/* * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package java.net; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.io.BufferedOutputStream; import java.security.AccessController; import java.security.PrivilegedAction; import java.security.PrivilegedExceptionAction; import sun.net.SocksProxy; import sun.net.www.ParseUtil; /* import org.ietf.jgss.*; */ /** * SOCKS (V4 & V5) TCP socket implementation (RFC 1928). * This is a subclass of PlainSocketImpl. * Note this class should NOT be public. */ class SocksSocketImpl extends PlainSocketImpl implements SocksConsts { private String server = null; private int serverPort = DEFAULT_PORT; private InetSocketAddress external_address; private boolean useV4 = false; private Socket cmdsock = null; private InputStream cmdIn = null; private OutputStream cmdOut = null; /* true if the Proxy has been set programatically */ private boolean applicationSetProxy; /* false */ SocksSocketImpl() { // Nothing needed } SocksSocketImpl(String server, int port) { this.server = server; this.serverPort = (port == -1 ? DEFAULT_PORT : port); } SocksSocketImpl(Proxy proxy) { SocketAddress a = proxy.address(); if (a instanceof InetSocketAddress) { InetSocketAddress ad = (InetSocketAddress) a; // Use getHostString() to avoid reverse lookups server = ad.getHostString(); serverPort = ad.getPort(); } } void setV4() { useV4 = true; } private synchronized void privilegedConnect(final String host, final int port, final int timeout) throws IOException { try { AccessController.doPrivileged( new java.security.PrivilegedExceptionAction() { public Void run() throws IOException { superConnectServer(host, port, timeout); cmdIn = getInputStream(); cmdOut = getOutputStream(); return null; } }); } catch (java.security.PrivilegedActionException pae) { throw (IOException) pae.getException(); } } private void superConnectServer(String host, int port, int timeout) throws IOException { super.connect(new InetSocketAddress(host, port), timeout); } private static int remainingMillis(long deadlineMillis) throws IOException { if (deadlineMillis == 0L) return 0; final long remaining = deadlineMillis - System.currentTimeMillis(); if (remaining > 0) return (int) remaining; throw new SocketTimeoutException(); } private int readSocksReply(InputStream in, byte[] data) throws IOException { return readSocksReply(in, data, 0L); } private int readSocksReply(InputStream in, byte[] data, long deadlineMillis) throws IOException { int len = data.length; int received = 0; for (int attempts = 0; received < len && attempts < 3; attempts++) { int count; try { count = ((SocketInputStream)in).read(data, received, len - received, remainingMillis(deadlineMillis)); } catch (SocketTimeoutException e) { throw new SocketTimeoutException("Connect timed out"); } if (count < 0) throw new SocketException("Malformed reply from SOCKS server"); received += count; } return received; } /** * Provides the authentication machanism required by the proxy. */ private boolean authenticate(byte method, InputStream in, BufferedOutputStream out) throws IOException { return authenticate(method, in, out, 0L); } private boolean authenticate(byte method, InputStream in, BufferedOutputStream out, long deadlineMillis) throws IOException { // No Authentication required. We're done then! if (method == NO_AUTH) return true; /** * User/Password authentication. Try, in that order : * - The application provided Authenticator, if any * - the user.name & no password (backward compatibility behavior). */ if (method == USER_PASSW) { String userName; String password = null; final InetAddress addr = InetAddress.getByName(server); PasswordAuthentication pw = java.security.AccessController.doPrivileged( new java.security.PrivilegedAction() { public PasswordAuthentication run() { return Authenticator.requestPasswordAuthentication( server, addr, serverPort, "SOCKS5", "SOCKS authentication", null); } }); if (pw != null) { userName = pw.getUserName(); password = new String(pw.getPassword()); } else { userName = java.security.AccessController.doPrivileged( new sun.security.action.GetPropertyAction("user.name")); } if (userName == null) return false; out.write(1); out.write(userName.length()); try { out.write(userName.getBytes("ISO-8859-1")); } catch (java.io.UnsupportedEncodingException uee) { assert false; } if (password != null) { out.write(password.length()); try { out.write(password.getBytes("ISO-8859-1")); } catch (java.io.UnsupportedEncodingException uee) { assert false; } } else out.write(0); out.flush(); byte[] data = new byte[2]; int i = readSocksReply(in, data, deadlineMillis); if (i != 2 || data[1] != 0) { /* RFC 1929 specifies that the connection MUST be closed if authentication fails */ out.close(); in.close(); return false; } /* Authentication succeeded */ return true; } /** * GSSAPI authentication mechanism. * Unfortunately the RFC seems out of sync with the Reference * implementation. I'll leave this in for future completion. */ // if (method == GSSAPI) { // try { // GSSManager manager = GSSManager.getInstance(); // GSSName name = manager.createName("SERVICE:socks@"+server, // null); // GSSContext context = manager.createContext(name, null, null, // GSSContext.DEFAULT_LIFETIME); // context.requestMutualAuth(true); // context.requestReplayDet(true); // context.requestSequenceDet(true); // context.requestCredDeleg(true); // byte []inToken = new byte[0]; // while (!context.isEstablished()) { // byte[] outToken // = context.initSecContext(inToken, 0, inToken.length); // // send the output token if generated // if (outToken != null) { // out.write(1); // out.write(1); // out.writeShort(outToken.length); // out.write(outToken); // out.flush(); // data = new byte[2]; // i = readSocksReply(in, data, deadlineMillis); // if (i != 2 || data[1] == 0xff) { // in.close(); // out.close(); // return false; // } // i = readSocksReply(in, data, deadlineMillis); // int len = 0; // len = ((int)data[0] & 0xff) << 8; // len += data[1]; // data = new byte[len]; // i = readSocksReply(in, data, deadlineMillis); // if (i == len) // return true; // in.close(); // out.close(); // } // } // } catch (GSSException e) { // /* RFC 1961 states that if Context initialisation fails the connection // MUST be closed */ // e.printStackTrace(); // in.close(); // out.close(); // } // } return false; } private void connectV4(InputStream in, OutputStream out, InetSocketAddress endpoint, long deadlineMillis) throws IOException { if (!(endpoint.getAddress() instanceof Inet4Address)) { throw new SocketException("SOCKS V4 requires IPv4 only addresses"); } out.write(PROTO_VERS4); out.write(CONNECT); out.write((endpoint.getPort() >> 8) & 0xff); out.write((endpoint.getPort() >> 0) & 0xff); out.write(endpoint.getAddress().getAddress()); String userName = getUserName(); try { out.write(userName.getBytes("ISO-8859-1")); } catch (java.io.UnsupportedEncodingException uee) { assert false; } out.write(0); out.flush(); byte[] data = new byte[8]; int n = readSocksReply(in, data, deadlineMillis); if (n != 8) throw new SocketException("Reply from SOCKS server has bad length: " + n); if (data[0] != 0 && data[0] != 4) throw new SocketException("Reply from SOCKS server has bad version"); SocketException ex = null; switch (data[1]) { case 90: // Success! external_address = endpoint; break; case 91: ex = new SocketException("SOCKS request rejected"); break; case 92: ex = new SocketException("SOCKS server couldn't reach destination"); break; case 93: ex = new SocketException("SOCKS authentication failed"); break; default: ex = new SocketException("Reply from SOCKS server contains bad status"); break; } if (ex != null) { in.close(); out.close(); throw ex; } } /** * Connects the Socks Socket to the specified endpoint. It will first * connect to the SOCKS proxy and negotiate the access. If the proxy * grants the connections, then the connect is successful and all * further traffic will go to the "real" endpoint. * * @param endpoint the {@code SocketAddress} to connect to. * @param timeout the timeout value in milliseconds * @throws IOException if the connection can't be established. * @throws SecurityException if there is a security manager and it * doesn't allow the connection * @throws IllegalArgumentException if endpoint is null or a * SocketAddress subclass not supported by this socket */ @Override protected void connect(SocketAddress endpoint, int timeout) throws IOException { final long deadlineMillis; if (timeout == 0) { deadlineMillis = 0L; } else { long finish = System.currentTimeMillis() + timeout; deadlineMillis = finish < 0 ? Long.MAX_VALUE : finish; } SecurityManager security = System.getSecurityManager(); if (endpoint == null || !(endpoint instanceof InetSocketAddress)) throw new IllegalArgumentException("Unsupported address type"); InetSocketAddress epoint = (InetSocketAddress) endpoint; if (security != null) { if (epoint.isUnresolved()) security.checkConnect(epoint.getHostName(), epoint.getPort()); else security.checkConnect(epoint.getAddress().getHostAddress(), epoint.getPort()); } if (server == null) { // Android-removed: Logic to establish proxy connection based on default ProxySelector /* * Removed code that tried to establish proxy connection if * ProxySelector#getDefault() is not null. * This was never the case in previous android releases, was causing * issues and therefore was removed. */ super.connect(epoint, remainingMillis(deadlineMillis)); return; } else { // Connects to the SOCKS server try { privilegedConnect(server, serverPort, remainingMillis(deadlineMillis)); } catch (IOException e) { throw new SocketException(e.getMessage()); } } // cmdIn & cmdOut were initialized during the privilegedConnect() call BufferedOutputStream out = new BufferedOutputStream(cmdOut, 512); InputStream in = cmdIn; if (useV4) { // SOCKS Protocol version 4 doesn't know how to deal with // DOMAIN type of addresses (unresolved addresses here) if (epoint.isUnresolved()) throw new UnknownHostException(epoint.toString()); connectV4(in, out, epoint, deadlineMillis); return; } // This is SOCKS V5 out.write(PROTO_VERS); out.write(2); out.write(NO_AUTH); out.write(USER_PASSW); out.flush(); byte[] data = new byte[2]; int i = readSocksReply(in, data, deadlineMillis); if (i != 2 || ((int)data[0]) != PROTO_VERS) { // Maybe it's not a V5 sever after all // Let's try V4 before we give up // SOCKS Protocol version 4 doesn't know how to deal with // DOMAIN type of addresses (unresolved addresses here) if (epoint.isUnresolved()) throw new UnknownHostException(epoint.toString()); connectV4(in, out, epoint, deadlineMillis); return; } if (((int)data[1]) == NO_METHODS) throw new SocketException("SOCKS : No acceptable methods"); if (!authenticate(data[1], in, out, deadlineMillis)) { throw new SocketException("SOCKS : authentication failed"); } out.write(PROTO_VERS); out.write(CONNECT); out.write(0); /* Test for IPV4/IPV6/Unresolved */ if (epoint.isUnresolved()) { out.write(DOMAIN_NAME); out.write(epoint.getHostName().length()); try { out.write(epoint.getHostName().getBytes("ISO-8859-1")); } catch (java.io.UnsupportedEncodingException uee) { assert false; } out.write((epoint.getPort() >> 8) & 0xff); out.write((epoint.getPort() >> 0) & 0xff); } else if (epoint.getAddress() instanceof Inet6Address) { out.write(IPV6); out.write(epoint.getAddress().getAddress()); out.write((epoint.getPort() >> 8) & 0xff); out.write((epoint.getPort() >> 0) & 0xff); } else { out.write(IPV4); out.write(epoint.getAddress().getAddress()); out.write((epoint.getPort() >> 8) & 0xff); out.write((epoint.getPort() >> 0) & 0xff); } out.flush(); data = new byte[4]; i = readSocksReply(in, data, deadlineMillis); if (i != 4) throw new SocketException("Reply from SOCKS server has bad length"); SocketException ex = null; int len; byte[] addr; switch (data[1]) { case REQUEST_OK: // success! switch(data[3]) { case IPV4: addr = new byte[4]; i = readSocksReply(in, addr, deadlineMillis); if (i != 4) throw new SocketException("Reply from SOCKS server badly formatted"); data = new byte[2]; i = readSocksReply(in, data, deadlineMillis); if (i != 2) throw new SocketException("Reply from SOCKS server badly formatted"); break; case DOMAIN_NAME: len = data[1]; byte[] host = new byte[len]; i = readSocksReply(in, host, deadlineMillis); if (i != len) throw new SocketException("Reply from SOCKS server badly formatted"); data = new byte[2]; i = readSocksReply(in, data, deadlineMillis); if (i != 2) throw new SocketException("Reply from SOCKS server badly formatted"); break; case IPV6: len = data[1]; addr = new byte[len]; i = readSocksReply(in, addr, deadlineMillis); if (i != len) throw new SocketException("Reply from SOCKS server badly formatted"); data = new byte[2]; i = readSocksReply(in, data, deadlineMillis); if (i != 2) throw new SocketException("Reply from SOCKS server badly formatted"); break; default: ex = new SocketException("Reply from SOCKS server contains wrong code"); break; } break; case GENERAL_FAILURE: ex = new SocketException("SOCKS server general failure"); break; case NOT_ALLOWED: ex = new SocketException("SOCKS: Connection not allowed by ruleset"); break; case NET_UNREACHABLE: ex = new SocketException("SOCKS: Network unreachable"); break; case HOST_UNREACHABLE: ex = new SocketException("SOCKS: Host unreachable"); break; case CONN_REFUSED: ex = new SocketException("SOCKS: Connection refused"); break; case TTL_EXPIRED: ex = new SocketException("SOCKS: TTL expired"); break; case CMD_NOT_SUPPORTED: ex = new SocketException("SOCKS: Command not supported"); break; case ADDR_TYPE_NOT_SUP: ex = new SocketException("SOCKS: address type not supported"); break; } if (ex != null) { in.close(); out.close(); throw ex; } external_address = epoint; } /** * Returns the value of this socket's {@code address} field. * * @return the value of this socket's {@code address} field. * @see java.net.SocketImpl#address */ @Override protected InetAddress getInetAddress() { if (external_address != null) return external_address.getAddress(); else return super.getInetAddress(); } /** * Returns the value of this socket's {@code port} field. * * @return the value of this socket's {@code port} field. * @see java.net.SocketImpl#port */ @Override protected int getPort() { if (external_address != null) return external_address.getPort(); else return super.getPort(); } @Override protected int getLocalPort() { if (socket != null) return super.getLocalPort(); if (external_address != null) return external_address.getPort(); else return super.getLocalPort(); } @Override protected void close() throws IOException { if (cmdsock != null) cmdsock.close(); cmdsock = null; super.close(); } private String getUserName() { String userName = ""; if (applicationSetProxy) { try { userName = System.getProperty("user.name"); } catch (SecurityException se) { /* swallow Exception */ } } else { userName = java.security.AccessController.doPrivileged( new sun.security.action.GetPropertyAction("user.name")); } return userName; } }