001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020package org.apache.mina.proxy.handlers.socks; 021 022/** 023 * SocksProxyConstants.java - SOCKS proxy constants. 024 * 025 * @author <a href="http://mina.apache.org">Apache MINA Project</a> 026 * @since MINA 2.0.0-M3 027 */ 028public class SocksProxyConstants { 029 /** 030 * SOCKS versions field values. 031 */ 032 public final static byte SOCKS_VERSION_4 = 0x04; 033 034 public final static byte SOCKS_VERSION_5 = 0x05; 035 036 public final static byte TERMINATOR = 0x00; 037 038 /** 039 * The size of a server to client response in a SOCKS4/4a negotiation. 040 */ 041 public final static int SOCKS_4_RESPONSE_SIZE = 8; 042 043 /** 044 * Invalid IP used in SOCKS 4a protocol to specify that the 045 * client can't resolve the destination host's domain name. 046 */ 047 public final static byte[] FAKE_IP = new byte[] { 0, 0, 0, 10 }; 048 049 /** 050 * Command codes. 051 */ 052 public final static byte ESTABLISH_TCPIP_STREAM = 0x01; 053 054 public final static byte ESTABLISH_TCPIP_BIND = 0x02; 055 056 public final static byte ESTABLISH_UDP_ASSOCIATE = 0x03; 057 058 /** 059 * SOCKS v4/v4a server reply codes. 060 */ 061 public final static byte V4_REPLY_REQUEST_GRANTED = 0x5a; 062 063 public final static byte V4_REPLY_REQUEST_REJECTED_OR_FAILED = 0x5b; 064 065 public final static byte V4_REPLY_REQUEST_FAILED_NO_IDENTD = 0x5c; 066 067 public final static byte V4_REPLY_REQUEST_FAILED_ID_NOT_CONFIRMED = 0x5d; 068 069 /** 070 * SOCKS v5 server reply codes. 071 */ 072 public final static byte V5_REPLY_SUCCEEDED = 0x00; 073 074 public final static byte V5_REPLY_GENERAL_FAILURE = 0x01; 075 076 public final static byte V5_REPLY_NOT_ALLOWED = 0x02; 077 078 public final static byte V5_REPLY_NETWORK_UNREACHABLE = 0x03; 079 080 public final static byte V5_REPLY_HOST_UNREACHABLE = 0x04; 081 082 public final static byte V5_REPLY_CONNECTION_REFUSED = 0x05; 083 084 public final static byte V5_REPLY_TTL_EXPIRED = 0x06; 085 086 public final static byte V5_REPLY_COMMAND_NOT_SUPPORTED = 0x07; 087 088 public final static byte V5_REPLY_ADDRESS_TYPE_NOT_SUPPORTED = 0x08; 089 090 /** 091 * SOCKS v5 address types. 092 */ 093 public final static byte IPV4_ADDRESS_TYPE = 0x01; 094 095 public final static byte DOMAIN_NAME_ADDRESS_TYPE = 0x03; 096 097 public final static byte IPV6_ADDRESS_TYPE = 0x04; 098 099 /** 100 * SOCKS v5 handshake steps. 101 */ 102 public final static int SOCKS5_GREETING_STEP = 0; 103 104 public final static int SOCKS5_AUTH_STEP = 1; 105 106 public final static int SOCKS5_REQUEST_STEP = 2; 107 108 /** 109 * SOCKS v5 authentication methods. 110 */ 111 public final static byte NO_AUTH = 0x00; 112 113 public final static byte GSSAPI_AUTH = 0x01; 114 115 public final static byte BASIC_AUTH = 0x02; 116 117 public final static byte NO_ACCEPTABLE_AUTH_METHOD = (byte) 0xFF; 118 119 public final static byte[] SUPPORTED_AUTH_METHODS = new byte[] { NO_AUTH, GSSAPI_AUTH, BASIC_AUTH }; 120 121 public final static byte BASIC_AUTH_SUBNEGOTIATION_VERSION = 0x01; 122 123 public final static byte GSSAPI_AUTH_SUBNEGOTIATION_VERSION = 0x01; 124 125 public final static byte GSSAPI_MSG_TYPE = 0x01; 126 127 /** 128 * Kerberos providers OID's. 129 */ 130 public final static String KERBEROS_V5_OID = "1.2.840.113554.1.2.2"; 131 132 public final static String MS_KERBEROS_V5_OID = "1.2.840.48018.1.2.2"; 133 134 /** 135 * Microsoft NTLM security support provider. 136 */ 137 public final static String NTLMSSP_OID = "1.3.6.1.4.1.311.2.2.10"; 138 139 /** 140 * Return the string associated with the specified reply code. 141 * 142 * @param code the reply code 143 * @return the reply string 144 */ 145 public final static String getReplyCodeAsString(byte code) { 146 switch (code) { 147 // v4 & v4a codes 148 case V4_REPLY_REQUEST_GRANTED: 149 return "Request granted"; 150 case V4_REPLY_REQUEST_REJECTED_OR_FAILED: 151 return "Request rejected or failed"; 152 case V4_REPLY_REQUEST_FAILED_NO_IDENTD: 153 return "Request failed because client is not running identd (or not reachable from the server)"; 154 case V4_REPLY_REQUEST_FAILED_ID_NOT_CONFIRMED: 155 return "Request failed because client's identd could not confirm the user ID string in the request"; 156 157 // v5 codes 158 case V5_REPLY_SUCCEEDED: 159 return "Request succeeded"; 160 case V5_REPLY_GENERAL_FAILURE: 161 return "Request failed: general SOCKS server failure"; 162 case V5_REPLY_NOT_ALLOWED: 163 return "Request failed: connection not allowed by ruleset"; 164 case V5_REPLY_NETWORK_UNREACHABLE: 165 return "Request failed: network unreachable"; 166 case V5_REPLY_HOST_UNREACHABLE: 167 return "Request failed: host unreachable"; 168 case V5_REPLY_CONNECTION_REFUSED: 169 return "Request failed: connection refused"; 170 case V5_REPLY_TTL_EXPIRED: 171 return "Request failed: TTL expired"; 172 case V5_REPLY_COMMAND_NOT_SUPPORTED: 173 return "Request failed: command not supported"; 174 case V5_REPLY_ADDRESS_TYPE_NOT_SUPPORTED: 175 return "Request failed: address type not supported"; 176 177 default: 178 return "Unknown reply code"; 179 } 180 } 181}