Class AbstractSession

All Implemented Interfaces:
Closeable, AutoCloseable, Channel, AttributeRepository, AttributeStore, MutableUserHolder, UsernameHolder, ChannelListenerManager, ChannelStreamWriterResolver, ChannelStreamWriterResolverManager, Closeable, FactoryManagerHolder, PortForwardingEventListenerManager, PortForwardingInformationProvider, KexExtensionHandlerManager, KexFactoryManager, PropertyResolver, ReservedSessionMessagesManager, Session, SessionContext, SessionDisconnectHandlerManager, SessionHeartbeatController, SessionListenerManager, UnknownChannelReferenceHandlerManager, SignatureFactoriesHolder, SignatureFactoriesManager, ConnectionEndpointsIndicator
Direct Known Subclasses:
AbstractClientSession, AbstractServerSession

public abstract class AbstractSession extends SessionHelper

The AbstractSession handles all the basic SSH protocol such as key exchange, authentication, encoding and decoding. Both server side and client side sessions should inherit from this abstract class. Some basic packet processing methods are defined but the actual call to these methods should be done from the handleMessage(Buffer) method, which is dependent on the state and side of this session.

TODO: if there is any very big packet, decoderBuffer and uncompressBuffer will get quite big and they won't be resized down at any time. Though the packet size is really limited by the channel max packet size
  • Field Details

    • SESSION

      public static final String SESSION
      Name of the property where this session is stored in the attributes of the underlying MINA session. See getSession(IoSession, boolean) and attachSession(IoSession, AbstractSession).
      See Also:
    • random

      protected final Random random
      The pseudo random generator
    • sessionListeners

      protected final Collection<SessionListener> sessionListeners
      Session listeners container
    • sessionListenerProxy

      protected final SessionListener sessionListenerProxy
    • channelListeners

      protected final Collection<ChannelListener> channelListeners
      Channel events listener container
    • channelListenerProxy

      protected final ChannelListener channelListenerProxy
    • tunnelListeners

      protected final Collection<PortForwardingEventListener> tunnelListeners
      Port forwarding events listener container
    • tunnelListenerProxy

      protected final PortForwardingEventListener tunnelListenerProxy
    • sessionId

      protected byte[] sessionId
    • serverVersion

      protected String serverVersion
    • clientVersion

      protected String clientVersion
    • serverProposal

      protected final Map<KexProposalOption,String> serverProposal
    • unmodServerProposal

      protected final Map<KexProposalOption,String> unmodServerProposal
    • clientProposal

      protected final Map<KexProposalOption,String> clientProposal
    • unmodClientProposal

      protected final Map<KexProposalOption,String> unmodClientProposal
    • negotiationResult

      protected final Map<KexProposalOption,String> negotiationResult
    • unmodNegotiationResult

      protected final Map<KexProposalOption,String> unmodNegotiationResult
    • kex

      protected KeyExchange kex
    • firstKexPacketFollows

      protected Boolean firstKexPacketFollows
    • kexState

      protected final AtomicReference<KexState> kexState
    • kexFutureHolder

      protected final AtomicReference<DefaultKeyExchangeFuture> kexFutureHolder
    • outCipher

      protected Cipher outCipher
    • inCipher

      protected Cipher inCipher
    • outCipherSize

      protected int outCipherSize
    • inCipherSize

      protected int inCipherSize
    • outMac

      protected Mac outMac
    • inMac

      protected Mac inMac
    • outMacSize

      protected int outMacSize
    • inMacSize

      protected int inMacSize
    • inMacResult

      protected byte[] inMacResult
    • outCompression

      protected Compression outCompression
    • inCompression

      protected Compression inCompression
    • seqi

      protected long seqi
    • seqo

      protected long seqo
    • uncompressBuffer

      protected SessionWorkBuffer uncompressBuffer
    • decoderBuffer

      protected final SessionWorkBuffer decoderBuffer
    • decoderState

      protected int decoderState
    • decoderLength

      protected int decoderLength
    • encodeLock

      protected final Object encodeLock
    • decodeLock

      protected final Object decodeLock
    • requestLock

      protected final Object requestLock
    • inPacketsCount

      protected final AtomicLong inPacketsCount
    • outPacketsCount

      protected final AtomicLong outPacketsCount
    • inBytesCount

      protected final AtomicLong inBytesCount
    • outBytesCount

      protected final AtomicLong outBytesCount
    • inBlocksCount

      protected final AtomicLong inBlocksCount
    • outBlocksCount

      protected final AtomicLong outBlocksCount
    • lastKeyTimeValue

      protected final AtomicReference<Instant> lastKeyTimeValue
    • maxRekyPackets

      protected long maxRekyPackets
    • maxRekeyBytes

      protected long maxRekeyBytes
    • maxRekeyInterval

      protected Duration maxRekeyInterval
    • pendingPackets

      protected final Queue<PendingWriteFuture> pendingPackets
    • currentService

      protected Service currentService
    • globalRequestSeqo

      protected final AtomicLong globalRequestSeqo
    • pendingGlobalRequest

      protected final AtomicReference<String> pendingGlobalRequest
    • ignorePacketDataLength

      protected int ignorePacketDataLength
    • ignorePacketsFrequency

      protected long ignorePacketsFrequency
    • ignorePacketsVariance

      protected int ignorePacketsVariance
    • maxRekeyBlocks

      protected final AtomicLong maxRekeyBlocks
    • ignorePacketsCount

      protected final AtomicLong ignorePacketsCount
    • requestResult

      private final AtomicReference<Object> requestResult
      Used to wait for global requests result synchronous wait
    • clientKexData

      private byte[] clientKexData
    • serverKexData

      private byte[] serverKexData
  • Constructor Details

    • AbstractSession

      protected AbstractSession(boolean serverSession, FactoryManager factoryManager, IoSession ioSession)
      Create a new session.
      Parameters:
      serverSession - true if this is a server session, false if client one
      factoryManager - the factory manager
      ioSession - the underlying I/O session
  • Method Details

    • calculatePadLength

      public static int calculatePadLength(int len, int blockSize, boolean etmMode)
      Parameters:
      len - The packet payload size
      blockSize - The cipher block size
      etmMode - Whether using "encrypt-then-MAC" mode
      Returns:
      The required padding length
    • getServerVersion

      public String getServerVersion()
      Description copied from interface: SessionContext
      Retrieve the server version for this session.
      Returns:
      the server version - may be null/empty if versions not yet exchanged
    • getServerKexProposals

      public Map<KexProposalOption,String> getServerKexProposals()
      Returns:
      An un-modifiable map of the latest KEX client proposal options. May be empty if KEX not yet completed or re-keying in progress
      See Also:
    • getClientVersion

      public String getClientVersion()
      Description copied from interface: SessionContext
      Retrieve the client version for this session.
      Returns:
      the client version - may be null/empty if versions not yet exchanged
    • getClientKexProposals

      public Map<KexProposalOption,String> getClientKexProposals()
      Returns:
      An un-modifiable map of the latest KEX client proposal options May be empty if KEX not yet completed or re-keying in progress
      See Also:
    • getKex

      public KeyExchange getKex()
      Returns:
      The current KeyExchange in progress - null if KEX not started or successfully completed
    • getKexState

      public KexState getKexState()
    • getSessionId

      public byte[] getSessionId()
      Returns:
      A clone of the established session identifier - null if not yet established
    • getKexNegotiationResult

      public Map<KexProposalOption,String> getKexNegotiationResult()
    • getNegotiatedKexParameter

      public String getNegotiatedKexParameter(KexProposalOption paramType)
      Description copied from interface: SessionContext
      Retrieve one of the negotiated values during the KEX stage
      Parameters:
      paramType - The request KexProposalOption value - ignored if null
      Returns:
      The negotiated parameter value - null if invalid parameter or no negotiated value.
      See Also:
    • getCipherInformation

      public CipherInformation getCipherInformation(boolean incoming)
      Description copied from interface: SessionContext
      Retrieves current cipher information - Note: may change if key re-exchange executed
      Parameters:
      incoming - If true then the cipher for the incoming data, otherwise for the outgoing data
      Returns:
      The CipherInformation - or null if not negotiated yet.
    • getCompressionInformation

      public CompressionInformation getCompressionInformation(boolean incoming)
      Description copied from interface: SessionContext
      Retrieves current compression information - Note: may change if key re-exchange executed
      Parameters:
      incoming - If true then the compression for the incoming data, otherwise for the outgoing data
      Returns:
      The CompressionInformation - or null if not negotiated yet.
    • getMacInformation

      public MacInformation getMacInformation(boolean incoming)
      Description copied from interface: SessionContext
      Retrieves current MAC information - Note: may change if key re-exchange executed
      Parameters:
      incoming - If true then the MAC for the incoming data, otherwise for the outgoing data
      Returns:
      The MacInformation - or null if not negotiated yet.
    • messageReceived

      public void messageReceived(Readable buffer) throws Exception

      Main input point for the MINA framework.

      This method will be called each time new data is received on the socket and will append it to the input buffer before calling the decode() method.

      Parameters:
      buffer - the new buffer received
      Throws:
      Exception - if an error occurs while decoding or handling the data
    • refreshConfiguration

      protected void refreshConfiguration()
      Refresh whatever internal configuration is not final
    • handleMessage

      protected void handleMessage(Buffer buffer) throws Exception
      Abstract method for processing incoming decoded packets. The given buffer will hold the decoded packet, starting from the command byte at the read position.
      Parameters:
      buffer - The Buffer containing the packet - it may be re-used to generate the response once request has been decoded
      Throws:
      Exception - if an exception occurs while handling this packet.
      See Also:
    • doHandleMessage

      protected void doHandleMessage(Buffer buffer) throws Exception
      Throws:
      Exception
    • handleFirstKexPacketFollows

      protected boolean handleFirstKexPacketFollows(int cmd, Buffer buffer, boolean followFlag)
    • comparePreferredKexProposalOption

      protected Map.Entry<String,String> comparePreferredKexProposalOption(KexProposalOption option)
      Compares the specified KexProposalOption option value for client vs. server
      Parameters:
      option - The option to check
      Returns:
      null if option is equal, otherwise a key/value pair where key=client option value and value=the server-side one
    • sendNewKeys

      protected IoWriteFuture sendNewKeys() throws IOException
      Send a message to put new keys into use.
      Returns:
      An IoWriteFuture that can be used to wait and check the result of sending the packet
      Throws:
      IOException - if an error occurs sending the message
    • handleKexMessage

      protected void handleKexMessage(int cmd, Buffer buffer) throws Exception
      Throws:
      Exception
    • handleKexExtension

      protected void handleKexExtension(int cmd, Buffer buffer) throws Exception
      Throws:
      Exception
    • handleNewCompression

      protected void handleNewCompression(int cmd, Buffer buffer) throws Exception
      Throws:
      Exception
    • handleServiceRequest

      protected void handleServiceRequest(Buffer buffer) throws Exception
      Throws:
      Exception
    • handleServiceRequest

      protected boolean handleServiceRequest(String serviceName, Buffer buffer) throws Exception
      Throws:
      Exception
    • handleServiceAccept

      protected void handleServiceAccept(Buffer buffer) throws Exception
      Throws:
      Exception
    • handleServiceAccept

      protected void handleServiceAccept(String serviceName, Buffer buffer) throws Exception
      Throws:
      Exception
    • handleKexInit

      protected void handleKexInit(Buffer buffer) throws Exception
      Throws:
      Exception
    • doKexNegotiation

      protected void doKexNegotiation() throws Exception
      Throws:
      Exception
    • handleNewKeys

      protected void handleNewKeys(int cmd, Buffer buffer) throws Exception
      Throws:
      Exception
    • sendPendingPackets

      Throws:
      IOException
    • validateKexState

      protected void validateKexState(int cmd, KexState expected)
    • getInnerCloseable

      protected Closeable getInnerCloseable()
      Specified by:
      getInnerCloseable in class AbstractInnerCloseable
    • preClose

      protected void preClose()
      Description copied from class: AbstractCloseable
      preClose is guaranteed to be called before doCloseGracefully or doCloseImmediately. When preClose() is called, isClosing() == true
      Overrides:
      preClose in class AbstractCloseable
    • getServices

      protected List<Service> getServices()
    • getService

      public <T extends Service> T getService(Class<T> clazz)
      Description copied from interface: Session
      Get the service of the specified type. If the service is not of the specified class, an IllegalStateException will be thrown.
      Type Parameters:
      T - The generic Service type
      Parameters:
      clazz - The service class
      Returns:
      The service instance
    • preProcessEncodeBuffer

      protected Buffer preProcessEncodeBuffer(int cmd, Buffer buffer) throws IOException
      Description copied from class: SessionHelper
      Invoked by the session before encoding the buffer in order to make sure that it is at least of size SSH_PACKET_HEADER_LEN. This is required in order to efficiently handle the encoding. If necessary, it re-allocates a new buffer and returns it instead.
      Overrides:
      preProcessEncodeBuffer in class SessionHelper
      Parameters:
      cmd - The command stored in the buffer
      buffer - The original Buffer - assumed to be properly formatted and be of at least the required minimum length.
      Returns:
      The adjusted Buffer. Note: users may use this method to totally alter the contents of the buffer being sent but it is highly discouraged as it may have unexpected results.
      Throws:
      IOException - If failed to process the buffer
    • writePacket

      public IoWriteFuture writePacket(Buffer buffer) throws IOException
      Description copied from interface: Session
      Encode and send the given buffer. The buffer has to have 5 bytes free at the beginning to allow the encoding to take place. Also, the write position of the buffer has to be set to the position of the last byte to write.
      Parameters:
      buffer - the buffer to encode and send
      Returns:
      An IoWriteFuture that can be used to check when the packet has actually been sent
      Throws:
      IOException - if an error occurred when encoding sending the packet
    • enqueuePendingPacket

      protected PendingWriteFuture enqueuePendingPacket(Buffer buffer)
      Checks if key-exchange is done - if so, or the packet is related to the key-exchange protocol, then allows the packet to go through, otherwise enqueues it to be sent when key-exchange completed
      Parameters:
      buffer - The Buffer containing the packet to be sent
      Returns:
      A PendingWriteFuture if enqueued, null if packet can go through.
    • resolveOutputPacket

      protected Buffer resolveOutputPacket(Buffer buffer) throws IOException
      Throws:
      IOException
    • doWritePacket

      protected IoWriteFuture doWritePacket(Buffer buffer) throws IOException
      Throws:
      IOException
    • resolveIgnoreBufferDataLength

      protected int resolveIgnoreBufferDataLength()
    • request

      public Buffer request(String request, Buffer buffer, long maxWaitMillis) throws IOException
      Description copied from interface: Session
      Send a global request and wait for the response. This must only be used when sending a SSH_MSG_GLOBAL_REQUEST with a result expected, else it will time out
      Parameters:
      request - the request name - used mainly for logging and debugging
      buffer - the buffer containing the global request
      maxWaitMillis - Max. time to wait for response (millis) - must be positive
      Returns:
      the return buffer if the request was successful, null otherwise.
      Throws:
      IOException - if an error occurred when encoding or sending the packet
      SocketTimeoutException - If no response received within specified timeout
    • doInvokeUnimplementedMessageHandler

      protected boolean doInvokeUnimplementedMessageHandler(int cmd, Buffer buffer) throws Exception
      Overrides:
      doInvokeUnimplementedMessageHandler in class SessionHelper
      Parameters:
      cmd - The unimplemented command
      buffer - The input Buffer
      Returns:
      Result of invoking handleUnimplementedMessage
      Throws:
      Exception - if failed to handle the message
    • createBuffer

      public Buffer createBuffer(byte cmd, int len)
      Description copied from interface: Session
      Create a new buffer for the specified SSH packet and reserve the needed space (5 bytes) for the packet header.
      Parameters:
      cmd - The SSH command to initialize the buffer with
      len - Estimated number of bytes the buffer will hold, 0 if unknown.
      Returns:
      a new buffer ready for write
      See Also:
    • prepareBuffer

      public Buffer prepareBuffer(byte cmd, Buffer buffer)
      Description copied from interface: Session
      Prepare a new "clean" buffer while reserving the needed space (5 bytes) for the packet header.
      Parameters:
      cmd - The SSH command to initialize the buffer with
      buffer - The Buffer instance to initialize
      Returns:
      The initialized buffer
    • validateTargetBuffer

      protected <B extends Buffer> B validateTargetBuffer(int cmd, B buffer)
      Makes sure that the buffer used for output is not null or one of the session's internal ones used for decoding and uncompressing
      Type Parameters:
      B - The Buffer type being validated
      Parameters:
      cmd - The most likely command this buffer refers to (not guaranteed to be correct)
      buffer - The buffer to be examined
      Returns:
      The validated target instance - default same as input
      Throws:
      IllegalArgumentException - if any of the conditions is violated
    • encode

      protected Buffer encode(Buffer buffer) throws IOException
      Encode a buffer into the SSH protocol. Note: This method must be called inside a synchronized block using encodeLock.
      Parameters:
      buffer - the buffer to encode
      Returns:
      The encoded buffer - may be different than original if input buffer does not have enough room for SshConstants.SSH_PACKET_HEADER_LEN, in which case a substitute buffer will be created and used.
      Throws:
      IOException - if an exception occurs during the encoding process
    • aeadOutgoingBuffer

      protected void aeadOutgoingBuffer(Buffer buf, int offset, int len) throws Exception
      Throws:
      Exception
    • appendOutgoingMac

      protected void appendOutgoingMac(Buffer buf, int offset, int len) throws Exception
      Throws:
      Exception
    • encryptOutgoingBuffer

      protected void encryptOutgoingBuffer(Buffer buf, int offset, int len) throws Exception
      Throws:
      Exception
    • decode

      protected void decode() throws Exception
      Decode the incoming buffer and handle packets as needed.
      Throws:
      Exception - If failed to decode
    • validateIncomingMac

      protected void validateIncomingMac(byte[] data, int offset, int len) throws Exception
      Throws:
      Exception
    • readIdentification

      protected abstract boolean readIdentification(Buffer buffer) throws Exception
      Read the other side identification. This method is specific to the client or server side, but both should call SessionHelper.doReadIdentification(Buffer, boolean) and store the result in the needed property.
      Parameters:
      buffer - The Buffer containing the remote identification
      Returns:
      true if the identification has been fully read or false if more data is needed
      Throws:
      Exception - if an error occurs such as a bad protocol version or unsuccessful KEX was involved
    • sendKexInit

      protected byte[] sendKexInit(Map<KexProposalOption,String> proposal) throws IOException
      Send the key exchange initialization packet. This packet contains random data along with our proposal.
      Parameters:
      proposal - our proposal for key exchange negotiation
      Returns:
      the sent packet data which must be kept for later use when deriving the session keys
      Throws:
      IOException - if an error occurred sending the packet
    • receiveKexInit

      protected byte[] receiveKexInit(Buffer buffer, Map<KexProposalOption,String> proposal) throws IOException
      Receive the remote key exchange init message. The packet data is returned for later use.
      Parameters:
      buffer - the Buffer containing the key exchange init packet
      proposal - the remote proposal to fill
      Returns:
      the packet data
      Throws:
      IOException - If failed to handle the message
    • receiveNewKeys

      protected void receiveNewKeys() throws Exception
      Put new keys into use. This method will initialize the ciphers, digests, macs and compression according to the negotiated server and client proposals.
      Throws:
      Exception - if an error occurs
    • notImplemented

      protected IoWriteFuture notImplemented(int cmd, Buffer buffer) throws Exception
      Send a SSH_MSG_UNIMPLEMENTED packet. This packet should contain the sequence id of the unsupported packet: this number is assumed to be the last packet received.
      Parameters:
      cmd - The un-implemented command value
      buffer - The Buffer that contains the command. Note: the buffer's read position is just beyond the command.
      Returns:
      An IoWriteFuture that can be used to wait for packet write completion - null if the registered ReservedSessionMessagesHandler decided to handle the command internally
      Throws:
      Exception - if an error occurred while handling the packet.
      See Also:
    • negotiate

      protected Map<KexProposalOption,String> negotiate() throws IOException
      Compute the negotiated proposals by merging the client and server proposal. The negotiated proposal will also be stored in the negotiationResult property.
      Returns:
      The negotiated options Map
      Throws:
      IOException - If negotiation failed
    • setNegotiationResult

      protected Map<KexProposalOption,String> setNegotiationResult(Map<KexProposalOption,String> guess)
    • requestSuccess

      protected void requestSuccess(Buffer buffer) throws Exception
      Indicates the reception of a SSH_MSG_REQUEST_SUCCESS message
      Parameters:
      buffer - The Buffer containing the message data
      Throws:
      Exception - If failed to handle the message
    • requestFailure

      protected void requestFailure(Buffer buffer) throws Exception
      Indicates the reception of a SSH_MSG_REQUEST_FAILURE message
      Parameters:
      buffer - The Buffer containing the message data
      Throws:
      Exception - If failed to handle the message
    • signalRequestFailure

      protected void signalRequestFailure()
      Marks the current pending global request result as failed
    • addSessionListener

      public void addSessionListener(SessionListener listener)
      Description copied from interface: SessionListenerManager
      Add a session listener.
      Parameters:
      listener - The SessionListener to add - not null
    • removeSessionListener

      public void removeSessionListener(SessionListener listener)
      Description copied from interface: SessionListenerManager
      Remove a session listener.
      Parameters:
      listener - The SessionListener to remove
    • getSessionListenerProxy

      public SessionListener getSessionListenerProxy()
      Returns:
      A (never null proxy SessionListener that represents all the currently registered listeners. Any method invocation on the proxy is replicated to the currently registered listeners
    • addChannelListener

      public void addChannelListener(ChannelListener listener)
      Description copied from interface: ChannelListenerManager
      Add a channel listener
      Parameters:
      listener - The ChannelListener to add - not null
    • removeChannelListener

      public void removeChannelListener(ChannelListener listener)
      Description copied from interface: ChannelListenerManager
      Remove a channel listener
      Parameters:
      listener - The ChannelListener to remove
    • getChannelListenerProxy

      public ChannelListener getChannelListenerProxy()
      Returns:
      A (never null proxy ChannelListener that represents all the currently registered listeners. Any method invocation on the proxy is replicated to the currently registered listeners
    • getPortForwardingEventListenerProxy

      public PortForwardingEventListener getPortForwardingEventListenerProxy()
      Returns:
      A proxy listener representing all the currently registered listener through this manager
    • addPortForwardingEventListener

      public void addPortForwardingEventListener(PortForwardingEventListener listener)
      Description copied from interface: PortForwardingEventListenerManager
      Add a port forwarding listener
      Parameters:
      listener - The PortForwardingEventListener to add - never null
    • removePortForwardingEventListener

      public void removePortForwardingEventListener(PortForwardingEventListener listener)
      Description copied from interface: PortForwardingEventListenerManager
      Remove a port forwarding listener
      Parameters:
      listener - The PortForwardingEventListener to remove - ignored if null
    • reExchangeKeys

      public KeyExchangeFuture reExchangeKeys() throws IOException
      Description copied from interface: Session
      Initiate a new key exchange.
      Returns:
      A KeyExchangeFuture for awaiting the completion of the exchange
      Throws:
      IOException - If failed to request keys re-negotiation
    • checkRekey

      protected KeyExchangeFuture checkRekey() throws IOException, GeneralSecurityException
      Checks if a re-keying is required and if so initiates it
      Returns:
      A KeyExchangeFuture to wait for the initiated exchange or null if no need to re-key or an exchange is already in progress
      Throws:
      IOException - If failed load the keys or send the request
      GeneralSecurityException - If failed to generate the necessary keys
      See Also:
    • requestNewKeysExchange

      protected KeyExchangeFuture requestNewKeysExchange() throws IOException, GeneralSecurityException
      Initiates a new keys exchange if one not already in progress
      Returns:
      A KeyExchangeFuture to wait for the initiated exchange or null if an exchange is already in progress
      Throws:
      IOException - If failed to load the keys or send the request
      GeneralSecurityException - If failed to generate the keys
    • isRekeyRequired

      protected boolean isRekeyRequired()
    • isRekeyTimeIntervalExceeded

      protected boolean isRekeyTimeIntervalExceeded()
    • isRekeyPacketCountsExceeded

      protected boolean isRekeyPacketCountsExceeded()
    • isRekeyDataSizeExceeded

      protected boolean isRekeyDataSizeExceeded()
    • isRekeyBlocksCountExceeded

      protected boolean isRekeyBlocksCountExceeded()
    • resolveSessionKexProposal

      protected String resolveSessionKexProposal(String hostKeyTypes) throws IOException
      Overrides:
      resolveSessionKexProposal in class SessionHelper
      Throws:
      IOException
    • sendKexInit

      protected byte[] sendKexInit() throws IOException, GeneralSecurityException
      Throws:
      IOException
      GeneralSecurityException
    • getClientKexData

      protected byte[] getClientKexData()
    • setClientKexData

      protected void setClientKexData(byte[] data)
    • getServerKexData

      protected byte[] getServerKexData()
    • setServerKexData

      protected void setServerKexData(byte[] data)
    • setKexSeed

      protected abstract void setKexSeed(byte... seed)
      Parameters:
      seed - The result of the KEXINIT handshake - required for correct session key establishment
    • resolveAvailableSignaturesProposal

      protected String resolveAvailableSignaturesProposal() throws IOException, GeneralSecurityException
      Returns:
      A comma-separated list of all the signature protocols to be included in the proposal - null/empty if no proposal
      Throws:
      IOException - If failed to read/parse the keys data
      GeneralSecurityException - If failed to generate the keys
      See Also:
    • resolveAvailableSignaturesProposal

      protected abstract String resolveAvailableSignaturesProposal(FactoryManager manager) throws IOException, GeneralSecurityException
      Parameters:
      manager - The FactoryManager
      Returns:
      A comma-separated list of all the signature protocols to be included in the proposal - null/empty if no proposal
      Throws:
      IOException - If failed to read/parse the keys data
      GeneralSecurityException - If failed to generate the keys
    • checkKeys

      protected abstract void checkKeys() throws IOException
      Indicates the the key exchange is completed and the exchanged keys can now be verified - e.g., client can verify the server's key
      Throws:
      IOException - If validation failed
    • receiveKexInit

      protected byte[] receiveKexInit(Buffer buffer) throws Exception
      Throws:
      Exception
    • receiveKexInit

      protected abstract void receiveKexInit(Map<KexProposalOption,String> proposal, byte[] seed) throws IOException
      Throws:
      IOException
    • getSession

      public static AbstractSession getSession(IoSession ioSession) throws MissingAttachedSessionException
      Retrieve the SSH session from the I/O session. If the session has not been attached, an exception will be thrown
      Parameters:
      ioSession - The IoSession
      Returns:
      The SSH session attached to the I/O session
      Throws:
      MissingAttachedSessionException - if no attached SSH session
      See Also:
    • attachSession

      public static void attachSession(IoSession ioSession, AbstractSession session) throws MultipleAttachedSessionException
      Attach an SSH AbstractSession to the I/O session
      Parameters:
      ioSession - The IoSession
      session - The SSH session to attach
      Throws:
      MultipleAttachedSessionException - If a previous session already attached
    • getSession

      public static AbstractSession getSession(IoSession ioSession, boolean allowNull) throws MissingAttachedSessionException
      Retrieve the session SSH from the I/O session. If the session has not been attached and allowNull is false, an exception will be thrown, otherwise a null will be returned.
      Parameters:
      ioSession - The IoSession
      allowNull - If true, a null value may be returned if no session is attached
      Returns:
      the session attached to the I/O session or null
      Throws:
      MissingAttachedSessionException - if no attached session and allowNull=false