Monitoring JavaMelody sur /demo

1 /*

2  * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.

3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4  *

5  * This code is free software; you can redistribute it and/or modify it

6  * under the terms of the GNU General Public License version 2 only, as

7  * published by the Free Software Foundation.  Oracle designates this

8  * particular file as subject to the "Classpath" exception as provided

9  * by Oracle in the LICENSE file that accompanied this code.

10  *

11  * This code is distributed in the hope that it will be useful, but WITHOUT

12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

14  * version 2 for more details (a copy is included in the LICENSE file that

15  * accompanied this code).

16  *

17  * You should have received a copy of the GNU General Public License version

18  * 2 along with this work; if not, write to the Free Software Foundation,

19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

20  *

21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

22  * or visit www.oracle.com if you need additional information or have any

23  * questions.

24  */

25 package java.net;

26 import java.io.IOException;

27 import java.io.InputStream;

28 import java.io.OutputStream;

29 import java.io.BufferedOutputStream;

30 import java.security.AccessController;

31 import java.security.PrivilegedAction;

32 import java.security.PrivilegedExceptionAction;

33 

34 import jdk.internal.util.StaticProperty;

35 import sun.net.SocksProxy;

36 import sun.net.spi.DefaultProxySelector;

37 import sun.net.www.ParseUtil;

38 /* import org.ietf.jgss.*; */

39 

40 /**

41  * SOCKS (V4 & V5) TCP socket implementation (RFC 1928).

42  * This is a subclass of PlainSocketImpl.

43  * Note this class should <b>NOT</b> be public.

44  */

45 

46 class SocksSocketImpl extends PlainSocketImpl implements SocksConsts {

47     private String server = null;

48     private int serverPort = DEFAULT_PORT;

49     private InetSocketAddress external_address;

50     private boolean useV4 = false;

51     private Socket cmdsock = null;

52     private InputStream cmdIn = null;

53     private OutputStream cmdOut = null;

54     /* true if the Proxy has been set programatically */

55     private boolean applicationSetProxy;  /* false */

56 

57 

58     SocksSocketImpl() {

59         // Nothing needed

60     }

61 

62     SocksSocketImpl(String server, int port) {

63         this.server = server;

64         this.serverPort = (port == -1 ? DEFAULT_PORT : port);

65     }

66 

67     SocksSocketImpl(Proxy proxy) {

68         SocketAddress a = proxy.address();

69         if (a instanceof InetSocketAddress) {

70             InetSocketAddress ad = (InetSocketAddress) a;

71             // Use getHostString() to avoid reverse lookups

72             server = ad.getHostString();

73             serverPort = ad.getPort();

74         }

75         useV4 = useV4(proxy);

76     }

77 

78     void setV4() {

79         useV4 = true;

80     }

81 

82     private static boolean useV4(Proxy proxy) {

83         if (proxy instanceof SocksProxy

84             && ((SocksProxy)proxy).protocolVersion() == 4) {

85             return true;

86         }

87         return DefaultProxySelector.socksProxyVersion() == 4;

88     }

89 

90     private synchronized void privilegedConnect(final String host,

91                                               final int port,

92                                               final int timeout)

93          throws IOException

94     {

95         try {

96             AccessController.doPrivileged(

97                 new java.security.PrivilegedExceptionAction<>() {

98                     public Void run() throws IOException {

99                               superConnectServer(host, port, timeout);

100                               cmdIn = getInputStream();

101                               cmdOut = getOutputStream();

102                               return null;

103                           }

104                       });

105         } catch (java.security.PrivilegedActionException pae) {

106             throw (IOException) pae.getException();

107         }

108     }

109 

110     private void superConnectServer(String host, int port,

111                                     int timeout) throws IOException {

112         super.connect(new InetSocketAddress(host, port), timeout);

113     }

114 

115     private static int remainingMillis(long deadlineMillis) throws IOException {

116         if (deadlineMillis == 0L)

117             return 0;

118 

119         final long remaining = deadlineMillis - System.currentTimeMillis();

120         if (remaining > 0)

121             return (int) remaining;

122 

123         throw new SocketTimeoutException();

124     }

125 

126     private int readSocksReply(InputStream in, byte[] data) throws IOException {

127         return readSocksReply(in, data, 0L);

128     }

129 

130     private int readSocksReply(InputStream in, byte[] data, long deadlineMillis) throws IOException {

131         int len = data.length;

132         int received = 0;

133         while (received < len) {

134             int count;

135             try {

136                 count = ((SocketInputStream)in).read(data, received, len - received, remainingMillis(deadlineMillis));

137             } catch (SocketTimeoutException e) {

138                 throw new SocketTimeoutException("Connect timed out");

139             }

140             if (count < 0)

141                 throw new SocketException("Malformed reply from SOCKS server");

142             received += count;

143         }

144         return received;

145     }

146 

147     /**

148      * Provides the authentication machanism required by the proxy.

149      */

150     private boolean authenticate(byte method, InputStream in,

151                                  BufferedOutputStream out) throws IOException {

152         return authenticate(method, in, out, 0L);

153     }

154 

155     private boolean authenticate(byte method, InputStream in,

156                                  BufferedOutputStream out,

157                                  long deadlineMillis) throws IOException {

158         // No Authentication required. We're done then!

159         if (method == NO_AUTH)

160             return true;

161         /**

162          * User/Password authentication. Try, in that order :

163          * - The application provided Authenticator, if any

164          * - the user.name & no password (backward compatibility behavior).

165          */

166         if (method == USER_PASSW) {

167             String userName;

168             String password = null;

169             final InetAddress addr = InetAddress.getByName(server);

170             PasswordAuthentication pw =

171                 java.security.AccessController.doPrivileged(

172                     new java.security.PrivilegedAction<>() {

173                         public PasswordAuthentication run() {

174                                 return Authenticator.requestPasswordAuthentication(

175                                        server, addr, serverPort, "SOCKS5", "SOCKS authentication", null);

176                             }

177                         });

178             if (pw != null) {

179                 userName = pw.getUserName();

180                 password = new String(pw.getPassword());

181             } else {

182                 userName = StaticProperty.userName();

183             }

184             if (userName == null)

185                 return false;

186             out.write(1);

187             out.write(userName.length());

188             try {

189                 out.write(userName.getBytes("ISO-8859-1"));

190             } catch (java.io.UnsupportedEncodingException uee) {

191                 assert false;

192             }

193             if (password != null) {

194                 out.write(password.length());

195                 try {

196                     out.write(password.getBytes("ISO-8859-1"));

197                 } catch (java.io.UnsupportedEncodingException uee) {

198                     assert false;

199                 }

200             } else

201                 out.write(0);

202             out.flush();

203             byte[] data = new byte[2];

204             int i = readSocksReply(in, data, deadlineMillis);

205             if (i != 2 || data[1] != 0) {

206                 /* RFC 1929 specifies that the connection MUST be closed if

207                    authentication fails */

208                 out.close();

209                 in.close();

210                 return false;

211             }

212             /* Authentication succeeded */

213             return true;

214         }

215         /**

216          * GSSAPI authentication mechanism.

217          * Unfortunately the RFC seems out of sync with the Reference

218          * implementation. I'll leave this in for future completion.

219          */

220 //      if (method == GSSAPI) {

221 //          try {

222 //              GSSManager manager = GSSManager.getInstance();

223 //              GSSName name = manager.createName("SERVICE:socks@"+server,

224 //                                                   null);

225 //              GSSContext context = manager.createContext(name, null, null,

226 //                                                         GSSContext.DEFAULT_LIFETIME);

227 //              context.requestMutualAuth(true);

228 //              context.requestReplayDet(true);

229 //              context.requestSequenceDet(true);

230 //              context.requestCredDeleg(true);

231 //              byte []inToken = new byte[0];

232 //              while (!context.isEstablished()) {

233 //                  byte[] outToken

234 //                      = context.initSecContext(inToken, 0, inToken.length);

235 //                  // send the output token if generated

236 //                  if (outToken != null) {

237 //                      out.write(1);

238 //                      out.write(1);

239 //                      out.writeShort(outToken.length);

240 //                      out.write(outToken);

241 //                      out.flush();

242 //                      data = new byte[2];

243 //                      i = readSocksReply(in, data, deadlineMillis);

244 //                      if (i != 2 || data[1] == 0xff) {

245 //                          in.close();

246 //                          out.close();

247 //                          return false;

248 //                      }

249 //                      i = readSocksReply(in, data, deadlineMillis);

250 //                      int len = 0;

251 //                      len = ((int)data[0] & 0xff) << 8;

252 //                      len += data[1];

253 //                      data = new byte[len];

254 //                      i = readSocksReply(in, data, deadlineMillis);

255 //                      if (i == len)

256 //                          return true;

257 //                      in.close();

258 //                      out.close();

259 //                  }

260 //              }

261 //          } catch (GSSException e) {

262 //              /* RFC 1961 states that if Context initialisation fails the connection

263 //                 MUST be closed */

264 //              e.printStackTrace();

265 //              in.close();

266 //              out.close();

267 //          }

268 //      }

269         return false;

270     }

271 

272     private void connectV4(InputStream in, OutputStream out,

273                            InetSocketAddress endpoint,

274                            long deadlineMillis) throws IOException {

275         if (!(endpoint.getAddress() instanceof Inet4Address)) {

276             throw new SocketException("SOCKS V4 requires IPv4 only addresses");

277         }

278         out.write(PROTO_VERS4);

279         out.write(CONNECT);

280         out.write((endpoint.getPort() >> 8) & 0xff);

281         out.write((endpoint.getPort() >> 0) & 0xff);

282         out.write(endpoint.getAddress().getAddress());

283         String userName = getUserName();

284         try {

285             out.write(userName.getBytes("ISO-8859-1"));

286         } catch (java.io.UnsupportedEncodingException uee) {

287             assert false;

288         }

289         out.write(0);

290         out.flush();

291         byte[] data = new byte[8];

292         int n = readSocksReply(in, data, deadlineMillis);

293         if (n != 8)

294             throw new SocketException("Reply from SOCKS server has bad length: " + n);

295         if (data[0] != 0 && data[0] != 4)

296             throw new SocketException("Reply from SOCKS server has bad version");

297         SocketException ex = null;

298         switch (data[1]) {

299         case 90:

300             // Success!

301             external_address = endpoint;

302             break;

303         case 91:

304             ex = new SocketException("SOCKS request rejected");

305             break;

306         case 92:

307             ex = new SocketException("SOCKS server couldn't reach destination");

308             break;

309         case 93:

310             ex = new SocketException("SOCKS authentication failed");

311             break;

312         default:

313             ex = new SocketException("Reply from SOCKS server contains bad status");

314             break;

315         }

316         if (ex != null) {

317             in.close();

318             out.close();

319             throw ex;

320         }

321     }

322 

323     /**

324      * Connects the Socks Socket to the specified endpoint. It will first

325      * connect to the SOCKS proxy and negotiate the access. If the proxy

326      * grants the connections, then the connect is successful and all

327      * further traffic will go to the "real" endpoint.

328      *

329      * @param   endpoint        the {@code SocketAddress} to connect to.

330      * @param   timeout         the timeout value in milliseconds

331      * @throws  IOException     if the connection can't be established.

332      * @throws  SecurityException if there is a security manager and it

333      *                          doesn't allow the connection

334      * @throws  IllegalArgumentException if endpoint is null or a

335      *          SocketAddress subclass not supported by this socket

336      */

337     @Override

338     protected void connect(SocketAddress endpoint, int timeout) throws IOException {

339         final long deadlineMillis;

340 

341         if (timeout == 0) {

342             deadlineMillis = 0L;

343         } else {

344             long finish = System.currentTimeMillis() + timeout;

345             deadlineMillis = finish < 0 ? Long.MAX_VALUE : finish;

346         }

347 

348         SecurityManager security = System.getSecurityManager();

349         if (endpoint == null || !(endpoint instanceof InetSocketAddress))

350             throw new IllegalArgumentException("Unsupported address type");

351         InetSocketAddress epoint = (InetSocketAddress) endpoint;

352         if (security != null) {

353             if (epoint.isUnresolved())

354                 security.checkConnect(epoint.getHostName(),

355                                       epoint.getPort());

356             else

357                 security.checkConnect(epoint.getAddress().getHostAddress(),

358                                       epoint.getPort());

359         }

360         if (server == null) {

361             // This is the general case

362             // server is not null only when the socket was created with a

363             // specified proxy in which case it does bypass the ProxySelector

364             ProxySelector sel = java.security.AccessController.doPrivileged(

365                 new java.security.PrivilegedAction<>() {

366                     public ProxySelector run() {

367                             return ProxySelector.getDefault();

368                         }

369                     });

370             if (sel == null) {

371                 /*

372                  * No default proxySelector --> direct connection

373                  */

374                 super.connect(epoint, remainingMillis(deadlineMillis));

375                 return;

376             }

377             URI uri;

378             // Use getHostString() to avoid reverse lookups

379             String host = epoint.getHostString();

380             // IPv6 litteral?

381             if (epoint.getAddress() instanceof Inet6Address &&

382                 (!host.startsWith("[")) && (host.indexOf(':') >= 0)) {

383                 host = "[" + host + "]";

384             }

385             try {

386                 uri = new URI("socket://" + ParseUtil.encodePath(host) + ":"+ epoint.getPort());

387             } catch (URISyntaxException e) {

388                 // This shouldn't happen

389                 assert false : e;

390                 uri = null;

391             }

392             Proxy p = null;

393             IOException savedExc = null;

394             java.util.Iterator<Proxy> iProxy = null;

395             iProxy = sel.select(uri).iterator();

396             if (iProxy == null || !(iProxy.hasNext())) {

397                 super.connect(epoint, remainingMillis(deadlineMillis));

398                 return;

399             }

400             while (iProxy.hasNext()) {

401                 p = iProxy.next();

402                 if (p == null || p.type() != Proxy.Type.SOCKS) {

403                     super.connect(epoint, remainingMillis(deadlineMillis));

404                     return;

405                 }

406 

407                 if (!(p.address() instanceof InetSocketAddress))

408                     throw new SocketException("Unknown address type for proxy: " + p);

409                 // Use getHostString() to avoid reverse lookups

410                 server = ((InetSocketAddress) p.address()).getHostString();

411                 serverPort = ((InetSocketAddress) p.address()).getPort();

412                 useV4 = useV4(p);

413 

414                 // Connects to the SOCKS server

415                 try {

416                     privilegedConnect(server, serverPort, remainingMillis(deadlineMillis));

417                     // Worked, let's get outta here

418                     break;

419                 } catch (IOException e) {

420                     // Ooops, let's notify the ProxySelector

421                     sel.connectFailed(uri,p.address(),e);

422                     server = null;

423                     serverPort = -1;

424                     savedExc = e;

425                     // Will continue the while loop and try the next proxy

426                 }

427             }

428 

429             /*

430              * If server is still null at this point, none of the proxy

431              * worked

432              */

433             if (server == null) {

434                 throw new SocketException("Can't connect to SOCKS proxy:"

435                                           + savedExc.getMessage());

436             }

437         } else {

438             // Connects to the SOCKS server

439             try {

440                 privilegedConnect(server, serverPort, remainingMillis(deadlineMillis));

441             } catch (IOException e) {

442                 throw new SocketException(e.getMessage());

443             }

444         }

445 

446         // cmdIn & cmdOut were initialized during the privilegedConnect() call

447         BufferedOutputStream out = new BufferedOutputStream(cmdOut, 512);

448         InputStream in = cmdIn;

449 

450         if (useV4) {

451             // SOCKS Protocol version 4 doesn't know how to deal with

452             // DOMAIN type of addresses (unresolved addresses here)

453             if (epoint.isUnresolved())

454                 throw new UnknownHostException(epoint.toString());

455             connectV4(in, out, epoint, deadlineMillis);

456             return;

457         }

458 

459         // This is SOCKS V5

460         out.write(PROTO_VERS);

461         out.write(2);

462         out.write(NO_AUTH);

463         out.write(USER_PASSW);

464         out.flush();

465         byte[] data = new byte[2];

466         int i = readSocksReply(in, data, deadlineMillis);

467         if (i != 2 || ((int)data[0]) != PROTO_VERS) {

468             // Maybe it's not a V5 sever after all

469             // Let's try V4 before we give up

470             // SOCKS Protocol version 4 doesn't know how to deal with

471             // DOMAIN type of addresses (unresolved addresses here)

472             if (epoint.isUnresolved())

473                 throw new UnknownHostException(epoint.toString());

474             connectV4(in, out, epoint, deadlineMillis);

475             return;

476         }

477         if (((int)data[1]) == NO_METHODS)

478             throw new SocketException("SOCKS : No acceptable methods");

479         if (!authenticate(data[1], in, out, deadlineMillis)) {

480             throw new SocketException("SOCKS : authentication failed");

481         }

482         out.write(PROTO_VERS);

483         out.write(CONNECT);

484         out.write(0);

485         /* Test for IPV4/IPV6/Unresolved */

486         if (epoint.isUnresolved()) {

487             out.write(DOMAIN_NAME);

488             out.write(epoint.getHostName().length());

489             try {

490                 out.write(epoint.getHostName().getBytes("ISO-8859-1"));

491             } catch (java.io.UnsupportedEncodingException uee) {

492                 assert false;

493             }

494             out.write((epoint.getPort() >> 8) & 0xff);

495             out.write((epoint.getPort() >> 0) & 0xff);

496         } else if (epoint.getAddress() instanceof Inet6Address) {

497             out.write(IPV6);

498             out.write(epoint.getAddress().getAddress());

499             out.write((epoint.getPort() >> 8) & 0xff);

500             out.write((epoint.getPort() >> 0) & 0xff);

501         } else {

502             out.write(IPV4);

503             out.write(epoint.getAddress().getAddress());

504             out.write((epoint.getPort() >> 8) & 0xff);

505             out.write((epoint.getPort() >> 0) & 0xff);

506         }

507         out.flush();

508         data = new byte[4];

509         i = readSocksReply(in, data, deadlineMillis);

510         if (i != 4)

511             throw new SocketException("Reply from SOCKS server has bad length");

512         SocketException ex = null;

513         int len;

514         byte[] addr;

515         switch (data[1]) {

516         case REQUEST_OK:

517             // success!

518             switch(data[3]) {

519             case IPV4:

520                 addr = new byte[4];

521                 i = readSocksReply(in, addr, deadlineMillis);

522                 if (i != 4)

523                     throw new SocketException("Reply from SOCKS server badly formatted");

524                 data = new byte[2];

525                 i = readSocksReply(in, data, deadlineMillis);

526                 if (i != 2)

527                     throw new SocketException("Reply from SOCKS server badly formatted");

528                 break;

529             case DOMAIN_NAME:

530                 byte[] lenByte = new byte[1];

531                 i = readSocksReply(in, lenByte, deadlineMillis);

532                 if (i != 1)

533                     throw new SocketException("Reply from SOCKS server badly formatted");

534                 len = lenByte[0] & 0xFF;

535                 byte[] host = new byte[len];

536                 i = readSocksReply(in, host, deadlineMillis);

537                 if (i != len)

538                     throw new SocketException("Reply from SOCKS server badly formatted");

539                 data = new byte[2];

540                 i = readSocksReply(in, data, deadlineMillis);

541                 if (i != 2)

542                     throw new SocketException("Reply from SOCKS server badly formatted");

543                 break;

544             case IPV6:

545                 len = 16;

546                 addr = new byte[len];

547                 i = readSocksReply(in, addr, deadlineMillis);

548                 if (i != len)

549                     throw new SocketException("Reply from SOCKS server badly formatted");

550                 data = new byte[2];

551                 i = readSocksReply(in, data, deadlineMillis);

552                 if (i != 2)

553                     throw new SocketException("Reply from SOCKS server badly formatted");

554                 break;

555             default:

556                 ex = new SocketException("Reply from SOCKS server contains wrong code");

557                 break;

558             }

559             break;

560         case GENERAL_FAILURE:

561             ex = new SocketException("SOCKS server general failure");

562             break;

563         case NOT_ALLOWED:

564             ex = new SocketException("SOCKS: Connection not allowed by ruleset");

565             break;

566         case NET_UNREACHABLE:

567             ex = new SocketException("SOCKS: Network unreachable");

568             break;

569         case HOST_UNREACHABLE:

570             ex = new SocketException("SOCKS: Host unreachable");

571             break;

572         case CONN_REFUSED:

573             ex = new SocketException("SOCKS: Connection refused");

574             break;

575         case TTL_EXPIRED:

576             ex =  new SocketException("SOCKS: TTL expired");

577             break;

578         case CMD_NOT_SUPPORTED:

579             ex = new SocketException("SOCKS: Command not supported");

580             break;

581         case ADDR_TYPE_NOT_SUP:

582             ex = new SocketException("SOCKS: address type not supported");

583             break;

584         }

585         if (ex != null) {

586             in.close();

587             out.close();

588             throw ex;

589         }

590         external_address = epoint;

591     }

592 

593     private void bindV4(InputStream in, OutputStream out,

594                         InetAddress baddr,

595                         int lport) throws IOException {

596         if (!(baddr instanceof Inet4Address)) {

597             throw new SocketException("SOCKS V4 requires IPv4 only addresses");

598         }

599         super.bind(baddr, lport);

600         byte[] addr1 = baddr.getAddress();

601         /* Test for AnyLocal */

602         InetAddress naddr = baddr;

603         if (naddr.isAnyLocalAddress()) {

604             naddr = AccessController.doPrivileged(

605                         new PrivilegedAction<>() {

606                             public InetAddress run() {

607                                 return cmdsock.getLocalAddress();

608 

609                             }

610                         });

611             addr1 = naddr.getAddress();

612         }

613         out.write(PROTO_VERS4);

614         out.write(BIND);

615         out.write((super.getLocalPort() >> 8) & 0xff);

616         out.write((super.getLocalPort() >> 0) & 0xff);

617         out.write(addr1);

618         String userName = getUserName();

619         try {

620             out.write(userName.getBytes("ISO-8859-1"));

621         } catch (java.io.UnsupportedEncodingException uee) {

622             assert false;

623         }

624         out.write(0);

625         out.flush();

626         byte[] data = new byte[8];

627         int n = readSocksReply(in, data);

628         if (n != 8)

629             throw new SocketException("Reply from SOCKS server has bad length: " + n);

630         if (data[0] != 0 && data[0] != 4)

631             throw new SocketException("Reply from SOCKS server has bad version");

632         SocketException ex = null;

633         switch (data[1]) {

634         case 90:

635             // Success!

636             external_address = new InetSocketAddress(baddr, lport);

637             break;

638         case 91:

639             ex = new SocketException("SOCKS request rejected");

640             break;

641         case 92:

642             ex = new SocketException("SOCKS server couldn't reach destination");

643             break;

644         case 93:

645             ex = new SocketException("SOCKS authentication failed");

646             break;

647         default:

648             ex = new SocketException("Reply from SOCKS server contains bad status");

649             break;

650         }

651         if (ex != null) {

652             in.close();

653             out.close();

654             throw ex;

655         }

656 

657     }

658 

659     /**

660      * Sends the Bind request to the SOCKS proxy. In the SOCKS protocol, bind

661      * means "accept incoming connection from", so the SocketAddress is

662      * the one of the host we do accept connection from.

663      *

664      * @param      saddr   the Socket address of the remote host.

665      * @exception  IOException  if an I/O error occurs when binding this socket.

666      */

667     protected synchronized void socksBind(InetSocketAddress saddr) throws IOException {

668         if (socket != null) {

669             // this is a client socket, not a server socket, don't

670             // call the SOCKS proxy for a bind!

671             return;

672         }

673 

674         // Connects to the SOCKS server

675 

676         if (server == null) {

677             // This is the general case

678             // server is not null only when the socket was created with a

679             // specified proxy in which case it does bypass the ProxySelector

680             ProxySelector sel = java.security.AccessController.doPrivileged(

681                 new java.security.PrivilegedAction<>() {

682                     public ProxySelector run() {

683                             return ProxySelector.getDefault();

684                         }

685                     });

686             if (sel == null) {

687                 /*

688                  * No default proxySelector --> direct connection

689                  */

690                 return;

691             }

692             URI uri;

693             // Use getHostString() to avoid reverse lookups

694             String host = saddr.getHostString();

695             // IPv6 litteral?

696             if (saddr.getAddress() instanceof Inet6Address &&

697                 (!host.startsWith("[")) && (host.indexOf(':') >= 0)) {

698                 host = "[" + host + "]";

699             }

700             try {

701                 uri = new URI("serversocket://" + ParseUtil.encodePath(host) + ":"+ saddr.getPort());

702             } catch (URISyntaxException e) {

703                 // This shouldn't happen

704                 assert false : e;

705                 uri = null;

706             }

707             Proxy p = null;

708             Exception savedExc = null;

709             java.util.Iterator<Proxy> iProxy = null;

710             iProxy = sel.select(uri).iterator();

711             if (iProxy == null || !(iProxy.hasNext())) {

712                 return;

713             }

714             while (iProxy.hasNext()) {

715                 p = iProxy.next();

716                 if (p == null || p.type() != Proxy.Type.SOCKS) {

717                     return;

718                 }

719 

720                 if (!(p.address() instanceof InetSocketAddress))

721                     throw new SocketException("Unknown address type for proxy: " + p);

722                 // Use getHostString() to avoid reverse lookups

723                 server = ((InetSocketAddress) p.address()).getHostString();

724                 serverPort = ((InetSocketAddress) p.address()).getPort();

725                 useV4 = useV4(p);

726 

727                 // Connects to the SOCKS server

728                 try {

729                     AccessController.doPrivileged(

730                         new PrivilegedExceptionAction<>() {

731                             public Void run() throws Exception {

732                                 cmdsock = new Socket(new PlainSocketImpl());

733                                 cmdsock.connect(new InetSocketAddress(server, serverPort));

734                                 cmdIn = cmdsock.getInputStream();

735                                 cmdOut = cmdsock.getOutputStream();

736                                 return null;

737                             }

738                         });

739                 } catch (Exception e) {

740                     // Ooops, let's notify the ProxySelector

741                     sel.connectFailed(uri,p.address(),new SocketException(e.getMessage()));

742                     server = null;

743                     serverPort = -1;

744                     cmdsock = null;

745                     savedExc = e;

746                     // Will continue the while loop and try the next proxy

747                 }

748             }

749 

750             /*

751              * If server is still null at this point, none of the proxy

752              * worked

753              */

754             if (server == null || cmdsock == null) {

755                 throw new SocketException("Can't connect to SOCKS proxy:"

756                                           + savedExc.getMessage());

757             }

758         } else {

759             try {

760                 AccessController.doPrivileged(

761                     new PrivilegedExceptionAction<>() {

762                         public Void run() throws Exception {

763                             cmdsock = new Socket(new PlainSocketImpl());

764                             cmdsock.connect(new InetSocketAddress(server, serverPort));

765                             cmdIn = cmdsock.getInputStream();

766                             cmdOut = cmdsock.getOutputStream();

767                             return null;

768                         }

769                     });

770             } catch (Exception e) {

771                 throw new SocketException(e.getMessage());

772             }

773         }

774         BufferedOutputStream out = new BufferedOutputStream(cmdOut, 512);

775         InputStream in = cmdIn;

776         if (useV4) {

777             bindV4(in, out, saddr.getAddress(), saddr.getPort());

778             return;

779         }

780         out.write(PROTO_VERS);

781         out.write(2);

782         out.write(NO_AUTH);

783         out.write(USER_PASSW);

784         out.flush();

785         byte[] data = new byte[2];

786         int i = readSocksReply(in, data);

787         if (i != 2 || ((int)data[0]) != PROTO_VERS) {

788             // Maybe it's not a V5 sever after all

789             // Let's try V4 before we give up

790             bindV4(in, out, saddr.getAddress(), saddr.getPort());

791             return;

792         }

793         if (((int)data[1]) == NO_METHODS)

794             throw new SocketException("SOCKS : No acceptable methods");

795         if (!authenticate(data[1], in, out)) {

796             throw new SocketException("SOCKS : authentication failed");

797         }

798         // We're OK. Let's issue the BIND command.

799         out.write(PROTO_VERS);

800         out.write(BIND);

801         out.write(0);

802         int lport = saddr.getPort();

803         if (saddr.isUnresolved()) {

804             out.write(DOMAIN_NAME);

805             out.write(saddr.getHostName().length());

806             try {

807                 out.write(saddr.getHostName().getBytes("ISO-8859-1"));

808             } catch (java.io.UnsupportedEncodingException uee) {

809                 assert false;

810             }

811             out.write((lport >> 8) & 0xff);

812             out.write((lport >> 0) & 0xff);

813         } else if (saddr.getAddress() instanceof Inet4Address) {

814             byte[] addr1 = saddr.getAddress().getAddress();

815             out.write(IPV4);

816             out.write(addr1);

817             out.write((lport >> 8) & 0xff);

818             out.write((lport >> 0) & 0xff);

819             out.flush();

820         } else if (saddr.getAddress() instanceof Inet6Address) {

821             byte[] addr1 = saddr.getAddress().getAddress();

822             out.write(IPV6);

823             out.write(addr1);

824             out.write((lport >> 8) & 0xff);

825             out.write((lport >> 0) & 0xff);

826             out.flush();

827         } else {

828             cmdsock.close();

829             throw new SocketException("unsupported address type : " + saddr);

830         }

831         data = new byte[4];

832         i = readSocksReply(in, data);

833         SocketException ex = null;

834         int len, nport;

835         byte[] addr;

836         switch (data[1]) {

837         case REQUEST_OK:

838             // success!

839             switch(data[3]) {

840             case IPV4:

841                 addr = new byte[4];

842                 i = readSocksReply(in, addr);

843                 if (i != 4)

844                     throw new SocketException("Reply from SOCKS server badly formatted");

845                 data = new byte[2];

846                 i = readSocksReply(in, data);

847                 if (i != 2)

848                     throw new SocketException("Reply from SOCKS server badly formatted");

849                 nport = ((int)data[0] & 0xff) << 8;

850                 nport += ((int)data[1] & 0xff);

851                 external_address =

852                     new InetSocketAddress(new Inet4Address("", addr) , nport);

853                 break;

854             case DOMAIN_NAME:

855                 len = data[1];

856                 byte[] host = new byte[len];

857                 i = readSocksReply(in, host);

858                 if (i != len)

859                     throw new SocketException("Reply from SOCKS server badly formatted");

860                 data = new byte[2];

861                 i = readSocksReply(in, data);

862                 if (i != 2)

863                     throw new SocketException("Reply from SOCKS server badly formatted");

864                 nport = ((int)data[0] & 0xff) << 8;

865                 nport += ((int)data[1] & 0xff);

866                 external_address = new InetSocketAddress(new String(host), nport);

867                 break;

868             case IPV6:

869                 len = data[1];

870                 addr = new byte[len];

871                 i = readSocksReply(in, addr);

872                 if (i != len)

873                     throw new SocketException("Reply from SOCKS server badly formatted");

874                 data = new byte[2];

875                 i = readSocksReply(in, data);

876                 if (i != 2)

877                     throw new SocketException("Reply from SOCKS server badly formatted");

878                 nport = ((int)data[0] & 0xff) << 8;

879                 nport += ((int)data[1] & 0xff);

880                 external_address =

881                     new InetSocketAddress(new Inet6Address("", addr), nport);

882                 break;

883             }

884             break;

885         case GENERAL_FAILURE:

886             ex = new SocketException("SOCKS server general failure");

887             break;

888         case NOT_ALLOWED:

889             ex = new SocketException("SOCKS: Bind not allowed by ruleset");

890             break;

891         case NET_UNREACHABLE:

892             ex = new SocketException("SOCKS: Network unreachable");

893             break;

894         case HOST_UNREACHABLE:

895             ex = new SocketException("SOCKS: Host unreachable");

896             break;

897         case CONN_REFUSED:

898             ex = new SocketException("SOCKS: Connection refused");

899             break;

900         case TTL_EXPIRED:

901             ex =  new SocketException("SOCKS: TTL expired");

902             break;

903         case CMD_NOT_SUPPORTED:

904             ex = new SocketException("SOCKS: Command not supported");

905             break;

906         case ADDR_TYPE_NOT_SUP:

907             ex = new SocketException("SOCKS: address type not supported");

908             break;

909         }

910         if (ex != null) {

911             in.close();

912             out.close();

913             cmdsock.close();

914             cmdsock = null;

915             throw ex;

916         }

917         cmdIn = in;

918         cmdOut = out;

919     }

920 

921     /**

922      * Accepts a connection from a specific host.

923      *

924      * @param      s   the accepted connection.

925      * @param      saddr the socket address of the host we do accept

926      *               connection from

927      * @exception  IOException  if an I/O error occurs when accepting the

928      *               connection.

929      */

930     protected void acceptFrom(SocketImpl s, InetSocketAddress saddr) throws IOException {

931         if (cmdsock == null) {

932             // Not a Socks ServerSocket.

933             return;

934         }

935         InputStream in = cmdIn;

936         // Sends the "SOCKS BIND" request.

937         socksBind(saddr);

938         in.read();

939         int i = in.read();

940         in.read();

941         SocketException ex = null;

942         int nport;

943         byte[] addr;

944         InetSocketAddress real_end = null;

945         switch (i) {

946         case REQUEST_OK:

947             // success!

948             i = in.read();

949             switch(i) {

950             case IPV4:

951                 addr = new byte[4];

952                 readSocksReply(in, addr);

953                 nport = in.read() << 8;

954                 nport += in.read();

955                 real_end =

956                     new InetSocketAddress(new Inet4Address("", addr) , nport);

957                 break;

958             case DOMAIN_NAME:

959                 int len = in.read();

960                 addr = new byte[len];

961                 readSocksReply(in, addr);

962                 nport = in.read() << 8;

963                 nport += in.read();

964                 real_end = new InetSocketAddress(new String(addr), nport);

965                 break;

966             case IPV6:

967                 addr = new byte[16];

968                 readSocksReply(in, addr);

969                 nport = in.read() << 8;

970                 nport += in.read();

971                 real_end =

972                     new InetSocketAddress(new Inet6Address("", addr), nport);

973                 break;

974             }

975             break;

976         case GENERAL_FAILURE:

977             ex = new SocketException("SOCKS server general failure");

978             break;

979         case NOT_ALLOWED:

980             ex = new SocketException("SOCKS: Accept not allowed by ruleset");

981             break;

982         case NET_UNREACHABLE:

983             ex = new SocketException("SOCKS: Network unreachable");

984             break;

985         case HOST_UNREACHABLE:

986             ex = new SocketException("SOCKS: Host unreachable");

987             break;

988         case CONN_REFUSED:

989             ex = new SocketException("SOCKS: Connection refused");

990             break;

991         case TTL_EXPIRED:

992             ex =  new SocketException("SOCKS: TTL expired");

993             break;

994         case CMD_NOT_SUPPORTED:

995             ex = new SocketException("SOCKS: Command not supported");

996             break;

997         case ADDR_TYPE_NOT_SUP:

998             ex = new SocketException("SOCKS: address type not supported");

999             break;

1000         }

1001         if (ex != null) {

1002             cmdIn.close();

1003             cmdOut.close();

1004             cmdsock.close();

1005             cmdsock = null;

1006             throw ex;

1007         }

1008 

1009         /**

1010          * This is where we have to do some fancy stuff.

1011          * The datastream from the socket "accepted" by the proxy will

1012          * come through the cmdSocket. So we have to swap the socketImpls

1013          */

1014         if (s instanceof SocksSocketImpl) {

1015             ((SocksSocketImpl)s).external_address = real_end;

1016         }

1017         if (s instanceof PlainSocketImpl) {

1018             PlainSocketImpl psi = (PlainSocketImpl) s;

1019             psi.setInputStream((SocketInputStream) in);

1020             psi.setFileDescriptor(cmdsock.getImpl().getFileDescriptor());

1021             psi.setAddress(cmdsock.getImpl().getInetAddress());

1022             psi.setPort(cmdsock.getImpl().getPort());

1023             psi.setLocalPort(cmdsock.getImpl().getLocalPort());

1024         } else {

1025             s.fd = cmdsock.getImpl().fd;

1026             s.address = cmdsock.getImpl().address;

1027             s.port = cmdsock.getImpl().port;

1028             s.localport = cmdsock.getImpl().localport;

1029         }

1030 

1031         // Need to do that so that the socket won't be closed

1032         // when the ServerSocket is closed by the user.

1033         // It kinds of detaches the Socket because it is now

1034         // used elsewhere.

1035         cmdsock = null;

1036     }

1037 

1038 

1039     /**

1040      * Returns the value of this socket's {@code address} field.

1041      *

1042      * @return  the value of this socket's {@code address} field.

1043      * @see     java.net.SocketImpl#address

1044      */

1045     @Override

1046     protected InetAddress getInetAddress() {

1047         if (external_address != null)

1048             return external_address.getAddress();

1049         else

1050             return super.getInetAddress();

1051     }

1052 

1053     /**

1054      * Returns the value of this socket's {@code port} field.

1055      *

1056      * @return  the value of this socket's {@code port} field.

1057      * @see     java.net.SocketImpl#port

1058      */

1059     @Override

1060     protected int getPort() {

1061         if (external_address != null)

1062             return external_address.getPort();

1063         else

1064             return super.getPort();

1065     }

1066 

1067     @Override

1068     protected int getLocalPort() {

1069         if (socket != null)

1070             return super.getLocalPort();

1071         if (external_address != null)

1072             return external_address.getPort();

1073         else

1074             return super.getLocalPort();

1075     }

1076 

1077     @Override

1078     protected void close() throws IOException {

1079         if (cmdsock != null)

1080             cmdsock.close();

1081         cmdsock = null;

1082         super.close();

1083     }

1084 

1085     private String getUserName() {

1086         String userName = "";

1087         if (applicationSetProxy) {

1088             try {

1089                 userName = System.getProperty("user.name");

1090             } catch (SecurityException se) { /* swallow Exception */ }

1091         } else {

1092             userName = StaticProperty.userName();

1093         }

1094         return userName;

1095     }

1096 }

1097