Socks5BytestreamRequest.java
/**
*
* Copyright the original author or authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jivesoftware.smackx.bytestreams.socks5;
import java.io.IOException;
import java.net.Socket;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeoutException;
import org.jivesoftware.smack.SmackException;
import org.jivesoftware.smack.SmackException.NotConnectedException;
import org.jivesoftware.smack.XMPPException;
import org.jivesoftware.smack.XMPPException.XMPPErrorException;
import org.jivesoftware.smack.packet.IQ;
import org.jivesoftware.smack.packet.StanzaError;
import org.jivesoftware.smackx.bytestreams.BytestreamRequest;
import org.jivesoftware.smackx.bytestreams.socks5.Socks5Exception.CouldNotConnectToAnyProvidedSocks5Host;
import org.jivesoftware.smackx.bytestreams.socks5.Socks5Exception.NoSocks5StreamHostsProvided;
import org.jivesoftware.smackx.bytestreams.socks5.packet.Bytestream;
import org.jivesoftware.smackx.bytestreams.socks5.packet.Bytestream.StreamHost;
import org.jxmpp.jid.Jid;
import org.jxmpp.util.cache.Cache;
import org.jxmpp.util.cache.ExpirationCache;
/**
* Socks5BytestreamRequest class handles incoming SOCKS5 Bytestream requests.
*
* @author Henning Staib
*/
public class Socks5BytestreamRequest implements BytestreamRequest {
/* lifetime of an Item in the blacklist */
private static final long BLACKLIST_LIFETIME = 60 * 1000 * 120;
/* size of the blacklist */
private static final int BLACKLIST_MAX_SIZE = 100;
/* blacklist of addresses of SOCKS5 proxies */
private static final Cache<String, Integer> ADDRESS_BLACKLIST = new ExpirationCache<String, Integer>(
BLACKLIST_MAX_SIZE, BLACKLIST_LIFETIME);
private static int DEFAULT_CONNECTION_FAILURE_THRESHOLD = 2;
/*
* The number of connection failures it takes for a particular SOCKS5 proxy to be blacklisted.
* When a proxy is blacklisted no more connection attempts will be made to it for a period of 2
* hours.
*/
private int connectionFailureThreshold = DEFAULT_CONNECTION_FAILURE_THRESHOLD;
/* the bytestream initialization request */
private Bytestream bytestreamRequest;
/* SOCKS5 Bytestream manager containing the XMPP connection and helper methods */
private Socks5BytestreamManager manager;
/* timeout to connect to all SOCKS5 proxies */
private int totalConnectTimeout = 10000;
/* minimum timeout to connect to one SOCKS5 proxy */
private int minimumConnectTimeout = 2000;
/**
* Returns the default connection failure threshold.
*
* @return the default connection failure threshold.
* @see #setConnectFailureThreshold(int)
* @since 4.4.0
*/
public static int getDefaultConnectFailureThreshold() {
return DEFAULT_CONNECTION_FAILURE_THRESHOLD;
}
/**
* Sets the default connection failure threshold.
*
* @param defaultConnectFailureThreshold the default connection failure threshold.
* @see #setConnectFailureThreshold(int)
* @since 4.4.0
*/
public static void setDefaultConnectFailureThreshold(int defaultConnectFailureThreshold) {
DEFAULT_CONNECTION_FAILURE_THRESHOLD = defaultConnectFailureThreshold;
}
/**
* Returns the number of connection failures it takes for a particular SOCKS5 proxy to be
* blacklisted. When a proxy is blacklisted no more connection attempts will be made to it for a
* period of 2 hours. Default is 2.
*
* @return the number of connection failures it takes for a particular SOCKS5 proxy to be
* blacklisted
*/
public int getConnectFailureThreshold() {
return connectionFailureThreshold;
}
/**
* Sets the number of connection failures it takes for a particular SOCKS5 proxy to be
* blacklisted. When a proxy is blacklisted no more connection attempts will be made to it for a
* period of 2 hours. Default is 2.
* <p>
* Setting the connection failure threshold to zero disables the blacklisting.
*
* @param connectFailureThreshold the number of connection failures it takes for a particular
* SOCKS5 proxy to be blacklisted
*/
public void setConnectFailureThreshold(int connectFailureThreshold) {
connectionFailureThreshold = connectFailureThreshold;
}
/**
* Creates a new Socks5BytestreamRequest.
*
* @param manager the SOCKS5 Bytestream manager
* @param bytestreamRequest the SOCKS5 Bytestream initialization packet
*/
protected Socks5BytestreamRequest(Socks5BytestreamManager manager, Bytestream bytestreamRequest) {
this.manager = manager;
this.bytestreamRequest = bytestreamRequest;
}
/**
* Returns the maximum timeout to connect to SOCKS5 proxies. Default is 10000ms.
* <p>
* When accepting a SOCKS5 Bytestream request Smack tries to connect to all SOCKS5 proxies given
* by the initiator until a connection is established. This timeout divided by the number of
* SOCKS5 proxies determines the timeout for every connection attempt.
* <p>
* You can set the minimum timeout for establishing a connection to one SOCKS5 proxy by invoking
* {@link #setMinimumConnectTimeout(int)}.
*
* @return the maximum timeout to connect to SOCKS5 proxies
*/
public int getTotalConnectTimeout() {
if (this.totalConnectTimeout <= 0) {
return 10000;
}
return this.totalConnectTimeout;
}
/**
* Sets the maximum timeout to connect to SOCKS5 proxies. Default is 10000ms.
* <p>
* When accepting a SOCKS5 Bytestream request Smack tries to connect to all SOCKS5 proxies given
* by the initiator until a connection is established. This timeout divided by the number of
* SOCKS5 proxies determines the timeout for every connection attempt.
* <p>
* You can set the minimum timeout for establishing a connection to one SOCKS5 proxy by invoking
* {@link #setMinimumConnectTimeout(int)}.
*
* @param totalConnectTimeout the maximum timeout to connect to SOCKS5 proxies
*/
public void setTotalConnectTimeout(int totalConnectTimeout) {
this.totalConnectTimeout = totalConnectTimeout;
}
/**
* Returns the timeout to connect to one SOCKS5 proxy while accepting the SOCKS5 Bytestream
* request. Default is 2000ms.
*
* @return the timeout to connect to one SOCKS5 proxy
*/
public int getMinimumConnectTimeout() {
if (this.minimumConnectTimeout <= 0) {
return 2000;
}
return this.minimumConnectTimeout;
}
/**
* Sets the timeout to connect to one SOCKS5 proxy while accepting the SOCKS5 Bytestream
* request. Default is 2000ms.
*
* @param minimumConnectTimeout the timeout to connect to one SOCKS5 proxy
*/
public void setMinimumConnectTimeout(int minimumConnectTimeout) {
this.minimumConnectTimeout = minimumConnectTimeout;
}
/**
* Returns the sender of the SOCKS5 Bytestream initialization request.
*
* @return the sender of the SOCKS5 Bytestream initialization request.
*/
@Override
public Jid getFrom() {
return this.bytestreamRequest.getFrom();
}
/**
* Returns the session ID of the SOCKS5 Bytestream initialization request.
*
* @return the session ID of the SOCKS5 Bytestream initialization request.
*/
@Override
public String getSessionID() {
return this.bytestreamRequest.getSessionID();
}
/**
* Accepts the SOCKS5 Bytestream initialization request and returns the socket to send/receive
* data.
* <p>
* Before accepting the SOCKS5 Bytestream request you can set timeouts by invoking
* {@link #setTotalConnectTimeout(int)} and {@link #setMinimumConnectTimeout(int)}.
*
* @return the socket to send/receive data
* @throws InterruptedException if the current thread was interrupted while waiting
* @throws XMPPErrorException if there was an XMPP error returned.
* @throws NotConnectedException if the XMPP connection is not connected.
* @throws CouldNotConnectToAnyProvidedSocks5Host if no connection to any provided stream host could be established
* @throws NoSocks5StreamHostsProvided if no stream host was provided.
*/
@Override
public Socks5BytestreamSession accept() throws InterruptedException, XMPPErrorException,
CouldNotConnectToAnyProvidedSocks5Host, NotConnectedException, NoSocks5StreamHostsProvided {
Collection<StreamHost> streamHosts = this.bytestreamRequest.getStreamHosts();
Map<StreamHost, Exception> streamHostsExceptions = new HashMap<>();
// throw exceptions if request contains no stream hosts
if (streamHosts.size() == 0) {
cancelRequest(streamHostsExceptions);
}
StreamHost selectedHost = null;
Socket socket = null;
String digest = Socks5Utils.createDigest(this.bytestreamRequest.getSessionID(),
this.bytestreamRequest.getFrom(), this.manager.getConnection().getUser());
/*
* determine timeout for each connection attempt; each SOCKS5 proxy has the same amount of
* time so that the first does not consume the whole timeout
*/
int timeout = Math.max(getTotalConnectTimeout() / streamHosts.size(),
getMinimumConnectTimeout());
for (StreamHost streamHost : streamHosts) {
String address = streamHost.getAddress() + ":" + streamHost.getPort();
// check to see if this address has been blacklisted
int failures = getConnectionFailures(address);
if (connectionFailureThreshold > 0 && failures >= connectionFailureThreshold) {
continue;
}
// establish socket
try {
// build SOCKS5 client
final Socks5Client socks5Client = new Socks5Client(streamHost, digest);
// connect to SOCKS5 proxy with a timeout
socket = socks5Client.getSocket(timeout);
// set selected host
selectedHost = streamHost;
break;
}
catch (TimeoutException | IOException | SmackException | XMPPException e) {
streamHostsExceptions.put(streamHost, e);
incrementConnectionFailures(address);
}
}
// throw exception if connecting to all SOCKS5 proxies failed
if (selectedHost == null || socket == null) {
cancelRequest(streamHostsExceptions);
}
// send used-host confirmation
Bytestream response = createUsedHostResponse(selectedHost);
this.manager.getConnection().sendStanza(response);
return new Socks5BytestreamSession(socket, selectedHost.getJID().equals(
this.bytestreamRequest.getFrom()));
}
/**
* Rejects the SOCKS5 Bytestream request by sending a reject error to the initiator.
* @throws NotConnectedException if the XMPP connection is not connected.
* @throws InterruptedException if the calling thread was interrupted.
*/
@Override
public void reject() throws NotConnectedException, InterruptedException {
this.manager.replyRejectPacket(this.bytestreamRequest);
}
/**
* Cancels the SOCKS5 Bytestream request by sending an error to the initiator and building a
* XMPP exception.
*
* @param streamHostsExceptions the stream hosts and their exceptions.
* @throws NotConnectedException if the XMPP connection is not connected.
* @throws InterruptedException if the calling thread was interrupted.
* @throws CouldNotConnectToAnyProvidedSocks5Host as expected result.
* @throws NoSocks5StreamHostsProvided if no stream host was provided.
*/
private void cancelRequest(Map<StreamHost, Exception> streamHostsExceptions)
throws NotConnectedException, InterruptedException, CouldNotConnectToAnyProvidedSocks5Host, NoSocks5StreamHostsProvided {
final Socks5Exception.NoSocks5StreamHostsProvided noHostsProvidedException;
final Socks5Exception.CouldNotConnectToAnyProvidedSocks5Host couldNotConnectException;
final String errorMessage;
if (streamHostsExceptions.isEmpty()) {
noHostsProvidedException = new Socks5Exception.NoSocks5StreamHostsProvided();
couldNotConnectException = null;
errorMessage = noHostsProvidedException.getMessage();
} else {
noHostsProvidedException = null;
couldNotConnectException = Socks5Exception.CouldNotConnectToAnyProvidedSocks5Host.construct(streamHostsExceptions);
errorMessage = couldNotConnectException.getMessage();
}
StanzaError error = StanzaError.from(StanzaError.Condition.item_not_found, errorMessage).build();
IQ errorIQ = IQ.createErrorResponse(this.bytestreamRequest, error);
this.manager.getConnection().sendStanza(errorIQ);
if (noHostsProvidedException != null) {
throw noHostsProvidedException;
} else {
throw couldNotConnectException;
}
}
/**
* Returns the response to the SOCKS5 Bytestream request containing the SOCKS5 proxy used.
*
* @param selectedHost the used SOCKS5 proxy
* @return the response to the SOCKS5 Bytestream request
*/
private Bytestream createUsedHostResponse(StreamHost selectedHost) {
Bytestream response = new Bytestream(this.bytestreamRequest.getSessionID());
response.setTo(this.bytestreamRequest.getFrom());
response.setType(IQ.Type.result);
response.setStanzaId(this.bytestreamRequest.getStanzaId());
response.setUsedHost(selectedHost.getJID());
return response;
}
/**
* Increments the connection failure counter by one for the given address.
*
* @param address the address the connection failure counter should be increased
*/
private static void incrementConnectionFailures(String address) {
Integer count = ADDRESS_BLACKLIST.lookup(address);
ADDRESS_BLACKLIST.put(address, count == null ? 1 : count + 1);
}
/**
* Returns how often the connection to the given address failed.
*
* @param address the address
* @return number of connection failures
*/
private static int getConnectionFailures(String address) {
Integer count = ADDRESS_BLACKLIST.lookup(address);
return count != null ? count : 0;
}
}