1 /*
2 * Copyright 2025 The Netty Project
3 *
4 * The Netty Project licenses this file to you under the Apache License,
5 * version 2.0 (the "License"); you may not use this file except in compliance
6 * with the License. You may obtain a copy of the License at:
7 *
8 * https://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 * License for the specific language governing permissions and limitations
14 * under the License.
15 */
16 package io.netty.handler.codec.socksx.v5;
17
18 import io.netty.buffer.ByteBuf;
19 import io.netty.channel.ChannelHandlerContext;
20 import io.netty.handler.codec.ByteToMessageDecoder;
21 import io.netty.handler.codec.DecoderException;
22 import io.netty.handler.codec.DecoderResult;
23 import io.netty.util.internal.UnstableApi;
24
25 import java.util.List;
26
27 /**
28 * Decodes a single {@link Socks5PrivateAuthResponse} from the inbound {@link ByteBuf}s.
29 * On successful decode, this decoder will forward the received data to the next handler, so that
30 * other handler can remove or replace this decoder later. On failed decode, this decoder will
31 * discard the received data, so that other handler closes the connection later.
32 * <p>
33 * The default format follows a simple structure:
34 * <ul>
35 * <li>1 byte: version (must be 1)</li>
36 * <li>1 byte: status (0x00 for success, 0xFF for failure)</li>
37 * </ul>
38 * </p>
39 * <p>
40 * For custom private authentication protocols, you can:
41 * <ul>
42 * <li>Create a new decoder implementing {@link ByteToMessageDecoder} or similar</li>
43 * <li>Implement the {@link Socks5PrivateAuthResponse} interface
44 * or extend {@link DefaultSocks5PrivateAuthResponse}</li>
45 * <li>Create a custom handler chain to process the authentication responses</li>
46 * </ul>
47 * </p>
48 */
49 public final class Socks5PrivateAuthResponseDecoder extends ByteToMessageDecoder {
50
51 /**
52 * Decoder states for SOCKS5 private authentication responses.
53 */
54 private enum State {
55 /**
56 * Initial state.
57 */
58 INIT,
59 /**
60 * Authentication successful.
61 */
62 SUCCESS,
63 /**
64 * Authentication failed.
65 */
66 FAILURE
67 }
68
69 private State state = State.INIT;
70
71 @Override
72 protected void decode(ChannelHandlerContext ctx, ByteBuf in,
73 List<Object> out) throws Exception {
74 try {
75 switch (state) {
76 case INIT:
77 if (in.readableBytes() < 2) {
78 return;
79 }
80
81 final byte version = in.readByte();
82 if (version != 1) {
83 throw new DecoderException(
84 "unsupported subnegotiation version: " + version + " (expected: 1)");
85 }
86
87 out.add(new DefaultSocks5PrivateAuthResponse(
88 Socks5PrivateAuthStatus.valueOf(in.readByte())));
89 state = State.SUCCESS;
90 break;
91 case SUCCESS:
92 int readableBytes = in.readableBytes();
93 if (readableBytes > 0) {
94 out.add(in.readRetainedSlice(readableBytes));
95 }
96 break;
97 case FAILURE:
98 in.skipBytes(in.readableBytes());
99 break;
100 default:
101 throw new Error();
102 }
103 } catch (Exception e) {
104 fail(out, e);
105 }
106 }
107
108 /**
109 * Handles decoder failures by setting the appropriate error state.
110 *
111 * @param out the output list to add the failure message to
112 * @param cause the exception that caused the failure
113 */
114 private void fail(List<Object> out, Exception cause) {
115 if (!(cause instanceof DecoderException)) {
116 cause = new DecoderException(cause);
117 }
118
119 state = State.FAILURE;
120
121 Socks5Message m = new DefaultSocks5PrivateAuthResponse(Socks5PrivateAuthStatus.FAILURE);
122 m.setDecoderResult(DecoderResult.failure(cause));
123 out.add(m);
124 }
125 }