Package org.apache.sshd.common.session.helpers

Class AbstractSession

java.lang.Object
org.apache.sshd.common.util.logging.AbstractLoggingBean
org.apache.sshd.common.util.closeable.IoBaseCloseable
org.apache.sshd.common.util.closeable.AbstractCloseable
org.apache.sshd.common.util.closeable.AbstractInnerCloseable
org.apache.sshd.common.kex.AbstractKexFactoryManager
org.apache.sshd.common.session.helpers.SessionHelper
org.apache.sshd.common.session.helpers.AbstractSession
All Implemented Interfaces:
Closeable, AutoCloseable, Channel, AttributeRepository, AttributeStore, MutableUserHolder, UsernameHolder, ChannelListenerManager, ChannelStreamWriterResolver, ChannelStreamWriterResolverManager, Closeable, FactoryManagerHolder, PortForwardingEventListenerManager, PortForwardingInformationProvider, KexExtensionHandlerManager, KexFactoryManager, PropertyResolver, ReservedSessionMessagesManager, Session, SessionContext, SessionDisconnectHandlerManager, SessionHeartbeatController, SessionListenerManager, UnknownChannelReferenceHandlerManager, SignatureFactoriesHolder, SignatureFactoriesManager, ConnectionEndpointsIndicator
Direct Known Subclasses:
AbstractClientSession, AbstractServerSession
public abstract class AbstractSession extends SessionHelper

The AbstractSession handles all the basic SSH protocol such as key exchange, authentication, encoding and decoding. Both server side and client side sessions should inherit from this abstract class. Some basic packet processing methods are defined but the actual call to these methods should be done from the handleMessage(Buffer) method, which is dependent on the state and side of this session.

TODO: if there is any very big packet, decoderBuffer and uncompressBuffer will get quite big and they won't be resized down at any time. Though the packet size is really limited by the channel max packet size
Author:
Apache MINA SSHD Project

  • Field Details

    • SESSION

      public static final String SESSION
      Name of the property where this session is stored in the attributes of the underlying MINA session. See getSession(IoSession, boolean) and attachSession(IoSession, AbstractSession).
      See Also:

    • random

      protected final Random random
      The pseudo random generator

    • sessionListeners

      protected final Collection<SessionListener> sessionListeners
      Session listeners container

    • sessionListenerProxy

      protected final SessionListener sessionListenerProxy

    • channelListeners

      protected final Collection<ChannelListener> channelListeners
      Channel events listener container

    • channelListenerProxy

      protected final ChannelListener channelListenerProxy

    • tunnelListeners

      protected final Collection<PortForwardingEventListener> tunnelListeners
      Port forwarding events listener container

    • tunnelListenerProxy

      protected final PortForwardingEventListener tunnelListenerProxy

    • sessionId

      protected byte[] sessionId

    • serverVersion

      protected String serverVersion

    • clientVersion

      protected String clientVersion

    • serverProposal

      protected final Map<KexProposalOption,String> serverProposal

    • unmodServerProposal

      protected final Map<KexProposalOption,String> unmodServerProposal

    • clientProposal

      protected final Map<KexProposalOption,String> clientProposal

    • unmodClientProposal

      protected final Map<KexProposalOption,String> unmodClientProposal

    • negotiationResult

      protected final Map<KexProposalOption,String> negotiationResult

    • unmodNegotiationResult

      protected final Map<KexProposalOption,String> unmodNegotiationResult

    • kex

      protected KeyExchange kex

    • firstKexPacketFollows

      protected Boolean firstKexPacketFollows

    • initialKexDone

      protected boolean initialKexDone

    • kexState

      protected final AtomicReference<KexState> kexState
      Holds the current key exchange state.

    • kexFutureHolder

      protected final AtomicReference<DefaultKeyExchangeFuture> kexFutureHolder

    • kexInitializedFuture

      protected DefaultKeyExchangeFuture kexInitializedFuture

    • outCipher

      protected Cipher outCipher

    • inCipher

      protected Cipher inCipher

    • outCipherSize

      protected int outCipherSize

    • inCipherSize

      protected int inCipherSize

    • outMac

      protected Mac outMac

    • inMac

      protected Mac inMac

    • outMacSize

      protected int outMacSize

    • inMacSize

      protected int inMacSize

    • inMacResult

      protected byte[] inMacResult

    • outCompression

      protected Compression outCompression

    • inCompression

      protected Compression inCompression

    • seqi

      protected long seqi
      Input packet sequence number.

    • seqo

      protected long seqo
      Output packet sequence number.

    • uncompressBuffer

      protected SessionWorkBuffer uncompressBuffer

    • decoderBuffer

      protected final SessionWorkBuffer decoderBuffer

    • decoderState

      protected int decoderState

    • decoderLength

      protected int decoderLength

    • encodeLock

      protected final Object encodeLock

    • decodeLock

      protected final Object decodeLock

    • requestLock

      protected final Object requestLock

    • strictKex

      protected boolean strictKex
      "Strict KEX" is a mitigation for the "Terrapin attack". The KEX protocol is modified as follows:
      1. During the initial (unencrypted) KEX, no extra messages not strictly necessary for KEX are allowed. The KEX_INIT message must be the first one after the version identification, and no IGNORE or DEBUG messages are allowed until the KEX is completed. If a party receives such a message, it terminates the connection.
      2. Message sequence numbers are reset to zero after a key exchange (initial or later). When the NEW_KEYS message has been sent, the outgoing message number is reset; after a NEW_KEYS message has been received, the incoming message number is reset.
      Strict KEX is negotiated in the original KEX proposal; it is active if and only if both parties indicate that they support strict KEX.

    • initialKexInitSequenceNumber

      protected long initialKexInitSequenceNumber

    • kexHandler

      protected final KeyExchangeMessageHandler kexHandler
      The KeyExchangeMessageHandler instance also serves as lock protecting kexState changes from DONE to INIT or RUN, and from KEYS to DONE.

    • inPacketsCount

      protected final AtomicLong inPacketsCount

    • outPacketsCount

      protected final AtomicLong outPacketsCount

    • inBytesCount

      protected final AtomicLong inBytesCount

    • outBytesCount

      protected final AtomicLong outBytesCount

    • inBlocksCount

      protected final AtomicLong inBlocksCount

    • outBlocksCount

      protected final AtomicLong outBlocksCount

    • lastKeyTimeValue

      protected final AtomicReference<Instant> lastKeyTimeValue

    • maxRekyPackets

      protected long maxRekyPackets

    • maxRekeyBytes

      protected long maxRekeyBytes

    • maxRekeyInterval

      protected Duration maxRekeyInterval

    • inSettings

      protected AbstractSession.MessageCodingSettings inSettings
      Resulting message coding settings at the end of a key exchange for incoming messages.
      See Also:

    • outSettings

      protected AbstractSession.MessageCodingSettings outSettings
      Resulting message coding settings at the end of a key exchange for outgoing messages.
      See Also:

    • currentService

      protected final CurrentService currentService

    • ignorePacketDataLength

      protected int ignorePacketDataLength

    • ignorePacketsFrequency

      protected long ignorePacketsFrequency

    • ignorePacketsVariance

      protected int ignorePacketsVariance

    • maxRekeyBlocks

      protected final AtomicLong maxRekeyBlocks

    • ignorePacketsCount

      protected final AtomicLong ignorePacketsCount

  • Constructor Details

    • AbstractSession

      protected AbstractSession(boolean serverSession, FactoryManager factoryManager, IoSession ioSession)
      Create a new session.
      Parameters:
      serverSession - true if this is a server session, false if client one
      factoryManager - the factory manager
      ioSession - the underlying I/O session

  • Method Details

    • initializeKeyExchangeMessageHandler

      protected KeyExchangeMessageHandler initializeKeyExchangeMessageHandler()
      Creates a new KeyExchangeMessageHandler instance managing packet sending for this session.

      This initialization method is invoked once from the AbstractSession constructor. Do not rely on subclass fields being initialized.

      Returns:
      a new KeyExchangeMessageHandler instance for the session

    • initializeCurrentService

      protected CurrentService initializeCurrentService()
      Creates a new CurrentService instance managing this session's current SSH service.

      This initialization method is invoked once from the AbstractSession constructor. Do not rely on subclass fields being initialized.

      Returns:
      a new CurrentService instance for the session

    • calculatePadLength

      public static int calculatePadLength(int len, int blockSize, boolean etmMode)
      Parameters:
      len - The packet payload size
      blockSize - The cipher block size
      etmMode - Whether using "encrypt-then-MAC" mode
      Returns:
      The required padding length

    • getServerVersion

      public String getServerVersion()

    • getServerKexProposals

      public Map<KexProposalOption,String> getServerKexProposals()

    • getClientVersion

      public String getClientVersion()

    • getClientKexProposals

      public Map<KexProposalOption,String> getClientKexProposals()

    • getKex

      public KeyExchange getKex()
      Returns:
      The current KeyExchange in progress - null if KEX not started or successfully completed

    • getKexState

      public KexState getKexState()

    • getSessionId

      public byte[] getSessionId()

    • getKexNegotiationResult

      public Map<KexProposalOption,String> getKexNegotiationResult()

    • getNegotiatedKexParameter

      public String getNegotiatedKexParameter(KexProposalOption paramType)

    • getCipherInformation

      public CipherInformation getCipherInformation(boolean incoming)

    • getCompressionInformation

      public CompressionInformation getCompressionInformation(boolean incoming)

    • getMacInformation

      public MacInformation getMacInformation(boolean incoming)

    • messageReceived

      public void messageReceived(Readable buffer) throws Exception

      Main input point for the MINA framework.

      This method will be called each time new data is received on the socket and will append it to the input buffer before calling the decode() method.

      Parameters:
      buffer - the new buffer received
      Throws:
      Exception - if an error occurs while decoding or handling the data

    • refreshConfiguration

      protected void refreshConfiguration()
      Refresh whatever internal configuration is not final

    • handleMessage

      protected void handleMessage(Buffer buffer) throws Exception
      Abstract method for processing incoming decoded packets. The given buffer will hold the decoded packet, starting from the command byte at the read position.
      Parameters:
      buffer - The Buffer containing the packet - it may be re-used to generate the response once request has been decoded
      Throws:
      Exception - if an exception occurs while handling this packet.
      See Also:

    • doHandleMessage

      protected void doHandleMessage(Buffer buffer) throws Exception
      Throws:
      Exception

    • failStrictKex

      protected void failStrictKex(int cmd) throws SshException
      Throws:
      SshException

    • handleFirstKexPacketFollows

      protected boolean handleFirstKexPacketFollows(int cmd, Buffer buffer, boolean followFlag)

    • comparePreferredKexProposalOption

      protected Map.Entry<String,String> comparePreferredKexProposalOption(KexProposalOption option)
      Compares the specified KexProposalOption option value for client vs. server
      Parameters:
      option - The option to check
      Returns:
      null if option is equal, otherwise a key/value pair where key=client option value and value=the server-side one

    • sendNewKeys

      protected IoWriteFuture sendNewKeys() throws Exception
      Send a message to put new keys into use.
      Returns:
      An IoWriteFuture that can be used to wait and check the result of sending the packet
      Throws:
      Exception - if an error occurs sending the message

    • handleKexMessage

      protected void handleKexMessage(int cmd, Buffer buffer) throws Exception
      Throws:
      Exception

    • handleKexExtension

      protected void handleKexExtension(int cmd, Buffer buffer) throws Exception
      Throws:
      Exception

    • handleNewCompression

      protected void handleNewCompression(int cmd, Buffer buffer) throws Exception
      Throws:
      Exception

    • handleServiceRequest

      protected void handleServiceRequest(Buffer buffer) throws Exception
      Throws:
      Exception

    • handleServiceRequest

      protected boolean handleServiceRequest(String serviceName, Buffer buffer) throws Exception
      Throws:
      Exception

    • validateServiceKexState

      protected boolean validateServiceKexState(KexState state)

    • handleServiceAccept

      protected void handleServiceAccept(Buffer buffer) throws Exception
      Throws:
      Exception

    • handleServiceAccept

      protected void handleServiceAccept(String serviceName, Buffer buffer) throws Exception
      Throws:
      Exception

    • handleKexInit

      protected void handleKexInit(Buffer buffer) throws Exception
      Throws:
      Exception

    • doKexNegotiation

      protected void doKexNegotiation() throws Exception
      Throws:
      Exception

    • handleNewKeys

      protected void handleNewKeys(int cmd, Buffer buffer) throws Exception
      Throws:
      Exception

    • validateKexState

      protected void validateKexState(int cmd, KexState expected)

    • getInnerCloseable

      protected Closeable getInnerCloseable()
      Specified by:
      getInnerCloseable in class AbstractInnerCloseable

    • preClose

      protected void preClose()
      Overrides:
      preClose in class AbstractCloseable

    • getServices

      protected List<Service> getServices()

    • getService

      public <T extends Service> T getService(Class<T> clazz)
      Description copied from interface: Session
      Get the service of the specified type. If the service is not of the specified class, an IllegalStateException will be thrown.
      Type Parameters:
      T - The generic Service type
      Parameters:
      clazz - The service class
      Returns:
      The service instance

    • preProcessEncodeBuffer

      protected Buffer preProcessEncodeBuffer(int cmd, Buffer buffer) throws IOException
      Description copied from class: SessionHelper
      Invoked by the session before encoding the buffer in order to make sure that it is at least of size SSH_PACKET_HEADER_LEN. This is required in order to efficiently handle the encoding. If necessary, it re-allocates a new buffer and returns it instead.
      Overrides:
      preProcessEncodeBuffer in class SessionHelper
      Parameters:
      cmd - The command stored in the buffer
      buffer - The original Buffer - assumed to be properly formatted and be of at least the required minimum length.
      Returns:
      The adjusted Buffer. Note: users may use this method to totally alter the contents of the buffer being sent but it is highly discouraged as it may have unexpected results.
      Throws:
      IOException - If failed to process the buffer

    • writePacket

      public IoWriteFuture writePacket(Buffer buffer) throws IOException
      Description copied from interface: Session
      Encode and send the given buffer. The buffer has to have 5 bytes free at the beginning to allow the encoding to take place. Also, the write position of the buffer has to be set to the position of the last byte to write.
      Parameters:
      buffer - the buffer to encode and send
      Returns:
      An IoWriteFuture that can be used to check when the packet has actually been sent
      Throws:
      IOException - if an error occurred when encoding sending the packet

    • writePacket

      public IoWriteFuture writePacket(Buffer buffer, long timeout, TimeUnit unit) throws IOException
      Description copied from interface: Session
      Encode and send the given buffer with the specified timeout. If the buffer could not be written before the timeout elapses, the returned IoWriteFuture will be set with a TimeoutException exception to indicate a timeout.
      Parameters:
      buffer - the buffer to encode and spend
      timeout - the timeout
      unit - the time unit of the timeout parameter
      Returns:
      a future that can be used to check when the packet has actually been sent
      Throws:
      IOException - if an error occurred when encoding or sending the packet

    • resolveOutputPacket

      protected Buffer resolveOutputPacket(Buffer buffer) throws IOException
      Throws:
      IOException

    • doWritePacket

      protected IoWriteFuture doWritePacket(Buffer buffer) throws IOException
      Throws:
      IOException

    • resolveIgnoreBufferDataLength

      protected int resolveIgnoreBufferDataLength()

    • request

      public Buffer request(String request, Buffer buffer, long maxWaitMillis) throws IOException
      Description copied from interface: Session
      Send a global request and wait for the response, if the request is sent with want-reply = true.
      Parameters:
      request - the request name - used mainly for logging and debugging
      buffer - the buffer containing the global request
      maxWaitMillis - maximum time in milliseconds to wait for the request to finish - must be positive
      Returns:
      the return buffer if the request was successful, null otherwise.
      Throws:
      IOException - if an error occurred when encoding or sending the packet
      SocketTimeoutException - If no response received within specified timeout

    • request

      public GlobalRequestFuture request(Buffer buffer, String request, GlobalRequestFuture.ReplyHandler replyHandler) throws IOException
      Description copied from interface: Session
      Send a global request and handle the reply asynchronously. If want-reply = true, pass the received Buffer to the given GlobalRequestFuture.ReplyHandler, which may execute in a different thread.
      want-reply == true && replyHandler != null
      The returned future is fulfilled with null when the request was sent, or with an exception if the request could not be sent. The replyHandler is invoked once the reply is received, with the SSH reply code and the data received.
      want-reply == true && replyHandler == null
      The returned future is fulfilled with an exception if the request could not be sent, or a failure reply was received. If a success reply was received, the future is fulfilled with the received data buffer.
      want-reply == false
      The returned future is fulfilled with an empty Buffer when the request was sent, or with an exception if the request could not be sent. If a reply handler is given, it is invoked with that empty buffer. The handler is not invoked if sending the request failed.
      Parameters:
      buffer - the Buffer containing the global request, with the want-reply flag set as appropriate
      request - the request name
      replyHandler - GlobalRequestFuture.ReplyHandler for handling the reply; may be null
      Returns:
      Created GlobalRequestFuture
      Throws:
      IOException - if an error occurred while encoding or sending the packet

    • doInvokeUnimplementedMessageHandler

      protected boolean doInvokeUnimplementedMessageHandler(int cmd, Buffer buffer) throws Exception
      Overrides:
      doInvokeUnimplementedMessageHandler in class SessionHelper
      Parameters:
      cmd - The unimplemented command
      buffer - The input Buffer
      Returns:
      Result of invoking handleUnimplementedMessage
      Throws:
      Exception - if failed to handle the message

    • createBuffer

      public Buffer createBuffer(byte cmd, int len)
      Description copied from interface: Session
      Create a new buffer for the specified SSH packet and reserve the needed space (5 bytes) for the packet header.
      Parameters:
      cmd - The SSH command to initialize the buffer with
      len - Estimated number of bytes the buffer will hold, 0 if unknown.
      Returns:
      a new buffer ready for write
      See Also:

    • prepareBuffer

      public Buffer prepareBuffer(byte cmd, Buffer buffer)
      Description copied from interface: Session
      Prepare a new "clean" buffer while reserving the needed space (5 bytes) for the packet header.
      Parameters:
      cmd - The SSH command to initialize the buffer with
      buffer - The Buffer instance to initialize
      Returns:
      The initialized buffer

    • validateTargetBuffer

      protected <B extends Buffer> B validateTargetBuffer(int cmd, B buffer)
      Makes sure that the buffer used for output is not null or one of the session's internal ones used for decoding and uncompressing
      Type Parameters:
      B - The Buffer type being validated
      Parameters:
      cmd - The most likely command this buffer refers to (not guaranteed to be correct)
      buffer - The buffer to be examined
      Returns:
      The validated target instance - default same as input
      Throws:
      IllegalArgumentException - if any of the conditions is violated

    • encode

      protected Buffer encode(Buffer buffer) throws IOException
      Encode a buffer into the SSH protocol. Note: This method must be called inside a synchronized block using encodeLock.
      Parameters:
      buffer - the buffer to encode
      Returns:
      The encoded buffer - may be different than original if input buffer does not have enough room for SshConstants.SSH_PACKET_HEADER_LEN, in which case a substitute buffer will be created and used.
      Throws:
      IOException - if an exception occurs during the encoding process

    • aeadOutgoingBuffer

      protected void aeadOutgoingBuffer(Buffer buf, int offset, int len) throws Exception
      Throws:
      Exception

    • appendOutgoingMac

      protected void appendOutgoingMac(Buffer buf, int offset, int len) throws Exception
      Throws:
      Exception

    • encryptOutgoingBuffer

      protected void encryptOutgoingBuffer(Buffer buf, int offset, int len) throws Exception
      Throws:
      Exception

    • decode

      protected void decode() throws Exception
      Decode the incoming buffer and handle packets as needed.
      Throws:
      Exception - If failed to decode

    • validateIncomingMac

      protected void validateIncomingMac(byte[] data, int offset, int len) throws Exception
      Throws:
      Exception

    • readIdentification

      protected abstract boolean readIdentification(Buffer buffer) throws Exception
      Read the other side identification. This method is specific to the client or server side, but both should call SessionHelper.doReadIdentification(Buffer, boolean) and store the result in the needed property.
      Parameters:
      buffer - The Buffer containing the remote identification
      Returns:
      true if the identification has been fully read or false if more data is needed
      Throws:
      Exception - if an error occurs such as a bad protocol version or unsuccessful KEX was involved

    • sendKexInit

      protected byte[] sendKexInit(Map<KexProposalOption,String> proposal) throws Exception
      Send the key exchange initialization packet. This packet contains random data along with our proposal.
      Parameters:
      proposal - our proposal for key exchange negotiation
      Returns:
      the sent packet data which must be kept for later use when deriving the session keys
      Throws:
      Exception - if an error occurred sending the packet

    • receiveKexInit

      protected byte[] receiveKexInit(Buffer buffer, Map<KexProposalOption,String> proposal) throws Exception
      Receive the remote key exchange init message. The packet data is returned for later use.
      Parameters:
      buffer - the Buffer containing the key exchange init packet
      proposal - the remote proposal to fill
      Returns:
      the packet data
      Throws:
      Exception - If failed to handle the message

    • prepareNewKeys

      protected void prepareNewKeys() throws Exception
      Prepares the new ciphers, macs and compression algorithms according to the negotiated server and client proposals and stores them in inSettings and outSettings. The new settings do not take effect yet; use setInputEncoding() or setOutputEncoding() for that.
      Throws:
      Exception - if an error occurs

    • setOutputEncoding

      protected void setOutputEncoding() throws Exception
      Installs the current prepared outSettings so that they are effective and will be applied to any future outgoing packet. Clears outSettings.
      Throws:
      Exception - on errors

    • setInputEncoding

      protected void setInputEncoding() throws Exception
      Installs the current prepared inSettings so that they are effective and will be applied to any future incoming packet. Clears inSettings.
      Throws:
      Exception - on errors

    • determineRekeyBlockLimit

      protected long determineRekeyBlockLimit(int inCipherBlockSize, int outCipherBlockSize)
      Compute the number of blocks after which we should re-key again. See RFC 4344.
      Parameters:
      inCipherBlockSize - block size of the input cipher
      outCipherBlockSize - block size of the output cipher
      Returns:
      the number of block after which re-keying occur at the latest
      See Also:

    • notImplemented

      protected IoWriteFuture notImplemented(int cmd, Buffer buffer) throws Exception
      Send a SSH_MSG_UNIMPLEMENTED packet. This packet should contain the sequence id of the unsupported packet: this number is assumed to be the last packet received.
      Parameters:
      cmd - The un-implemented command value
      buffer - The Buffer that contains the command. Note: the buffer's read position is just beyond the command.
      Returns:
      An IoWriteFuture that can be used to wait for packet write completion - null if the registered ReservedSessionMessagesHandler decided to handle the command internally
      Throws:
      Exception - if an error occurred while handling the packet.
      See Also:

    • removeValue

      protected boolean removeValue(Map<KexProposalOption,String> options, KexProposalOption option, String toRemove)
      Given a KEX proposal and a KexProposalOption, removes all occurrences of a value from a comma-separated value list.
      Parameters:
      options - Map holding the Kex proposal
      option - KexProposalOption to modify
      toRemove - value to remove
      Returns:
      true if the option contained the value (and it was removed); false otherwise

    • negotiate

      protected Map<KexProposalOption,String> negotiate() throws Exception
      Compute the negotiated proposals by merging the client and server proposal. The negotiated proposal will also be stored in the negotiationResult property.
      Returns:
      The negotiated options Map
      Throws:
      Exception - If negotiation failed

    • setNegotiationResult

      protected Map<KexProposalOption,String> setNegotiationResult(Map<KexProposalOption,String> guess)

    • requestSuccess

      protected void requestSuccess(Buffer buffer) throws Exception
      Indicates the reception of a SSH_MSG_REQUEST_SUCCESS message
      Parameters:
      buffer - The Buffer containing the message data
      Throws:
      Exception - If failed to handle the message

    • requestFailure

      protected void requestFailure(Buffer buffer) throws Exception
      Indicates the reception of a SSH_MSG_REQUEST_FAILURE message
      Parameters:
      buffer - The Buffer containing the message data
      Throws:
      Exception - If failed to handle the message

    • addSessionListener

      public void addSessionListener(SessionListener listener)
      Description copied from interface: SessionListenerManager
      Add a session listener.
      Parameters:
      listener - The SessionListener to add - not null

    • removeSessionListener

      public void removeSessionListener(SessionListener listener)
      Description copied from interface: SessionListenerManager
      Remove a session listener.
      Parameters:
      listener - The SessionListener to remove

    • getSessionListenerProxy

      public SessionListener getSessionListenerProxy()
      Returns:
      A (never null proxy SessionListener that represents all the currently registered listeners. Any method invocation on the proxy is replicated to the currently registered listeners

    • addChannelListener

      public void addChannelListener(ChannelListener listener)
      Description copied from interface: ChannelListenerManager
      Add a channel listener
      Parameters:
      listener - The ChannelListener to add - not null

    • removeChannelListener

      public void removeChannelListener(ChannelListener listener)
      Description copied from interface: ChannelListenerManager
      Remove a channel listener
      Parameters:
      listener - The ChannelListener to remove

    • getChannelListenerProxy

      public ChannelListener getChannelListenerProxy()
      Returns:
      A (never null proxy ChannelListener that represents all the currently registered listeners. Any method invocation on the proxy is replicated to the currently registered listeners

    • getPortForwardingEventListenerProxy

      public PortForwardingEventListener getPortForwardingEventListenerProxy()
      Returns:
      A proxy listener representing all the currently registered listener through this manager

    • addPortForwardingEventListener

      public void addPortForwardingEventListener(PortForwardingEventListener listener)
      Description copied from interface: PortForwardingEventListenerManager
      Add a port forwarding listener
      Parameters:
      listener - The PortForwardingEventListener to add - never null

    • removePortForwardingEventListener

      public void removePortForwardingEventListener(PortForwardingEventListener listener)
      Description copied from interface: PortForwardingEventListenerManager
      Remove a port forwarding listener
      Parameters:
      listener - The PortForwardingEventListener to remove - ignored if null

    • reExchangeKeys

      public KeyExchangeFuture reExchangeKeys() throws IOException
      Description copied from interface: Session
      Initiate a new key exchange.
      Returns:
      A KeyExchangeFuture for awaiting the completion of the exchange
      Throws:
      IOException - If failed to request keys re-negotiation

    • checkRekey

      protected KeyExchangeFuture checkRekey() throws Exception
      Checks if a re-keying is required and if so initiates it
      Returns:
      A KeyExchangeFuture to wait for the initiated exchange or null if no need to re-key or an exchange is already in progress
      Throws:
      Exception - If failed load/generate the keys or send the request
      See Also:

    • requestNewKeysExchange

      protected KeyExchangeFuture requestNewKeysExchange() throws Exception
      Initiates a new keys exchange if one not already in progress
      Returns:
      A KeyExchangeFuture to wait for the initiated exchange or null if an exchange is already in progress
      Throws:
      Exception - If failed to load/generate the keys or send the request

    • isRekeyRequired

      protected boolean isRekeyRequired()

    • isRekeyTimeIntervalExceeded

      protected boolean isRekeyTimeIntervalExceeded()

    • isRekeyPacketCountsExceeded

      protected boolean isRekeyPacketCountsExceeded()

    • isRekeyDataSizeExceeded

      protected boolean isRekeyDataSizeExceeded()

    • isRekeyBlocksCountExceeded

      protected boolean isRekeyBlocksCountExceeded()

    • resolveSessionKexProposal

      protected String resolveSessionKexProposal(String hostKeyTypes) throws IOException
      Overrides:
      resolveSessionKexProposal in class SessionHelper
      Throws:
      IOException

    • doStrictKexProposal

      protected Map<KexProposalOption,String> doStrictKexProposal(Map<KexProposalOption,String> proposal)

    • sendKexInit

      protected byte[] sendKexInit() throws Exception
      Throws:
      Exception

    • getClientKexData

      protected byte[] getClientKexData()

    • setClientKexData

      protected void setClientKexData(byte[] data)

    • getServerKexData

      protected byte[] getServerKexData()

    • setServerKexData

      protected void setServerKexData(byte[] data)

    • setKexSeed

      protected abstract void setKexSeed(byte... seed)
      Parameters:
      seed - The result of the KEXINIT handshake - required for correct session key establishment

    • checkKeys

      protected abstract void checkKeys() throws IOException
      Indicates the the key exchange is completed and the exchanged keys can now be verified - e.g., client can verify the server's key
      Throws:
      IOException - If validation failed

    • receiveKexInit

      protected byte[] receiveKexInit(Buffer buffer) throws Exception
      Throws:
      Exception

    • receiveKexInit

      protected abstract void receiveKexInit(Map<KexProposalOption,String> proposal, byte[] seed) throws IOException
      Throws:
      IOException

    • getSession

      public static AbstractSession getSession(IoSession ioSession) throws MissingAttachedSessionException
      Retrieve the SSH session from the I/O session. If the session has not been attached, an exception will be thrown
      Parameters:
      ioSession - The IoSession
      Returns:
      The SSH session attached to the I/O session
      Throws:
      MissingAttachedSessionException - if no attached SSH session
      See Also:

    • attachSession

      public static void attachSession(IoSession ioSession, AbstractSession session) throws MultipleAttachedSessionException
      Attach an SSH AbstractSession to the I/O session
      Parameters:
      ioSession - The IoSession
      session - The SSH session to attach
      Throws:
      MultipleAttachedSessionException - If a previous session already attached

    • getSession

      public static AbstractSession getSession(IoSession ioSession, boolean allowNull) throws MissingAttachedSessionException
      Retrieve the session SSH from the I/O session. If the session has not been attached and allowNull is false, an exception will be thrown, otherwise a null will be returned.
      Parameters:
      ioSession - The IoSession
      allowNull - If true, a null value may be returned if no session is attached
      Returns:
      the session attached to the I/O session or null
      Throws:
      MissingAttachedSessionException - if no attached session and allowNull=false