/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. * */ package org.apache.vysper.xmpp.extension.xep0065_socks; import java.io.UnsupportedEncodingException; import java.util.ArrayList; import java.util.EnumSet; import java.util.List; import org.apache.mina.core.buffer.IoBuffer; import org.apache.mina.core.service.IoHandler; import org.apache.mina.core.service.IoHandlerAdapter; import org.apache.mina.core.session.AttributeKey; import org.apache.mina.core.session.IdleStatus; import org.apache.mina.core.session.IoSession; import org.slf4j.Logger; import org.slf4j.LoggerFactory; /** * {@link IoHandler} for a SOCKS5 proxy in accordance with RFC 1928 and XEP-0065. * * @author The Apache MINA Project (dev@mina.apache.org) */ public class Socks5AcceptorHandler extends IoHandlerAdapter { public static final AttributeKey STATE_KEY = new AttributeKey(Socks5AcceptorHandler.class, "state"); public static final AttributeKey PAIR_KEY = new AttributeKey(Socks5AcceptorHandler.class, "pair"); private static final byte SOCKS_VERSION = 5; private static final byte AUTH_NO_AUTH = 0; private static final byte AUTH_USERNAME_PASSWORD = 2; private static final byte AUTH_NOT_SUPPORTED = 0x55; public enum ProxyState { OPENED, INITIATED, CONNECTED, CLOSED } private final Logger log = LoggerFactory.getLogger(Socks5AcceptorHandler.class); private Socks5ConnectionsRegistry connections; public enum Socks5AuthType { NO_AUTH, USERNAME_PASSWORD } /** * Packet parsing for SOCKS5 opening packets */ public static class OpeningPacket { private EnumSet<Socks5AuthType> authTypes; public OpeningPacket(IoBuffer buffer) { if (buffer.remaining() < 3) throw new IllegalArgumentException(); byte socksVersion = buffer.get(); if (socksVersion != SOCKS_VERSION) throw new IllegalArgumentException(); byte noOfAuth = buffer.get(); if (buffer.remaining() != noOfAuth) throw new IllegalArgumentException(); byte[] authMethods = new byte[noOfAuth]; buffer.get(authMethods); List<Socks5AuthType> authTypes = new ArrayList<Socks5AuthType>(); for (byte a : authMethods) { if (a == AUTH_NO_AUTH) authTypes.add(Socks5AuthType.NO_AUTH); else if (a == AUTH_USERNAME_PASSWORD) authTypes.add(Socks5AuthType.USERNAME_PASSWORD); } this.authTypes = EnumSet.copyOf(authTypes); } public EnumSet<Socks5AuthType> getAuthTypes() { return authTypes; } public boolean isAuthSupported() { return authTypes.contains(Socks5AuthType.NO_AUTH); } public IoBuffer createResponse() { if (isAuthSupported()) { // no auth return IoBuffer.wrap(new byte[] { SOCKS_VERSION, AUTH_NO_AUTH }); } else { // not supported return IoBuffer.wrap(new byte[] { SOCKS_VERSION, AUTH_NOT_SUPPORTED }); } } } /** * Packet parsing for SOCKS5 initating packets */ public static class InitiatingPacket { private static final byte RESERVED = 0; private static final byte REQUEST_GRANTED = 0; private static final byte ADDR_TYPE_NAME = 0x03; // TODO charset? private static final String CHARSET = "ASCII"; private byte addrType; private byte[] addressBuffer; private String address; private short port; public InitiatingPacket(IoBuffer buffer) { if (buffer.remaining() < 9) throw new IllegalArgumentException(); byte socksVersion = buffer.get(); if (socksVersion != SOCKS_VERSION) { throw new IllegalArgumentException(); } byte cmdCode = buffer.get(); if (cmdCode != 1) { throw new IllegalArgumentException("Only supports TCP stream connections"); } byte reserved = buffer.get(); if (reserved != 0) { throw new IllegalArgumentException("Reserved bit must be 0"); } addrType = buffer.get(); if (addrType == ADDR_TYPE_NAME) { addressBuffer = new byte[buffer.get()]; } else { throw new IllegalArgumentException("Must use domain name address type"); } buffer.get(addressBuffer); try { this.address = new String(addressBuffer, CHARSET); } catch (UnsupportedEncodingException ignored) { ; } this.port = buffer.getShort(); } public String getAddress() { return address; } public short getPort() { return port; } public IoBuffer createResponse() { IoBuffer b = IoBuffer.allocate(10).setAutoExpand(true); b.put(SOCKS_VERSION); b.put(REQUEST_GRANTED); // approved b.put(RESERVED); // reserved b.put(addrType); b.put((byte) addressBuffer.length); b.put(addressBuffer); b.putShort(port); return b.flip(); } } public Socks5AcceptorHandler(Socks5ConnectionsRegistry connections) { this.connections = connections; } /** * {@inheritDoc} */ public void sessionOpened(IoSession session) throws Exception { log.info("SOCKS5 session opened"); session.setAttribute(STATE_KEY, ProxyState.OPENED); } /** * {@inheritDoc} */ public void sessionIdle(IoSession session, IdleStatus status) throws Exception { log.info("SOCKS5 connection idle, will be closed"); Socks5Pair pair = getPair(session); if (pair != null) { pair.close(); } } /** * {@inheritDoc} */ public void messageReceived(final IoSession session, Object message) throws Exception { IoBuffer buffer = (IoBuffer) message; ProxyState state = getState(session); try { if (state == ProxyState.OPENED) { OpeningPacket packet = new OpeningPacket(buffer); if (packet.isAuthSupported()) { // no auth setState(session, ProxyState.INITIATED); session.write(packet.createResponse()); log.info("SOCKS5 session initiated"); } else { // not supported session.write(packet.createResponse()); session.close(false); log.info("SOCKS5 session closed"); } } else if (state == ProxyState.INITIATED) { InitiatingPacket packet = new InitiatingPacket(buffer); session.write(packet.createResponse()); setState(session, ProxyState.CONNECTED); String hash = packet.getAddress(); Socks5Pair pair = connections.register(hash, session); session.setAttribute(PAIR_KEY, pair); } else { Socks5Pair pair = getPair(session); if (pair != null && pair.isActivated()) { pair.getOther(session).write(message); } else { // writing before activated, close pair.close(); } } } catch (IllegalArgumentException e) { session.close(false); log.info("SOCKS5 session closed"); } } /** * {@inheritDoc} */ public void sessionClosed(IoSession session) throws Exception { log.info("SOCKS5 connection closed"); Socks5Pair pair = getPair(session); if (pair != null) { pair.close(); } } /** * {@inheritDoc} */ public void exceptionCaught(IoSession session, Throwable cause) throws Exception { log.error("Exception caused in SOCKS5 proxy, probably a bug in Vysper", cause); Socks5Pair pair = getPair(session); if(pair != null) { pair.close(); } else { session.close(false); } } private void setState(final IoSession session, ProxyState state) { session.setAttribute(STATE_KEY, state); } private ProxyState getState(final IoSession session) { return (ProxyState) session.getAttribute(STATE_KEY); } private Socks5Pair getPair(final IoSession session) { Socks5Pair pair = (Socks5Pair) session.getAttribute(PAIR_KEY); return pair; } }