com.thomsonreuters.proxy.authentication.NTLMEngineImpl.java Source code

Java tutorial

Introduction

Here is the source code for com.thomsonreuters.proxy.authentication.NTLMEngineImpl.java

Source

package com.thomsonreuters.proxy.authentication;

/*
 * ====================================================================
 *
 *  Licensed to the Apache Software Foundation (ASF) under one or more
 *  contributor license agreements.  See the NOTICE file distributed with
 *  this work for additional information regarding copyright ownership.
 *  The ASF licenses this file to You under the Apache License, Version 2.0
 *  (the "License"); you may not use this file except in compliance with
 *  the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 * ====================================================================
 *
 * This software consists of voluntary contributions made by many
 * individuals on behalf of the Apache Software Foundation.  For more
 * information on the Apache Software Foundation, please see
 * <http://www.apache.org/>.
 *
 */

import java.security.Key;
import java.security.MessageDigest;
import java.util.Arrays;

import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;

import org.apache.commons.codec.binary.Base64;
import org.apache.http.util.EncodingUtils;

/* Provides an implementation for NTLMv1, NTLMv2, and NTLM2 Session forms of the NTLM authentication protocol.
 * 
 * @since 4.1
 */
final class NTLMEngineImpl {
    // Flags we use
    protected final static int FLAG_UNICODE_ENCODING = 0x00000001;
    protected final static int FLAG_TARGET_DESIRED = 0x00000004;
    protected final static int FLAG_NEGOTIATE_SIGN = 0x00000010;
    protected final static int FLAG_NEGOTIATE_SEAL = 0x00000020;
    protected final static int FLAG_NEGOTIATE_NTLM = 0x00000200;
    protected final static int FLAG_NEGOTIATE_ALWAYS_SIGN = 0x00008000;
    protected final static int FLAG_NEGOTIATE_NTLM2 = 0x00080000;
    protected final static int FLAG_NEGOTIATE_128 = 0x20000000;
    protected final static int FLAG_NEGOTIATE_KEY_EXCH = 0x40000000;

    /** Secure random generator */
    private static final java.security.SecureRandom RND_GEN;
    static {
        java.security.SecureRandom rnd = null;
        try {
            //            http://bugs.java.com/view_bug.do?bug_id=6521844
            //             http://stackoverflow.com/questions/137212/how-to-solve-performance-problem-with-java-securerandom
            System.setProperty("java.security.egd", "file:/dev/./urandom");

            rnd = java.security.SecureRandom.getInstance("SHA1PRNG");
        } catch (Exception e) {
        }
        RND_GEN = rnd;
    }

    /** Character encoding */
    static final String DEFAULT_CHARSET = "ASCII";

    /** The character set to use for encoding the credentials */
    private String credentialCharset = DEFAULT_CHARSET;

    /** The signature string as bytes in the default encoding */
    private static byte[] SIGNATURE;

    static {
        byte[] bytesWithoutNull = EncodingUtils.getBytes("NTLMSSP", "ASCII");
        SIGNATURE = new byte[bytesWithoutNull.length + 1];
        System.arraycopy(bytesWithoutNull, 0, SIGNATURE, 0, bytesWithoutNull.length);
        SIGNATURE[bytesWithoutNull.length] = (byte) 0x00;
    }

    /**
     * Returns the response for the given message.
     *
     * @param message The message that was received from the server.
     * @param username The username to authenticate with.
     * @param password The password to authenticate with.
     * @param host The host.
     * @param domain The NT domain to authenticate in.
     * @return The response.
     * @throws NTLMEngineException the NTLM engine exception
     */
    public final String getResponseFor(String message, String username, String password, String host, String domain)
            throws NTLMEngineException {
        final String response;
        if (message == null || message.trim().equals("")) {
            response = getType1Message(host, domain);
        } else {
            Type2Message t2m = new Type2Message(message);
            response = getType3Message(username, password, host, domain, t2m.getChallenge(), t2m.getFlags(),
                    t2m.getTarget(), t2m.getTargetInfo());
        }
        return response;
    }

    /**
     * Creates the first message (type 1 message) in the NTLM authentication
     * sequence. This message includes the user name, domain and host for the authentication session.
     * 
     * @param host The computer name of the host requesting authentication.
     * @param domain The domain to authenticate with.
     * 
     * @return String the message to add to the HTTP request header.
     */
    String getType1Message(String host, String domain) throws NTLMEngineException {
        return new Type1Message(domain, host).getResponse();
    }

    /**
     * Creates the type 3 message using the given server nonce. The type 3
     * message includes all the information for authentication, host, domain,
     * username and the result of encrypting the nonce sent by the server using
     * the user's password as the key.
     * 
     * @param user The user name. This should not include the domain name.
     * @param password The password.
     * @param host The host that is originating the authentication request.
     * @param domain The domain to authenticate within.
     * @param nonce The 8 byte array the server sent.
     * 
     * @return The type 3 message.
     * 
     * @throws NTLMEngineException If {@encrypt(byte[],byte[])} fails.
     */
    String getType3Message(String user, String password, String host, String domain, byte[] nonce, int type2Flags,
            String target, byte[] targetInformation) throws NTLMEngineException {
        return new Type3Message(domain, host, user, password, nonce, type2Flags, target, targetInformation)
                .getResponse();
    }

    /**
     * @return Returns the credentialCharset.
     */
    String getCredentialCharset() {
        return credentialCharset;
    }

    /**
     * @param credentialCharset The credentialCharset to set.
     */
    void setCredentialCharset(String credentialCharset) {
        this.credentialCharset = credentialCharset;
    }

    /** Strip dot suffix from a name */
    private static String stripDotSuffix(String value) {
        int index = value.indexOf(".");
        if (index != -1)
            return value.substring(0, index);
        return value;
    }

    /** Convert host to standard form */
    private static String convertHost(String host) {
        return stripDotSuffix(host);
    }

    /** Convert domain to standard form */
    private static String convertDomain(String domain) {
        return stripDotSuffix(domain);
    }

    private static int readULong(byte[] src, int index) throws NTLMEngineException {
        if (src.length < index + 4)
            throw new NTLMEngineException("NTLM authentication - buffer too small for DWORD");
        return (src[index] & 0xff) | ((src[index + 1] & 0xff) << 8) | ((src[index + 2] & 0xff) << 16)
                | ((src[index + 3] & 0xff) << 24);
    }

    private static int readUShort(byte[] src, int index) throws NTLMEngineException {
        if (src.length < index + 2)
            throw new NTLMEngineException("NTLM authentication - buffer too small for WORD");
        return (src[index] & 0xff) | ((src[index + 1] & 0xff) << 8);
    }

    private static byte[] readSecurityBuffer(byte[] src, int index) throws NTLMEngineException {
        int length = readUShort(src, index);
        int offset = readULong(src, index + 4);
        if (src.length < offset + length)
            throw new NTLMEngineException("NTLM authentication - buffer too small for data item");
        byte[] buffer = new byte[length];
        System.arraycopy(src, offset, buffer, 0, length);
        return buffer;
    }

    /** Calculate a challenge block */
    private static byte[] makeRandomChallenge() throws NTLMEngineException {
        if (RND_GEN == null) {
            throw new NTLMEngineException("Random generator not available");
        }
        byte[] rval = new byte[8];

        synchronized (RND_GEN) {
            RND_GEN.nextBytes(rval);
        }
        return rval;
    }

    /** Calculate an NTLM2 challenge block */
    private static byte[] makeNTLM2RandomChallenge() throws NTLMEngineException {
        if (RND_GEN == null) {
            throw new NTLMEngineException("Random generator not available");
        }
        byte[] rval = new byte[24];
        synchronized (RND_GEN) {
            RND_GEN.nextBytes(rval);
        }
        // 8-byte challenge, padded with zeros to 24 bytes.
        Arrays.fill(rval, 8, 24, (byte) 0x00);
        return rval;
    }

    /**
     * Calculates the LM Response for the given challenge, using the specified password.
     * 
     * @param password The user's password.
     * @param challenge The Type 2 challenge from the server.
     * 
     * @return The LM Response.
     */
    static byte[] getLMResponse(String password, byte[] challenge) throws NTLMEngineException {
        byte[] lmHash = lmHash(password);
        return lmResponse(lmHash, challenge);
    }

    /**
     * Calculates the NTLM Response for the given challenge, using the specified password.
     * 
     * @param password The user's password.
     * @param challenge The Type 2 challenge from the server.
     * 
     * @return The NTLM Response.
     */
    static byte[] getNTLMResponse(String password, byte[] challenge) throws NTLMEngineException {
        byte[] ntlmHash = ntlmHash(password);
        return lmResponse(ntlmHash, challenge);
    }

    /**
     * Calculates the NTLMv2 Response for the given challenge, using the
     * specified authentication target, username, password, target information
     * block, and client challenge.
     * 
     * @param target The authentication target (i.e., domain).
     * @param user The username.
     * @param password The user's password.
     * @param targetInformation The target information block from the Type 2 message.
     * @param challenge The Type 2 challenge from the server.
     * @param clientChallenge The random 8-byte client challenge.
     * 
     * @return The NTLMv2 Response.
     */
    static byte[] getNTLMv2Response(String target, String user, String password, byte[] challenge,
            byte[] clientChallenge, byte[] targetInformation) throws NTLMEngineException {
        byte[] ntlmv2Hash = ntlmv2Hash(target, user, password);
        byte[] blob = createBlob(clientChallenge, targetInformation);
        return lmv2Response(ntlmv2Hash, challenge, blob);
    }

    /**
     * Calculates the LMv2 Response for the given challenge, using the specified
     * authentication target, username, password, and client challenge.
     *
     * @param target The authentication target (i.e., domain).
     * @param user The username.
     * @param password The user's password.
     * @param challenge The Type 2 challenge from the server.
     * @param clientChallenge The random 8-byte client challenge.
     *
     * @return The LMv2 Response.
     */
    static byte[] getLMv2Response(String target, String user, String password, byte[] challenge,
            byte[] clientChallenge) throws NTLMEngineException {
        byte[] ntlmv2Hash = ntlmv2Hash(target, user, password);
        return lmv2Response(ntlmv2Hash, challenge, clientChallenge);
    }

    /**
     * Calculates the NTLM2 Session Response for the given challenge, using the
     * specified password and client challenge.
     * 
     * @param password The user's password.
     * @param challenge The Type 2 challenge from the server.
     * @param clientChallenge The random 8-byte client challenge.
     * 
     * @return The NTLM2 Session Response. This is placed in the NTLM response
     *         field of the Type 3 message; the LM response field contains the
     *         client challenge, null-padded to 24 bytes.
     */
    static byte[] getNTLM2SessionResponse(String password, byte[] challenge, byte[] clientChallenge)
            throws NTLMEngineException {
        try {
            byte[] ntlmHash = ntlmHash(password);

            // Look up MD5 algorithm (was necessary on jdk 1.4.2)
            // This used to be needed, but Java 1.5.0_07 includes the MD5 algorithm (finally)
            // Class x = Class.forName("gnu.crypto.hash.MD5");
            // Method updateMethod = x.getMethod("update",new Class[]{byte[].class});
            // Method digestMethod = x.getMethod("digest",new Class[0]);
            // Object mdInstance = x.newInstance();
            // updateMethod.invoke(mdInstance,new Object[]{challenge});
            // updateMethod.invoke(mdInstance,new Object[]{clientChallenge});
            // byte[] digest = (byte[])digestMethod.invoke(mdInstance,new Object[0]);

            MessageDigest md5 = MessageDigest.getInstance("MD5");
            md5.update(challenge);
            md5.update(clientChallenge);
            byte[] digest = md5.digest();

            byte[] sessionHash = new byte[8];
            System.arraycopy(digest, 0, sessionHash, 0, 8);
            return lmResponse(ntlmHash, sessionHash);
        } catch (Exception e) {
            if (e instanceof NTLMEngineException)
                throw (NTLMEngineException) e;
            throw new NTLMEngineException(e.getMessage(), e);
        }
    }

    /**
     * Creates the LM Hash of the user's password.
     * 
     * @param password The password.
     * 
     * @return The LM Hash of the given password, used in the calculation of the LM Response.
     */
    private static byte[] lmHash(String password) throws NTLMEngineException {
        try {
            byte[] oemPassword = password.toUpperCase().getBytes("US-ASCII");
            int length = Math.min(oemPassword.length, 14);
            byte[] keyBytes = new byte[14];
            System.arraycopy(oemPassword, 0, keyBytes, 0, length);
            Key lowKey = createDESKey(keyBytes, 0);
            Key highKey = createDESKey(keyBytes, 7);
            byte[] magicConstant = "KGS!@#$%".getBytes("US-ASCII");
            Cipher des = Cipher.getInstance("DES/ECB/NoPadding");
            des.init(Cipher.ENCRYPT_MODE, lowKey);
            byte[] lowHash = des.doFinal(magicConstant);
            des.init(Cipher.ENCRYPT_MODE, highKey);
            byte[] highHash = des.doFinal(magicConstant);
            byte[] lmHash = new byte[16];
            System.arraycopy(lowHash, 0, lmHash, 0, 8);
            System.arraycopy(highHash, 0, lmHash, 8, 8);
            return lmHash;
        } catch (Exception e) {
            throw new NTLMEngineException(e.getMessage(), e);
        }
    }

    /**
     * Creates the NTLM Hash of the user's password.
     * 
     * @param password The password.
     * 
     * @return The NTLM Hash of the given password, used in the calculation of
     *         the NTLM Response and the NTLMv2 and LMv2 Hashes.
     */
    private static byte[] ntlmHash(String password) throws NTLMEngineException {
        try {
            byte[] unicodePassword = password.getBytes("UnicodeLittleUnmarked");
            MD4 md4 = new MD4();
            md4.update(unicodePassword);
            return md4.getOutput();
        } catch (java.io.UnsupportedEncodingException e) {
            throw new NTLMEngineException("Unicode not supported: " + e.getMessage(), e);
        }
    }

    /**
     * Creates the NTLMv2 Hash of the user's password.
     * 
     * @param target The authentication target (i.e., domain).
     * @param user The username.
     * @param password The password.
     * 
     * @return The NTLMv2 Hash, used in the calculation of the NTLMv2 and LMv2 Responses.
     */
    private static byte[] ntlmv2Hash(String target, String user, String password) throws NTLMEngineException {
        try {
            byte[] ntlmHash = ntlmHash(password);
            HMACMD5 hmacMD5 = new HMACMD5(ntlmHash);
            // Upper case username, mixed case target!!
            hmacMD5.update(user.toUpperCase().getBytes("UnicodeLittleUnmarked"));
            hmacMD5.update(target.getBytes("UnicodeLittleUnmarked"));
            return hmacMD5.getOutput();
        } catch (java.io.UnsupportedEncodingException e) {
            throw new NTLMEngineException("Unicode not supported! " + e.getMessage(), e);
        }
    }

    /**
     * Creates the LM Response from the given hash and Type 2 challenge.
     * 
     * @param hash The LM or NTLM Hash.
     * @param challenge The server challenge from the Type 2 message.
     * 
     * @return The response (either LM or NTLM, depending on the provided hash).
     */
    private static byte[] lmResponse(byte[] hash, byte[] challenge) throws NTLMEngineException {
        try {
            byte[] keyBytes = new byte[21];
            System.arraycopy(hash, 0, keyBytes, 0, 16);
            Key lowKey = createDESKey(keyBytes, 0);
            Key middleKey = createDESKey(keyBytes, 7);
            Key highKey = createDESKey(keyBytes, 14);
            Cipher des = Cipher.getInstance("DES/ECB/NoPadding");
            des.init(Cipher.ENCRYPT_MODE, lowKey);
            byte[] lowResponse = des.doFinal(challenge);
            des.init(Cipher.ENCRYPT_MODE, middleKey);
            byte[] middleResponse = des.doFinal(challenge);
            des.init(Cipher.ENCRYPT_MODE, highKey);
            byte[] highResponse = des.doFinal(challenge);
            byte[] lmResponse = new byte[24];
            System.arraycopy(lowResponse, 0, lmResponse, 0, 8);
            System.arraycopy(middleResponse, 0, lmResponse, 8, 8);
            System.arraycopy(highResponse, 0, lmResponse, 16, 8);
            return lmResponse;
        } catch (Exception e) {
            throw new NTLMEngineException(e.getMessage(), e);
        }
    }

    /**
     * Creates the LMv2 Response from the given hash, client data, and Type 2 challenge.
     * 
     * @param hash The NTLMv2 Hash.
     * @param clientData The client data (blob or client challenge).
     * @param challenge The server challenge from the Type 2 message.
     * 
     * @return The response (either NTLMv2 or LMv2, depending on the client data).
     */
    private static byte[] lmv2Response(byte[] hash, byte[] challenge, byte[] clientData)
            throws NTLMEngineException {
        HMACMD5 hmacMD5 = new HMACMD5(hash);
        hmacMD5.update(challenge);
        hmacMD5.update(clientData);
        byte[] mac = hmacMD5.getOutput();
        byte[] lmv2Response = new byte[mac.length + clientData.length];
        System.arraycopy(mac, 0, lmv2Response, 0, mac.length);
        System.arraycopy(clientData, 0, lmv2Response, mac.length, clientData.length);
        return lmv2Response;
    }

    /**
     * Creates the NTLMv2 blob from the given target information block and
     * client challenge.
     * 
     * @param targetInformation The target information block from the Type 2 message.
     * @param clientChallenge The random 8-byte client challenge.
     * 
     * @return The blob, used in the calculation of the NTLMv2 Response.
     */
    private static byte[] createBlob(byte[] clientChallenge, byte[] targetInformation) {
        byte[] blobSignature = new byte[] { (byte) 0x01, (byte) 0x01, (byte) 0x00, (byte) 0x00 };
        byte[] reserved = new byte[] { (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00 };
        byte[] unknown1 = new byte[] { (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00 };
        long time = System.currentTimeMillis();
        time += 11644473600000l; // milliseconds from January 1, 1601 -> epoch.
        time *= 10000; // tenths of a microsecond.
        // convert to little-endian byte array.
        byte[] timestamp = new byte[8];
        for (int i = 0; i < 8; i++) {
            timestamp[i] = (byte) time;
            time >>>= 8;
        }
        byte[] blob = new byte[blobSignature.length + reserved.length + timestamp.length + 8 + unknown1.length
                + targetInformation.length];
        int offset = 0;
        System.arraycopy(blobSignature, 0, blob, offset, blobSignature.length);
        offset += blobSignature.length;
        System.arraycopy(reserved, 0, blob, offset, reserved.length);
        offset += reserved.length;
        System.arraycopy(timestamp, 0, blob, offset, timestamp.length);
        offset += timestamp.length;
        System.arraycopy(clientChallenge, 0, blob, offset, 8);
        offset += 8;
        System.arraycopy(unknown1, 0, blob, offset, unknown1.length);
        offset += unknown1.length;
        System.arraycopy(targetInformation, 0, blob, offset, targetInformation.length);
        return blob;
    }

    /**
     * Creates a DES encryption key from the given key material.
     * 
     * @param bytes A byte array containing the DES key material.
     * @param offset The offset in the given byte array at which the 7-byte key material starts.
     * 
     * @return A DES encryption key created from the key material starting at
     *         the specified offset in the given byte array.
     */
    private static Key createDESKey(byte[] bytes, int offset) {
        byte[] keyBytes = new byte[7];
        System.arraycopy(bytes, offset, keyBytes, 0, 7);
        byte[] material = new byte[8];
        material[0] = keyBytes[0];
        material[1] = (byte) (keyBytes[0] << 7 | (keyBytes[1] & 0xff) >>> 1);
        material[2] = (byte) (keyBytes[1] << 6 | (keyBytes[2] & 0xff) >>> 2);
        material[3] = (byte) (keyBytes[2] << 5 | (keyBytes[3] & 0xff) >>> 3);
        material[4] = (byte) (keyBytes[3] << 4 | (keyBytes[4] & 0xff) >>> 4);
        material[5] = (byte) (keyBytes[4] << 3 | (keyBytes[5] & 0xff) >>> 5);
        material[6] = (byte) (keyBytes[5] << 2 | (keyBytes[6] & 0xff) >>> 6);
        material[7] = (byte) (keyBytes[6] << 1);
        oddParity(material);
        return new SecretKeySpec(material, "DES");
    }

    /**
     * Applies odd parity to the given byte array.
     * 
     * @param bytes The data whose parity bits are to be adjusted for odd parity.
     */
    private static void oddParity(byte[] bytes) {
        for (int i = 0; i < bytes.length; i++) {
            byte b = bytes[i];
            boolean needsParity = (((b >>> 7) ^ (b >>> 6) ^ (b >>> 5) ^ (b >>> 4) ^ (b >>> 3) ^ (b >>> 2)
                    ^ (b >>> 1)) & 0x01) == 0;
            if (needsParity) {
                bytes[i] |= (byte) 0x01;
            } else {
                bytes[i] &= (byte) 0xfe;
            }
        }
    }

    /** NTLM message generation, base class */
    static class NTLMMessage {
        /** The current response */
        private byte[] messageContents = null;

        /** The current output position */
        private int currentOutputPosition = 0;

        /** Constructor to use when message contents are not yet known */
        NTLMMessage() {
        }

        /** Constructor to use when message contents are known */
        NTLMMessage(String messageBody, int expectedType) throws NTLMEngineException {
            messageContents = Base64.decodeBase64(EncodingUtils.getBytes(messageBody, DEFAULT_CHARSET));
            // Look for NTLM message
            if (messageContents.length < SIGNATURE.length)
                throw new NTLMEngineException("NTLM message decoding error - packet too short");
            int i = 0;
            while (i < SIGNATURE.length) {
                if (messageContents[i] != SIGNATURE[i])
                    throw new NTLMEngineException("NTLM message expected - instead got unrecognized bytes");
                i++;
            }

            // Check to be sure there's a type 2 message indicator next
            int type = readULong(SIGNATURE.length);
            if (type != expectedType)
                throw new NTLMEngineException("NTLM type " + Integer.toString(expectedType)
                        + " message expected - instead got type " + Integer.toString(type));

            currentOutputPosition = messageContents.length;
        }

        /**
         * Get the length of the signature and flags, so calculations can adjust offsets accordingly.
         */
        protected int getPreambleLength() {
            return SIGNATURE.length + 4;
        }

        /** Get the message length */
        protected int getMessageLength() {
            return currentOutputPosition;
        }

        /** Read a byte from a position within the message buffer */
        protected byte readByte(int position) throws NTLMEngineException {
            if (messageContents.length < position + 1)
                throw new NTLMEngineException("NTLM: Message too short");
            return messageContents[position];
        }

        /** Read a bunch of bytes from a position in the message buffer */
        protected void readBytes(byte[] buffer, int position) throws NTLMEngineException {
            if (messageContents.length < position + buffer.length)
                throw new NTLMEngineException("NTLM: Message too short");
            System.arraycopy(messageContents, position, buffer, 0, buffer.length);
        }

        /** Read a ushort from a position within the message buffer */
        protected int readUShort(int position) throws NTLMEngineException {
            return NTLMEngineImpl.readUShort(messageContents, position);
        }

        /** Read a ulong from a position within the message buffer */
        protected int readULong(int position) throws NTLMEngineException {
            return NTLMEngineImpl.readULong(messageContents, position);
        }

        /** Read a security buffer from a position within the message buffer */
        protected byte[] readSecurityBuffer(int position) throws NTLMEngineException {
            return NTLMEngineImpl.readSecurityBuffer(messageContents, position);
        }

        /**
         * Prepares the object to create a response of the given length.
         * 
         * @param length The maximum length of the response to prepare, not
         *               including the type and the signature (which this method adds).
         */
        protected void prepareResponse(int maxlength, int messageType) {
            messageContents = new byte[maxlength];
            currentOutputPosition = 0;
            addBytes(SIGNATURE);
            addULong(messageType);
        }

        /**
         * Adds the given byte to the response.
         * 
         * @param b The byte to add.
         */
        protected void addByte(byte b) {
            messageContents[currentOutputPosition] = b;
            currentOutputPosition++;
        }

        /**
         * Adds the given bytes to the response.
         * 
         * @param bytes The bytes to add.
         */
        protected void addBytes(byte[] bytes) {
            for (int i = 0; i < bytes.length; i++) {
                messageContents[currentOutputPosition] = bytes[i];
                currentOutputPosition++;
            }
        }

        /** Adds a USHORT to the response */
        protected void addUShort(int value) {
            addByte((byte) (value & 0xff));
            addByte((byte) (value >> 8 & 0xff));
        }

        /** Adds a ULong to the response */
        protected void addULong(int value) {
            addByte((byte) (value & 0xff));
            addByte((byte) (value >> 8 & 0xff));
            addByte((byte) (value >> 16 & 0xff));
            addByte((byte) (value >> 24 & 0xff));
        }

        /**
         * Returns the response that has been generated after shrinking the
         * array if required and base64 encodes the response.
         * 
         * @return The response as above.
         */
        String getResponse() {
            byte[] resp;
            if (messageContents.length > currentOutputPosition) {
                byte[] tmp = new byte[currentOutputPosition];
                for (int i = 0; i < currentOutputPosition; i++) {
                    tmp[i] = messageContents[i];
                }
                resp = tmp;
            } else {
                resp = messageContents;
            }
            return EncodingUtils.getAsciiString(Base64.encodeBase64(resp));
        }
    }

    /** Type 1 message assembly class */
    static class Type1Message extends NTLMMessage {
        protected byte[] hostBytes;
        protected byte[] domainBytes;

        /** Constructor. Include the arguments the message will need */
        Type1Message(String domain, String host) throws NTLMEngineException {
            super();
            try {
                // Strip off domain name from the host!
                host = convertHost(host);
                // Use only the base domain name!
                domain = convertDomain(domain);

                hostBytes = host.getBytes("UnicodeLittleUnmarked");
                domainBytes = domain.toUpperCase().getBytes("UnicodeLittleUnmarked");
            } catch (java.io.UnsupportedEncodingException e) {
                throw new NTLMEngineException("Unicode unsupported: " + e.getMessage(), e);
            }
        }

        /**
         * Getting the response involves building the message before returning
         * it
         */
        @Override
        String getResponse() {
            // Now, build the message. Calculate its length first, including signature or type.
            int finalLength = 32 + hostBytes.length + domainBytes.length;

            // Set up the response. This will initialize the signature, message type, and flags.
            prepareResponse(finalLength, 1);

            // Flags. These are the complete set of flags we support.
            addULong(FLAG_NEGOTIATE_NTLM | FLAG_NEGOTIATE_NTLM2 | FLAG_NEGOTIATE_SIGN | FLAG_NEGOTIATE_SEAL |
            /* FLAG_NEGOTIATE_ALWAYS_SIGN | FLAG_NEGOTIATE_KEY_EXCH | */
                    FLAG_UNICODE_ENCODING | FLAG_TARGET_DESIRED | FLAG_NEGOTIATE_128);

            // Domain length (two times).
            addUShort(domainBytes.length);
            addUShort(domainBytes.length);

            // Domain offset.
            addULong(hostBytes.length + 32);

            // Host length (two times).
            addUShort(hostBytes.length);
            addUShort(hostBytes.length);

            // Host offset (always 32).
            addULong(32);

            // Host String.
            addBytes(hostBytes);

            // Domain String.
            addBytes(domainBytes);

            return super.getResponse();
        }
    }

    /** Type 2 message class */
    static class Type2Message extends NTLMMessage {
        protected byte[] challenge;
        protected String target;
        protected byte[] targetInfo;
        protected int flags;

        Type2Message(String message) throws NTLMEngineException {
            super(message, 2);

            // Parse out the rest of the info we need from the message
            // The nonce is the 8 bytes starting from the byte in position 24.
            challenge = new byte[8];
            readBytes(challenge, 24);

            flags = readULong(20);
            if ((flags & FLAG_UNICODE_ENCODING) == 0)
                throw new NTLMEngineException(
                        "NTLM type 2 message has flags that make no sense: " + Integer.toString(flags));
            // Do the target!
            target = null;
            // The TARGET_DESIRED flag is said to not have understood semantics
            // in Type2 messages, so use the length of the packet to decide how to proceed instead
            if (getMessageLength() >= 12 + 8) {
                byte[] bytes = readSecurityBuffer(12);
                if (bytes.length != 0) {
                    try {
                        target = new String(bytes, "UnicodeLittleUnmarked");
                    } catch (java.io.UnsupportedEncodingException e) {
                        throw new NTLMEngineException(e.getMessage(), e);
                    }
                }
            }

            // Do the target info!
            targetInfo = null;
            // TARGET_DESIRED flag cannot be relied on, so use packet length
            if (getMessageLength() >= 40 + 8) {
                byte[] bytes = readSecurityBuffer(40);
                if (bytes.length != 0) {
                    targetInfo = bytes;
                }
            }
        }

        /** Retrieve the challenge */
        byte[] getChallenge() {
            return challenge;
        }

        /** Retrieve the target */
        String getTarget() {
            return target;
        }

        /** Retrieve the target info */
        byte[] getTargetInfo() {
            return targetInfo;
        }

        /** Retrieve the response flags */
        int getFlags() {
            return flags;
        }
    }

    /** Type 3 message assembly class */
    static class Type3Message extends NTLMMessage {
        // Response flags from the type2 message
        protected int type2Flags;

        protected byte[] domainBytes;
        protected byte[] hostBytes;
        protected byte[] userBytes;

        protected byte[] lmResp;
        protected byte[] ntResp;

        /** Constructor. Pass the arguments we will need */
        Type3Message(String domain, String host, String user, String password, byte[] nonce, int type2Flags,
                String target, byte[] targetInformation) throws NTLMEngineException {
            // Save the flags
            this.type2Flags = type2Flags;

            // Strip off domain name from the host!
            host = convertHost(host);
            // Use only the base domain name!
            domain = convertDomain(domain);

            // Use the new code to calculate the responses, including v2 if that
            // seems warranted.
            try {
                if (targetInformation != null && target != null) {
                    byte[] clientChallenge = makeRandomChallenge();
                    ntResp = getNTLMv2Response(target, user, password, nonce, clientChallenge, targetInformation);
                    lmResp = getLMv2Response(target, user, password, nonce, clientChallenge);
                } else {
                    if ((type2Flags & FLAG_NEGOTIATE_NTLM2) != 0) {
                        // NTLM2 session stuff is requested
                        byte[] clientChallenge = makeNTLM2RandomChallenge();
                        ntResp = getNTLM2SessionResponse(password, nonce, clientChallenge);
                        lmResp = clientChallenge;

                        // All the other flags we send (signing, sealing, key exchange) are supported,
                        // but they don't do anything at all in an NTLM2 context! So we're done at this point.
                    } else {
                        ntResp = getNTLMResponse(password, nonce);
                        lmResp = getLMResponse(password, nonce);
                    }
                }
            } catch (NTLMEngineException e) {
                // This likely means we couldn't find the MD4 hash algorithm - fail back to just using LM
                ntResp = new byte[0];
                lmResp = getLMResponse(password, nonce);
            }

            try {
                domainBytes = domain.toUpperCase().getBytes("UnicodeLittleUnmarked");
                hostBytes = host.getBytes("UnicodeLittleUnmarked");
                userBytes = user.getBytes("UnicodeLittleUnmarked");
            } catch (java.io.UnsupportedEncodingException e) {
                throw new NTLMEngineException("Unicode not supported: " + e.getMessage(), e);
            }
        }

        /** Assemble the response */
        @Override
        String getResponse() {
            int ntRespLen = ntResp.length;
            int lmRespLen = lmResp.length;

            int domainLen = domainBytes.length;
            int hostLen = hostBytes.length;
            int userLen = userBytes.length;

            // Calculate the layout within the packet
            int lmRespOffset = 64;
            int ntRespOffset = lmRespOffset + lmRespLen;
            int domainOffset = ntRespOffset + ntRespLen;
            int userOffset = domainOffset + domainLen;
            int hostOffset = userOffset + userLen;
            int sessionKeyOffset = hostOffset + hostLen;
            int finalLength = sessionKeyOffset + 0;

            // Start the response. Length includes signature and type
            prepareResponse(finalLength, 3);

            // LM Resp Length (twice)
            addUShort(lmRespLen);
            addUShort(lmRespLen);

            // LM Resp Offset
            addULong(lmRespOffset);

            // NT Resp Length (twice)
            addUShort(ntRespLen);
            addUShort(ntRespLen);

            // NT Resp Offset
            addULong(ntRespOffset);

            // Domain length (twice)
            addUShort(domainLen);
            addUShort(domainLen);

            // Domain offset.
            addULong(domainOffset);

            // User Length (twice)
            addUShort(userLen);
            addUShort(userLen);

            // User offset
            addULong(userOffset);

            // Host length (twice)
            addUShort(hostLen);
            addUShort(hostLen);

            // Host offset
            addULong(hostOffset);

            // 4 bytes of zeros - not sure what this is
            addULong(0);

            // Message length
            addULong(finalLength);

            // Flags. Currently: NEGOTIATE_NTLM + UNICODE_ENCODING +
            // TARGET_DESIRED + NEGOTIATE_128
            addULong(FLAG_NEGOTIATE_NTLM | FLAG_UNICODE_ENCODING | FLAG_TARGET_DESIRED | FLAG_NEGOTIATE_128
                    | (type2Flags & FLAG_NEGOTIATE_NTLM2) | (type2Flags & FLAG_NEGOTIATE_SIGN)
                    | (type2Flags & FLAG_NEGOTIATE_SEAL) | (type2Flags & FLAG_NEGOTIATE_KEY_EXCH)
                    | (type2Flags & FLAG_NEGOTIATE_ALWAYS_SIGN));

            // Add the actual data
            addBytes(lmResp);
            addBytes(ntResp);
            addBytes(domainBytes);
            addBytes(userBytes);
            addBytes(hostBytes);

            return super.getResponse();
        }
    }

    static void writeULong(byte[] buffer, int value, int offset) {
        buffer[offset] = (byte) (value & 0xff);
        buffer[offset + 1] = (byte) (value >> 8 & 0xff);
        buffer[offset + 2] = (byte) (value >> 16 & 0xff);
        buffer[offset + 3] = (byte) (value >> 24 & 0xff);
    }

    static int F(int x, int y, int z) {
        return ((x & y) | (~x & z));
    }

    static int G(int x, int y, int z) {
        return ((x & y) | (x & z) | (y & z));
    }

    static int H(int x, int y, int z) {
        return (x ^ y ^ z);
    }

    static int rotintlft(int val, int numbits) {
        return ((val << numbits) | (val >>> (32 - numbits)));
    }

    /**
     * Cryptography support - MD4. The following class was based loosely on the
     * RFC and on code found at http://www.cs.umd.edu/~harry/jotp/src/md.java.
     * Code correctness was verified by looking at MD4.java from the jcifs
     * library (http://jcifs.samba.org). It was massaged extensively to the
     * final form found here by Karl Wright (kwright@metacarta.com).
     */
    static class MD4 {
        protected int A = 0x67452301;
        protected int B = 0xefcdab89;
        protected int C = 0x98badcfe;
        protected int D = 0x10325476;
        protected long count = 0L;
        protected byte[] dataBuffer = new byte[64];

        MD4() {
        }

        void update(byte[] input) {
            // We always deal with 512 bits at a time. Correspondingly, there is
            // a buffer 64 bytes long that we write data into until it gets full.
            int curBufferPos = (int) (count & 63L);
            int inputIndex = 0;
            while (input.length - inputIndex + curBufferPos >= dataBuffer.length) {
                // We have enough data to do the next step. Do a partial copy
                // and a transform, updating inputIndex and curBufferPos accordingly
                int transferAmt = dataBuffer.length - curBufferPos;
                System.arraycopy(input, inputIndex, dataBuffer, curBufferPos, transferAmt);
                count += transferAmt;
                curBufferPos = 0;
                inputIndex += transferAmt;
                processBuffer();
            }

            // If there's anything left, copy it into the buffer and leave it.
            // We know there's not enough left to process.
            if (inputIndex < input.length) {
                int transferAmt = input.length - inputIndex;
                System.arraycopy(input, inputIndex, dataBuffer, curBufferPos, transferAmt);
                count += transferAmt;
                curBufferPos += transferAmt;
            }
        }

        byte[] getOutput() {
            // Feed pad/length data into engine. This must round out the input
            // to a multiple of 512 bits.
            int bufferIndex = (int) (count & 63L);
            int padLen = (bufferIndex < 56) ? (56 - bufferIndex) : (120 - bufferIndex);
            byte[] postBytes = new byte[padLen + 8];
            // Leading 0x80, specified amount of zero padding, then length in bits.
            postBytes[0] = (byte) 0x80;
            // Fill out the last 8 bytes with the length
            for (int i = 0; i < 8; i++) {
                postBytes[padLen + i] = (byte) ((count * 8) >>> (8 * i));
            }

            // Update the engine
            update(postBytes);

            // Calculate final result
            byte[] result = new byte[16];
            writeULong(result, A, 0);
            writeULong(result, B, 4);
            writeULong(result, C, 8);
            writeULong(result, D, 12);
            return result;
        }

        protected void processBuffer() {
            // Convert current buffer to 16 ulongs
            int[] d = new int[16];

            for (int i = 0; i < 16; i++) {
                d[i] = (dataBuffer[i * 4] & 0xff) + ((dataBuffer[i * 4 + 1] & 0xff) << 8)
                        + ((dataBuffer[i * 4 + 2] & 0xff) << 16) + ((dataBuffer[i * 4 + 3] & 0xff) << 24);
            }

            // Do a round of processing
            int AA = A;
            int BB = B;
            int CC = C;
            int DD = D;
            round1(d);
            round2(d);
            round3(d);
            A += AA;
            B += BB;
            C += CC;
            D += DD;
        }

        protected void round1(int[] d) {
            A = rotintlft((A + F(B, C, D) + d[0]), 3);
            D = rotintlft((D + F(A, B, C) + d[1]), 7);
            C = rotintlft((C + F(D, A, B) + d[2]), 11);
            B = rotintlft((B + F(C, D, A) + d[3]), 19);

            A = rotintlft((A + F(B, C, D) + d[4]), 3);
            D = rotintlft((D + F(A, B, C) + d[5]), 7);
            C = rotintlft((C + F(D, A, B) + d[6]), 11);
            B = rotintlft((B + F(C, D, A) + d[7]), 19);

            A = rotintlft((A + F(B, C, D) + d[8]), 3);
            D = rotintlft((D + F(A, B, C) + d[9]), 7);
            C = rotintlft((C + F(D, A, B) + d[10]), 11);
            B = rotintlft((B + F(C, D, A) + d[11]), 19);

            A = rotintlft((A + F(B, C, D) + d[12]), 3);
            D = rotintlft((D + F(A, B, C) + d[13]), 7);
            C = rotintlft((C + F(D, A, B) + d[14]), 11);
            B = rotintlft((B + F(C, D, A) + d[15]), 19);
        }

        protected void round2(int[] d) {
            A = rotintlft((A + G(B, C, D) + d[0] + 0x5a827999), 3);
            D = rotintlft((D + G(A, B, C) + d[4] + 0x5a827999), 5);
            C = rotintlft((C + G(D, A, B) + d[8] + 0x5a827999), 9);
            B = rotintlft((B + G(C, D, A) + d[12] + 0x5a827999), 13);

            A = rotintlft((A + G(B, C, D) + d[1] + 0x5a827999), 3);
            D = rotintlft((D + G(A, B, C) + d[5] + 0x5a827999), 5);
            C = rotintlft((C + G(D, A, B) + d[9] + 0x5a827999), 9);
            B = rotintlft((B + G(C, D, A) + d[13] + 0x5a827999), 13);

            A = rotintlft((A + G(B, C, D) + d[2] + 0x5a827999), 3);
            D = rotintlft((D + G(A, B, C) + d[6] + 0x5a827999), 5);
            C = rotintlft((C + G(D, A, B) + d[10] + 0x5a827999), 9);
            B = rotintlft((B + G(C, D, A) + d[14] + 0x5a827999), 13);

            A = rotintlft((A + G(B, C, D) + d[3] + 0x5a827999), 3);
            D = rotintlft((D + G(A, B, C) + d[7] + 0x5a827999), 5);
            C = rotintlft((C + G(D, A, B) + d[11] + 0x5a827999), 9);
            B = rotintlft((B + G(C, D, A) + d[15] + 0x5a827999), 13);
        }

        protected void round3(int[] d) {
            A = rotintlft((A + H(B, C, D) + d[0] + 0x6ed9eba1), 3);
            D = rotintlft((D + H(A, B, C) + d[8] + 0x6ed9eba1), 9);
            C = rotintlft((C + H(D, A, B) + d[4] + 0x6ed9eba1), 11);
            B = rotintlft((B + H(C, D, A) + d[12] + 0x6ed9eba1), 15);

            A = rotintlft((A + H(B, C, D) + d[2] + 0x6ed9eba1), 3);
            D = rotintlft((D + H(A, B, C) + d[10] + 0x6ed9eba1), 9);
            C = rotintlft((C + H(D, A, B) + d[6] + 0x6ed9eba1), 11);
            B = rotintlft((B + H(C, D, A) + d[14] + 0x6ed9eba1), 15);

            A = rotintlft((A + H(B, C, D) + d[1] + 0x6ed9eba1), 3);
            D = rotintlft((D + H(A, B, C) + d[9] + 0x6ed9eba1), 9);
            C = rotintlft((C + H(D, A, B) + d[5] + 0x6ed9eba1), 11);
            B = rotintlft((B + H(C, D, A) + d[13] + 0x6ed9eba1), 15);

            A = rotintlft((A + H(B, C, D) + d[3] + 0x6ed9eba1), 3);
            D = rotintlft((D + H(A, B, C) + d[11] + 0x6ed9eba1), 9);
            C = rotintlft((C + H(D, A, B) + d[7] + 0x6ed9eba1), 11);
            B = rotintlft((B + H(C, D, A) + d[15] + 0x6ed9eba1), 15);
        }
    }

    /**
     * Cryptography support - HMACMD5 - algorithmically based on various web resources by Karl Wright
     */
    static class HMACMD5 {
        protected byte[] ipad;
        protected byte[] opad;
        protected MessageDigest md5;

        HMACMD5(byte[] key) throws NTLMEngineException {
            try {
                md5 = MessageDigest.getInstance("MD5");
            } catch (Exception ex) {
                // Umm, the algorithm doesn't exist - throw an NTLMEngineException!
                throw new NTLMEngineException("Error getting md5 message digest implementation: " + ex.getMessage(),
                        ex);
            }

            // Initialize the pad buffers with the key
            ipad = new byte[64];
            opad = new byte[64];

            int keyLength = key.length;
            if (keyLength > 64) {
                // Use MD5 of the key instead, as described in RFC 2104
                md5.update(key);
                key = md5.digest();
                keyLength = key.length;
            }
            int i = 0;
            while (i < keyLength) {
                ipad[i] = (byte) (key[i] ^ (byte) 0x36);
                opad[i] = (byte) (key[i] ^ (byte) 0x5c);
                i++;
            }
            while (i < 64) {
                ipad[i] = (byte) 0x36;
                opad[i] = (byte) 0x5c;
                i++;
            }

            // Very important: update the digest with the ipad buffer
            md5.reset();
            md5.update(ipad);
        }

        /** Grab the current digest. This is the "answer". */
        byte[] getOutput() {
            byte[] digest = md5.digest();
            md5.update(opad);
            return md5.digest(digest);
        }

        /** Update by adding a complete array */
        void update(byte[] input) {
            md5.update(input);
        }

        /** Update the algorithm */
        void update(byte[] input, int offset, int length) {
            md5.update(input, offset, length);
        }
    }

    /**
     * Generate type 1 msg.
     *
     * @param domain the domain
     * @param workstation the workstation
     * @return the string
     * @throws NTLMEngineException the NTLM engine exception
     */
    public String generateType1Msg(final String domain, final String workstation) throws NTLMEngineException {
        return getType1Message(workstation, domain);
    }

    /**
     * Generate type 3 msg.
     *
     * @param username the username
     * @param password the password
     * @param domain the domain
     * @param workstation the workstation
     * @param challenge the challenge
     * @return the string
     * @throws NTLMEngineException the NTLM engine exception
     */
    public String generateType3Msg(final String username, final String password, final String domain,
            final String workstation, final String challenge) throws NTLMEngineException {
        Type2Message t2m = new Type2Message(challenge);
        return getType3Message(username, password, workstation, domain, t2m.getChallenge(), t2m.getFlags(),
                t2m.getTarget(), t2m.getTargetInfo());
    }

}