public abstract class AbstractSession extends SessionHelper
The AbstractSession handles all the basic SSH protocol such as key exchange, authentication,
encoding and decoding. Both server side and client side sessions should inherit from this
abstract class. Some basic packet processing methods are defined but the actual call to these
methods should be done from the handleMessage(Buffer)
method, which is dependent on the state and side of this session.
AbstractCloseable.State
Session.TimeoutStatus
AttributeRepository.AttributeKey<T>
closeFuture, lock, state
log
DEFAULT_SSH_VERSION_PREFIX, FALLBACK_SSH_VERSION_PREFIX, MAX_VERSION_LINE_LENGTH
EMPTY
NONE
CLOSE_WAIT_TIMEOUT, DEFAULT_CLOSE_WAIT_TIMEOUT
Modifier | Constructor and Description |
---|---|
protected |
AbstractSession(boolean serverSession,
FactoryManager factoryManager,
IoSession ioSession)
Create a new session.
|
Modifier and Type | Method and Description |
---|---|
void |
addChannelListener(ChannelListener listener)
Add a channel listener
|
void |
addPortForwardingEventListener(PortForwardingEventListener listener)
Add a port forwarding listener
|
void |
addSessionListener(SessionListener listener)
Add a session listener.
|
static void |
attachSession(IoSession ioSession,
AbstractSession session)
Attach an SSH
AbstractSession to the I/O session |
protected abstract void |
checkKeys()
Indicates the the key exchange is completed and the exchanged keys
can now be verified - e.g., client can verify the server's key
|
protected KeyExchangeFuture |
checkRekey()
Checks if a re-keying is required and if so initiates it
|
protected AbstractMap.SimpleImmutableEntry<String,String> |
comparePreferredKexProposalOption(KexProposalOption option) |
Buffer |
createBuffer(byte cmd,
int len)
Create a new buffer for the specified SSH packet and reserve the needed space
(5 bytes) for the packet header.
|
protected void |
decode()
Decode the incoming buffer and handle packets as needed.
|
protected void |
doHandleMessage(Buffer buffer) |
protected IoWriteFuture |
doWritePacket(Buffer buffer) |
protected Buffer |
encode(Buffer buffer)
Encode a buffer into the SSH protocol.
|
ChannelListener |
getChannelListenerProxy() |
CipherInformation |
getCipherInformation(boolean incoming)
Retrieves current cipher information - Note: may change if
key re-exchange executed
|
protected byte[] |
getClientKexData() |
String |
getClientVersion()
Retrieve the client version for this session.
|
CompressionInformation |
getCompressionInformation(boolean incoming)
Retrieves current compression information - Note: may change if
key re-exchange executed
|
protected Closeable |
getInnerCloseable() |
KeyExchange |
getKex() |
MacInformation |
getMacInformation(boolean incoming)
Retrieves current MAC information - Note: may change if
key re-exchange executed
|
String |
getNegotiatedKexParameter(KexProposalOption paramType)
Retrieve one of the negotiated values during the KEX stage
|
PortForwardingEventListener |
getPortForwardingEventListenerProxy() |
protected byte[] |
getServerKexData() |
String |
getServerVersion()
Retrieve the server version for this session.
|
<T extends Service> |
getService(Class<T> clazz)
Get the service of the specified type.
|
protected List<Service> |
getServices() |
static AbstractSession |
getSession(IoSession ioSession)
Retrieve the SSH session from the I/O session.
|
static AbstractSession |
getSession(IoSession ioSession,
boolean allowNull)
Retrieve the session SSH from the I/O session.
|
byte[] |
getSessionId() |
SessionListener |
getSessionListenerProxy() |
protected boolean |
handleFirstKexPacketFollows(int cmd,
Buffer buffer,
boolean followFlag) |
protected void |
handleKexInit(Buffer buffer) |
protected void |
handleKexMessage(int cmd,
Buffer buffer) |
protected void |
handleMessage(Buffer buffer)
Abstract method for processing incoming decoded packets.
|
protected void |
handleNewKeys(int cmd,
Buffer buffer) |
protected void |
handleServiceAccept(Buffer buffer) |
protected void |
handleServiceAccept(String serviceName,
Buffer buffer) |
protected void |
handleServiceRequest(Buffer buffer) |
protected boolean |
handleServiceRequest(String serviceName,
Buffer buffer) |
protected boolean |
isRekeyBlocksCountExceeded() |
protected boolean |
isRekeyDataSizeExceeded() |
protected boolean |
isRekeyPacketCountsExceeded() |
protected boolean |
isRekeyRequired() |
protected boolean |
isRekeyTimeIntervalExceeded() |
void |
messageReceived(Readable buffer)
Main input point for the MINA framework.
|
protected Map<KexProposalOption,String> |
negotiate()
Compute the negotiated proposals by merging the client and
server proposal.
|
protected IoWriteFuture |
notImplemented(int cmd,
Buffer buffer)
Send a
SSH_MSG_UNIMPLEMENTED packet. |
protected void |
preClose()
preClose is guaranteed to be called before doCloseGracefully or doCloseImmediately.
|
Buffer |
prepareBuffer(byte cmd,
Buffer buffer)
Prepare a new "clean" buffer while reserving the needed space
(5 bytes) for the packet header.
|
protected abstract boolean |
readIdentification(Buffer buffer)
Read the other side identification.
|
protected byte[] |
receiveKexInit(Buffer buffer) |
protected byte[] |
receiveKexInit(Buffer buffer,
Map<KexProposalOption,String> proposal)
Receive the remote key exchange init message.
|
protected abstract void |
receiveKexInit(Map<KexProposalOption,String> proposal,
byte[] seed) |
protected void |
receiveNewKeys()
Put new keys into use.
|
KeyExchangeFuture |
reExchangeKeys()
Initiate a new key exchange.
|
protected void |
refreshConfiguration()
Refresh whatever internal configuration is not
final |
void |
removeChannelListener(ChannelListener listener)
Remove a channel listener
|
void |
removePortForwardingEventListener(PortForwardingEventListener listener)
Remove a port forwarding listener
|
void |
removeSessionListener(SessionListener listener)
Remove a session listener.
|
Buffer |
request(String request,
Buffer buffer,
long timeout,
TimeUnit unit)
Send a global request and wait for the response.
|
protected void |
requestFailure(Buffer buffer)
Indicates the reception of a
SSH_MSG_REQUEST_FAILURE message |
protected KeyExchangeFuture |
requestNewKeysExchange()
Initiates a new keys exchange if one not already in progress
|
protected void |
requestSuccess(Buffer buffer)
Indicates the reception of a
SSH_MSG_REQUEST_SUCCESS message |
protected String |
resolveAvailableSignaturesProposal() |
protected abstract String |
resolveAvailableSignaturesProposal(FactoryManager manager) |
protected int |
resolveIgnoreBufferDataLength() |
protected byte[] |
sendKexInit() |
protected byte[] |
sendKexInit(Map<KexProposalOption,String> proposal)
Send the key exchange initialization packet.
|
protected List<AbstractMap.SimpleImmutableEntry<PendingWriteFuture,IoWriteFuture>> |
sendPendingPackets(Queue<PendingWriteFuture> packetsQueue) |
protected void |
setClientKexData(byte[] data) |
protected abstract void |
setKexSeed(byte... seed) |
protected Map<KexProposalOption,String> |
setNegotiationResult(Map<KexProposalOption,String> guess) |
protected void |
setServerKexData(byte[] data) |
protected void |
validateKexState(int cmd,
KexState expected) |
protected <B extends Buffer> |
validateTargetBuffer(int cmd,
B buffer)
Makes sure that the buffer used for output is not
null or one
of the session's internal ones used for decoding and uncompressing |
IoWriteFuture |
writePacket(Buffer buffer)
Encode and send the given buffer.
|
attributeKeys, calculateNextIgnorePacketCount, checkAuthenticationTimeout, checkForTimeouts, checkIdleTimeout, clearAttributes, computeAttributeIfAbsent, createProposal, disconnect, doReadIdentification, exceptionCaught, getAttribute, getAttributesCount, getAuthTimeout, getAuthTimeoutStart, getBoundLocalPortForward, getBoundRemotePortForward, getChannelStreamPacketWriterResolver, getConnectionService, getFactoryManager, getForwardingFilter, getIdleTimeout, getIdleTimeoutStart, getIoSession, getLocalForwardsBindings, getLock, getParentPropertyResolver, getProperties, getRemoteForwardsBindings, getReservedSessionMessagesHandler, getStartedLocalPortForwards, getStartedRemotePortForwards, getTimeoutStatus, getUnknownChannelReferenceHandler, getUsername, handleDebug, handleDisconnect, handleDisconnect, handleIgnore, handleUnimplemented, invokeSessionSignaller, isAuthenticated, isLocalPortForwardingStartedForPort, isRemotePortForwardingStartedForPort, isServerSession, mergeProposals, removeAttribute, resetAuthTimeout, resetIdleTimeout, resizeKey, resolveChannelStreamPacketWriterResolver, resolveIdentificationString, resolvePeerAddress, resolveReservedSessionMessagesHandler, resolveUnknownChannelReferenceHandler, sendDebugMessage, sendIdentification, sendIgnoreMessage, sendNewKeys, sendNotImplemented, setAttribute, setAuthenticated, setChannelStreamPacketWriterResolver, setReservedSessionMessagesHandler, setUnknownChannelReferenceHandler, setUsername, signalDisconnect, signalDisconnect, signalExceptionCaught, signalExceptionCaught, signalNegotiationEnd, signalNegotiationEnd, signalNegotiationStart, signalNegotiationStart, signalSessionClosed, signalSessionClosed, signalSessionCreated, signalSessionCreated, signalSessionEvent, signalSessionEvent, toString, writePacket
getCipherFactories, getCompressionFactories, getDelegate, getKeyExchangeFactories, getMacFactories, getSignatureFactories, resolveEffectiveFactories, resolveEffectiveProvider, setCipherFactories, setCompressionFactories, setKeyExchangeFactories, setMacFactories, setSignatureFactories
doCloseGracefully, doCloseImmediately
addCloseFutureListener, builder, close, isClosed, isClosing, removeCloseFutureListener
getSimplifiedLogger
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
createBuffer, getLocalAddress, getRemoteAddress, resolveAttribute, resolveAttribute, startService
isValidVersionPrefix
getBoolean, getBooleanProperty, getInteger, getIntProperty, getLong, getLongProperty, getObject, getString, getStringProperty
ofAttributesMap, ofKeyValuePair
getCipherFactories, getCipherFactoriesNameList, getCipherFactoriesNames, getCompressionFactories, getCompressionFactoriesNameList, getCompressionFactoriesNames, getKeyExchangeFactories, getMacFactories, getMacFactoriesNameList, getMacFactoriesNames, setCipherFactories, setCipherFactoriesNameList, setCipherFactoriesNames, setCipherFactoriesNames, setCompressionFactories, setCompressionFactoriesNameList, setCompressionFactoriesNames, setCompressionFactoriesNames, setKeyExchangeFactories, setMacFactories, setMacFactoriesNameList, setMacFactoriesNames, setMacFactoriesNames
getSignatureFactories, getSignatureFactories, getSignatureFactoriesNameList, getSignatureFactoriesNames, resolveSignatureFactories, setSignatureFactories, setSignatureFactoriesNameList, setSignatureFactoriesNames, setSignatureFactoriesNames
resolveChannelStreamPacketWriter
addCloseFutureListener, close, close, close, getMaxCloseWaitTime, isClosed, isClosing, isOpen, removeCloseFutureListener
public static final String SESSION
getSession(IoSession, boolean)
and attachSession(IoSession, AbstractSession)
.protected final Random random
protected final Collection<SessionListener> sessionListeners
protected final SessionListener sessionListenerProxy
protected final Collection<ChannelListener> channelListeners
protected final ChannelListener channelListenerProxy
protected final Collection<PortForwardingEventListener> tunnelListeners
protected final PortForwardingEventListener tunnelListenerProxy
protected byte[] sessionId
protected String serverVersion
protected String clientVersion
protected final Map<KexProposalOption,String> serverProposal
protected final Map<KexProposalOption,String> clientProposal
protected final Map<KexProposalOption,String> negotiationResult
protected KeyExchange kex
protected Boolean firstKexPacketFollows
protected final AtomicReference<KexState> kexState
protected final AtomicReference<DefaultKeyExchangeFuture> kexFutureHolder
protected Cipher outCipher
protected Cipher inCipher
protected int outCipherSize
protected int inCipherSize
protected Mac outMac
protected Mac inMac
protected byte[] inMacResult
protected Compression outCompression
protected Compression inCompression
protected long seqi
protected long seqo
protected SessionWorkBuffer uncompressBuffer
protected final SessionWorkBuffer decoderBuffer
protected int decoderState
protected int decoderLength
protected final Object encodeLock
protected final Object decodeLock
protected final Object requestLock
protected final AtomicLong inPacketsCount
protected final AtomicLong outPacketsCount
protected final AtomicLong inBytesCount
protected final AtomicLong outBytesCount
protected final AtomicLong inBlocksCount
protected final AtomicLong outBlocksCount
protected final AtomicLong lastKeyTimeValue
protected long maxRekyPackets
protected long maxRekeyBytes
protected long maxRekeyInterval
protected final Queue<PendingWriteFuture> pendingPackets
protected Service currentService
protected int ignorePacketDataLength
protected long ignorePacketsFrequency
protected int ignorePacketsVariance
protected final AtomicLong maxRekeyBlocks
protected final AtomicLong ignorePacketsCount
protected AbstractSession(boolean serverSession, FactoryManager factoryManager, IoSession ioSession)
serverSession
- true
if this is a server session, false
if client onefactoryManager
- the factory managerioSession
- the underlying I/O sessionpublic String getServerVersion()
SessionContext
null
/empty if versions not yet exchangedpublic String getClientVersion()
SessionContext
null
/empty if versions not yet exchangedpublic KeyExchange getKex()
public byte[] getSessionId()
null
if
not yet establishedpublic String getNegotiatedKexParameter(KexProposalOption paramType)
Session
paramType
- The request KexProposalOption
value
- ignored if null
null
if invalid
parameter or no negotiated valuepublic CipherInformation getCipherInformation(boolean incoming)
Session
incoming
- If true
then the cipher for the incoming data,
otherwise for the outgoing dataCipherInformation
- or null
if not negotiated yet.public CompressionInformation getCompressionInformation(boolean incoming)
Session
incoming
- If true
then the compression for the incoming data,
otherwise for the outgoing dataCompressionInformation
- or null
if not negotiated yet.public MacInformation getMacInformation(boolean incoming)
Session
incoming
- If true
then the MAC for the incoming data,
otherwise for the outgoing dataMacInformation
- or null
if not negotiated yet.public void messageReceived(Readable buffer) throws Exception
Main input point for the MINA framework.
This method will be called each time new data is received on
the socket and will append it to the input buffer before
calling the decode()
method.
buffer
- the new buffer receivedException
- if an error occurs while decoding or handling the dataprotected void refreshConfiguration()
final
protected void handleMessage(Buffer buffer) throws Exception
buffer
- The Buffer
containing the packet - it may be
re-used to generate the response once request has been decodedException
- if an exception occurs while handling this packet.doHandleMessage(Buffer)
protected boolean handleFirstKexPacketFollows(int cmd, Buffer buffer, boolean followFlag)
protected AbstractMap.SimpleImmutableEntry<String,String> comparePreferredKexProposalOption(KexProposalOption option)
protected void handleKexMessage(int cmd, Buffer buffer) throws Exception
Exception
protected void handleServiceRequest(Buffer buffer) throws Exception
Exception
protected boolean handleServiceRequest(String serviceName, Buffer buffer) throws Exception
Exception
protected void handleServiceAccept(Buffer buffer) throws Exception
Exception
protected void handleServiceAccept(String serviceName, Buffer buffer) throws Exception
Exception
protected void handleNewKeys(int cmd, Buffer buffer) throws Exception
Exception
protected List<AbstractMap.SimpleImmutableEntry<PendingWriteFuture,IoWriteFuture>> sendPendingPackets(Queue<PendingWriteFuture> packetsQueue) throws IOException
IOException
protected void validateKexState(int cmd, KexState expected)
protected Closeable getInnerCloseable()
getInnerCloseable
in class AbstractInnerCloseable
protected void preClose()
AbstractCloseable
preClose
in class AbstractCloseable
public <T extends Service> T getService(Class<T> clazz)
Session
T
- The generic Service
typeclazz
- The service classpublic IoWriteFuture writePacket(Buffer buffer) throws IOException
PacketWriter
buffer
- the buffer to encode and send. NOTE: the buffer must not be touched
until the returned write future is completed.IoWriteFuture
that can be used to check when the packet has actually been sentIOException
- if an error occurred when encoding sending the packetprotected IoWriteFuture doWritePacket(Buffer buffer) throws IOException
IOException
protected int resolveIgnoreBufferDataLength()
public Buffer request(String request, Buffer buffer, long timeout, TimeUnit unit) throws IOException
Session
SSH_MSG_GLOBAL_REQUEST
with a result expected, else it will time outrequest
- the request name - used mainly for logging and debuggingbuffer
- the buffer containing the global requesttimeout
- The number of time units to wait - must be positiveunit
- The TimeUnit
to wait for the responsenull
otherwise.IOException
- if an error occurred when encoding sending the packetpublic Buffer createBuffer(byte cmd, int len)
Session
cmd
- The SSH command to initialize the buffer withlen
- Estimated number of bytes the buffer will hold, 0 if unknown.Session.prepareBuffer(byte, Buffer)
public Buffer prepareBuffer(byte cmd, Buffer buffer)
Session
cmd
- The SSH command to initialize the buffer withbuffer
- The Buffer
instance to initializeprotected <B extends Buffer> B validateTargetBuffer(int cmd, B buffer)
null
or one
of the session's internal ones used for decoding and uncompressingB
- The Buffer
type being validatedcmd
- The most likely command this buffer refers to (not guaranteed to be correct)buffer
- The buffer to be examinedIllegalArgumentException
- if any of the conditions is violatedprotected Buffer encode(Buffer buffer) throws IOException
buffer
- the buffer to encodeSshConstants.SSH_PACKET_HEADER_LEN
,
in which a substitute buffer will be created and used.IOException
- if an exception occurs during the encoding processprotected void decode() throws Exception
Exception
- If failed to decodeprotected abstract boolean readIdentification(Buffer buffer) throws IOException, GeneralSecurityException
SessionHelper.doReadIdentification(Buffer, boolean)
and
store the result in the needed property.buffer
- The Buffer
containing the remote identificationtrue
if the identification has been fully read or
false
if more data is neededIOException
- if an error occurs such as a bad protocol versionGeneralSecurityException
- If unsuccessful KEX was involvedprotected byte[] sendKexInit(Map<KexProposalOption,String> proposal) throws IOException
proposal
- our proposal for key exchange negotiationIOException
- if an error occurred sending the packetprotected byte[] receiveKexInit(Buffer buffer, Map<KexProposalOption,String> proposal)
buffer
- the Buffer
containing the key exchange init packetproposal
- the remote proposal to fillprotected void receiveNewKeys() throws Exception
Exception
- if an error occursprotected IoWriteFuture notImplemented(int cmd, Buffer buffer) throws Exception
SSH_MSG_UNIMPLEMENTED
packet. This packet should
contain the sequence id of the unsupported packet: this number
is assumed to be the last packet received.cmd
- The un-implemented command valuebuffer
- The Buffer
that contains the command. Note: the
buffer's read position is just beyond the command.IoWriteFuture
that can be used to wait for packet write
completion - null
if the registered ReservedSessionMessagesHandler
decided to handle the command internallyException
- if an error occurred while handling the packet.SessionHelper.sendNotImplemented(long)
protected Map<KexProposalOption,String> negotiate()
negotiationResult
property.Map
protected Map<KexProposalOption,String> setNegotiationResult(Map<KexProposalOption,String> guess)
protected void requestSuccess(Buffer buffer) throws Exception
SSH_MSG_REQUEST_SUCCESS
messageprotected void requestFailure(Buffer buffer) throws Exception
SSH_MSG_REQUEST_FAILURE
messagepublic void addSessionListener(SessionListener listener)
SessionListenerManager
listener
- The SessionListener
to add - not null
public void removeSessionListener(SessionListener listener)
SessionListenerManager
listener
- The SessionListener
to removepublic SessionListener getSessionListenerProxy()
null
proxy SessionListener
that represents
all the currently registered listeners. Any method invocation on the proxy
is replicated to the currently registered listenerspublic void addChannelListener(ChannelListener listener)
ChannelListenerManager
listener
- The ChannelListener
to add - not null
public void removeChannelListener(ChannelListener listener)
ChannelListenerManager
listener
- The ChannelListener
to removepublic ChannelListener getChannelListenerProxy()
null
proxy ChannelListener
that represents
all the currently registered listeners. Any method invocation on the proxy
is replicated to the currently registered listenerspublic PortForwardingEventListener getPortForwardingEventListenerProxy()
public void addPortForwardingEventListener(PortForwardingEventListener listener)
PortForwardingEventListenerManager
listener
- The PortForwardingEventListener
to add - never null
public void removePortForwardingEventListener(PortForwardingEventListener listener)
PortForwardingEventListenerManager
listener
- The PortForwardingEventListener
to remove - ignored if null
public KeyExchangeFuture reExchangeKeys() throws IOException
Session
KeyExchangeFuture
for awaiting the completion of the exchangeIOException
- If failed to request keys re-negotiationprotected KeyExchangeFuture checkRekey() throws IOException, GeneralSecurityException
KeyExchangeFuture
to wait for the initiated exchange
or null
if no need to re-key or an exchange is already in progressIOException
- If failed load the keys or send the requestGeneralSecurityException
- If failed to generate the necessary keysisRekeyRequired()
,
requestNewKeysExchange()
protected KeyExchangeFuture requestNewKeysExchange() throws IOException, GeneralSecurityException
KeyExchangeFuture
to wait for the initiated exchange
or null
if an exchange is already in progressIOException
- If failed to load the keys or send the requestGeneralSecurityException
- If failed to generate the keysprotected boolean isRekeyRequired()
protected boolean isRekeyTimeIntervalExceeded()
protected boolean isRekeyPacketCountsExceeded()
protected boolean isRekeyDataSizeExceeded()
protected boolean isRekeyBlocksCountExceeded()
protected byte[] sendKexInit() throws IOException, GeneralSecurityException
IOException
GeneralSecurityException
protected byte[] getClientKexData()
protected void setClientKexData(byte[] data)
protected byte[] getServerKexData()
protected void setServerKexData(byte[] data)
protected abstract void setKexSeed(byte... seed)
seed
- The result of the KEXINIT handshake - required for correct session key establishmentprotected String resolveAvailableSignaturesProposal() throws IOException, GeneralSecurityException
null
/empty if no proposalIOException
- If failed to read/parse the keys dataGeneralSecurityException
- If failed to generate the keysSessionHelper.getFactoryManager()
,
resolveAvailableSignaturesProposal(FactoryManager)
protected abstract String resolveAvailableSignaturesProposal(FactoryManager manager) throws IOException, GeneralSecurityException
manager
- The FactoryManager
null
/empty if no proposalIOException
- If failed to read/parse the keys dataGeneralSecurityException
- If failed to generate the keysprotected abstract void checkKeys() throws IOException
IOException
- If validation failedprotected byte[] receiveKexInit(Buffer buffer) throws IOException
IOException
protected abstract void receiveKexInit(Map<KexProposalOption,String> proposal, byte[] seed) throws IOException
IOException
public static AbstractSession getSession(IoSession ioSession) throws MissingAttachedSessionException
ioSession
- The IoSession
MissingAttachedSessionException
- if no attached SSH sessiongetSession(IoSession, boolean)
public static void attachSession(IoSession ioSession, AbstractSession session) throws MultipleAttachedSessionException
AbstractSession
to the I/O sessionioSession
- The IoSession
session
- The SSH session to attachMultipleAttachedSessionException
- If a previous session already attachedpublic static AbstractSession getSession(IoSession ioSession, boolean allowNull) throws MissingAttachedSessionException
false
, an exception will be thrown, otherwise
a null
will be returned.ioSession
- The IoSession
allowNull
- If true
, a null
value may be returned if no
session is attachednull
MissingAttachedSessionException
- if no attached session and allowNull=falseCopyright © 2008–2022 The Apache Software Foundation. All rights reserved.