1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
|
/**
* All rights reserved. Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jivesoftware.smackx.bytestreams.socks5;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketException;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.jivesoftware.smack.SmackConfiguration;
import org.jivesoftware.smack.XMPPException;
/**
* The Socks5Proxy class represents a local SOCKS5 proxy server. It can be enabled/disabled by
* setting the <code>localSocks5ProxyEnabled</code> flag in the <code>smack-config.xml</code> or by
* invoking {@link SmackConfiguration#setLocalSocks5ProxyEnabled(boolean)}. The proxy is enabled by
* default.
* <p>
* The port of the local SOCKS5 proxy can be configured by setting <code>localSocks5ProxyPort</code>
* in the <code>smack-config.xml</code> or by invoking
* {@link SmackConfiguration#setLocalSocks5ProxyPort(int)}. Default port is 7777. If you set the
* port to a negative value Smack tries to the absolute value and all following until it finds an
* open port.
* <p>
* If your application is running on a machine with multiple network interfaces or if you want to
* provide your public address in case you are behind a NAT router, invoke
* {@link #addLocalAddress(String)} or {@link #replaceLocalAddresses(List)} to modify the list of
* local network addresses used for outgoing SOCKS5 Bytestream requests.
* <p>
* The local SOCKS5 proxy server refuses all connections except the ones that are explicitly allowed
* in the process of establishing a SOCKS5 Bytestream (
* {@link Socks5BytestreamManager#establishSession(String)}).
* <p>
* This Implementation has the following limitations:
* <ul>
* <li>only supports the no-authentication authentication method</li>
* <li>only supports the <code>connect</code> command and will not answer correctly to other
* commands</li>
* <li>only supports requests with the domain address type and will not correctly answer to requests
* with other address types</li>
* </ul>
* (see <a href="http://tools.ietf.org/html/rfc1928">RFC 1928</a>)
*
* @author Henning Staib
*/
public class Socks5Proxy {
/* SOCKS5 proxy singleton */
private static Socks5Proxy socks5Server;
/* reusable implementation of a SOCKS5 proxy server process */
private Socks5ServerProcess serverProcess;
/* thread running the SOCKS5 server process */
private Thread serverThread;
/* server socket to accept SOCKS5 connections */
private ServerSocket serverSocket;
/* assigns a connection to a digest */
private final Map<String, Socket> connectionMap = new ConcurrentHashMap<String, Socket>();
/* list of digests connections should be stored */
private final List<String> allowedConnections = Collections.synchronizedList(new LinkedList<String>());
private final Set<String> localAddresses = Collections.synchronizedSet(new LinkedHashSet<String>());
/**
* Private constructor.
*/
private Socks5Proxy() {
this.serverProcess = new Socks5ServerProcess();
// add default local address
try {
this.localAddresses.add(InetAddress.getLocalHost().getHostAddress());
}
catch (UnknownHostException e) {
// do nothing
}
}
/**
* Returns the local SOCKS5 proxy server.
*
* @return the local SOCKS5 proxy server
*/
public static synchronized Socks5Proxy getSocks5Proxy() {
if (socks5Server == null) {
socks5Server = new Socks5Proxy();
}
if (SmackConfiguration.isLocalSocks5ProxyEnabled()) {
socks5Server.start();
}
return socks5Server;
}
/**
* Starts the local SOCKS5 proxy server. If it is already running, this method does nothing.
*/
public synchronized void start() {
if (isRunning()) {
return;
}
try {
if (SmackConfiguration.getLocalSocks5ProxyPort() < 0) {
int port = Math.abs(SmackConfiguration.getLocalSocks5ProxyPort());
for (int i = 0; i < 65535 - port; i++) {
try {
this.serverSocket = new ServerSocket(port + i);
break;
}
catch (IOException e) {
// port is used, try next one
}
}
}
else {
this.serverSocket = new ServerSocket(SmackConfiguration.getLocalSocks5ProxyPort());
}
if (this.serverSocket != null) {
this.serverThread = new Thread(this.serverProcess);
this.serverThread.start();
}
}
catch (IOException e) {
// couldn't setup server
System.err.println("couldn't setup local SOCKS5 proxy on port "
+ SmackConfiguration.getLocalSocks5ProxyPort() + ": " + e.getMessage());
}
}
/**
* Stops the local SOCKS5 proxy server. If it is not running this method does nothing.
*/
public synchronized void stop() {
if (!isRunning()) {
return;
}
try {
this.serverSocket.close();
}
catch (IOException e) {
// do nothing
}
if (this.serverThread != null && this.serverThread.isAlive()) {
try {
this.serverThread.interrupt();
this.serverThread.join();
}
catch (InterruptedException e) {
// do nothing
}
}
this.serverThread = null;
this.serverSocket = null;
}
/**
* Adds the given address to the list of local network addresses.
* <p>
* Use this method if you want to provide multiple addresses in a SOCKS5 Bytestream request.
* This may be necessary if your application is running on a machine with multiple network
* interfaces or if you want to provide your public address in case you are behind a NAT router.
* <p>
* The order of the addresses used is determined by the order you add addresses.
* <p>
* Note that the list of addresses initially contains the address returned by
* <code>InetAddress.getLocalHost().getHostAddress()</code>. You can replace the list of
* addresses by invoking {@link #replaceLocalAddresses(List)}.
*
* @param address the local network address to add
*/
public void addLocalAddress(String address) {
if (address == null) {
throw new IllegalArgumentException("address may not be null");
}
this.localAddresses.add(address);
}
/**
* Removes the given address from the list of local network addresses. This address will then no
* longer be used of outgoing SOCKS5 Bytestream requests.
*
* @param address the local network address to remove
*/
public void removeLocalAddress(String address) {
this.localAddresses.remove(address);
}
/**
* Returns an unmodifiable list of the local network addresses that will be used for streamhost
* candidates of outgoing SOCKS5 Bytestream requests.
*
* @return unmodifiable list of the local network addresses
*/
public List<String> getLocalAddresses() {
return Collections.unmodifiableList(new ArrayList<String>(this.localAddresses));
}
/**
* Replaces the list of local network addresses.
* <p>
* Use this method if you want to provide multiple addresses in a SOCKS5 Bytestream request and
* want to define their order. This may be necessary if your application is running on a machine
* with multiple network interfaces or if you want to provide your public address in case you
* are behind a NAT router.
*
* @param addresses the new list of local network addresses
*/
public void replaceLocalAddresses(List<String> addresses) {
if (addresses == null) {
throw new IllegalArgumentException("list must not be null");
}
this.localAddresses.clear();
this.localAddresses.addAll(addresses);
}
/**
* Returns the port of the local SOCKS5 proxy server. If it is not running -1 will be returned.
*
* @return the port of the local SOCKS5 proxy server or -1 if proxy is not running
*/
public int getPort() {
if (!isRunning()) {
return -1;
}
return this.serverSocket.getLocalPort();
}
/**
* Returns the socket for the given digest. A socket will be returned if the given digest has
* been in the list of allowed transfers (see {@link #addTransfer(String)}) while the peer
* connected to the SOCKS5 proxy.
*
* @param digest identifying the connection
* @return socket or null if there is no socket for the given digest
*/
protected Socket getSocket(String digest) {
return this.connectionMap.get(digest);
}
/**
* Add the given digest to the list of allowed transfers. Only connections for allowed transfers
* are stored and can be retrieved by invoking {@link #getSocket(String)}. All connections to
* the local SOCKS5 proxy that don't contain an allowed digest are discarded.
*
* @param digest to be added to the list of allowed transfers
*/
protected void addTransfer(String digest) {
this.allowedConnections.add(digest);
}
/**
* Removes the given digest from the list of allowed transfers. After invoking this method
* already stored connections with the given digest will be removed.
* <p>
* The digest should be removed after establishing the SOCKS5 Bytestream is finished, an error
* occurred while establishing the connection or if the connection is not allowed anymore.
*
* @param digest to be removed from the list of allowed transfers
*/
protected void removeTransfer(String digest) {
this.allowedConnections.remove(digest);
this.connectionMap.remove(digest);
}
/**
* Returns <code>true</code> if the local SOCKS5 proxy server is running, otherwise
* <code>false</code>.
*
* @return <code>true</code> if the local SOCKS5 proxy server is running, otherwise
* <code>false</code>
*/
public boolean isRunning() {
return this.serverSocket != null;
}
/**
* Implementation of a simplified SOCKS5 proxy server.
*/
private class Socks5ServerProcess implements Runnable {
public void run() {
while (true) {
Socket socket = null;
try {
if (Socks5Proxy.this.serverSocket.isClosed()
|| Thread.currentThread().isInterrupted()) {
return;
}
// accept connection
socket = Socks5Proxy.this.serverSocket.accept();
// initialize connection
establishConnection(socket);
}
catch (SocketException e) {
/*
* do nothing, if caused by closing the server socket, thread will terminate in
* next loop
*/
}
catch (Exception e) {
try {
if (socket != null) {
socket.close();
}
}
catch (IOException e1) {
/* do nothing */
}
}
}
}
/**
* Negotiates a SOCKS5 connection and stores it on success.
*
* @param socket connection to the client
* @throws XMPPException if client requests a connection in an unsupported way
* @throws IOException if a network error occurred
*/
private void establishConnection(Socket socket) throws XMPPException, IOException {
DataOutputStream out = new DataOutputStream(socket.getOutputStream());
DataInputStream in = new DataInputStream(socket.getInputStream());
// first byte is version should be 5
int b = in.read();
if (b != 5) {
throw new XMPPException("Only SOCKS5 supported");
}
// second byte number of authentication methods supported
b = in.read();
// read list of supported authentication methods
byte[] auth = new byte[b];
in.readFully(auth);
byte[] authMethodSelectionResponse = new byte[2];
authMethodSelectionResponse[0] = (byte) 0x05; // protocol version
// only authentication method 0, no authentication, supported
boolean noAuthMethodFound = false;
for (int i = 0; i < auth.length; i++) {
if (auth[i] == (byte) 0x00) {
noAuthMethodFound = true;
break;
}
}
if (!noAuthMethodFound) {
authMethodSelectionResponse[1] = (byte) 0xFF; // no acceptable methods
out.write(authMethodSelectionResponse);
out.flush();
throw new XMPPException("Authentication method not supported");
}
authMethodSelectionResponse[1] = (byte) 0x00; // no-authentication method
out.write(authMethodSelectionResponse);
out.flush();
// receive connection request
byte[] connectionRequest = Socks5Utils.receiveSocks5Message(in);
// extract digest
String responseDigest = new String(connectionRequest, 5, connectionRequest[4]);
// return error if digest is not allowed
if (!Socks5Proxy.this.allowedConnections.contains(responseDigest)) {
connectionRequest[1] = (byte) 0x05; // set return status to 5 (connection refused)
out.write(connectionRequest);
out.flush();
throw new XMPPException("Connection is not allowed");
}
connectionRequest[1] = (byte) 0x00; // set return status to 0 (success)
out.write(connectionRequest);
out.flush();
// store connection
Socks5Proxy.this.connectionMap.put(responseDigest, socket);
}
}
}
|
