View Javadoc

1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License.
18   *
19   */
20  package org.apache.mina.proxy.handlers.socks;
21  
22  /**
23   * SocksProxyConstants.java - SOCKS proxy constants.
24   * 
25   * @author The Apache MINA Project (dev@mina.apache.org)
26   * @since MINA 2.0.0-M3
27   */
28  public class SocksProxyConstants {
29      /**
30       * SOCKS versions field values.
31       */
32      public final static byte SOCKS_VERSION_4 = 0x04;
33  
34      public final static byte SOCKS_VERSION_5 = 0x05;
35  
36      public final static byte TERMINATOR = 0x00;
37  
38      /**
39       * The size of a server to client response in a SOCKS4/4a negotiation.
40       */
41      public final static int SOCKS_4_RESPONSE_SIZE = 8;
42      
43      /**
44       * Invalid IP used in SOCKS 4a protocol to specify that the
45       * client can't resolve the destination host's domain name.
46       */
47      public final static byte[] FAKE_IP = new byte[] { 0, 0, 0, 10 };
48  
49      /**
50       * Command codes. 
51       */
52      public final static byte ESTABLISH_TCPIP_STREAM = 0x01;
53  
54      public final static byte ESTABLISH_TCPIP_BIND = 0x02;
55  
56      public final static byte ESTABLISH_UDP_ASSOCIATE = 0x03;
57  
58      /**
59       * SOCKS v4/v4a server reply codes.
60       */
61      public final static byte V4_REPLY_REQUEST_GRANTED = 0x5a;
62  
63      public final static byte V4_REPLY_REQUEST_REJECTED_OR_FAILED = 0x5b;
64  
65      public final static byte V4_REPLY_REQUEST_FAILED_NO_IDENTD = 0x5c;
66  
67      public final static byte V4_REPLY_REQUEST_FAILED_ID_NOT_CONFIRMED = 0x5d;
68  
69      /**
70       * SOCKS v5 server reply codes.
71       */
72      public final static byte V5_REPLY_SUCCEEDED = 0x00;
73  
74      public final static byte V5_REPLY_GENERAL_FAILURE = 0x01;
75  
76      public final static byte V5_REPLY_NOT_ALLOWED = 0x02;
77  
78      public final static byte V5_REPLY_NETWORK_UNREACHABLE = 0x03;
79  
80      public final static byte V5_REPLY_HOST_UNREACHABLE = 0x04;
81  
82      public final static byte V5_REPLY_CONNECTION_REFUSED = 0x05;
83  
84      public final static byte V5_REPLY_TTL_EXPIRED = 0x06;
85  
86      public final static byte V5_REPLY_COMMAND_NOT_SUPPORTED = 0x07;
87  
88      public final static byte V5_REPLY_ADDRESS_TYPE_NOT_SUPPORTED = 0x08;
89  
90      /**
91       * SOCKS v5 address types.
92       */
93      public final static byte IPV4_ADDRESS_TYPE = 0x01;
94  
95      public final static byte DOMAIN_NAME_ADDRESS_TYPE = 0x03;
96  
97      public final static byte IPV6_ADDRESS_TYPE = 0x04;
98  
99      /**
100      * SOCKS v5 handshake steps.
101      */
102     public final static int SOCKS5_GREETING_STEP = 0;
103 
104     public final static int SOCKS5_AUTH_STEP = 1;
105 
106     public final static int SOCKS5_REQUEST_STEP = 2;
107 
108     /**
109      * SOCKS v5 authentication methods.
110      */
111     public final static byte NO_AUTH = 0x00;
112 
113     public final static byte GSSAPI_AUTH = 0x01;
114 
115     public final static byte BASIC_AUTH = 0x02;
116 
117     public final static byte NO_ACCEPTABLE_AUTH_METHOD = (byte) 0xFF;
118 
119     public final static byte[] SUPPORTED_AUTH_METHODS = new byte[] { NO_AUTH,
120             GSSAPI_AUTH, BASIC_AUTH };
121 
122     public final static byte BASIC_AUTH_SUBNEGOTIATION_VERSION = 0x01;
123 
124     public final static byte GSSAPI_AUTH_SUBNEGOTIATION_VERSION = 0x01;
125 
126     public final static byte GSSAPI_MSG_TYPE = 0x01;
127 
128     /**
129      * Kerberos providers OID's.
130      */ 
131     public final static String KERBEROS_V5_OID = "1.2.840.113554.1.2.2";
132 
133     public final static String MS_KERBEROS_V5_OID = "1.2.840.48018.1.2.2";
134 
135     /**
136      * Microsoft NTLM security support provider.
137      */ 
138     public final static String NTLMSSP_OID = "1.3.6.1.4.1.311.2.2.10";
139 
140     /**
141      * Return the string associated with the specified reply code.
142      * 
143      * @param code the reply code
144      * @return the reply string
145      */
146     public final static String getReplyCodeAsString(byte code) {
147         switch (code) {
148         // v4 & v4a codes
149         case V4_REPLY_REQUEST_GRANTED:
150             return "Request granted";
151         case V4_REPLY_REQUEST_REJECTED_OR_FAILED:
152             return "Request rejected or failed";
153         case V4_REPLY_REQUEST_FAILED_NO_IDENTD:
154             return "Request failed because client is not running identd (or not reachable from the server)";
155         case V4_REPLY_REQUEST_FAILED_ID_NOT_CONFIRMED:
156             return "Request failed because client's identd could not confirm the user ID string in the request";
157 
158         // v5 codes
159         case V5_REPLY_SUCCEEDED:
160             return "Request succeeded";
161         case V5_REPLY_GENERAL_FAILURE:
162             return "Request failed: general SOCKS server failure";
163         case V5_REPLY_NOT_ALLOWED:
164             return "Request failed: connection not allowed by ruleset";
165         case V5_REPLY_NETWORK_UNREACHABLE:
166             return "Request failed: network unreachable";
167         case V5_REPLY_HOST_UNREACHABLE:
168             return "Request failed: host unreachable";
169         case V5_REPLY_CONNECTION_REFUSED:
170             return "Request failed: connection refused";
171         case V5_REPLY_TTL_EXPIRED:
172             return "Request failed: TTL expired";
173         case V5_REPLY_COMMAND_NOT_SUPPORTED:
174             return "Request failed: command not supported";
175         case V5_REPLY_ADDRESS_TYPE_NOT_SUPPORTED:
176             return "Request failed: address type not supported";
177 
178         default:
179             return "Unknown reply code";
180         }
181     }
182 }