hostage/src/de/tudarmstadt/informatik/hostage/protocol/MySQL.java

package de.tudarmstadt.informatik.hostage.protocol;

import java.nio.ByteBuffer;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.List;
import de.tudarmstadt.informatik.hostage.commons.HelperUtils;
import de.tudarmstadt.informatik.hostage.wrapper.ByteArray;

/**
 * MySQL protocol
 * @author Wulf Pfeiffer
 */
public class MySQL implements Protocol<ByteArray>{
	/**
	 * Represents the states of the protocol
	 */
	private enum STATE {
		NONE, CONNECTED, LOGIN_INFO, CLOSED
	}
	
	/**
	 * Denotes in which state the protocol is right now
	 */
	private STATE state = STATE.NONE;
		
	/** last request from client */ 
	private byte[] lastMessage;
	
	
	public List<ByteArray> processMessage(ByteArray request) {
		List<ByteArray> response = new ArrayList<ByteArray>();
		if(request != null)
			lastMessage = request.get();
				
		switch(state) {
		case NONE:
			response.add(new ByteArray(greeting()));
			state = STATE.CONNECTED;
			break;
		case CONNECTED:
			response.add(new ByteArray(responseOK()));
			state = STATE.LOGIN_INFO;
			break;
		case LOGIN_INFO:
			if(this.lastMessage[4] == 0x01) {
				state = STATE.CLOSED;
			} else {
				response.add(new ByteArray(responseError()));
			}
			break;
		default:
			state = STATE.CLOSED;
			break;
		}
		
		return response;
	}
	
	
	public TALK_FIRST whoTalksFirst() {
		return TALK_FIRST.SERVER;
	}

	
	public String toString(){
		return "MySQL";		
	}
	
	
	public int getPort() {
		return 3306;
	}
	
	
	public boolean isClosed() {
		return state == STATE.CLOSED;
	}

	/**
	 * Wraps the response packet with the packet length and number
	 * @param packet that is wrapped
	 * @return wrapped packet
	 */
	private byte[] wrapPacket(byte[] packet) {
		byte[] buffer = ByteBuffer.allocate(4).putInt(packet.length).array();
		byte[] packetLength = {buffer[3], buffer[2], buffer[1]};
		byte[] packetNumber = new byte[1];
		if(lastMessage != null) packetNumber[0] = (byte) (lastMessage[3] + 1);
		else packetNumber[0] = 0x00;
		
		byte[] response = HelperUtils.concat(packetLength, packetNumber, packet);
		return response;
	}
	
	/**
	 * Builds the greeting packet that the server sends as first packet
	 * @return greeting packet
	 */
	private byte[] greeting() {
		SecureRandom rndm = new SecureRandom();
		byte[] protocol = {0x0a};
		String version = "5." + (rndm.nextInt(1)+5) + "." + (rndm.nextInt(13)+1);	//Randomize Version: 5.(5-6).(2-14)
		byte[] versionFin = {0x00};
		byte[] thread = {0x2a, 0x00, 0x00, 0x00};
		byte[] salt = {0x44, 0x64, 0x49, 0x7e, 0x60, 0x48, 0x25, 0x7e, 0x00};
		byte[] capabilities = {(byte) 0xff, (byte) 0xf7};
		byte[] language = {0x08};
		byte[] status = {0x02, 0x00};
		byte[] unused = {0x0f, (byte) 0x80, 0x15, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
		byte[] salt2 = {0x6c, 0x26, 0x71, 0x2c, 0x25, 0x72, 0x31, 0x3d, 0x7d, 0x21, 0x26, 0x3b, 0x00};
		String payload = "mysql_native_password";
		byte[] fin = {0x00};
		
		byte[] response = HelperUtils.concat(protocol, version.getBytes(),versionFin, thread, salt, capabilities, language, status, unused, salt2, payload.getBytes(), fin);
		return wrapPacket(response);
	}
	
	/**
	 * Builds the ok-response packet
	 * @return ok-response packet
	 */
	private byte[] responseOK() {
		byte[] affectedRows = {0x00, 0x00, 0x00};
		byte[] status = {0x02, 0x00};
		byte[] warnings = {0x00, 0x00};
		
		byte[] response = HelperUtils.concat(affectedRows, status, warnings);
		return wrapPacket(response);
	}
		
	/**
	 * Builds the error-response packet
	 * @return error-response packet
	 */
	private byte[] responseError() {
		byte[] fill1 = {(byte) 0xff};
		byte[] code = {0x17, 0x04};
		byte[] fill2 = {0x23};
		String state = "08S01";
		String msg = "Unknown command";
		
		byte[] response = HelperUtils.concat(fill1, code, fill2, state.getBytes(), msg.getBytes());		
		return wrapPacket(response);
	}

	
	public boolean isSecure() {
		return false;
	}

	
	public Class<ByteArray> getType() {
		return ByteArray.class;
	}
}