+
+ // Proxy ///////////////////////////////////////////////////////////
+
+ /** encapsulates most of the proxy logic; some is shared in HTTP.java */
+ public static class Proxy {
+
+ public Proxy() { }
+
+ /** the HTTP Proxy host to use */
+ public String httpProxyHost = null;
+
+ /** the HTTP Proxy port to use */
+ public int httpProxyPort = -1;
+
+ /** if a seperate proxy should be used for HTTPS, this is the hostname; otherwise, httpProxyHost is used */
+ public String httpsProxyHost = null;
+
+ /** if a seperate proxy should be used for HTTPS, this is the port */
+ public int httpsProxyPort = -1;
+
+ /** the SOCKS Proxy Host to use */
+ public String socksProxyHost = null;
+
+ /** the SOCKS Proxy Port to use */
+ public int socksProxyPort = -1;
+
+ /** hosts to be excluded from proxy use; wildcards permitted */
+ public String[] excluded = null;
+
+ /** the PAC script */
+ public JS.Callable proxyAutoConfigFunction = null;
+
+ public static Proxy detectProxyViaManual() {
+ Proxy ret = new Proxy();
+
+ ret.httpProxyHost = Platform.getEnv("http_proxy");
+ if (ret.httpProxyHost != null) {
+ if (ret.httpProxyHost.startsWith("http://")) ret.httpProxyHost = ret.httpProxyHost.substring(7);
+ if (ret.httpProxyHost.endsWith("/")) ret.httpProxyHost = ret.httpProxyHost.substring(0, ret.httpProxyHost.length() - 1);
+ if (ret.httpProxyHost.indexOf(':') != -1) {
+ ret.httpProxyPort = Integer.parseInt(ret.httpProxyHost.substring(ret.httpProxyHost.indexOf(':') + 1));
+ ret.httpProxyHost = ret.httpProxyHost.substring(0, ret.httpProxyHost.indexOf(':'));
+ } else {
+ ret.httpProxyPort = 80;
+ }
+ }
+
+ ret.httpsProxyHost = Platform.getEnv("https_proxy");
+ if (ret.httpsProxyHost != null) {
+ if (ret.httpsProxyHost.startsWith("https://")) ret.httpsProxyHost = ret.httpsProxyHost.substring(7);
+ if (ret.httpsProxyHost.endsWith("/")) ret.httpsProxyHost = ret.httpsProxyHost.substring(0, ret.httpsProxyHost.length() - 1);
+ if (ret.httpsProxyHost.indexOf(':') != -1) {
+ ret.httpsProxyPort = Integer.parseInt(ret.httpsProxyHost.substring(ret.httpsProxyHost.indexOf(':') + 1));
+ ret.httpsProxyHost = ret.httpsProxyHost.substring(0, ret.httpsProxyHost.indexOf(':'));
+ } else {
+ ret.httpsProxyPort = 80;
+ }
+ }
+
+ ret.socksProxyHost = Platform.getEnv("socks_proxy");
+ if (ret.socksProxyHost != null) {
+ if (ret.socksProxyHost.startsWith("socks://")) ret.socksProxyHost = ret.socksProxyHost.substring(7);
+ if (ret.socksProxyHost.endsWith("/")) ret.socksProxyHost = ret.socksProxyHost.substring(0, ret.socksProxyHost.length() - 1);
+ if (ret.socksProxyHost.indexOf(':') != -1) {
+ ret.socksProxyPort = Integer.parseInt(ret.socksProxyHost.substring(ret.socksProxyHost.indexOf(':') + 1));
+ ret.socksProxyHost = ret.socksProxyHost.substring(0, ret.socksProxyHost.indexOf(':'));
+ } else {
+ ret.socksProxyPort = 80;
+ }
+ }
+
+ String noproxy = Platform.getEnv("no_proxy");
+ if (noproxy != null) {
+ StringTokenizer st = new StringTokenizer(noproxy, ",");
+ ret.excluded = new String[st.countTokens()];
+ for(int i=0; st.hasMoreTokens(); i++) ret.excluded[i] = st.nextToken();
+ }
+
+ if (ret.httpProxyHost == null && ret.socksProxyHost == null) return null;
+ return ret;
+ }
+
+ public static JS.Scope proxyAutoConfigRootScope = new ProxyAutoConfigRootScope();
+ public static JS.Callable getProxyAutoConfigFunction(String url) {
+ try {
+ BufferedReader br = new BufferedReader(new InputStreamReader(new HTTP(url, true).GET()));
+ String s = null;
+ String script = "";
+ while((s = br.readLine()) != null) script += s + "\n";
+ if (Log.on) Log.log(Proxy.class, "successfully retrieved WPAD PAC:");
+ if (Log.on) Log.log(Proxy.class, script);
+
+ // MS CARP hack
+ Vector carpHosts = new Vector();
+ for(int i=0; i<script.length(); i++)
+ if (script.regionMatches(i, "new Node(", 0, 9)) {
+ String host = script.substring(i + 10, script.indexOf('\"', i + 11));
+ if (Log.on) Log.log(Proxy.class, "Detected MS Proxy Server CARP Script, Host=" + host);
+ carpHosts.addElement(host);
+ }
+ if (carpHosts.size() > 0) {
+ script = "function FindProxyForURL(url, host) {\nreturn \"";
+ for(int i=0; i<carpHosts.size(); i++)
+ script += "PROXY " + carpHosts.elementAt(i) + "; ";
+ script += "\";\n}";
+ if (Log.on) Log.log(Proxy.class, "DeCARPed PAC script:");
+ if (Log.on) Log.log(Proxy.class, script);
+ }
+
+ JS.CompiledFunction scr = JS.parse("PAC script at " + url, 0, new StringReader(script));
+ // FIXME
+ /*
+ scr.call(new JS.Array(), proxyAutoConfigRootScope);
+ */
+ return (JS.Callable)proxyAutoConfigRootScope.get("FindProxyForURL");
+ } catch (Exception e) {
+ if (Log.on) {
+ Log.log(Platform.class, "WPAD detection failed due to:");
+ if (e instanceof JS.Exn) {
+ try {
+ org.xwt.js.JS.Array arr = new org.xwt.js.JS.Array();
+ arr.addElement(((JS.Exn)e).getObject());
+ } catch (Exception e2) {
+ Log.log(Platform.class, e);
+ }
+ }
+ else Log.log(Platform.class, e);
+ }
+ return null;
+ }
+ }
+
+
+ // Authorization ///////////////////////////////////////////////////////////////////////////////////
+
+ public static class Authorization {
+
+ static public String authorization = null;
+ static public String authorization2 = null;
+ static public Semaphore waitingForUser = new Semaphore();
+
+ public static synchronized void getPassword(final String realm, final String style, final String proxyIP, String oldAuth) {
+
+ // this handles cases where multiple threads hit the proxy auth at the same time -- all but one will block on the
+ // synchronized keyword. If 'authorization' changed while the thread was blocked, it means that the user entered
+ // a password, so we should reattempt authorization.
+
+ if (authorization != oldAuth) return;
+ if (Log.on) Log.log(Authorization.class, "displaying proxy authorization dialog");
+ /*
+ FIXME
+ Message.Q.add(new Message() {
+ public void perform() {
+ Box b = new Box();
+ Template t = Template.getTemplate((Res)Main.builtin.get("org/xwt/builtin/proxy_authorization.xwt"));
+ t.apply(b, null, null);
+ b.put("realm", realm);
+ b.put("proxyIP", proxyIP);
+ }
+ });
+ */
+ waitingForUser.block();
+ if (Log.on) Log.log(Authorization.class, "got proxy authorization info; re-attempting connection");
+
+ }
+ }
+
+
+ // ProxyAutoConfigRootScope ////////////////////////////////////////////////////////////////////
+
+ public static class ProxyAutoConfigRootScope extends JS.GlobalScope {
+
+ public ProxyAutoConfigRootScope() { super(null); }
+
+ public Object get(Object name) {
+ if (name.equals("isPlainHostName")) return isPlainHostName;
+ else if (name.equals("dnsDomainIs")) return dnsDomainIs;
+ else if (name.equals("localHostOrDomainIs")) return localHostOrDomainIs;
+ else if (name.equals("isResolvable")) return isResolvable;
+ else if (name.equals("isInNet")) return isInNet;
+ else if (name.equals("dnsResolve")) return dnsResolve;
+ else if (name.equals("myIpAddress")) return myIpAddress;
+ else if (name.equals("dnsDomainLevels")) return dnsDomainLevels;
+ else if (name.equals("shExpMatch")) return shExpMatch;
+ else if (name.equals("weekdayRange")) return weekdayRange;
+ else if (name.equals("dateRange")) return dateRange;
+ else if (name.equals("timeRange")) return timeRange;
+ else if (name.equals("ProxyConfig")) return ProxyConfig;
+ else return super.get(name);
+ }
+
+ private static final JS.Obj proxyConfigBindings = new JS.Obj();
+ private static final JS.Obj ProxyConfig = new JS.Obj() {
+ public Object get(Object name) {
+ if (name.equals("bindings")) return proxyConfigBindings;
+ return null;
+ }
+ };
+
+ private static final JS.Callable isPlainHostName = new JS.Callable() {
+ public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
+ return (args.elementAt(0).toString().indexOf('.') == -1) ? Boolean.TRUE : Boolean.FALSE;
+ }
+ };
+
+ private static final JS.Callable dnsDomainIs = new JS.Callable() {
+ public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
+ return (args.elementAt(0).toString().endsWith(args.elementAt(1).toString())) ? Boolean.TRUE : Boolean.FALSE;
+ }
+ };
+
+ private static final JS.Callable localHostOrDomainIs = new JS.Callable() {
+ public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
+ return (args.elementAt(0).toString().equals(args.elementAt(1).toString()) ||
+ (args.elementAt(0).toString().indexOf('.') == -1 && args.elementAt(1).toString().startsWith(args.elementAt(0).toString()))) ?
+ Boolean.TRUE : Boolean.FALSE;
+ }
+ };
+
+ private static final JS.Callable isResolvable = new JS.Callable() {
+ public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
+ try {
+ return (InetAddress.getByName(args.elementAt(0).toString()) != null) ? Boolean.TRUE : Boolean.FALSE;
+ } catch (UnknownHostException e) {
+ return Boolean.FALSE;
+ }
+ }
+ };
+
+ private static final JS.Callable isInNet = new JS.Callable() {
+ public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
+ if (args.length() != 3) return Boolean.FALSE;
+ try {
+ byte[] host = InetAddress.getByName(args.elementAt(0).toString()).getAddress();
+ byte[] net = InetAddress.getByName(args.elementAt(1).toString()).getAddress();
+ byte[] mask = InetAddress.getByName(args.elementAt(2).toString()).getAddress();
+ return ((host[0] & mask[0]) == net[0] &&
+ (host[1] & mask[1]) == net[1] &&
+ (host[2] & mask[2]) == net[2] &&
+ (host[3] & mask[3]) == net[3]) ?
+ Boolean.TRUE : Boolean.FALSE;
+ } catch (Exception e) {
+ throw new JS.Exn("exception in isInNet(): " + e);
+ }
+ }
+ };
+
+ private static final JS.Callable dnsResolve = new JS.Callable() {
+ public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
+ try {
+ return InetAddress.getByName(args.elementAt(0).toString()).getHostAddress();
+ } catch (UnknownHostException e) {
+ return null;
+ }
+ }
+ };
+
+ private static final JS.Callable myIpAddress = new JS.Callable() {
+ public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
+ try {
+ return InetAddress.getLocalHost().getHostAddress();
+ } catch (UnknownHostException e) {
+ if (Log.on) Log.log(this, "strange... host does not know its own address");
+ return null;
+ }
+ }
+ };
+
+ private static final JS.Callable dnsDomainLevels = new JS.Callable() {
+ public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
+ String s = args.elementAt(0).toString();
+ int i = 0;
+ while((i = s.indexOf('.', i)) != -1) i++;
+ return new Integer(i);
+ }
+ };
+
+ private static boolean match(String[] arr, String s, int index) {
+ if (index >= arr.length) return true;
+ for(int i=0; i<s.length(); i++) {
+ String s2 = s.substring(i);
+ if (s2.startsWith(arr[index]) && match(arr, s2.substring(arr[index].length()), index + 1)) return true;
+ }
+ return false;
+ }
+
+ private static final JS.Callable shExpMatch = new JS.Callable() {
+ public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
+ StringTokenizer st = new StringTokenizer(args.elementAt(1).toString(), "*", false);
+ String[] arr = new String[st.countTokens()];
+ String s = args.elementAt(0).toString();
+ for (int i=0; st.hasMoreTokens(); i++) arr[i] = st.nextToken();
+ return match(arr, s, 0) ? Boolean.TRUE : Boolean.FALSE;
+ }
+ };
+
+ public static String[] days = { "SUN", "MON", "TUE", "WED", "THU", "FRI", "SAT" };
+
+ private static final JS.Callable weekdayRange = new JS.Callable() {
+ public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
+ TimeZone tz = (args.length() < 3 || args.elementAt(2) == null || !args.elementAt(2).equals("GMT")) ? TimeZone.getTimeZone("UTC") : TimeZone.getDefault();
+ Calendar c = new GregorianCalendar();
+ c.setTimeZone(tz);
+ c.setTime(new java.util.Date());
+ java.util.Date d = c.getTime();
+ int day = d.getDay();
+
+ String d1s = args.elementAt(0).toString().toUpperCase();
+ int d1 = 0, d2 = 0;
+ for(int i=0; i<days.length; i++) if (days[i].equals(d1s)) d1 = i;
+
+ if (args.length() == 1)
+ return d1 == day ? Boolean.TRUE : Boolean.FALSE;
+
+ String d2s = args.elementAt(1).toString().toUpperCase();
+ for(int i=0; i<days.length; i++) if (days[i].equals(d2s)) d2 = i;
+
+ return
+ ((d1 <= d2 && day >= d1 && day <= d2) ||
+ (d1 > d2 && (day >= d1 || day <= d2))) ?
+ Boolean.TRUE : Boolean.FALSE;
+ }
+ };
+
+ private static final JS.Callable dateRange = new JS.Callable() {
+ public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
+ throw new JS.Exn("XWT does not support dateRange() in PAC scripts");
+ }
+ };
+
+ private static final JS.Callable timeRange = new JS.Callable() {
+ public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
+ throw new JS.Exn("XWT does not support timeRange() in PAC scripts");
+ }
+ };
+
+ }
+
+ /**
+ * An implementation of Microsoft's proprietary NTLM authentication protocol. This code was derived from Eric
+ * Glass's work, and is copyright as follows:
+ *
+ * Copyright (c) 2003 Eric Glass (eglass1 at comcast.net).
+ *
+ * Permission to use, copy, modify, and distribute this document for any purpose and without any fee is hereby
+ * granted, provided that the above copyright notice and this list of conditions appear in all copies.
+ * The most current version of this document may be obtained from http://davenport.sourceforge.net/ntlm.html .
+ */
+ public static class NTLM {
+
+ public static final byte[] type1 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x01,
+ 0x00, 0x00, 0x00, 0x00, 0x02, 0x02, 0x00 };
+
+ /**
+ * Calculates the NTLM Response for the given challenge, using the
+ * specified password.
+ *
+ * @param password The user's password.
+ * @param challenge The Type 2 challenge from the server.
+ *
+ * @return The NTLM Response.
+ */
+ public static byte[] getNTLMResponse(String password, byte[] challenge)
+ throws Exception {
+ byte[] ntlmHash = ntlmHash(password);
+ return lmResponse(ntlmHash, challenge);
+ }
+
+ /**
+ * Calculates the LM Response for the given challenge, using the specified
+ * password.
+ *
+ * @param password The user's password.
+ * @param challenge The Type 2 challenge from the server.
+ *
+ * @return The LM Response.
+ */
+ public static byte[] getLMResponse(String password, byte[] challenge)
+ throws Exception {
+ byte[] lmHash = lmHash(password);
+ return lmResponse(lmHash, challenge);
+ }
+
+ /**
+ * Calculates the NTLMv2 Response for the given challenge, using the
+ * specified authentication target, username, password, target information
+ * block, and client challenge.
+ *
+ * @param target The authentication target (i.e., domain).
+ * @param user The username.
+ * @param password The user's password.
+ * @param targetInformation The target information block from the Type 2
+ * message.
+ * @param challenge The Type 2 challenge from the server.
+ * @param clientChallenge The random 8-byte client challenge.
+ *
+ * @return The NTLMv2 Response.
+ */
+ public static byte[] getNTLMv2Response(String target, String user,
+ String password, byte[] targetInformation, byte[] challenge,
+ byte[] clientChallenge) throws Exception {
+ byte[] ntlmv2Hash = ntlmv2Hash(target, user, password);
+ byte[] blob = createBlob(targetInformation, clientChallenge);
+ return lmv2Response(ntlmv2Hash, blob, challenge);
+ }
+
+ /**
+ * Calculates the LMv2 Response for the given challenge, using the
+ * specified authentication target, username, password, and client
+ * challenge.
+ *
+ * @param target The authentication target (i.e., domain).
+ * @param user The username.
+ * @param password The user's password.
+ * @param challenge The Type 2 challenge from the server.
+ * @param clientChallenge The random 8-byte client challenge.
+ *
+ * @return The LMv2 Response.
+ */
+ public static byte[] getLMv2Response(String target, String user,
+ String password, byte[] challenge, byte[] clientChallenge)
+ throws Exception {
+ byte[] ntlmv2Hash = ntlmv2Hash(target, user, password);
+ return lmv2Response(ntlmv2Hash, clientChallenge, challenge);
+ }
+
+ /**
+ * Calculates the NTLM2 Session Response for the given challenge, using the
+ * specified password and client challenge.
+ *
+ * @param password The user's password.
+ * @param challenge The Type 2 challenge from the server.
+ * @param clientChallenge The random 8-byte client challenge.
+ *
+ * @return The NTLM2 Session Response. This is placed in the NTLM
+ * response field of the Type 3 message; the LM response field contains
+ * the client challenge, null-padded to 24 bytes.
+ */
+ public static byte[] getNTLM2SessionResponse(String password,
+ byte[] challenge, byte[] clientChallenge) throws Exception {
+ byte[] ntlmHash = ntlmHash(password);
+ MD5Digest md5 = new MD5Digest();
+ md5.update(challenge, 0, challenge.length);
+ md5.update(clientChallenge, 0, clientChallenge.length);
+ byte[] sessionHash = new byte[8];
+ byte[] md5_out = new byte[md5.getDigestSize()];
+ md5.doFinal(md5_out, 0);
+ System.arraycopy(md5_out, 0, sessionHash, 0, 8);
+ return lmResponse(ntlmHash, sessionHash);
+ }
+
+ /**
+ * Creates the LM Hash of the user's password.
+ *
+ * @param password The password.
+ *
+ * @return The LM Hash of the given password, used in the calculation
+ * of the LM Response.
+ */
+ private static byte[] lmHash(String password) throws Exception {
+ /*
+ byte[] oemPassword = password.toUpperCase().getBytes("US-ASCII");
+ int length = java.lang.Math.min(oemPassword.length, 14);
+ byte[] keyBytes = new byte[14];
+ System.arraycopy(oemPassword, 0, keyBytes, 0, length);
+ Key lowKey = createDESKey(keyBytes, 0);
+ Key highKey = createDESKey(keyBytes, 7);
+ byte[] magicConstant = "KGS!@#$%".getBytes("US-ASCII");
+ Cipher des = Cipher.getInstance("DES/ECB/NoPadding");
+ des.init(Cipher.ENCRYPT_MODE, lowKey);
+ byte[] lowHash = des.doFinal(magicConstant);
+ des.init(Cipher.ENCRYPT_MODE, highKey);
+ byte[] highHash = des.doFinal(magicConstant);
+ byte[] lmHash = new byte[16];
+ System.arraycopy(lowHash, 0, lmHash, 0, 8);
+ System.arraycopy(highHash, 0, lmHash, 8, 8);
+ return lmHash;
+ */
+ return null; // FIXME
+ }
+
+ /**
+ * Creates the NTLM Hash of the user's password.
+ *
+ * @param password The password.
+ *
+ * @return The NTLM Hash of the given password, used in the calculation
+ * of the NTLM Response and the NTLMv2 and LMv2 Hashes.
+ */
+ private static byte[] ntlmHash(String password) throws Exception {
+ byte[] unicodePassword = password.getBytes("UnicodeLittleUnmarked");
+ MD4Digest md4 = new MD4Digest();
+ md4.update(unicodePassword, 0, unicodePassword.length);
+ byte[] ret = new byte[md4.getDigestSize()];
+ return ret;
+ }
+
+ /**
+ * Creates the NTLMv2 Hash of the user's password.
+ *
+ * @param target The authentication target (i.e., domain).
+ * @param user The username.
+ * @param password The password.
+ *
+ * @return The NTLMv2 Hash, used in the calculation of the NTLMv2
+ * and LMv2 Responses.
+ */
+ private static byte[] ntlmv2Hash(String target, String user,
+ String password) throws Exception {
+ byte[] ntlmHash = ntlmHash(password);
+ String identity = user.toUpperCase() + target.toUpperCase();
+ return hmacMD5(identity.getBytes("UnicodeLittleUnmarked"), ntlmHash);
+ }
+
+ /**
+ * Creates the LM Response from the given hash and Type 2 challenge.
+ *
+ * @param hash The LM or NTLM Hash.
+ * @param challenge The server challenge from the Type 2 message.
+ *
+ * @return The response (either LM or NTLM, depending on the provided
+ * hash).
+ */
+ private static byte[] lmResponse(byte[] hash, byte[] challenge)
+ throws Exception {
+ /*
+ byte[] keyBytes = new byte[21];
+ System.arraycopy(hash, 0, keyBytes, 0, 16);
+ Key lowKey = createDESKey(keyBytes, 0);
+ Key middleKey = createDESKey(keyBytes, 7);
+ Key highKey = createDESKey(keyBytes, 14);
+ Cipher des = Cipher.getInstance("DES/ECB/NoPadding");
+ des.init(Cipher.ENCRYPT_MODE, lowKey);
+ byte[] lowResponse = des.doFinal(challenge);
+ des.init(Cipher.ENCRYPT_MODE, middleKey);
+ byte[] middleResponse = des.doFinal(challenge);
+ des.init(Cipher.ENCRYPT_MODE, highKey);
+ byte[] highResponse = des.doFinal(challenge);
+ byte[] lmResponse = new byte[24];
+ System.arraycopy(lowResponse, 0, lmResponse, 0, 8);
+ System.arraycopy(middleResponse, 0, lmResponse, 8, 8);
+ System.arraycopy(highResponse, 0, lmResponse, 16, 8);
+ return lmResponse;
+ */
+ return null; // FIXME
+ }
+
+ /**
+ * Creates the LMv2 Response from the given hash, client data, and
+ * Type 2 challenge.
+ *
+ * @param hash The NTLMv2 Hash.
+ * @param clientData The client data (blob or client challenge).
+ * @param challenge The server challenge from the Type 2 message.
+ *
+ * @return The response (either NTLMv2 or LMv2, depending on the
+ * client data).
+ */
+ private static byte[] lmv2Response(byte[] hash, byte[] clientData,
+ byte[] challenge) throws Exception {
+ byte[] data = new byte[challenge.length + clientData.length];
+ System.arraycopy(challenge, 0, data, 0, challenge.length);
+ System.arraycopy(clientData, 0, data, challenge.length,
+ clientData.length);
+ byte[] mac = hmacMD5(data, hash);
+ byte[] lmv2Response = new byte[mac.length + clientData.length];
+ System.arraycopy(mac, 0, lmv2Response, 0, mac.length);
+ System.arraycopy(clientData, 0, lmv2Response, mac.length,
+ clientData.length);
+ return lmv2Response;
+ }
+
+ /**
+ * Creates the NTLMv2 blob from the given target information block and
+ * client challenge.
+ *
+ * @param targetInformation The target information block from the Type 2
+ * message.
+ * @param clientChallenge The random 8-byte client challenge.
+ *
+ * @return The blob, used in the calculation of the NTLMv2 Response.
+ */
+ private static byte[] createBlob(byte[] targetInformation,
+ byte[] clientChallenge) {
+ byte[] blobSignature = new byte[] {
+ (byte) 0x01, (byte) 0x01, (byte) 0x00, (byte) 0x00
+ };
+ byte[] reserved = new byte[] {
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00
+ };
+ byte[] unknown1 = new byte[] {
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00
+ };
+ byte[] unknown2 = new byte[] {
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00
+ };
+ long time = System.currentTimeMillis();
+ time += 11644473600000l; // milliseconds from January 1, 1601 -> epoch.
+ time *= 10000; // tenths of a microsecond.
+ // convert to little-endian byte array.
+ byte[] timestamp = new byte[8];
+ for (int i = 0; i < 8; i++) {
+ timestamp[i] = (byte) time;
+ time >>>= 8;
+ }
+ byte[] blob = new byte[blobSignature.length + reserved.length +
+ timestamp.length + clientChallenge.length +
+ unknown1.length + targetInformation.length +
+ unknown2.length];
+ int offset = 0;
+ System.arraycopy(blobSignature, 0, blob, offset, blobSignature.length);
+ offset += blobSignature.length;
+ System.arraycopy(reserved, 0, blob, offset, reserved.length);
+ offset += reserved.length;
+ System.arraycopy(timestamp, 0, blob, offset, timestamp.length);
+ offset += timestamp.length;
+ System.arraycopy(clientChallenge, 0, blob, offset,
+ clientChallenge.length);
+ offset += clientChallenge.length;
+ System.arraycopy(unknown1, 0, blob, offset, unknown1.length);
+ offset += unknown1.length;
+ System.arraycopy(targetInformation, 0, blob, offset,
+ targetInformation.length);
+ offset += targetInformation.length;
+ System.arraycopy(unknown2, 0, blob, offset, unknown2.length);
+ return blob;
+ }
+
+ /**
+ * Calculates the HMAC-MD5 hash of the given data using the specified
+ * hashing key.
+ *
+ * @param data The data for which the hash will be calculated.
+ * @param key The hashing key.
+ *
+ * @return The HMAC-MD5 hash of the given data.
+ */
+ private static byte[] hmacMD5(byte[] data, byte[] key) throws Exception {
+ byte[] ipad = new byte[64];
+ byte[] opad = new byte[64];
+ for (int i = 0; i < 64; i++) {
+ ipad[i] = (byte) 0x36;
+ opad[i] = (byte) 0x5c;
+ }
+ for (int i = key.length - 1; i >= 0; i--) {
+ ipad[i] ^= key[i];
+ opad[i] ^= key[i];
+ }
+ byte[] content = new byte[data.length + 64];
+ System.arraycopy(ipad, 0, content, 0, 64);
+ System.arraycopy(data, 0, content, 64, data.length);
+ MD5Digest md5 = new MD5Digest();
+ md5.update(content, 0, content.length);
+ data = new byte[md5.getDigestSize()];
+ md5.doFinal(data, 0);
+ content = new byte[data.length + 64];
+ System.arraycopy(opad, 0, content, 0, 64);
+ System.arraycopy(data, 0, content, 64, data.length);
+ md5 = new MD5Digest();
+ md5.update(content, 0, content.length);
+ byte[] ret = new byte[md5.getDigestSize()];
+ md5.doFinal(ret, 0);
+ return ret;
+ }
+
+ /**
+ * Creates a DES encryption key from the given key material.
+ *
+ * @param bytes A byte array containing the DES key material.
+ * @param offset The offset in the given byte array at which
+ * the 7-byte key material starts.
+ *
+ * @return A DES encryption key created from the key material
+ * starting at the specified offset in the given byte array.
+ */
+ /*
+ private static Key createDESKey(byte[] bytes, int offset) {
+ byte[] keyBytes = new byte[7];
+ System.arraycopy(bytes, offset, keyBytes, 0, 7);
+ byte[] material = new byte[8];
+ material[0] = keyBytes[0];
+ material[1] = (byte) (keyBytes[0] << 7 | (keyBytes[1] & 0xff) >>> 1);
+ material[2] = (byte) (keyBytes[1] << 6 | (keyBytes[2] & 0xff) >>> 2);
+ material[3] = (byte) (keyBytes[2] << 5 | (keyBytes[3] & 0xff) >>> 3);
+ material[4] = (byte) (keyBytes[3] << 4 | (keyBytes[4] & 0xff) >>> 4);
+ material[5] = (byte) (keyBytes[4] << 3 | (keyBytes[5] & 0xff) >>> 5);
+ material[6] = (byte) (keyBytes[5] << 2 | (keyBytes[6] & 0xff) >>> 6);
+ material[7] = (byte) (keyBytes[6] << 1);
+ oddParity(material);
+ return new SecretKeySpec(material, "DES");
+ }
+ */
+
+ /**
+ * Applies odd parity to the given byte array.
+ *
+ * @param bytes The data whose parity bits are to be adjusted for
+ * odd parity.
+ */
+ private static void oddParity(byte[] bytes) {
+ for (int i = 0; i < bytes.length; i++) {
+ byte b = bytes[i];
+ boolean needsParity = (((b >>> 7) ^ (b >>> 6) ^ (b >>> 5) ^
+ (b >>> 4) ^ (b >>> 3) ^ (b >>> 2) ^
+ (b >>> 1)) & 0x01) == 0;
+ if (needsParity) {
+ bytes[i] |= (byte) 0x01;
+ } else {
+ bytes[i] &= (byte) 0xfe;
+ }
+ }
+ }
+
+ }
+ }