| author | chegar |
| Tue, 12 May 2009 16:32:34 +0100 | |
| changeset 3450 | 2f08a8bb9b83 |
| parent 715 | f16baef3a20e |
| child 3464 | 4ef40ee318ef |
| permissions | -rw-r--r-- |
| 2 | 1 |
/* |
| 715 | 2 |
* Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved. |
| 2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
7 |
* published by the Free Software Foundation. Sun designates this |
|
8 |
* particular file as subject to the "Classpath" exception as provided |
|
9 |
* by Sun in the LICENSE file that accompanied this code. |
|
10 |
* |
|
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
21 |
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, |
|
22 |
* CA 95054 USA or visit www.sun.com if you need additional information or |
|
23 |
* have any questions. |
|
24 |
*/ |
|
25 |
package java.net; |
|
26 |
import java.io.IOException; |
|
27 |
import java.io.InputStream; |
|
28 |
import java.io.OutputStream; |
|
29 |
import java.io.BufferedOutputStream; |
|
30 |
import java.security.AccessController; |
|
31 |
import java.security.PrivilegedExceptionAction; |
|
32 |
import java.util.prefs.Preferences; |
|
33 |
import sun.net.www.ParseUtil; |
|
34 |
/* import org.ietf.jgss.*; */ |
|
35 |
||
36 |
/** |
|
37 |
* SOCKS (V4 & V5) TCP socket implementation (RFC 1928). |
|
38 |
* This is a subclass of PlainSocketImpl. |
|
39 |
* Note this class should <b>NOT</b> be public. |
|
40 |
*/ |
|
41 |
||
42 |
class SocksSocketImpl extends PlainSocketImpl implements SocksConsts {
|
|
43 |
private String server = null; |
|
44 |
private int port = DEFAULT_PORT; |
|
45 |
private InetSocketAddress external_address; |
|
46 |
private boolean useV4 = false; |
|
47 |
private Socket cmdsock = null; |
|
48 |
private InputStream cmdIn = null; |
|
49 |
private OutputStream cmdOut = null; |
|
|
3450
2f08a8bb9b83
6801071: Remote sites can compromise user privacy and possibly hijack web sessions
chegar
parents:
715
diff
changeset
|
50 |
/* true if the Proxy has been set programatically */ |
|
2f08a8bb9b83
6801071: Remote sites can compromise user privacy and possibly hijack web sessions
chegar
parents:
715
diff
changeset
|
51 |
private boolean applicationSetProxy; /* false */ |
|
2f08a8bb9b83
6801071: Remote sites can compromise user privacy and possibly hijack web sessions
chegar
parents:
715
diff
changeset
|
52 |
|
| 2 | 53 |
|
54 |
SocksSocketImpl() {
|
|
55 |
// Nothing needed |
|
56 |
} |
|
57 |
||
58 |
SocksSocketImpl(String server, int port) {
|
|
59 |
this.server = server; |
|
60 |
this.port = (port == -1 ? DEFAULT_PORT : port); |
|
61 |
} |
|
62 |
||
63 |
SocksSocketImpl(Proxy proxy) {
|
|
64 |
SocketAddress a = proxy.address(); |
|
65 |
if (a instanceof InetSocketAddress) {
|
|
66 |
InetSocketAddress ad = (InetSocketAddress) a; |
|
67 |
// Use getHostString() to avoid reverse lookups |
|
68 |
server = ad.getHostString(); |
|
69 |
port = ad.getPort(); |
|
|
3450
2f08a8bb9b83
6801071: Remote sites can compromise user privacy and possibly hijack web sessions
chegar
parents:
715
diff
changeset
|
70 |
applicationSetProxy = true; |
| 2 | 71 |
} |
72 |
} |
|
73 |
||
74 |
void setV4() {
|
|
75 |
useV4 = true; |
|
76 |
} |
|
77 |
||
78 |
private synchronized void privilegedConnect(final String host, |
|
79 |
final int port, |
|
80 |
final int timeout) |
|
81 |
throws IOException |
|
82 |
{
|
|
83 |
try {
|
|
84 |
AccessController.doPrivileged( |
|
| 51 | 85 |
new java.security.PrivilegedExceptionAction<Void>() {
|
86 |
public Void run() throws IOException {
|
|
| 2 | 87 |
superConnectServer(host, port, timeout); |
88 |
cmdIn = getInputStream(); |
|
89 |
cmdOut = getOutputStream(); |
|
90 |
return null; |
|
91 |
} |
|
92 |
}); |
|
93 |
} catch (java.security.PrivilegedActionException pae) {
|
|
94 |
throw (IOException) pae.getException(); |
|
95 |
} |
|
96 |
} |
|
97 |
||
98 |
private void superConnectServer(String host, int port, |
|
99 |
int timeout) throws IOException {
|
|
100 |
super.connect(new InetSocketAddress(host, port), timeout); |
|
101 |
} |
|
102 |
||
103 |
private int readSocksReply(InputStream in, byte[] data) throws IOException {
|
|
104 |
int len = data.length; |
|
105 |
int received = 0; |
|
106 |
for (int attempts = 0; received < len && attempts < 3; attempts++) {
|
|
107 |
int count = in.read(data, received, len - received); |
|
108 |
if (count < 0) |
|
109 |
throw new SocketException("Malformed reply from SOCKS server");
|
|
110 |
received += count; |
|
111 |
} |
|
112 |
return received; |
|
113 |
} |
|
114 |
||
115 |
/** |
|
116 |
* Provides the authentication machanism required by the proxy. |
|
117 |
*/ |
|
118 |
private boolean authenticate(byte method, InputStream in, |
|
119 |
BufferedOutputStream out) throws IOException {
|
|
120 |
byte[] data = null; |
|
121 |
int i; |
|
122 |
// No Authentication required. We're done then! |
|
123 |
if (method == NO_AUTH) |
|
124 |
return true; |
|
125 |
/** |
|
126 |
* User/Password authentication. Try, in that order : |
|
127 |
* - The application provided Authenticator, if any |
|
128 |
* - The user preferences java.net.socks.username & |
|
129 |
* java.net.socks.password |
|
130 |
* - the user.name & no password (backward compatibility behavior). |
|
131 |
*/ |
|
132 |
if (method == USER_PASSW) {
|
|
133 |
String userName; |
|
134 |
String password = null; |
|
135 |
final InetAddress addr = InetAddress.getByName(server); |
|
| 51 | 136 |
PasswordAuthentication pw = |
| 2 | 137 |
java.security.AccessController.doPrivileged( |
| 51 | 138 |
new java.security.PrivilegedAction<PasswordAuthentication>() {
|
139 |
public PasswordAuthentication run() {
|
|
| 2 | 140 |
return Authenticator.requestPasswordAuthentication( |
141 |
server, addr, port, "SOCKS5", "SOCKS authentication", null); |
|
142 |
} |
|
143 |
}); |
|
144 |
if (pw != null) {
|
|
145 |
userName = pw.getUserName(); |
|
146 |
password = new String(pw.getPassword()); |
|
147 |
} else {
|
|
148 |
final Preferences prefs = Preferences.userRoot().node("/java/net/socks");
|
|
149 |
try {
|
|
150 |
userName = AccessController.doPrivileged( |
|
151 |
new java.security.PrivilegedExceptionAction<String>() {
|
|
152 |
public String run() throws IOException {
|
|
153 |
return prefs.get("username", null);
|
|
154 |
} |
|
155 |
}); |
|
156 |
} catch (java.security.PrivilegedActionException pae) {
|
|
157 |
throw (IOException) pae.getException(); |
|
158 |
} |
|
159 |
||
160 |
if (userName != null) {
|
|
161 |
try {
|
|
162 |
password = AccessController.doPrivileged( |
|
163 |
new java.security.PrivilegedExceptionAction<String>() {
|
|
164 |
public String run() throws IOException {
|
|
165 |
return prefs.get("password", null);
|
|
166 |
} |
|
167 |
}); |
|
168 |
} catch (java.security.PrivilegedActionException pae) {
|
|
169 |
throw (IOException) pae.getException(); |
|
170 |
} |
|
171 |
} else {
|
|
|
3450
2f08a8bb9b83
6801071: Remote sites can compromise user privacy and possibly hijack web sessions
chegar
parents:
715
diff
changeset
|
172 |
userName = getUserName(); |
| 2 | 173 |
} |
174 |
} |
|
175 |
if (userName == null) |
|
176 |
return false; |
|
177 |
out.write(1); |
|
178 |
out.write(userName.length()); |
|
179 |
try {
|
|
180 |
out.write(userName.getBytes("ISO-8859-1"));
|
|
181 |
} catch (java.io.UnsupportedEncodingException uee) {
|
|
182 |
assert false; |
|
183 |
} |
|
184 |
if (password != null) {
|
|
185 |
out.write(password.length()); |
|
186 |
try {
|
|
187 |
out.write(password.getBytes("ISO-8859-1"));
|
|
188 |
} catch (java.io.UnsupportedEncodingException uee) {
|
|
189 |
assert false; |
|
190 |
} |
|
191 |
} else |
|
192 |
out.write(0); |
|
193 |
out.flush(); |
|
194 |
data = new byte[2]; |
|
195 |
i = readSocksReply(in, data); |
|
196 |
if (i != 2 || data[1] != 0) {
|
|
197 |
/* RFC 1929 specifies that the connection MUST be closed if |
|
198 |
authentication fails */ |
|
199 |
out.close(); |
|
200 |
in.close(); |
|
201 |
return false; |
|
202 |
} |
|
203 |
/* Authentication succeeded */ |
|
204 |
return true; |
|
205 |
} |
|
206 |
/** |
|
207 |
* GSSAPI authentication mechanism. |
|
208 |
* Unfortunately the RFC seems out of sync with the Reference |
|
209 |
* implementation. I'll leave this in for future completion. |
|
210 |
*/ |
|
211 |
// if (method == GSSAPI) {
|
|
212 |
// try {
|
|
213 |
// GSSManager manager = GSSManager.getInstance(); |
|
214 |
// GSSName name = manager.createName("SERVICE:socks@"+server,
|
|
215 |
// null); |
|
216 |
// GSSContext context = manager.createContext(name, null, null, |
|
217 |
// GSSContext.DEFAULT_LIFETIME); |
|
218 |
// context.requestMutualAuth(true); |
|
219 |
// context.requestReplayDet(true); |
|
220 |
// context.requestSequenceDet(true); |
|
221 |
// context.requestCredDeleg(true); |
|
222 |
// byte []inToken = new byte[0]; |
|
223 |
// while (!context.isEstablished()) {
|
|
224 |
// byte[] outToken |
|
225 |
// = context.initSecContext(inToken, 0, inToken.length); |
|
226 |
// // send the output token if generated |
|
227 |
// if (outToken != null) {
|
|
228 |
// out.write(1); |
|
229 |
// out.write(1); |
|
230 |
// out.writeShort(outToken.length); |
|
231 |
// out.write(outToken); |
|
232 |
// out.flush(); |
|
233 |
// data = new byte[2]; |
|
234 |
// i = readSocksReply(in, data); |
|
235 |
// if (i != 2 || data[1] == 0xff) {
|
|
236 |
// in.close(); |
|
237 |
// out.close(); |
|
238 |
// return false; |
|
239 |
// } |
|
240 |
// i = readSocksReply(in, data); |
|
241 |
// int len = 0; |
|
242 |
// len = ((int)data[0] & 0xff) << 8; |
|
243 |
// len += data[1]; |
|
244 |
// data = new byte[len]; |
|
245 |
// i = readSocksReply(in, data); |
|
246 |
// if (i == len) |
|
247 |
// return true; |
|
248 |
// in.close(); |
|
249 |
// out.close(); |
|
250 |
// } |
|
251 |
// } |
|
252 |
// } catch (GSSException e) {
|
|
253 |
// /* RFC 1961 states that if Context initialisation fails the connection |
|
254 |
// MUST be closed */ |
|
255 |
// e.printStackTrace(); |
|
256 |
// in.close(); |
|
257 |
// out.close(); |
|
258 |
// } |
|
259 |
// } |
|
260 |
return false; |
|
261 |
} |
|
262 |
||
263 |
private void connectV4(InputStream in, OutputStream out, |
|
264 |
InetSocketAddress endpoint) throws IOException {
|
|
265 |
if (!(endpoint.getAddress() instanceof Inet4Address)) {
|
|
266 |
throw new SocketException("SOCKS V4 requires IPv4 only addresses");
|
|
267 |
} |
|
268 |
out.write(PROTO_VERS4); |
|
269 |
out.write(CONNECT); |
|
270 |
out.write((endpoint.getPort() >> 8) & 0xff); |
|
271 |
out.write((endpoint.getPort() >> 0) & 0xff); |
|
272 |
out.write(endpoint.getAddress().getAddress()); |
|
|
3450
2f08a8bb9b83
6801071: Remote sites can compromise user privacy and possibly hijack web sessions
chegar
parents:
715
diff
changeset
|
273 |
String userName = getUserName(); |
| 2 | 274 |
try {
|
275 |
out.write(userName.getBytes("ISO-8859-1"));
|
|
276 |
} catch (java.io.UnsupportedEncodingException uee) {
|
|
277 |
assert false; |
|
278 |
} |
|
279 |
out.write(0); |
|
280 |
out.flush(); |
|
281 |
byte[] data = new byte[8]; |
|
282 |
int n = readSocksReply(in, data); |
|
283 |
if (n != 8) |
|
284 |
throw new SocketException("Reply from SOCKS server has bad length: " + n);
|
|
285 |
if (data[0] != 0 && data[0] != 4) |
|
286 |
throw new SocketException("Reply from SOCKS server has bad version");
|
|
287 |
SocketException ex = null; |
|
288 |
switch (data[1]) {
|
|
289 |
case 90: |
|
290 |
// Success! |
|
291 |
external_address = endpoint; |
|
292 |
break; |
|
293 |
case 91: |
|
294 |
ex = new SocketException("SOCKS request rejected");
|
|
295 |
break; |
|
296 |
case 92: |
|
297 |
ex = new SocketException("SOCKS server couldn't reach destination");
|
|
298 |
break; |
|
299 |
case 93: |
|
300 |
ex = new SocketException("SOCKS authentication failed");
|
|
301 |
break; |
|
302 |
default: |
|
303 |
ex = new SocketException("Reply from SOCKS server contains bad status");
|
|
304 |
break; |
|
305 |
} |
|
306 |
if (ex != null) {
|
|
307 |
in.close(); |
|
308 |
out.close(); |
|
309 |
throw ex; |
|
310 |
} |
|
311 |
} |
|
312 |
||
313 |
/** |
|
314 |
* Connects the Socks Socket to the specified endpoint. It will first |
|
315 |
* connect to the SOCKS proxy and negotiate the access. If the proxy |
|
316 |
* grants the connections, then the connect is successful and all |
|
317 |
* further traffic will go to the "real" endpoint. |
|
318 |
* |
|
319 |
* @param endpoint the <code>SocketAddress</code> to connect to. |
|
320 |
* @param timeout the timeout value in milliseconds |
|
321 |
* @throws IOException if the connection can't be established. |
|
322 |
* @throws SecurityException if there is a security manager and it |
|
323 |
* doesn't allow the connection |
|
324 |
* @throws IllegalArgumentException if endpoint is null or a |
|
325 |
* SocketAddress subclass not supported by this socket |
|
326 |
*/ |
|
327 |
protected void connect(SocketAddress endpoint, int timeout) throws IOException {
|
|
328 |
SecurityManager security = System.getSecurityManager(); |
|
329 |
if (endpoint == null || !(endpoint instanceof InetSocketAddress)) |
|
330 |
throw new IllegalArgumentException("Unsupported address type");
|
|
331 |
InetSocketAddress epoint = (InetSocketAddress) endpoint; |
|
332 |
if (security != null) {
|
|
333 |
if (epoint.isUnresolved()) |
|
334 |
security.checkConnect(epoint.getHostName(), |
|
335 |
epoint.getPort()); |
|
336 |
else |
|
337 |
security.checkConnect(epoint.getAddress().getHostAddress(), |
|
338 |
epoint.getPort()); |
|
339 |
} |
|
340 |
if (server == null) {
|
|
341 |
// This is the general case |
|
342 |
// server is not null only when the socket was created with a |
|
343 |
// specified proxy in which case it does bypass the ProxySelector |
|
| 51 | 344 |
ProxySelector sel = java.security.AccessController.doPrivileged( |
345 |
new java.security.PrivilegedAction<ProxySelector>() {
|
|
346 |
public ProxySelector run() {
|
|
| 2 | 347 |
return ProxySelector.getDefault(); |
348 |
} |
|
349 |
}); |
|
350 |
if (sel == null) {
|
|
351 |
/* |
|
352 |
* No default proxySelector --> direct connection |
|
353 |
*/ |
|
354 |
super.connect(epoint, timeout); |
|
355 |
return; |
|
356 |
} |
|
357 |
URI uri = null; |
|
358 |
// Use getHostString() to avoid reverse lookups |
|
359 |
String host = epoint.getHostString(); |
|
360 |
// IPv6 litteral? |
|
361 |
if (epoint.getAddress() instanceof Inet6Address && |
|
362 |
(!host.startsWith("[")) && (host.indexOf(":") >= 0)) {
|
|
363 |
host = "[" + host + "]"; |
|
364 |
} |
|
365 |
try {
|
|
366 |
uri = new URI("socket://" + ParseUtil.encodePath(host) + ":"+ epoint.getPort());
|
|
367 |
} catch (URISyntaxException e) {
|
|
368 |
// This shouldn't happen |
|
369 |
assert false : e; |
|
370 |
} |
|
371 |
Proxy p = null; |
|
372 |
IOException savedExc = null; |
|
373 |
java.util.Iterator<Proxy> iProxy = null; |
|
374 |
iProxy = sel.select(uri).iterator(); |
|
375 |
if (iProxy == null || !(iProxy.hasNext())) {
|
|
376 |
super.connect(epoint, timeout); |
|
377 |
return; |
|
378 |
} |
|
379 |
while (iProxy.hasNext()) {
|
|
380 |
p = iProxy.next(); |
|
381 |
if (p == null || p == Proxy.NO_PROXY) {
|
|
382 |
super.connect(epoint, timeout); |
|
383 |
return; |
|
384 |
} |
|
385 |
if (p.type() != Proxy.Type.SOCKS) |
|
386 |
throw new SocketException("Unknown proxy type : " + p.type());
|
|
387 |
if (!(p.address() instanceof InetSocketAddress)) |
|
388 |
throw new SocketException("Unknow address type for proxy: " + p);
|
|
389 |
// Use getHostString() to avoid reverse lookups |
|
390 |
server = ((InetSocketAddress) p.address()).getHostString(); |
|
391 |
port = ((InetSocketAddress) p.address()).getPort(); |
|
392 |
||
393 |
// Connects to the SOCKS server |
|
394 |
try {
|
|
395 |
privilegedConnect(server, port, timeout); |
|
396 |
// Worked, let's get outta here |
|
397 |
break; |
|
398 |
} catch (IOException e) {
|
|
399 |
// Ooops, let's notify the ProxySelector |
|
400 |
sel.connectFailed(uri,p.address(),e); |
|
401 |
server = null; |
|
402 |
port = -1; |
|
403 |
savedExc = e; |
|
404 |
// Will continue the while loop and try the next proxy |
|
405 |
} |
|
406 |
} |
|
407 |
||
408 |
/* |
|
409 |
* If server is still null at this point, none of the proxy |
|
410 |
* worked |
|
411 |
*/ |
|
412 |
if (server == null) {
|
|
413 |
throw new SocketException("Can't connect to SOCKS proxy:"
|
|
414 |
+ savedExc.getMessage()); |
|
415 |
} |
|
416 |
} else {
|
|
417 |
// Connects to the SOCKS server |
|
418 |
try {
|
|
419 |
privilegedConnect(server, port, timeout); |
|
420 |
} catch (IOException e) {
|
|
421 |
throw new SocketException(e.getMessage()); |
|
422 |
} |
|
423 |
} |
|
424 |
||
425 |
// cmdIn & cmdOut were intialized during the privilegedConnect() call |
|
426 |
BufferedOutputStream out = new BufferedOutputStream(cmdOut, 512); |
|
427 |
InputStream in = cmdIn; |
|
428 |
||
429 |
if (useV4) {
|
|
430 |
// SOCKS Protocol version 4 doesn't know how to deal with |
|
431 |
// DOMAIN type of addresses (unresolved addresses here) |
|
432 |
if (epoint.isUnresolved()) |
|
433 |
throw new UnknownHostException(epoint.toString()); |
|
434 |
connectV4(in, out, epoint); |
|
435 |
return; |
|
436 |
} |
|
437 |
||
438 |
// This is SOCKS V5 |
|
439 |
out.write(PROTO_VERS); |
|
440 |
out.write(2); |
|
441 |
out.write(NO_AUTH); |
|
442 |
out.write(USER_PASSW); |
|
443 |
out.flush(); |
|
444 |
byte[] data = new byte[2]; |
|
445 |
int i = readSocksReply(in, data); |
|
446 |
if (i != 2 || ((int)data[0]) != PROTO_VERS) {
|
|
447 |
// Maybe it's not a V5 sever after all |
|
448 |
// Let's try V4 before we give up |
|
449 |
// SOCKS Protocol version 4 doesn't know how to deal with |
|
450 |
// DOMAIN type of addresses (unresolved addresses here) |
|
451 |
if (epoint.isUnresolved()) |
|
452 |
throw new UnknownHostException(epoint.toString()); |
|
453 |
connectV4(in, out, epoint); |
|
454 |
return; |
|
455 |
} |
|
456 |
if (((int)data[1]) == NO_METHODS) |
|
457 |
throw new SocketException("SOCKS : No acceptable methods");
|
|
458 |
if (!authenticate(data[1], in, out)) {
|
|
459 |
throw new SocketException("SOCKS : authentication failed");
|
|
460 |
} |
|
461 |
out.write(PROTO_VERS); |
|
462 |
out.write(CONNECT); |
|
463 |
out.write(0); |
|
464 |
/* Test for IPV4/IPV6/Unresolved */ |
|
465 |
if (epoint.isUnresolved()) {
|
|
466 |
out.write(DOMAIN_NAME); |
|
467 |
out.write(epoint.getHostName().length()); |
|
468 |
try {
|
|
469 |
out.write(epoint.getHostName().getBytes("ISO-8859-1"));
|
|
470 |
} catch (java.io.UnsupportedEncodingException uee) {
|
|
471 |
assert false; |
|
472 |
} |
|
473 |
out.write((epoint.getPort() >> 8) & 0xff); |
|
474 |
out.write((epoint.getPort() >> 0) & 0xff); |
|
475 |
} else if (epoint.getAddress() instanceof Inet6Address) {
|
|
476 |
out.write(IPV6); |
|
477 |
out.write(epoint.getAddress().getAddress()); |
|
478 |
out.write((epoint.getPort() >> 8) & 0xff); |
|
479 |
out.write((epoint.getPort() >> 0) & 0xff); |
|
480 |
} else {
|
|
481 |
out.write(IPV4); |
|
482 |
out.write(epoint.getAddress().getAddress()); |
|
483 |
out.write((epoint.getPort() >> 8) & 0xff); |
|
484 |
out.write((epoint.getPort() >> 0) & 0xff); |
|
485 |
} |
|
486 |
out.flush(); |
|
487 |
data = new byte[4]; |
|
488 |
i = readSocksReply(in, data); |
|
489 |
if (i != 4) |
|
490 |
throw new SocketException("Reply from SOCKS server has bad length");
|
|
491 |
SocketException ex = null; |
|
492 |
int nport, len; |
|
493 |
byte[] addr; |
|
494 |
switch (data[1]) {
|
|
495 |
case REQUEST_OK: |
|
496 |
// success! |
|
497 |
switch(data[3]) {
|
|
498 |
case IPV4: |
|
499 |
addr = new byte[4]; |
|
500 |
i = readSocksReply(in, addr); |
|
501 |
if (i != 4) |
|
502 |
throw new SocketException("Reply from SOCKS server badly formatted");
|
|
503 |
data = new byte[2]; |
|
504 |
i = readSocksReply(in, data); |
|
505 |
if (i != 2) |
|
506 |
throw new SocketException("Reply from SOCKS server badly formatted");
|
|
507 |
nport = ((int)data[0] & 0xff) << 8; |
|
508 |
nport += ((int)data[1] & 0xff); |
|
509 |
break; |
|
510 |
case DOMAIN_NAME: |
|
511 |
len = data[1]; |
|
512 |
byte[] host = new byte[len]; |
|
513 |
i = readSocksReply(in, host); |
|
514 |
if (i != len) |
|
515 |
throw new SocketException("Reply from SOCKS server badly formatted");
|
|
516 |
data = new byte[2]; |
|
517 |
i = readSocksReply(in, data); |
|
518 |
if (i != 2) |
|
519 |
throw new SocketException("Reply from SOCKS server badly formatted");
|
|
520 |
nport = ((int)data[0] & 0xff) << 8; |
|
521 |
nport += ((int)data[1] & 0xff); |
|
522 |
break; |
|
523 |
case IPV6: |
|
524 |
len = data[1]; |
|
525 |
addr = new byte[len]; |
|
526 |
i = readSocksReply(in, addr); |
|
527 |
if (i != len) |
|
528 |
throw new SocketException("Reply from SOCKS server badly formatted");
|
|
529 |
data = new byte[2]; |
|
530 |
i = readSocksReply(in, data); |
|
531 |
if (i != 2) |
|
532 |
throw new SocketException("Reply from SOCKS server badly formatted");
|
|
533 |
nport = ((int)data[0] & 0xff) << 8; |
|
534 |
nport += ((int)data[1] & 0xff); |
|
535 |
break; |
|
536 |
default: |
|
537 |
ex = new SocketException("Reply from SOCKS server contains wrong code");
|
|
538 |
break; |
|
539 |
} |
|
540 |
break; |
|
541 |
case GENERAL_FAILURE: |
|
542 |
ex = new SocketException("SOCKS server general failure");
|
|
543 |
break; |
|
544 |
case NOT_ALLOWED: |
|
545 |
ex = new SocketException("SOCKS: Connection not allowed by ruleset");
|
|
546 |
break; |
|
547 |
case NET_UNREACHABLE: |
|
548 |
ex = new SocketException("SOCKS: Network unreachable");
|
|
549 |
break; |
|
550 |
case HOST_UNREACHABLE: |
|
551 |
ex = new SocketException("SOCKS: Host unreachable");
|
|
552 |
break; |
|
553 |
case CONN_REFUSED: |
|
554 |
ex = new SocketException("SOCKS: Connection refused");
|
|
555 |
break; |
|
556 |
case TTL_EXPIRED: |
|
557 |
ex = new SocketException("SOCKS: TTL expired");
|
|
558 |
break; |
|
559 |
case CMD_NOT_SUPPORTED: |
|
560 |
ex = new SocketException("SOCKS: Command not supported");
|
|
561 |
break; |
|
562 |
case ADDR_TYPE_NOT_SUP: |
|
563 |
ex = new SocketException("SOCKS: address type not supported");
|
|
564 |
break; |
|
565 |
} |
|
566 |
if (ex != null) {
|
|
567 |
in.close(); |
|
568 |
out.close(); |
|
569 |
throw ex; |
|
570 |
} |
|
571 |
external_address = epoint; |
|
572 |
} |
|
573 |
||
574 |
private void bindV4(InputStream in, OutputStream out, |
|
575 |
InetAddress baddr, |
|
576 |
int lport) throws IOException {
|
|
577 |
if (!(baddr instanceof Inet4Address)) {
|
|
578 |
throw new SocketException("SOCKS V4 requires IPv4 only addresses");
|
|
579 |
} |
|
580 |
super.bind(baddr, lport); |
|
581 |
byte[] addr1 = baddr.getAddress(); |
|
582 |
/* Test for AnyLocal */ |
|
583 |
InetAddress naddr = baddr; |
|
584 |
if (naddr.isAnyLocalAddress()) {
|
|
585 |
naddr = cmdsock.getLocalAddress(); |
|
586 |
addr1 = naddr.getAddress(); |
|
587 |
} |
|
588 |
out.write(PROTO_VERS4); |
|
589 |
out.write(BIND); |
|
590 |
out.write((super.getLocalPort() >> 8) & 0xff); |
|
591 |
out.write((super.getLocalPort() >> 0) & 0xff); |
|
592 |
out.write(addr1); |
|
|
3450
2f08a8bb9b83
6801071: Remote sites can compromise user privacy and possibly hijack web sessions
chegar
parents:
715
diff
changeset
|
593 |
String userName = getUserName(); |
| 2 | 594 |
try {
|
595 |
out.write(userName.getBytes("ISO-8859-1"));
|
|
596 |
} catch (java.io.UnsupportedEncodingException uee) {
|
|
597 |
assert false; |
|
598 |
} |
|
599 |
out.write(0); |
|
600 |
out.flush(); |
|
601 |
byte[] data = new byte[8]; |
|
602 |
int n = readSocksReply(in, data); |
|
603 |
if (n != 8) |
|
604 |
throw new SocketException("Reply from SOCKS server has bad length: " + n);
|
|
605 |
if (data[0] != 0 && data[0] != 4) |
|
606 |
throw new SocketException("Reply from SOCKS server has bad version");
|
|
607 |
SocketException ex = null; |
|
608 |
switch (data[1]) {
|
|
609 |
case 90: |
|
610 |
// Success! |
|
611 |
external_address = new InetSocketAddress(baddr, lport); |
|
612 |
break; |
|
613 |
case 91: |
|
614 |
ex = new SocketException("SOCKS request rejected");
|
|
615 |
break; |
|
616 |
case 92: |
|
617 |
ex = new SocketException("SOCKS server couldn't reach destination");
|
|
618 |
break; |
|
619 |
case 93: |
|
620 |
ex = new SocketException("SOCKS authentication failed");
|
|
621 |
break; |
|
622 |
default: |
|
623 |
ex = new SocketException("Reply from SOCKS server contains bad status");
|
|
624 |
break; |
|
625 |
} |
|
626 |
if (ex != null) {
|
|
627 |
in.close(); |
|
628 |
out.close(); |
|
629 |
throw ex; |
|
630 |
} |
|
631 |
||
632 |
} |
|
633 |
||
634 |
/** |
|
635 |
* Sends the Bind request to the SOCKS proxy. In the SOCKS protocol, bind |
|
636 |
* means "accept incoming connection from", so the SocketAddress is the |
|
637 |
* the one of the host we do accept connection from. |
|
638 |
* |
|
639 |
* @param addr the Socket address of the remote host. |
|
640 |
* @exception IOException if an I/O error occurs when binding this socket. |
|
641 |
*/ |
|
642 |
protected synchronized void socksBind(InetSocketAddress saddr) throws IOException {
|
|
643 |
if (socket != null) {
|
|
644 |
// this is a client socket, not a server socket, don't |
|
645 |
// call the SOCKS proxy for a bind! |
|
646 |
return; |
|
647 |
} |
|
648 |
||
649 |
// Connects to the SOCKS server |
|
650 |
||
651 |
if (server == null) {
|
|
652 |
// This is the general case |
|
653 |
// server is not null only when the socket was created with a |
|
654 |
// specified proxy in which case it does bypass the ProxySelector |
|
| 51 | 655 |
ProxySelector sel = java.security.AccessController.doPrivileged( |
656 |
new java.security.PrivilegedAction<ProxySelector>() {
|
|
657 |
public ProxySelector run() {
|
|
| 2 | 658 |
return ProxySelector.getDefault(); |
659 |
} |
|
660 |
}); |
|
661 |
if (sel == null) {
|
|
662 |
/* |
|
663 |
* No default proxySelector --> direct connection |
|
664 |
*/ |
|
665 |
return; |
|
666 |
} |
|
667 |
URI uri = null; |
|
668 |
// Use getHostString() to avoid reverse lookups |
|
669 |
String host = saddr.getHostString(); |
|
670 |
// IPv6 litteral? |
|
671 |
if (saddr.getAddress() instanceof Inet6Address && |
|
672 |
(!host.startsWith("[")) && (host.indexOf(":") >= 0)) {
|
|
673 |
host = "[" + host + "]"; |
|
674 |
} |
|
675 |
try {
|
|
676 |
uri = new URI("serversocket://" + ParseUtil.encodePath(host) + ":"+ saddr.getPort());
|
|
677 |
} catch (URISyntaxException e) {
|
|
678 |
// This shouldn't happen |
|
679 |
assert false : e; |
|
680 |
} |
|
681 |
Proxy p = null; |
|
682 |
Exception savedExc = null; |
|
683 |
java.util.Iterator<Proxy> iProxy = null; |
|
684 |
iProxy = sel.select(uri).iterator(); |
|
685 |
if (iProxy == null || !(iProxy.hasNext())) {
|
|
686 |
return; |
|
687 |
} |
|
688 |
while (iProxy.hasNext()) {
|
|
689 |
p = iProxy.next(); |
|
690 |
if (p == null || p == Proxy.NO_PROXY) {
|
|
691 |
return; |
|
692 |
} |
|
693 |
if (p.type() != Proxy.Type.SOCKS) |
|
694 |
throw new SocketException("Unknown proxy type : " + p.type());
|
|
695 |
if (!(p.address() instanceof InetSocketAddress)) |
|
696 |
throw new SocketException("Unknow address type for proxy: " + p);
|
|
697 |
// Use getHostString() to avoid reverse lookups |
|
698 |
server = ((InetSocketAddress) p.address()).getHostString(); |
|
699 |
port = ((InetSocketAddress) p.address()).getPort(); |
|
700 |
||
701 |
// Connects to the SOCKS server |
|
702 |
try {
|
|
| 51 | 703 |
AccessController.doPrivileged( |
704 |
new PrivilegedExceptionAction<Void>() {
|
|
705 |
public Void run() throws Exception {
|
|
| 2 | 706 |
cmdsock = new Socket(new PlainSocketImpl()); |
707 |
cmdsock.connect(new InetSocketAddress(server, port)); |
|
708 |
cmdIn = cmdsock.getInputStream(); |
|
709 |
cmdOut = cmdsock.getOutputStream(); |
|
710 |
return null; |
|
711 |
} |
|
712 |
}); |
|
713 |
} catch (Exception e) {
|
|
714 |
// Ooops, let's notify the ProxySelector |
|
715 |
sel.connectFailed(uri,p.address(),new SocketException(e.getMessage())); |
|
716 |
server = null; |
|
717 |
port = -1; |
|
718 |
cmdsock = null; |
|
719 |
savedExc = e; |
|
720 |
// Will continue the while loop and try the next proxy |
|
721 |
} |
|
722 |
} |
|
723 |
||
724 |
/* |
|
725 |
* If server is still null at this point, none of the proxy |
|
726 |
* worked |
|
727 |
*/ |
|
728 |
if (server == null || cmdsock == null) {
|
|
729 |
throw new SocketException("Can't connect to SOCKS proxy:"
|
|
730 |
+ savedExc.getMessage()); |
|
731 |
} |
|
732 |
} else {
|
|
733 |
try {
|
|
| 51 | 734 |
AccessController.doPrivileged( |
735 |
new PrivilegedExceptionAction<Void>() {
|
|
736 |
public Void run() throws Exception {
|
|
| 2 | 737 |
cmdsock = new Socket(new PlainSocketImpl()); |
738 |
cmdsock.connect(new InetSocketAddress(server, port)); |
|
739 |
cmdIn = cmdsock.getInputStream(); |
|
740 |
cmdOut = cmdsock.getOutputStream(); |
|
741 |
return null; |
|
742 |
} |
|
743 |
}); |
|
744 |
} catch (Exception e) {
|
|
745 |
throw new SocketException(e.getMessage()); |
|
746 |
} |
|
747 |
} |
|
748 |
BufferedOutputStream out = new BufferedOutputStream(cmdOut, 512); |
|
749 |
InputStream in = cmdIn; |
|
750 |
if (useV4) {
|
|
751 |
bindV4(in, out, saddr.getAddress(), saddr.getPort()); |
|
752 |
return; |
|
753 |
} |
|
754 |
out.write(PROTO_VERS); |
|
755 |
out.write(2); |
|
756 |
out.write(NO_AUTH); |
|
757 |
out.write(USER_PASSW); |
|
758 |
out.flush(); |
|
759 |
byte[] data = new byte[2]; |
|
760 |
int i = readSocksReply(in, data); |
|
761 |
if (i != 2 || ((int)data[0]) != PROTO_VERS) {
|
|
762 |
// Maybe it's not a V5 sever after all |
|
763 |
// Let's try V4 before we give up |
|
764 |
bindV4(in, out, saddr.getAddress(), saddr.getPort()); |
|
765 |
return; |
|
766 |
} |
|
767 |
if (((int)data[1]) == NO_METHODS) |
|
768 |
throw new SocketException("SOCKS : No acceptable methods");
|
|
769 |
if (!authenticate(data[1], in, out)) {
|
|
770 |
throw new SocketException("SOCKS : authentication failed");
|
|
771 |
} |
|
772 |
// We're OK. Let's issue the BIND command. |
|
773 |
out.write(PROTO_VERS); |
|
774 |
out.write(BIND); |
|
775 |
out.write(0); |
|
776 |
int lport = saddr.getPort(); |
|
777 |
if (saddr.isUnresolved()) {
|
|
778 |
out.write(DOMAIN_NAME); |
|
779 |
out.write(saddr.getHostName().length()); |
|
780 |
try {
|
|
781 |
out.write(saddr.getHostName().getBytes("ISO-8859-1"));
|
|
782 |
} catch (java.io.UnsupportedEncodingException uee) {
|
|
783 |
assert false; |
|
784 |
} |
|
785 |
out.write((lport >> 8) & 0xff); |
|
786 |
out.write((lport >> 0) & 0xff); |
|
787 |
} else if (saddr.getAddress() instanceof Inet4Address) {
|
|
788 |
byte[] addr1 = saddr.getAddress().getAddress(); |
|
789 |
out.write(IPV4); |
|
790 |
out.write(addr1); |
|
791 |
out.write((lport >> 8) & 0xff); |
|
792 |
out.write((lport >> 0) & 0xff); |
|
793 |
out.flush(); |
|
794 |
} else if (saddr.getAddress() instanceof Inet6Address) {
|
|
795 |
byte[] addr1 = saddr.getAddress().getAddress(); |
|
796 |
out.write(IPV6); |
|
797 |
out.write(addr1); |
|
798 |
out.write((lport >> 8) & 0xff); |
|
799 |
out.write((lport >> 0) & 0xff); |
|
800 |
out.flush(); |
|
801 |
} else {
|
|
802 |
cmdsock.close(); |
|
803 |
throw new SocketException("unsupported address type : " + saddr);
|
|
804 |
} |
|
805 |
data = new byte[4]; |
|
806 |
i = readSocksReply(in, data); |
|
807 |
SocketException ex = null; |
|
808 |
int len, nport; |
|
809 |
byte[] addr; |
|
810 |
switch (data[1]) {
|
|
811 |
case REQUEST_OK: |
|
812 |
// success! |
|
813 |
InetSocketAddress real_end = null; |
|
814 |
switch(data[3]) {
|
|
815 |
case IPV4: |
|
816 |
addr = new byte[4]; |
|
817 |
i = readSocksReply(in, addr); |
|
818 |
if (i != 4) |
|
819 |
throw new SocketException("Reply from SOCKS server badly formatted");
|
|
820 |
data = new byte[2]; |
|
821 |
i = readSocksReply(in, data); |
|
822 |
if (i != 2) |
|
823 |
throw new SocketException("Reply from SOCKS server badly formatted");
|
|
824 |
nport = ((int)data[0] & 0xff) << 8; |
|
825 |
nport += ((int)data[1] & 0xff); |
|
826 |
external_address = |
|
827 |
new InetSocketAddress(new Inet4Address("", addr) , nport);
|
|
828 |
break; |
|
829 |
case DOMAIN_NAME: |
|
830 |
len = data[1]; |
|
831 |
byte[] host = new byte[len]; |
|
832 |
i = readSocksReply(in, host); |
|
833 |
if (i != len) |
|
834 |
throw new SocketException("Reply from SOCKS server badly formatted");
|
|
835 |
data = new byte[2]; |
|
836 |
i = readSocksReply(in, data); |
|
837 |
if (i != 2) |
|
838 |
throw new SocketException("Reply from SOCKS server badly formatted");
|
|
839 |
nport = ((int)data[0] & 0xff) << 8; |
|
840 |
nport += ((int)data[1] & 0xff); |
|
841 |
external_address = new InetSocketAddress(new String(host), nport); |
|
842 |
break; |
|
843 |
case IPV6: |
|
844 |
len = data[1]; |
|
845 |
addr = new byte[len]; |
|
846 |
i = readSocksReply(in, addr); |
|
847 |
if (i != len) |
|
848 |
throw new SocketException("Reply from SOCKS server badly formatted");
|
|
849 |
data = new byte[2]; |
|
850 |
i = readSocksReply(in, data); |
|
851 |
if (i != 2) |
|
852 |
throw new SocketException("Reply from SOCKS server badly formatted");
|
|
853 |
nport = ((int)data[0] & 0xff) << 8; |
|
854 |
nport += ((int)data[1] & 0xff); |
|
855 |
external_address = |
|
856 |
new InetSocketAddress(new Inet6Address("", addr), nport);
|
|
857 |
break; |
|
858 |
} |
|
859 |
break; |
|
860 |
case GENERAL_FAILURE: |
|
861 |
ex = new SocketException("SOCKS server general failure");
|
|
862 |
break; |
|
863 |
case NOT_ALLOWED: |
|
864 |
ex = new SocketException("SOCKS: Bind not allowed by ruleset");
|
|
865 |
break; |
|
866 |
case NET_UNREACHABLE: |
|
867 |
ex = new SocketException("SOCKS: Network unreachable");
|
|
868 |
break; |
|
869 |
case HOST_UNREACHABLE: |
|
870 |
ex = new SocketException("SOCKS: Host unreachable");
|
|
871 |
break; |
|
872 |
case CONN_REFUSED: |
|
873 |
ex = new SocketException("SOCKS: Connection refused");
|
|
874 |
break; |
|
875 |
case TTL_EXPIRED: |
|
876 |
ex = new SocketException("SOCKS: TTL expired");
|
|
877 |
break; |
|
878 |
case CMD_NOT_SUPPORTED: |
|
879 |
ex = new SocketException("SOCKS: Command not supported");
|
|
880 |
break; |
|
881 |
case ADDR_TYPE_NOT_SUP: |
|
882 |
ex = new SocketException("SOCKS: address type not supported");
|
|
883 |
break; |
|
884 |
} |
|
885 |
if (ex != null) {
|
|
886 |
in.close(); |
|
887 |
out.close(); |
|
888 |
cmdsock.close(); |
|
889 |
cmdsock = null; |
|
890 |
throw ex; |
|
891 |
} |
|
892 |
cmdIn = in; |
|
893 |
cmdOut = out; |
|
894 |
} |
|
895 |
||
896 |
/** |
|
897 |
* Accepts a connection from a specific host. |
|
898 |
* |
|
899 |
* @param s the accepted connection. |
|
900 |
* @param saddr the socket address of the host we do accept |
|
901 |
* connection from |
|
902 |
* @exception IOException if an I/O error occurs when accepting the |
|
903 |
* connection. |
|
904 |
*/ |
|
905 |
protected void acceptFrom(SocketImpl s, InetSocketAddress saddr) throws IOException {
|
|
906 |
if (cmdsock == null) {
|
|
907 |
// Not a Socks ServerSocket. |
|
908 |
return; |
|
909 |
} |
|
910 |
InputStream in = cmdIn; |
|
911 |
// Sends the "SOCKS BIND" request. |
|
912 |
socksBind(saddr); |
|
913 |
in.read(); |
|
914 |
int i = in.read(); |
|
915 |
in.read(); |
|
916 |
SocketException ex = null; |
|
917 |
int nport; |
|
918 |
byte[] addr; |
|
919 |
InetSocketAddress real_end = null; |
|
920 |
switch (i) {
|
|
921 |
case REQUEST_OK: |
|
922 |
// success! |
|
923 |
i = in.read(); |
|
924 |
switch(i) {
|
|
925 |
case IPV4: |
|
926 |
addr = new byte[4]; |
|
927 |
readSocksReply(in, addr); |
|
928 |
nport = in.read() << 8; |
|
929 |
nport += in.read(); |
|
930 |
real_end = |
|
931 |
new InetSocketAddress(new Inet4Address("", addr) , nport);
|
|
932 |
break; |
|
933 |
case DOMAIN_NAME: |
|
934 |
int len = in.read(); |
|
935 |
addr = new byte[len]; |
|
936 |
readSocksReply(in, addr); |
|
937 |
nport = in.read() << 8; |
|
938 |
nport += in.read(); |
|
939 |
real_end = new InetSocketAddress(new String(addr), nport); |
|
940 |
break; |
|
941 |
case IPV6: |
|
942 |
addr = new byte[16]; |
|
943 |
readSocksReply(in, addr); |
|
944 |
nport = in.read() << 8; |
|
945 |
nport += in.read(); |
|
946 |
real_end = |
|
947 |
new InetSocketAddress(new Inet6Address("", addr), nport);
|
|
948 |
break; |
|
949 |
} |
|
950 |
break; |
|
951 |
case GENERAL_FAILURE: |
|
952 |
ex = new SocketException("SOCKS server general failure");
|
|
953 |
break; |
|
954 |
case NOT_ALLOWED: |
|
955 |
ex = new SocketException("SOCKS: Accept not allowed by ruleset");
|
|
956 |
break; |
|
957 |
case NET_UNREACHABLE: |
|
958 |
ex = new SocketException("SOCKS: Network unreachable");
|
|
959 |
break; |
|
960 |
case HOST_UNREACHABLE: |
|
961 |
ex = new SocketException("SOCKS: Host unreachable");
|
|
962 |
break; |
|
963 |
case CONN_REFUSED: |
|
964 |
ex = new SocketException("SOCKS: Connection refused");
|
|
965 |
break; |
|
966 |
case TTL_EXPIRED: |
|
967 |
ex = new SocketException("SOCKS: TTL expired");
|
|
968 |
break; |
|
969 |
case CMD_NOT_SUPPORTED: |
|
970 |
ex = new SocketException("SOCKS: Command not supported");
|
|
971 |
break; |
|
972 |
case ADDR_TYPE_NOT_SUP: |
|
973 |
ex = new SocketException("SOCKS: address type not supported");
|
|
974 |
break; |
|
975 |
} |
|
976 |
if (ex != null) {
|
|
977 |
cmdIn.close(); |
|
978 |
cmdOut.close(); |
|
979 |
cmdsock.close(); |
|
980 |
cmdsock = null; |
|
981 |
throw ex; |
|
982 |
} |
|
983 |
||
984 |
/** |
|
985 |
* This is where we have to do some fancy stuff. |
|
986 |
* The datastream from the socket "accepted" by the proxy will |
|
987 |
* come through the cmdSocket. So we have to swap the socketImpls |
|
988 |
*/ |
|
989 |
if (s instanceof SocksSocketImpl) {
|
|
990 |
((SocksSocketImpl)s).external_address = real_end; |
|
991 |
} |
|
992 |
if (s instanceof PlainSocketImpl) {
|
|
993 |
PlainSocketImpl psi = (PlainSocketImpl) s; |
|
994 |
psi.setInputStream((SocketInputStream) in); |
|
995 |
psi.setFileDescriptor(cmdsock.getImpl().getFileDescriptor()); |
|
996 |
psi.setAddress(cmdsock.getImpl().getInetAddress()); |
|
997 |
psi.setPort(cmdsock.getImpl().getPort()); |
|
998 |
psi.setLocalPort(cmdsock.getImpl().getLocalPort()); |
|
999 |
} else {
|
|
1000 |
s.fd = cmdsock.getImpl().fd; |
|
1001 |
s.address = cmdsock.getImpl().address; |
|
1002 |
s.port = cmdsock.getImpl().port; |
|
1003 |
s.localport = cmdsock.getImpl().localport; |
|
1004 |
} |
|
1005 |
||
1006 |
// Need to do that so that the socket won't be closed |
|
1007 |
// when the ServerSocket is closed by the user. |
|
1008 |
// It kinds of detaches the Socket because it is now |
|
1009 |
// used elsewhere. |
|
1010 |
cmdsock = null; |
|
1011 |
} |
|
1012 |
||
1013 |
||
1014 |
/** |
|
1015 |
* Returns the value of this socket's <code>address</code> field. |
|
1016 |
* |
|
1017 |
* @return the value of this socket's <code>address</code> field. |
|
1018 |
* @see java.net.SocketImpl#address |
|
1019 |
*/ |
|
1020 |
protected InetAddress getInetAddress() {
|
|
1021 |
if (external_address != null) |
|
1022 |
return external_address.getAddress(); |
|
1023 |
else |
|
1024 |
return super.getInetAddress(); |
|
1025 |
} |
|
1026 |
||
1027 |
/** |
|
1028 |
* Returns the value of this socket's <code>port</code> field. |
|
1029 |
* |
|
1030 |
* @return the value of this socket's <code>port</code> field. |
|
1031 |
* @see java.net.SocketImpl#port |
|
1032 |
*/ |
|
1033 |
protected int getPort() {
|
|
1034 |
if (external_address != null) |
|
1035 |
return external_address.getPort(); |
|
1036 |
else |
|
1037 |
return super.getPort(); |
|
1038 |
} |
|
1039 |
||
1040 |
protected int getLocalPort() {
|
|
1041 |
if (socket != null) |
|
1042 |
return super.getLocalPort(); |
|
1043 |
if (external_address != null) |
|
1044 |
return external_address.getPort(); |
|
1045 |
else |
|
1046 |
return super.getLocalPort(); |
|
1047 |
} |
|
1048 |
||
1049 |
protected void close() throws IOException {
|
|
1050 |
if (cmdsock != null) |
|
1051 |
cmdsock.close(); |
|
1052 |
cmdsock = null; |
|
1053 |
super.close(); |
|
1054 |
} |
|
1055 |
||
|
3450
2f08a8bb9b83
6801071: Remote sites can compromise user privacy and possibly hijack web sessions
chegar
parents:
715
diff
changeset
|
1056 |
private String getUserName() {
|
|
2f08a8bb9b83
6801071: Remote sites can compromise user privacy and possibly hijack web sessions
chegar
parents:
715
diff
changeset
|
1057 |
String userName = ""; |
|
2f08a8bb9b83
6801071: Remote sites can compromise user privacy and possibly hijack web sessions
chegar
parents:
715
diff
changeset
|
1058 |
if (applicationSetProxy) {
|
|
2f08a8bb9b83
6801071: Remote sites can compromise user privacy and possibly hijack web sessions
chegar
parents:
715
diff
changeset
|
1059 |
try {
|
|
2f08a8bb9b83
6801071: Remote sites can compromise user privacy and possibly hijack web sessions
chegar
parents:
715
diff
changeset
|
1060 |
userName = System.getProperty("user.name");
|
|
2f08a8bb9b83
6801071: Remote sites can compromise user privacy and possibly hijack web sessions
chegar
parents:
715
diff
changeset
|
1061 |
} catch (SecurityException se) { /* swallow Exception */ }
|
|
2f08a8bb9b83
6801071: Remote sites can compromise user privacy and possibly hijack web sessions
chegar
parents:
715
diff
changeset
|
1062 |
} else {
|
|
2f08a8bb9b83
6801071: Remote sites can compromise user privacy and possibly hijack web sessions
chegar
parents:
715
diff
changeset
|
1063 |
userName = java.security.AccessController.doPrivileged( |
|
2f08a8bb9b83
6801071: Remote sites can compromise user privacy and possibly hijack web sessions
chegar
parents:
715
diff
changeset
|
1064 |
new sun.security.action.GetPropertyAction("user.name"));
|
|
2f08a8bb9b83
6801071: Remote sites can compromise user privacy and possibly hijack web sessions
chegar
parents:
715
diff
changeset
|
1065 |
} |
|
2f08a8bb9b83
6801071: Remote sites can compromise user privacy and possibly hijack web sessions
chegar
parents:
715
diff
changeset
|
1066 |
return userName; |
|
2f08a8bb9b83
6801071: Remote sites can compromise user privacy and possibly hijack web sessions
chegar
parents:
715
diff
changeset
|
1067 |
} |
| 2 | 1068 |
} |