-// Copyright 2003 Adam Megacz, see the COPYING file for licensing [GPL]
+// Copyright 2004 Adam Megacz, see the COPYING file for licensing [GPL]
package org.xwt;
import java.net.*;
*/
public class HTTP {
- /** the URL as passed to the original constructor; this is never changed */
- final String originalUrl;
- /** the URL to connect to; this is munged when the url is parsed */
- URL url = null;
+ // Public Methods ////////////////////////////////////////////////////////////////////////////////////////
+
+ public HTTP(String url) { this(url, false); }
+ public HTTP(String url, boolean skipResolveCheck) { originalUrl = url; this.skipResolveCheck = skipResolveCheck; }
+
+ /** Performs an HTTP GET request */
+ public InputStream GET() throws IOException { return makeRequest(null, null); }
- /** the host to connect to */
- String host = null;
+ /** Performs an HTTP POST request; content is additional headers, blank line, and body */
+ public InputStream POST(String contentType, String content) throws IOException { return makeRequest(contentType, content); }
- /** the port to connect on */
- int port = -1;
+ public static class HTTPException extends IOException { public HTTPException(String s) { super(s); } }
- /** true if SSL (HTTPS) should be used */
- boolean ssl = false;
- /** the path (URI) to retrieve on the server */
- String path = null;
+ // Statics ///////////////////////////////////////////////////////////////////////////////////////////////
- /** the socket */
- Socket sock = null;
+ static Hash resolvedHosts = new Hash(); ///< cache for resolveAndCheckIfFirewalled()
+ private static Hash authCache = new Hash(); ///< cache of userInfo strings, keyed on originalUrl
- /** the socket's inputstream */
- InputStream in = null;
- /** the username and password portions of the URL */
- String userInfo = null;
+ // Instance Data ///////////////////////////////////////////////////////////////////////////////////////////////
- /** cache of userInfo strings, keyed on originalUrl */
- private static Hashtable authCache = new Hashtable();
+ final String originalUrl; ///< the URL as passed to the original constructor; this is never changed
+ URL url = null; ///< the URL to connect to; this is munged when the url is parsed */
+ String host = null; ///< the host to connect to
+ int port = -1; ///< the port to connect on
+ boolean ssl = false; ///< true if SSL (HTTPS) should be used
+ String path = null; ///< the path (URI) to retrieve on the server
+ Socket sock = null; ///< the socket
+ InputStream in = null; ///< the socket's inputstream
+ String userInfo = null; ///< the username and password portions of the URL
+ boolean firstRequest = true; ///< true iff this is the first request to be made on this socket
+ boolean skipResolveCheck = false; ///< allowed to skip the resolve check when downloading PAC script
+ boolean proxied = false; ///< true iff we're using a proxy
/** this is null if the current request is the first request on
* this HTTP connection; otherwise it is a Semaphore which will be
*/
Semaphore okToRecieve = null;
- /** cache for resolveAndCheckIfFirewalled() */
- static Hashtable resolvedHosts = new Hashtable();
-
- /** if any request encounters an IOException, the entire HTTP connection is invalidated */
- boolean invalid = false;
-
- /** true iff we are allowed to skip the resolve check (only allowed when we're downloading the PAC script) */
- boolean skipResolveCheck = false;
-
- /** true iff we're using a proxy */
- boolean proxied = false;
-
-
- // Public Methods ////////////////////////////////////////////////////////////////////////////////////////
-
- public HTTP(String url) { this(url, false); }
- public HTTP(String url, boolean skipResolveCheck) {
- originalUrl = url;
- this.skipResolveCheck = skipResolveCheck;
- }
-
- /** Performs an HTTP GET request */
- public HTTPInputStream GET() throws IOException { return makeRequest(null, null); }
-
- /** Performs an HTTP POST request; content is appended to the headers (so it should include a blank line to delimit the beginning of the body) */
- public HTTPInputStream POST(String contentType, String content) throws IOException { return makeRequest(contentType, content); }
-
/**
* This method isn't synchronized; however, only one thread can be in the inner synchronized block at a time, and the rest of
* the method is protected by in-order one-at-a-time semaphore lock-steps
*/
- private HTTPInputStream makeRequest(String contentType, String content) throws IOException {
+ private InputStream makeRequest(String contentType, String content) throws IOException {
// Step 1: send the request and establish a semaphore to stop any requests that pipeline after us
Semaphore blockOn = null;
Semaphore releaseMe = null;
synchronized(this) {
- if (invalid) throw new HTTPException("connection failed on a previous pipelined call");
try {
connect();
sendRequest(contentType, content);
} catch (IOException e) {
- invalid = true;
+ reset();
throw e;
}
blockOn = okToRecieve;
boolean doRelease = true;
try {
if (blockOn != null) blockOn.block();
- if (invalid) throw new HTTPException("connection failed on a previous pipelined call");
+
+ // previous call wrecked the socket connection, but we already sent our request, so we can't just retry --
+ // this could cause the server to receive the request twice, which could be bad (think of the case where the
+ // server call causes Amazon.com to ship you an item with one-click purchasing).
+ if (sock == null)
+ throw new HTTPException("a previous pipelined call messed up the socket");
Hashtable h = in == null ? null : parseHeaders(in);
if (h == null) {
+ if (firstRequest) throw new HTTPException("server closed the socket with no response");
// sometimes the server chooses to close the stream between requests
- in = null; sock = null;
+ reset();
releaseMe.release();
return makeRequest(contentType, content);
}
else doWebAuth(h, content == null ? "GET" : "POST");
if (h.get("HTTP").equals("1.0") && h.get("content-length") == null) {
- if (Log.on) Log.log(this, "proxy returned an HTTP/1.0 reply with no content-length...");
- in = null; sock = null;
+ if (Log.on) Log.info(this, "proxy returned an HTTP/1.0 reply with no content-length...");
+ reset();
} else {
int cl = h.get("content-length") == null ? -1 : Integer.parseInt(h.get("content-length").toString());
new HTTPInputStream(in, cl, releaseMe).close();
if (h.get("HTTP").equals("1.0") && h.get("content-length") == null)
throw new HTTPException("XWT does not support HTTP/1.0 servers which fail to return the Content-Length header");
int cl = h.get("content-length") == null ? -1 : Integer.parseInt(h.get("content-length").toString());
- HTTPInputStream ret = new HTTPInputStream(in, cl, releaseMe);
+ InputStream ret = new HTTPInputStream(in, cl, releaseMe);
+ if ("gzip".equals(h.get("content-encoding"))) ret = new java.util.zip.GZIPInputStream(ret);
doRelease = false;
return ret;
}
- } catch (IOException e) { invalid = true; throw e;
+ } catch (IOException e) { reset(); throw e;
} finally { if (doRelease) releaseMe.release();
}
}
if ((quadbyte[0] == 10 ||
(quadbyte[0] == 192 && quadbyte[1] == 168) ||
(quadbyte[0] == 172 && (quadbyte[1] & 0xF0) == 16)) && !addr.equals(Main.originAddr))
- throw new HTTPException("security violation: " + host + " [" + addr.getHostAddress() + "] is in a firewalled netblock");
+ throw new HTTPException("security violation: " + host + " [" + addr.getHostAddress() +
+ "] is in a firewalled netblock");
return;
} catch (UnknownHostException uhe) { }
- if (Platform.detectProxy() == null) throw new HTTPException("could not resolve hostname \"" + host + "\" and no proxy configured");
+ if (Platform.detectProxy() == null)
+ throw new HTTPException("could not resolve hostname \"" + host + "\" and no proxy configured");
}
// Methods to attempt socket creation /////////////////////////////////////////////////////////////////
+ private Socket getSocket(String host, int port, boolean ssl, boolean negotiate) throws IOException {
+ Socket ret = ssl ? new SSL(host, port, negotiate) : new Socket(java.net.InetAddress.getByName(host), port);
+ ret.setTcpNoDelay(true);
+ return ret;
+ }
+
/** Attempts a direct connection */
- public Socket attemptDirect() {
+ private Socket attemptDirect() {
try {
- if (Log.verbose) Log.log(this, "attempting to create unproxied socket to " + host + ":" + port + (ssl ? " [ssl]" : ""));
- return Platform.getSocket(host, port, ssl, true);
+ if (Log.verbose) Log.info(this, "attempting to create unproxied socket to " +
+ host + ":" + port + (ssl ? " [ssl]" : ""));
+ return getSocket(host, port, ssl, true);
} catch (IOException e) {
- if (Log.on) Log.log(this, "exception in attemptDirect(): " + e);
+ if (Log.on) Log.info(this, "exception in attemptDirect(): " + e);
return null;
}
}
/** Attempts to use an HTTP proxy, employing the CONNECT method if HTTPS is requested */
- public Socket attemptHttpProxy(String proxyHost, int proxyPort) {
+ private Socket attemptHttpProxy(String proxyHost, int proxyPort) {
try {
- if (Log.verbose) Log.log(this, "attempting to create HTTP proxied socket using proxy " + proxyHost + ":" + proxyPort);
+ if (Log.verbose) Log.info(this, "attempting to create HTTP proxied socket using proxy " + proxyHost + ":" + proxyPort);
+ Socket sock = getSocket(proxyHost, proxyPort, ssl, false);
- Socket sock = Platform.getSocket(proxyHost, proxyPort, ssl, false);
if (!ssl) {
if (!path.startsWith("http://")) path = "http://" + host + ":" + port + path;
- } else {
- PrintWriter pw = new PrintWriter(new OutputStreamWriter(sock.getOutputStream()));
- BufferedReader br = new BufferedReader(new InputStreamReader(sock.getInputStream()));
- pw.print("CONNECT " + host + ":" + port + " HTTP/1.1\r\n\r\n");
- pw.flush();
- String s = br.readLine();
- if (s.charAt(9) != '2') throw new HTTPException("proxy refused CONNECT method: \"" + s + "\"");
- while (br.readLine().length() > 0) { };
- ((TinySSL)sock).negotiate();
+ return sock;
}
+
+ PrintWriter pw = new PrintWriter(new OutputStreamWriter(sock.getOutputStream()));
+ BufferedReader br = new BufferedReader(new InputStreamReader(sock.getInputStream()));
+ pw.print("CONNECT " + host + ":" + port + " HTTP/1.1\r\n\r\n");
+ pw.flush();
+ String s = br.readLine();
+ if (s.charAt(9) != '2') throw new HTTPException("proxy refused CONNECT method: \"" + s + "\"");
+ while (br.readLine().length() > 0) { };
+ ((SSL)sock).negotiate();
return sock;
} catch (IOException e) {
- if (Log.on) Log.log(this, "exception in attemptHttpProxy(): " + e);
+ if (Log.on) Log.info(this, "exception in attemptHttpProxy(): " + e);
return null;
}
}
* @see http://www.socks.nec.com/protocol/socks4.protocol
* @see http://www.socks.nec.com/protocol/socks4a.protocol
*/
- public Socket attemptSocksProxy(String proxyHost, int proxyPort) {
+ private Socket attemptSocksProxy(String proxyHost, int proxyPort) {
// even if host is already a "x.y.z.w" string, we use this to parse it into bytes
InetAddress addr = null;
try { addr = InetAddress.getByName(host); } catch (Exception e) { }
- if (Log.verbose) Log.log(this, "attempting to create SOCKSv4" + (addr == null ? "" : "a") +
+ if (Log.verbose) Log.info(this, "attempting to create SOCKSv4" + (addr == null ? "" : "a") +
" proxied socket using proxy " + proxyHost + ":" + proxyPort);
try {
- Socket sock = Platform.getSocket(proxyHost, proxyPort, ssl, false);
+ Socket sock = getSocket(proxyHost, proxyPort, ssl, false);
DataOutputStream dos = new DataOutputStream(sock.getOutputStream());
dos.writeByte(0x04); // SOCKSv4(a)
dis.skip(6); // ip/port
if ((int)(success & 0xff) == 90) {
- if (ssl) ((TinySSL)sock).negotiate();
+ if (ssl) ((SSL)sock).negotiate();
return sock;
}
- if (Log.on) Log.log(this, "SOCKS server denied access, code " + (success & 0xff));
+ if (Log.on) Log.info(this, "SOCKS server denied access, code " + (success & 0xff));
return null;
} catch (IOException e) {
- if (Log.on) Log.log(this, "exception in attemptSocksProxy(): " + e);
+ if (Log.on) Log.info(this, "exception in attemptSocksProxy(): " + e);
return null;
}
}
/** executes the PAC script and dispatches a call to one of the other attempt methods based on the result */
- public Socket attemptPAC(org.xwt.js.JS.Callable pacFunc) {
- if (Log.verbose) Log.log(this, "evaluating PAC script");
+ private Socket attemptPAC(org.xwt.js.JS pacFunc) {
+ if (Log.verbose) Log.info(this, "evaluating PAC script");
String pac = null;
try {
- org.xwt.js.JS.Array args = new org.xwt.js.JS.Array();
- args.addElement(url.toString());
- args.addElement(url.getHost());
- Object obj = pacFunc.call(args);
- if (Log.verbose) Log.log(this, " PAC script returned \"" + obj + "\"");
+ org.xwt.js.JSArray args = new org.xwt.js.JSArray();
+ Object obj = pacFunc.call(url.toString(), url.getHost(), null, null, 2);
+ if (Log.verbose) Log.info(this, " PAC script returned \"" + obj + "\"");
pac = obj.toString();
} catch (Throwable e) {
- if (Log.on) Log.log(this, "PAC script threw exception " + e);
+ if (Log.on) Log.info(this, "PAC script threw exception " + e);
return null;
}
StringTokenizer st = new StringTokenizer(pac, ";", false);
while (st.hasMoreTokens()) {
String token = st.nextToken().trim();
- if (Log.verbose) Log.log(this, " trying \"" + token + "\"...");
+ if (Log.verbose) Log.info(this, " trying \"" + token + "\"...");
try {
Socket ret = null;
if (token.startsWith("DIRECT"))
Integer.parseInt(token.substring(token.indexOf(':') + 1)));
if (ret != null) return ret;
} catch (Throwable e) {
- if (Log.on) Log.log(this, "attempt at \"" + token + "\" failed due to " + e + "; trying next token");
+ if (Log.on) Log.info(this, "attempt at \"" + token + "\" failed due to " + e + "; trying next token");
}
}
- if (Log.on) Log.log(this, "all PAC results exhausted");
+ if (Log.on) Log.info(this, "all PAC results exhausted");
return null;
}
// Everything Else ////////////////////////////////////////////////////////////////////////////
private synchronized void connect() throws IOException {
+ if (originalUrl.equals("stdio:")) { in = new BufferedInputStream(System.in); return; }
if (sock != null) {
if (in == null) in = new BufferedInputStream(sock.getInputStream());
return;
path = this.url.getFile();
if (port == -1) port = ssl ? 443 : 80;
host = this.url.getHost();
- if (Log.verbose) Log.log(this, "creating HTTP object for connection to " + host + ":" + port);
+ if (Log.verbose) Log.info(this, "creating HTTP object for connection to " + host + ":" + port);
Proxy pi = Platform.detectProxy();
- if (sock == null && pi != null && pi.proxyAutoConfigFunction != null) sock = attemptPAC(pi.proxyAutoConfigFunction);
- if (sock == null && pi != null && ssl && pi.httpsProxyHost != null) sock = attemptHttpProxy(pi.httpsProxyHost, pi.httpsProxyPort);
- if (sock == null && pi != null && pi.httpProxyHost != null) sock = attemptHttpProxy(pi.httpProxyHost, pi.httpProxyPort);
- if (sock == null && pi != null && pi.socksProxyHost != null) sock = attemptSocksProxy(pi.socksProxyHost, pi.socksProxyPort);
+ OUTER: do {
+ if (pi != null) {
+ for(int i=0; i<pi.excluded.length; i++) if (host.equals(pi.excluded[i])) break OUTER;
+ if (sock == null && pi.proxyAutoConfigFunction != null) sock = attemptPAC(pi.proxyAutoConfigFunction);
+ if (sock == null && ssl && pi.httpsProxyHost != null) sock = attemptHttpProxy(pi.httpsProxyHost,pi.httpsProxyPort);
+ if (sock == null && pi.httpProxyHost != null) sock = attemptHttpProxy(pi.httpProxyHost, pi.httpProxyPort);
+ if (sock == null && pi.socksProxyHost != null) sock = attemptSocksProxy(pi.socksProxyHost, pi.socksProxyPort);
+ }
+ } while (false);
proxied = sock != null;
if (sock == null) sock = attemptDirect();
if (sock == null) throw new HTTPException("unable to contact host " + host);
if (in == null) in = new BufferedInputStream(sock.getInputStream());
}
- public void sendRequest(String contentType, String content) throws IOException {
-
- PrintWriter pw = new PrintWriter(new OutputStreamWriter(sock.getOutputStream()));
+ private void sendRequest(String contentType, String content) throws IOException {
+ PrintWriter pw = new PrintWriter(new OutputStreamWriter(originalUrl.equals("stdio:") ?
+ System.out : sock.getOutputStream()));
if (content != null) {
pw.print("POST " + path + " HTTP/1.1\r\n");
int contentLength = content.substring(0, 2).equals("\r\n") ?
}
pw.print("User-Agent: XWT\r\n");
+ pw.print("Accept-encoding: gzip\r\n");
pw.print("Host: " + (host + (port == 80 ? "" : (":" + port))) + "\r\n");
if (proxied) pw.print("X-RequestOrigin: " + Main.originHost + "\r\n");
- if (Proxy.Authorization.authorization != null) pw.print("Proxy-Authorization: " + Proxy.Authorization.authorization2 + "\r\n");
+ if (Proxy.Authorization.authorization != null) pw.print("Proxy-Authorization: "+Proxy.Authorization.authorization2+"\r\n");
if (authCache.get(originalUrl) != null) pw.print("Authorization: " + authCache.get(originalUrl) + "\r\n");
pw.print(content == null ? "\r\n" : content);
authCache.put(originalUrl, "Basic " + new String(Base64.encode(userInfo.getBytes("US-ASCII"))));
} else if (h.get("AUTHTYPE").equals("Digest")) {
- if (authCache.get(originalUrl) != null && !"true".equals(h.get("stale"))) throw new HTTPException("username/password rejected");
+ if (authCache.get(originalUrl) != null && !"true".equals(h.get("stale")))
+ throw new HTTPException("username/password rejected");
String path2 = path;
if (path2.startsWith("http://") || path2.startsWith("https://")) {
path2 = path2.substring(path2.indexOf("://") + 3);
path2 = path2.substring(path2.indexOf('/'));
}
- String A1 = userInfo.substring(0, userInfo.indexOf(':')) + ":" + h.get("realm") + ":" + userInfo.substring(userInfo.indexOf(':') + 1);
+ String A1 = userInfo.substring(0, userInfo.indexOf(':')) + ":" + h.get("realm") + ":" +
+ userInfo.substring(userInfo.indexOf(':') + 1);
String A2 = method + ":" + path2;
authCache.put(originalUrl,
"Digest " +
}
private void doProxyAuth(Hashtable h0, String method) throws IOException {
- if (Log.on) Log.log(this, "Proxy AuthChallenge: " + h0.get("proxy-authenticate"));
+ if (Log.on) Log.info(this, "Proxy AuthChallenge: " + h0.get("proxy-authenticate"));
Hashtable h = parseAuthenticationChallenge(h0.get("proxy-authenticate").toString());
String style = h.get("AUTHTYPE").toString();
- String realm = h.get("realm").toString();
+ String realm = (String)h.get("realm");
+
+ if (style.equals("NTLM") && Proxy.Authorization.authorization2 == null) {
+ Log.info(this, "Proxy identified itself as NTLM, sending Type 1 packet");
+ Proxy.Authorization.authorization2 = "NTLM " + Base64.encode(Proxy.NTLM.type1);
+ return;
+ }
if (!realm.equals("Digest") || Proxy.Authorization.authorization2 == null || !"true".equals(h.get("stale")))
- Proxy.Authorization.getPassword(realm, style, sock.getInetAddress().getHostAddress(), Proxy.Authorization.authorization);
+ Proxy.Authorization.getPassword(realm, style, sock.getInetAddress().getHostAddress(),
+ Proxy.Authorization.authorization);
if (style.equals("Basic")) {
Proxy.Authorization.authorization2 =
String A2 = method + ":" + path;
Proxy.Authorization.authorization2 =
"Digest " +
- "username=\"" + Proxy.Authorization.authorization.substring(0, Proxy.Authorization.authorization.indexOf(':')) + "\", " +
+ "username=\"" + Proxy.Authorization.authorization.substring(0, Proxy.Authorization.authorization.indexOf(':')) +
+ "\", " +
"realm=\"" + h.get("realm") + "\", " +
"nonce=\"" + h.get("nonce") + "\", " +
"uri=\"" + path + "\", " +
(h.get("opaque") == null ? "" : ("opaque=\"" + h.get("opaque") + "\", ")) +
"response=\"" + H(H(A1) + ":" + h.get("nonce") + ":" + H(A2)) + "\", " +
"algorithm=MD5";
+
+ } else if (style.equals("NTLM")) {
+ Log.info(this, "Proxy identified itself as NTLM, got Type 2 packet");
+ byte[] type2 = Base64.decode(((String)h0.get("proxy-authenticate")).substring(5).trim());
+ for(int i=0; i<type2.length; i += 4) {
+ String log = "";
+ if (i<type2.length) log += Integer.toString(type2[i] & 0xff, 16) + " ";
+ if (i+1<type2.length) log += Integer.toString(type2[i+1] & 0xff, 16) + " ";
+ if (i+2<type2.length) log += Integer.toString(type2[i+2] & 0xff, 16) + " ";
+ if (i+3<type2.length) log += Integer.toString(type2[i+3] & 0xff, 16) + " ";
+ Log.info(this, log);
+ }
+ // FEATURE: need to keep the connection open between type1 and type3
+ // FEATURE: finish this
+ //byte[] type3 = Proxy.NTLM.getResponse(
+ //Proxy.Authorization.authorization2 = "NTLM " + Base64.encode(type3));
}
}
- // HTTPException ///////////////////////////////////////////////////////////////////////////////////
-
- static class HTTPException extends IOException { public HTTPException(String s) { super(s); } }
-
-
// HTTPInputStream ///////////////////////////////////////////////////////////////////////////////////
/** An input stream that represents a subset of a longer input stream. Supports HTTP chunking as well */
- public class HTTPInputStream extends FilterInputStream {
-
- /** if chunking, the number of bytes remaining in this subset; otherwise the remainder of the chunk */
- private int length = 0;
+ public class HTTPInputStream extends FilterInputStream implements KnownLength {
- /** this semaphore will be released when the stream is closed */
- private Semaphore releaseMe = null;
+ private int length = 0; ///< if chunking, numbytes left in this subset; else the remainder of the chunk
+ private Semaphore releaseMe = null; ///< this semaphore will be released when the stream is closed
+ boolean chunkedDone = false; ///< indicates that we have encountered the zero-length terminator chunk
+ boolean firstChunk = true; ///< if we're on the first chunk, we don't pre-read a CRLF
+ private int contentLength = 0; ///< the length of the entire content body; -1 if chunked
- /** indicates that we have encountered the zero-length terminator chunk */
- boolean chunkedDone = false;
-
- /** if we're on the first chunk, we don't pre-read a CRLF */
- boolean firstChunk = true;
-
- /** the length of the entire content body; -1 if chunked */
- private int contentLength = 0;
- public int getContentLength() { return contentLength; }
-
- HTTPInputStream(InputStream in, int length, Semaphore releaseMe) {
+ HTTPInputStream(InputStream in, int length, Semaphore releaseMe) throws IOException {
super(in);
this.releaseMe = releaseMe;
this.contentLength = length;
this.length = length == -1 ? 0 : length;
}
+ public int getLength() { return contentLength; }
public boolean markSupported() { return false; }
public int read(byte[] b) throws IOException { return read(b, 0, b.length); }
public long skip(long n) throws IOException { return read(null, -1, (int)n); }
int i = super.read();
if (i == -1) throw new HTTPException("encountered end of stream while reading chunk length");
- // FIXME: handle chunking extensions
+ // FEATURE: handle chunking extensions
if (i == '\r') {
super.read(); // LF
break;
}
return ret;
} finally {
- if (!good) invalid = true;
+ if (!good) reset();
}
}
}
}
+ void reset() {
+ firstRequest = true;
+ in = null;
+ sock = null;
+ }
+
// Misc Helpers ///////////////////////////////////////////////////////////////////////////////////
if (read == -1 && buflen == 0) return null;
if (read == -1) throw new HTTPException("stream closed while reading headers");
buf[buflen++] = (byte)read;
- if (buflen >= 4 && buf[buflen - 4] == '\r' && buf[buflen - 3] == '\n' && buf[buflen - 2] == '\r' && buf[buflen - 1] == '\n') break;
+ if (buflen >= 4 && buf[buflen - 4] == '\r' && buf[buflen - 3] == '\n' &&
+ buf[buflen - 2] == '\r' && buf[buflen - 1] == '\n')
+ break;
if (buflen == buf.length) {
byte[] newbuf = new byte[buf.length * 2];
System.arraycopy(buf, 0, newbuf, 0, buflen);
public Proxy() { }
- /** the HTTP Proxy host to use */
- public String httpProxyHost = null;
-
- /** the HTTP Proxy port to use */
- public int httpProxyPort = -1;
-
- /** if a seperate proxy should be used for HTTPS, this is the hostname; otherwise, httpProxyHost is used */
- public String httpsProxyHost = null;
-
- /** if a seperate proxy should be used for HTTPS, this is the port */
+ public String httpProxyHost = null; ///< the HTTP Proxy host to use
+ public int httpProxyPort = -1; ///< the HTTP Proxy port to use
+ public String httpsProxyHost = null; ///< seperate proxy for HTTPS
public int httpsProxyPort = -1;
-
- /** the SOCKS Proxy Host to use */
- public String socksProxyHost = null;
-
- /** the SOCKS Proxy Port to use */
- public int socksProxyPort = -1;
-
- /** hosts to be excluded from proxy use; wildcards permitted */
- public String[] excluded = null;
-
- /** the PAC script */
- public JS.Callable proxyAutoConfigFunction = null;
+ public String socksProxyHost = null; ///< the SOCKS Proxy Host to use
+ public int socksProxyPort = -1; ///< the SOCKS Proxy Port to use
+ public String[] excluded = null; ///< hosts to be excluded from proxy use; wildcards permitted
+ public JS proxyAutoConfigFunction = null; ///< the PAC script
public static Proxy detectProxyViaManual() {
Proxy ret = new Proxy();
ret.httpProxyHost = Platform.getEnv("http_proxy");
if (ret.httpProxyHost != null) {
if (ret.httpProxyHost.startsWith("http://")) ret.httpProxyHost = ret.httpProxyHost.substring(7);
- if (ret.httpProxyHost.endsWith("/")) ret.httpProxyHost = ret.httpProxyHost.substring(0, ret.httpProxyHost.length() - 1);
+ if (ret.httpProxyHost.endsWith("/"))
+ ret.httpProxyHost = ret.httpProxyHost.substring(0, ret.httpProxyHost.length() - 1);
if (ret.httpProxyHost.indexOf(':') != -1) {
ret.httpProxyPort = Integer.parseInt(ret.httpProxyHost.substring(ret.httpProxyHost.indexOf(':') + 1));
ret.httpProxyHost = ret.httpProxyHost.substring(0, ret.httpProxyHost.indexOf(':'));
ret.httpsProxyHost = Platform.getEnv("https_proxy");
if (ret.httpsProxyHost != null) {
if (ret.httpsProxyHost.startsWith("https://")) ret.httpsProxyHost = ret.httpsProxyHost.substring(7);
- if (ret.httpsProxyHost.endsWith("/")) ret.httpsProxyHost = ret.httpsProxyHost.substring(0, ret.httpsProxyHost.length() - 1);
+ if (ret.httpsProxyHost.endsWith("/"))
+ ret.httpsProxyHost = ret.httpsProxyHost.substring(0, ret.httpsProxyHost.length() - 1);
if (ret.httpsProxyHost.indexOf(':') != -1) {
ret.httpsProxyPort = Integer.parseInt(ret.httpsProxyHost.substring(ret.httpsProxyHost.indexOf(':') + 1));
ret.httpsProxyHost = ret.httpsProxyHost.substring(0, ret.httpsProxyHost.indexOf(':'));
ret.socksProxyHost = Platform.getEnv("socks_proxy");
if (ret.socksProxyHost != null) {
if (ret.socksProxyHost.startsWith("socks://")) ret.socksProxyHost = ret.socksProxyHost.substring(7);
- if (ret.socksProxyHost.endsWith("/")) ret.socksProxyHost = ret.socksProxyHost.substring(0, ret.socksProxyHost.length() - 1);
+ if (ret.socksProxyHost.endsWith("/"))
+ ret.socksProxyHost = ret.socksProxyHost.substring(0, ret.socksProxyHost.length() - 1);
if (ret.socksProxyHost.indexOf(':') != -1) {
ret.socksProxyPort = Integer.parseInt(ret.socksProxyHost.substring(ret.socksProxyHost.indexOf(':') + 1));
ret.socksProxyHost = ret.socksProxyHost.substring(0, ret.socksProxyHost.indexOf(':'));
return ret;
}
- public static JS.Scope proxyAutoConfigRootScope = new ProxyAutoConfigRootScope();
- public static JS.Callable getProxyAutoConfigFunction(String url) {
+ public static JSScope proxyAutoConfigRootScope = new ProxyAutoConfigRootScope();
+ public static JS getProxyAutoConfigFunction(String url) {
try {
BufferedReader br = new BufferedReader(new InputStreamReader(new HTTP(url, true).GET()));
String s = null;
String script = "";
while((s = br.readLine()) != null) script += s + "\n";
- if (Log.on) Log.log(Proxy.class, "successfully retrieved WPAD PAC:");
- if (Log.on) Log.log(Proxy.class, script);
+ if (Log.on) Log.info(Proxy.class, "successfully retrieved WPAD PAC:");
+ if (Log.on) Log.info(Proxy.class, script);
// MS CARP hack
Vector carpHosts = new Vector();
for(int i=0; i<script.length(); i++)
if (script.regionMatches(i, "new Node(", 0, 9)) {
String host = script.substring(i + 10, script.indexOf('\"', i + 11));
- if (Log.on) Log.log(Proxy.class, "Detected MS Proxy Server CARP Script, Host=" + host);
+ if (Log.on) Log.info(Proxy.class, "Detected MS Proxy Server CARP Script, Host=" + host);
carpHosts.addElement(host);
}
if (carpHosts.size() > 0) {
for(int i=0; i<carpHosts.size(); i++)
script += "PROXY " + carpHosts.elementAt(i) + "; ";
script += "\";\n}";
- if (Log.on) Log.log(Proxy.class, "DeCARPed PAC script:");
- if (Log.on) Log.log(Proxy.class, script);
+ if (Log.on) Log.info(Proxy.class, "DeCARPed PAC script:");
+ if (Log.on) Log.info(Proxy.class, script);
}
- JS.CompiledFunction scr = JS.parse("PAC script at " + url, 0, new StringReader(script));
- scr.call(new JS.Array(), proxyAutoConfigRootScope);
- return (JS.Callable)proxyAutoConfigRootScope.get("FindProxyForURL");
+ JS scr = JS.fromReader("PAC script at " + url, 0, new StringReader(script));
+ JS.cloneWithNewParentScope(scr, proxyAutoConfigRootScope).call(null, null, null, null, 0);
+ return (JS)proxyAutoConfigRootScope.get("FindProxyForURL");
} catch (Exception e) {
if (Log.on) {
- Log.log(Platform.class, "WPAD detection failed due to:");
- if (e instanceof JS.Exn) {
+ Log.info(Platform.class, "WPAD detection failed due to:");
+ if (e instanceof JSExn) {
try {
- org.xwt.js.JS.Array arr = new org.xwt.js.JS.Array();
- arr.addElement(((JS.Exn)e).getObject());
- // FIXME
- //XWT.recursivePrintObject.call();
+ org.xwt.js.JSArray arr = new org.xwt.js.JSArray();
+ arr.addElement(((JSExn)e).getObject());
} catch (Exception e2) {
- Log.log(Platform.class, e);
+ Log.info(Platform.class, e);
}
}
- else Log.log(Platform.class, e);
+ else Log.info(Platform.class, e);
}
return null;
}
static public String authorization2 = null;
static public Semaphore waitingForUser = new Semaphore();
- public static synchronized void getPassword(final String realm, final String style, final String proxyIP, String oldAuth) {
+ public static synchronized void getPassword(final String realm, final String style,
+ final String proxyIP, String oldAuth) {
// this handles cases where multiple threads hit the proxy auth at the same time -- all but one will block on the
// synchronized keyword. If 'authorization' changed while the thread was blocked, it means that the user entered
// a password, so we should reattempt authorization.
if (authorization != oldAuth) return;
- if (Log.on) Log.log(Authorization.class, "displaying proxy authorization dialog");
- Message.Q.add(new Message() {
- public void perform() {
+ if (Log.on) Log.info(Authorization.class, "displaying proxy authorization dialog");
+ Scheduler.add(new Scheduler.Task() {
+ public void perform() throws Exception {
Box b = new Box();
- /* FIXME
- Template.getTemplate("org.xwt.builtin.proxy_authorization", null).apply(b, null, null, null, 0, 0, null);
+ Template t = Template.buildTemplate(Stream.getInputStream((JS)Main.builtin.get("org/xwt/builtin/proxy_authorization.xwt")), new XWT(null));
+ t.apply(b);
b.put("realm", realm);
b.put("proxyIP", proxyIP);
- */
}
});
waitingForUser.block();
- if (Log.on) Log.log(Authorization.class, "got proxy authorization info; re-attempting connection");
-
+ if (Log.on) Log.info(Authorization.class, "got proxy authorization info; re-attempting connection");
}
}
- // ProxyAutoConfigRootScope ////////////////////////////////////////////////////////////////////
+ // ProxyAutoConfigRootJSScope ////////////////////////////////////////////////////////////////////
- public static class ProxyAutoConfigRootScope extends JS.Scope {
+ public static class ProxyAutoConfigRootScope extends JSScope.Global {
- public ProxyAutoConfigRootScope() { super(null); }
+ public ProxyAutoConfigRootScope() { super(); }
- // FIXME: needs "standard objects"
-
- public Object get(Object name) {
- if (name.equals("isPlainHostName")) return isPlainHostName;
- else if (name.equals("dnsDomainIs")) return dnsDomainIs;
- else if (name.equals("localHostOrDomainIs")) return localHostOrDomainIs;
- else if (name.equals("isResolvable")) return isResolvable;
- else if (name.equals("isInNet")) return isInNet;
- else if (name.equals("dnsResolve")) return dnsResolve;
- else if (name.equals("myIpAddress")) return myIpAddress;
- else if (name.equals("dnsDomainLevels")) return dnsDomainLevels;
- else if (name.equals("shExpMatch")) return shExpMatch;
- else if (name.equals("weekdayRange")) return weekdayRange;
- else if (name.equals("dateRange")) return dateRange;
- else if (name.equals("timeRange")) return timeRange;
- else if (name.equals("ProxyConfig")) return ProxyConfig;
- else return super.get(name);
+ public Object get(Object name) throws JSExn {
+ //#switch(name)
+ case "isPlainHostName": return METHOD;
+ case "dnsDomainIs": return METHOD;
+ case "localHostOrDomainIs": return METHOD;
+ case "isResolvable": return METHOD;
+ case "isInNet": return METHOD;
+ case "dnsResolve": return METHOD;
+ case "myIpAddress": return METHOD;
+ case "dnsDomainLevels": return METHOD;
+ case "shExpMatch": return METHOD;
+ case "weekdayRange": return METHOD;
+ case "dateRange": return METHOD;
+ case "timeRange": return METHOD;
+ case "ProxyConfig": return ProxyConfig;
+ //#end
+ return super.get(name);
}
- private static final JS.Obj proxyConfigBindings = new JS.Obj();
- private static final JS.Obj ProxyConfig = new JS.Obj() {
+ private static final JS proxyConfigBindings = new JS();
+ private static final JS ProxyConfig = new JS() {
public Object get(Object name) {
if (name.equals("bindings")) return proxyConfigBindings;
return null;
}
};
-
- private static final JS.Callable isPlainHostName = new JS.Callable() {
- public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
- return (args.elementAt(0).toString().indexOf('.') == -1) ? Boolean.TRUE : Boolean.FALSE;
- }
- };
-
- private static final JS.Callable dnsDomainIs = new JS.Callable() {
- public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
- return (args.elementAt(0).toString().endsWith(args.elementAt(1).toString())) ? Boolean.TRUE : Boolean.FALSE;
- }
- };
-
- private static final JS.Callable localHostOrDomainIs = new JS.Callable() {
- public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
- return (args.elementAt(0).toString().equals(args.elementAt(1).toString()) ||
- (args.elementAt(0).toString().indexOf('.') == -1 && args.elementAt(1).toString().startsWith(args.elementAt(0).toString()))) ?
+
+ public Object callMethod(Object method, Object a0, Object a1, Object a2, Object[] rest, int nargs) throws JSExn {
+ //#switch(method)
+ case "isPlainHostName": return (a0.toString().indexOf('.') == -1) ? Boolean.TRUE : Boolean.FALSE;
+ case "dnsDomainIs": return (a0.toString().endsWith(a1.toString())) ? Boolean.TRUE : Boolean.FALSE;
+ case "localHostOrDomainIs":
+ return (a0.equals(a1) || (a0.toString().indexOf('.') == -1 && a1.toString().startsWith(a0.toString()))) ? T:F;
+ case "isResolvable": try {
+ return (InetAddress.getByName(a0.toString()) != null) ? Boolean.TRUE : Boolean.FALSE;
+ } catch (UnknownHostException e) { return F; }
+ case "isInNet":
+ if (nargs != 3) return Boolean.FALSE;
+ try {
+ byte[] host = InetAddress.getByName(a0.toString()).getAddress();
+ byte[] net = InetAddress.getByName(a1.toString()).getAddress();
+ byte[] mask = InetAddress.getByName(a2.toString()).getAddress();
+ return ((host[0] & mask[0]) == net[0] &&
+ (host[1] & mask[1]) == net[1] &&
+ (host[2] & mask[2]) == net[2] &&
+ (host[3] & mask[3]) == net[3]) ?
Boolean.TRUE : Boolean.FALSE;
+ } catch (Exception e) {
+ throw new JSExn("exception in isInNet(): " + e);
}
- };
-
- private static final JS.Callable isResolvable = new JS.Callable() {
- public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
- try {
- return (InetAddress.getByName(args.elementAt(0).toString()) != null) ? Boolean.TRUE : Boolean.FALSE;
- } catch (UnknownHostException e) {
- return Boolean.FALSE;
- }
- }
- };
-
- private static final JS.Callable isInNet = new JS.Callable() {
- public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
- if (args.length() != 3) return Boolean.FALSE;
- try {
- byte[] host = InetAddress.getByName(args.elementAt(0).toString()).getAddress();
- byte[] net = InetAddress.getByName(args.elementAt(1).toString()).getAddress();
- byte[] mask = InetAddress.getByName(args.elementAt(2).toString()).getAddress();
- return ((host[0] & mask[0]) == net[0] &&
- (host[1] & mask[1]) == net[1] &&
- (host[2] & mask[2]) == net[2] &&
- (host[3] & mask[3]) == net[3]) ?
- Boolean.TRUE : Boolean.FALSE;
- } catch (Exception e) {
- throw new JS.Exn("exception in isInNet(): " + e);
- }
- }
- };
-
- private static final JS.Callable dnsResolve = new JS.Callable() {
- public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
- try {
- return InetAddress.getByName(args.elementAt(0).toString()).getHostAddress();
- } catch (UnknownHostException e) {
- return null;
- }
- }
- };
-
- private static final JS.Callable myIpAddress = new JS.Callable() {
- public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
- try {
- return InetAddress.getLocalHost().getHostAddress();
- } catch (UnknownHostException e) {
- if (Log.on) Log.log(this, "strange... host does not know its own address");
- return null;
- }
+ case "dnsResolve":
+ try {
+ return InetAddress.getByName(a0.toString()).getHostAddress();
+ } catch (UnknownHostException e) {
+ return null;
}
- };
-
- private static final JS.Callable dnsDomainLevels = new JS.Callable() {
- public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
- String s = args.elementAt(0).toString();
- int i = 0;
- while((i = s.indexOf('.', i)) != -1) i++;
- return new Integer(i);
+ case "myIpAddress":
+ try {
+ return InetAddress.getLocalHost().getHostAddress();
+ } catch (UnknownHostException e) {
+ if (Log.on) Log.info(this, "strange... host does not know its own address");
+ return null;
}
- };
-
+ case "dnsDomainLevels":
+ String s = a0.toString();
+ int i = 0;
+ while((i = s.indexOf('.', i)) != -1) i++;
+ return new Integer(i);
+ case "shExpMatch":
+ StringTokenizer st = new StringTokenizer(a1.toString(), "*", false);
+ String[] arr = new String[st.countTokens()];
+ String s = a0.toString();
+ for (int i=0; st.hasMoreTokens(); i++) arr[i] = st.nextToken();
+ return match(arr, s, 0) ? Boolean.TRUE : Boolean.FALSE;
+ case "weekdayRange":
+ TimeZone tz = (nargs < 3 || a2 == null || !a2.equals("GMT")) ?
+ TimeZone.getTimeZone("UTC") : TimeZone.getDefault();
+ Calendar c = new GregorianCalendar();
+ c.setTimeZone(tz);
+ c.setTime(new java.util.Date());
+ java.util.Date d = c.getTime();
+ int day = d.getDay();
+ String d1s = a0.toString().toUpperCase();
+ int d1 = 0, d2 = 0;
+ for(int i=0; i<days.length; i++) if (days[i].equals(d1s)) d1 = i;
+
+ if (nargs == 1)
+ return d1 == day ? Boolean.TRUE : Boolean.FALSE;
+
+ String d2s = a1.toString().toUpperCase();
+ for(int i=0; i<days.length; i++) if (days[i].equals(d2s)) d2 = i;
+
+ return ((d1 <= d2 && day >= d1 && day <= d2) || (d1 > d2 && (day >= d1 || day <= d2))) ? T : F;
+
+ case "dateRange": throw new JSExn("XWT does not support dateRange() in PAC scripts");
+ case "timeRange": throw new JSExn("XWT does not support timeRange() in PAC scripts");
+ //#end
+ return super.callMethod(method, a0, a1, a2, rest, nargs);
+ }
private static boolean match(String[] arr, String s, int index) {
if (index >= arr.length) return true;
for(int i=0; i<s.length(); i++) {
}
return false;
}
-
- private static final JS.Callable shExpMatch = new JS.Callable() {
- public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
- StringTokenizer st = new StringTokenizer(args.elementAt(1).toString(), "*", false);
- String[] arr = new String[st.countTokens()];
- String s = args.elementAt(0).toString();
- for (int i=0; st.hasMoreTokens(); i++) arr[i] = st.nextToken();
- return match(arr, s, 0) ? Boolean.TRUE : Boolean.FALSE;
- }
- };
-
public static String[] days = { "SUN", "MON", "TUE", "WED", "THU", "FRI", "SAT" };
-
- private static final JS.Callable weekdayRange = new JS.Callable() {
- public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
- TimeZone tz = (args.length() < 3 || args.elementAt(2) == null || !args.elementAt(2).equals("GMT")) ? TimeZone.getTimeZone("UTC") : TimeZone.getDefault();
- Calendar c = new GregorianCalendar();
- c.setTimeZone(tz);
- c.setTime(new java.util.Date());
- java.util.Date d = c.getTime();
- int day = d.getDay();
-
- String d1s = args.elementAt(0).toString().toUpperCase();
- int d1 = 0, d2 = 0;
- for(int i=0; i<days.length; i++) if (days[i].equals(d1s)) d1 = i;
-
- if (args.length() == 1)
- return d1 == day ? Boolean.TRUE : Boolean.FALSE;
-
- String d2s = args.elementAt(1).toString().toUpperCase();
- for(int i=0; i<days.length; i++) if (days[i].equals(d2s)) d2 = i;
-
- return
- ((d1 <= d2 && day >= d1 && day <= d2) ||
- (d1 > d2 && (day >= d1 || day <= d2))) ?
- Boolean.TRUE : Boolean.FALSE;
- }
+ }
+
+
+ /**
+ * An implementation of Microsoft's proprietary NTLM authentication protocol. This code was derived from Eric
+ * Glass's work, and is copyright as follows:
+ *
+ * Copyright (c) 2003 Eric Glass (eglass1 at comcast.net).
+ *
+ * Permission to use, copy, modify, and distribute this document for any purpose and without any fee is hereby
+ * granted, provided that the above copyright notice and this list of conditions appear in all copies.
+ * The most current version of this document may be obtained from http://davenport.sourceforge.net/ntlm.html .
+ */
+ public static class NTLM {
+
+ public static final byte[] type1 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x01,
+ 0x00, 0x00, 0x00, 0x00, 0x02, 0x02, 0x00 };
+
+ /**
+ * Calculates the NTLM Response for the given challenge, using the
+ * specified password.
+ *
+ * @param password The user's password.
+ * @param challenge The Type 2 challenge from the server.
+ *
+ * @return The NTLM Response.
+ */
+ public static byte[] getNTLMResponse(String password, byte[] challenge)
+ throws Exception {
+ byte[] ntlmHash = ntlmHash(password);
+ return lmResponse(ntlmHash, challenge);
+ }
+
+ /**
+ * Calculates the LM Response for the given challenge, using the specified
+ * password.
+ *
+ * @param password The user's password.
+ * @param challenge The Type 2 challenge from the server.
+ *
+ * @return The LM Response.
+ */
+ public static byte[] getLMResponse(String password, byte[] challenge)
+ throws Exception {
+ byte[] lmHash = lmHash(password);
+ return lmResponse(lmHash, challenge);
+ }
+
+ /**
+ * Calculates the NTLMv2 Response for the given challenge, using the
+ * specified authentication target, username, password, target information
+ * block, and client challenge.
+ *
+ * @param target The authentication target (i.e., domain).
+ * @param user The username.
+ * @param password The user's password.
+ * @param targetInformation The target information block from the Type 2
+ * message.
+ * @param challenge The Type 2 challenge from the server.
+ * @param clientChallenge The random 8-byte client challenge.
+ *
+ * @return The NTLMv2 Response.
+ */
+ public static byte[] getNTLMv2Response(String target, String user,
+ String password, byte[] targetInformation, byte[] challenge,
+ byte[] clientChallenge) throws Exception {
+ byte[] ntlmv2Hash = ntlmv2Hash(target, user, password);
+ byte[] blob = createBlob(targetInformation, clientChallenge);
+ return lmv2Response(ntlmv2Hash, blob, challenge);
+ }
+
+ /**
+ * Calculates the LMv2 Response for the given challenge, using the
+ * specified authentication target, username, password, and client
+ * challenge.
+ *
+ * @param target The authentication target (i.e., domain).
+ * @param user The username.
+ * @param password The user's password.
+ * @param challenge The Type 2 challenge from the server.
+ * @param clientChallenge The random 8-byte client challenge.
+ *
+ * @return The LMv2 Response.
+ */
+ public static byte[] getLMv2Response(String target, String user,
+ String password, byte[] challenge, byte[] clientChallenge)
+ throws Exception {
+ byte[] ntlmv2Hash = ntlmv2Hash(target, user, password);
+ return lmv2Response(ntlmv2Hash, clientChallenge, challenge);
+ }
+
+ /**
+ * Calculates the NTLM2 Session Response for the given challenge, using the
+ * specified password and client challenge.
+ *
+ * @param password The user's password.
+ * @param challenge The Type 2 challenge from the server.
+ * @param clientChallenge The random 8-byte client challenge.
+ *
+ * @return The NTLM2 Session Response. This is placed in the NTLM
+ * response field of the Type 3 message; the LM response field contains
+ * the client challenge, null-padded to 24 bytes.
+ */
+ public static byte[] getNTLM2SessionResponse(String password,
+ byte[] challenge, byte[] clientChallenge) throws Exception {
+ byte[] ntlmHash = ntlmHash(password);
+ MD5Digest md5 = new MD5Digest();
+ md5.update(challenge, 0, challenge.length);
+ md5.update(clientChallenge, 0, clientChallenge.length);
+ byte[] sessionHash = new byte[8];
+ byte[] md5_out = new byte[md5.getDigestSize()];
+ md5.doFinal(md5_out, 0);
+ System.arraycopy(md5_out, 0, sessionHash, 0, 8);
+ return lmResponse(ntlmHash, sessionHash);
+ }
+
+ /**
+ * Creates the LM Hash of the user's password.
+ *
+ * @param password The password.
+ *
+ * @return The LM Hash of the given password, used in the calculation
+ * of the LM Response.
+ */
+ private static byte[] lmHash(String password) throws Exception {
+ /*
+ byte[] oemPassword = password.toUpperCase().getBytes("US-ASCII");
+ int length = java.lang.Math.min(oemPassword.length, 14);
+ byte[] keyBytes = new byte[14];
+ System.arraycopy(oemPassword, 0, keyBytes, 0, length);
+ Key lowKey = createDESKey(keyBytes, 0);
+ Key highKey = createDESKey(keyBytes, 7);
+ byte[] magicConstant = "KGS!@#$%".getBytes("US-ASCII");
+ Cipher des = Cipher.getInstance("DES/ECB/NoPadding");
+ des.init(Cipher.ENCRYPT_MODE, lowKey);
+ byte[] lowHash = des.doFinal(magicConstant);
+ des.init(Cipher.ENCRYPT_MODE, highKey);
+ byte[] highHash = des.doFinal(magicConstant);
+ byte[] lmHash = new byte[16];
+ System.arraycopy(lowHash, 0, lmHash, 0, 8);
+ System.arraycopy(highHash, 0, lmHash, 8, 8);
+ return lmHash;
+ */
+ return null;
+ }
+
+ /**
+ * Creates the NTLM Hash of the user's password.
+ *
+ * @param password The password.
+ *
+ * @return The NTLM Hash of the given password, used in the calculation
+ * of the NTLM Response and the NTLMv2 and LMv2 Hashes.
+ */
+ private static byte[] ntlmHash(String password) throws Exception {
+ byte[] unicodePassword = password.getBytes("UnicodeLittleUnmarked");
+ MD4Digest md4 = new MD4Digest();
+ md4.update(unicodePassword, 0, unicodePassword.length);
+ byte[] ret = new byte[md4.getDigestSize()];
+ return ret;
+ }
+
+ /**
+ * Creates the NTLMv2 Hash of the user's password.
+ *
+ * @param target The authentication target (i.e., domain).
+ * @param user The username.
+ * @param password The password.
+ *
+ * @return The NTLMv2 Hash, used in the calculation of the NTLMv2
+ * and LMv2 Responses.
+ */
+ private static byte[] ntlmv2Hash(String target, String user,
+ String password) throws Exception {
+ byte[] ntlmHash = ntlmHash(password);
+ String identity = user.toUpperCase() + target.toUpperCase();
+ return hmacMD5(identity.getBytes("UnicodeLittleUnmarked"), ntlmHash);
+ }
+
+ /**
+ * Creates the LM Response from the given hash and Type 2 challenge.
+ *
+ * @param hash The LM or NTLM Hash.
+ * @param challenge The server challenge from the Type 2 message.
+ *
+ * @return The response (either LM or NTLM, depending on the provided
+ * hash).
+ */
+ private static byte[] lmResponse(byte[] hash, byte[] challenge)
+ throws Exception {
+ /*
+ byte[] keyBytes = new byte[21];
+ System.arraycopy(hash, 0, keyBytes, 0, 16);
+ Key lowKey = createDESKey(keyBytes, 0);
+ Key middleKey = createDESKey(keyBytes, 7);
+ Key highKey = createDESKey(keyBytes, 14);
+ Cipher des = Cipher.getInstance("DES/ECB/NoPadding");
+ des.init(Cipher.ENCRYPT_MODE, lowKey);
+ byte[] lowResponse = des.doFinal(challenge);
+ des.init(Cipher.ENCRYPT_MODE, middleKey);
+ byte[] middleResponse = des.doFinal(challenge);
+ des.init(Cipher.ENCRYPT_MODE, highKey);
+ byte[] highResponse = des.doFinal(challenge);
+ byte[] lmResponse = new byte[24];
+ System.arraycopy(lowResponse, 0, lmResponse, 0, 8);
+ System.arraycopy(middleResponse, 0, lmResponse, 8, 8);
+ System.arraycopy(highResponse, 0, lmResponse, 16, 8);
+ return lmResponse;
+ */
+ return null;
+ }
+
+ /**
+ * Creates the LMv2 Response from the given hash, client data, and
+ * Type 2 challenge.
+ *
+ * @param hash The NTLMv2 Hash.
+ * @param clientData The client data (blob or client challenge).
+ * @param challenge The server challenge from the Type 2 message.
+ *
+ * @return The response (either NTLMv2 or LMv2, depending on the
+ * client data).
+ */
+ private static byte[] lmv2Response(byte[] hash, byte[] clientData,
+ byte[] challenge) throws Exception {
+ byte[] data = new byte[challenge.length + clientData.length];
+ System.arraycopy(challenge, 0, data, 0, challenge.length);
+ System.arraycopy(clientData, 0, data, challenge.length,
+ clientData.length);
+ byte[] mac = hmacMD5(data, hash);
+ byte[] lmv2Response = new byte[mac.length + clientData.length];
+ System.arraycopy(mac, 0, lmv2Response, 0, mac.length);
+ System.arraycopy(clientData, 0, lmv2Response, mac.length,
+ clientData.length);
+ return lmv2Response;
+ }
+
+ /**
+ * Creates the NTLMv2 blob from the given target information block and
+ * client challenge.
+ *
+ * @param targetInformation The target information block from the Type 2
+ * message.
+ * @param clientChallenge The random 8-byte client challenge.
+ *
+ * @return The blob, used in the calculation of the NTLMv2 Response.
+ */
+ private static byte[] createBlob(byte[] targetInformation,
+ byte[] clientChallenge) {
+ byte[] blobSignature = new byte[] {
+ (byte) 0x01, (byte) 0x01, (byte) 0x00, (byte) 0x00
};
-
- private static final JS.Callable dateRange = new JS.Callable() {
- public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
- throw new JS.Exn("XWT does not support dateRange() in PAC scripts");
- }
+ byte[] reserved = new byte[] {
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00
};
-
- private static final JS.Callable timeRange = new JS.Callable() {
- public Object call(org.xwt.js.JS.Array args) throws JS.Exn {
- throw new JS.Exn("XWT does not support timeRange() in PAC scripts");
- }
+ byte[] unknown1 = new byte[] {
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00
};
-
- }
+ byte[] unknown2 = new byte[] {
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00
+ };
+ long time = System.currentTimeMillis();
+ time += 11644473600000l; // milliseconds from January 1, 1601 -> epoch.
+ time *= 10000; // tenths of a microsecond.
+ // convert to little-endian byte array.
+ byte[] timestamp = new byte[8];
+ for (int i = 0; i < 8; i++) {
+ timestamp[i] = (byte) time;
+ time >>>= 8;
+ }
+ byte[] blob = new byte[blobSignature.length + reserved.length +
+ timestamp.length + clientChallenge.length +
+ unknown1.length + targetInformation.length +
+ unknown2.length];
+ int offset = 0;
+ System.arraycopy(blobSignature, 0, blob, offset, blobSignature.length);
+ offset += blobSignature.length;
+ System.arraycopy(reserved, 0, blob, offset, reserved.length);
+ offset += reserved.length;
+ System.arraycopy(timestamp, 0, blob, offset, timestamp.length);
+ offset += timestamp.length;
+ System.arraycopy(clientChallenge, 0, blob, offset,
+ clientChallenge.length);
+ offset += clientChallenge.length;
+ System.arraycopy(unknown1, 0, blob, offset, unknown1.length);
+ offset += unknown1.length;
+ System.arraycopy(targetInformation, 0, blob, offset,
+ targetInformation.length);
+ offset += targetInformation.length;
+ System.arraycopy(unknown2, 0, blob, offset, unknown2.length);
+ return blob;
+ }
- }
+ /**
+ * Calculates the HMAC-MD5 hash of the given data using the specified
+ * hashing key.
+ *
+ * @param data The data for which the hash will be calculated.
+ * @param key The hashing key.
+ *
+ * @return The HMAC-MD5 hash of the given data.
+ */
+ private static byte[] hmacMD5(byte[] data, byte[] key) throws Exception {
+ byte[] ipad = new byte[64];
+ byte[] opad = new byte[64];
+ for (int i = 0; i < 64; i++) {
+ ipad[i] = (byte) 0x36;
+ opad[i] = (byte) 0x5c;
+ }
+ for (int i = key.length - 1; i >= 0; i--) {
+ ipad[i] ^= key[i];
+ opad[i] ^= key[i];
+ }
+ byte[] content = new byte[data.length + 64];
+ System.arraycopy(ipad, 0, content, 0, 64);
+ System.arraycopy(data, 0, content, 64, data.length);
+ MD5Digest md5 = new MD5Digest();
+ md5.update(content, 0, content.length);
+ data = new byte[md5.getDigestSize()];
+ md5.doFinal(data, 0);
+ content = new byte[data.length + 64];
+ System.arraycopy(opad, 0, content, 0, 64);
+ System.arraycopy(data, 0, content, 64, data.length);
+ md5 = new MD5Digest();
+ md5.update(content, 0, content.length);
+ byte[] ret = new byte[md5.getDigestSize()];
+ md5.doFinal(ret, 0);
+ return ret;
+ }
+ /**
+ * Creates a DES encryption key from the given key material.
+ *
+ * @param bytes A byte array containing the DES key material.
+ * @param offset The offset in the given byte array at which
+ * the 7-byte key material starts.
+ *
+ * @return A DES encryption key created from the key material
+ * starting at the specified offset in the given byte array.
+ */
+ /*
+ private static Key createDESKey(byte[] bytes, int offset) {
+ byte[] keyBytes = new byte[7];
+ System.arraycopy(bytes, offset, keyBytes, 0, 7);
+ byte[] material = new byte[8];
+ material[0] = keyBytes[0];
+ material[1] = (byte) (keyBytes[0] << 7 | (keyBytes[1] & 0xff) >>> 1);
+ material[2] = (byte) (keyBytes[1] << 6 | (keyBytes[2] & 0xff) >>> 2);
+ material[3] = (byte) (keyBytes[2] << 5 | (keyBytes[3] & 0xff) >>> 3);
+ material[4] = (byte) (keyBytes[3] << 4 | (keyBytes[4] & 0xff) >>> 4);
+ material[5] = (byte) (keyBytes[4] << 3 | (keyBytes[5] & 0xff) >>> 5);
+ material[6] = (byte) (keyBytes[5] << 2 | (keyBytes[6] & 0xff) >>> 6);
+ material[7] = (byte) (keyBytes[6] << 1);
+ oddParity(material);
+ return new SecretKeySpec(material, "DES");
+ }
+ */
+
+ /**
+ * Applies odd parity to the given byte array.
+ *
+ * @param bytes The data whose parity bits are to be adjusted for
+ * odd parity.
+ */
+ private static void oddParity(byte[] bytes) {
+ for (int i = 0; i < bytes.length; i++) {
+ byte b = bytes[i];
+ boolean needsParity = (((b >>> 7) ^ (b >>> 6) ^ (b >>> 5) ^
+ (b >>> 4) ^ (b >>> 3) ^ (b >>> 2) ^
+ (b >>> 1)) & 0x01) == 0;
+ if (needsParity) {
+ bytes[i] |= (byte) 0x01;
+ } else {
+ bytes[i] &= (byte) 0xfe;
+ }
+ }
+ }
+
+ }
+ }
}
projects / org.ibex.core.git / blobdiff