jcifs.smb

Class NtlmPasswordAuthenticator

java.lang.Object

jcifs.smb.NtlmPasswordAuthenticator

All Implemented Interfaces:

Serializable, Cloneable, Principal, Credentials, CredentialsInternal

Direct Known Subclasses:

Kerb5Authenticator, NtlmNtHashAuthenticator, NtlmPasswordAuthentication

public class NtlmPasswordAuthenticator
extends Object
implements Principal, CredentialsInternal, Serializable

This class stores and encrypts NTLM user credentials. Contrary to NtlmPasswordAuthentication this does not cause guest authentication when the "guest" username is supplied. Use NtlmPasswordAuthenticator.AuthenticationType instead.

Author:

mbechler

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	NtlmPasswordAuthenticator.AuthenticationType Authentication strategy

Constructor Summary

Constructors

Constructor and Description
NtlmPasswordAuthenticator() Construct anonymous credentials
NtlmPasswordAuthenticator(NtlmPasswordAuthenticator.AuthenticationType type)
NtlmPasswordAuthenticator(String username, String password) Create username/password credentials
NtlmPasswordAuthenticator(String domain, String username, String password) Create username/password credentials with specified domain
NtlmPasswordAuthenticator(String domain, String username, String password, NtlmPasswordAuthenticator.AuthenticationType type) Create username/password credentials with specified domain

Method Summary

Modifier and Type	Method and Description
NtlmPasswordAuthenticator	clone()
SSPContext	createContext(CIFSContext tc, String targetDomain, String host, byte[] initialToken, boolean doSigning)
boolean	equals(Object obj) Compares two NtlmPasswordAuthentication objects for equality.
byte[]	getAnsiHash(CIFSContext tc, byte[] chlng) Computes the 24 byte ANSI password hash given the 8 byte server challenge.
String	getName() Return the domain and username in the format: domain\\username.
String	getPassword() Returns the password in plain text or null if the raw password hashes were used to construct this NtlmPasswordAuthentication object which will be the case when NTLM HTTP Authentication is used.
byte[]	getSigningKey(CIFSContext tc, byte[] chlng)
String	getSpecifiedUserDomain()
Subject	getSubject()
byte[]	getUnicodeHash(CIFSContext tc, byte[] chlng) Computes the 24 byte Unicode password hash given the 8 byte server challenge.
String	getUserDomain() Returns the domain.
String	getUsername() Returns the username.
byte[]	getUserSessionKey(CIFSContext tc, byte[] chlng) Returns the effective user session key.
void	getUserSessionKey(CIFSContext tc, byte[] chlng, byte[] dest, int offset) Calculates the effective user session key.
int	hashCode() Return the upcased username hash code.
boolean	isAnonymous()
boolean	isGuest()
boolean	isPreferredMech(org.bouncycastle.asn1.ASN1ObjectIdentifier mechanism)
void	refresh()
String	toString() Return the domain and username in the format: domain\\username.
<T extends Credentials> T	unwrap(Class<T> t)

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface java.security.Principal

implies

Constructor Detail

NtlmPasswordAuthenticator

public NtlmPasswordAuthenticator()

Construct anonymous credentials

NtlmPasswordAuthenticator

public NtlmPasswordAuthenticator(NtlmPasswordAuthenticator.AuthenticationType type)

NtlmPasswordAuthenticator

public NtlmPasswordAuthenticator(String username,
                                 String password)

Create username/password credentials

Parameters:

username -

password -

NtlmPasswordAuthenticator

public NtlmPasswordAuthenticator(String domain,
                                 String username,
                                 String password)

Create username/password credentials with specified domain

Parameters:

domain -

username -

password -

NtlmPasswordAuthenticator

public NtlmPasswordAuthenticator(String domain,
                                 String username,
                                 String password,
                                 NtlmPasswordAuthenticator.AuthenticationType type)

Create username/password credentials with specified domain

Parameters:

domain -

username -

password -

type - authentication type

Method Detail

unwrap

public <T extends Credentials> T unwrap(Class<T> t)

Specified by:

unwrap in interface Credentials

Returns:

instance for type, null if the type cannot be unwrapped

getSubject

public Subject getSubject()

Specified by:

getSubject in interface CredentialsInternal

Returns:

subject associated with the credentials

refresh

public void refresh()
             throws CIFSException

Specified by:

refresh in interface CredentialsInternal

Throws:

CIFSException

createContext

public SSPContext createContext(CIFSContext tc,
                                String targetDomain,
                                String host,
                                byte[] initialToken,
                                boolean doSigning)
                         throws SmbException

Specified by:

createContext in interface CredentialsInternal

Returns:

a new context

Throws:

SmbException

See Also:

CredentialsInternal.createContext(jcifs.CIFSContext, java.lang.String, java.lang.String, byte[], boolean)

clone

public NtlmPasswordAuthenticator clone()

Specified by:

clone in interface CredentialsInternal

Overrides:

clone in class Object

Returns:

a copy of the credentials

getUserDomain

public String getUserDomain()

Returns the domain.

Specified by:

getUserDomain in interface Credentials

Returns:

the domain the user account is in

getSpecifiedUserDomain

public String getSpecifiedUserDomain()

Returns:

the original specified user domain

getUsername

public String getUsername()

Returns the username.

Returns:

the username

getPassword

public String getPassword()

Returns the password in plain text or null if the raw password hashes were used to construct this NtlmPasswordAuthentication object which will be the case when NTLM HTTP Authentication is used. There is no way to retrieve a users password in plain text unless it is supplied by the user at runtime.

Returns:

the password

getName

public String getName()

Return the domain and username in the format: domain\\username. This is equivalent to toString().

Specified by:

getName in interface Principal

equals

public boolean equals(Object obj)

Compares two NtlmPasswordAuthentication objects for equality. Two NtlmPasswordAuthentication objects are equal if their caseless domain and username fields are equal

Specified by:

equals in interface Principal

Overrides:

equals in class Object

See Also:

Object.equals(java.lang.Object)

hashCode

public int hashCode()

Return the upcased username hash code.

Specified by:

hashCode in interface Principal

Overrides:

hashCode in class Object

toString

public String toString()

Return the domain and username in the format: domain\\username. This is equivalent to getName().

Specified by:

toString in interface Principal

Overrides:

toString in class Object

isAnonymous

public boolean isAnonymous()

Specified by:

isAnonymous in interface Credentials

Returns:

whether these are anonymous credentials

isGuest

public boolean isGuest()

Specified by:

isGuest in interface Credentials

Returns:

whether these are guest credentials

isPreferredMech

public boolean isPreferredMech(org.bouncycastle.asn1.ASN1ObjectIdentifier mechanism)

Parameters:

mechanism -

Returns:

whether the given mechanism is the preferred one for this credential

getAnsiHash

public byte[] getAnsiHash(CIFSContext tc,
                          byte[] chlng)
                   throws GeneralSecurityException

Computes the 24 byte ANSI password hash given the 8 byte server challenge.

Parameters:

tc -

chlng -

Returns:

the hash for the given challenge

Throws:

GeneralSecurityException

getUnicodeHash

public byte[] getUnicodeHash(CIFSContext tc,
                             byte[] chlng)
                      throws GeneralSecurityException

Computes the 24 byte Unicode password hash given the 8 byte server challenge.

Parameters:

tc -

chlng -

Returns:

the hash for the given challenge

Throws:

GeneralSecurityException

getSigningKey

public byte[] getSigningKey(CIFSContext tc,
                            byte[] chlng)
                     throws SmbException,
                            GeneralSecurityException

Parameters:

tc -

chlng -

Returns:

the signing key

Throws:

SmbException

GeneralSecurityException

getUserSessionKey

public byte[] getUserSessionKey(CIFSContext tc,
                                byte[] chlng)

Returns the effective user session key.

Parameters:

tc -

chlng - The server challenge.

Returns:

A byte[] containing the effective user session key, used in SMB MAC signing and NTLMSSP signing and sealing.

getUserSessionKey

public void getUserSessionKey(CIFSContext tc,
                              byte[] chlng,
                              byte[] dest,
                              int offset)
                       throws SmbException

Calculates the effective user session key.

Parameters:

tc - context to use

chlng - The server challenge.

dest - The destination array in which the user session key will be placed.

offset - The offset in the destination array at which the session key will start.

Throws:

SmbException