Example 1 with AuthenticationException
use of org.apache.commons.httpclient.auth.AuthenticationException in project zaproxy by zaproxy.
the class ZapNTLMEngineImpl method ntlmHash.
/**
* Creates the NTLM Hash of the user's password.
*
* @param password
* The password.
*
* @return The NTLM Hash of the given password, used in the calculation of
* the NTLM Response and the NTLMv2 and LMv2 Hashes.
*/
private static byte[] ntlmHash(final String password) throws AuthenticationException {
try {
final byte[] unicodePassword = password.getBytes("UnicodeLittleUnmarked");
final MD4 md4 = new MD4();
md4.update(unicodePassword);
return md4.getOutput();
} catch (UnsupportedEncodingException e) {
throw new AuthenticationException("Unicode not supported: " + e.getMessage(), e);
}
}
Also used :
AuthenticationException(org.apache.commons.httpclient.auth.AuthenticationException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Example 2 with AuthenticationException
use of org.apache.commons.httpclient.auth.AuthenticationException in project zaproxy by zaproxy.
the class ZapNTLMEngineImpl method readSecurityBuffer.
private static byte[] readSecurityBuffer(final byte[] src, final int index) throws AuthenticationException {
final int length = readUShort(src, index);
final int offset = readULong(src, index + 4);
if (src.length < offset + length)
throw new AuthenticationException("NTLM authentication - buffer too small for data item");
final byte[] buffer = new byte[length];
System.arraycopy(src, offset, buffer, 0, length);
return buffer;
}
Also used :
AuthenticationException(org.apache.commons.httpclient.auth.AuthenticationException)
Example 3 with AuthenticationException
use of org.apache.commons.httpclient.auth.AuthenticationException in project zaproxy by zaproxy.
the class ZapNTLMEngineImpl method RC4.
/** Calculates RC4 */
static byte[] RC4(final byte[] value, final byte[] key) throws AuthenticationException {
try {
final Cipher rc4 = Cipher.getInstance("RC4");
rc4.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, "RC4"));
return rc4.doFinal(value);
} catch (Exception e) {
throw new AuthenticationException(e.getMessage(), e);
}
}
Also used :
AuthenticationException(org.apache.commons.httpclient.auth.AuthenticationException)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
Cipher(javax.crypto.Cipher)
AuthenticationException(org.apache.commons.httpclient.auth.AuthenticationException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Example 4 with AuthenticationException
use of org.apache.commons.httpclient.auth.AuthenticationException in project zaproxy by zaproxy.
the class ZapNTLMEngineImpl method ntlmv2Hash.
/**
* Creates the NTLMv2 Hash of the user's password.
*
* @return The NTLMv2 Hash, used in the calculation of the NTLMv2 and LMv2
* Responses.
*/
private static byte[] ntlmv2Hash(final String domain, final String user, final byte[] ntlmHash) throws AuthenticationException {
try {
final HMACMD5 hmacMD5 = new HMACMD5(ntlmHash);
// Upper case username, mixed case target!!
hmacMD5.update(user.toUpperCase(Locale.US).getBytes("UnicodeLittleUnmarked"));
if (domain != null) {
hmacMD5.update(domain.getBytes("UnicodeLittleUnmarked"));
}
return hmacMD5.getOutput();
} catch (UnsupportedEncodingException e) {
throw new AuthenticationException("Unicode not supported! " + e.getMessage(), e);
}
}
Also used :
AuthenticationException(org.apache.commons.httpclient.auth.AuthenticationException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Example 5 with AuthenticationException
use of org.apache.commons.httpclient.auth.AuthenticationException in project zaproxy by zaproxy.
the class ZapNTLMEngineImpl method ntlm2SessionResponse.
/**
* Calculates the NTLM2 Session Response for the given challenge, using the
* specified password and client challenge.
*
* @return The NTLM2 Session Response. This is placed in the NTLM response
* field of the Type 3 message; the LM response field contains the
* client challenge, null-padded to 24 bytes.
*/
static byte[] ntlm2SessionResponse(final byte[] ntlmHash, final byte[] challenge, final byte[] clientChallenge) throws AuthenticationException {
try {
// Look up MD5 algorithm (was necessary on jdk 1.4.2)
// This used to be needed, but java 1.5.0_07 includes the MD5
// algorithm (finally)
// Class x = Class.forName("gnu.crypto.hash.MD5");
// Method updateMethod = x.getMethod("update",new
// Class[]{byte[].class});
// Method digestMethod = x.getMethod("digest",new Class[0]);
// Object mdInstance = x.newInstance();
// updateMethod.invoke(mdInstance,new Object[]{challenge});
// updateMethod.invoke(mdInstance,new Object[]{clientChallenge});
// byte[] digest = (byte[])digestMethod.invoke(mdInstance,new
// Object[0]);
final MessageDigest md5 = MessageDigest.getInstance("MD5");
md5.update(challenge);
md5.update(clientChallenge);
final byte[] digest = md5.digest();
final byte[] sessionHash = new byte[8];
System.arraycopy(digest, 0, sessionHash, 0, 8);
return lmResponse(ntlmHash, sessionHash);
} catch (Exception e) {
if (e instanceof AuthenticationException)
throw (AuthenticationException) e;
throw new AuthenticationException(e.getMessage(), e);
}
}
Also used :
AuthenticationException(org.apache.commons.httpclient.auth.AuthenticationException)
MessageDigest(java.security.MessageDigest)
AuthenticationException(org.apache.commons.httpclient.auth.AuthenticationException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Aggregations
AuthenticationException (org.apache.commons.httpclient.auth.AuthenticationException)10
UnsupportedEncodingException (java.io.UnsupportedEncodingException)7
Cipher (javax.crypto.Cipher)3
Key (java.security.Key)2
MessageDigest (java.security.MessageDigest)1
SecretKeySpec (javax.crypto.spec.SecretKeySpec)1
NTCredentials (org.apache.commons.httpclient.NTCredentials)1
AuthState (org.apache.commons.httpclient.auth.AuthState)1
