Refactor transport manager to fix invalid socket state introduced in r47. Fix issue #16.

Author: dkocher

src/main/java/ch/ethz/ssh2/Connection.java

@@ -16,11 +16,11 @@
 import ch.ethz.ssh2.server.ServerConnectionState;
 import ch.ethz.ssh2.signature.DSAPrivateKey;
 import ch.ethz.ssh2.signature.RSAPrivateKey;
-import ch.ethz.ssh2.transport.TransportManager;
+import ch.ethz.ssh2.transport.ServerTransportManager;
 
 /**
  * A server-side SSH-2 connection.
- * 
+ *
  * @author Christian
  *
  */
@@ -39,9 +39,9 @@ public class ServerConnection
 	 * <p>
 	 * Note: you need to call {@link #connect()} or {@link #connect(int)} to
 	 * perform the initial handshake and establish the encrypted communication.
-	 * 
+	 *
 	 * @see #connect(int)
-	 * 
+	 *
 	 * @param s The socket
 	 */
 	public ServerConnection(Socket s)
@@ -62,9 +62,9 @@ public ServerConnection(Socket s, String softwareversion) {
 	 * perform the initial handshake and establish the encrypted communication.
 	 * <p>
 	 * Please read the javadoc for the {@link #connect(int)} method.
-	 * 
+	 *
 	 * @see #connect(int)
-	 *  
+	 *
 	 * @param s The socket
 	 * @param dsa_key The DSA hostkey, may be <code>NULL</code>
 	 * @param rsa_key The RSA hostkey, may be <code>NULL</code>
@@ -84,9 +84,9 @@ public ServerConnection(Socket s, DSAPrivateKey dsa_key, RSAPrivateKey rsa_key)
 	 * Note: this is a wrapper that calls <code>connect(0)</code> (i.e., connect with no timeout).
 	 * <p>
 	 * Please read the javadoc for the {@link #connect(int)} method.
-	 * 
+	 *
 	 * @see #connect(int)
-	 * 
+	 *
 	 * @throws IOException
 	 */
 	public synchronized void connect() throws IOException
@@ -101,12 +101,12 @@ public synchronized void connect() throws IOException
 	 * <p>
 	 * Note 2: You must set the callbacks for authentication ({@link #setAuthenticationCallback(ServerAuthenticationCallback)})
 	 * and connection events ({@link #setServerConnectionCallback(ServerConnectionCallback)}).
-	 * 
+	 *
 	 * @see #setPEMHostKey(char[], String)
 	 * @see #setPEMHostKey(File, String)
 	 * @see #setRsaHostKey(RSAPrivateKey)
 	 * @see #setDsaHostKey(DSAPrivateKey)
-	 * 
+	 *
 	 * @param timeout_milliseconds Timeout in milliseconds, <code>0</code> means no timeout.
 	 * @throws IOException
 	 */
@@ -126,14 +126,10 @@ public synchronized void connect(int timeout_milliseconds) throws IOException
 			if ((state.next_dsa_key == null) && (state.next_rsa_key == null))
 				throw new IllegalStateException("Neither a RSA nor a DSA host key has been specified!");
 
-			state.tm = new TransportManager();
+			state.tm = new ServerTransportManager(state.s);
 		}
 
-		//tm.setSoTimeout(connectTimeout);
-		//tm.setConnectionMonitors(connectionMonitors);
-
-		state.tm.setTcpNoDelay(true);
-		state.tm.serverInit(state);
+		state.tm.connect(state);
 
 		/* Wait until first KEX has finished */
 
@@ -142,7 +138,7 @@ public synchronized void connect(int timeout_milliseconds) throws IOException
 
 	/**
 	 * Retrieve the underlying socket.
-	 * 
+	 *
 	 * @return the socket that has been passed to the constructor.
 	 */
 	public Socket getSocket()
@@ -160,7 +156,7 @@ public Socket getSocket()
 	 * <p>
 	 * Note: This implementation will never start automatically a key exchange (other than the initial one)
 	 * unless you or the connected SSH-2 client ask for it.
-	 * 
+	 *
 	 * @throws IOException
 	 *             In case of any failure behind the scenes.
 	 */
@@ -179,10 +175,10 @@ public synchronized void forceKeyExchange() throws IOException
 	/**
 	 * Returns a {@link ConnectionInfo} object containing the details of
 	 * the connection. May be called as soon as the first key exchange has been
-	 * started. The method blocks in case the first key exchange has not been completed. 
+	 * started. The method blocks in case the first key exchange has not been completed.
 	 * <p>
 	 * Note: upon return of this method, authentication may still be pending.
-	 * 
+	 *
 	 * @return A {@link ConnectionInfo} object.
 	 * @throws IOException
 	 *             In case of any failure behind the scenes; e.g., first key exchange was aborted.
@@ -201,12 +197,12 @@ public synchronized ConnectionInfo getConnectionInfo() throws IOException
 
 	/**
 	 * Change the current DSA hostkey. Either a DSA or RSA private key must be set for a successful handshake with
-	 * the client. 
+	 * the client.
 	 * <p>
 	 * Note: You can change an existing DSA hostkey after the initial kex exchange (the new value will
 	 * be used during the next server initiated key exchange), but you cannot remove (i.e., set to <code>null</code>) the
 	 * current DSA key, otherwise the next key exchange may fail in case the client supports only DSA hostkeys.
-	 * 
+	 *
 	 * @param dsa_hostkey
 	 */
 	public synchronized void setDsaHostKey(DSAPrivateKey dsa_hostkey)
@@ -223,12 +219,12 @@ public synchronized void setDsaHostKey(DSAPrivateKey dsa_hostkey)
 
 	/**
 	 * Change the current RSA hostkey. Either a DSA or RSA private key must be set for a successful handshake with
-	 * the client. 
+	 * the client.
 	 * <p>
 	 * Note: You can change an existing RSA hostkey after the initial kex exchange (the new value will
 	 * be used during the next server initiated key exchange), but you cannot remove (i.e., set to <code>null</code>) the
 	 * current RSA key, otherwise the next key exchange may fail in case the client supports only RSA hostkeys.
-	 * 
+	 *
 	 * @param rsa_hostkey
 	 */
 	public synchronized void setRsaHostKey(RSAPrivateKey rsa_hostkey)
@@ -246,8 +242,8 @@ public synchronized void setRsaHostKey(RSAPrivateKey rsa_hostkey)
 	/**
 	 * Utility method that loads a PEM based hostkey (either RSA or DSA based) and
 	 * calls either <code>setRsaHostKey()</code> or <code>setDsaHostKey()</code>.
-	 * 
-	 * @param pemfile The PEM data
+	 *
+	 * @param pemdata The PEM data
 	 * @param password Password, may be null in case the PEM data is not password protected
 	 * @throws IOException In case of any error.
 	 */
@@ -265,7 +261,7 @@ public void setPEMHostKey(char[] pemdata, String password) throws IOException
 	/**
 	 * Utility method that loads a hostkey from a PEM file (either RSA or DSA based) and
 	 * calls either <code>setRsaHostKey()</code> or <code>setDsaHostKey()</code>.
-	 * 
+	 *
 	 * @param pemFile The PEM file
 	 * @param password Password, may be null in case the PEM file is not password protected
 	 * @throws IOException
@@ -312,7 +308,7 @@ else if (next_rsa_key != null)
 	 * generated by the client (e.g., client opens a new Session which results in a <code>ServerSession</code>).
 	 * <p>
 	 * Note: This must be set before the first handshake.
-	 * 
+	 *
 	 * @param cb The callback implementation
 	 */
 	public synchronized void setServerConnectionCallback(ServerConnectionCallback cb)
@@ -327,7 +323,7 @@ public synchronized void setServerConnectionCallback(ServerConnectionCallback cb
 	 * Callback interface with methods that will be called upon authentication events.
 	 * <p>
 	 * Note: This must be set before the first handshake.
-	 * 
+	 *
 	 * @param cb The callback implementation
 	 */
 	public synchronized void setAuthenticationCallback(ServerAuthenticationCallback cb)

src/main/java/ch/ethz/ssh2/ServerConnection.java

@@ -30,15 +30,15 @@
 import ch.ethz.ssh2.signature.RSAPrivateKey;
 import ch.ethz.ssh2.signature.RSASHA1Verify;
 import ch.ethz.ssh2.signature.RSASignature;
+import ch.ethz.ssh2.transport.ClientTransportManager;
 import ch.ethz.ssh2.transport.MessageHandler;
-import ch.ethz.ssh2.transport.TransportManager;
 
 /**
  * @author Christian Plattner
  */
 public class AuthenticationManager implements MessageHandler
 {
-	private TransportManager tm;
+	private ClientTransportManager tm;
 
 	private final List<byte[]> packets = new ArrayList<byte[]>();
 	private boolean connectionClosed = false;
@@ -51,7 +51,7 @@ public class AuthenticationManager implements MessageHandler
 	private boolean authenticated = false;
 	private boolean initDone = false;
 
-	public AuthenticationManager(TransportManager tm)
+	public AuthenticationManager(ClientTransportManager tm)
 	{
 		this.tm = tm;
 	}
@@ -327,7 +327,7 @@ else if (key instanceof RSAPrivateKey)
 		}
 		catch (IOException e)
 		{
-			tm.close(e, false);
+			tm.close(e);
 			throw new IOException("Publickey authentication failed.", e);
 		}
 	}
@@ -341,7 +341,7 @@ public boolean authenticateNone(String user) throws IOException
 		}
 		catch (IOException e)
 		{
-			tm.close(e, false);
+			tm.close(e);
 			throw new IOException("None authentication failed.", e);
 		}
 	}
@@ -382,7 +382,7 @@ public boolean authenticatePassword(String user, String pass) throws IOException
 		}
 		catch (IOException e)
 		{
-			tm.close(e, false);
+			tm.close(e);
 			throw new IOException("Password authentication failed.", e);
 		}
 	}
@@ -456,7 +456,7 @@ public boolean authenticateInteractive(String user, String[] submethods, Interac
 		}
 		catch (IOException e)
 		{
-			tm.close(e, false);
+			tm.close(e);
 			throw new IOException("Keyboard-interactive authentication failed.", e);
 		}
 	}

src/main/java/ch/ethz/ssh2/auth/AuthenticationManager.java

@@ -16,7 +16,7 @@
 import ch.ethz.ssh2.signature.DSAPrivateKey;
 import ch.ethz.ssh2.signature.RSAPrivateKey;
 import ch.ethz.ssh2.transport.ClientServerHello;
-import ch.ethz.ssh2.transport.TransportManager;
+import ch.ethz.ssh2.transport.ServerTransportManager;
 
 public class ServerConnectionState
 {
@@ -38,7 +38,7 @@ public class ServerConnectionState
 	public Socket s;
 
 	public ClientServerHello csh;
-	public TransportManager tm;
+	public ServerTransportManager tm;
 	public ServerAuthenticationManager am;
 	public ChannelManager cm;
 

src/main/java/ch/ethz/ssh2/server/ServerConnectionState.java

@@ -0,0 +1,127 @@
+package ch.ethz.ssh2.transport;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.security.SecureRandom;
+
+import ch.ethz.ssh2.DHGexParameters;
+import ch.ethz.ssh2.ServerHostKeyVerifier;
+import ch.ethz.ssh2.crypto.CryptoWishList;
+import ch.ethz.ssh2.util.Tokenizer;
+
+/**
+ * @version $Id:$
+ */
+public class ClientTransportManager extends TransportManager {
+
+    protected final Socket sock = new Socket();
+
+    public void setTcpNoDelay(boolean state) throws IOException {
+        sock.setTcpNoDelay(state);
+    }
+
+    public void setSoTimeout(int timeout) throws IOException {
+        sock.setSoTimeout(timeout);
+    }
+
+    public void connect(String hostname, int port, String softwareversion, CryptoWishList cwl,
+                        ServerHostKeyVerifier verifier, DHGexParameters dhgex, int connectTimeout, SecureRandom rnd)
+            throws IOException {
+        // Establish the TCP connection to the SSH-2 server
+        this.connect(hostname, port, connectTimeout);
+
+        // Parse the server line and say hello - important: this information is later needed for the
+        // key exchange (to stop man-in-the-middle attacks) - that is why we wrap it into an object
+        // for later use.
+
+        ClientServerHello csh = ClientServerHello.clientHello(softwareversion, sock.getInputStream(),
+                sock.getOutputStream());
+
+        TransportConnection tc = new TransportConnection(sock.getInputStream(), sock.getOutputStream(), rnd);
+
+        KexManager km = new ClientKexManager(this, csh, cwl, hostname, port, verifier, rnd);
+        super.init(tc, km);
+
+        km.initiateKEX(cwl, dhgex, null, null);
+
+        this.startReceiver();
+    }
+
+    @Override
+    public void close(final Throwable cause, final boolean useDisconnectPacket) {
+        this.close(sock, cause, useDisconnectPacket);
+    }
+
+    protected void connect(String hostname, int port, int connectTimeout)
+            throws IOException {
+
+        InetAddress addr = createInetAddress(hostname);
+        sock.connect(new InetSocketAddress(addr, port), connectTimeout);
+    }
+
+    /**
+     * There were reports that there are JDKs which use
+     * the resolver even though one supplies a dotted IP
+     * address in the Socket constructor. That is why we
+     * try to generate the InetAdress "by hand".
+     *
+     * @param host
+     * @return the InetAddress
+     * @throws java.net.UnknownHostException
+     */
+    protected static InetAddress createInetAddress(String host) throws UnknownHostException {
+           /* Check if it is a dotted IP4 address */
+
+        InetAddress addr = parseIPv4Address(host);
+
+        if(addr != null) {
+            return addr;
+        }
+
+        return InetAddress.getByName(host);
+    }
+
+    private static InetAddress parseIPv4Address(String host) throws UnknownHostException {
+        if(host == null) {
+            return null;
+        }
+
+        String[] quad = Tokenizer.parseTokens(host, '.');
+
+        if((quad == null) || (quad.length != 4)) {
+            return null;
+        }
+
+        byte[] addr = new byte[4];
+
+        for(int i = 0; i < 4; i++) {
+            int part = 0;
+
+            if((quad[i].length() == 0) || (quad[i].length() > 3)) {
+                return null;
+            }
+
+            for(int k = 0; k < quad[i].length(); k++) {
+                char c = quad[i].charAt(k);
+
+   				/* No, Character.isDigit is not the same */
+                if((c < '0') || (c > '9')) {
+                    return null;
+                }
+
+                part = part * 10 + (c - '0');
+            }
+
+            if(part > 255) /* 300.1.2.3 is invalid =) */ {
+                return null;
+            }
+
+            addr[i] = (byte) part;
+        }
+
+        return InetAddress.getByAddress(host, addr);
+    }
+}