Examples with AuthenticationException org.apache.commons.httpclient.auth.AuthenticationException used on opensource projects

Example 6 with AuthenticationException

use of org.apache.commons.httpclient.auth.AuthenticationException in project zaproxy by zaproxy.

the class ZapNTLMEngineImpl method lmResponse.

/**
     * Creates the LM Response from the given hash and Type 2 challenge.
     *
     * @param hash
     *            The LM or NTLM Hash.
     * @param challenge
     *            The server challenge from the Type 2 message.
     *
     * @return The response (either LM or NTLM, depending on the provided hash).
     */
private static byte[] lmResponse(final byte[] hash, final byte[] challenge) throws AuthenticationException {
    try {
        final byte[] keyBytes = new byte[21];
        System.arraycopy(hash, 0, keyBytes, 0, 16);
        final Key lowKey = createDESKey(keyBytes, 0);
        final Key middleKey = createDESKey(keyBytes, 7);
        final Key highKey = createDESKey(keyBytes, 14);
        final Cipher des = Cipher.getInstance("DES/ECB/NoPadding");
        des.init(Cipher.ENCRYPT_MODE, lowKey);
        final byte[] lowResponse = des.doFinal(challenge);
        des.init(Cipher.ENCRYPT_MODE, middleKey);
        final byte[] middleResponse = des.doFinal(challenge);
        des.init(Cipher.ENCRYPT_MODE, highKey);
        final byte[] highResponse = des.doFinal(challenge);
        final byte[] lmResponse = new byte[24];
        System.arraycopy(lowResponse, 0, lmResponse, 0, 8);
        System.arraycopy(middleResponse, 0, lmResponse, 8, 8);
        System.arraycopy(highResponse, 0, lmResponse, 16, 8);
        return lmResponse;
    } catch (Exception e) {
        throw new AuthenticationException(e.getMessage(), e);
    }
}

Example 7 with AuthenticationException

use of org.apache.commons.httpclient.auth.AuthenticationException in project zaproxy by zaproxy.

the class ZapNTLMScheme method authenticate.

@Override
public String authenticate(Credentials credentials, HttpMethod method) throws AuthenticationException {
    NTCredentials ntcredentials = null;
    try {
        ntcredentials = (NTCredentials) credentials;
    } catch (final ClassCastException e) {
        throw new AuthenticationException("Credentials cannot be used for NTLM authentication: " + credentials.getClass().getName());
    }
    String response = null;
    if (this.state == State.FAILED) {
        throw new AuthenticationException("NTLM authentication failed");
    } else if (this.state == State.CHALLENGE_RECEIVED) {
        response = this.engine.generateType1Msg(ntcredentials.getDomain(), ntcredentials.getHost());
        this.state = State.MSG_TYPE1_GENERATED;
    } else if (this.state == State.MSG_TYPE2_RECEVIED) {
        response = this.engine.generateType3Msg(ntcredentials.getUserName(), ntcredentials.getPassword(), ntcredentials.getDomain(), ntcredentials.getHost(), this.challenge);
        this.state = State.MSG_TYPE3_GENERATED;
    } else {
        throw new AuthenticationException("Unexpected state: " + this.state);
    }
    return "NTLM " + response;
}

Example 8 with AuthenticationException

use of org.apache.commons.httpclient.auth.AuthenticationException in project zaproxy by zaproxy.

the class ZapNTLMEngineImpl method lmHash.

/**
     * Creates the LM Hash of the user's password.
     *
     * @param password
     *            The password.
     *
     * @return The LM Hash of the given password, used in the calculation of the
     *         LM Response.
     */
private static byte[] lmHash(final String password) throws AuthenticationException {
    try {
        final byte[] oemPassword = password.toUpperCase(Locale.US).getBytes("US-ASCII");
        final int length = Math.min(oemPassword.length, 14);
        final byte[] keyBytes = new byte[14];
        System.arraycopy(oemPassword, 0, keyBytes, 0, length);
        final Key lowKey = createDESKey(keyBytes, 0);
        final Key highKey = createDESKey(keyBytes, 7);
        final byte[] magicConstant = "KGS!@#$%".getBytes("US-ASCII");
        final Cipher des = Cipher.getInstance("DES/ECB/NoPadding");
        des.init(Cipher.ENCRYPT_MODE, lowKey);
        final byte[] lowHash = des.doFinal(magicConstant);
        des.init(Cipher.ENCRYPT_MODE, highKey);
        final byte[] highHash = des.doFinal(magicConstant);
        final byte[] lmHash = new byte[16];
        System.arraycopy(lowHash, 0, lmHash, 0, 8);
        System.arraycopy(highHash, 0, lmHash, 8, 8);
        return lmHash;
    } catch (Exception e) {
        throw new AuthenticationException(e.getMessage(), e);
    }
}

Example 9 with AuthenticationException

use of org.apache.commons.httpclient.auth.AuthenticationException in project zaproxy by zaproxy.

the class ZapNTLMEngineImpl method lmv2Hash.

/**
     * Creates the LMv2 Hash of the user's password.
     *
     * @return The LMv2 Hash, used in the calculation of the NTLMv2 and LMv2
     *         Responses.
     */
private static byte[] lmv2Hash(final String domain, final String user, final byte[] ntlmHash) throws AuthenticationException {
    try {
        final HMACMD5 hmacMD5 = new HMACMD5(ntlmHash);
        // Upper case username, upper case domain!
        hmacMD5.update(user.toUpperCase(Locale.US).getBytes("UnicodeLittleUnmarked"));
        if (domain != null) {
            hmacMD5.update(domain.toUpperCase(Locale.US).getBytes("UnicodeLittleUnmarked"));
        }
        return hmacMD5.getOutput();
    } catch (UnsupportedEncodingException e) {
        throw new AuthenticationException("Unicode not supported! " + e.getMessage(), e);
    }
}

Example 10 with AuthenticationException

use of org.apache.commons.httpclient.auth.AuthenticationException in project zaproxy by zaproxy.

the class HttpMethodDirector method executeConnect.

/**
     * Executes a ConnectMethod to establish a tunneled connection.
     * 
     * @return <code>true</code> if the connect was successful
     * 
     * @throws IOException
     * @throws HttpException
     */
private boolean executeConnect() throws IOException, HttpException {
    this.connectMethod = new ConnectMethod(this.hostConfiguration);
    this.connectMethod.getParams().setDefaults(this.hostConfiguration.getParams());
    String agent = (String) getParams().getParameter(PARAM_DEFAULT_USER_AGENT_CONNECT_REQUESTS);
    if (agent != null) {
        this.connectMethod.setRequestHeader("User-Agent", agent);
    }
    int code;
    for (; ; ) {
        if (!this.conn.isOpen()) {
            this.conn.open();
        }
        if (this.params.isAuthenticationPreemptive() || this.state.isAuthenticationPreemptive()) {
            LOG.debug("Preemptively sending default basic credentials");
            this.connectMethod.getProxyAuthState().setPreemptive();
            this.connectMethod.getProxyAuthState().setAuthAttempted(true);
        }
        try {
            authenticateProxy(this.connectMethod);
        } catch (AuthenticationException e) {
            LOG.error(e.getMessage(), e);
        }
        applyConnectionParams(this.connectMethod);
        this.connectMethod.execute(state, this.conn);
        code = this.connectMethod.getStatusCode();
        boolean retry = false;
        AuthState authstate = this.connectMethod.getProxyAuthState();
        authstate.setAuthRequested(code == HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED);
        if (authstate.isAuthRequested()) {
            if (processAuthenticationResponse(this.connectMethod)) {
                retry = true;
            }
        }
        if (!retry) {
            break;
        }
        if (this.connectMethod.getResponseBodyAsStream() != null) {
            this.connectMethod.getResponseBodyAsStream().close();
        }
    }
    if ((code >= 200) && (code < 300)) {
        this.conn.tunnelCreated();
        // Drop the connect method, as it is no longer needed
        this.connectMethod = null;
        return true;
    } else {
        return false;
    }
}