Package jcifs.smb

Class NtlmPasswordAuthentication

java.lang.Object
jcifs.smb.NtlmPasswordAuthentication
All Implemented Interfaces:
Serializable, Principal

public final class NtlmPasswordAuthentication extends Object implements Principal, Serializable
This class stores and encrypts NTLM user credentials. The default credentials are retrieved from the jcifs.smb.client.domain, jcifs.smb.client.username, and jcifs.smb.client.password properties.

Read jCIFS Exceptions and NtlmAuthenticator for related information.

See Also:
  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
     
  • Constructor Summary

    Constructors
    Constructor
    Description
    Create an NtlmPasswordAuthentication object from the userinfo component of an SMB URL like "domain;user:pass".
    NtlmPasswordAuthentication(String domain, String username, byte[] challenge, byte[] ansiHash, byte[] unicodeHash)
    Create an NtlmPasswordAuthentication object with raw password hashes.
    NtlmPasswordAuthentication(String domain, String username, String password)
    Create an NtlmPasswordAuthentication object from a domain, username, and password.
  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    Compares two NtlmPasswordAuthentication objects for equality.
    byte[]
    getAnsiHash(byte[] challenge)
    Computes the 24 byte ANSI password hash given the 8 byte server challenge.
    Returns the domain.
    static byte[]
    getLMv2Response(byte[] responseKeyLM, byte[] serverChallenge, byte[] clientChallenge)
     
    static byte[]
    getLMv2Response(String domain, String user, String password, byte[] challenge, byte[] clientChallenge)
    Creates the LMv2 response for the supplied information.
    Return the domain and username in the format: domain\\username.
    static byte[]
    getNTLM2Response(byte[] nTOWFv1, byte[] serverChallenge, byte[] clientChallenge)
     
    static byte[]
    getNTLMResponse(String password, byte[] challenge)
    Generate the Unicode MD4 hash for the password associated with these credentials.
    static byte[]
    getNTLMv2Response(byte[] responseKeyNT, byte[] serverChallenge, byte[] clientChallenge, long nanos1601, byte[] targetInfo)
     
    Returns the password in plain text or null if the raw password hashes were used to construct this NtlmPasswordAuthentication object which will be the case when NTLM HTTP Authentication is used.
    static byte[]
    getPreNTLMResponse(String password, byte[] challenge)
    Generate the ANSI DES hash for the password associated with these credentials.
    byte[]
    getSigningKey(byte[] challenge)
     
    byte[]
    getUnicodeHash(byte[] challenge)
    Computes the 24 byte Unicode password hash given the 8 byte server challenge.
    Returns the username.
    byte[]
    getUserSessionKey(byte[] challenge)
    Returns the effective user session key.
    int
    Return the upcased username hash code.
    static byte[]
    nTOWFv1(String password)
     
    static byte[]
    nTOWFv2(String domain, String username, String password)
     
    Return the domain and username in the format: domain\\username.

    Methods inherited from class java.lang.Object

    clone, finalize, getClass, notify, notifyAll, wait, wait, wait

    Methods inherited from interface java.security.Principal

    implies
  • Field Details

  • Constructor Details

    • NtlmPasswordAuthentication

      public NtlmPasswordAuthentication(String userInfo)
      Create an NtlmPasswordAuthentication object from the userinfo component of an SMB URL like "domain;user:pass". This constructor is used internally be jCIFS when parsing SMB URLs.
    • NtlmPasswordAuthentication

      public NtlmPasswordAuthentication(String domain, String username, String password)
      Create an NtlmPasswordAuthentication object from a domain, username, and password. Parameters that are null will be substituted with jcifs.smb.client.domain, jcifs.smb.client.username, jcifs.smb.client.password property values.
    • NtlmPasswordAuthentication

      public NtlmPasswordAuthentication(String domain, String username, byte[] challenge, byte[] ansiHash, byte[] unicodeHash)
      Create an NtlmPasswordAuthentication object with raw password hashes. This is used exclusively by the jcifs.http.NtlmSsp class which is in turn used by NTLM HTTP authentication functionality.
  • Method Details

    • getPreNTLMResponse

      public static byte[] getPreNTLMResponse(String password, byte[] challenge)
      Generate the ANSI DES hash for the password associated with these credentials.
    • getNTLMResponse

      public static byte[] getNTLMResponse(String password, byte[] challenge)
      Generate the Unicode MD4 hash for the password associated with these credentials.
    • getLMv2Response

      public static byte[] getLMv2Response(String domain, String user, String password, byte[] challenge, byte[] clientChallenge)
      Creates the LMv2 response for the supplied information.
      Parameters:
      domain - The domain in which the username exists.
      user - The username.
      password - The user's password.
      challenge - The server challenge.
      clientChallenge - The client challenge (nonce).
    • getNTLM2Response

      public static byte[] getNTLM2Response(byte[] nTOWFv1, byte[] serverChallenge, byte[] clientChallenge)
    • nTOWFv1

      public static byte[] nTOWFv1(String password)
    • nTOWFv2

      public static byte[] nTOWFv2(String domain, String username, String password)
    • getLMv2Response

      public static byte[] getLMv2Response(byte[] responseKeyLM, byte[] serverChallenge, byte[] clientChallenge)
    • getNTLMv2Response

      public static byte[] getNTLMv2Response(byte[] responseKeyNT, byte[] serverChallenge, byte[] clientChallenge, long nanos1601, byte[] targetInfo)
    • getDomain

      public String getDomain()
      Returns the domain.
    • getUsername

      public String getUsername()
      Returns the username.
    • getPassword

      public String getPassword()
      Returns the password in plain text or null if the raw password hashes were used to construct this NtlmPasswordAuthentication object which will be the case when NTLM HTTP Authentication is used. There is no way to retrieve a users password in plain text unless it is supplied by the user at runtime.
    • getName

      public String getName()
      Return the domain and username in the format: domain\\username. This is equivalent to toString().
      Specified by:
      getName in interface Principal
    • getAnsiHash

      public byte[] getAnsiHash(byte[] challenge)
      Computes the 24 byte ANSI password hash given the 8 byte server challenge.
    • getUnicodeHash

      public byte[] getUnicodeHash(byte[] challenge)
      Computes the 24 byte Unicode password hash given the 8 byte server challenge.
    • getSigningKey

      public byte[] getSigningKey(byte[] challenge) throws SmbException
      Throws:
      SmbException
    • getUserSessionKey

      public byte[] getUserSessionKey(byte[] challenge)
      Returns the effective user session key.
      Parameters:
      challenge - The server challenge.
      Returns:
      A byte[] containing the effective user session key, used in SMB MAC signing and NTLMSSP signing and sealing.
    • equals

      public boolean equals(Object obj)
      Compares two NtlmPasswordAuthentication objects for equality. Two NtlmPasswordAuthentication objects are equal if their caseless domain and username fields are equal and either both hashes are external and they are equal or both internally supplied passwords are equal. If one NtlmPasswordAuthentication object has external hashes (meaning negotiated via NTLM HTTP Authentication) and the other does not they will not be equal. This is technically not correct however the server 8 byte challage would be required to compute and compare the password hashes but that it not available with this method.
      Specified by:
      equals in interface Principal
      Overrides:
      equals in class Object
    • hashCode

      public int hashCode()
      Return the upcased username hash code.
      Specified by:
      hashCode in interface Principal
      Overrides:
      hashCode in class Object
    • toString

      public String toString()
      Return the domain and username in the format: domain\\username. This is equivalent to getName().
      Specified by:
      toString in interface Principal
      Overrides:
      toString in class Object