1. /*

  2.  * @(#)SocksSocketImpl.java	1.17 04/04/29

  3.  *

  4.  * Copyright 2004 Sun Microsystems, Inc. All rights reserved.

  5.  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.

  6.  */

  7. package java.net;

  8. import java.io.IOException;

  9. import java.io.InputStream;

  10. import java.io.OutputStream;

  11. import java.io.BufferedOutputStream;

  12. import java.security.AccessController;

  13. import java.security.PrivilegedExceptionAction;

  14. import java.util.prefs.Preferences;

  15. import sun.net.www.ParseUtil;

  16. /* import org.ietf.jgss.*; */

  17. 

  18. /**

  19.  * SOCKS (V4 & V5) TCP socket implementation (RFC 1928).

  20.  * This is a subclass of PlainSocketImpl.

  21.  * Note this class should <b>NOT</b> be public.

  22.  */

  23. 

  24. class SocksSocketImpl extends PlainSocketImpl implements SocksConsts {

  25.     private String server = null;

  26.     private int port = DEFAULT_PORT;

  27.     private InetSocketAddress external_address;

  28.     private boolean useV4 = false;

  29.     private Socket cmdsock = null;

  30.     private InputStream cmdIn = null;

  31.     private OutputStream cmdOut = null;

  32. 

  33.     SocksSocketImpl() {

  34. 	// Nothing needed

  35.     }

  36. 

  37.     SocksSocketImpl(String server, int port) {

  38. 	this.server = server;

  39. 	this.port = (port == -1 ? DEFAULT_PORT : port);

  40.     }

  41. 

  42.     SocksSocketImpl(Proxy proxy) {

  43. 	SocketAddress a = proxy.address();

  44. 	if (a instanceof InetSocketAddress) {

  45. 	    InetSocketAddress ad = (InetSocketAddress) a;

  46. 	    server = ad.getHostName();

  47. 	    port = ad.getPort();

  48. 	}

  49.     }

  50. 

  51.     void setV4() {

  52. 	useV4 = true;

  53.     }

  54. 

  55.     private synchronized void privilegedConnect(final String host,

  56. 					      final int port,

  57. 					      final int timeout)

  58.  	 throws IOException

  59.     {

  60.  	try {

  61.  	    AccessController.doPrivileged(

  62. 		  new java.security.PrivilegedExceptionAction() {

  63. 			  public Object run() throws IOException {

  64. 			      superConnectServer(host, port, timeout);

  65. 			      cmdIn = getInputStream();

  66. 			      cmdOut = getOutputStream();

  67. 			      return null;

  68. 			  }

  69. 		      });

  70.  	} catch (java.security.PrivilegedActionException pae) {

  71.  	    throw (IOException) pae.getException();

  72.  	}

  73.     }

  74. 

  75.     private void superConnectServer(String host, int port,

  76. 				    int timeout) throws IOException {

  77. 	super.connect(new InetSocketAddress(host, port), timeout);

  78.     }

  79. 

  80.     private int readSocksReply(InputStream in, byte[] data) throws IOException {

  81. 	int len = data.length;

  82. 	int received = 0;

  83. 	for (int attempts = 0; received < len && attempts < 3; attempts++) {

  84. 	    int count = in.read(data, received, len - received);

  85. 	    if (count < 0)

  86. 		throw new SocketException("Malformed reply from SOCKS server");

  87. 	    received += count;

  88. 	}

  89. 	return received;

  90.     }

  91. 

  92.     /**

  93.      * Provides the authentication machanism required by the proxy.

  94.      */

  95.     private boolean authenticate(byte method, InputStream in, 

  96. 				 BufferedOutputStream out) throws IOException {

  97. 	byte[] data = null;

  98. 	int i;

  99. 	// No Authentication required. We're done then!

  100. 	if (method == NO_AUTH)

  101. 	    return true;

  102. 	/**

  103. 	 * User/Password authentication. Try, in that order :

  104. 	 * - The application provided Authenticator, if any

  105. 	 * - The user preferences java.net.socks.username & 

  106. 	 *   java.net.socks.password

  107. 	 * - the user.name & no password (backward compatibility behavior).

  108. 	 */

  109. 	if (method == USER_PASSW) {

  110. 	    String userName;

  111. 	    String password = null;

  112. 	    final InetAddress addr = InetAddress.getByName(server);

  113. 	    PasswordAuthentication pw = (PasswordAuthentication)

  114. 		java.security.AccessController.doPrivileged(

  115. 		    new java.security.PrivilegedAction() {

  116. 			    public Object run() {

  117. 				return Authenticator.requestPasswordAuthentication(

  118.                                        server, addr, port, "SOCKS5", "SOCKS authentication", null);

  119. 			    }

  120. 			});

  121. 	    if (pw != null) {

  122. 		userName = pw.getUserName();

  123. 		password = new String(pw.getPassword());

  124. 	    } else {

  125. 		final Preferences prefs = Preferences.userRoot().node("/java/net/socks");

  126. 		try {

  127. 		    userName = 

  128. 			(String) AccessController.doPrivileged(

  129. 			       new java.security.PrivilegedExceptionAction() {

  130. 				       public Object run() throws IOException {

  131. 					   return prefs.get("username", null);

  132. 				       }

  133. 				   });

  134. 		} catch (java.security.PrivilegedActionException pae) {

  135. 		    throw (IOException) pae.getException();

  136. 		}

  137. 

  138. 		if (userName != null) {

  139. 		    try {

  140. 			password = 

  141. 			    (String) AccessController.doPrivileged(

  142. 				   new java.security.PrivilegedExceptionAction() {

  143. 					   public Object run() throws IOException {

  144. 					       return prefs.get("password", null);

  145. 					   }

  146. 				       });

  147. 		    } catch (java.security.PrivilegedActionException pae) {

  148. 			throw (IOException) pae.getException();

  149. 		    }

  150. 		} else {

  151. 		    userName = 

  152. 			(String) java.security.AccessController.doPrivileged(

  153. 									     new sun.security.action.GetPropertyAction("user.name"));

  154. 		}

  155. 	    }

  156. 	    if (userName == null)

  157. 		return false;

  158. 	    out.write(1);

  159. 	    out.write(userName.length());

  160. 	    try {

  161. 		out.write(userName.getBytes("ISO-8859-1"));

  162. 	    } catch (java.io.UnsupportedEncodingException uee) {

  163. 		assert false;

  164. 	    }

  165. 	    if (password != null) {

  166. 		out.write(password.length());

  167. 		try {

  168. 		    out.write(password.getBytes("ISO-8859-1"));

  169. 		} catch (java.io.UnsupportedEncodingException uee) {

  170. 		    assert false;

  171. 		}

  172. 	    } else

  173. 		out.write(0);

  174. 	    out.flush();

  175. 	    data = new byte[2];

  176. 	    i = readSocksReply(in, data);

  177. 	    if (i != 2 || data[1] != 0) {

  178. 		/* RFC 1929 specifies that the connection MUST be closed if

  179. 		   authentication fails */

  180. 		out.close();

  181. 		in.close();

  182. 		return false;

  183. 	    }

  184. 	    /* Authentication succeeded */

  185. 	    return true;

  186. 	}

  187. 	/**

  188. 	 * GSSAPI authentication mechanism.

  189. 	 * Unfortunately the RFC seems out of sync with the Reference

  190. 	 * implementation. I'll leave this in for future completion.

  191. 	 */

  192. // 	if (method == GSSAPI) {

  193. // 	    try {

  194. // 		GSSManager manager = GSSManager.getInstance();

  195. // 		GSSName name = manager.createName("SERVICE:socks@"+server,

  196. // 						     null);

  197. // 		GSSContext context = manager.createContext(name, null, null,

  198. // 							   GSSContext.DEFAULT_LIFETIME);

  199. // 		context.requestMutualAuth(true);

  200. // 		context.requestReplayDet(true);

  201. // 		context.requestSequenceDet(true);

  202. // 		context.requestCredDeleg(true);

  203. // 		byte []inToken = new byte[0];

  204. // 		while (!context.isEstablished()) {

  205. // 		    byte[] outToken 

  206. // 			= context.initSecContext(inToken, 0, inToken.length);

  207. // 		    // send the output token if generated

  208. // 		    if (outToken != null) {

  209. // 			out.write(1);

  210. // 			out.write(1);

  211. // 			out.writeShort(outToken.length);

  212. // 			out.write(outToken);

  213. // 			out.flush();

  214. // 			data = new byte[2];

  215. // 			i = readSocksReply(in, data);

  216. // 			if (i != 2 || data[1] == 0xff) {

  217. // 			    in.close();

  218. // 			    out.close();

  219. // 			    return false;

  220. // 			}

  221. // 			i = readSocksReply(in, data);

  222. // 			int len = 0;

  223. // 			len = ((int)data[0] & 0xff) << 8;

  224. // 			len += data[1];

  225. // 			data = new byte[len];

  226. // 			i = readSocksReply(in, data);

  227. // 			if (i == len)

  228. // 			    return true;

  229. // 			in.close();

  230. // 			out.close();

  231. // 		    }

  232. // 		}

  233. // 	    } catch (GSSException e) {

  234. // 		/* RFC 1961 states that if Context initialisation fails the connection

  235. // 		   MUST be closed */

  236. // 		e.printStackTrace();

  237. // 		in.close();

  238. // 		out.close();

  239. // 	    }

  240. // 	}

  241. 	return false;

  242.     }

  243. 

  244.     private void connectV4(InputStream in, OutputStream out,

  245. 			   InetSocketAddress endpoint) throws IOException {

  246. 	if (!(endpoint.getAddress() instanceof Inet4Address)) {

  247. 	    throw new SocketException("SOCKS V4 requires IPv4 only addresses");

  248. 	}

  249. 	out.write(PROTO_VERS4);

  250. 	out.write(CONNECT);

  251. 	out.write((endpoint.getPort() >> 8) & 0xff);

  252. 	out.write((endpoint.getPort() >> 0) & 0xff);

  253. 	out.write(endpoint.getAddress().getAddress());

  254. 	String userName = (String) java.security.AccessController.doPrivileged(

  255.                new sun.security.action.GetPropertyAction("user.name"));

  256. 	try {

  257. 	    out.write(userName.getBytes("ISO-8859-1"));

  258. 	} catch (java.io.UnsupportedEncodingException uee) {

  259. 	    assert false;

  260. 	}

  261. 	out.write(0);

  262. 	out.flush();

  263. 	byte[] data = new byte[8];

  264. 	int n = readSocksReply(in, data);

  265. 	if (n != 8)

  266. 	    throw new SocketException("Reply from SOCKS server has bad length: " + n);

  267. 	if (data[0] != 0 && data[0] != 4) 

  268. 	    throw new SocketException("Reply from SOCKS server has bad version");

  269. 	SocketException ex = null;

  270. 	switch (data[1]) {

  271. 	case 90:

  272. 	    // Success!

  273. 	    external_address = endpoint;

  274. 	    break;

  275. 	case 91:

  276. 	    ex = new SocketException("SOCKS request rejected");

  277. 	    break;

  278. 	case 92:

  279. 	    ex = new SocketException("SOCKS server couldn't reach destination");

  280. 	    break;

  281. 	case 93:

  282. 	    ex = new SocketException("SOCKS authentication failed");

  283. 	    break;

  284. 	default:

  285. 	    ex = new SocketException("Reply from SOCKS server contains bad status");

  286. 	    break;

  287. 	}

  288. 	if (ex != null) {

  289. 	    in.close();

  290. 	    out.close();

  291. 	    throw ex;

  292. 	}

  293.     }

  294. 

  295.     /**

  296.      * Connects the Socks Socket to the specified endpoint. It will first

  297.      * connect to the SOCKS proxy and negotiate the access. If the proxy

  298.      * grants the connections, then the connect is successful and all

  299.      * further traffic will go to the "real" endpoint.

  300.      *

  301.      * @param	endpoint	the <code>SocketAddress</code> to connect to.

  302.      * @param	timeout		the timeout value in milliseconds

  303.      * @throws	IOException	if the connection can't be established.

  304.      * @throws	SecurityException if there is a security manager and it

  305.      *				doesn't allow the connection

  306.      * @throws  IllegalArgumentException if endpoint is null or a

  307.      *          SocketAddress subclass not supported by this socket

  308.      */

  309.     protected void connect(SocketAddress endpoint, int timeout) throws IOException {

  310. 	SecurityManager security = System.getSecurityManager();

  311. 	if (endpoint == null || !(endpoint instanceof InetSocketAddress))

  312. 	    throw new IllegalArgumentException("Unsupported address type");

  313. 	InetSocketAddress epoint = (InetSocketAddress) endpoint;

  314. 	if (security != null) {

  315. 	    if (epoint.isUnresolved())

  316. 		security.checkConnect(epoint.getHostName(),

  317. 				      epoint.getPort());

  318. 	    else

  319. 		security.checkConnect(epoint.getAddress().getHostAddress(),

  320. 				      epoint.getPort());

  321. 	}

  322. 	if (server == null) {

  323. 	    // This is the general case

  324. 	    // server is not null only when the socket was created with a

  325. 	    // specified proxy in which case it does bypass the ProxySelector

  326. 	    ProxySelector sel = (ProxySelector) 

  327. 		java.security.AccessController.doPrivileged( 

  328. 		    new java.security.PrivilegedAction() {

  329. 			public Object run() {

  330. 			    return ProxySelector.getDefault();

  331. 			}

  332. 		    });

  333. 	    if (sel == null) {

  334. 		/*

  335. 		 * No default proxySelector --> direct connection

  336. 		 */

  337. 		super.connect(epoint, timeout);

  338. 		return;

  339. 	    }

  340. 	    URI uri = null;

  341. 	    String host = epoint.getHostName();

  342. 	    // IPv6 litteral?

  343. 	    if (epoint.getAddress() instanceof Inet6Address &&

  344. 		(!host.startsWith("[")) && (host.indexOf(":") >= 0)) {

  345. 		host = "[" + host + "]";

  346. 	    }

  347. 	    try {

  348. 		uri = new URI("socket://" + ParseUtil.encodePath(host) + ":"+ epoint.getPort());

  349. 	    } catch (URISyntaxException e) {

  350. 		// This shouldn't happen

  351. 		assert false : e;

  352. 	    }

  353. 	    Proxy p = null;

  354. 	    IOException savedExc = null;

  355. 	    java.util.Iterator<Proxy> iProxy = null;

  356. 	    iProxy = sel.select(uri).iterator();

  357. 	    if (iProxy == null || !(iProxy.hasNext())) {

  358. 		super.connect(epoint, timeout);

  359. 		return;

  360. 	    }

  361. 	    while (iProxy.hasNext()) {

  362. 		p = iProxy.next();

  363. 		if (p == null || p == Proxy.NO_PROXY) {

  364. 		    super.connect(epoint, timeout);

  365. 		    return;

  366. 		}

  367. 		if (p.type() != Proxy.Type.SOCKS)

  368. 		    throw new SocketException("Unknown proxy type : " + p.type());

  369. 		if (!(p.address() instanceof InetSocketAddress))

  370. 		    throw new SocketException("Unknow address type for proxy: " + p);

  371. 		server = ((InetSocketAddress) p.address()).getHostName();

  372. 		port = ((InetSocketAddress) p.address()).getPort();

  373. 		

  374. 		// Connects to the SOCKS server

  375. 		try {

  376. 		    privilegedConnect(server, port, timeout);

  377. 		    // Worked, let's get outta here

  378. 		    break;

  379. 		} catch (IOException e) {

  380. 		    // Ooops, let's notify the ProxySelector

  381. 		    sel.connectFailed(uri,p.address(),e);

  382. 		    server = null;

  383. 		    port = -1;

  384. 		    savedExc = e;

  385. 		    // Will continue the while loop and try the next proxy

  386. 		}

  387. 	    }

  388. 

  389. 	    /*

  390. 	     * If server is still null at this point, none of the proxy

  391. 	     * worked

  392. 	     */

  393. 	    if (server == null) {

  394. 		throw new SocketException("Can't connect to SOCKS proxy:" 

  395. 					  + savedExc.getMessage());

  396. 	    }

  397. 	} else {

  398. 	    // Connects to the SOCKS server

  399. 	    try {

  400. 		privilegedConnect(server, port, timeout);

  401. 	    } catch (IOException e) {

  402. 		throw new SocketException(e.getMessage());

  403. 	    }

  404. 	}

  405. 

  406. 	// cmdIn & cmdOut were intialized during the privilegedConnect() call

  407. 	BufferedOutputStream out = new BufferedOutputStream(cmdOut, 512);

  408. 	InputStream in = cmdIn;

  409. 

  410. 	if (useV4) {

  411. 	    // SOCKS Protocol version 4 doesn't know how to deal with 

  412. 	    // DOMAIN type of addresses (unresolved addresses here)

  413. 	    if (epoint.isUnresolved())

  414. 		throw new UnknownHostException(epoint.toString());

  415. 	    connectV4(in, out, epoint);

  416. 	    return;

  417. 	}

  418. 

  419. 	// This is SOCKS V5

  420. 	out.write(PROTO_VERS);

  421. 	out.write(2);

  422. 	out.write(NO_AUTH);

  423. 	out.write(USER_PASSW);

  424. 	out.flush();

  425. 	byte[] data = new byte[2];

  426. 	int i = readSocksReply(in, data);

  427. 	if (i != 2 || ((int)data[0]) != PROTO_VERS) {

  428. 	    // Maybe it's not a V5 sever after all

  429. 	    // Let's try V4 before we give up

  430. 	    // SOCKS Protocol version 4 doesn't know how to deal with 

  431. 	    // DOMAIN type of addresses (unresolved addresses here)

  432. 	    if (epoint.isUnresolved())

  433. 		throw new UnknownHostException(epoint.toString());

  434. 	    connectV4(in, out, epoint);

  435. 	    return;

  436. 	}

  437. 	if (((int)data[1]) == NO_METHODS)

  438. 	    throw new SocketException("SOCKS : No acceptable methods");

  439. 	if (!authenticate(data[1], in, out)) {

  440. 	    throw new SocketException("SOCKS : authentication failed");

  441. 	}

  442. 	out.write(PROTO_VERS);

  443. 	out.write(CONNECT);

  444. 	out.write(0);

  445. 	/* Test for IPV4/IPV6/Unresolved */

  446. 	if (epoint.isUnresolved()) {

  447. 	    out.write(DOMAIN_NAME);

  448. 	    out.write(epoint.getHostName().length());

  449. 	    try {

  450. 		out.write(epoint.getHostName().getBytes("ISO-8859-1"));

  451. 	    } catch (java.io.UnsupportedEncodingException uee) {

  452. 		assert false;

  453. 	    }

  454. 	    out.write((epoint.getPort() >> 8) & 0xff);

  455. 	    out.write((epoint.getPort() >> 0) & 0xff);

  456. 	} else if (epoint.getAddress() instanceof Inet6Address) {

  457. 	    out.write(IPV6);

  458. 	    out.write(epoint.getAddress().getAddress());

  459. 	    out.write((epoint.getPort() >> 8) & 0xff);

  460. 	    out.write((epoint.getPort() >> 0) & 0xff);

  461. 	} else {

  462. 	    out.write(IPV4);

  463. 	    out.write(epoint.getAddress().getAddress());

  464. 	    out.write((epoint.getPort() >> 8) & 0xff);

  465. 	    out.write((epoint.getPort() >> 0) & 0xff);

  466. 	}

  467. 	out.flush();

  468. 	data = new byte[4];

  469. 	i = readSocksReply(in, data);

  470. 	if (i != 4)

  471. 	    throw new SocketException("Reply from SOCKS server has bad length");

  472. 	SocketException ex = null;

  473. 	int nport, len;

  474. 	byte[] addr;

  475. 	switch (data[1]) {

  476. 	case REQUEST_OK:

  477. 	    // success!

  478. 	    switch(data[3]) {

  479. 	    case IPV4:

  480. 		addr = new byte[4];

  481. 		i = readSocksReply(in, addr);

  482. 		if (i != 4)

  483. 		    throw new SocketException("Reply from SOCKS server badly formatted");

  484. 		data = new byte[2];

  485. 		i = readSocksReply(in, data);

  486. 		if (i != 2)

  487. 		    throw new SocketException("Reply from SOCKS server badly formatted");

  488. 		nport = ((int)data[0] & 0xff) << 8;

  489. 		nport += ((int)data[1] & 0xff);

  490. 		break;

  491. 	    case DOMAIN_NAME:

  492. 		len = data[1];

  493. 		byte[] host = new byte[len];

  494. 		i = readSocksReply(in, host);

  495. 		if (i != len)

  496. 		    throw new SocketException("Reply from SOCKS server badly formatted");

  497. 		data = new byte[2];

  498. 		i = readSocksReply(in, data);

  499. 		if (i != 2)

  500. 		    throw new SocketException("Reply from SOCKS server badly formatted");

  501. 		nport = ((int)data[0] & 0xff) << 8;

  502. 		nport += ((int)data[1] & 0xff);

  503. 		break;

  504. 	    case IPV6:

  505. 		len = data[1];

  506. 		addr = new byte[len];

  507. 		i = readSocksReply(in, addr);

  508. 		if (i != len)

  509. 		    throw new SocketException("Reply from SOCKS server badly formatted");

  510. 		data = new byte[2];

  511. 		i = readSocksReply(in, data);

  512. 		if (i != 2)

  513. 		    throw new SocketException("Reply from SOCKS server badly formatted");

  514. 		nport = ((int)data[0] & 0xff) << 8;

  515. 		nport += ((int)data[1] & 0xff);

  516. 		break;

  517. 	    default:

  518. 		ex = new SocketException("Reply from SOCKS server contains wrong code");

  519. 		break;

  520. 	    }

  521. 	    break;

  522. 	case GENERAL_FAILURE:

  523. 	    ex = new SocketException("SOCKS server general failure");

  524. 	    break;

  525. 	case NOT_ALLOWED:

  526. 	    ex = new SocketException("SOCKS: Connection not allowed by ruleset");

  527. 	    break;

  528. 	case NET_UNREACHABLE:

  529. 	    ex = new SocketException("SOCKS: Network unreachable");

  530. 	    break;

  531. 	case HOST_UNREACHABLE:

  532. 	    ex = new SocketException("SOCKS: Host unreachable");

  533. 	    break;

  534. 	case CONN_REFUSED:

  535. 	    ex = new SocketException("SOCKS: Connection refused");

  536. 	    break;

  537. 	case TTL_EXPIRED:

  538. 	    ex =  new SocketException("SOCKS: TTL expired");

  539. 	    break;

  540. 	case CMD_NOT_SUPPORTED:

  541. 	    ex = new SocketException("SOCKS: Command not supported");

  542. 	    break;

  543. 	case ADDR_TYPE_NOT_SUP:

  544. 	    ex = new SocketException("SOCKS: address type not supported");

  545. 	    break;

  546. 	}

  547. 	if (ex != null) {

  548. 	    in.close();

  549. 	    out.close();

  550. 	    throw ex;

  551. 	}

  552. 	external_address = epoint;

  553.     }

  554. 

  555.     private void bindV4(InputStream in, OutputStream out,

  556. 			InetAddress baddr,

  557. 			int lport) throws IOException {

  558. 	if (!(baddr instanceof Inet4Address)) {

  559. 	    throw new SocketException("SOCKS V4 requires IPv4 only addresses");

  560. 	}

  561. 	super.bind(baddr, lport);

  562. 	byte[] addr1 = baddr.getAddress();

  563. 	/* Test for AnyLocal */

  564. 	InetAddress naddr = baddr;

  565. 	if (naddr.isAnyLocalAddress()) {

  566. 	    naddr = cmdsock.getLocalAddress();

  567. 	    addr1 = naddr.getAddress();

  568. 	}

  569. 	out.write(PROTO_VERS4);

  570. 	out.write(BIND);

  571. 	out.write((super.getLocalPort() >> 8) & 0xff);

  572. 	out.write((super.getLocalPort() >> 0) & 0xff);

  573. 	out.write(addr1);

  574. 	String userName = (String) java.security.AccessController.doPrivileged(

  575.                new sun.security.action.GetPropertyAction("user.name"));

  576. 	try {

  577. 	    out.write(userName.getBytes("ISO-8859-1"));

  578. 	} catch (java.io.UnsupportedEncodingException uee) {

  579. 	    assert false;

  580. 	}

  581. 	out.write(0);

  582. 	out.flush();

  583. 	byte[] data = new byte[8];

  584. 	int n = readSocksReply(in, data);

  585. 	if (n != 8)

  586. 	    throw new SocketException("Reply from SOCKS server has bad length: " + n);

  587. 	if (data[0] != 0 && data[0] != 4)

  588. 	    throw new SocketException("Reply from SOCKS server has bad version");

  589. 	SocketException ex = null;

  590. 	switch (data[1]) {

  591. 	case 90:

  592. 	    // Success!

  593. 	    external_address = new InetSocketAddress(baddr, lport);

  594. 	    break;

  595. 	case 91:

  596. 	    ex = new SocketException("SOCKS request rejected");

  597. 	    break;

  598. 	case 92:

  599. 	    ex = new SocketException("SOCKS server couldn't reach destination");

  600. 	    break;

  601. 	case 93:

  602. 	    ex = new SocketException("SOCKS authentication failed");

  603. 	    break;

  604. 	default:

  605. 	    ex = new SocketException("Reply from SOCKS server contains bad status");

  606. 	    break;

  607. 	}

  608. 	if (ex != null) {

  609. 	    in.close();

  610. 	    out.close();

  611. 	    throw ex;

  612. 	}

  613. 	

  614.     }

  615. 

  616.     /**

  617.      * Sends the Bind request to the SOCKS proxy. In the SOCKS protocol, bind

  618.      * means "accept incoming connection from", so the SocketAddress is the

  619.      * the one of the host we do accept connection from.

  620.      *

  621.      * @param      addr   the Socket address of the remote host.

  622.      * @exception  IOException  if an I/O error occurs when binding this socket.

  623.      */

  624.     protected synchronized void socksBind(InetSocketAddress saddr) throws IOException {

  625. 	if (socket != null) {

  626. 	    // this is a client socket, not a server socket, don't

  627. 	    // call the SOCKS proxy for a bind!

  628. 	    return;

  629. 	}

  630. 

  631. 	// Connects to the SOCKS server

  632. 	

  633. 	if (server == null) {

  634. 	    // This is the general case

  635. 	    // server is not null only when the socket was created with a

  636. 	    // specified proxy in which case it does bypass the ProxySelector

  637. 	    ProxySelector sel = (ProxySelector) 

  638. 		java.security.AccessController.doPrivileged( 

  639. 		    new java.security.PrivilegedAction() {

  640. 			public Object run() {

  641. 			    return ProxySelector.getDefault();

  642. 			}

  643. 		    });

  644. 	    if (sel == null) {

  645. 		/*

  646. 		 * No default proxySelector --> direct connection

  647. 		 */

  648. 		return;

  649. 	    }

  650. 	    URI uri = null;

  651. 	    String host = saddr.getHostName();

  652. 	    // IPv6 litteral?

  653. 	    if (saddr.getAddress() instanceof Inet6Address &&

  654. 		(!host.startsWith("[")) && (host.indexOf(":") >= 0)) {

  655. 		host = "[" + host + "]";

  656. 	    }

  657. 	    try {

  658. 		uri = new URI("serversocket://" + ParseUtil.encodePath(host) + ":"+ saddr.getPort());

  659. 	    } catch (URISyntaxException e) {

  660. 		// This shouldn't happen

  661. 		assert false : e;

  662. 	    }

  663. 	    Proxy p = null;

  664. 	    Exception savedExc = null;

  665. 	    java.util.Iterator<Proxy> iProxy = null;

  666. 	    iProxy = sel.select(uri).iterator();

  667. 	    if (iProxy == null || !(iProxy.hasNext())) {

  668. 		return;

  669. 	    }

  670. 	    while (iProxy.hasNext()) {

  671. 		p = iProxy.next();

  672. 		if (p == null || p == Proxy.NO_PROXY) {

  673. 		    return;

  674. 		}

  675. 		if (p.type() != Proxy.Type.SOCKS)

  676. 		    throw new SocketException("Unknown proxy type : " + p.type());

  677. 		if (!(p.address() instanceof InetSocketAddress))

  678. 		    throw new SocketException("Unknow address type for proxy: " + p);

  679. 		server = ((InetSocketAddress) p.address()).getHostName();

  680. 		port = ((InetSocketAddress) p.address()).getPort();

  681. 		

  682. 		// Connects to the SOCKS server

  683. 		try {

  684. 		    AccessController.doPrivileged(new PrivilegedExceptionAction() {

  685. 			    public Object run() throws Exception {

  686. 				cmdsock = new Socket(new PlainSocketImpl());

  687. 				cmdsock.connect(new InetSocketAddress(server, port));

  688. 				cmdIn = cmdsock.getInputStream();

  689. 				cmdOut = cmdsock.getOutputStream();

  690. 				return null;

  691. 			    }

  692. 			});

  693. 		} catch (Exception e) {

  694. 		    // Ooops, let's notify the ProxySelector

  695. 		    sel.connectFailed(uri,p.address(),new SocketException(e.getMessage()));

  696. 		    server = null;

  697. 		    port = -1;

  698. 		    cmdsock = null;

  699. 		    savedExc = e;

  700. 		    // Will continue the while loop and try the next proxy

  701. 		}

  702. 	    }

  703. 

  704. 	    /*

  705. 	     * If server is still null at this point, none of the proxy

  706. 	     * worked

  707. 	     */

  708. 	    if (server == null || cmdsock == null) {

  709. 		throw new SocketException("Can't connect to SOCKS proxy:" 

  710. 					  + savedExc.getMessage());

  711. 	    }

  712. 	} else {

  713. 	    try {

  714. 		AccessController.doPrivileged(new PrivilegedExceptionAction() {

  715. 			public Object run() throws Exception {

  716. 			    cmdsock = new Socket(new PlainSocketImpl());

  717. 			    cmdsock.connect(new InetSocketAddress(server, port));

  718. 			    cmdIn = cmdsock.getInputStream();

  719. 			    cmdOut = cmdsock.getOutputStream();

  720. 			    return null;

  721. 			}

  722. 		    });

  723. 	    } catch (Exception e) {

  724. 		throw new SocketException(e.getMessage());

  725. 	    }

  726. 	}

  727. 	BufferedOutputStream out = new BufferedOutputStream(cmdOut, 512);

  728. 	InputStream in = cmdIn;

  729. 	if (useV4) {

  730. 	    bindV4(in, out, saddr.getAddress(), saddr.getPort());

  731. 	    return;

  732. 	}

  733. 	out.write(PROTO_VERS);

  734. 	out.write(2);

  735. 	out.write(NO_AUTH);

  736. 	out.write(USER_PASSW);

  737. 	out.flush();

  738. 	byte[] data = new byte[2];

  739. 	int i = readSocksReply(in, data);

  740. 	if (i != 2 || ((int)data[0]) != PROTO_VERS) {

  741. 	    // Maybe it's not a V5 sever after all

  742. 	    // Let's try V4 before we give up

  743. 	    bindV4(in, out, saddr.getAddress(), saddr.getPort());

  744. 	    return;

  745. 	}

  746. 	if (((int)data[1]) == NO_METHODS)

  747. 	    throw new SocketException("SOCKS : No acceptable methods");

  748. 	if (!authenticate(data[1], in, out)) {

  749. 	    throw new SocketException("SOCKS : authentication failed");

  750. 	}

  751. 	// We're OK. Let's issue the BIND command.

  752. 	out.write(PROTO_VERS);

  753. 	out.write(BIND);

  754. 	out.write(0);

  755. 	int lport = saddr.getPort();

  756. 	if (saddr.isUnresolved()) {

  757. 	    out.write(DOMAIN_NAME);

  758. 	    out.write(saddr.getHostName().length());

  759. 	    try {

  760. 		out.write(saddr.getHostName().getBytes("ISO-8859-1"));

  761. 	    } catch (java.io.UnsupportedEncodingException uee) {

  762. 		assert false;

  763. 	    }

  764. 	    out.write((lport >> 8) & 0xff);

  765. 	    out.write((lport >> 0) & 0xff);

  766. 	} else if (saddr.getAddress() instanceof Inet4Address) {

  767. 	    byte[] addr1 = saddr.getAddress().getAddress();

  768. 	    out.write(IPV4);

  769. 	    out.write(addr1);

  770. 	    out.write((lport >> 8) & 0xff);

  771. 	    out.write((lport >> 0) & 0xff);

  772. 	    out.flush();

  773. 	} else if (saddr.getAddress() instanceof Inet6Address) {

  774. 	    byte[] addr1 = saddr.getAddress().getAddress();

  775. 	    out.write(IPV6);

  776. 	    out.write(addr1);

  777. 	    out.write((lport >> 8) & 0xff);

  778. 	    out.write((lport >> 0) & 0xff);

  779. 	    out.flush();

  780. 	} else {

  781. 	    cmdsock.close();

  782. 	    throw new SocketException("unsupported address type : " + saddr);

  783. 	}

  784. 	data = new byte[4];

  785. 	i = readSocksReply(in, data);

  786. 	SocketException ex = null;

  787. 	int len, nport;

  788. 	byte[] addr;

  789. 	switch (data[1]) {

  790. 	case REQUEST_OK:

  791. 	    // success!

  792. 	    InetSocketAddress real_end = null;

  793. 	    switch(data[3]) {

  794. 	    case IPV4:

  795. 		addr = new byte[4];

  796. 		i = readSocksReply(in, addr);

  797. 		if (i != 4)

  798. 		    throw new SocketException("Reply from SOCKS server badly formatted");

  799. 		data = new byte[2];

  800. 		i = readSocksReply(in, data);

  801. 		if (i != 2)

  802. 		    throw new SocketException("Reply from SOCKS server badly formatted");

  803. 		nport = ((int)data[0] & 0xff) << 8;

  804. 		nport += ((int)data[1] & 0xff);

  805. 		external_address =

  806. 		    new InetSocketAddress(new Inet4Address("", addr) , nport);

  807. 		break;

  808. 	    case DOMAIN_NAME:

  809. 		len = data[1];

  810. 		byte[] host = new byte[len];

  811. 		i = readSocksReply(in, host);

  812. 		if (i != len)

  813. 		    throw new SocketException("Reply from SOCKS server badly formatted");

  814. 		data = new byte[2];

  815. 		i = readSocksReply(in, data);

  816. 		if (i != 2)

  817. 		    throw new SocketException("Reply from SOCKS server badly formatted");

  818. 		nport = ((int)data[0] & 0xff) << 8;

  819. 		nport += ((int)data[1] & 0xff);

  820. 		external_address = new InetSocketAddress(new String(host), nport);

  821. 		break;

  822. 	    case IPV6:

  823. 		len = data[1];

  824. 		addr = new byte[len];

  825. 		i = readSocksReply(in, addr);

  826. 		if (i != len)

  827. 		    throw new SocketException("Reply from SOCKS server badly formatted");

  828. 		data = new byte[2];

  829. 		i = readSocksReply(in, data);

  830. 		if (i != 2)

  831. 		    throw new SocketException("Reply from SOCKS server badly formatted");

  832. 		nport = ((int)data[0] & 0xff) << 8;

  833. 		nport += ((int)data[1] & 0xff);

  834. 		external_address = 

  835. 		    new InetSocketAddress(new Inet6Address("", addr), nport);

  836. 		break;

  837. 	    }

  838. 	    break;

  839. 	case GENERAL_FAILURE:

  840. 	    ex = new SocketException("SOCKS server general failure");

  841. 	    break;

  842. 	case NOT_ALLOWED:

  843. 	    ex = new SocketException("SOCKS: Bind not allowed by ruleset");

  844. 	    break;

  845. 	case NET_UNREACHABLE:

  846. 	    ex = new SocketException("SOCKS: Network unreachable");

  847. 	    break;

  848. 	case HOST_UNREACHABLE:

  849. 	    ex = new SocketException("SOCKS: Host unreachable");

  850. 	    break;

  851. 	case CONN_REFUSED:

  852. 	    ex = new SocketException("SOCKS: Connection refused");

  853. 	    break;

  854. 	case TTL_EXPIRED:

  855. 	    ex =  new SocketException("SOCKS: TTL expired");

  856. 	    break;

  857. 	case CMD_NOT_SUPPORTED:

  858. 	    ex = new SocketException("SOCKS: Command not supported");

  859. 	    break;

  860. 	case ADDR_TYPE_NOT_SUP:

  861. 	    ex = new SocketException("SOCKS: address type not supported");

  862. 	    break;

  863. 	}

  864. 	if (ex != null) {

  865. 	    in.close();

  866. 	    out.close();

  867. 	    cmdsock.close();

  868. 	    cmdsock = null;

  869. 	    throw ex;

  870. 	}

  871. 	cmdIn = in;

  872. 	cmdOut = out;

  873.     }

  874. 

  875.     /**

  876.      * Accepts a connection from a specific host. 

  877.      *

  878.      * @param      s   the accepted connection.

  879.      * @param	   saddr the socket address of the host we do accept

  880.      *		     connection from

  881.      * @exception  IOException  if an I/O error occurs when accepting the

  882.      *               connection.

  883.      */

  884.     protected void acceptFrom(SocketImpl s, InetSocketAddress saddr) throws IOException {

  885. 	if (cmdsock == null) {

  886. 	    // Not a Socks ServerSocket.

  887. 	    return;

  888. 	}

  889. 	InputStream in = cmdIn;

  890. 	// Sends the "SOCKS BIND" request.

  891. 	socksBind(saddr);

  892. 	in.read();

  893. 	int i = in.read();

  894. 	in.read();

  895. 	SocketException ex = null;

  896. 	int nport;

  897. 	byte[] addr;

  898. 	InetSocketAddress real_end = null;

  899. 	switch (i) {

  900. 	case REQUEST_OK:

  901. 	    // success!

  902. 	    i = in.read();

  903. 	    switch(i) {

  904. 	    case IPV4:

  905. 		addr = new byte[4];

  906. 		readSocksReply(in, addr);

  907. 		nport = in.read() << 8;

  908. 		nport += in.read();

  909. 		real_end = 

  910. 		    new InetSocketAddress(new Inet4Address("", addr) , nport);

  911. 		break;

  912. 	    case DOMAIN_NAME:

  913. 		int len = in.read();

  914. 		addr = new byte[len];

  915. 		readSocksReply(in, addr);

  916. 		nport = in.read() << 8;

  917. 		nport += in.read();

  918. 		real_end = new InetSocketAddress(new String(addr), nport);

  919. 		break;

  920. 	    case IPV6:

  921. 		addr = new byte[16];

  922. 		readSocksReply(in, addr);

  923. 		nport = in.read() << 8;

  924. 		nport += in.read();

  925. 		real_end = 

  926. 		    new InetSocketAddress(new Inet6Address("", addr), nport);

  927. 		break;

  928. 	    }

  929. 	    break;

  930. 	case GENERAL_FAILURE:

  931. 	    ex = new SocketException("SOCKS server general failure");

  932. 	    break;

  933. 	case NOT_ALLOWED:

  934. 	    ex = new SocketException("SOCKS: Accept not allowed by ruleset");

  935. 	    break;

  936. 	case NET_UNREACHABLE:

  937. 	    ex = new SocketException("SOCKS: Network unreachable");

  938. 	    break;

  939. 	case HOST_UNREACHABLE:

  940. 	    ex = new SocketException("SOCKS: Host unreachable");

  941. 	    break;

  942. 	case CONN_REFUSED:

  943. 	    ex = new SocketException("SOCKS: Connection refused");

  944. 	    break;

  945. 	case TTL_EXPIRED:

  946. 	    ex =  new SocketException("SOCKS: TTL expired");

  947. 	    break;

  948. 	case CMD_NOT_SUPPORTED:

  949. 	    ex = new SocketException("SOCKS: Command not supported");

  950. 	    break;

  951. 	case ADDR_TYPE_NOT_SUP:

  952. 	    ex = new SocketException("SOCKS: address type not supported");

  953. 	    break;

  954. 	}

  955. 	if (ex != null) {

  956. 	    cmdIn.close();

  957. 	    cmdOut.close();

  958. 	    cmdsock.close();

  959. 	    cmdsock = null;

  960. 	    throw ex;

  961. 	}

  962. 	

  963. 	/**

  964. 	 * This is where we have to do some fancy stuff.

  965. 	 * The datastream from the socket "accepted" by the proxy will

  966. 	 * come through the cmdSocket. So we have to swap the socketImpls

  967. 	 */

  968. 	if (s instanceof SocksSocketImpl) {

  969. 	    ((SocksSocketImpl)s).external_address = real_end;

  970. 	}

  971. 	if (s instanceof PlainSocketImpl) {

  972. 	    ((PlainSocketImpl)s).setInputStream((SocketInputStream) in);

  973. 	}

  974. 	s.fd = cmdsock.getImpl().fd;

  975. 	s.address = cmdsock.getImpl().address;

  976. 	s.port = cmdsock.getImpl().port;

  977. 	s.localport = cmdsock.getImpl().localport;

  978. 	// Need to do that so that the socket won't be closed

  979. 	// when the ServerSocket is closed by the user.

  980. 	// It kinds of detaches the Socket because it is now

  981. 	// used elsewhere.

  982. 	cmdsock = null;

  983.     }

  984. 

  985.     

  986.     /**

  987.      * Returns the value of this socket's <code>address</code> field.

  988.      *

  989.      * @return  the value of this socket's <code>address</code> field.

  990.      * @see     java.net.SocketImpl#address

  991.      */

  992.     protected InetAddress getInetAddress() {

  993. 	if (external_address != null)

  994. 	    return external_address.getAddress();

  995. 	else

  996. 	    return super.getInetAddress();

  997.     }

  998. 

  999.     /**

  1000.      * Returns the value of this socket's <code>port</code> field.

  1001.      *

  1002.      * @return  the value of this socket's <code>port</code> field.

  1003.      * @see     java.net.SocketImpl#port

  1004.      */

  1005.     protected int getPort() {

  1006. 	if (external_address != null)

  1007. 	    return external_address.getPort();

  1008. 	else

  1009. 	    return super.getPort();

  1010.     }

  1011. 

  1012.     protected int getLocalPort() {

  1013. 	if (socket != null)

  1014. 	    return super.getLocalPort();

  1015. 	if (external_address != null)

  1016. 	    return external_address.getPort();

  1017. 	else

  1018. 	    return super.getLocalPort();

  1019.     }

  1020. 

  1021.     protected void close() throws IOException {

  1022. 	if (cmdsock != null)

  1023. 	    cmdsock.close();

  1024. 	cmdsock = null;

  1025. 	super.close();

  1026.     }

  1027. 

  1028. }