenge The Type 2 challenge from the server.
1109 * @param clientChallenge The random 8-byte client challenge.
1111 * @return The NTLM2 Session Response. This is placed in the NTLM
1112 * response field of the Type 3 message; the LM response field contains
1113 * the client challenge, null-padded to 24 bytes.
1115 public static byte[] getNTLM2SessionResponse(String password,
1116 byte[] challenge, byte[] clientChallenge) throws Exception {
1117 byte[] ntlmHash = ntlmHash(password);
1118 MD5Digest md5 = new MD5Digest();
1119 md5.update(challenge, 0, challenge.length);
1120 md5.update(clientChallenge, 0, clientChallenge.length);
1121 byte[] sessionHash = new byte[8];
1122 byte[] md5_out = new byte[md5.getDigestSize()];
1123 md5.doFinal(md5_out, 0);
1124 System.arraycopy(md5_out, 0, sessionHash, 0, 8);
1125 return lmResponse(ntlmHash, sessionHash);
1129 * Creates the LM Hash of the user's password.
1131 * @param password The password.
1133 * @return The LM Hash of the given password, used in the calculation
1134 * of the LM Response.
1136 private static byte[] lmHash(String password) throws Exception {
1138 byte[] oemPassword = password.toUpperCase().getBytes("US-ASCII");
1139 int length = java.lang.Math.min(oemPassword.length, 14);
1140 byte[] keyBytes = new byte[14];
1141 System.arraycopy(oemPassword, 0, keyBytes, 0, length);
1142 Key lowKey = createDESKey(keyBytes, 0);
1143 Key highKey = createDESKey(keyBytes, 7);
1144 byte[] magicConstant = "KGS!@#$%".getBytes("US-ASCII");
1145 Cipher des = Cipher.getInstance("DES/ECB/NoPadding");
1146 des.init(Cipher.ENCRYPT_MODE, lowKey);
1147 byte[] lowHash = des.doFinal(magicConstant);
1148 des.init(Cipher.ENCRYPT_MODE, highKey);
1149 byte[] highHash = des.doFinal(magicConstant);
1150 byte[] lmHash = new byte[16];
1151 System.arraycopy(lowHash, 0, lmHash, 0, 8);
1152 System.arraycopy(highHash, 0, lmHash, 8, 8);
1155 return null; // FIXME
1159 * Creates the NTLM Hash of the user's password.
1161 * @param password The password.
1163 * @return The NTLM Hash of the given password, used in the calculation
1164 * of the NTLM Response and the NTLMv2 and LMv2 Hashes.
1166 private static byte[] ntlmHash(String password) throws Exception {
1167 byte[] unicodePassword = password.getBytes("UnicodeLittleUnmarked");
1168 MD4Digest md4 = new MD4Digest();
1169 md4.update(unicodePassword, 0, unicodePassword.length);
1170 byte[] ret = new byte[md4.getDigestSize()];
1175 * Creates the NTLMv2 Hash of the user's password.
1177 * @param target The authentication target (i.e., domain).
1178 * @param user The username.
1179 * @param password The password.
1181 * @return The NTLMv2 Hash, used in the calculation of the NTLMv2
1182 * and LMv2 Responses.
1184 private static byte[] ntlmv2Hash(String target, String user,
1185 String password) throws Exception {
1186 byte[] ntlmHash = ntlmHash(password);
1187 String identity = user.toUpperCase() + target.toUpperCase();
1188 return hmacMD5(identity.getBytes("UnicodeLittleUnmarked"), ntlmHash);
1192 * Creates the LM Response from the given hash and Type 2 challenge.
1194 * @param hash The LM or NTLM Hash.
1195 * @param challenge The server challenge from the Type 2 message.
1197 * @return The response (either LM or NTLM, depending on the provided
1200 private static byte[] lmResponse(byte[] hash, byte[] challenge)
1203 byte[] keyBytes = new byte[21];
1204 System.arraycopy(hash, 0, keyBytes, 0, 16);
1205 Key lowKey = createDESKey(keyBytes, 0);
1206 Key middleKey = createDESKey(keyBytes, 7);
1207 Key highKey = createDESKey(keyBytes, 14);
1208 Cipher des = Cipher.getInstance("DES/ECB/NoPadding");
1209 des.init(Cipher.ENCRYPT_MODE, lowKey);
1210 byte[] lowResponse = des.doFinal(challenge);
1211 des.init(Cipher.ENCRYPT_MODE, middleKey);
1212 byte[] middleResponse = des.doFinal(challenge);
1213 des.init(Cipher.ENCRYPT_MODE, highKey);
1214 byte[] highResponse = des.doFinal(challenge);
1215 byte[] lmResponse = new byte[24];
1216 System.arraycopy(lowResponse, 0, lmResponse, 0, 8);
1217 System.arraycopy(middleResponse, 0, lmResponse, 8, 8);
1218 System.arraycopy(highResponse, 0, lmResponse, 16, 8);
1221 return null; // FIXME
1225 * Creates the LMv2 Response from the given hash, client data, and
1228 * @param hash The NTLMv2 Hash.
1229 * @param clientData The client data (blob or client challenge).
1230 * @param challenge The server challenge from the Type 2 message.
1232 * @return The response (either NTLMv2 or LMv2, depending on the
1235 private static byte[] lmv2Response(byte[] hash, byte[] clientData,
1236 byte[] challenge) throws Exception {
1237 byte[] data = new byte[challenge.length + clientData.length];
1238 System.arraycopy(challenge, 0, data, 0, challenge.length);
1239 System.arraycopy(clientData, 0, data, challenge.length,
1241 byte[] mac = hmacMD5(data, hash);
1242 byte[] lmv2Response = new byte[mac.length + clientData.length];
1243 System.arraycopy(mac, 0, lmv2Response, 0, mac.length);
1244 System.arraycopy(clientData, 0, lmv2Response, mac.length,
1246 return lmv2Response;
1250 * Creates the NTLMv2 blob from the given target information block and
1253 * @param targetInformation The target information block from the Type 2
1255 * @param clientChallenge The random 8-byte client challenge.
1257 * @return The blob, used in the calculation of the NTLMv2 Response.
1259 private static byte[] createBlob(byte[] targetInformation,
1260 byte[] clientChallenge) {
1261 byte[] blobSignature = new byte[] {
1262 (byte) 0x01, (byte) 0x01, (byte) 0x00, (byte) 0x00
1264 byte[] reserved = new byte[] {
1265 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00
1267 byte[] unknown1 = new byte[] {
1268 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00
1270 byte[] unknown2 = new byte[] {
1271 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00
1273 long time = System.currentTimeMillis();
1274 time += 11644473600000l; // milliseconds from January 1, 1601 -> epoch.
1275 time *= 10000; // tenths of a microsecond.
1276 // convert to little-endian byte array.
1277 byte[] timestamp = new byte[8];
1278 for (int i = 0; i < 8; i++) {
1279 timestamp[i] = (byte) time;
1282 byte[] blob = new byte[blobSignature.length + reserved.length +
1283 timestamp.length + clientChallenge.length +
1284 unknown1.length + targetInformation.length +
1287 System.arraycopy(blobSignature, 0, blob, offset, blobSignature.length);
1288 offset += blobSignature.length;
1289 System.arraycopy(reserved, 0, blob, offset, reserved.length);
1290 offset += reserved.length;
1291 System.arraycopy(timestamp, 0, blob, offset, timestamp.length);
1292 offset += timestamp.length;
1293 System.arraycopy(clientChallenge, 0, blob, offset,
1294 clientChallenge.length);
1295 offset += clientChallenge.length;
1296 System.arraycopy(unknown1, 0, blob, offset, unknown1.length);
1297 offset += unknown1.length;
1298 System.arraycopy(targetInformation, 0, blob, offset,
1299 targetInformation.length);
1300 offset += targetInformation.length;
1301 System.arraycopy(unknown2, 0, blob, offset, unknown2.length);
1306 * Calculates the HMAC-MD5 hash of the given data using the specified
1309 * @param data The data for which the hash will be calculated.
1310 * @param key The hashing key.
1312 * @return The HMAC-MD5 hash of the given data.
1314 private static byte[] hmacMD5(byte[] data, byte[] key) throws Exception {
1315 byte[] ipad = new byte[64];
1316 byte[] opad = new byte[64];
1317 for (int i = 0; i < 64; i++) {
1318 ipad[i] = (byte) 0x36;
1319 opad[i] = (byte) 0x5c;
1321 for (int i = key.length - 1; i >= 0; i--) {
1325 byte[] content = new byte[data.length + 64];
1326 System.arraycopy(ipad, 0, content, 0, 64);
1327 System.arraycopy(data, 0, content, 64, data.length);
1328 MD5Digest md5 = new MD5Digest();
1329 md5.update(content, 0, content.length);
1330 data = new byte[md5.getDigestSize()];
1331 md5.doFinal(data, 0);
1332 content = new byte[data.length + 64];
1333 System.arraycopy(opad, 0, content, 0, 64);
1334 System.arraycopy(data, 0, content, 64, data.length);
1335 md5 = new MD5Digest();
1336 md5.update(content, 0, content.length);
1337 byte[] ret = new byte[md5.getDigestSize()];
1338 md5.doFinal(ret, 0);
1343 * Creates a DES encryption key from the given key material.
1345 * @param bytes A byte array containing the DES key material.
1346 * @param offset The offset in the given byte array at which
1347 * the 7-byte key material starts.
1349 * @return A DES encryption key created from the key material
1350 * starting at the specified offset in the given byte array.
1353 private static Key createDESKey(byte[] bytes, int offset) {
1354 byte[] keyBytes = new byte[7];
1355 System.arraycopy(bytes, offset, keyBytes, 0, 7);
1356 byte[] material = new byte[8];
1357 material[0] = keyBytes[0];
1358 material[1] = (byte) (keyBytes[0] << 7 | (keyBytes[1] & 0xff) >>> 1);
1359 material[2] = (byte) (keyBytes[1] << 6 | (keyBytes[2] & 0xff) >>> 2);
1360 material[3] = (byte) (keyBytes[2] << 5 | (keyBytes[3] & 0xff) >>> 3);
1361 material[4] = (byte) (keyBytes[3] << 4 | (keyBytes[4] & 0xff) >>> 4);
1362 material[5] = (byte) (keyBytes[4] << 3 | (keyBytes[5] & 0xff) >>> 5);
1363 material[6] = (byte) (keyBytes[5] << 2 | (keyBytes[6] & 0xff) >>> 6);
1364 material[7] = (byte) (keyBytes[6] << 1);
1365 oddParity(material);
1366 return new SecretKeySpec(material, "DES");
1371 * Applies odd parity to the given byte array.
1373 * @param bytes The data whose parity bits are to be adjusted for
1376 private static void oddParity(byte[] bytes) {
1377 for (int i = 0; i < bytes.length; i++) {
1379 boolean needsParity = (((b >>> 7) ^ (b >>> 6) ^ (b >>> 5) ^
1380 (b >>> 4) ^ (b >>> 3) ^ (b >>> 2) ^
1381 (b >>> 1)) & 0x01) == 0;
1383 bytes[i] |= (byte) 0x01;
1385 bytes[i] &= (byte) 0xfe;