Class AbstractSession
java.lang.Object
org.apache.sshd.common.util.logging.AbstractLoggingBean
org.apache.sshd.common.util.closeable.IoBaseCloseable
org.apache.sshd.common.util.closeable.AbstractCloseable
org.apache.sshd.common.util.closeable.AbstractInnerCloseable
org.apache.sshd.common.kex.AbstractKexFactoryManager
org.apache.sshd.common.session.helpers.SessionHelper
org.apache.sshd.common.session.helpers.AbstractSession
- All Implemented Interfaces:
Closeable
,AutoCloseable
,Channel
,AttributeRepository
,AttributeStore
,MutableUserHolder
,UsernameHolder
,ChannelListenerManager
,ChannelStreamWriterResolver
,ChannelStreamWriterResolverManager
,Closeable
,FactoryManagerHolder
,PortForwardingEventListenerManager
,PortForwardingInformationProvider
,KexExtensionHandlerManager
,KexFactoryManager
,PropertyResolver
,ReservedSessionMessagesManager
,Session
,SessionContext
,SessionDisconnectHandlerManager
,SessionHeartbeatController
,SessionListenerManager
,UnknownChannelReferenceHandlerManager
,SignatureFactoriesHolder
,SignatureFactoriesManager
,ConnectionEndpointsIndicator
- Direct Known Subclasses:
AbstractClientSession
,AbstractServerSession
The AbstractSession handles all the basic SSH protocol such as key exchange, authentication, encoding and decoding.
Both server side and client side sessions should inherit from this abstract class. Some basic packet processing
methods are defined but the actual call to these methods should be done from the handleMessage(Buffer)
method, which is dependent on the state and side of this session.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprotected static class
Message encoding or decoding settings as determined at the end of a key exchange.Nested classes/interfaces inherited from class org.apache.sshd.common.util.closeable.AbstractCloseable
AbstractCloseable.State
Nested classes/interfaces inherited from interface org.apache.sshd.common.AttributeRepository
AttributeRepository.AttributeKey<T>
Nested classes/interfaces inherited from interface org.apache.sshd.common.session.SessionHeartbeatController
SessionHeartbeatController.HeartbeatType
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected final ChannelListener
protected final Collection<ChannelListener>
Channel events listener containerprivate byte[]
protected final Map<KexProposalOption,
String> protected String
protected Service
protected final Object
protected final SessionWorkBuffer
protected int
protected int
protected final Object
protected Boolean
protected final AtomicLong
protected int
protected final AtomicLong
protected long
protected int
protected final AtomicLong
protected final AtomicLong
protected Cipher
protected int
protected Compression
protected Mac
protected byte[]
protected int
protected final AtomicLong
protected AbstractSession.MessageCodingSettings
Resulting message coding settings at the end of a key exchange for incoming messages.protected KeyExchange
protected final AtomicReference<DefaultKeyExchangeFuture>
protected DefaultKeyExchangeFuture
protected final Object
protected final AtomicReference<KexState>
protected final AtomicReference<Instant>
protected final AtomicLong
protected long
protected Duration
protected long
protected final Map<KexProposalOption,
String> protected final AtomicLong
protected final AtomicLong
protected Cipher
protected int
protected Compression
protected Mac
protected int
protected final AtomicLong
protected AbstractSession.MessageCodingSettings
Resulting message coding settings at the end of a key exchange for outgoing messages.protected final AtomicReference<String>
protected final Queue<PendingWriteFuture>
protected final Random
The pseudo random generatorprotected final Object
private final AtomicReference<Object>
Used to wait for global requests result synchronous waitprotected long
Input packet ID.protected long
Output packet ID.private byte[]
protected final Map<KexProposalOption,
String> protected String
static final String
Name of the property where this session is stored in the attributes of the underlying MINA session.protected byte[]
protected final SessionListener
protected final Collection<SessionListener>
Session listeners containerprotected final PortForwardingEventListener
protected final Collection<PortForwardingEventListener>
Port forwarding events listener containerprotected SessionWorkBuffer
protected final Map<KexProposalOption,
String> protected final Map<KexProposalOption,
String> protected final Map<KexProposalOption,
String> Fields inherited from class org.apache.sshd.common.session.helpers.SessionHelper
authStart, idleStart, sessionLock
Fields inherited from class org.apache.sshd.common.util.closeable.AbstractCloseable
closeFuture, futureLock, state
Fields inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean
log
Fields inherited from interface org.apache.sshd.common.channel.throttle.ChannelStreamWriterResolver
NONE
Fields inherited from interface org.apache.sshd.common.PropertyResolver
EMPTY
Fields inherited from interface org.apache.sshd.common.session.SessionContext
DEFAULT_SSH_VERSION_PREFIX, FALLBACK_SSH_VERSION_PREFIX, MAX_VERSION_LINE_LENGTH
-
Constructor Summary
ConstructorsModifierConstructorDescriptionprotected
AbstractSession
(boolean serverSession, FactoryManager factoryManager, IoSession ioSession) Create a new session. -
Method Summary
Modifier and TypeMethodDescriptionvoid
addChannelListener
(ChannelListener listener) Add a channel listenervoid
Add a port forwarding listenervoid
addSessionListener
(SessionListener listener) Add a session listener.protected void
aeadOutgoingBuffer
(Buffer buf, int offset, int len) protected void
appendOutgoingMac
(Buffer buf, int offset, int len) static void
attachSession
(IoSession ioSession, AbstractSession session) Attach an SSHAbstractSession
to the I/O sessionstatic int
calculatePadLength
(int len, int blockSize, boolean etmMode) protected abstract void
Indicates the the key exchange is completed and the exchanged keys can now be verified - e.g., client can verify the server's keyprotected KeyExchangeFuture
Checks if a re-keying is required and if so initiates itCompares the specifiedKexProposalOption
option value for client vs.createBuffer
(byte cmd, int len) Create a new buffer for the specified SSH packet and reserve the needed space (5 bytes) for the packet header.protected void
decode()
Decode the incoming buffer and handle packets as needed.protected long
determineRekeyBlockLimit
(int inCipherBlockSize, int outCipherBlockSize) Compute the number of blocks after which we should re-key again.protected void
doHandleMessage
(Buffer buffer) protected boolean
doInvokeUnimplementedMessageHandler
(int cmd, Buffer buffer) protected void
protected IoWriteFuture
doWritePacket
(Buffer buffer) protected Buffer
Encode a buffer into the SSH protocol.protected void
encryptOutgoingBuffer
(Buffer buf, int offset, int len) protected PendingWriteFuture
enqueuePendingPacket
(Buffer buffer) Checks if key-exchange is done - if so, or the packet is related to the key-exchange protocol, then allows the packet to go through, otherwise enqueues it to be sent when key-exchange completedgetCipherInformation
(boolean incoming) Retrieves current cipher information - Note: may change if key re-exchange executedprotected byte[]
Retrieve the client version for this session.getCompressionInformation
(boolean incoming) Retrieves current compression information - Note: may change if key re-exchange executedprotected Closeable
getKex()
getMacInformation
(boolean incoming) Retrieves current MAC information - Note: may change if key re-exchange executedgetNegotiatedKexParameter
(KexProposalOption paramType) Retrieve one of the negotiated values during the KEX stageprotected byte[]
Retrieve the server version for this session.<T extends Service>
TgetService
(Class<T> clazz) Get the service of the specified type.static AbstractSession
getSession
(IoSession ioSession) Retrieve the SSH session from the I/O session.static AbstractSession
getSession
(IoSession ioSession, boolean allowNull) Retrieve the session SSH from the I/O session.byte[]
protected boolean
handleFirstKexPacketFollows
(int cmd, Buffer buffer, boolean followFlag) protected void
handleKexExtension
(int cmd, Buffer buffer) protected void
handleKexInit
(Buffer buffer) protected void
handleKexMessage
(int cmd, Buffer buffer) protected void
handleMessage
(Buffer buffer) Abstract method for processing incoming decoded packets.protected void
handleNewCompression
(int cmd, Buffer buffer) protected void
handleNewKeys
(int cmd, Buffer buffer) protected void
handleServiceAccept
(String serviceName, Buffer buffer) protected void
handleServiceAccept
(Buffer buffer) protected boolean
handleServiceRequest
(String serviceName, Buffer buffer) protected void
handleServiceRequest
(Buffer buffer) protected boolean
protected boolean
protected boolean
protected boolean
protected boolean
void
messageReceived
(Readable buffer) Main input point for the MINA framework.protected Map<KexProposalOption,
String> Compute the negotiated proposals by merging the client and server proposal.protected IoWriteFuture
notImplemented
(int cmd, Buffer buffer) Send aSSH_MSG_UNIMPLEMENTED
packet.protected void
preClose()
preClose is guaranteed to be called before doCloseGracefully or doCloseImmediately.prepareBuffer
(byte cmd, Buffer buffer) Prepare a new "clean" buffer while reserving the needed space (5 bytes) for the packet header.protected void
Prepares the new ciphers, macs and compression algorithms according to the negotiated server and client proposals and stores them ininSettings
andoutSettings
.protected Buffer
preProcessEncodeBuffer
(int cmd, Buffer buffer) Invoked by the session before encoding the buffer in order to make sure that it is at least of sizeSSH_PACKET_HEADER_LEN
.protected abstract boolean
readIdentification
(Buffer buffer) Read the other side identification.protected abstract void
receiveKexInit
(Map<KexProposalOption, String> proposal, byte[] seed) protected byte[]
receiveKexInit
(Buffer buffer) protected byte[]
receiveKexInit
(Buffer buffer, Map<KexProposalOption, String> proposal) Receive the remote key exchange init message.Initiate a new key exchange.protected void
Refresh whatever internal configuration is notfinal
void
removeChannelListener
(ChannelListener listener) Remove a channel listenervoid
Remove a port forwarding listenervoid
removeSessionListener
(SessionListener listener) Remove a session listener.Send a global request and wait for the response.protected void
requestFailure
(Buffer buffer) Indicates the reception of aSSH_MSG_REQUEST_FAILURE
messageprotected KeyExchangeFuture
Initiates a new keys exchange if one not already in progressprotected void
requestSuccess
(Buffer buffer) Indicates the reception of aSSH_MSG_REQUEST_SUCCESS
messageprotected String
protected abstract String
protected int
protected Buffer
resolveOutputPacket
(Buffer buffer) protected String
resolveSessionKexProposal
(String hostKeyTypes) protected byte[]
protected byte[]
sendKexInit
(Map<KexProposalOption, String> proposal) Send the key exchange initialization packet.protected IoWriteFuture
Send a message to put new keys into use.sendPendingPackets
(Queue<PendingWriteFuture> packetsQueue) protected void
setClientKexData
(byte[] data) protected void
Installs the current preparedinSettings
so that they are effective and will be applied to any future incoming packet.protected abstract void
setKexSeed
(byte... seed) protected Map<KexProposalOption,
String> protected void
Installs the current preparedoutSettings
so that they are effective and will be applied to any future outgoing packet.protected void
setServerKexData
(byte[] data) protected void
Marks the current pending global request result as failedprotected void
validateIncomingMac
(byte[] data, int offset, int len) protected void
validateKexState
(int cmd, KexState expected) protected <B extends Buffer>
BvalidateTargetBuffer
(int cmd, B buffer) Makes sure that the buffer used for output is notnull
or one of the session's internal ones used for decoding and uncompressingwritePacket
(Buffer buffer) Encode and send the given buffer.Methods inherited from class org.apache.sshd.common.session.helpers.SessionHelper
attributeKeys, calculateNextIgnorePacketCount, checkAuthenticationTimeout, checkForTimeouts, checkIdleTimeout, clearAttributes, computeAttributeIfAbsent, createProposal, disconnect, doInvokeDebugMessageHandler, doInvokeIgnoreMessageHandler, doReadIdentification, exceptionCaught, getAttribute, getAttributesCount, getAuthTimeout, getAuthTimeoutStart, getBoundLocalPortForwards, getBoundRemotePortForward, getChannelStreamWriterResolver, getConnectionService, getFactoryManager, getForwarder, getIdleTimeout, getIdleTimeoutStart, getIoSession, getLocalForwardsBindings, getParentPropertyResolver, getProperties, getRemoteForwardsBindings, getReservedSessionMessagesHandler, getSessionDisconnectHandler, getStartedLocalPortForwards, getStartedRemotePortForwards, getTimeoutStatus, getUnknownChannelReferenceHandler, getUsername, handleDebug, handleDisconnect, handleDisconnect, handleIgnore, handleUnimplemented, invokeSessionSignaller, isAuthenticated, isLocalPortForwardingStartedForPort, isRemotePortForwardingStartedForPort, isServerSession, mergeProposals, removeAttribute, resetAuthTimeout, resetIdleTimeout, resizeKey, resolveChannelStreamWriterResolver, resolveIdentificationString, resolvePeerAddress, resolveReservedSessionMessagesHandler, resolveUnknownChannelReferenceHandler, sendDebugMessage, sendIdentification, sendIgnoreMessage, sendNotImplemented, setAttribute, setAuthenticated, setChannelStreamWriterResolver, setReservedSessionMessagesHandler, setSessionDisconnectHandler, setUnknownChannelReferenceHandler, setUsername, signalDisconnect, signalDisconnect, signalExceptionCaught, signalExceptionCaught, signalNegotiationEnd, signalNegotiationEnd, signalNegotiationOptionsCreated, signalNegotiationOptionsCreated, signalNegotiationStart, signalNegotiationStart, signalPeerIdentificationReceived, signalPeerIdentificationReceived, signalReadPeerIdentificationLine, signalReadPeerIdentificationLine, signalSendIdentification, signalSendIdentification, signalSessionClosed, signalSessionClosed, signalSessionCreated, signalSessionCreated, signalSessionEstablished, signalSessionEstablished, signalSessionEvent, signalSessionEvent, toString, writePacket
Methods inherited from class org.apache.sshd.common.kex.AbstractKexFactoryManager
getCipherFactories, getCompressionFactories, getDelegate, getKexExtensionHandler, getKeyExchangeFactories, getMacFactories, getSignatureFactories, resolveEffectiveFactories, resolveEffectiveProvider, setCipherFactories, setCompressionFactories, setKexExtensionHandler, setKeyExchangeFactories, setMacFactories, setSignatureFactories
Methods inherited from class org.apache.sshd.common.util.closeable.AbstractInnerCloseable
doCloseGracefully, doCloseImmediately
Methods inherited from class org.apache.sshd.common.util.closeable.AbstractCloseable
addCloseFutureListener, builder, close, getFutureLock, isClosed, isClosing, removeCloseFutureListener
Methods inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean
debug, debug, debug, debug, debug, error, error, error, error, error, getSimplifiedLogger, info, info, warn, warn, warn, warn, warn, warn, warn, warn
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface org.apache.sshd.common.channel.throttle.ChannelStreamWriterResolverManager
resolveChannelStreamWriter
Methods inherited from interface org.apache.sshd.common.Closeable
addCloseFutureListener, close, close, isClosed, isClosing, isOpen, removeCloseFutureListener
Methods inherited from interface org.apache.sshd.common.kex.extension.KexExtensionHandlerManager
getKexExtensionHandler, setKexExtensionHandler
Methods inherited from interface org.apache.sshd.common.kex.KexFactoryManager
getCipherFactories, getCipherFactoriesNameList, getCipherFactoriesNames, getCompressionFactories, getCompressionFactoriesNameList, getCompressionFactoriesNames, getKeyExchangeFactories, getMacFactories, getMacFactoriesNameList, getMacFactoriesNames, setCipherFactories, setCipherFactoriesNameList, setCipherFactoriesNames, setCipherFactoriesNames, setCompressionFactories, setCompressionFactoriesNameList, setCompressionFactoriesNames, setCompressionFactoriesNames, setKeyExchangeFactories, setMacFactories, setMacFactoriesNameList, setMacFactoriesNames, setMacFactoriesNames
Methods inherited from interface org.apache.sshd.common.PropertyResolver
getBoolean, getBooleanProperty, getCharset, getInteger, getIntProperty, getLong, getLongProperty, getObject, getString, getStringProperty, isEmpty
Methods inherited from interface org.apache.sshd.common.session.Session
createBuffer, getLocalAddress, getRemoteAddress, request, request, resolveAttribute, startService, writePacket, writePacket
Methods inherited from interface org.apache.sshd.common.session.SessionHeartbeatController
disableSessionHeartbeat, getSessionHeartbeatInterval, getSessionHeartbeatType, setSessionHeartbeat, setSessionHeartbeat
Methods inherited from interface org.apache.sshd.common.signature.SignatureFactoriesHolder
getSignatureFactories, getSignatureFactoriesNameList, getSignatureFactoriesNames
Methods inherited from interface org.apache.sshd.common.signature.SignatureFactoriesManager
setSignatureFactories, setSignatureFactoriesNameList, setSignatureFactoriesNames, setSignatureFactoriesNames
-
Field Details
-
SESSION
Name of the property where this session is stored in the attributes of the underlying MINA session. SeegetSession(IoSession, boolean)
andattachSession(IoSession, AbstractSession)
.- See Also:
-
random
The pseudo random generator -
sessionListeners
Session listeners container -
sessionListenerProxy
-
channelListeners
Channel events listener container -
channelListenerProxy
-
tunnelListeners
Port forwarding events listener container -
tunnelListenerProxy
-
sessionId
protected byte[] sessionId -
serverVersion
-
clientVersion
-
serverProposal
-
unmodServerProposal
-
clientProposal
-
unmodClientProposal
-
negotiationResult
-
unmodNegotiationResult
-
kex
-
firstKexPacketFollows
-
kexState
-
kexFutureHolder
-
kexInitializedFuture
-
outCipher
-
inCipher
-
outCipherSize
protected int outCipherSize -
inCipherSize
protected int inCipherSize -
outMac
-
inMac
-
outMacSize
protected int outMacSize -
inMacSize
protected int inMacSize -
inMacResult
protected byte[] inMacResult -
outCompression
-
inCompression
-
seqi
protected long seqiInput packet ID. -
seqo
protected long seqoOutput packet ID. -
uncompressBuffer
-
decoderBuffer
-
decoderState
protected int decoderState -
decoderLength
protected int decoderLength -
encodeLock
-
decodeLock
-
kexLock
-
requestLock
-
inPacketsCount
-
outPacketsCount
-
inBytesCount
-
outBytesCount
-
inBlocksCount
-
outBlocksCount
-
lastKeyTimeValue
-
maxRekyPackets
protected long maxRekyPackets -
maxRekeyBytes
protected long maxRekeyBytes -
maxRekeyInterval
-
pendingPackets
-
inSettings
Resulting message coding settings at the end of a key exchange for incoming messages.- See Also:
-
outSettings
Resulting message coding settings at the end of a key exchange for outgoing messages.- See Also:
-
currentService
-
globalRequestSeqo
-
pendingGlobalRequest
-
ignorePacketDataLength
protected int ignorePacketDataLength -
ignorePacketsFrequency
protected long ignorePacketsFrequency -
ignorePacketsVariance
protected int ignorePacketsVariance -
maxRekeyBlocks
-
ignorePacketsCount
-
requestResult
Used to wait for global requests result synchronous wait -
clientKexData
private byte[] clientKexData -
serverKexData
private byte[] serverKexData
-
-
Constructor Details
-
AbstractSession
protected AbstractSession(boolean serverSession, FactoryManager factoryManager, IoSession ioSession) Create a new session.- Parameters:
serverSession
-true
if this is a server session,false
if client onefactoryManager
- the factory managerioSession
- the underlying I/O session
-
-
Method Details
-
calculatePadLength
public static int calculatePadLength(int len, int blockSize, boolean etmMode) - Parameters:
len
- The packet payload sizeblockSize
- The cipher block sizeetmMode
- Whether using "encrypt-then-MAC" mode- Returns:
- The required padding length
-
getServerVersion
Description copied from interface:SessionContext
Retrieve the server version for this session.- Returns:
- the server version - may be
null
/empty if versions not yet exchanged
-
getServerKexProposals
- Returns:
- An un-modifiable map of the latest KEX client proposal options. May be empty if KEX not yet completed or re-keying in progress
- See Also:
-
getClientVersion
Description copied from interface:SessionContext
Retrieve the client version for this session.- Returns:
- the client version - may be
null
/empty if versions not yet exchanged
-
getClientKexProposals
- Returns:
- An un-modifiable map of the latest KEX client proposal options May be empty if KEX not yet completed or re-keying in progress
- See Also:
-
getKex
- Returns:
- The current
KeyExchange
in progress -null
if KEX not started or successfully completed
-
getKexState
-
getSessionId
public byte[] getSessionId()- Returns:
- A clone of the established session identifier -
null
if not yet established
-
getKexNegotiationResult
-
getNegotiatedKexParameter
Description copied from interface:SessionContext
Retrieve one of the negotiated values during the KEX stage- Parameters:
paramType
- The requestKexProposalOption
value - ignored ifnull
- Returns:
- The negotiated parameter value -
null
if invalid parameter or no negotiated value. - See Also:
-
getCipherInformation
Description copied from interface:SessionContext
Retrieves current cipher information - Note: may change if key re-exchange executed- Parameters:
incoming
- Iftrue
then the cipher for the incoming data, otherwise for the outgoing data- Returns:
- The
CipherInformation
- ornull
if not negotiated yet.
-
getCompressionInformation
Description copied from interface:SessionContext
Retrieves current compression information - Note: may change if key re-exchange executed- Parameters:
incoming
- Iftrue
then the compression for the incoming data, otherwise for the outgoing data- Returns:
- The
CompressionInformation
- ornull
if not negotiated yet.
-
getMacInformation
Description copied from interface:SessionContext
Retrieves current MAC information - Note: may change if key re-exchange executed- Parameters:
incoming
- Iftrue
then the MAC for the incoming data, otherwise for the outgoing data- Returns:
- The
MacInformation
- ornull
if not negotiated yet.
-
messageReceived
Main input point for the MINA framework.
This method will be called each time new data is received on the socket and will append it to the input buffer before calling the
decode()
method.- Parameters:
buffer
- the new buffer received- Throws:
Exception
- if an error occurs while decoding or handling the data
-
refreshConfiguration
protected void refreshConfiguration()Refresh whatever internal configuration is notfinal
-
handleMessage
Abstract method for processing incoming decoded packets. The given buffer will hold the decoded packet, starting from the command byte at the read position. -
doHandleMessage
- Throws:
Exception
-
handleFirstKexPacketFollows
-
comparePreferredKexProposalOption
Compares the specifiedKexProposalOption
option value for client vs. server- Parameters:
option
- The option to check- Returns:
null
if option is equal, otherwise a key/value pair where key=client option value and value=the server-side one
-
sendNewKeys
Send a message to put new keys into use.- Returns:
- An
IoWriteFuture
that can be used to wait and check the result of sending the packet - Throws:
Exception
- if an error occurs sending the message
-
handleKexMessage
- Throws:
Exception
-
handleKexExtension
- Throws:
Exception
-
handleNewCompression
- Throws:
Exception
-
handleServiceRequest
- Throws:
Exception
-
handleServiceRequest
- Throws:
Exception
-
handleServiceAccept
- Throws:
Exception
-
handleServiceAccept
- Throws:
Exception
-
handleKexInit
- Throws:
Exception
-
doKexNegotiation
- Throws:
Exception
-
handleNewKeys
- Throws:
Exception
-
sendPendingPackets
protected List<AbstractMap.SimpleImmutableEntry<PendingWriteFuture,IoWriteFuture>> sendPendingPackets(Queue<PendingWriteFuture> packetsQueue) throws IOException - Throws:
IOException
-
validateKexState
-
getInnerCloseable
- Specified by:
getInnerCloseable
in classAbstractInnerCloseable
-
preClose
protected void preClose()Description copied from class:AbstractCloseable
preClose is guaranteed to be called before doCloseGracefully or doCloseImmediately. When preClose() is called, isClosing() == true- Overrides:
preClose
in classAbstractCloseable
-
getServices
-
getService
Description copied from interface:Session
Get the service of the specified type. If the service is not of the specified class, an IllegalStateException will be thrown.- Type Parameters:
T
- The genericService
type- Parameters:
clazz
- The service class- Returns:
- The service instance
-
preProcessEncodeBuffer
Description copied from class:SessionHelper
Invoked by the session before encoding the buffer in order to make sure that it is at least of sizeSSH_PACKET_HEADER_LEN
. This is required in order to efficiently handle the encoding. If necessary, it re-allocates a new buffer and returns it instead.- Overrides:
preProcessEncodeBuffer
in classSessionHelper
- Parameters:
cmd
- The command stored in the bufferbuffer
- The originalBuffer
- assumed to be properly formatted and be of at least the required minimum length.- Returns:
- The adjusted
Buffer
. Note: users may use this method to totally alter the contents of the buffer being sent but it is highly discouraged as it may have unexpected results. - Throws:
IOException
- If failed to process the buffer
-
writePacket
Description copied from interface:Session
Encode and send the given buffer. The buffer has to have 5 bytes free at the beginning to allow the encoding to take place. Also, the write position of the buffer has to be set to the position of the last byte to write.- Parameters:
buffer
- the buffer to encode and send- Returns:
- An
IoWriteFuture
that can be used to check when the packet has actually been sent - Throws:
IOException
- if an error occurred when encoding sending the packet
-
enqueuePendingPacket
Checks if key-exchange is done - if so, or the packet is related to the key-exchange protocol, then allows the packet to go through, otherwise enqueues it to be sent when key-exchange completed- Parameters:
buffer
- TheBuffer
containing the packet to be sent- Returns:
- A
PendingWriteFuture
if enqueued,null
if packet can go through.
-
resolveOutputPacket
- Throws:
IOException
-
doWritePacket
- Throws:
IOException
-
resolveIgnoreBufferDataLength
protected int resolveIgnoreBufferDataLength() -
request
Description copied from interface:Session
Send a global request and wait for the response. This must only be used when sending aSSH_MSG_GLOBAL_REQUEST
with a result expected, else it will time out- Parameters:
request
- the request name - used mainly for logging and debuggingbuffer
- the buffer containing the global requestmaxWaitMillis
- Max. time to wait for response (millis) - must be positive- Returns:
- the return buffer if the request was successful,
null
otherwise. - Throws:
IOException
- if an error occurred when encoding or sending the packetSocketTimeoutException
- If no response received within specified timeout
-
doInvokeUnimplementedMessageHandler
- Overrides:
doInvokeUnimplementedMessageHandler
in classSessionHelper
- Parameters:
cmd
- The unimplemented commandbuffer
- The inputBuffer
- Returns:
- Result of invoking
handleUnimplementedMessage
- Throws:
Exception
- if failed to handle the message
-
createBuffer
Description copied from interface:Session
Create a new buffer for the specified SSH packet and reserve the needed space (5 bytes) for the packet header.- Parameters:
cmd
- The SSH command to initialize the buffer withlen
- Estimated number of bytes the buffer will hold, 0 if unknown.- Returns:
- a new buffer ready for write
- See Also:
-
prepareBuffer
Description copied from interface:Session
Prepare a new "clean" buffer while reserving the needed space (5 bytes) for the packet header.- Parameters:
cmd
- The SSH command to initialize the buffer withbuffer
- TheBuffer
instance to initialize- Returns:
- The initialized buffer
-
validateTargetBuffer
Makes sure that the buffer used for output is notnull
or one of the session's internal ones used for decoding and uncompressing- Type Parameters:
B
- TheBuffer
type being validated- Parameters:
cmd
- The most likely command this buffer refers to (not guaranteed to be correct)buffer
- The buffer to be examined- Returns:
- The validated target instance - default same as input
- Throws:
IllegalArgumentException
- if any of the conditions is violated
-
encode
Encode a buffer into the SSH protocol. Note: This method must be called inside asynchronized
block usingencodeLock
.- Parameters:
buffer
- the buffer to encode- Returns:
- The encoded buffer - may be different than original if input buffer does not have enough room
for
SshConstants.SSH_PACKET_HEADER_LEN
, in which case a substitute buffer will be created and used. - Throws:
IOException
- if an exception occurs during the encoding process
-
aeadOutgoingBuffer
- Throws:
Exception
-
appendOutgoingMac
- Throws:
Exception
-
encryptOutgoingBuffer
- Throws:
Exception
-
decode
Decode the incoming buffer and handle packets as needed.- Throws:
Exception
- If failed to decode
-
validateIncomingMac
- Throws:
Exception
-
readIdentification
Read the other side identification. This method is specific to the client or server side, but both should callSessionHelper.doReadIdentification(Buffer, boolean)
and store the result in the needed property. -
sendKexInit
Send the key exchange initialization packet. This packet contains random data along with our proposal.- Parameters:
proposal
- our proposal for key exchange negotiation- Returns:
- the sent packet data which must be kept for later use when deriving the session keys
- Throws:
Exception
- if an error occurred sending the packet
-
receiveKexInit
protected byte[] receiveKexInit(Buffer buffer, Map<KexProposalOption, String> proposal) throws ExceptionReceive the remote key exchange init message. The packet data is returned for later use. -
prepareNewKeys
Prepares the new ciphers, macs and compression algorithms according to the negotiated server and client proposals and stores them ininSettings
andoutSettings
. The new settings do not take effect yet; usesetInputEncoding()
orsetOutputEncoding()
for that.- Throws:
Exception
- if an error occurs
-
setOutputEncoding
Installs the current preparedoutSettings
so that they are effective and will be applied to any future outgoing packet. ClearsoutSettings
.- Throws:
Exception
- on errors
-
setInputEncoding
Installs the current preparedinSettings
so that they are effective and will be applied to any future incoming packet. ClearsinSettings
.- Throws:
Exception
- on errors
-
determineRekeyBlockLimit
protected long determineRekeyBlockLimit(int inCipherBlockSize, int outCipherBlockSize) Compute the number of blocks after which we should re-key again. See RFC 4344.- Parameters:
inCipherBlockSize
- block size of the input cipheroutCipherBlockSize
- block size of the output cipher- Returns:
- the number of block after which re-keying occur at the latest
- See Also:
-
notImplemented
Send aSSH_MSG_UNIMPLEMENTED
packet. This packet should contain the sequence id of the unsupported packet: this number is assumed to be the last packet received.- Parameters:
cmd
- The un-implemented command valuebuffer
- TheBuffer
that contains the command. Note: the buffer's read position is just beyond the command.- Returns:
- An
IoWriteFuture
that can be used to wait for packet write completion -null
if the registeredReservedSessionMessagesHandler
decided to handle the command internally - Throws:
Exception
- if an error occurred while handling the packet.- See Also:
-
negotiate
Compute the negotiated proposals by merging the client and server proposal. The negotiated proposal will also be stored in thenegotiationResult
property. -
setNegotiationResult
-
requestSuccess
Indicates the reception of aSSH_MSG_REQUEST_SUCCESS
message -
requestFailure
Indicates the reception of aSSH_MSG_REQUEST_FAILURE
message -
signalRequestFailure
protected void signalRequestFailure()Marks the current pending global request result as failed -
addSessionListener
Description copied from interface:SessionListenerManager
Add a session listener.- Parameters:
listener
- TheSessionListener
to add - notnull
-
removeSessionListener
Description copied from interface:SessionListenerManager
Remove a session listener.- Parameters:
listener
- TheSessionListener
to remove
-
getSessionListenerProxy
- Returns:
- A (never
null
proxySessionListener
that represents all the currently registered listeners. Any method invocation on the proxy is replicated to the currently registered listeners
-
addChannelListener
Description copied from interface:ChannelListenerManager
Add a channel listener- Parameters:
listener
- TheChannelListener
to add - notnull
-
removeChannelListener
Description copied from interface:ChannelListenerManager
Remove a channel listener- Parameters:
listener
- TheChannelListener
to remove
-
getChannelListenerProxy
- Returns:
- A (never
null
proxyChannelListener
that represents all the currently registered listeners. Any method invocation on the proxy is replicated to the currently registered listeners
-
getPortForwardingEventListenerProxy
- Returns:
- A proxy listener representing all the currently registered listener through this manager
-
addPortForwardingEventListener
Description copied from interface:PortForwardingEventListenerManager
Add a port forwarding listener- Parameters:
listener
- ThePortForwardingEventListener
to add - nevernull
-
removePortForwardingEventListener
Description copied from interface:PortForwardingEventListenerManager
Remove a port forwarding listener- Parameters:
listener
- ThePortForwardingEventListener
to remove - ignored ifnull
-
reExchangeKeys
Description copied from interface:Session
Initiate a new key exchange.- Returns:
- A
KeyExchangeFuture
for awaiting the completion of the exchange - Throws:
IOException
- If failed to request keys re-negotiation
-
checkRekey
Checks if a re-keying is required and if so initiates it- Returns:
- A
KeyExchangeFuture
to wait for the initiated exchange ornull
if no need to re-key or an exchange is already in progress - Throws:
Exception
- If failed load/generate the keys or send the request- See Also:
-
requestNewKeysExchange
Initiates a new keys exchange if one not already in progress- Returns:
- A
KeyExchangeFuture
to wait for the initiated exchange ornull
if an exchange is already in progress - Throws:
Exception
- If failed to load/generate the keys or send the request
-
isRekeyRequired
protected boolean isRekeyRequired() -
isRekeyTimeIntervalExceeded
protected boolean isRekeyTimeIntervalExceeded() -
isRekeyPacketCountsExceeded
protected boolean isRekeyPacketCountsExceeded() -
isRekeyDataSizeExceeded
protected boolean isRekeyDataSizeExceeded() -
isRekeyBlocksCountExceeded
protected boolean isRekeyBlocksCountExceeded() -
resolveSessionKexProposal
- Overrides:
resolveSessionKexProposal
in classSessionHelper
- Throws:
IOException
-
sendKexInit
- Throws:
Exception
-
getClientKexData
protected byte[] getClientKexData() -
setClientKexData
protected void setClientKexData(byte[] data) -
getServerKexData
protected byte[] getServerKexData() -
setServerKexData
protected void setServerKexData(byte[] data) -
setKexSeed
protected abstract void setKexSeed(byte... seed) - Parameters:
seed
- The result of the KEXINIT handshake - required for correct session key establishment
-
resolveAvailableSignaturesProposal
- Returns:
- A comma-separated list of all the signature protocols to be included in the
proposal -
null
/empty if no proposal - Throws:
IOException
- If failed to read/parse the keys dataGeneralSecurityException
- If failed to generate the keys- See Also:
-
resolveAvailableSignaturesProposal
protected abstract String resolveAvailableSignaturesProposal(FactoryManager manager) throws IOException, GeneralSecurityException - Parameters:
manager
- TheFactoryManager
- Returns:
- A comma-separated list of all the signature protocols to be included in the
proposal -
null
/empty if no proposal - Throws:
IOException
- If failed to read/parse the keys dataGeneralSecurityException
- If failed to generate the keys
-
checkKeys
Indicates the the key exchange is completed and the exchanged keys can now be verified - e.g., client can verify the server's key- Throws:
IOException
- If validation failed
-
receiveKexInit
- Throws:
Exception
-
receiveKexInit
protected abstract void receiveKexInit(Map<KexProposalOption, String> proposal, byte[] seed) throws IOException- Throws:
IOException
-
getSession
public static AbstractSession getSession(IoSession ioSession) throws MissingAttachedSessionException Retrieve the SSH session from the I/O session. If the session has not been attached, an exception will be thrown- Parameters:
ioSession
- TheIoSession
- Returns:
- The SSH session attached to the I/O session
- Throws:
MissingAttachedSessionException
- if no attached SSH session- See Also:
-
attachSession
public static void attachSession(IoSession ioSession, AbstractSession session) throws MultipleAttachedSessionException Attach an SSHAbstractSession
to the I/O session- Parameters:
ioSession
- TheIoSession
session
- The SSH session to attach- Throws:
MultipleAttachedSessionException
- If a previous session already attached
-
getSession
public static AbstractSession getSession(IoSession ioSession, boolean allowNull) throws MissingAttachedSessionException Retrieve the session SSH from the I/O session. If the session has not been attached and allowNull isfalse
, an exception will be thrown, otherwise anull
will be returned.- Parameters:
ioSession
- TheIoSession
allowNull
- Iftrue
, anull
value may be returned if no session is attached- Returns:
- the session attached to the I/O session or
null
- Throws:
MissingAttachedSessionException
- if no attached session and allowNull=false
-