Package jcifs.smb
Class NtlmPasswordAuthenticator
- java.lang.Object
-
- jcifs.smb.NtlmPasswordAuthenticator
-
- All Implemented Interfaces:
Serializable
,Cloneable
,Principal
,Credentials
,CredentialsInternal
- Direct Known Subclasses:
Kerb5Authenticator
,NtlmNtHashAuthenticator
,NtlmPasswordAuthentication
public class NtlmPasswordAuthenticator extends Object implements Principal, CredentialsInternal, Serializable
This class stores and encrypts NTLM user credentials. Contrary toNtlmPasswordAuthentication
this does not cause guest authentication when the "guest" username is supplied. UseNtlmPasswordAuthenticator.AuthenticationType
instead.- Author:
- mbechler
- See Also:
- Serialized Form
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
NtlmPasswordAuthenticator.AuthenticationType
Authentication strategy
-
Constructor Summary
Constructors Modifier Constructor Description NtlmPasswordAuthenticator()
Construct anonymous credentialsNtlmPasswordAuthenticator(String username, String password)
Create username/password credentialsNtlmPasswordAuthenticator(String domain, String username, String password)
Create username/password credentials with specified domainprotected
NtlmPasswordAuthenticator(String userInfo, String defDomain, String defUser, String defPassword)
protected
NtlmPasswordAuthenticator(String userInfo, String defDomain, String defUser, String defPassword, NtlmPasswordAuthenticator.AuthenticationType type)
NtlmPasswordAuthenticator(String domain, String username, String password, NtlmPasswordAuthenticator.AuthenticationType type)
Create username/password credentials with specified domainNtlmPasswordAuthenticator(NtlmPasswordAuthenticator.AuthenticationType type)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description NtlmPasswordAuthenticator
clone()
protected static void
cloneInternal(NtlmPasswordAuthenticator cloned, NtlmPasswordAuthenticator toClone)
SSPContext
createContext(CIFSContext tc, String targetDomain, String host, byte[] initialToken, boolean doSigning)
boolean
equals(Object obj)
Compares two NtlmPasswordAuthentication objects for equality.byte[]
getAnsiHash(CIFSContext tc, byte[] chlng)
Computes the 24 byte ANSI password hash given the 8 byte server challenge.String
getName()
Return the domain and username in the format: domain\\username.protected byte[]
getNTHash()
String
getPassword()
Returns the password in plain text or null if the raw password hashes were used to construct this NtlmPasswordAuthentication object which will be the case when NTLM HTTP Authentication is used.byte[]
getSigningKey(CIFSContext tc, byte[] chlng)
String
getSpecifiedUserDomain()
Subject
getSubject()
byte[]
getUnicodeHash(CIFSContext tc, byte[] chlng)
Computes the 24 byte Unicode password hash given the 8 byte server challenge.String
getUserDomain()
Returns the domain.String
getUsername()
Returns the username.byte[]
getUserSessionKey(CIFSContext tc, byte[] chlng)
Returns the effective user session key.void
getUserSessionKey(CIFSContext tc, byte[] chlng, byte[] dest, int offset)
Calculates the effective user session key.protected NtlmPasswordAuthenticator.AuthenticationType
guessAuthenticationType()
int
hashCode()
Return the upcased username hash code.boolean
isAnonymous()
boolean
isGuest()
boolean
isPreferredMech(org.bouncycastle.asn1.ASN1ObjectIdentifier mechanism)
void
refresh()
String
toString()
Return the domain and username in the format: domain\\username.<T extends Credentials>
Tunwrap(Class<T> t)
-
-
-
Constructor Detail
-
NtlmPasswordAuthenticator
public NtlmPasswordAuthenticator()
Construct anonymous credentials
-
NtlmPasswordAuthenticator
public NtlmPasswordAuthenticator(NtlmPasswordAuthenticator.AuthenticationType type)
-
NtlmPasswordAuthenticator
public NtlmPasswordAuthenticator(String username, String password)
Create username/password credentials- Parameters:
username
-password
-
-
NtlmPasswordAuthenticator
public NtlmPasswordAuthenticator(String domain, String username, String password)
Create username/password credentials with specified domain- Parameters:
domain
-username
-password
-
-
NtlmPasswordAuthenticator
public NtlmPasswordAuthenticator(String domain, String username, String password, NtlmPasswordAuthenticator.AuthenticationType type)
Create username/password credentials with specified domain- Parameters:
domain
-username
-password
-type
- authentication type
-
NtlmPasswordAuthenticator
protected NtlmPasswordAuthenticator(String userInfo, String defDomain, String defUser, String defPassword)
-
NtlmPasswordAuthenticator
protected NtlmPasswordAuthenticator(String userInfo, String defDomain, String defUser, String defPassword, NtlmPasswordAuthenticator.AuthenticationType type)
- Parameters:
userInfo
-
-
-
Method Detail
-
guessAuthenticationType
protected NtlmPasswordAuthenticator.AuthenticationType guessAuthenticationType()
- Returns:
-
unwrap
public <T extends Credentials> T unwrap(Class<T> t)
- Specified by:
unwrap
in interfaceCredentials
- Returns:
- instance for type, null if the type cannot be unwrapped
-
getSubject
public Subject getSubject()
- Specified by:
getSubject
in interfaceCredentialsInternal
- Returns:
- subject associated with the credentials
-
refresh
public void refresh() throws CIFSException
- Specified by:
refresh
in interfaceCredentialsInternal
- Throws:
CIFSException
-
createContext
public SSPContext createContext(CIFSContext tc, String targetDomain, String host, byte[] initialToken, boolean doSigning) throws SmbException
- Specified by:
createContext
in interfaceCredentialsInternal
- Returns:
- a new context
- Throws:
SmbException
- See Also:
CredentialsInternal.createContext(jcifs.CIFSContext, java.lang.String, java.lang.String, byte[], boolean)
-
clone
public NtlmPasswordAuthenticator clone()
- Specified by:
clone
in interfaceCredentialsInternal
- Overrides:
clone
in classObject
- Returns:
- a copy of the credentials
-
cloneInternal
protected static void cloneInternal(NtlmPasswordAuthenticator cloned, NtlmPasswordAuthenticator toClone)
-
getUserDomain
public String getUserDomain()
Returns the domain.- Specified by:
getUserDomain
in interfaceCredentials
- Returns:
- the domain the user account is in
-
getSpecifiedUserDomain
public String getSpecifiedUserDomain()
- Returns:
- the original specified user domain
-
getUsername
public String getUsername()
Returns the username.- Returns:
- the username
-
getPassword
public String getPassword()
Returns the password in plain text or null if the raw password hashes were used to construct this NtlmPasswordAuthentication object which will be the case when NTLM HTTP Authentication is used. There is no way to retrieve a users password in plain text unless it is supplied by the user at runtime.- Returns:
- the password
-
getName
public String getName()
Return the domain and username in the format: domain\\username. This is equivalent to toString().
-
equals
public boolean equals(Object obj)
Compares two NtlmPasswordAuthentication objects for equality. Two NtlmPasswordAuthentication objects are equal if their caseless domain and username fields are equal- Specified by:
equals
in interfacePrincipal
- Overrides:
equals
in classObject
- See Also:
Object.equals(java.lang.Object)
-
hashCode
public int hashCode()
Return the upcased username hash code.
-
toString
public String toString()
Return the domain and username in the format: domain\\username. This is equivalent to getName().
-
isAnonymous
public boolean isAnonymous()
- Specified by:
isAnonymous
in interfaceCredentials
- Returns:
- whether these are anonymous credentials
-
isGuest
public boolean isGuest()
- Specified by:
isGuest
in interfaceCredentials
- Returns:
- whether these are guest credentials
-
isPreferredMech
public boolean isPreferredMech(org.bouncycastle.asn1.ASN1ObjectIdentifier mechanism)
- Parameters:
mechanism
-- Returns:
- whether the given mechanism is the preferred one for this credential
-
getAnsiHash
public byte[] getAnsiHash(CIFSContext tc, byte[] chlng) throws GeneralSecurityException
Computes the 24 byte ANSI password hash given the 8 byte server challenge.- Parameters:
tc
-chlng
-- Returns:
- the hash for the given challenge
- Throws:
GeneralSecurityException
-
getUnicodeHash
public byte[] getUnicodeHash(CIFSContext tc, byte[] chlng) throws GeneralSecurityException
Computes the 24 byte Unicode password hash given the 8 byte server challenge.- Parameters:
tc
-chlng
-- Returns:
- the hash for the given challenge
- Throws:
GeneralSecurityException
-
getSigningKey
public byte[] getSigningKey(CIFSContext tc, byte[] chlng) throws SmbException, GeneralSecurityException
- Parameters:
tc
-chlng
-- Returns:
- the signing key
- Throws:
SmbException
GeneralSecurityException
-
getUserSessionKey
public byte[] getUserSessionKey(CIFSContext tc, byte[] chlng)
Returns the effective user session key.- Parameters:
tc
-chlng
- The server challenge.- Returns:
- A
byte[]
containing the effective user session key, used in SMB MAC signing and NTLMSSP signing and sealing.
-
getUserSessionKey
public void getUserSessionKey(CIFSContext tc, byte[] chlng, byte[] dest, int offset) throws SmbException
Calculates the effective user session key.- Parameters:
tc
- context to usechlng
- The server challenge.dest
- The destination array in which the user session key will be placed.offset
- The offset in the destination array at which the session key will start.- Throws:
SmbException
-
getNTHash
protected byte[] getNTHash()
- Returns:
-
-