socks5logichandler.java

mina是以Java实现的一个开源的网络程序框架

            ctx.requestMutualAuth(true); // Mutual authentication
            ctx.requestConf(false);
            ctx.requestInteg(false);

            getSession().setAttribute(GSS_CONTEXT, ctx);
        }

        byte[] token = (byte[]) getSession().getAttribute(GSS_TOKEN);
        if (token != null) {
            logger.debug("  Received Token[{}] = {}", token.length,
                    ByteUtilities.asHex(token));
        }
        IoBuffer buf = null;

        if (!ctx.isEstablished()) {
            // token is ignored on the first call
            if (token == null) {
                token = new byte[32];
            }

            token = ctx.initSecContext(token, 0, token.length);

            // Send a token to the server if one was generated by
            // initSecContext
            if (token != null) {
                logger.debug("  Sending Token[{}] = {}", token.length,
                        ByteUtilities.asHex(token));

                getSession().setAttribute(GSS_TOKEN, token);
                buf = IoBuffer.allocate(4 + token.length);
                buf.put(new byte[] {
                        SocksProxyConstants.GSSAPI_AUTH_SUBNEGOTIATION_VERSION,
                        SocksProxyConstants.GSSAPI_MSG_TYPE });

                buf.put(ByteUtilities.intToNetworkByteOrder(token.length,
                        new byte[2], 0, 2));
                buf.put(token);
            }
        }

        return buf;
    }

    /**
     * Encode a SOCKS5 request and writes it to the next filter
     * so it can be sent to the proxy server.
     * 
     * @param nextFilter the next filter
     * @param request the request to send.
     * @param step the current step in the handshake process
     */
    private void writeRequest(final NextFilter nextFilter,
            final SocksProxyRequest request, int step) {
        try {
            IoBuffer buf = null;

            if (step == SocksProxyConstants.SOCKS5_GREETING_STEP) {
                buf = encodeInitialGreetingPacket(request);
            } else if (step == SocksProxyConstants.SOCKS5_AUTH_STEP) {
                // This step can happen multiple times like in GSSAPI auth for instance
                buf = encodeAuthenticationPacket(request);
                // If buf is null then go to the next step
                if (buf == null) {
                    step = SocksProxyConstants.SOCKS5_REQUEST_STEP;
                }
            }

            if (step == SocksProxyConstants.SOCKS5_REQUEST_STEP) {
                buf = encodeProxyRequestPacket(request);
            }

            buf.flip();
            writeData(nextFilter, buf);

        } catch (Exception ex) {
            closeSession("Unable to send Socks request: ", ex);
        }
    }

    /**
     * Handle incoming data during the handshake process. Should consume only the
     * handshake data from the buffer, leaving any extra data in place.
     */
    public synchronized void messageReceived(final NextFilter nextFilter,
            final IoBuffer buf) {
        try {
            int step = ((Integer) getSession().getAttribute(HANDSHAKE_STEP))
                    .intValue();

            if (step == SocksProxyConstants.SOCKS5_GREETING_STEP
                    && buf.get(0) != SocksProxyConstants.SOCKS_VERSION_5) {
                throw new IllegalStateException(
                        "Wrong socks version running on server");
            }

            if ((step == SocksProxyConstants.SOCKS5_GREETING_STEP || step == SocksProxyConstants.SOCKS5_AUTH_STEP)
                    && buf.remaining() >= 2) {
                handleResponse(nextFilter, buf, step);
            } else if (step == SocksProxyConstants.SOCKS5_REQUEST_STEP
                    && buf.remaining() >= 5) {
                handleResponse(nextFilter, buf, step);
            }
        } catch (Exception ex) {
            closeSession("Proxy handshake failed: ", ex);
        }
    }

    /**
     * Handle a SOCKS v5 response from the proxy server.
     */
    protected void handleResponse(final NextFilter nextFilter,
            final IoBuffer buf, int step) throws Exception {
        int len = 2;
        if (step == SocksProxyConstants.SOCKS5_GREETING_STEP) {
            // Send greeting message
            byte method = buf.get(1);

            if (method == SocksProxyConstants.NO_ACCEPTABLE_AUTH_METHOD) {
                throw new IllegalStateException(
                        "No acceptable authentication method to use the socks proxy server");
            }

            getSession().setAttribute(SELECTED_AUTH_METHOD, new Byte(method));

        } else if (step == SocksProxyConstants.SOCKS5_AUTH_STEP) {
            // Authentication to the SOCKS server 
            byte method = ((Byte) getSession().getAttribute(
                    Socks5LogicHandler.SELECTED_AUTH_METHOD)).byteValue();

            if (method == SocksProxyConstants.GSSAPI_AUTH) {
                int oldPos = buf.position();

                if (buf.get(0) != 0x01) {
                    throw new IllegalStateException("Authentication failed");
                }
                if (buf.get(1) == 0xFF) {
                    throw new IllegalStateException(
                            "Authentication failed: GSS API Security Context Failure");
                }

                if (buf.remaining() >= 2) {
                    byte[] size = new byte[2];
                    buf.get(size);
                    int s = ByteUtilities.makeIntFromByte2(size);
                    if (buf.remaining() >= s) {
                        byte[] token = new byte[s];
                        buf.get(token);
                        getSession().setAttribute(GSS_TOKEN, token);
                        len = 0;
                    } else {
                        //buf.position(oldPos);
                        return;
                    }
                } else {
                    buf.position(oldPos);
                    return;
                }
            } else if (buf.get(1) != SocksProxyConstants.V5_REPLY_SUCCEEDED) {
                throw new IllegalStateException("Authentication failed");
            }

        } else if (step == SocksProxyConstants.SOCKS5_REQUEST_STEP) {
            // Send the request
            byte addressType = buf.get(3);
            len = 6;
            if (addressType == SocksProxyConstants.IPV6_ADDRESS_TYPE) {
                len += 16;
            } else if (addressType == SocksProxyConstants.IPV4_ADDRESS_TYPE) {
                len += 4;
            } else if (addressType == SocksProxyConstants.DOMAIN_NAME_ADDRESS_TYPE) {
                len += 1 + ((short) buf.get(4));
            } else {
                throw new IllegalStateException("Unknwon address type");
            }

            if (buf.remaining() >= len) {
                // handle response
                byte status = buf.get(1);
                logger.debug("  response status: {}", SocksProxyConstants
                        .getReplyCodeAsString(status));

                if (status == SocksProxyConstants.V5_REPLY_SUCCEEDED) {
                    buf.position(buf.position() + len);
                    setHandshakeComplete();
                    return;
                } else
                    throw new Exception("Proxy handshake failed - Code: 0x"
                            + ByteUtilities.asHex(new byte[] { status }));
            } else
                return;
        }

        if (len > 0) {
            buf.position(buf.position() + len);
        }

        // Move to the handshaking next step if not in the middle of
        // the authentication process
        boolean isAuthenticating = false;
        if (step == SocksProxyConstants.SOCKS5_AUTH_STEP) {
            byte method = ((Byte) getSession().getAttribute(
                    Socks5LogicHandler.SELECTED_AUTH_METHOD)).byteValue();
            if (method == SocksProxyConstants.GSSAPI_AUTH) {
                GSSContext ctx = (GSSContext) getSession().getAttribute(
                        GSS_CONTEXT);
                if (ctx == null || !ctx.isEstablished()) {
                    isAuthenticating = true;
                }
            }
        }

        if (!isAuthenticating) {
            getSession().setAttribute(HANDSHAKE_STEP, ++step);
        }

        doHandshake(nextFilter);
    }

    /**
     * {@inheritDoc}
     */
    @Override
    protected void closeSession(String message) {
        GSSContext ctx = (GSSContext) getSession().getAttribute(GSS_CONTEXT);
        if (ctx != null) {
            try {
                ctx.dispose();
            } catch (GSSException e) {
                e.printStackTrace();
                super.closeSession(message, e);
                return;
            }
        }
        super.closeSession(message);
    }
}