Class AbstractSession
- java.lang.Object
-
- org.apache.sshd.common.util.logging.AbstractLoggingBean
-
- org.apache.sshd.common.util.closeable.IoBaseCloseable
-
- org.apache.sshd.common.util.closeable.AbstractCloseable
-
- org.apache.sshd.common.util.closeable.AbstractInnerCloseable
-
- org.apache.sshd.common.kex.AbstractKexFactoryManager
-
- org.apache.sshd.common.session.helpers.SessionHelper
-
- org.apache.sshd.common.session.helpers.AbstractSession
-
- All Implemented Interfaces:
java.io.Closeable
,java.lang.AutoCloseable
,java.nio.channels.Channel
,AttributeRepository
,AttributeStore
,MutableUserHolder
,UsernameHolder
,ChannelListenerManager
,ChannelStreamWriterResolver
,ChannelStreamWriterResolverManager
,Closeable
,FactoryManagerHolder
,PortForwardingEventListenerManager
,PortForwardingInformationProvider
,KexExtensionHandlerManager
,KexFactoryManager
,PropertyResolver
,ReservedSessionMessagesManager
,Session
,SessionContext
,SessionDisconnectHandlerManager
,SessionHeartbeatController
,SessionListenerManager
,UnknownChannelReferenceHandlerManager
,SignatureFactoriesHolder
,SignatureFactoriesManager
,ConnectionEndpointsIndicator
- Direct Known Subclasses:
AbstractClientSession
,AbstractServerSession
public abstract class AbstractSession extends SessionHelper
The AbstractSession handles all the basic SSH protocol such as key exchange, authentication, encoding and decoding. Both server side and client side sessions should inherit from this abstract class. Some basic packet processing methods are defined but the actual call to these methods should be done from the
TODO: if there is any very big packet, decoderBuffer and uncompressBuffer will get quite big and they won't be resized down at any time. Though the packet size is really limited by the channel max packet sizehandleMessage(Buffer)
method, which is dependent on the state and side of this session.
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class org.apache.sshd.common.util.closeable.AbstractCloseable
AbstractCloseable.State
-
Nested classes/interfaces inherited from interface org.apache.sshd.common.AttributeRepository
AttributeRepository.AttributeKey<T>
-
Nested classes/interfaces inherited from interface org.apache.sshd.common.session.SessionHeartbeatController
SessionHeartbeatController.HeartbeatType
-
-
Field Summary
Fields Modifier and Type Field Description protected ChannelListener
channelListenerProxy
protected java.util.Collection<ChannelListener>
channelListeners
Channel events listener containerprivate byte[]
clientKexData
protected java.util.Map<KexProposalOption,java.lang.String>
clientProposal
protected java.lang.String
clientVersion
protected Service
currentService
protected java.lang.Object
decodeLock
protected SessionWorkBuffer
decoderBuffer
protected int
decoderLength
protected int
decoderState
protected java.lang.Object
encodeLock
protected java.lang.Boolean
firstKexPacketFollows
protected java.util.concurrent.atomic.AtomicLong
globalRequestSeqo
protected int
ignorePacketDataLength
protected java.util.concurrent.atomic.AtomicLong
ignorePacketsCount
protected long
ignorePacketsFrequency
protected int
ignorePacketsVariance
protected java.util.concurrent.atomic.AtomicLong
inBlocksCount
protected java.util.concurrent.atomic.AtomicLong
inBytesCount
protected Cipher
inCipher
protected int
inCipherSize
protected Compression
inCompression
protected Mac
inMac
protected byte[]
inMacResult
protected int
inMacSize
protected java.util.concurrent.atomic.AtomicLong
inPacketsCount
protected KeyExchange
kex
protected java.util.concurrent.atomic.AtomicReference<DefaultKeyExchangeFuture>
kexFutureHolder
protected java.util.concurrent.atomic.AtomicReference<KexState>
kexState
protected java.util.concurrent.atomic.AtomicReference<java.time.Instant>
lastKeyTimeValue
protected java.util.concurrent.atomic.AtomicLong
maxRekeyBlocks
protected long
maxRekeyBytes
protected java.time.Duration
maxRekeyInterval
protected long
maxRekyPackets
protected java.util.Map<KexProposalOption,java.lang.String>
negotiationResult
protected java.util.concurrent.atomic.AtomicLong
outBlocksCount
protected java.util.concurrent.atomic.AtomicLong
outBytesCount
protected Cipher
outCipher
protected int
outCipherSize
protected Compression
outCompression
protected Mac
outMac
protected int
outMacSize
protected java.util.concurrent.atomic.AtomicLong
outPacketsCount
protected java.util.concurrent.atomic.AtomicReference<java.lang.String>
pendingGlobalRequest
protected java.util.Queue<PendingWriteFuture>
pendingPackets
protected Random
random
The pseudo random generatorprotected java.lang.Object
requestLock
private java.util.concurrent.atomic.AtomicReference<java.lang.Object>
requestResult
Used to wait for global requests result synchronous waitprotected long
seqi
protected long
seqo
private byte[]
serverKexData
protected java.util.Map<KexProposalOption,java.lang.String>
serverProposal
protected java.lang.String
serverVersion
static java.lang.String
SESSION
Name of the property where this session is stored in the attributes of the underlying MINA session.protected byte[]
sessionId
protected SessionListener
sessionListenerProxy
protected java.util.Collection<SessionListener>
sessionListeners
Session listeners containerprotected PortForwardingEventListener
tunnelListenerProxy
protected java.util.Collection<PortForwardingEventListener>
tunnelListeners
Port forwarding events listener containerprotected SessionWorkBuffer
uncompressBuffer
protected java.util.Map<KexProposalOption,java.lang.String>
unmodClientProposal
protected java.util.Map<KexProposalOption,java.lang.String>
unmodNegotiationResult
protected java.util.Map<KexProposalOption,java.lang.String>
unmodServerProposal
-
Fields inherited from class org.apache.sshd.common.session.helpers.SessionHelper
authStart, idleStart, sessionLock
-
Fields inherited from class org.apache.sshd.common.util.closeable.AbstractCloseable
closeFuture, futureLock, state
-
Fields inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean
log
-
Fields inherited from interface org.apache.sshd.common.channel.throttle.ChannelStreamWriterResolver
NONE
-
Fields inherited from interface org.apache.sshd.common.PropertyResolver
EMPTY
-
Fields inherited from interface org.apache.sshd.common.session.SessionContext
DEFAULT_SSH_VERSION_PREFIX, FALLBACK_SSH_VERSION_PREFIX, MAX_VERSION_LINE_LENGTH
-
-
Constructor Summary
Constructors Modifier Constructor Description protected
AbstractSession(boolean serverSession, FactoryManager factoryManager, IoSession ioSession)
Create a new session.
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description void
addChannelListener(ChannelListener listener)
Add a channel listenervoid
addPortForwardingEventListener(PortForwardingEventListener listener)
Add a port forwarding listenervoid
addSessionListener(SessionListener listener)
Add a session listener.protected void
aeadOutgoingBuffer(Buffer buf, int offset, int len)
protected void
appendOutgoingMac(Buffer buf, int offset, int len)
static void
attachSession(IoSession ioSession, AbstractSession session)
Attach an SSHAbstractSession
to the I/O sessionstatic int
calculatePadLength(int len, int blockSize, boolean etmMode)
protected abstract void
checkKeys()
Indicates the the key exchange is completed and the exchanged keys can now be verified - e.g., client can verify the server's keyprotected KeyExchangeFuture
checkRekey()
Checks if a re-keying is required and if so initiates itprotected java.util.Map.Entry<java.lang.String,java.lang.String>
comparePreferredKexProposalOption(KexProposalOption option)
Compares the specifiedKexProposalOption
option value for client vs.Buffer
createBuffer(byte cmd, int len)
Create a new buffer for the specified SSH packet and reserve the needed space (5 bytes) for the packet header.protected void
decode()
Decode the incoming buffer and handle packets as needed.protected void
doHandleMessage(Buffer buffer)
protected boolean
doInvokeUnimplementedMessageHandler(int cmd, Buffer buffer)
protected void
doKexNegotiation()
protected IoWriteFuture
doWritePacket(Buffer buffer)
protected Buffer
encode(Buffer buffer)
Encode a buffer into the SSH protocol.protected void
encryptOutgoingBuffer(Buffer buf, int offset, int len)
protected PendingWriteFuture
enqueuePendingPacket(Buffer buffer)
Checks if key-exchange is done - if so, or the packet is related to the key-exchange protocol, then allows the packet to go through, otherwise enqueues it to be sent when key-exchange completedChannelListener
getChannelListenerProxy()
CipherInformation
getCipherInformation(boolean incoming)
Retrieves current cipher information - Note: may change if key re-exchange executedprotected byte[]
getClientKexData()
java.util.Map<KexProposalOption,java.lang.String>
getClientKexProposals()
java.lang.String
getClientVersion()
Retrieve the client version for this session.CompressionInformation
getCompressionInformation(boolean incoming)
Retrieves current compression information - Note: may change if key re-exchange executedprotected Closeable
getInnerCloseable()
KeyExchange
getKex()
java.util.Map<KexProposalOption,java.lang.String>
getKexNegotiationResult()
KexState
getKexState()
MacInformation
getMacInformation(boolean incoming)
Retrieves current MAC information - Note: may change if key re-exchange executedjava.lang.String
getNegotiatedKexParameter(KexProposalOption paramType)
Retrieve one of the negotiated values during the KEX stagePortForwardingEventListener
getPortForwardingEventListenerProxy()
protected byte[]
getServerKexData()
java.util.Map<KexProposalOption,java.lang.String>
getServerKexProposals()
java.lang.String
getServerVersion()
Retrieve the server version for this session.<T extends Service>
TgetService(java.lang.Class<T> clazz)
Get the service of the specified type.protected java.util.List<Service>
getServices()
static AbstractSession
getSession(IoSession ioSession)
Retrieve the SSH session from the I/O session.static AbstractSession
getSession(IoSession ioSession, boolean allowNull)
Retrieve the session SSH from the I/O session.byte[]
getSessionId()
SessionListener
getSessionListenerProxy()
protected boolean
handleFirstKexPacketFollows(int cmd, Buffer buffer, boolean followFlag)
protected void
handleKexExtension(int cmd, Buffer buffer)
protected void
handleKexInit(Buffer buffer)
protected void
handleKexMessage(int cmd, Buffer buffer)
protected void
handleMessage(Buffer buffer)
Abstract method for processing incoming decoded packets.protected void
handleNewCompression(int cmd, Buffer buffer)
protected void
handleNewKeys(int cmd, Buffer buffer)
protected void
handleServiceAccept(java.lang.String serviceName, Buffer buffer)
protected void
handleServiceAccept(Buffer buffer)
protected boolean
handleServiceRequest(java.lang.String serviceName, Buffer buffer)
protected void
handleServiceRequest(Buffer buffer)
protected boolean
isRekeyBlocksCountExceeded()
protected boolean
isRekeyDataSizeExceeded()
protected boolean
isRekeyPacketCountsExceeded()
protected boolean
isRekeyRequired()
protected boolean
isRekeyTimeIntervalExceeded()
void
messageReceived(Readable buffer)
Main input point for the MINA framework.protected java.util.Map<KexProposalOption,java.lang.String>
negotiate()
Compute the negotiated proposals by merging the client and server proposal.protected IoWriteFuture
notImplemented(int cmd, Buffer buffer)
Send aSSH_MSG_UNIMPLEMENTED
packet.protected void
preClose()
preClose is guaranteed to be called before doCloseGracefully or doCloseImmediately.Buffer
prepareBuffer(byte cmd, Buffer buffer)
Prepare a new "clean" buffer while reserving the needed space (5 bytes) for the packet header.protected Buffer
preProcessEncodeBuffer(int cmd, Buffer buffer)
Invoked by the session before encoding the buffer in order to make sure that it is at least of sizeSSH_PACKET_HEADER_LEN
.protected abstract boolean
readIdentification(Buffer buffer)
Read the other side identification.protected abstract void
receiveKexInit(java.util.Map<KexProposalOption,java.lang.String> proposal, byte[] seed)
protected byte[]
receiveKexInit(Buffer buffer)
protected byte[]
receiveKexInit(Buffer buffer, java.util.Map<KexProposalOption,java.lang.String> proposal)
Receive the remote key exchange init message.protected void
receiveNewKeys()
Put new keys into use.KeyExchangeFuture
reExchangeKeys()
Initiate a new key exchange.protected void
refreshConfiguration()
Refresh whatever internal configuration is notfinal
void
removeChannelListener(ChannelListener listener)
Remove a channel listenervoid
removePortForwardingEventListener(PortForwardingEventListener listener)
Remove a port forwarding listenervoid
removeSessionListener(SessionListener listener)
Remove a session listener.Buffer
request(java.lang.String request, Buffer buffer, long maxWaitMillis)
Send a global request and wait for the response.protected void
requestFailure(Buffer buffer)
Indicates the reception of aSSH_MSG_REQUEST_FAILURE
messageprotected KeyExchangeFuture
requestNewKeysExchange()
Initiates a new keys exchange if one not already in progressprotected void
requestSuccess(Buffer buffer)
Indicates the reception of aSSH_MSG_REQUEST_SUCCESS
messageprotected java.lang.String
resolveAvailableSignaturesProposal()
protected abstract java.lang.String
resolveAvailableSignaturesProposal(FactoryManager manager)
protected int
resolveIgnoreBufferDataLength()
protected Buffer
resolveOutputPacket(Buffer buffer)
protected java.lang.String
resolveSessionKexProposal(java.lang.String hostKeyTypes)
protected byte[]
sendKexInit()
protected byte[]
sendKexInit(java.util.Map<KexProposalOption,java.lang.String> proposal)
Send the key exchange initialization packet.protected IoWriteFuture
sendNewKeys()
Send a message to put new keys into use.protected java.util.List<java.util.AbstractMap.SimpleImmutableEntry<PendingWriteFuture,IoWriteFuture>>
sendPendingPackets(java.util.Queue<PendingWriteFuture> packetsQueue)
protected void
setClientKexData(byte[] data)
protected abstract void
setKexSeed(byte... seed)
protected java.util.Map<KexProposalOption,java.lang.String>
setNegotiationResult(java.util.Map<KexProposalOption,java.lang.String> guess)
protected void
setServerKexData(byte[] data)
protected void
signalRequestFailure()
Marks the current pending global request result as failedprotected void
validateIncomingMac(byte[] data, int offset, int len)
protected void
validateKexState(int cmd, KexState expected)
protected <B extends Buffer>
BvalidateTargetBuffer(int cmd, B buffer)
Makes sure that the buffer used for output is notnull
or one of the session's internal ones used for decoding and uncompressingIoWriteFuture
writePacket(Buffer buffer)
Encode and send the given buffer.-
Methods inherited from class org.apache.sshd.common.session.helpers.SessionHelper
attributeKeys, calculateNextIgnorePacketCount, checkAuthenticationTimeout, checkForTimeouts, checkIdleTimeout, clearAttributes, computeAttributeIfAbsent, createProposal, disconnect, doInvokeDebugMessageHandler, doInvokeIgnoreMessageHandler, doReadIdentification, exceptionCaught, getAttribute, getAttributesCount, getAuthTimeout, getAuthTimeoutStart, getBoundLocalPortForwards, getBoundRemotePortForward, getChannelStreamWriterResolver, getConnectionService, getFactoryManager, getForwarder, getIdleTimeout, getIdleTimeoutStart, getIoSession, getLocalForwardsBindings, getParentPropertyResolver, getProperties, getRemoteForwardsBindings, getReservedSessionMessagesHandler, getSessionDisconnectHandler, getStartedLocalPortForwards, getStartedRemotePortForwards, getTimeoutStatus, getUnknownChannelReferenceHandler, getUsername, handleDebug, handleDisconnect, handleDisconnect, handleIgnore, handleUnimplemented, invokeSessionSignaller, isAuthenticated, isLocalPortForwardingStartedForPort, isRemotePortForwardingStartedForPort, isServerSession, mergeProposals, removeAttribute, resetAuthTimeout, resetIdleTimeout, resizeKey, resolveChannelStreamWriterResolver, resolveIdentificationString, resolvePeerAddress, resolveReservedSessionMessagesHandler, resolveUnknownChannelReferenceHandler, sendDebugMessage, sendIdentification, sendIgnoreMessage, sendNotImplemented, setAttribute, setAuthenticated, setChannelStreamWriterResolver, setReservedSessionMessagesHandler, setSessionDisconnectHandler, setUnknownChannelReferenceHandler, setUsername, signalDisconnect, signalDisconnect, signalExceptionCaught, signalExceptionCaught, signalNegotiationEnd, signalNegotiationEnd, signalNegotiationStart, signalNegotiationStart, signalPeerIdentificationReceived, signalPeerIdentificationReceived, signalSessionClosed, signalSessionClosed, signalSessionCreated, signalSessionCreated, signalSessionEstablished, signalSessionEstablished, signalSessionEvent, signalSessionEvent, toString, writePacket
-
Methods inherited from class org.apache.sshd.common.kex.AbstractKexFactoryManager
getCipherFactories, getCompressionFactories, getDelegate, getKexExtensionHandler, getKeyExchangeFactories, getMacFactories, getSignatureFactories, resolveEffectiveFactories, resolveEffectiveProvider, setCipherFactories, setCompressionFactories, setKexExtensionHandler, setKeyExchangeFactories, setMacFactories, setSignatureFactories
-
Methods inherited from class org.apache.sshd.common.util.closeable.AbstractInnerCloseable
doCloseGracefully, doCloseImmediately
-
Methods inherited from class org.apache.sshd.common.util.closeable.AbstractCloseable
addCloseFutureListener, builder, close, getFutureLock, isClosed, isClosing, removeCloseFutureListener
-
Methods inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean
debug, debug, debug, debug, debug, error, error, error, error, error, getSimplifiedLogger, info, info, warn, warn, warn, warn, warn, warn, warn, warn
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
-
Methods inherited from interface org.apache.sshd.common.channel.throttle.ChannelStreamWriterResolverManager
resolveChannelStreamWriter
-
Methods inherited from interface org.apache.sshd.common.Closeable
addCloseFutureListener, close, close, isClosed, isClosing, isOpen, removeCloseFutureListener
-
Methods inherited from interface org.apache.sshd.common.kex.extension.KexExtensionHandlerManager
getKexExtensionHandler, setKexExtensionHandler
-
Methods inherited from interface org.apache.sshd.common.kex.KexFactoryManager
getCipherFactories, getCipherFactoriesNameList, getCipherFactoriesNames, getCompressionFactories, getCompressionFactoriesNameList, getCompressionFactoriesNames, getKeyExchangeFactories, getMacFactories, getMacFactoriesNameList, getMacFactoriesNames, setCipherFactories, setCipherFactoriesNameList, setCipherFactoriesNames, setCipherFactoriesNames, setCompressionFactories, setCompressionFactoriesNameList, setCompressionFactoriesNames, setCompressionFactoriesNames, setKeyExchangeFactories, setMacFactories, setMacFactoriesNameList, setMacFactoriesNames, setMacFactoriesNames
-
Methods inherited from interface org.apache.sshd.common.PropertyResolver
getBoolean, getBooleanProperty, getCharset, getInteger, getIntProperty, getLong, getLongProperty, getObject, getString, getStringProperty
-
Methods inherited from interface org.apache.sshd.common.session.Session
createBuffer, getLocalAddress, getRemoteAddress, request, request, resolveAttribute, startService, writePacket, writePacket
-
Methods inherited from interface org.apache.sshd.common.session.SessionHeartbeatController
disableSessionHeartbeat, getSessionHeartbeatInterval, getSessionHeartbeatType, setSessionHeartbeat, setSessionHeartbeat
-
Methods inherited from interface org.apache.sshd.common.signature.SignatureFactoriesHolder
getSignatureFactories, getSignatureFactoriesNameList, getSignatureFactoriesNames
-
Methods inherited from interface org.apache.sshd.common.signature.SignatureFactoriesManager
setSignatureFactories, setSignatureFactoriesNameList, setSignatureFactoriesNames, setSignatureFactoriesNames
-
-
-
-
Field Detail
-
SESSION
public static final java.lang.String SESSION
Name of the property where this session is stored in the attributes of the underlying MINA session. SeegetSession(IoSession, boolean)
andattachSession(IoSession, AbstractSession)
.- See Also:
- Constant Field Values
-
random
protected final Random random
The pseudo random generator
-
sessionListeners
protected final java.util.Collection<SessionListener> sessionListeners
Session listeners container
-
sessionListenerProxy
protected final SessionListener sessionListenerProxy
-
channelListeners
protected final java.util.Collection<ChannelListener> channelListeners
Channel events listener container
-
channelListenerProxy
protected final ChannelListener channelListenerProxy
-
tunnelListeners
protected final java.util.Collection<PortForwardingEventListener> tunnelListeners
Port forwarding events listener container
-
tunnelListenerProxy
protected final PortForwardingEventListener tunnelListenerProxy
-
sessionId
protected byte[] sessionId
-
serverVersion
protected java.lang.String serverVersion
-
clientVersion
protected java.lang.String clientVersion
-
serverProposal
protected final java.util.Map<KexProposalOption,java.lang.String> serverProposal
-
unmodServerProposal
protected final java.util.Map<KexProposalOption,java.lang.String> unmodServerProposal
-
clientProposal
protected final java.util.Map<KexProposalOption,java.lang.String> clientProposal
-
unmodClientProposal
protected final java.util.Map<KexProposalOption,java.lang.String> unmodClientProposal
-
negotiationResult
protected final java.util.Map<KexProposalOption,java.lang.String> negotiationResult
-
unmodNegotiationResult
protected final java.util.Map<KexProposalOption,java.lang.String> unmodNegotiationResult
-
kex
protected KeyExchange kex
-
firstKexPacketFollows
protected java.lang.Boolean firstKexPacketFollows
-
kexState
protected final java.util.concurrent.atomic.AtomicReference<KexState> kexState
-
kexFutureHolder
protected final java.util.concurrent.atomic.AtomicReference<DefaultKeyExchangeFuture> kexFutureHolder
-
outCipher
protected Cipher outCipher
-
inCipher
protected Cipher inCipher
-
outCipherSize
protected int outCipherSize
-
inCipherSize
protected int inCipherSize
-
outMac
protected Mac outMac
-
inMac
protected Mac inMac
-
outMacSize
protected int outMacSize
-
inMacSize
protected int inMacSize
-
inMacResult
protected byte[] inMacResult
-
outCompression
protected Compression outCompression
-
inCompression
protected Compression inCompression
-
seqi
protected long seqi
-
seqo
protected long seqo
-
uncompressBuffer
protected SessionWorkBuffer uncompressBuffer
-
decoderBuffer
protected final SessionWorkBuffer decoderBuffer
-
decoderState
protected int decoderState
-
decoderLength
protected int decoderLength
-
encodeLock
protected final java.lang.Object encodeLock
-
decodeLock
protected final java.lang.Object decodeLock
-
requestLock
protected final java.lang.Object requestLock
-
inPacketsCount
protected final java.util.concurrent.atomic.AtomicLong inPacketsCount
-
outPacketsCount
protected final java.util.concurrent.atomic.AtomicLong outPacketsCount
-
inBytesCount
protected final java.util.concurrent.atomic.AtomicLong inBytesCount
-
outBytesCount
protected final java.util.concurrent.atomic.AtomicLong outBytesCount
-
inBlocksCount
protected final java.util.concurrent.atomic.AtomicLong inBlocksCount
-
outBlocksCount
protected final java.util.concurrent.atomic.AtomicLong outBlocksCount
-
lastKeyTimeValue
protected final java.util.concurrent.atomic.AtomicReference<java.time.Instant> lastKeyTimeValue
-
maxRekyPackets
protected long maxRekyPackets
-
maxRekeyBytes
protected long maxRekeyBytes
-
maxRekeyInterval
protected java.time.Duration maxRekeyInterval
-
pendingPackets
protected final java.util.Queue<PendingWriteFuture> pendingPackets
-
currentService
protected Service currentService
-
globalRequestSeqo
protected final java.util.concurrent.atomic.AtomicLong globalRequestSeqo
-
pendingGlobalRequest
protected final java.util.concurrent.atomic.AtomicReference<java.lang.String> pendingGlobalRequest
-
ignorePacketDataLength
protected int ignorePacketDataLength
-
ignorePacketsFrequency
protected long ignorePacketsFrequency
-
ignorePacketsVariance
protected int ignorePacketsVariance
-
maxRekeyBlocks
protected final java.util.concurrent.atomic.AtomicLong maxRekeyBlocks
-
ignorePacketsCount
protected final java.util.concurrent.atomic.AtomicLong ignorePacketsCount
-
requestResult
private final java.util.concurrent.atomic.AtomicReference<java.lang.Object> requestResult
Used to wait for global requests result synchronous wait
-
clientKexData
private byte[] clientKexData
-
serverKexData
private byte[] serverKexData
-
-
Constructor Detail
-
AbstractSession
protected AbstractSession(boolean serverSession, FactoryManager factoryManager, IoSession ioSession)
Create a new session.- Parameters:
serverSession
-true
if this is a server session,false
if client onefactoryManager
- the factory managerioSession
- the underlying I/O session
-
-
Method Detail
-
calculatePadLength
public static int calculatePadLength(int len, int blockSize, boolean etmMode)
- Parameters:
len
- The packet payload sizeblockSize
- The cipher block sizeetmMode
- Whether using "encrypt-then-MAC" mode- Returns:
- The required padding length
-
getServerVersion
public java.lang.String getServerVersion()
Description copied from interface:SessionContext
Retrieve the server version for this session.- Returns:
- the server version - may be
null
/empty if versions not yet exchanged
-
getServerKexProposals
public java.util.Map<KexProposalOption,java.lang.String> getServerKexProposals()
- Returns:
- An un-modifiable map of the latest KEX client proposal options. May be empty if KEX not yet completed or re-keying in progress
- See Also:
SessionContext.getKexState()
-
getClientVersion
public java.lang.String getClientVersion()
Description copied from interface:SessionContext
Retrieve the client version for this session.- Returns:
- the client version - may be
null
/empty if versions not yet exchanged
-
getClientKexProposals
public java.util.Map<KexProposalOption,java.lang.String> getClientKexProposals()
- Returns:
- An un-modifiable map of the latest KEX client proposal options May be empty if KEX not yet completed or re-keying in progress
- See Also:
SessionContext.getKexState()
-
getKex
public KeyExchange getKex()
- Returns:
- The current
KeyExchange
in progress -null
if KEX not started or successfully completed
-
getKexState
public KexState getKexState()
-
getSessionId
public byte[] getSessionId()
- Returns:
- A clone of the established session identifier -
null
if not yet established
-
getKexNegotiationResult
public java.util.Map<KexProposalOption,java.lang.String> getKexNegotiationResult()
-
getNegotiatedKexParameter
public java.lang.String getNegotiatedKexParameter(KexProposalOption paramType)
Description copied from interface:SessionContext
Retrieve one of the negotiated values during the KEX stage- Parameters:
paramType
- The requestKexProposalOption
value - ignored ifnull
- Returns:
- The negotiated parameter value -
null
if invalid parameter or no negotiated value. - See Also:
SessionContext.getKexState()
-
getCipherInformation
public CipherInformation getCipherInformation(boolean incoming)
Description copied from interface:SessionContext
Retrieves current cipher information - Note: may change if key re-exchange executed- Parameters:
incoming
- Iftrue
then the cipher for the incoming data, otherwise for the outgoing data- Returns:
- The
CipherInformation
- ornull
if not negotiated yet.
-
getCompressionInformation
public CompressionInformation getCompressionInformation(boolean incoming)
Description copied from interface:SessionContext
Retrieves current compression information - Note: may change if key re-exchange executed- Parameters:
incoming
- Iftrue
then the compression for the incoming data, otherwise for the outgoing data- Returns:
- The
CompressionInformation
- ornull
if not negotiated yet.
-
getMacInformation
public MacInformation getMacInformation(boolean incoming)
Description copied from interface:SessionContext
Retrieves current MAC information - Note: may change if key re-exchange executed- Parameters:
incoming
- Iftrue
then the MAC for the incoming data, otherwise for the outgoing data- Returns:
- The
MacInformation
- ornull
if not negotiated yet.
-
messageReceived
public void messageReceived(Readable buffer) throws java.lang.Exception
Main input point for the MINA framework.
This method will be called each time new data is received on the socket and will append it to the input buffer before calling the
decode()
method.- Parameters:
buffer
- the new buffer received- Throws:
java.lang.Exception
- if an error occurs while decoding or handling the data
-
refreshConfiguration
protected void refreshConfiguration()
Refresh whatever internal configuration is notfinal
-
handleMessage
protected void handleMessage(Buffer buffer) throws java.lang.Exception
Abstract method for processing incoming decoded packets. The given buffer will hold the decoded packet, starting from the command byte at the read position.- Parameters:
buffer
- TheBuffer
containing the packet - it may be re-used to generate the response once request has been decoded- Throws:
java.lang.Exception
- if an exception occurs while handling this packet.- See Also:
doHandleMessage(Buffer)
-
doHandleMessage
protected void doHandleMessage(Buffer buffer) throws java.lang.Exception
- Throws:
java.lang.Exception
-
handleFirstKexPacketFollows
protected boolean handleFirstKexPacketFollows(int cmd, Buffer buffer, boolean followFlag)
-
comparePreferredKexProposalOption
protected java.util.Map.Entry<java.lang.String,java.lang.String> comparePreferredKexProposalOption(KexProposalOption option)
Compares the specifiedKexProposalOption
option value for client vs. server- Parameters:
option
- The option to check- Returns:
null
if option is equal, otherwise a key/value pair where key=client option value and value=the server-side one
-
sendNewKeys
protected IoWriteFuture sendNewKeys() throws java.io.IOException
Send a message to put new keys into use.- Returns:
- An
IoWriteFuture
that can be used to wait and check the result of sending the packet - Throws:
java.io.IOException
- if an error occurs sending the message
-
handleKexMessage
protected void handleKexMessage(int cmd, Buffer buffer) throws java.lang.Exception
- Throws:
java.lang.Exception
-
handleKexExtension
protected void handleKexExtension(int cmd, Buffer buffer) throws java.lang.Exception
- Throws:
java.lang.Exception
-
handleNewCompression
protected void handleNewCompression(int cmd, Buffer buffer) throws java.lang.Exception
- Throws:
java.lang.Exception
-
handleServiceRequest
protected void handleServiceRequest(Buffer buffer) throws java.lang.Exception
- Throws:
java.lang.Exception
-
handleServiceRequest
protected boolean handleServiceRequest(java.lang.String serviceName, Buffer buffer) throws java.lang.Exception
- Throws:
java.lang.Exception
-
handleServiceAccept
protected void handleServiceAccept(Buffer buffer) throws java.lang.Exception
- Throws:
java.lang.Exception
-
handleServiceAccept
protected void handleServiceAccept(java.lang.String serviceName, Buffer buffer) throws java.lang.Exception
- Throws:
java.lang.Exception
-
handleKexInit
protected void handleKexInit(Buffer buffer) throws java.lang.Exception
- Throws:
java.lang.Exception
-
doKexNegotiation
protected void doKexNegotiation() throws java.lang.Exception
- Throws:
java.lang.Exception
-
handleNewKeys
protected void handleNewKeys(int cmd, Buffer buffer) throws java.lang.Exception
- Throws:
java.lang.Exception
-
sendPendingPackets
protected java.util.List<java.util.AbstractMap.SimpleImmutableEntry<PendingWriteFuture,IoWriteFuture>> sendPendingPackets(java.util.Queue<PendingWriteFuture> packetsQueue) throws java.io.IOException
- Throws:
java.io.IOException
-
validateKexState
protected void validateKexState(int cmd, KexState expected)
-
getInnerCloseable
protected Closeable getInnerCloseable()
- Specified by:
getInnerCloseable
in classAbstractInnerCloseable
-
preClose
protected void preClose()
Description copied from class:AbstractCloseable
preClose is guaranteed to be called before doCloseGracefully or doCloseImmediately. When preClose() is called, isClosing() == true- Overrides:
preClose
in classAbstractCloseable
-
getServices
protected java.util.List<Service> getServices()
-
getService
public <T extends Service> T getService(java.lang.Class<T> clazz)
Description copied from interface:Session
Get the service of the specified type. If the service is not of the specified class, an IllegalStateException will be thrown.- Type Parameters:
T
- The genericService
type- Parameters:
clazz
- The service class- Returns:
- The service instance
-
preProcessEncodeBuffer
protected Buffer preProcessEncodeBuffer(int cmd, Buffer buffer) throws java.io.IOException
Description copied from class:SessionHelper
Invoked by the session before encoding the buffer in order to make sure that it is at least of sizeSSH_PACKET_HEADER_LEN
. This is required in order to efficiently handle the encoding. If necessary, it re-allocates a new buffer and returns it instead.- Overrides:
preProcessEncodeBuffer
in classSessionHelper
- Parameters:
cmd
- The command stored in the bufferbuffer
- The originalBuffer
- assumed to be properly formatted and be of at least the required minimum length.- Returns:
- The adjusted
Buffer
. Note: users may use this method to totally alter the contents of the buffer being sent but it is highly discouraged as it may have unexpected results. - Throws:
java.io.IOException
- If failed to process the buffer
-
writePacket
public IoWriteFuture writePacket(Buffer buffer) throws java.io.IOException
Description copied from interface:Session
Encode and send the given buffer. The buffer has to have 5 bytes free at the beginning to allow the encoding to take place. Also, the write position of the buffer has to be set to the position of the last byte to write.- Parameters:
buffer
- the buffer to encode and send- Returns:
- An
IoWriteFuture
that can be used to check when the packet has actually been sent - Throws:
java.io.IOException
- if an error occurred when encoding sending the packet
-
enqueuePendingPacket
protected PendingWriteFuture enqueuePendingPacket(Buffer buffer)
Checks if key-exchange is done - if so, or the packet is related to the key-exchange protocol, then allows the packet to go through, otherwise enqueues it to be sent when key-exchange completed- Parameters:
buffer
- TheBuffer
containing the packet to be sent- Returns:
- A
PendingWriteFuture
if enqueued,null
if packet can go through.
-
resolveOutputPacket
protected Buffer resolveOutputPacket(Buffer buffer) throws java.io.IOException
- Throws:
java.io.IOException
-
doWritePacket
protected IoWriteFuture doWritePacket(Buffer buffer) throws java.io.IOException
- Throws:
java.io.IOException
-
resolveIgnoreBufferDataLength
protected int resolveIgnoreBufferDataLength()
-
request
public Buffer request(java.lang.String request, Buffer buffer, long maxWaitMillis) throws java.io.IOException
Description copied from interface:Session
Send a global request and wait for the response. This must only be used when sending aSSH_MSG_GLOBAL_REQUEST
with a result expected, else it will time out- Parameters:
request
- the request name - used mainly for logging and debuggingbuffer
- the buffer containing the global requestmaxWaitMillis
- Max. time to wait for response (millis) - must be positive- Returns:
- the return buffer if the request was successful,
null
otherwise. - Throws:
java.io.IOException
- if an error occurred when encoding or sending the packetjava.net.SocketTimeoutException
- If no response received within specified timeout
-
doInvokeUnimplementedMessageHandler
protected boolean doInvokeUnimplementedMessageHandler(int cmd, Buffer buffer) throws java.lang.Exception
- Overrides:
doInvokeUnimplementedMessageHandler
in classSessionHelper
- Parameters:
cmd
- The unimplemented commandbuffer
- The inputBuffer
- Returns:
- Result of invoking
handleUnimplementedMessage
- Throws:
java.lang.Exception
- if failed to handle the message
-
createBuffer
public Buffer createBuffer(byte cmd, int len)
Description copied from interface:Session
Create a new buffer for the specified SSH packet and reserve the needed space (5 bytes) for the packet header.- Parameters:
cmd
- The SSH command to initialize the buffer withlen
- Estimated number of bytes the buffer will hold, 0 if unknown.- Returns:
- a new buffer ready for write
- See Also:
Session.prepareBuffer(byte, Buffer)
-
prepareBuffer
public Buffer prepareBuffer(byte cmd, Buffer buffer)
Description copied from interface:Session
Prepare a new "clean" buffer while reserving the needed space (5 bytes) for the packet header.- Parameters:
cmd
- The SSH command to initialize the buffer withbuffer
- TheBuffer
instance to initialize- Returns:
- The initialized buffer
-
validateTargetBuffer
protected <B extends Buffer> B validateTargetBuffer(int cmd, B buffer)
Makes sure that the buffer used for output is notnull
or one of the session's internal ones used for decoding and uncompressing- Type Parameters:
B
- TheBuffer
type being validated- Parameters:
cmd
- The most likely command this buffer refers to (not guaranteed to be correct)buffer
- The buffer to be examined- Returns:
- The validated target instance - default same as input
- Throws:
java.lang.IllegalArgumentException
- if any of the conditions is violated
-
encode
protected Buffer encode(Buffer buffer) throws java.io.IOException
Encode a buffer into the SSH protocol. Note: This method must be called inside asynchronized
block usingencodeLock
.- Parameters:
buffer
- the buffer to encode- Returns:
- The encoded buffer - may be different than original if input buffer does not have enough room
for
SshConstants.SSH_PACKET_HEADER_LEN
, in which case a substitute buffer will be created and used. - Throws:
java.io.IOException
- if an exception occurs during the encoding process
-
aeadOutgoingBuffer
protected void aeadOutgoingBuffer(Buffer buf, int offset, int len) throws java.lang.Exception
- Throws:
java.lang.Exception
-
appendOutgoingMac
protected void appendOutgoingMac(Buffer buf, int offset, int len) throws java.lang.Exception
- Throws:
java.lang.Exception
-
encryptOutgoingBuffer
protected void encryptOutgoingBuffer(Buffer buf, int offset, int len) throws java.lang.Exception
- Throws:
java.lang.Exception
-
decode
protected void decode() throws java.lang.Exception
Decode the incoming buffer and handle packets as needed.- Throws:
java.lang.Exception
- If failed to decode
-
validateIncomingMac
protected void validateIncomingMac(byte[] data, int offset, int len) throws java.lang.Exception
- Throws:
java.lang.Exception
-
readIdentification
protected abstract boolean readIdentification(Buffer buffer) throws java.lang.Exception
Read the other side identification. This method is specific to the client or server side, but both should callSessionHelper.doReadIdentification(Buffer, boolean)
and store the result in the needed property.- Parameters:
buffer
- TheBuffer
containing the remote identification- Returns:
true
if the identification has been fully read orfalse
if more data is needed- Throws:
java.lang.Exception
- if an error occurs such as a bad protocol version or unsuccessful KEX was involved
-
sendKexInit
protected byte[] sendKexInit(java.util.Map<KexProposalOption,java.lang.String> proposal) throws java.io.IOException
Send the key exchange initialization packet. This packet contains random data along with our proposal.- Parameters:
proposal
- our proposal for key exchange negotiation- Returns:
- the sent packet data which must be kept for later use when deriving the session keys
- Throws:
java.io.IOException
- if an error occurred sending the packet
-
receiveKexInit
protected byte[] receiveKexInit(Buffer buffer, java.util.Map<KexProposalOption,java.lang.String> proposal) throws java.io.IOException
Receive the remote key exchange init message. The packet data is returned for later use.- Parameters:
buffer
- theBuffer
containing the key exchange init packetproposal
- the remote proposal to fill- Returns:
- the packet data
- Throws:
java.io.IOException
- If failed to handle the message
-
receiveNewKeys
protected void receiveNewKeys() throws java.lang.Exception
Put new keys into use. This method will initialize the ciphers, digests, macs and compression according to the negotiated server and client proposals.- Throws:
java.lang.Exception
- if an error occurs
-
notImplemented
protected IoWriteFuture notImplemented(int cmd, Buffer buffer) throws java.lang.Exception
Send aSSH_MSG_UNIMPLEMENTED
packet. This packet should contain the sequence id of the unsupported packet: this number is assumed to be the last packet received.- Parameters:
cmd
- The un-implemented command valuebuffer
- TheBuffer
that contains the command. Note: the buffer's read position is just beyond the command.- Returns:
- An
IoWriteFuture
that can be used to wait for packet write completion -null
if the registeredReservedSessionMessagesHandler
decided to handle the command internally - Throws:
java.lang.Exception
- if an error occurred while handling the packet.- See Also:
SessionHelper.sendNotImplemented(long)
-
negotiate
protected java.util.Map<KexProposalOption,java.lang.String> negotiate() throws java.io.IOException
Compute the negotiated proposals by merging the client and server proposal. The negotiated proposal will also be stored in thenegotiationResult
property.- Returns:
- The negotiated options
Map
- Throws:
java.io.IOException
- If negotiation failed
-
setNegotiationResult
protected java.util.Map<KexProposalOption,java.lang.String> setNegotiationResult(java.util.Map<KexProposalOption,java.lang.String> guess)
-
requestSuccess
protected void requestSuccess(Buffer buffer) throws java.lang.Exception
Indicates the reception of aSSH_MSG_REQUEST_SUCCESS
message- Parameters:
buffer
- TheBuffer
containing the message data- Throws:
java.lang.Exception
- If failed to handle the message
-
requestFailure
protected void requestFailure(Buffer buffer) throws java.lang.Exception
Indicates the reception of aSSH_MSG_REQUEST_FAILURE
message- Parameters:
buffer
- TheBuffer
containing the message data- Throws:
java.lang.Exception
- If failed to handle the message
-
signalRequestFailure
protected void signalRequestFailure()
Marks the current pending global request result as failed
-
addSessionListener
public void addSessionListener(SessionListener listener)
Description copied from interface:SessionListenerManager
Add a session listener.- Parameters:
listener
- TheSessionListener
to add - notnull
-
removeSessionListener
public void removeSessionListener(SessionListener listener)
Description copied from interface:SessionListenerManager
Remove a session listener.- Parameters:
listener
- TheSessionListener
to remove
-
getSessionListenerProxy
public SessionListener getSessionListenerProxy()
- Returns:
- A (never
null
proxySessionListener
that represents all the currently registered listeners. Any method invocation on the proxy is replicated to the currently registered listeners
-
addChannelListener
public void addChannelListener(ChannelListener listener)
Description copied from interface:ChannelListenerManager
Add a channel listener- Parameters:
listener
- TheChannelListener
to add - notnull
-
removeChannelListener
public void removeChannelListener(ChannelListener listener)
Description copied from interface:ChannelListenerManager
Remove a channel listener- Parameters:
listener
- TheChannelListener
to remove
-
getChannelListenerProxy
public ChannelListener getChannelListenerProxy()
- Returns:
- A (never
null
proxyChannelListener
that represents all the currently registered listeners. Any method invocation on the proxy is replicated to the currently registered listeners
-
getPortForwardingEventListenerProxy
public PortForwardingEventListener getPortForwardingEventListenerProxy()
- Returns:
- A proxy listener representing all the currently registered listener through this manager
-
addPortForwardingEventListener
public void addPortForwardingEventListener(PortForwardingEventListener listener)
Description copied from interface:PortForwardingEventListenerManager
Add a port forwarding listener- Parameters:
listener
- ThePortForwardingEventListener
to add - nevernull
-
removePortForwardingEventListener
public void removePortForwardingEventListener(PortForwardingEventListener listener)
Description copied from interface:PortForwardingEventListenerManager
Remove a port forwarding listener- Parameters:
listener
- ThePortForwardingEventListener
to remove - ignored ifnull
-
reExchangeKeys
public KeyExchangeFuture reExchangeKeys() throws java.io.IOException
Description copied from interface:Session
Initiate a new key exchange.- Returns:
- A
KeyExchangeFuture
for awaiting the completion of the exchange - Throws:
java.io.IOException
- If failed to request keys re-negotiation
-
checkRekey
protected KeyExchangeFuture checkRekey() throws java.io.IOException, java.security.GeneralSecurityException
Checks if a re-keying is required and if so initiates it- Returns:
- A
KeyExchangeFuture
to wait for the initiated exchange ornull
if no need to re-key or an exchange is already in progress - Throws:
java.io.IOException
- If failed load the keys or send the requestjava.security.GeneralSecurityException
- If failed to generate the necessary keys- See Also:
isRekeyRequired()
,requestNewKeysExchange()
-
requestNewKeysExchange
protected KeyExchangeFuture requestNewKeysExchange() throws java.io.IOException, java.security.GeneralSecurityException
Initiates a new keys exchange if one not already in progress- Returns:
- A
KeyExchangeFuture
to wait for the initiated exchange ornull
if an exchange is already in progress - Throws:
java.io.IOException
- If failed to load the keys or send the requestjava.security.GeneralSecurityException
- If failed to generate the keys
-
isRekeyRequired
protected boolean isRekeyRequired()
-
isRekeyTimeIntervalExceeded
protected boolean isRekeyTimeIntervalExceeded()
-
isRekeyPacketCountsExceeded
protected boolean isRekeyPacketCountsExceeded()
-
isRekeyDataSizeExceeded
protected boolean isRekeyDataSizeExceeded()
-
isRekeyBlocksCountExceeded
protected boolean isRekeyBlocksCountExceeded()
-
resolveSessionKexProposal
protected java.lang.String resolveSessionKexProposal(java.lang.String hostKeyTypes) throws java.io.IOException
- Overrides:
resolveSessionKexProposal
in classSessionHelper
- Throws:
java.io.IOException
-
sendKexInit
protected byte[] sendKexInit() throws java.io.IOException, java.security.GeneralSecurityException
- Throws:
java.io.IOException
java.security.GeneralSecurityException
-
getClientKexData
protected byte[] getClientKexData()
-
setClientKexData
protected void setClientKexData(byte[] data)
-
getServerKexData
protected byte[] getServerKexData()
-
setServerKexData
protected void setServerKexData(byte[] data)
-
setKexSeed
protected abstract void setKexSeed(byte... seed)
- Parameters:
seed
- The result of the KEXINIT handshake - required for correct session key establishment
-
resolveAvailableSignaturesProposal
protected java.lang.String resolveAvailableSignaturesProposal() throws java.io.IOException, java.security.GeneralSecurityException
- Returns:
- A comma-separated list of all the signature protocols to be included in the
proposal -
null
/empty if no proposal - Throws:
java.io.IOException
- If failed to read/parse the keys datajava.security.GeneralSecurityException
- If failed to generate the keys- See Also:
SessionHelper.getFactoryManager()
,resolveAvailableSignaturesProposal(FactoryManager)
-
resolveAvailableSignaturesProposal
protected abstract java.lang.String resolveAvailableSignaturesProposal(FactoryManager manager) throws java.io.IOException, java.security.GeneralSecurityException
- Parameters:
manager
- TheFactoryManager
- Returns:
- A comma-separated list of all the signature protocols to be included in the
proposal -
null
/empty if no proposal - Throws:
java.io.IOException
- If failed to read/parse the keys datajava.security.GeneralSecurityException
- If failed to generate the keys
-
checkKeys
protected abstract void checkKeys() throws java.io.IOException
Indicates the the key exchange is completed and the exchanged keys can now be verified - e.g., client can verify the server's key- Throws:
java.io.IOException
- If validation failed
-
receiveKexInit
protected byte[] receiveKexInit(Buffer buffer) throws java.lang.Exception
- Throws:
java.lang.Exception
-
receiveKexInit
protected abstract void receiveKexInit(java.util.Map<KexProposalOption,java.lang.String> proposal, byte[] seed) throws java.io.IOException
- Throws:
java.io.IOException
-
getSession
public static AbstractSession getSession(IoSession ioSession) throws MissingAttachedSessionException
Retrieve the SSH session from the I/O session. If the session has not been attached, an exception will be thrown- Parameters:
ioSession
- TheIoSession
- Returns:
- The SSH session attached to the I/O session
- Throws:
MissingAttachedSessionException
- if no attached SSH session- See Also:
getSession(IoSession, boolean)
-
attachSession
public static void attachSession(IoSession ioSession, AbstractSession session) throws MultipleAttachedSessionException
Attach an SSHAbstractSession
to the I/O session- Parameters:
ioSession
- TheIoSession
session
- The SSH session to attach- Throws:
MultipleAttachedSessionException
- If a previous session already attached
-
getSession
public static AbstractSession getSession(IoSession ioSession, boolean allowNull) throws MissingAttachedSessionException
Retrieve the session SSH from the I/O session. If the session has not been attached and allowNull isfalse
, an exception will be thrown, otherwise anull
will be returned.- Parameters:
ioSession
- TheIoSession
allowNull
- Iftrue
, anull
value may be returned if no session is attached- Returns:
- the session attached to the I/O session or
null
- Throws:
MissingAttachedSessionException
- if no attached session and allowNull=false
-
-