Class NTLMEngine

  • All Implemented Interfaces:
    INTLMEngine

    final class NTLMEngine
    extends java.lang.Object
    implements INTLMEngine
    Provides an implementation for NTLMv1, NTLMv2, and NTLM2 Session forms of the NTLM authentication protocol.
    Since:
    4.1
    • Constructor Summary

      Constructors 
      Constructor Description
      NTLMEngine()  
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      private static java.lang.String convertDomain​(java.lang.String domain)
      Convert domain to standard form
      private static java.lang.String convertHost​(java.lang.String host)
      Convert host to standard form
      private static byte[] createBlob​(byte[] clientChallenge, byte[] targetInformation, byte[] timestamp)
      Creates the NTLMv2 blob from the given target information block and client challenge.
      private static java.security.Key createDESKey​(byte[] bytes, int offset)
      Creates a DES encryption key from the given key material.
      (package private) static int F​(int x, int y, int z)  
      (package private) static int G​(int x, int y, int z)  
      java.lang.String generateType1Msg​(java.lang.String domain, java.lang.String workstation)  
      java.lang.String generateType3Msg​(java.lang.String username, char[] password, java.lang.String domain, java.lang.String workstation, java.lang.String challenge)  
      (package private) java.lang.String getCredentialCharset()  
      (package private) java.lang.String getResponseFor​(java.lang.String message, java.lang.String username, char[] password, java.lang.String host, java.lang.String domain)
      Returns the response for the given message.
      (package private) java.lang.String getType1Message​(java.lang.String host, java.lang.String domain)
      Creates the first message (type 1 message) in the NTLM authentication sequence.
      (package private) java.lang.String getType3Message​(java.lang.String user, char[] password, java.lang.String host, java.lang.String domain, byte[] nonce, int type2Flags, java.lang.String target, byte[] targetInformation)
      Creates the type 3 message using the given server nonce.
      (package private) static int H​(int x, int y, int z)  
      (package private) static byte[] hmacMD5​(byte[] value, byte[] key)
      Calculates HMAC-MD5
      private static byte[] lmHash​(char[] password)
      Creates the LM Hash of the user's password.
      private static byte[] lmResponse​(byte[] hash, byte[] challenge)
      Creates the LM Response from the given hash and Type 2 challenge.
      private static byte[] lmv2Hash​(java.lang.String domain, java.lang.String user, byte[] ntlmHash)
      Creates the LMv2 Hash of the user's password.
      private static byte[] lmv2Response​(byte[] hash, byte[] challenge, byte[] clientData)
      Creates the LMv2 Response from the given hash, client data, and Type 2 challenge.
      private static byte[] makeRandomChallenge()
      Calculate a challenge block
      private static byte[] makeSecondaryKey()
      Calculate a 16-byte secondary key
      (package private) static byte[] ntlm2SessionResponse​(byte[] ntlmHash, byte[] challenge, byte[] clientChallenge)
      Calculates the NTLM2 Session Response for the given challenge, using the specified password and client challenge.
      private static byte[] ntlmHash​(char[] password)
      Creates the NTLM Hash of the user's password.
      private static byte[] ntlmv2Hash​(java.lang.String domain, java.lang.String user, byte[] ntlmHash)
      Creates the NTLMv2 Hash of the user's password.
      private static void oddParity​(byte[] bytes)
      Applies odd parity to the given byte array.
      (package private) static byte[] RC4​(byte[] value, byte[] key)
      Calculates RC4
      private static byte[] readSecurityBuffer​(byte[] src, int index)  
      private static int readULong​(byte[] src, int index)  
      private static int readUShort​(byte[] src, int index)  
      (package private) static int rotintlft​(int val, int numbits)  
      (package private) void setCredentialCharset​(java.lang.String credentialCharset)  
      private static java.lang.String stripDotSuffix​(java.lang.String value)
      Strip dot suffix from a name
      (package private) static void writeULong​(byte[] buffer, int value, int offset)  
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • FLAG_REQUEST_UNICODE_ENCODING

        protected static final int FLAG_REQUEST_UNICODE_ENCODING
        See Also:
        Constant Field Values
      • FLAG_REQUEST_LAN_MANAGER_KEY

        protected static final int FLAG_REQUEST_LAN_MANAGER_KEY
        See Also:
        Constant Field Values
      • FLAG_WORKSTATION_PRESENT

        protected static final int FLAG_WORKSTATION_PRESENT
        See Also:
        Constant Field Values
      • FLAG_REQUEST_ALWAYS_SIGN

        protected static final int FLAG_REQUEST_ALWAYS_SIGN
        See Also:
        Constant Field Values
      • FLAG_REQUEST_NTLM2_SESSION

        protected static final int FLAG_REQUEST_NTLM2_SESSION
        See Also:
        Constant Field Values
      • FLAG_TARGETINFO_PRESENT

        protected static final int FLAG_TARGETINFO_PRESENT
        See Also:
        Constant Field Values
      • FLAG_REQUEST_128BIT_KEY_EXCH

        protected static final int FLAG_REQUEST_128BIT_KEY_EXCH
        See Also:
        Constant Field Values
      • FLAG_REQUEST_EXPLICIT_KEY_EXCH

        protected static final int FLAG_REQUEST_EXPLICIT_KEY_EXCH
        See Also:
        Constant Field Values
      • FLAG_REQUEST_56BIT_ENCRYPTION

        protected static final int FLAG_REQUEST_56BIT_ENCRYPTION
        See Also:
        Constant Field Values
      • RND_GEN

        private static final java.security.SecureRandom RND_GEN
        Secure random generator
      • DEFAULT_CHARSET

        static final java.lang.String DEFAULT_CHARSET
        Character encoding
        See Also:
        Constant Field Values
      • credentialCharset

        private java.lang.String credentialCharset
        The character set to use for encoding the credentials
      • SIGNATURE

        private static final byte[] SIGNATURE
        The signature string as bytes in the default encoding
    • Constructor Detail

      • NTLMEngine

        NTLMEngine()
    • Method Detail

      • getResponseFor

        final java.lang.String getResponseFor​(java.lang.String message,
                                              java.lang.String username,
                                              char[] password,
                                              java.lang.String host,
                                              java.lang.String domain)
                                       throws NTLMEngineException
        Returns the response for the given message.
        Parameters:
        message - the message that was received from the server.
        username - the username to authenticate with.
        password - the password to authenticate with.
        host - The host.
        domain - the NT domain to authenticate in.
        Returns:
        The response.
        Throws:
        NTLMEngineException - If the messages cannot be retrieved.
      • getType1Message

        java.lang.String getType1Message​(java.lang.String host,
                                         java.lang.String domain)
                                  throws NTLMEngineException
        Creates the first message (type 1 message) in the NTLM authentication sequence. This message includes the user name, domain and host for the authentication session.
        Parameters:
        host - the computer name of the host requesting authentication.
        domain - The domain to authenticate with.
        Returns:
        String the message to add to the HTTP request header.
        Throws:
        NTLMEngineException
      • getType3Message

        java.lang.String getType3Message​(java.lang.String user,
                                         char[] password,
                                         java.lang.String host,
                                         java.lang.String domain,
                                         byte[] nonce,
                                         int type2Flags,
                                         java.lang.String target,
                                         byte[] targetInformation)
                                  throws NTLMEngineException
        Creates the type 3 message using the given server nonce. The type 3 message includes all the information for authentication, host, domain, username and the result of encrypting the nonce sent by the server using the user's password as the key.
        Parameters:
        user - The user name. This should not include the domain name.
        password - The password.
        host - The host that is originating the authentication request.
        domain - The domain to authenticate within.
        nonce - the 8 byte array the server sent.
        Returns:
        The type 3 message.
        Throws:
        NTLMEngineException - If RC4(byte[],byte[]) fails.
      • getCredentialCharset

        java.lang.String getCredentialCharset()
        Returns:
        Returns the credentialCharset.
      • setCredentialCharset

        void setCredentialCharset​(java.lang.String credentialCharset)
        Parameters:
        credentialCharset - The credentialCharset to set.
      • stripDotSuffix

        private static java.lang.String stripDotSuffix​(java.lang.String value)
        Strip dot suffix from a name
      • convertHost

        private static java.lang.String convertHost​(java.lang.String host)
        Convert host to standard form
      • convertDomain

        private static java.lang.String convertDomain​(java.lang.String domain)
        Convert domain to standard form
      • ntlm2SessionResponse

        static byte[] ntlm2SessionResponse​(byte[] ntlmHash,
                                           byte[] challenge,
                                           byte[] clientChallenge)
                                    throws NTLMEngineException
        Calculates the NTLM2 Session Response for the given challenge, using the specified password and client challenge.
        Returns:
        The NTLM2 Session Response. This is placed in the NTLM response field of the Type 3 message; the LM response field contains the client challenge, null-padded to 24 bytes.
        Throws:
        NTLMEngineException
      • lmHash

        private static byte[] lmHash​(char[] password)
                              throws NTLMEngineException
        Creates the LM Hash of the user's password.
        Parameters:
        password - The password.
        Returns:
        The LM Hash of the given password, used in the calculation of the LM Response.
        Throws:
        NTLMEngineException
      • ntlmHash

        private static byte[] ntlmHash​(char[] password)
                                throws NTLMEngineException
        Creates the NTLM Hash of the user's password.
        Parameters:
        password - The password.
        Returns:
        The NTLM Hash of the given password, used in the calculation of the NTLM Response and the NTLMv2 and LMv2 Hashes.
        Throws:
        NTLMEngineException
      • lmv2Hash

        private static byte[] lmv2Hash​(java.lang.String domain,
                                       java.lang.String user,
                                       byte[] ntlmHash)
                                throws NTLMEngineException
        Creates the LMv2 Hash of the user's password.
        Returns:
        The LMv2 Hash, used in the calculation of the NTLMv2 and LMv2 Responses.
        Throws:
        NTLMEngineException
      • ntlmv2Hash

        private static byte[] ntlmv2Hash​(java.lang.String domain,
                                         java.lang.String user,
                                         byte[] ntlmHash)
                                  throws NTLMEngineException
        Creates the NTLMv2 Hash of the user's password.
        Returns:
        The NTLMv2 Hash, used in the calculation of the NTLMv2 and LMv2 Responses.
        Throws:
        NTLMEngineException
      • lmResponse

        private static byte[] lmResponse​(byte[] hash,
                                         byte[] challenge)
                                  throws NTLMEngineException
        Creates the LM Response from the given hash and Type 2 challenge.
        Parameters:
        hash - The LM or NTLM Hash.
        challenge - The server challenge from the Type 2 message.
        Returns:
        The response (either LM or NTLM, depending on the provided hash).
        Throws:
        NTLMEngineException
      • lmv2Response

        private static byte[] lmv2Response​(byte[] hash,
                                           byte[] challenge,
                                           byte[] clientData)
                                    throws NTLMEngineException
        Creates the LMv2 Response from the given hash, client data, and Type 2 challenge.
        Parameters:
        hash - The NTLMv2 Hash.
        clientData - The client data (blob or client challenge).
        challenge - The server challenge from the Type 2 message.
        Returns:
        The response (either NTLMv2 or LMv2, depending on the client data).
        Throws:
        NTLMEngineException
      • createBlob

        private static byte[] createBlob​(byte[] clientChallenge,
                                         byte[] targetInformation,
                                         byte[] timestamp)
        Creates the NTLMv2 blob from the given target information block and client challenge.
        Parameters:
        targetInformation - The target information block from the Type 2 message.
        clientChallenge - The random 8-byte client challenge.
        Returns:
        The blob, used in the calculation of the NTLMv2 Response.
      • createDESKey

        private static java.security.Key createDESKey​(byte[] bytes,
                                                      int offset)
        Creates a DES encryption key from the given key material.
        Parameters:
        bytes - A byte array containing the DES key material.
        offset - The offset in the given byte array at which the 7-byte key material starts.
        Returns:
        A DES encryption key created from the key material starting at the specified offset in the given byte array.
      • oddParity

        private static void oddParity​(byte[] bytes)
        Applies odd parity to the given byte array.
        Parameters:
        bytes - The data whose parity bits are to be adjusted for odd parity.
      • writeULong

        static void writeULong​(byte[] buffer,
                               int value,
                               int offset)
      • F

        static int F​(int x,
                     int y,
                     int z)
      • G

        static int G​(int x,
                     int y,
                     int z)
      • H

        static int H​(int x,
                     int y,
                     int z)
      • rotintlft

        static int rotintlft​(int val,
                             int numbits)