jdk/src/java.base/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java - platform/libcore - Git at Google

 /*
  * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License version 2 only, as
  * published by the Free Software Foundation.  Oracle designates this
  * particular file as subject to the "Classpath" exception as provided
  * by Oracle in the LICENSE file that accompanied this code.
  *
  * This code is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * version 2 for more details (a copy is included in the LICENSE file that
  * accompanied this code).
  *
  * You should have received a copy of the GNU General Public License version
  * 2 along with this work; if not, write to the Free Software Foundation,
  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  *
  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  * or visit www.oracle.com if you need additional information or have any
  * questions.
  */

 package sun.net.www.protocol.http.ntlm;

 import java.io.IOException;
 import java.net.InetAddress;
 import java.net.PasswordAuthentication;
 import java.net.UnknownHostException;
 import java.net.URL;
 import java.util.Objects;
 import sun.net.www.HeaderParser;
 import sun.net.www.protocol.http.AuthenticationInfo;
 import sun.net.www.protocol.http.AuthScheme;
 import sun.net.www.protocol.http.HttpURLConnection;
 import sun.security.action.GetPropertyAction;

 /**
  * NTLMAuthentication:
  *
  * @author Michael McMahon
  */

 public class NTLMAuthentication extends AuthenticationInfo {

     private static final long serialVersionUID = 100L;

     private static final NTLMAuthenticationCallback NTLMAuthCallback =
         NTLMAuthenticationCallback.getNTLMAuthenticationCallback();

     private String hostname;
     private static String defaultDomain; /* Domain to use if not specified by user */

     static {
         defaultDomain = GetPropertyAction
                 .privilegedGetProperty("http.auth.ntlm.domain", "domain");
     };

     private void init0() {

         hostname = java.security.AccessController.doPrivileged(
             new java.security.PrivilegedAction<String>() {
             public String run() {
                 String localhost;
                 try {
                     localhost = InetAddress.getLocalHost().getHostName().toUpperCase();
                 } catch (UnknownHostException e) {
                      localhost = "localhost";
                 }
                 return localhost;
             }
         });
         int x = hostname.indexOf ('.');
         if (x != -1) {
             hostname = hostname.substring (0, x);
         }
     }

     String username;
     String ntdomain;
     String password;

     /**
      * Create a NTLMAuthentication:
      * Username may be specified as {@literal domain<BACKSLASH>username}
      * in the application Authenticator.
      * If this notation is not used, then the domain will be taken
      * from a system property: "http.auth.ntlm.domain".
      */
     public NTLMAuthentication(boolean isProxy, URL url, PasswordAuthentication pw,
                               String authenticatorKey) {
         super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION,
               AuthScheme.NTLM,
               url,
               "",
               Objects.requireNonNull(authenticatorKey));
         init (pw);
     }

     private void init (PasswordAuthentication pw) {
         this.pw = pw;
         if (pw != null) {
             String s = pw.getUserName();
             int i = s.indexOf ('\\');
             if (i == -1) {
                 username = s;
                 ntdomain = defaultDomain;
             } else {
                 ntdomain = s.substring (0, i).toUpperCase();
                 username = s.substring (i+1);
             }
             password = new String (pw.getPassword());
         } else {
             /* credentials will be acquired from OS */
             username = null;
             ntdomain = null;
             password = null;
         }
         init0();
     }

    /**
     * Constructor used for proxy entries
     */
     public NTLMAuthentication(boolean isProxy, String host, int port,
                               PasswordAuthentication pw,
                               String authenticatorKey) {
         super(isProxy?PROXY_AUTHENTICATION:SERVER_AUTHENTICATION,
               AuthScheme.NTLM,
               host,
               port,
               "",
               Objects.requireNonNull(authenticatorKey));
         init (pw);
     }

     /**
      * @return true if this authentication supports preemptive authorization
      */
     @Override
     public boolean supportsPreemptiveAuthorization() {
         return false;
     }

     /**
      * @return true if NTLM supported transparently (no password needed, SSO)
      */
     public static boolean supportsTransparentAuth() {
         return true;
     }

     /**
      * Returns true if the given site is trusted, i.e. we can try
      * transparent Authentication.
      */
     public static boolean isTrustedSite(URL url) {
         return NTLMAuthCallback.isTrustedSite(url);
     }

     /**
      * Not supported. Must use the setHeaders() method
      */
     @Override
     public String getHeaderValue(URL url, String method) {
         throw new RuntimeException ("getHeaderValue not supported");
     }

     /**
      * Check if the header indicates that the current auth. parameters are stale.
      * If so, then replace the relevant field with the new value
      * and return true. Otherwise return false.
      * returning true means the request can be retried with the same userid/password
      * returning false means we have to go back to the user to ask for a new
      * username password.
      */
     @Override
     public boolean isAuthorizationStale (String header) {
         return false; /* should not be called for ntlm */
     }

     /**
      * Set header(s) on the given connection.
      * @param conn The connection to apply the header(s) to
      * @param p A source of header values for this connection, not used because
      *          HeaderParser converts the fields to lower case, use raw instead
      * @param raw The raw header field.
      * @return true if all goes well, false if no headers were set.
      */
     @Override
     public synchronized boolean setHeaders(HttpURLConnection conn, HeaderParser p, String raw) {

         try {
             NTLMAuthSequence seq = (NTLMAuthSequence)conn.authObj();
             if (seq == null) {
                 seq = new NTLMAuthSequence (username, password, ntdomain);
                 conn.authObj(seq);
             }
             String response = "NTLM " + seq.getAuthHeader (raw.length()>6?raw.substring(5):null);
             conn.setAuthenticationProperty(getHeaderName(), response);
             if (seq.isComplete()) {
                 conn.authObj(null);
             }
             return true;
         } catch (IOException e) {
             conn.authObj(null);
             return false;
         }
     }

 }
	/*
	* Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
	*
	* This code is free software; you can redistribute it and/or modify it
	* under the terms of the GNU General Public License version 2 only, as
	* published by the Free Software Foundation. Oracle designates this
	* particular file as subject to the "Classpath" exception as provided
	* by Oracle in the LICENSE file that accompanied this code.
	*
	* This code is distributed in the hope that it will be useful, but WITHOUT
	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	* version 2 for more details (a copy is included in the LICENSE file that
	* accompanied this code).
	*
	* You should have received a copy of the GNU General Public License version
	* 2 along with this work; if not, write to the Free Software Foundation,
	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
	*
	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
	* or visit www.oracle.com if you need additional information or have any
	* questions.
	*/

	package sun.net.www.protocol.http.ntlm;

	import java.io.IOException;
	import java.net.InetAddress;
	import java.net.PasswordAuthentication;
	import java.net.UnknownHostException;
	import java.net.URL;
	import java.util.Objects;
	import sun.net.www.HeaderParser;
	import sun.net.www.protocol.http.AuthenticationInfo;
	import sun.net.www.protocol.http.AuthScheme;
	import sun.net.www.protocol.http.HttpURLConnection;
	import sun.security.action.GetPropertyAction;

	/**
	* NTLMAuthentication:
	*
	* @author Michael McMahon
	*/

	public class NTLMAuthentication extends AuthenticationInfo {

	private static final long serialVersionUID = 100L;

	private static final NTLMAuthenticationCallback NTLMAuthCallback =
	NTLMAuthenticationCallback.getNTLMAuthenticationCallback();

	private String hostname;
	private static String defaultDomain; /* Domain to use if not specified by user */

	static {
	defaultDomain = GetPropertyAction
	.privilegedGetProperty("http.auth.ntlm.domain", "domain");
	};

	private void init0() {

	hostname = java.security.AccessController.doPrivileged(
	new java.security.PrivilegedAction<String>() {
	public String run() {
	String localhost;
	try {
	localhost = InetAddress.getLocalHost().getHostName().toUpperCase();
	} catch (UnknownHostException e) {
	localhost = "localhost";
	}
	return localhost;
	}
	});
	int x = hostname.indexOf ('.');
	if (x != -1) {
	hostname = hostname.substring (0, x);
	}
	}

	String username;
	String ntdomain;
	String password;

	/**
	* Create a NTLMAuthentication:
	* Username may be specified as {@literal domain<BACKSLASH>username}
	* in the application Authenticator.
	* If this notation is not used, then the domain will be taken
	* from a system property: "http.auth.ntlm.domain".
	*/
	public NTLMAuthentication(boolean isProxy, URL url, PasswordAuthentication pw,
	String authenticatorKey) {
	super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION,
	AuthScheme.NTLM,
	url,
	"",
	Objects.requireNonNull(authenticatorKey));
	init (pw);
	}

	private void init (PasswordAuthentication pw) {
	this.pw = pw;
	if (pw != null) {
	String s = pw.getUserName();
	int i = s.indexOf ('\\');
	if (i == -1) {
	username = s;
	ntdomain = defaultDomain;
	} else {
	ntdomain = s.substring (0, i).toUpperCase();
	username = s.substring (i+1);
	}
	password = new String (pw.getPassword());
	} else {
	/* credentials will be acquired from OS */
	username = null;
	ntdomain = null;
	password = null;
	}
	init0();
	}

	/**
	* Constructor used for proxy entries
	*/
	public NTLMAuthentication(boolean isProxy, String host, int port,
	PasswordAuthentication pw,
	String authenticatorKey) {
	super(isProxy?PROXY_AUTHENTICATION:SERVER_AUTHENTICATION,
	AuthScheme.NTLM,
	host,
	port,
	"",
	Objects.requireNonNull(authenticatorKey));
	init (pw);
	}

	/**
	* @return true if this authentication supports preemptive authorization
	*/
	@Override
	public boolean supportsPreemptiveAuthorization() {
	return false;
	}

	/**
	* @return true if NTLM supported transparently (no password needed, SSO)
	*/
	public static boolean supportsTransparentAuth() {
	return true;
	}

	/**
	* Returns true if the given site is trusted, i.e. we can try
	* transparent Authentication.
	*/
	public static boolean isTrustedSite(URL url) {
	return NTLMAuthCallback.isTrustedSite(url);
	}

	/**
	* Not supported. Must use the setHeaders() method
	*/
	@Override
	public String getHeaderValue(URL url, String method) {
	throw new RuntimeException ("getHeaderValue not supported");
	}

	/**
	* Check if the header indicates that the current auth. parameters are stale.
	* If so, then replace the relevant field with the new value
	* and return true. Otherwise return false.
	* returning true means the request can be retried with the same userid/password
	* returning false means we have to go back to the user to ask for a new
	* username password.
	*/
	@Override
	public boolean isAuthorizationStale (String header) {
	return false; /* should not be called for ntlm */
	}

	/**
	* Set header(s) on the given connection.
	* @param conn The connection to apply the header(s) to
	* @param p A source of header values for this connection, not used because
	* HeaderParser converts the fields to lower case, use raw instead
	* @param raw The raw header field.
	* @return true if all goes well, false if no headers were set.
	*/
	@Override
	public synchronized boolean setHeaders(HttpURLConnection conn, HeaderParser p, String raw) {

	try {
	NTLMAuthSequence seq = (NTLMAuthSequence)conn.authObj();
	if (seq == null) {
	seq = new NTLMAuthSequence (username, password, ntdomain);
	conn.authObj(seq);
	}
	String response = "NTLM " + seq.getAuthHeader (raw.length()>6?raw.substring(5):null);
	conn.setAuthenticationProperty(getHeaderName(), response);
	if (seq.isComplete()) {
	conn.authObj(null);
	}
	return true;
	} catch (IOException e) {
	conn.authObj(null);
	return false;
	}
	}

	}