Package org.apache.sshd.common.session.helpers

Class AbstractSession

    • Constructor Detail

      • AbstractSession

        protected AbstractSession​(boolean serverSession,
                          FactoryManager factoryManager,
                          IoSession ioSession)
        Create a new session.
        Parameters:
        serverSession - true if this is a server session, false if client one
        factoryManager - the factory manager
        ioSession - the underlying I/O session

    • Method Detail

      • initializeCurrentService

        protected CurrentService initializeCurrentService()
        Creates a new CurrentService instance managing this session's current SSH service.

        This initialization method is invoked once from the AbstractSession constructor. Do not rely on subclass fields being initialized.

        Returns:
        a new CurrentService instance for the session

      • calculatePadLength

        public static int calculatePadLength​(int len,
                                     int blockSize,
                                     boolean etmMode)
        Parameters:
        len - The packet payload size
        blockSize - The cipher block size
        etmMode - Whether using "encrypt-then-MAC" mode
        Returns:
        The required padding length

      • getServerVersion

        public String getServerVersion()

      • getClientVersion

        public String getClientVersion()

      • getKex

        public KeyExchange getKex()
        Returns:
        The current KeyExchange in progress - null if KEX not started or successfully completed

      • getKexState

        public KexState getKexState()

      • getSessionId

        public byte[] getSessionId()

      • getCipherInformation

        public CipherInformation getCipherInformation​(boolean incoming)

      • getMacInformation

        public MacInformation getMacInformation​(boolean incoming)

      • messageReceived

        public void messageReceived​(Readable buffer)
                     throws Exception

        Main input point for the MINA framework.

        This method will be called each time new data is received on the socket and will append it to the input buffer before calling the decode() method.

        Parameters:
        buffer - the new buffer received
        Throws:
        Exception - if an error occurs while decoding or handling the data

      • refreshConfiguration

        protected void refreshConfiguration()
        Refresh whatever internal configuration is not final

      • handleMessage

        protected void handleMessage​(Buffer buffer)
                      throws Exception
        Abstract method for processing incoming decoded packets. The given buffer will hold the decoded packet, starting from the command byte at the read position.
        Parameters:
        buffer - The Buffer containing the packet - it may be re-used to generate the response once request has been decoded
        Throws:
        Exception - if an exception occurs while handling this packet.
        See Also:
        doHandleMessage(Buffer)

      • handleFirstKexPacketFollows

        protected boolean handleFirstKexPacketFollows​(int cmd,
                                              Buffer buffer,
                                              boolean followFlag)

      • comparePreferredKexProposalOption

        protected Map.Entry<String,​String> comparePreferredKexProposalOption​(KexProposalOption option)
        Compares the specified KexProposalOption option value for client vs. server
        Parameters:
        option - The option to check
        Returns:
        null if option is equal, otherwise a key/value pair where key=client option value and value=the server-side one

      • sendNewKeys

        protected IoWriteFuture sendNewKeys()
                             throws Exception
        Send a message to put new keys into use.
        Returns:
        An IoWriteFuture that can be used to wait and check the result of sending the packet
        Throws:
        Exception - if an error occurs sending the message

      • handleKexExtension

        protected void handleKexExtension​(int cmd,
                                  Buffer buffer)
                           throws Exception
        Throws:
        Exception

      • handleNewCompression

        protected void handleNewCompression​(int cmd,
                                    Buffer buffer)
                             throws Exception
        Throws:
        Exception

      • validateServiceKexState

        protected boolean validateServiceKexState​(KexState state)

      • validateKexState

        protected void validateKexState​(int cmd,
                                KexState expected)

      • getService

        public <T extends Service> T getService​(Class<T> clazz)
        Description copied from interface: Session
        Get the service of the specified type. If the service is not of the specified class, an IllegalStateException will be thrown.
        Type Parameters:
        T - The generic Service type
        Parameters:
        clazz - The service class
        Returns:
        The service instance

      • preProcessEncodeBuffer

        protected Buffer preProcessEncodeBuffer​(int cmd,
                                        Buffer buffer)
                                 throws IOException
        Description copied from class: SessionHelper
        Invoked by the session before encoding the buffer in order to make sure that it is at least of size SSH_PACKET_HEADER_LEN. This is required in order to efficiently handle the encoding. If necessary, it re-allocates a new buffer and returns it instead.
        Overrides:
        preProcessEncodeBuffer in class SessionHelper
        Parameters:
        cmd - The command stored in the buffer
        buffer - The original Buffer - assumed to be properly formatted and be of at least the required minimum length.
        Returns:
        The adjusted Buffer. Note: users may use this method to totally alter the contents of the buffer being sent but it is highly discouraged as it may have unexpected results.
        Throws:
        IOException - If failed to process the buffer

      • writePacket

        public IoWriteFuture writePacket​(Buffer buffer)
                          throws IOException
        Description copied from interface: Session
        Encode and send the given buffer. The buffer has to have 5 bytes free at the beginning to allow the encoding to take place. Also, the write position of the buffer has to be set to the position of the last byte to write.
        Parameters:
        buffer - the buffer to encode and send
        Returns:
        An IoWriteFuture that can be used to check when the packet has actually been sent
        Throws:
        IOException - if an error occurred when encoding sending the packet

      • writePacket

        public IoWriteFuture writePacket​(Buffer buffer,
                                 long timeout,
                                 TimeUnit unit)
                          throws IOException
        Description copied from interface: Session
        Encode and send the given buffer with the specified timeout. If the buffer could not be written before the timeout elapses, the returned IoWriteFuture will be set with a TimeoutException exception to indicate a timeout.
        Parameters:
        buffer - the buffer to encode and spend
        timeout - the timeout
        unit - the time unit of the timeout parameter
        Returns:
        a future that can be used to check when the packet has actually been sent
        Throws:
        IOException - if an error occurred when encoding or sending the packet

      • resolveIgnoreBufferDataLength

        protected int resolveIgnoreBufferDataLength()

      • request

        public Buffer request​(String request,
                      Buffer buffer,
                      long maxWaitMillis)
               throws IOException
        Description copied from interface: Session
        Send a global request and wait for the response, if the request is sent with want-reply = true.
        Parameters:
        request - the request name - used mainly for logging and debugging
        buffer - the buffer containing the global request
        maxWaitMillis - maximum time in milliseconds to wait for the request to finish - must be positive
        Returns:
        the return buffer if the request was successful, null otherwise.
        Throws:
        IOException - if an error occurred when encoding or sending the packet
        SocketTimeoutException - If no response received within specified timeout

      • request

        public GlobalRequestFuture request​(Buffer buffer,
                                   String request,
                                   GlobalRequestFuture.ReplyHandler replyHandler)
                            throws IOException
        Description copied from interface: Session
        Send a global request and handle the reply asynchronously. If want-reply = true, pass the received Buffer to the given GlobalRequestFuture.ReplyHandler, which may execute in a different thread.
        want-reply == true && replyHandler != null
        The returned future is fulfilled with null when the request was sent, or with an exception if the request could not be sent. The replyHandler is invoked once the reply is received, with the SSH reply code and the data received.
        want-reply == true && replyHandler == null
        The returned future is fulfilled with an exception if the request could not be sent, or a failure reply was received. If a success reply was received, the future is fulfilled with the received data buffer.
        want-reply == false
        The returned future is fulfilled with an empty Buffer when the request was sent, or with an exception if the request could not be sent. If a reply handler is given, it is invoked with that empty buffer. The handler is not invoked if sending the request failed.
        Parameters:
        buffer - the Buffer containing the global request, with the want-reply flag set as appropriate
        request - the request name
        replyHandler - GlobalRequestFuture.ReplyHandler for handling the reply; may be null
        Throws:
        IOException - if an error occurred while encoding or sending the packet

      • createBuffer

        public Buffer createBuffer​(byte cmd,
                           int len)
        Description copied from interface: Session
        Create a new buffer for the specified SSH packet and reserve the needed space (5 bytes) for the packet header.
        Parameters:
        cmd - The SSH command to initialize the buffer with
        len - Estimated number of bytes the buffer will hold, 0 if unknown.
        Returns:
        a new buffer ready for write
        See Also:
        Session.prepareBuffer(byte, Buffer)

      • prepareBuffer

        public Buffer prepareBuffer​(byte cmd,
                            Buffer buffer)
        Description copied from interface: Session
        Prepare a new "clean" buffer while reserving the needed space (5 bytes) for the packet header.
        Parameters:
        cmd - The SSH command to initialize the buffer with
        buffer - The Buffer instance to initialize
        Returns:
        The initialized buffer

      • validateTargetBuffer

        protected <B extends Buffer> B validateTargetBuffer​(int cmd,
                                                    B buffer)
        Makes sure that the buffer used for output is not null or one of the session's internal ones used for decoding and uncompressing
        Type Parameters:
        B - The Buffer type being validated
        Parameters:
        cmd - The most likely command this buffer refers to (not guaranteed to be correct)
        buffer - The buffer to be examined
        Returns:
        The validated target instance - default same as input
        Throws:
        IllegalArgumentException - if any of the conditions is violated

      • encode

        protected Buffer encode​(Buffer buffer)
                 throws IOException
        Encode a buffer into the SSH protocol. Note: This method must be called inside a synchronized block using encodeLock.
        Parameters:
        buffer - the buffer to encode
        Returns:
        The encoded buffer - may be different than original if input buffer does not have enough room for SshConstants.SSH_PACKET_HEADER_LEN, in which case a substitute buffer will be created and used.
        Throws:
        IOException - if an exception occurs during the encoding process

      • aeadOutgoingBuffer

        protected void aeadOutgoingBuffer​(Buffer buf,
                                  int offset,
                                  int len)
                           throws Exception
        Throws:
        Exception

      • appendOutgoingMac

        protected void appendOutgoingMac​(Buffer buf,
                                 int offset,
                                 int len)
                          throws Exception
        Throws:
        Exception

      • encryptOutgoingBuffer

        protected void encryptOutgoingBuffer​(Buffer buf,
                                     int offset,
                                     int len)
                              throws Exception
        Throws:
        Exception

      • decode

        protected void decode()
               throws Exception
        Decode the incoming buffer and handle packets as needed.
        Throws:
        Exception - If failed to decode

      • validateIncomingMac

        protected void validateIncomingMac​(byte[] data,
                                   int offset,
                                   int len)
                            throws Exception
        Throws:
        Exception

      • readIdentification

        protected abstract boolean readIdentification​(Buffer buffer)
                                       throws Exception
        Read the other side identification. This method is specific to the client or server side, but both should call SessionHelper.doReadIdentification(Buffer, boolean) and store the result in the needed property.
        Parameters:
        buffer - The Buffer containing the remote identification
        Returns:
        true if the identification has been fully read or false if more data is needed
        Throws:
        Exception - if an error occurs such as a bad protocol version or unsuccessful KEX was involved

      • sendKexInit

        protected byte[] sendKexInit​(Map<KexProposalOption,​String> proposal)
                      throws Exception
        Send the key exchange initialization packet. This packet contains random data along with our proposal.
        Parameters:
        proposal - our proposal for key exchange negotiation
        Returns:
        the sent packet data which must be kept for later use when deriving the session keys
        Throws:
        Exception - if an error occurred sending the packet

      • receiveKexInit

        protected byte[] receiveKexInit​(Buffer buffer,
                                Map<KexProposalOption,​String> proposal)
                         throws Exception
        Receive the remote key exchange init message. The packet data is returned for later use.
        Parameters:
        buffer - the Buffer containing the key exchange init packet
        proposal - the remote proposal to fill
        Returns:
        the packet data
        Throws:
        Exception - If failed to handle the message

      • setOutputEncoding

        protected void setOutputEncoding()
                          throws Exception
        Installs the current prepared outSettings so that they are effective and will be applied to any future outgoing packet. Clears outSettings.
        Throws:
        Exception - on errors

      • setInputEncoding

        protected void setInputEncoding()
                         throws Exception
        Installs the current prepared inSettings so that they are effective and will be applied to any future incoming packet. Clears inSettings.
        Throws:
        Exception - on errors

      • determineRekeyBlockLimit

        protected long determineRekeyBlockLimit​(int inCipherBlockSize,
                                        int outCipherBlockSize)
        Compute the number of blocks after which we should re-key again. See RFC 4344.
        Parameters:
        inCipherBlockSize - block size of the input cipher
        outCipherBlockSize - block size of the output cipher
        Returns:
        the number of block after which re-keying occur at the latest
        See Also:
        RFC 4344, section 3.2

      • notImplemented

        protected IoWriteFuture notImplemented​(int cmd,
                                       Buffer buffer)
                                throws Exception
        Send a SSH_MSG_UNIMPLEMENTED packet. This packet should contain the sequence id of the unsupported packet: this number is assumed to be the last packet received.
        Parameters:
        cmd - The un-implemented command value
        buffer - The Buffer that contains the command. Note: the buffer's read position is just beyond the command.
        Returns:
        An IoWriteFuture that can be used to wait for packet write completion - null if the registered ReservedSessionMessagesHandler decided to handle the command internally
        Throws:
        Exception - if an error occurred while handling the packet.
        See Also:
        SessionHelper.sendNotImplemented(long)

      • requestSuccess

        protected void requestSuccess​(Buffer buffer)
                       throws Exception
        Indicates the reception of a SSH_MSG_REQUEST_SUCCESS message
        Parameters:
        buffer - The Buffer containing the message data
        Throws:
        Exception - If failed to handle the message

      • requestFailure

        protected void requestFailure​(Buffer buffer)
                       throws Exception
        Indicates the reception of a SSH_MSG_REQUEST_FAILURE message
        Parameters:
        buffer - The Buffer containing the message data
        Throws:
        Exception - If failed to handle the message

      • getSessionListenerProxy

        public SessionListener getSessionListenerProxy()
        Returns:
        A (never null proxy SessionListener that represents all the currently registered listeners. Any method invocation on the proxy is replicated to the currently registered listeners

      • getChannelListenerProxy

        public ChannelListener getChannelListenerProxy()
        Returns:
        A (never null proxy ChannelListener that represents all the currently registered listeners. Any method invocation on the proxy is replicated to the currently registered listeners

      • getPortForwardingEventListenerProxy

        public PortForwardingEventListener getPortForwardingEventListenerProxy()
        Returns:
        A proxy listener representing all the currently registered listener through this manager

      • requestNewKeysExchange

        protected KeyExchangeFuture requestNewKeysExchange()
                                            throws Exception
        Initiates a new keys exchange if one not already in progress
        Returns:
        A KeyExchangeFuture to wait for the initiated exchange or null if an exchange is already in progress
        Throws:
        Exception - If failed to load/generate the keys or send the request

      • isRekeyRequired

        protected boolean isRekeyRequired()

      • isRekeyTimeIntervalExceeded

        protected boolean isRekeyTimeIntervalExceeded()

      • isRekeyPacketCountsExceeded

        protected boolean isRekeyPacketCountsExceeded()

      • isRekeyDataSizeExceeded

        protected boolean isRekeyDataSizeExceeded()

      • isRekeyBlocksCountExceeded

        protected boolean isRekeyBlocksCountExceeded()

      • getClientKexData

        protected byte[] getClientKexData()

      • setClientKexData

        protected void setClientKexData​(byte[] data)

      • getServerKexData

        protected byte[] getServerKexData()

      • setServerKexData

        protected void setServerKexData​(byte[] data)

      • setKexSeed

        protected abstract void setKexSeed​(byte... seed)
        Parameters:
        seed - The result of the KEXINIT handshake - required for correct session key establishment

      • checkKeys

        protected abstract void checkKeys()
                           throws IOException
        Indicates the the key exchange is completed and the exchanged keys can now be verified - e.g., client can verify the server's key
        Throws:
        IOException - If validation failed

      • getSession

        public static AbstractSession getSession​(IoSession ioSession,
                                         boolean allowNull)
                                  throws MissingAttachedSessionException
        Retrieve the session SSH from the I/O session. If the session has not been attached and allowNull is false, an exception will be thrown, otherwise a null will be returned.
        Parameters:
        ioSession - The IoSession
        allowNull - If true, a null value may be returned if no session is attached
        Returns:
        the session attached to the I/O session or null
        Throws:
        MissingAttachedSessionException - if no attached session and allowNull=false