View Javadoc
1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License.
18   *
19   */
20  package org.apache.mina.proxy.handlers.socks;
21  
22  /**
23   * SocksProxyConstants.java - SOCKS proxy constants.
24   * 
25   * @author <a href="http://mina.apache.org">Apache MINA Project</a>
26   * @since MINA 2.0.0-M3
27   */
28  public class SocksProxyConstants {
29      /**
30       * SOCKS versions field values.
31       */
32      public final static byte SOCKS_VERSION_4 = 0x04;
33  
34      public final static byte SOCKS_VERSION_5 = 0x05;
35  
36      public final static byte TERMINATOR = 0x00;
37  
38      /**
39       * The size of a server to client response in a SOCKS4/4a negotiation.
40       */
41      public final static int SOCKS_4_RESPONSE_SIZE = 8;
42  
43      /**
44       * Invalid IP used in SOCKS 4a protocol to specify that the
45       * client can't resolve the destination host's domain name.
46       */
47      public final static byte[] FAKE_IP = new byte[] { 0, 0, 0, 10 };
48  
49      /**
50       * Command codes. 
51       */
52      public final static byte ESTABLISH_TCPIP_STREAM = 0x01;
53  
54      public final static byte ESTABLISH_TCPIP_BIND = 0x02;
55  
56      public final static byte ESTABLISH_UDP_ASSOCIATE = 0x03;
57  
58      /**
59       * SOCKS v4/v4a server reply codes.
60       */
61      public final static byte V4_REPLY_REQUEST_GRANTED = 0x5a;
62  
63      public final static byte V4_REPLY_REQUEST_REJECTED_OR_FAILED = 0x5b;
64  
65      public final static byte V4_REPLY_REQUEST_FAILED_NO_IDENTD = 0x5c;
66  
67      public final static byte V4_REPLY_REQUEST_FAILED_ID_NOT_CONFIRMED = 0x5d;
68  
69      /**
70       * SOCKS v5 server reply codes.
71       */
72      public final static byte V5_REPLY_SUCCEEDED = 0x00;
73  
74      public final static byte V5_REPLY_GENERAL_FAILURE = 0x01;
75  
76      public final static byte V5_REPLY_NOT_ALLOWED = 0x02;
77  
78      public final static byte V5_REPLY_NETWORK_UNREACHABLE = 0x03;
79  
80      public final static byte V5_REPLY_HOST_UNREACHABLE = 0x04;
81  
82      public final static byte V5_REPLY_CONNECTION_REFUSED = 0x05;
83  
84      public final static byte V5_REPLY_TTL_EXPIRED = 0x06;
85  
86      public final static byte V5_REPLY_COMMAND_NOT_SUPPORTED = 0x07;
87  
88      public final static byte V5_REPLY_ADDRESS_TYPE_NOT_SUPPORTED = 0x08;
89  
90      /**
91       * SOCKS v5 address types.
92       */
93      public final static byte IPV4_ADDRESS_TYPE = 0x01;
94  
95      public final static byte DOMAIN_NAME_ADDRESS_TYPE = 0x03;
96  
97      public final static byte IPV6_ADDRESS_TYPE = 0x04;
98  
99      /**
100      * SOCKS v5 handshake steps.
101      */
102     public final static int SOCKS5_GREETING_STEP = 0;
103 
104     public final static int SOCKS5_AUTH_STEP = 1;
105 
106     public final static int SOCKS5_REQUEST_STEP = 2;
107 
108     /**
109      * SOCKS v5 authentication methods.
110      */
111     public final static byte NO_AUTH = 0x00;
112 
113     public final static byte GSSAPI_AUTH = 0x01;
114 
115     public final static byte BASIC_AUTH = 0x02;
116 
117     public final static byte NO_ACCEPTABLE_AUTH_METHOD = (byte) 0xFF;
118 
119     public final static byte[] SUPPORTED_AUTH_METHODS = new byte[] { NO_AUTH, GSSAPI_AUTH, BASIC_AUTH };
120 
121     public final static byte BASIC_AUTH_SUBNEGOTIATION_VERSION = 0x01;
122 
123     public final static byte GSSAPI_AUTH_SUBNEGOTIATION_VERSION = 0x01;
124 
125     public final static byte GSSAPI_MSG_TYPE = 0x01;
126 
127     /**
128      * Kerberos providers OID's.
129      */
130     public final static String KERBEROS_V5_OID = "1.2.840.113554.1.2.2";
131 
132     public final static String MS_KERBEROS_V5_OID = "1.2.840.48018.1.2.2";
133 
134     /**
135      * Microsoft NTLM security support provider.
136      */
137     public final static String NTLMSSP_OID = "1.3.6.1.4.1.311.2.2.10";
138 
139     /**
140      * Return the string associated with the specified reply code.
141      * 
142      * @param code the reply code
143      * @return the reply string
144      */
145     public final static String getReplyCodeAsString(byte code) {
146         switch (code) {
147         // v4 & v4a codes
148         case V4_REPLY_REQUEST_GRANTED:
149             return "Request granted";
150         case V4_REPLY_REQUEST_REJECTED_OR_FAILED:
151             return "Request rejected or failed";
152         case V4_REPLY_REQUEST_FAILED_NO_IDENTD:
153             return "Request failed because client is not running identd (or not reachable from the server)";
154         case V4_REPLY_REQUEST_FAILED_ID_NOT_CONFIRMED:
155             return "Request failed because client's identd could not confirm the user ID string in the request";
156 
157             // v5 codes
158         case V5_REPLY_SUCCEEDED:
159             return "Request succeeded";
160         case V5_REPLY_GENERAL_FAILURE:
161             return "Request failed: general SOCKS server failure";
162         case V5_REPLY_NOT_ALLOWED:
163             return "Request failed: connection not allowed by ruleset";
164         case V5_REPLY_NETWORK_UNREACHABLE:
165             return "Request failed: network unreachable";
166         case V5_REPLY_HOST_UNREACHABLE:
167             return "Request failed: host unreachable";
168         case V5_REPLY_CONNECTION_REFUSED:
169             return "Request failed: connection refused";
170         case V5_REPLY_TTL_EXPIRED:
171             return "Request failed: TTL expired";
172         case V5_REPLY_COMMAND_NOT_SUPPORTED:
173             return "Request failed: command not supported";
174         case V5_REPLY_ADDRESS_TYPE_NOT_SUPPORTED:
175             return "Request failed: address type not supported";
176 
177         default:
178             return "Unknown reply code";
179         }
180     }
181 }