Hello all, My quest for NTLM Authentication in HttpClient (and thence into the WebDAV client of Slide) has begun in full swing. I now have a class which correctly produces the two messages that need to be sent by the server and should be able to correctly parse the response from the server. In short, it's NTLM authentication without anything to handle a connection.
I have a couple of issues though which are based around legalities and licences and would like to get opinions from more experienced people and perhaps some alternatives if required. NTLM uses both DES (ECB, no padding) and MD4 encription for which I have found existing implementations in Java under licenses that my company seems to be able to use, but which may not be able to be integrated into HttpClient. I have been unable to get Sun's DES implementation (from the JCE) to correctly encrypt the string, plus it adds a dependency that I'd like to avoid (the JCE, which is slow to load and not available in a default install before 1.4). For server side code (like what Jakarta focusses on) getting the JCE to work is probably the best option, but I happen to be developing an Applet so it's annoying to have to add so much extra download. Opinions on the best way to go about this and on the compatibility of licenses would be appreciated. The DES code was taken out of the JCIFS project (http://jcifs.samba.org/) which is GPL and thus obviously incompatible. However the following license is included at the top of the source code file that I need: // DesCipher - the DES encryption method // // The meat of this code is by Dave Zimmerman <[EMAIL PROTECTED]>, and is: // // Copyright (c) 1996 Widget Workshop, Inc. All Rights Reserved. // // Permission to use, copy, modify, and distribute this software // and its documentation for NON-COMMERCIAL or COMMERCIAL purposes and // without fee is hereby granted, provided that this copyright notice is kept // intact. // // WIDGET WORKSHOP MAKES NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY // OF THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED // TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A // PARTICULAR PURPOSE, OR NON-INFRINGEMENT. WIDGET WORKSHOP SHALL NOT BE LIABLE // FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR // DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. // // THIS SOFTWARE IS NOT DESIGNED OR INTENDED FOR USE OR RESALE AS ON-LINE // CONTROL EQUIPMENT IN HAZARDOUS ENVIRONMENTS REQUIRING FAIL-SAFE // PERFORMANCE, SUCH AS IN THE OPERATION OF NUCLEAR FACILITIES, AIRCRAFT // NAVIGATION OR COMMUNICATION SYSTEMS, AIR TRAFFIC CONTROL, DIRECT LIFE // SUPPORT MACHINES, OR WEAPONS SYSTEMS, IN WHICH THE FAILURE OF THE // SOFTWARE COULD LEAD DIRECTLY TO DEATH, PERSONAL INJURY, OR SEVERE // PHYSICAL OR ENVIRONMENTAL DAMAGE ("HIGH RISK ACTIVITIES"). WIDGET WORKSHOP // SPECIFICALLY DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY OF FITNESS FOR // HIGH RISK ACTIVITIES. // // // The rest is: // // Copyright (C) 1996 by Jef Poskanzer <[EMAIL PROTECTED]>. All rights reserved. // // Copyright (C) 1996 by Wolfgang Platzer // email: [EMAIL PROTECTED] // // All rights reserved. // // Redistribution and use in source and binary forms, with or without // modification, are permitted provided that the following conditions // are met: // 1. Redistributions of source code must retain the above copyright // notice, this list of conditions and the following disclaimer. // 2. Redistributions in binary form must reproduce the above copyright // notice, this list of conditions and the following disclaimer in the // documentation and/or other materials provided with the distribution. // // THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND // ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE // IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE // ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE // FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL // DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS // OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT // LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY // OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF // SUCH DAMAGE. // For the MD4 the license is: Copyright (c) 2000 The Legion Of The Bouncy Castle (http://www.bouncycastle.org) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Any lawyers around? Any other options? Adrian Sutton, Software Engineer Ephox Corporation www.ephox.com This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom they are addressed. Opinions contained in this email do not necessarily reflect the opinions of Ephox Corporation. If you have received this email in error please notify the sender immediately and delete all copies of the correspondence from your computer and/or computer network. No warranty is given that this message upon its receipt is virus free and the sender in this respect accepts no liability. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
