X-Git-Url: http://git.megacz.com/?a=blobdiff_plain;f=src%2Forg%2Fxwt%2FHTTP.java;h=681b928a614ec505b71ba822d035431a15e7493e;hb=5c8da8336c1196bda3fd5d21208a17058dab1371;hp=46083d542a25431c245fc8161f114e23a26cd113;hpb=b70b484f3b3829663a37fd91a03816e397d891b5;p=org.ibex.core.git

diff --git a/src/org/xwt/HTTP.java b/src/org/xwt/HTTP.java
index 46083d5..681b928 100644
--- a/src/org/xwt/HTTP.java
+++ b/src/org/xwt/HTTP.java
@@ -1,4 +1,4 @@
-// Copyright 2002 Adam Megacz, see the COPYING file for licensing [GPL]
+// Copyright 2004 Adam Megacz, see the COPYING file for licensing [GPL]
 package org.xwt;
 
 import java.net.*;
@@ -15,35 +15,41 @@ import org.bouncycastle.crypto.digests.*;
  */
 public class HTTP {
 
-    /** the URL as passed to the original constructor; this is never changed */
-    final String originalUrl;
 
-    /** the URL to connect to; this is munged when the url is parsed */
-    URL url = null;
+    // Public Methods ////////////////////////////////////////////////////////////////////////////////////////
+
+    public HTTP(String url) { this(url, false); }
+    public HTTP(String url, boolean skipResolveCheck) { originalUrl = url; this.skipResolveCheck = skipResolveCheck; }
+
+    /** Performs an HTTP GET request */
+    public InputStream GET() throws IOException { return makeRequest(null, null); }
 
-    /** the host to connect to */
-    String host = null;
+    /** Performs an HTTP POST request; content is additional headers, blank line, and body */
+    public InputStream POST(String contentType, String content) throws IOException { return makeRequest(contentType, content); }
 
-    /** the port to connect on */
-    int port = -1;
+    public static class HTTPException extends IOException { public HTTPException(String s) { super(s); } }
 
-    /** true if SSL (HTTPS) should be used */
-    boolean ssl = false;
 
-    /** the path (URI) to retrieve on the server */
-    String path = null;
+    // Statics ///////////////////////////////////////////////////////////////////////////////////////////////
 
-    /** the socket */
-    Socket sock = null;
+    static Hash resolvedHosts = new Hash();            ///< cache for resolveAndCheckIfFirewalled()
+    private static Hash authCache = new Hash();        ///< cache of userInfo strings, keyed on originalUrl
 
-    /** the socket's inputstream */
-    InputStream in = null;
 
-    /** the username and password portions of the URL */
-    String userInfo = null;
+    // Instance Data ///////////////////////////////////////////////////////////////////////////////////////////////
 
-    /** cache of userInfo strings, keyed on originalUrl */
-    private static Hashtable authCache = new Hashtable();
+    final String originalUrl;              ///< the URL as passed to the original constructor; this is never changed
+    URL url = null;                        ///< the URL to connect to; this is munged when the url is parsed */
+    String host = null;                    ///< the host to connect to
+    int port = -1;                         ///< the port to connect on
+    boolean ssl = false;                   ///< true if SSL (HTTPS) should be used
+    String path = null;                    ///< the path (URI) to retrieve on the server
+    Socket sock = null;                    ///< the socket
+    InputStream in = null;                 ///< the socket's inputstream
+    String userInfo = null;                ///< the username and password portions of the URL
+    boolean firstRequest = true;           ///< true iff this is the first request to be made on this socket
+    boolean skipResolveCheck = false;      ///< allowed to skip the resolve check when downloading PAC script
+    boolean proxied = false;               ///< true iff we're using a proxy
 
     /** this is null if the current request is the first request on
      *  this HTTP connection; otherwise it is a Semaphore which will be
@@ -51,49 +57,21 @@ public class HTTP {
      */
     Semaphore okToRecieve = null;
 
-    /** cache for resolveAndCheckIfFirewalled() */
-    static Hashtable resolvedHosts = new Hashtable();
-
-    /** if any request encounters an IOException, the entire HTTP connection is invalidated */
-    boolean invalid = false;
-
-    /** true iff we are allowed to skip the resolve check (only allowed when we're downloading the PAC script) */
-    boolean skipResolveCheck = false;
-
-    /** true iff we're using a proxy */
-    boolean proxied = false;
-
-
-    // Public Methods ////////////////////////////////////////////////////////////////////////////////////////
-
-    public HTTP(String url) { this(url, false); }
-    public HTTP(String url, boolean skipResolveCheck) {
-        originalUrl = url;
-        this.skipResolveCheck = skipResolveCheck;
-    }
-
-    /** Performs an HTTP GET request */
-    public HTTPInputStream GET() throws IOException { return makeRequest(null, null); }
-
-    /** Performs an HTTP POST request; content is appended to the headers (so it should include a blank line to delimit the beginning of the body) */
-    public HTTPInputStream POST(String contentType, String content) throws IOException { return makeRequest(contentType, content); }
-
     /**
      *  This method isn't synchronized; however, only one thread can be in the inner synchronized block at a time, and the rest of
      *  the method is protected by in-order one-at-a-time semaphore lock-steps
      */
-    private HTTPInputStream makeRequest(String contentType, String content) throws IOException {
+    private InputStream makeRequest(String contentType, String content) throws IOException {
 
         // Step 1: send the request and establish a semaphore to stop any requests that pipeline after us
         Semaphore blockOn = null;
         Semaphore releaseMe = null;
         synchronized(this) {
-            if (invalid) throw new HTTPException("connection failed on a previous pipelined call");
             try {
                 connect();
                 sendRequest(contentType, content);
             } catch (IOException e) {
-                invalid = true;
+                reset();
                 throw e;
             }
             blockOn = okToRecieve;
@@ -104,12 +82,18 @@ public class HTTP {
         boolean doRelease = true;
         try {
             if (blockOn != null) blockOn.block();
-            if (invalid) throw new HTTPException("connection failed on a previous pipelined call");
+            
+            // previous call wrecked the socket connection, but we already sent our request, so we can't just retry --
+            // this could cause the server to receive the request twice, which could be bad (think of the case where the
+            // server call causes Amazon.com to ship you an item with one-click purchasing).
+            if (sock == null)
+                throw new HTTPException("a previous pipelined call messed up the socket");
             
             Hashtable h = in == null ? null : parseHeaders(in);
             if (h == null) {
+                if (firstRequest) throw new HTTPException("server closed the socket with no response");
                 // sometimes the server chooses to close the stream between requests
-                in = null; sock = null;
+                reset();
                 releaseMe.release();
                 return makeRequest(contentType, content);
             }
@@ -122,8 +106,8 @@ public class HTTP {
                 else doWebAuth(h, content == null ? "GET" : "POST");
                 
                 if (h.get("HTTP").equals("1.0") && h.get("content-length") == null) {
-                    if (Log.on) Log.log(this, "proxy returned an HTTP/1.0 reply with no content-length...");
-                    in = null; sock = null;
+                    if (Log.on) Log.info(this, "proxy returned an HTTP/1.0 reply with no content-length...");
+                    reset();
                 } else {
                     int cl = h.get("content-length") == null ? -1 : Integer.parseInt(h.get("content-length").toString());
                     new HTTPInputStream(in, cl, releaseMe).close();
@@ -135,7 +119,8 @@ public class HTTP {
                 if (h.get("HTTP").equals("1.0") && h.get("content-length") == null)
                     throw new HTTPException("XWT does not support HTTP/1.0 servers which fail to return the Content-Length header");
                 int cl = h.get("content-length") == null ? -1 : Integer.parseInt(h.get("content-length").toString());
-                HTTPInputStream ret = new HTTPInputStream(in, cl, releaseMe);
+                InputStream ret = new HTTPInputStream(in, cl, releaseMe);
+                if ("gzip".equals(h.get("content-encoding"))) ret = new java.util.zip.GZIPInputStream(ret);
                 doRelease = false;
                 return ret;
                 
@@ -144,7 +129,7 @@ public class HTTP {
                 
             }
             
-        } catch (IOException e) { invalid = true; throw e;
+        } catch (IOException e) { reset(); throw e;
         } finally { if (doRelease) releaseMe.release();
         }
     }
@@ -171,49 +156,59 @@ public class HTTP {
             if ((quadbyte[0] == 10 ||
                  (quadbyte[0] == 192 && quadbyte[1] == 168) ||
                  (quadbyte[0] == 172 && (quadbyte[1] & 0xF0) == 16)) && !addr.equals(Main.originAddr))
-                throw new HTTPException("security violation: " + host + " [" + addr.getHostAddress() + "] is in a firewalled netblock");
+                throw new HTTPException("security violation: " + host + " [" + addr.getHostAddress() +
+                                        "] is in a firewalled netblock");
             return;
         } catch (UnknownHostException uhe) { }
 
-        if (Platform.detectProxy() == null) throw new HTTPException("could not resolve hostname \"" + host + "\" and no proxy configured");
+        if (Platform.detectProxy() == null)
+            throw new HTTPException("could not resolve hostname \"" + host + "\" and no proxy configured");
     }
 
 
     // Methods to attempt socket creation /////////////////////////////////////////////////////////////////
 
+    private Socket getSocket(String host, int port, boolean ssl, boolean negotiate) throws IOException {
+        Socket ret = ssl ? new SSL(host, port, negotiate) : new Socket(java.net.InetAddress.getByName(host), port);
+        ret.setTcpNoDelay(true);
+        return ret;
+    }
+
     /** Attempts a direct connection */
-    public Socket attemptDirect() {
+    private Socket attemptDirect() {
         try {
-            if (Log.verbose) Log.log(this, "attempting to create unproxied socket to " + host + ":" + port + (ssl ? " [ssl]" : ""));
-            return Platform.getSocket(host, port, ssl, true);
+            if (Log.verbose) Log.info(this, "attempting to create unproxied socket to " +
+                                     host + ":" + port + (ssl ? " [ssl]" : ""));
+            return getSocket(host, port, ssl, true);
         } catch (IOException e) {
-            if (Log.on) Log.log(this, "exception in attemptDirect(): " + e);
+            if (Log.on) Log.info(this, "exception in attemptDirect(): " + e);
             return null;
         }
     }
 
     /** Attempts to use an HTTP proxy, employing the CONNECT method if HTTPS is requested */
-    public Socket attemptHttpProxy(String proxyHost, int proxyPort) {
+    private Socket attemptHttpProxy(String proxyHost, int proxyPort) {
         try {
-            if (Log.verbose) Log.log(this, "attempting to create HTTP proxied socket using proxy " + proxyHost + ":" + proxyPort);
+            if (Log.verbose) Log.info(this, "attempting to create HTTP proxied socket using proxy " + proxyHost + ":" + proxyPort);
+            Socket sock = getSocket(proxyHost, proxyPort, ssl, false);
 
-            Socket sock = Platform.getSocket(proxyHost, proxyPort, ssl, false);
             if (!ssl) {
                 if (!path.startsWith("http://")) path = "http://" + host + ":" + port + path;
-            } else {
-                PrintWriter pw = new PrintWriter(new OutputStreamWriter(sock.getOutputStream()));
-                BufferedReader br = new BufferedReader(new InputStreamReader(sock.getInputStream()));
-                pw.print("CONNECT " + host + ":" + port + " HTTP/1.1\r\n\r\n");
-                pw.flush();
-                String s = br.readLine();
-                if (s.charAt(9) != '2') throw new HTTPException("proxy refused CONNECT method: \"" + s + "\"");
-                while (br.readLine().length() > 0) { };
-                ((TinySSL)sock).negotiate();
+                return sock;
             }
+
+            PrintWriter pw = new PrintWriter(new OutputStreamWriter(sock.getOutputStream()));
+            BufferedReader br = new BufferedReader(new InputStreamReader(sock.getInputStream()));
+            pw.print("CONNECT " + host + ":" + port + " HTTP/1.1\r\n\r\n");
+            pw.flush();
+            String s = br.readLine();
+            if (s.charAt(9) != '2') throw new HTTPException("proxy refused CONNECT method: \"" + s + "\"");
+            while (br.readLine().length() > 0) { };
+            ((SSL)sock).negotiate();
             return sock;
 
         } catch (IOException e) {
-            if (Log.on) Log.log(this, "exception in attemptHttpProxy(): " + e);
+            if (Log.on) Log.info(this, "exception in attemptHttpProxy(): " + e);
             return null;
         }
     }
@@ -223,17 +218,17 @@ public class HTTP {
      *  @see http://www.socks.nec.com/protocol/socks4.protocol
      *  @see http://www.socks.nec.com/protocol/socks4a.protocol
      */
-    public Socket attemptSocksProxy(String proxyHost, int proxyPort) {
+    private Socket attemptSocksProxy(String proxyHost, int proxyPort) {
 
         // even if host is already a "x.y.z.w" string, we use this to parse it into bytes
         InetAddress addr = null;
         try { addr = InetAddress.getByName(host); } catch (Exception e) { }
 
-        if (Log.verbose) Log.log(this, "attempting to create SOCKSv4" + (addr == null ? "" : "a") +
+        if (Log.verbose) Log.info(this, "attempting to create SOCKSv4" + (addr == null ? "" : "a") +
                                  " proxied socket using proxy " + proxyHost + ":" + proxyPort);
 
         try {
-            Socket sock = Platform.getSocket(proxyHost, proxyPort, ssl, false);
+            Socket sock = getSocket(proxyHost, proxyPort, ssl, false);
             
             DataOutputStream dos = new DataOutputStream(sock.getOutputStream());
             dos.writeByte(0x04);                         // SOCKSv4(a)
@@ -256,38 +251,36 @@ public class HTTP {
             dis.skip(6);                                 // ip/port
             
             if ((int)(success & 0xff) == 90) {
-                if (ssl) ((TinySSL)sock).negotiate();
+                if (ssl) ((SSL)sock).negotiate();
                 return sock;
             }
-            if (Log.on) Log.log(this, "SOCKS server denied access, code " + (success & 0xff));
+            if (Log.on) Log.info(this, "SOCKS server denied access, code " + (success & 0xff));
             return null;
 
         } catch (IOException e) {
-            if (Log.on) Log.log(this, "exception in attemptSocksProxy(): " + e);
+            if (Log.on) Log.info(this, "exception in attemptSocksProxy(): " + e);
             return null;
         }
     }
 
     /** executes the PAC script and dispatches a call to one of the other attempt methods based on the result */
-    public Socket attemptPAC(org.xwt.js.JS.Callable pacFunc) {
-        if (Log.verbose) Log.log(this, "evaluating PAC script");
+    private Socket attemptPAC(org.xwt.js.JS pacFunc) {
+        if (Log.verbose) Log.info(this, "evaluating PAC script");
         String pac = null;
         try {
-            org.xwt.js.JS.Array args = new org.xwt.js.JS.Array();
-            args.addElement(url.toString());
-            args.addElement(url.getHost());
-            Object obj = pacFunc.call(args);
-            if (Log.verbose) Log.log(this, "  PAC script returned \"" + obj + "\"");
+            org.xwt.js.JSArray args = new org.xwt.js.JSArray();
+            Object obj = pacFunc.call(url.toString(), url.getHost(), null, null, 2);
+            if (Log.verbose) Log.info(this, "  PAC script returned \"" + obj + "\"");
             pac = obj.toString();
         } catch (Throwable e) {
-            if (Log.on) Log.log(this, "PAC script threw exception " + e);
+            if (Log.on) Log.info(this, "PAC script threw exception " + e);
             return null;
         }
 
         StringTokenizer st = new StringTokenizer(pac, ";", false);
         while (st.hasMoreTokens()) {
             String token = st.nextToken().trim();
-            if (Log.verbose) Log.log(this, "  trying \"" + token + "\"...");
+            if (Log.verbose) Log.info(this, "  trying \"" + token + "\"...");
             try {
                 Socket ret = null;
                 if (token.startsWith("DIRECT"))
@@ -300,10 +293,10 @@ public class HTTP {
                                             Integer.parseInt(token.substring(token.indexOf(':') + 1)));
                 if (ret != null) return ret;
             } catch (Throwable e) {
-                if (Log.on) Log.log(this, "attempt at \"" + token + "\" failed due to " + e + "; trying next token");
+                if (Log.on) Log.info(this, "attempt at \"" + token + "\" failed due to " + e + "; trying next token");
             }
         }
-        if (Log.on) Log.log(this, "all PAC results exhausted");
+        if (Log.on) Log.info(this, "all PAC results exhausted");
         return null;
     }
 
@@ -311,6 +304,7 @@ public class HTTP {
     // Everything Else ////////////////////////////////////////////////////////////////////////////
 
     private synchronized void connect() throws IOException {
+        if (originalUrl.equals("stdio:")) { in = new BufferedInputStream(System.in); return; }
         if (sock != null) {
             if (in == null) in = new BufferedInputStream(sock.getInputStream());
             return;
@@ -339,22 +333,27 @@ public class HTTP {
         path = this.url.getFile();
         if (port == -1) port = ssl ? 443 : 80;
         host = this.url.getHost();
-        if (Log.verbose) Log.log(this, "creating HTTP object for connection to " + host + ":" + port);
+        if (Log.verbose) Log.info(this, "creating HTTP object for connection to " + host + ":" + port);
 
         Proxy pi = Platform.detectProxy();
-        if (sock == null && pi != null && pi.proxyAutoConfigFunction != null) sock = attemptPAC(pi.proxyAutoConfigFunction);
-        if (sock == null && pi != null && ssl && pi.httpsProxyHost != null) sock = attemptHttpProxy(pi.httpsProxyHost, pi.httpsProxyPort);
-        if (sock == null && pi != null && pi.httpProxyHost != null) sock = attemptHttpProxy(pi.httpProxyHost, pi.httpProxyPort);
-        if (sock == null && pi != null && pi.socksProxyHost != null) sock = attemptSocksProxy(pi.socksProxyHost, pi.socksProxyPort);
+        OUTER: do {
+            if (pi != null) {
+                for(int i=0; i<pi.excluded.length; i++) if (host.equals(pi.excluded[i])) break OUTER;
+                if (sock == null && pi.proxyAutoConfigFunction != null) sock = attemptPAC(pi.proxyAutoConfigFunction);
+                if (sock == null && ssl && pi.httpsProxyHost != null) sock = attemptHttpProxy(pi.httpsProxyHost,pi.httpsProxyPort);
+                if (sock == null && pi.httpProxyHost != null) sock = attemptHttpProxy(pi.httpProxyHost, pi.httpProxyPort);
+                if (sock == null && pi.socksProxyHost != null) sock = attemptSocksProxy(pi.socksProxyHost, pi.socksProxyPort);
+            }
+        } while (false);
         proxied = sock != null;
         if (sock == null) sock = attemptDirect();
         if (sock == null) throw new HTTPException("unable to contact host " + host);
         if (in == null) in = new BufferedInputStream(sock.getInputStream());
     }
 
-    public void sendRequest(String contentType, String content) throws IOException {
-
-        PrintWriter pw = new PrintWriter(new OutputStreamWriter(sock.getOutputStream()));
+    private void sendRequest(String contentType, String content) throws IOException {
+        PrintWriter pw = new PrintWriter(new OutputStreamWriter(originalUrl.equals("stdio:") ?
+                                                                System.out : sock.getOutputStream()));
         if (content != null) {
             pw.print("POST " + path + " HTTP/1.1\r\n");
             int contentLength = content.substring(0, 2).equals("\r\n") ?
@@ -367,10 +366,11 @@ public class HTTP {
         }
         
         pw.print("User-Agent: XWT\r\n");
+        pw.print("Accept-encoding: gzip\r\n");
         pw.print("Host: " + (host + (port == 80 ? "" : (":" + port))) + "\r\n");
         if (proxied) pw.print("X-RequestOrigin: " + Main.originHost + "\r\n");
 
-        if (Proxy.Authorization.authorization != null) pw.print("Proxy-Authorization: " + Proxy.Authorization.authorization2 + "\r\n");
+        if (Proxy.Authorization.authorization != null) pw.print("Proxy-Authorization: "+Proxy.Authorization.authorization2+"\r\n");
         if (authCache.get(originalUrl) != null) pw.print("Authorization: " + authCache.get(originalUrl) + "\r\n");
 
         pw.print(content == null ? "\r\n" : content);
@@ -387,13 +387,15 @@ public class HTTP {
             authCache.put(originalUrl, "Basic " + new String(Base64.encode(userInfo.getBytes("US-ASCII"))));
             
         } else if (h.get("AUTHTYPE").equals("Digest")) {
-            if (authCache.get(originalUrl) != null && !"true".equals(h.get("stale"))) throw new HTTPException("username/password rejected");
+            if (authCache.get(originalUrl) != null && !"true".equals(h.get("stale")))
+                throw new HTTPException("username/password rejected");
             String path2 = path;
             if (path2.startsWith("http://") || path2.startsWith("https://")) {
                 path2 = path2.substring(path2.indexOf("://") + 3);
                 path2 = path2.substring(path2.indexOf('/'));
             }
-            String A1 = userInfo.substring(0, userInfo.indexOf(':')) + ":" + h.get("realm") + ":" + userInfo.substring(userInfo.indexOf(':') + 1);
+            String A1 = userInfo.substring(0, userInfo.indexOf(':')) + ":" + h.get("realm") + ":" +
+                userInfo.substring(userInfo.indexOf(':') + 1);
             String A2 = method + ":" + path2;
             authCache.put(originalUrl,
                           "Digest " +
@@ -412,13 +414,20 @@ public class HTTP {
     }
 
     private void doProxyAuth(Hashtable h0, String method) throws IOException {
-        if (Log.on) Log.log(this, "Proxy AuthChallenge: " + h0.get("proxy-authenticate"));
+        if (Log.on) Log.info(this, "Proxy AuthChallenge: " + h0.get("proxy-authenticate"));
         Hashtable h = parseAuthenticationChallenge(h0.get("proxy-authenticate").toString());
         String style = h.get("AUTHTYPE").toString();
-        String realm = h.get("realm").toString();
+        String realm = (String)h.get("realm");
+
+        if (style.equals("NTLM") && Proxy.Authorization.authorization2 == null) {
+            Log.info(this, "Proxy identified itself as NTLM, sending Type 1 packet");
+            Proxy.Authorization.authorization2 = "NTLM " + Base64.encode(Proxy.NTLM.type1);
+            return;
+        }
 
         if (!realm.equals("Digest") || Proxy.Authorization.authorization2 == null || !"true".equals(h.get("stale")))
-            Proxy.Authorization.getPassword(realm, style, sock.getInetAddress().getHostAddress(), Proxy.Authorization.authorization);
+            Proxy.Authorization.getPassword(realm, style, sock.getInetAddress().getHostAddress(),
+                                            Proxy.Authorization.authorization);
 
         if (style.equals("Basic")) {
             Proxy.Authorization.authorization2 =
@@ -430,50 +439,53 @@ public class HTTP {
             String A2 = method + ":" + path;
             Proxy.Authorization.authorization2 = 
                 "Digest " +
-                "username=\"" + Proxy.Authorization.authorization.substring(0, Proxy.Authorization.authorization.indexOf(':')) + "\", " +
+                "username=\"" + Proxy.Authorization.authorization.substring(0, Proxy.Authorization.authorization.indexOf(':')) +
+                "\", " +
                 "realm=\"" + h.get("realm") + "\", " +
                 "nonce=\"" + h.get("nonce") + "\", " +
                 "uri=\"" + path + "\", " +
                 (h.get("opaque") == null ? "" : ("opaque=\"" + h.get("opaque") + "\", ")) + 
                 "response=\"" + H(H(A1) + ":" + h.get("nonce") + ":" + H(A2)) + "\", " +
                 "algorithm=MD5";
+
+        } else if (style.equals("NTLM")) {
+            Log.info(this, "Proxy identified itself as NTLM, got Type 2 packet");
+            byte[] type2 = Base64.decode(((String)h0.get("proxy-authenticate")).substring(5).trim());
+            for(int i=0; i<type2.length; i += 4) {
+                String log = "";
+                if (i<type2.length) log += Integer.toString(type2[i] & 0xff, 16) + " ";
+                if (i+1<type2.length) log += Integer.toString(type2[i+1] & 0xff, 16) + " ";
+                if (i+2<type2.length) log += Integer.toString(type2[i+2] & 0xff, 16) + " ";
+                if (i+3<type2.length) log += Integer.toString(type2[i+3] & 0xff, 16) + " ";
+                Log.info(this, log);
+            }
+            // FEATURE: need to keep the connection open between type1 and type3
+            // FEATURE: finish this
+            //byte[] type3 = Proxy.NTLM.getResponse(
+            //Proxy.Authorization.authorization2 = "NTLM " + Base64.encode(type3));
         }            
     }
 
 
-    // HTTPException ///////////////////////////////////////////////////////////////////////////////////
-
-    static class HTTPException extends IOException { public HTTPException(String s) { super(s); } }
-
-
     // HTTPInputStream ///////////////////////////////////////////////////////////////////////////////////
 
     /** An input stream that represents a subset of a longer input stream. Supports HTTP chunking as well */
-    public class HTTPInputStream extends FilterInputStream {
-
-        /** if chunking, the number of bytes remaining in this subset; otherwise the remainder of the chunk */
-        private int length = 0;
-
-        /** this semaphore will be released when the stream is closed */
-        private Semaphore releaseMe = null;
-
-        /** indicates that we have encountered the zero-length terminator chunk */
-        boolean chunkedDone = false;
-
-        /** if we're on the first chunk, we don't pre-read a CRLF */
-        boolean firstChunk = true;
+    public class HTTPInputStream extends FilterInputStream implements KnownLength {
 
-        /** the length of the entire content body; -1 if chunked */
-        private int contentLength = 0;
-        public int getContentLength() { return contentLength; }
+        private int length = 0;              ///< if chunking, numbytes left in this subset; else the remainder of the chunk
+        private Semaphore releaseMe = null;  ///< this semaphore will be released when the stream is closed
+        boolean chunkedDone = false;         ///< indicates that we have encountered the zero-length terminator chunk
+        boolean firstChunk = true;           ///< if we're on the first chunk, we don't pre-read a CRLF
+        private int contentLength = 0;       ///< the length of the entire content body; -1 if chunked
 
-        HTTPInputStream(InputStream in, int length, Semaphore releaseMe) {
+        HTTPInputStream(InputStream in, int length, Semaphore releaseMe) throws IOException {
             super(in);
             this.releaseMe = releaseMe;
             this.contentLength = length;
             this.length = length == -1 ? 0 : length;
         }
 
+        public int getLength() { return contentLength; }
         public boolean markSupported() { return false; }
         public int read(byte[] b) throws IOException { return read(b, 0, b.length); }
         public long skip(long n) throws IOException { return read(null, -1, (int)n); }
@@ -497,7 +509,7 @@ public class HTTP {
                 int i = super.read();
                 if (i == -1) throw new HTTPException("encountered end of stream while reading chunk length");
 
-                // FIXME: handle chunking extensions
+                // FEATURE: handle chunking extensions
                 if (i == '\r') {
                     super.read();    // LF
                     break;
@@ -505,7 +517,7 @@ public class HTTP {
                     chunkLen += (char)i;
                 }
             }
-            length = Integer.parseInt(chunkLen, 16);
+            length = Integer.parseInt(chunkLen.trim(), 16);
             if (length == 0) chunkedDone = true;
         }
 
@@ -526,7 +538,7 @@ public class HTTP {
                 }
                 return ret;
             } finally {
-                if (!good) invalid = true;
+                if (!good) reset();
             }
         }
 
@@ -544,6 +556,12 @@ public class HTTP {
         }
     }
 
+    void reset() {
+        firstRequest = true;
+        in = null;
+        sock = null;
+    }
+
 
     // Misc Helpers ///////////////////////////////////////////////////////////////////////////////////
 
@@ -559,7 +577,9 @@ public class HTTP {
             if (read == -1 && buflen == 0) return null;
             if (read == -1) throw new HTTPException("stream closed while reading headers");
             buf[buflen++] = (byte)read;
-            if (buflen >= 4 && buf[buflen - 4] == '\r' && buf[buflen - 3] == '\n' && buf[buflen - 2] == '\r' && buf[buflen - 1] == '\n') break;
+            if (buflen >= 4 && buf[buflen - 4] == '\r' && buf[buflen - 3] == '\n' &&
+                buf[buflen - 2] == '\r' && buf[buflen - 1] == '\n')
+                break;
             if (buflen == buf.length) {
                 byte[] newbuf = new byte[buf.length * 2];
                 System.arraycopy(buf, 0, newbuf, 0, buflen);
@@ -623,4 +643,649 @@ public class HTTP {
         return ret;
     }
 
+
+    // Proxy ///////////////////////////////////////////////////////////
+
+    /** encapsulates most of the proxy logic; some is shared in HTTP.java */
+    public static class Proxy {
+        
+        public Proxy() { }
+        
+        public String httpProxyHost = null;                  ///< the HTTP Proxy host to use
+        public int httpProxyPort = -1;                       ///< the HTTP Proxy port to use
+        public String httpsProxyHost = null;                 ///< seperate proxy for HTTPS
+        public int httpsProxyPort = -1;
+        public String socksProxyHost = null;                 ///< the SOCKS Proxy Host to use
+        public int socksProxyPort = -1;                      ///< the SOCKS Proxy Port to use
+        public String[] excluded = new String[] { };         ///< hosts to be excluded from proxy use; wildcards permitted
+        public JS proxyAutoConfigFunction = null;  ///< the PAC script
+    
+        public static Proxy detectProxyViaManual() {
+            Proxy ret = new Proxy();
+        
+            ret.httpProxyHost = Platform.getEnv("http_proxy");
+            if (ret.httpProxyHost != null) {
+                if (ret.httpProxyHost.startsWith("http://")) ret.httpProxyHost = ret.httpProxyHost.substring(7);
+                if (ret.httpProxyHost.endsWith("/"))
+                    ret.httpProxyHost = ret.httpProxyHost.substring(0, ret.httpProxyHost.length() - 1);
+                if (ret.httpProxyHost.indexOf(':') != -1) {
+                    ret.httpProxyPort = Integer.parseInt(ret.httpProxyHost.substring(ret.httpProxyHost.indexOf(':') + 1));
+                    ret.httpProxyHost = ret.httpProxyHost.substring(0, ret.httpProxyHost.indexOf(':'));
+                } else {
+                    ret.httpProxyPort = 80;
+                }
+            }
+        
+            ret.httpsProxyHost = Platform.getEnv("https_proxy");
+            if (ret.httpsProxyHost != null) {
+                if (ret.httpsProxyHost.startsWith("https://")) ret.httpsProxyHost = ret.httpsProxyHost.substring(7);
+                if (ret.httpsProxyHost.endsWith("/"))
+                    ret.httpsProxyHost = ret.httpsProxyHost.substring(0, ret.httpsProxyHost.length() - 1);
+                if (ret.httpsProxyHost.indexOf(':') != -1) {
+                    ret.httpsProxyPort = Integer.parseInt(ret.httpsProxyHost.substring(ret.httpsProxyHost.indexOf(':') + 1));
+                    ret.httpsProxyHost = ret.httpsProxyHost.substring(0, ret.httpsProxyHost.indexOf(':'));
+                } else {
+                    ret.httpsProxyPort = 80;
+                }
+            }
+        
+            ret.socksProxyHost = Platform.getEnv("socks_proxy");
+            if (ret.socksProxyHost != null) {
+                if (ret.socksProxyHost.startsWith("socks://")) ret.socksProxyHost = ret.socksProxyHost.substring(7);
+                if (ret.socksProxyHost.endsWith("/"))
+                    ret.socksProxyHost = ret.socksProxyHost.substring(0, ret.socksProxyHost.length() - 1);
+                if (ret.socksProxyHost.indexOf(':') != -1) {
+                    ret.socksProxyPort = Integer.parseInt(ret.socksProxyHost.substring(ret.socksProxyHost.indexOf(':') + 1));
+                    ret.socksProxyHost = ret.socksProxyHost.substring(0, ret.socksProxyHost.indexOf(':'));
+                } else {
+                    ret.socksProxyPort = 80;
+                }
+            }
+        
+            String noproxy = Platform.getEnv("no_proxy");
+            if (noproxy != null) {
+                StringTokenizer st = new StringTokenizer(noproxy, ",");
+                ret.excluded = new String[st.countTokens()];
+                for(int i=0; st.hasMoreTokens(); i++) ret.excluded[i] = st.nextToken();
+            }
+        
+            if (ret.httpProxyHost == null && ret.socksProxyHost == null) return null;
+            return ret;
+        }
+    
+        public static JSScope proxyAutoConfigRootScope = new ProxyAutoConfigRootScope();
+        public static JS getProxyAutoConfigFunction(String url) {
+            try { 
+                BufferedReader br = new BufferedReader(new InputStreamReader(new HTTP(url, true).GET()));
+                String s = null;
+                String script = "";
+                while((s = br.readLine()) != null) script += s + "\n";
+                if (Log.on) Log.info(Proxy.class, "successfully retrieved WPAD PAC:");
+                if (Log.on) Log.info(Proxy.class, script);
+            
+                // MS CARP hack
+                Vector carpHosts = new Vector();
+                for(int i=0; i<script.length(); i++)
+                    if (script.regionMatches(i, "new Node(", 0, 9)) {
+                        String host = script.substring(i + 10, script.indexOf('\"', i + 11));
+                        if (Log.on) Log.info(Proxy.class, "Detected MS Proxy Server CARP Script, Host=" + host);
+                        carpHosts.addElement(host);
+                    }
+                if (carpHosts.size() > 0) {
+                    script = "function FindProxyForURL(url, host) {\nreturn \"";
+                    for(int i=0; i<carpHosts.size(); i++)
+                        script += "PROXY " + carpHosts.elementAt(i) + "; ";
+                    script += "\";\n}";
+                    if (Log.on) Log.info(Proxy.class, "DeCARPed PAC script:");
+                    if (Log.on) Log.info(Proxy.class, script);
+                }
+
+                JS scr = JS.fromReader("PAC script at " + url, 0, new StringReader(script));
+                JS.cloneWithNewParentScope(scr, proxyAutoConfigRootScope).call(null, null, null, null, 0);
+                return (JS)proxyAutoConfigRootScope.get("FindProxyForURL");
+            } catch (Exception e) {
+                if (Log.on) {
+                    Log.info(Platform.class, "WPAD detection failed due to:");
+                    if (e instanceof JSExn) {
+                        try {
+                            org.xwt.js.JSArray arr = new org.xwt.js.JSArray();
+                            arr.addElement(((JSExn)e).getObject());
+                        } catch (Exception e2) {
+                            Log.info(Platform.class, e);
+                        }
+                    }
+                    else Log.info(Platform.class, e);
+                }
+                return null;
+            }
+        }
+
+
+        // Authorization ///////////////////////////////////////////////////////////////////////////////////
+
+        public static class Authorization {
+
+            static public String authorization = null;
+            static public String authorization2 = null;
+            static public Semaphore waitingForUser = new Semaphore();
+
+            public static synchronized void getPassword(final String realm, final String style,
+                                                        final String proxyIP, String oldAuth) {
+
+                // this handles cases where multiple threads hit the proxy auth at the same time -- all but one will block on the
+                // synchronized keyword. If 'authorization' changed while the thread was blocked, it means that the user entered
+                // a password, so we should reattempt authorization.
+
+                if (authorization != oldAuth) return;
+                if (Log.on) Log.info(Authorization.class, "displaying proxy authorization dialog");
+                Scheduler.add(new Scheduler.Task() {
+                        public void perform() throws Exception {
+                            Box b = new Box();
+                            Template t = Template.buildTemplate(Stream.getInputStream((JS)Main.builtin.get("org/xwt/builtin/proxy_authorization.xwt")), new XWT(null));
+                            t.apply(b);
+                            b.put("realm", realm);
+                            b.put("proxyIP", proxyIP);
+                        }
+                    });
+
+                waitingForUser.block();
+                if (Log.on) Log.info(Authorization.class, "got proxy authorization info; re-attempting connection");
+            }
+        }
+
+
+        // ProxyAutoConfigRootJSScope ////////////////////////////////////////////////////////////////////
+
+        public static class ProxyAutoConfigRootScope extends JSScope.Global {
+
+            public ProxyAutoConfigRootScope() { super(); }
+        
+            public Object get(Object name) throws JSExn {
+                //#switch(name)
+                case "isPlainHostName": return METHOD;
+                case "dnsDomainIs": return METHOD;
+                case "localHostOrDomainIs": return METHOD;
+                case "isResolvable": return METHOD;
+                case "isInNet": return METHOD;
+                case "dnsResolve": return METHOD;
+                case "myIpAddress": return METHOD;
+                case "dnsDomainLevels": return METHOD;
+                case "shExpMatch": return METHOD;
+                case "weekdayRange": return METHOD;
+                case "dateRange": return METHOD;
+                case "timeRange": return METHOD;
+                case "ProxyConfig": return ProxyConfig;
+                //#end
+                return super.get(name);
+            }
+        
+            private static final JS proxyConfigBindings = new JS();
+            private static final JS ProxyConfig = new JS() {
+                    public Object get(Object name) {
+                        if (name.equals("bindings")) return proxyConfigBindings;
+                        return null;
+                    }
+                };
+
+            public Object callMethod(Object method, Object a0, Object a1, Object a2, Object[] rest, int nargs) throws JSExn {
+                //#switch(method)
+                case "isPlainHostName": return (a0.toString().indexOf('.') == -1) ? Boolean.TRUE : Boolean.FALSE;
+                case "dnsDomainIs": return (a0.toString().endsWith(a1.toString())) ? Boolean.TRUE : Boolean.FALSE;
+                case "localHostOrDomainIs":
+                    return (a0.equals(a1) || (a0.toString().indexOf('.') == -1 && a1.toString().startsWith(a0.toString()))) ? T:F;
+                case "isResolvable": try {
+                    return (InetAddress.getByName(a0.toString()) != null) ? Boolean.TRUE : Boolean.FALSE;
+                } catch (UnknownHostException e) { return F; }
+                case "isInNet":
+                    if (nargs != 3) return Boolean.FALSE;
+                    try {
+                        byte[] host = InetAddress.getByName(a0.toString()).getAddress();
+                        byte[] net = InetAddress.getByName(a1.toString()).getAddress();
+                        byte[] mask = InetAddress.getByName(a2.toString()).getAddress();
+                        return ((host[0] & mask[0]) == net[0] &&
+                                (host[1] & mask[1]) == net[1] &&
+                                (host[2] & mask[2]) == net[2] &&
+                                (host[3] & mask[3]) == net[3]) ?
+                            Boolean.TRUE : Boolean.FALSE;
+                    } catch (Exception e) {
+                        throw new JSExn("exception in isInNet(): " + e);
+                    }
+                case "dnsResolve":
+                    try {
+                        return InetAddress.getByName(a0.toString()).getHostAddress();
+                    } catch (UnknownHostException e) {
+                        return null;
+                    }
+                case "myIpAddress":
+                    try {
+                        return InetAddress.getLocalHost().getHostAddress();
+                    } catch (UnknownHostException e) {
+                        if (Log.on) Log.info(this, "strange... host does not know its own address");
+                        return null;
+                    }
+                case "dnsDomainLevels":
+                    String s = a0.toString();
+                    int i = 0;
+                    while((i = s.indexOf('.', i)) != -1) i++;
+                    return new Integer(i);
+                case "shExpMatch":
+                    StringTokenizer st = new StringTokenizer(a1.toString(), "*", false);
+                    String[] arr = new String[st.countTokens()];
+                    String s = a0.toString();
+                    for (int i=0; st.hasMoreTokens(); i++) arr[i] = st.nextToken();
+                    return match(arr, s, 0) ? Boolean.TRUE : Boolean.FALSE;
+                case "weekdayRange":
+                    TimeZone tz = (nargs < 3 || a2 == null || !a2.equals("GMT")) ?
+                        TimeZone.getTimeZone("UTC") : TimeZone.getDefault();
+                    Calendar c = new GregorianCalendar();
+                    c.setTimeZone(tz);
+                    c.setTime(new java.util.Date());
+                    java.util.Date d = c.getTime();
+                    int day = d.getDay();
+                    String d1s = a0.toString().toUpperCase();
+                    int d1 = 0, d2 = 0;
+                    for(int i=0; i<days.length; i++) if (days[i].equals(d1s)) d1 = i;
+                    
+                    if (nargs == 1)
+                        return d1 == day ? Boolean.TRUE : Boolean.FALSE;
+                    
+                    String d2s = a1.toString().toUpperCase();
+                    for(int i=0; i<days.length; i++) if (days[i].equals(d2s)) d2 = i;
+                    
+                    return ((d1 <= d2 && day >= d1 && day <= d2) || (d1 > d2 && (day >= d1 || day <= d2))) ? T : F;
+                    
+                case "dateRange": throw new JSExn("XWT does not support dateRange() in PAC scripts");
+                case "timeRange": throw new JSExn("XWT does not support timeRange() in PAC scripts");
+                //#end
+                return super.callMethod(method, a0, a1, a2, rest, nargs);
+            }       
+            private static boolean match(String[] arr, String s, int index) {
+                if (index >= arr.length) return true;
+                for(int i=0; i<s.length(); i++) {
+                    String s2 = s.substring(i);
+                    if (s2.startsWith(arr[index]) && match(arr, s2.substring(arr[index].length()), index + 1)) return true;
+                }
+                return false;
+            }
+            public static String[] days = { "SUN", "MON", "TUE", "WED", "THU", "FRI", "SAT" };
+        }
+
+
+        /**
+         *  An implementation of Microsoft's proprietary NTLM authentication protocol.  This code was derived from Eric
+         *  Glass's work, and is copyright as follows:
+         *
+         *  Copyright (c) 2003 Eric Glass     (eglass1 at comcast.net). 
+         *
+         *  Permission to use, copy, modify, and distribute this document for any purpose and without any fee is hereby
+         *  granted, provided that the above copyright notice and this list of conditions appear in all copies.
+         *  The most current version of this document may be obtained from http://davenport.sourceforge.net/ntlm.html .
+         */ 
+        public static class NTLM {
+            
+            public static final byte[] type1 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x01,
+                                                            0x00, 0x00, 0x00, 0x00, 0x02, 0x02, 0x00 };
+            
+            /**
+             * Calculates the NTLM Response for the given challenge, using the
+             * specified password.
+             *
+             * @param password The user's password.
+             * @param challenge The Type 2 challenge from the server.
+             *
+             * @return The NTLM Response.
+             */
+            public static byte[] getNTLMResponse(String password, byte[] challenge)
+                throws Exception {
+                byte[] ntlmHash = ntlmHash(password);
+                return lmResponse(ntlmHash, challenge);
+            }
+
+            /**
+             * Calculates the LM Response for the given challenge, using the specified
+             * password.
+             *
+             * @param password The user's password.
+             * @param challenge The Type 2 challenge from the server.
+             *
+             * @return The LM Response.
+             */
+            public static byte[] getLMResponse(String password, byte[] challenge)
+                throws Exception {
+                byte[] lmHash = lmHash(password);
+                return lmResponse(lmHash, challenge);
+            }
+
+            /**
+             * Calculates the NTLMv2 Response for the given challenge, using the
+             * specified authentication target, username, password, target information
+             * block, and client challenge.
+             *
+             * @param target The authentication target (i.e., domain).
+             * @param user The username. 
+             * @param password The user's password.
+             * @param targetInformation The target information block from the Type 2
+             * message.
+             * @param challenge The Type 2 challenge from the server.
+             * @param clientChallenge The random 8-byte client challenge. 
+             *
+             * @return The NTLMv2 Response.
+             */
+            public static byte[] getNTLMv2Response(String target, String user,
+                                                   String password, byte[] targetInformation, byte[] challenge,
+                                                   byte[] clientChallenge) throws Exception {
+                byte[] ntlmv2Hash = ntlmv2Hash(target, user, password);
+                byte[] blob = createBlob(targetInformation, clientChallenge);
+                return lmv2Response(ntlmv2Hash, blob, challenge);
+            }
+
+            /**
+             * Calculates the LMv2 Response for the given challenge, using the
+             * specified authentication target, username, password, and client
+             * challenge.
+             *
+             * @param target The authentication target (i.e., domain).
+             * @param user The username.
+             * @param password The user's password.
+             * @param challenge The Type 2 challenge from the server.
+             * @param clientChallenge The random 8-byte client challenge.
+             *
+             * @return The LMv2 Response. 
+             */
+            public static byte[] getLMv2Response(String target, String user,
+                                                 String password, byte[] challenge, byte[] clientChallenge)
+                throws Exception {
+                byte[] ntlmv2Hash = ntlmv2Hash(target, user, password);
+                return lmv2Response(ntlmv2Hash, clientChallenge, challenge);
+            }
+
+            /**
+             * Calculates the NTLM2 Session Response for the given challenge, using the
+             * specified password and client challenge.
+             *
+             * @param password The user's password.
+             * @param challenge The Type 2 challenge from the server.
+             * @param clientChallenge The random 8-byte client challenge.
+             *
+             * @return The NTLM2 Session Response.  This is placed in the NTLM
+             * response field of the Type 3 message; the LM response field contains
+             * the client challenge, null-padded to 24 bytes.
+             */
+            public static byte[] getNTLM2SessionResponse(String password,
+                                                         byte[] challenge, byte[] clientChallenge) throws Exception {
+                byte[] ntlmHash = ntlmHash(password);
+                MD5Digest md5 = new MD5Digest();
+                md5.update(challenge, 0, challenge.length);
+                md5.update(clientChallenge, 0, clientChallenge.length);
+                byte[] sessionHash = new byte[8];
+                byte[] md5_out = new byte[md5.getDigestSize()];
+                md5.doFinal(md5_out, 0);
+                System.arraycopy(md5_out, 0, sessionHash, 0, 8);
+                return lmResponse(ntlmHash, sessionHash);
+            }
+
+            /**
+             * Creates the LM Hash of the user's password.
+             *
+             * @param password The password.
+             *
+             * @return The LM Hash of the given password, used in the calculation
+             * of the LM Response.
+             */
+            private static byte[] lmHash(String password) throws Exception {
+                /*
+                byte[] oemPassword = password.toUpperCase().getBytes("US-ASCII");
+                int length = java.lang.Math.min(oemPassword.length, 14);
+                byte[] keyBytes = new byte[14];
+                System.arraycopy(oemPassword, 0, keyBytes, 0, length);
+                Key lowKey = createDESKey(keyBytes, 0);
+                Key highKey = createDESKey(keyBytes, 7);
+                byte[] magicConstant = "KGS!@#$%".getBytes("US-ASCII");
+                Cipher des = Cipher.getInstance("DES/ECB/NoPadding");
+                des.init(Cipher.ENCRYPT_MODE, lowKey);
+                byte[] lowHash = des.doFinal(magicConstant);
+                des.init(Cipher.ENCRYPT_MODE, highKey);
+                byte[] highHash = des.doFinal(magicConstant);
+                byte[] lmHash = new byte[16];
+                System.arraycopy(lowHash, 0, lmHash, 0, 8);
+                System.arraycopy(highHash, 0, lmHash, 8, 8);
+                return lmHash;
+                */
+                return null;
+            }
+
+            /**
+             * Creates the NTLM Hash of the user's password.
+             *
+             * @param password The password.
+             *
+             * @return The NTLM Hash of the given password, used in the calculation
+             * of the NTLM Response and the NTLMv2 and LMv2 Hashes.
+             */
+            private static byte[] ntlmHash(String password) throws Exception {
+                byte[] unicodePassword = password.getBytes("UnicodeLittleUnmarked");
+                MD4Digest md4 = new MD4Digest();
+                md4.update(unicodePassword, 0, unicodePassword.length);
+                byte[] ret = new byte[md4.getDigestSize()];
+                return ret;
+            }
+
+            /**
+             * Creates the NTLMv2 Hash of the user's password.
+             *
+             * @param target The authentication target (i.e., domain).
+             * @param user The username.
+             * @param password The password.
+             *
+             * @return The NTLMv2 Hash, used in the calculation of the NTLMv2
+             * and LMv2 Responses. 
+             */
+            private static byte[] ntlmv2Hash(String target, String user,
+                                             String password) throws Exception {
+                byte[] ntlmHash = ntlmHash(password);
+                String identity = user.toUpperCase() + target.toUpperCase();
+                return hmacMD5(identity.getBytes("UnicodeLittleUnmarked"), ntlmHash);
+            }
+
+            /**
+             * Creates the LM Response from the given hash and Type 2 challenge.
+             *
+             * @param hash The LM or NTLM Hash.
+             * @param challenge The server challenge from the Type 2 message.
+             *
+             * @return The response (either LM or NTLM, depending on the provided
+             * hash).
+             */
+            private static byte[] lmResponse(byte[] hash, byte[] challenge)
+                throws Exception {
+                /*
+                byte[] keyBytes = new byte[21];
+                System.arraycopy(hash, 0, keyBytes, 0, 16);
+                Key lowKey = createDESKey(keyBytes, 0);
+                Key middleKey = createDESKey(keyBytes, 7);
+                Key highKey = createDESKey(keyBytes, 14);
+                Cipher des = Cipher.getInstance("DES/ECB/NoPadding");
+                des.init(Cipher.ENCRYPT_MODE, lowKey);
+                byte[] lowResponse = des.doFinal(challenge);
+                des.init(Cipher.ENCRYPT_MODE, middleKey);
+                byte[] middleResponse = des.doFinal(challenge);
+                des.init(Cipher.ENCRYPT_MODE, highKey);
+                byte[] highResponse = des.doFinal(challenge);
+                byte[] lmResponse = new byte[24];
+                System.arraycopy(lowResponse, 0, lmResponse, 0, 8);
+                System.arraycopy(middleResponse, 0, lmResponse, 8, 8);
+                System.arraycopy(highResponse, 0, lmResponse, 16, 8);
+                return lmResponse;
+                */
+                return null;
+            }
+
+            /**
+             * Creates the LMv2 Response from the given hash, client data, and
+             * Type 2 challenge.
+             *
+             * @param hash The NTLMv2 Hash.
+             * @param clientData The client data (blob or client challenge).
+             * @param challenge The server challenge from the Type 2 message.
+             *
+             * @return The response (either NTLMv2 or LMv2, depending on the
+             * client data).
+             */
+            private static byte[] lmv2Response(byte[] hash, byte[] clientData,
+                                               byte[] challenge) throws Exception {
+                byte[] data = new byte[challenge.length + clientData.length];
+                System.arraycopy(challenge, 0, data, 0, challenge.length);
+                System.arraycopy(clientData, 0, data, challenge.length,
+                                 clientData.length);
+                byte[] mac = hmacMD5(data, hash);
+                byte[] lmv2Response = new byte[mac.length + clientData.length];
+                System.arraycopy(mac, 0, lmv2Response, 0, mac.length);
+                System.arraycopy(clientData, 0, lmv2Response, mac.length,
+                                 clientData.length);
+                return lmv2Response;
+            }
+
+            /**
+             * Creates the NTLMv2 blob from the given target information block and
+             * client challenge.
+             *
+             * @param targetInformation The target information block from the Type 2
+             * message.
+             * @param clientChallenge The random 8-byte client challenge.
+             *
+             * @return The blob, used in the calculation of the NTLMv2 Response.
+             */
+            private static byte[] createBlob(byte[] targetInformation,
+                                             byte[] clientChallenge) {
+                byte[] blobSignature = new byte[] {
+                    (byte) 0x01, (byte) 0x01, (byte) 0x00, (byte) 0x00
+                };
+                byte[] reserved = new byte[] {
+                    (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00
+                };
+                byte[] unknown1 = new byte[] {
+                    (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00
+                };
+                byte[] unknown2 = new byte[] {
+                    (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00
+                };
+                long time = System.currentTimeMillis();
+                time += 11644473600000l; // milliseconds from January 1, 1601 -> epoch.
+                time *= 10000; // tenths of a microsecond.
+                // convert to little-endian byte array.
+                byte[] timestamp = new byte[8];
+                for (int i = 0; i < 8; i++) {
+                    timestamp[i] = (byte) time;
+                    time >>>= 8;
+                }
+                byte[] blob = new byte[blobSignature.length + reserved.length +
+                                       timestamp.length + clientChallenge.length +
+                                       unknown1.length + targetInformation.length +
+                                       unknown2.length];
+                int offset = 0;
+                System.arraycopy(blobSignature, 0, blob, offset, blobSignature.length);
+                offset += blobSignature.length;
+                System.arraycopy(reserved, 0, blob, offset, reserved.length);
+                offset += reserved.length;
+                System.arraycopy(timestamp, 0, blob, offset, timestamp.length);
+                offset += timestamp.length;
+                System.arraycopy(clientChallenge, 0, blob, offset,
+                                 clientChallenge.length);
+                offset += clientChallenge.length;
+                System.arraycopy(unknown1, 0, blob, offset, unknown1.length);
+                offset += unknown1.length;
+                System.arraycopy(targetInformation, 0, blob, offset,
+                                 targetInformation.length);
+                offset += targetInformation.length;
+                System.arraycopy(unknown2, 0, blob, offset, unknown2.length);
+                return blob;
+            }
+
+            /**
+             * Calculates the HMAC-MD5 hash of the given data using the specified
+             * hashing key.
+             *
+             * @param data The data for which the hash will be calculated. 
+             * @param key The hashing key.
+             *
+             * @return The HMAC-MD5 hash of the given data.
+             */
+            private static byte[] hmacMD5(byte[] data, byte[] key) throws Exception {
+                byte[] ipad = new byte[64];
+                byte[] opad = new byte[64];
+                for (int i = 0; i < 64; i++) {
+                    ipad[i] = (byte) 0x36;
+                    opad[i] = (byte) 0x5c;
+                }
+                for (int i = key.length - 1; i >= 0; i--) {
+                    ipad[i] ^= key[i];
+                    opad[i] ^= key[i];
+                }
+                byte[] content = new byte[data.length + 64];
+                System.arraycopy(ipad, 0, content, 0, 64);
+                System.arraycopy(data, 0, content, 64, data.length);
+                MD5Digest md5 = new MD5Digest();
+                md5.update(content, 0, content.length);
+                data = new byte[md5.getDigestSize()];
+                md5.doFinal(data, 0);
+                content = new byte[data.length + 64];
+                System.arraycopy(opad, 0, content, 0, 64);
+                System.arraycopy(data, 0, content, 64, data.length);
+                md5 = new MD5Digest();
+                md5.update(content, 0, content.length);
+                byte[] ret = new byte[md5.getDigestSize()];
+                md5.doFinal(ret, 0);
+                return ret;
+            }
+
+            /**
+             * Creates a DES encryption key from the given key material.
+             *
+             * @param bytes A byte array containing the DES key material.
+             * @param offset The offset in the given byte array at which
+             * the 7-byte key material starts.
+             *
+             * @return A DES encryption key created from the key material
+             * starting at the specified offset in the given byte array.
+             */
+                /*
+            private static Key createDESKey(byte[] bytes, int offset) {
+                byte[] keyBytes = new byte[7];
+                System.arraycopy(bytes, offset, keyBytes, 0, 7);
+                byte[] material = new byte[8];
+                material[0] = keyBytes[0];
+                material[1] = (byte) (keyBytes[0] << 7 | (keyBytes[1] & 0xff) >>> 1);
+                material[2] = (byte) (keyBytes[1] << 6 | (keyBytes[2] & 0xff) >>> 2);
+                material[3] = (byte) (keyBytes[2] << 5 | (keyBytes[3] & 0xff) >>> 3);
+                material[4] = (byte) (keyBytes[3] << 4 | (keyBytes[4] & 0xff) >>> 4);
+                material[5] = (byte) (keyBytes[4] << 3 | (keyBytes[5] & 0xff) >>> 5);
+                material[6] = (byte) (keyBytes[5] << 2 | (keyBytes[6] & 0xff) >>> 6);
+                material[7] = (byte) (keyBytes[6] << 1);
+                oddParity(material);
+                return new SecretKeySpec(material, "DES");
+            }
+                */
+
+            /**
+             * Applies odd parity to the given byte array.
+             *
+             * @param bytes The data whose parity bits are to be adjusted for
+             * odd parity.
+             */
+            private static void oddParity(byte[] bytes) {
+                for (int i = 0; i < bytes.length; i++) {
+                    byte b = bytes[i];
+                    boolean needsParity = (((b >>> 7) ^ (b >>> 6) ^ (b >>> 5) ^
+                                            (b >>> 4) ^ (b >>> 3) ^ (b >>> 2) ^
+                                            (b >>> 1)) & 0x01) == 0;
+                    if (needsParity) {
+                        bytes[i] |= (byte) 0x01;
+                    } else {
+                        bytes[i] &= (byte) 0xfe;
+                    }
+                }
+            }
+
+        }
+    }
 }