/** * * Copyright the original author or authors * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.jivesoftware.smackx.bytestreams.socks5; import java.io.DataInputStream; import java.io.DataOutputStream; import java.io.IOException; import java.net.InetAddress; import java.net.NetworkInterface; import java.net.ServerSocket; import java.net.Socket; import java.net.SocketException; import java.util.Collection; import java.util.Collections; import java.util.Enumeration; import java.util.HashSet; import java.util.LinkedHashSet; import java.util.LinkedList; import java.util.List; import java.util.Map; import java.util.Set; import java.util.concurrent.ConcurrentHashMap; import java.util.logging.Level; import java.util.logging.Logger; import org.jivesoftware.smack.SmackException; import org.jivesoftware.smack.util.StringUtils; /** * The Socks5Proxy class represents a local SOCKS5 proxy server. It can be enabled/disabled by * invoking {@link #setLocalSocks5ProxyEnabled(boolean)}. The proxy is enabled by default. *
* The port of the local SOCKS5 proxy can be configured by invoking * {@link #setLocalSocks5ProxyPort(int)}. Default port is 7777. If you set the port to a negative * value Smack tries to the absolute value and all following until it finds an open port. *
* If your application is running on a machine with multiple network interfaces or if you want to * provide your public address in case you are behind a NAT router, invoke * {@link #addLocalAddress(String)} or {@link #replaceLocalAddresses(Collection)} to modify the list of * local network addresses used for outgoing SOCKS5 Bytestream requests. *
* The local SOCKS5 proxy server refuses all connections except the ones that are explicitly allowed * in the process of establishing a SOCKS5 Bytestream ( * {@link Socks5BytestreamManager#establishSession(org.jxmpp.jid.Jid)}). *
* This Implementation has the following limitations: *
connect
command and will not answer correctly to other
* commands* Use this method if you want to provide multiple addresses in a SOCKS5 Bytestream request. * This may be necessary if your application is running on a machine with multiple network * interfaces or if you want to provide your public address in case you are behind a NAT router. *
* The order of the addresses used is determined by the order you add addresses. *
* Note that the list of addresses initially contains the address returned by
*
* Use this method if you want to provide multiple addresses in a SOCKS5 Bytestream request and
* want to define their order. This may be necessary if your application is running on a machine
* with multiple network interfaces or if you want to provide your public address in case you
* are behind a NAT router.
*
* @param addresses the new list of local network addresses
*/
public void replaceLocalAddresses(Collection
* The digest should be removed after establishing the SOCKS5 Bytestream is finished, an error
* occurred while establishing the connection or if the connection is not allowed anymore.
*
* @param digest to be removed from the list of allowed transfers
*/
protected void removeTransfer(String digest) {
this.allowedConnections.remove(digest);
this.connectionMap.remove(digest);
}
/**
* Returns InetAddress.getLocalHost().getHostAddress()
. You can replace the list of
* addresses by invoking {@link #replaceLocalAddresses(Collection)}.
*
* @param address the local network address to add
*/
public void addLocalAddress(String address) {
if (address == null) {
return;
}
synchronized (localAddresses) {
this.localAddresses.add(address);
}
}
/**
* Removes the given address from the list of local network addresses. This address will then no
* longer be used of outgoing SOCKS5 Bytestream requests.
*
* @param address the local network address to remove
* @return true if the address was removed.
*/
public boolean removeLocalAddress(String address) {
synchronized (localAddresses) {
return localAddresses.remove(address);
}
}
/**
* Returns an set of the local network addresses that will be used for streamhost
* candidates of outgoing SOCKS5 Bytestream requests.
*
* @return set of the local network addresses
*/
public Listtrue
if the local SOCKS5 proxy server is running, otherwise
* false
.
*
* @return true
if the local SOCKS5 proxy server is running, otherwise
* false
*/
public boolean isRunning() {
return this.serverSocket != null;
}
/**
* Implementation of a simplified SOCKS5 proxy server.
*/
private class Socks5ServerProcess implements Runnable {
@Override
public void run() {
while (true) {
Socket socket = null;
try {
if (Socks5Proxy.this.serverSocket == null || Socks5Proxy.this.serverSocket.isClosed()
|| Thread.currentThread().isInterrupted()) {
return;
}
// accept connection
socket = Socks5Proxy.this.serverSocket.accept();
// initialize connection
establishConnection(socket);
}
catch (SocketException e) {
/*
* do nothing, if caused by closing the server socket, thread will terminate in
* next loop
*/
}
catch (Exception e) {
try {
if (socket != null) {
socket.close();
}
}
catch (IOException e1) {
/* do nothing */
}
}
}
}
/**
* Negotiates a SOCKS5 connection and stores it on success.
*
* @param socket connection to the client
* @throws SmackException if client requests a connection in an unsupported way
* @throws IOException if a network error occurred
*/
private void establishConnection(Socket socket) throws SmackException, IOException {
DataOutputStream out = new DataOutputStream(socket.getOutputStream());
DataInputStream in = new DataInputStream(socket.getInputStream());
// first byte is version should be 5
int b = in.read();
if (b != 5) {
throw new SmackException("Only SOCKS5 supported");
}
// second byte number of authentication methods supported
b = in.read();
// read list of supported authentication methods
byte[] auth = new byte[b];
in.readFully(auth);
byte[] authMethodSelectionResponse = new byte[2];
authMethodSelectionResponse[0] = (byte) 0x05; // protocol version
// only authentication method 0, no authentication, supported
boolean noAuthMethodFound = false;
for (int i = 0; i < auth.length; i++) {
if (auth[i] == (byte) 0x00) {
noAuthMethodFound = true;
break;
}
}
if (!noAuthMethodFound) {
authMethodSelectionResponse[1] = (byte) 0xFF; // no acceptable methods
out.write(authMethodSelectionResponse);
out.flush();
throw new SmackException("Authentication method not supported");
}
authMethodSelectionResponse[1] = (byte) 0x00; // no-authentication method
out.write(authMethodSelectionResponse);
out.flush();
// receive connection request
byte[] connectionRequest = Socks5Utils.receiveSocks5Message(in);
// extract digest
String responseDigest = new String(connectionRequest, 5, connectionRequest[4], StringUtils.UTF8);
// return error if digest is not allowed
if (!Socks5Proxy.this.allowedConnections.contains(responseDigest)) {
connectionRequest[1] = (byte) 0x05; // set return status to 5 (connection refused)
out.write(connectionRequest);
out.flush();
throw new SmackException("Connection is not allowed");
}
connectionRequest[1] = (byte) 0x00; // set return status to 0 (success)
out.write(connectionRequest);
out.flush();
// store connection
Socks5Proxy.this.connectionMap.put(responseDigest, socket);
}
}
}