JGitClientSession.java

  1. /*
  2.  * Copyright (C) 2018, 2021 Thomas Wolf <thomas.wolf@paranor.ch> and others
  3.  *
  4.  * This program and the accompanying materials are made available under the
  5.  * terms of the Eclipse Distribution License v. 1.0 which is available at
  6.  * https://www.eclipse.org/org/documents/edl-v10.php.
  7.  *
  8.  * SPDX-License-Identifier: BSD-3-Clause
  9.  */
  10. package org.eclipse.jgit.internal.transport.sshd;

  11. import static java.text.MessageFormat.format;
  12. import static org.apache.sshd.core.CoreModuleProperties.MAX_IDENTIFICATION_SIZE;

  13. import java.io.IOException;
  14. import java.io.StreamCorruptedException;
  15. import java.net.SocketAddress;
  16. import java.nio.charset.StandardCharsets;
  17. import java.security.PublicKey;
  18. import java.util.ArrayList;
  19. import java.util.Collection;
  20. import java.util.Collections;
  21. import java.util.HashSet;
  22. import java.util.Iterator;
  23. import java.util.LinkedHashSet;
  24. import java.util.List;
  25. import java.util.Map;
  26. import java.util.Objects;
  27. import java.util.Set;

  28. import org.apache.sshd.client.ClientBuilder;
  29. import org.apache.sshd.client.ClientFactoryManager;
  30. import org.apache.sshd.client.config.hosts.HostConfigEntry;
  31. import org.apache.sshd.client.keyverifier.ServerKeyVerifier;
  32. import org.apache.sshd.client.session.ClientSessionImpl;
  33. import org.apache.sshd.common.AttributeRepository;
  34. import org.apache.sshd.common.FactoryManager;
  35. import org.apache.sshd.common.NamedResource;
  36. import org.apache.sshd.common.PropertyResolver;
  37. import org.apache.sshd.common.config.keys.KeyUtils;
  38. import org.apache.sshd.common.io.IoSession;
  39. import org.apache.sshd.common.io.IoWriteFuture;
  40. import org.apache.sshd.common.kex.BuiltinDHFactories;
  41. import org.apache.sshd.common.kex.DHFactory;
  42. import org.apache.sshd.common.kex.KeyExchangeFactory;
  43. import org.apache.sshd.common.kex.extension.KexExtensionHandler;
  44. import org.apache.sshd.common.kex.extension.KexExtensionHandler.AvailabilityPhase;
  45. import org.apache.sshd.common.kex.extension.KexExtensions;
  46. import org.apache.sshd.common.keyprovider.KeyPairProvider;
  47. import org.apache.sshd.common.signature.BuiltinSignatures;
  48. import org.apache.sshd.common.util.Readable;
  49. import org.apache.sshd.common.util.buffer.Buffer;
  50. import org.eclipse.jgit.errors.InvalidPatternException;
  51. import org.eclipse.jgit.fnmatch.FileNameMatcher;
  52. import org.eclipse.jgit.internal.transport.sshd.proxy.StatefulProxyConnector;
  53. import org.eclipse.jgit.transport.CredentialsProvider;
  54. import org.eclipse.jgit.transport.SshConstants;
  55. import org.eclipse.jgit.util.StringUtils;

  56. /**
  57.  * A {@link org.apache.sshd.client.session.ClientSession ClientSession} that can
  58.  * be associated with the {@link HostConfigEntry} the session was created for.
  59.  * The {@link JGitSshClient} creates such sessions and sets this association.
  60.  * <p>
  61.  * Also provides for associating a JGit {@link CredentialsProvider} with a
  62.  * session.
  63.  * </p>
  64.  */
  65. public class JGitClientSession extends ClientSessionImpl {

  66.     /**
  67.      * Default setting for the maximum number of bytes to read in the initial
  68.      * protocol version exchange. 64kb is what OpenSSH &lt; 8.0 read; OpenSSH
  69.      * 8.0 changed it to 8Mb, but that seems excessive for the purpose stated in
  70.      * RFC 4253. The Apache MINA sshd default in
  71.      * {@link org.apache.sshd.core.CoreModuleProperties#MAX_IDENTIFICATION_SIZE}
  72.      * is 16kb.
  73.      */
  74.     private static final int DEFAULT_MAX_IDENTIFICATION_SIZE = 64 * 1024;

  75.     private static final AttributeKey<Boolean> INITIAL_KEX_DONE = new AttributeKey<>();

  76.     private HostConfigEntry hostConfig;

  77.     private CredentialsProvider credentialsProvider;

  78.     private volatile StatefulProxyConnector proxyHandler;

  79.     /**
  80.      * @param manager
  81.      * @param session
  82.      * @throws Exception
  83.      */
  84.     public JGitClientSession(ClientFactoryManager manager, IoSession session)
  85.             throws Exception {
  86.         super(manager, session);
  87.     }

  88.     /**
  89.      * Retrieves the {@link HostConfigEntry} this session was created for.
  90.      *
  91.      * @return the {@link HostConfigEntry}, or {@code null} if none set
  92.      */
  93.     public HostConfigEntry getHostConfigEntry() {
  94.         return hostConfig;
  95.     }

  96.     /**
  97.      * Sets the {@link HostConfigEntry} this session was created for.
  98.      *
  99.      * @param hostConfig
  100.      *            the {@link HostConfigEntry}
  101.      */
  102.     public void setHostConfigEntry(HostConfigEntry hostConfig) {
  103.         this.hostConfig = hostConfig;
  104.     }

  105.     /**
  106.      * Sets the {@link CredentialsProvider} for this session.
  107.      *
  108.      * @param provider
  109.      *            to set
  110.      */
  111.     public void setCredentialsProvider(CredentialsProvider provider) {
  112.         credentialsProvider = provider;
  113.     }

  114.     /**
  115.      * Retrieves the {@link CredentialsProvider} set for this session.
  116.      *
  117.      * @return the provider, or {@code null} if none is set.
  118.      */
  119.     public CredentialsProvider getCredentialsProvider() {
  120.         return credentialsProvider;
  121.     }

  122.     /**
  123.      * Sets a {@link StatefulProxyConnector} to handle proxy connection
  124.      * protocols.
  125.      *
  126.      * @param handler
  127.      *            to set
  128.      */
  129.     public void setProxyHandler(StatefulProxyConnector handler) {
  130.         proxyHandler = handler;
  131.     }

  132.     @Override
  133.     protected IoWriteFuture sendIdentification(String ident,
  134.             List<String> extraLines) throws Exception {
  135.         StatefulProxyConnector proxy = proxyHandler;
  136.         if (proxy != null) {
  137.             // We must not block here; the framework starts reading messages
  138.             // from the peer only once the initial sendKexInit() following
  139.             // this call to sendIdentification() has returned!
  140.             proxy.runWhenDone(() -> {
  141.                 JGitClientSession.super.sendIdentification(ident, extraLines);
  142.                 return null;
  143.             });
  144.             // Called only from the ClientSessionImpl constructor, where the
  145.             // return value is ignored.
  146.             return null;
  147.         }
  148.         return super.sendIdentification(ident, extraLines);
  149.     }

  150.     @Override
  151.     protected byte[] sendKexInit() throws Exception {
  152.         StatefulProxyConnector proxy = proxyHandler;
  153.         if (proxy != null) {
  154.             // We must not block here; the framework starts reading messages
  155.             // from the peer only once the initial sendKexInit() has
  156.             // returned!
  157.             proxy.runWhenDone(() -> {
  158.                 JGitClientSession.super.sendKexInit();
  159.                 return null;
  160.             });
  161.             // This is called only from the ClientSessionImpl
  162.             // constructor, where the return value is ignored.
  163.             return null;
  164.         }
  165.         return super.sendKexInit();
  166.     }

  167.     /**
  168.      * {@inheritDoc}
  169.      *
  170.      * As long as we're still setting up the proxy connection, diverts messages
  171.      * to the {@link StatefulProxyConnector}.
  172.      */
  173.     @Override
  174.     public void messageReceived(Readable buffer) throws Exception {
  175.         StatefulProxyConnector proxy = proxyHandler;
  176.         if (proxy != null) {
  177.             proxy.messageReceived(getIoSession(), buffer);
  178.         } else {
  179.             super.messageReceived(buffer);
  180.         }
  181.     }

  182.     Set<String> getAllAvailableSignatureAlgorithms() {
  183.         Set<String> allAvailable = new HashSet<>();
  184.         BuiltinSignatures.VALUES.forEach(s -> allAvailable.add(s.getName()));
  185.         BuiltinSignatures.getRegisteredExtensions()
  186.                 .forEach(s -> allAvailable.add(s.getName()));
  187.         return allAvailable;
  188.     }

  189.     private void setNewFactories(Collection<String> defaultFactories,
  190.             Collection<String> finalFactories) {
  191.         // If new factory names were added make sure we actually have factories
  192.         // for them all.
  193.         //
  194.         // But add new ones at the end: we don't want to change the order for
  195.         // pubkey auth, and any new ones added here were not included in the
  196.         // default set for some reason, such as being deprecated or weak.
  197.         //
  198.         // The order for KEX is determined by the order in the proposal string,
  199.         // but the order in pubkey auth is determined by the order in the
  200.         // factory list (possibly overridden via ssh config
  201.         // PubkeyAcceptedAlgorithms; see JGitPublicKeyAuthentication).
  202.         Set<String> resultSet = new LinkedHashSet<>(defaultFactories);
  203.         resultSet.addAll(finalFactories);
  204.         setSignatureFactoriesNames(resultSet);
  205.     }

  206.     @Override
  207.     protected String resolveAvailableSignaturesProposal(
  208.             FactoryManager manager) {
  209.         List<String> defaultSignatures = getSignatureFactoriesNames();
  210.         HostConfigEntry config = resolveAttribute(
  211.                 JGitSshClient.HOST_CONFIG_ENTRY);
  212.         String algorithms = config
  213.                 .getProperty(SshConstants.HOST_KEY_ALGORITHMS);
  214.         if (!StringUtils.isEmptyOrNull(algorithms)) {
  215.             List<String> result = modifyAlgorithmList(defaultSignatures,
  216.                     getAllAvailableSignatureAlgorithms(), algorithms,
  217.                     SshConstants.HOST_KEY_ALGORITHMS);
  218.             if (!result.isEmpty()) {
  219.                 if (log.isDebugEnabled()) {
  220.                     log.debug(SshConstants.HOST_KEY_ALGORITHMS + ' ' + result);
  221.                 }
  222.                 setNewFactories(defaultSignatures, result);
  223.                 return String.join(",", result); //$NON-NLS-1$
  224.             }
  225.             log.warn(format(SshdText.get().configNoKnownAlgorithms,
  226.                     SshConstants.HOST_KEY_ALGORITHMS, algorithms));
  227.         }
  228.         // No HostKeyAlgorithms; using default -- change order to put existing
  229.         // keys first.
  230.         ServerKeyVerifier verifier = getServerKeyVerifier();
  231.         if (verifier instanceof ServerKeyLookup) {
  232.             SocketAddress remoteAddress = resolvePeerAddress(
  233.                     resolveAttribute(JGitSshClient.ORIGINAL_REMOTE_ADDRESS));
  234.             List<PublicKey> allKnownKeys = ((ServerKeyLookup) verifier)
  235.                     .lookup(this, remoteAddress);
  236.             Set<String> reordered = new LinkedHashSet<>();
  237.             for (PublicKey key : allKnownKeys) {
  238.                 if (key != null) {
  239.                     String keyType = KeyUtils.getKeyType(key);
  240.                     if (keyType != null) {
  241.                         if (KeyPairProvider.SSH_RSA.equals(keyType)) {
  242.                             // Add all available signatures for ssh-rsa.
  243.                             reordered.add(KeyUtils.RSA_SHA512_KEY_TYPE_ALIAS);
  244.                             reordered.add(KeyUtils.RSA_SHA256_KEY_TYPE_ALIAS);
  245.                         }
  246.                         reordered.add(keyType);
  247.                     }
  248.                 }
  249.             }
  250.             reordered.addAll(defaultSignatures);
  251.             if (log.isDebugEnabled()) {
  252.                 log.debug(SshConstants.HOST_KEY_ALGORITHMS + ' ' + reordered);
  253.             }
  254.             // Make sure we actually have factories for them all.
  255.             if (reordered.size() > defaultSignatures.size()) {
  256.                 setNewFactories(defaultSignatures, reordered);
  257.             }
  258.             return String.join(",", reordered); //$NON-NLS-1$
  259.         }
  260.         if (log.isDebugEnabled()) {
  261.             log.debug(
  262.                     SshConstants.HOST_KEY_ALGORITHMS + ' ' + defaultSignatures);
  263.         }
  264.         return String.join(",", defaultSignatures); //$NON-NLS-1$
  265.     }

  266.     private List<String> determineKexProposal() {
  267.         List<KeyExchangeFactory> kexFactories = getKeyExchangeFactories();
  268.         List<String> defaultKexMethods = NamedResource
  269.                 .getNameList(kexFactories);
  270.         HostConfigEntry config = resolveAttribute(
  271.                 JGitSshClient.HOST_CONFIG_ENTRY);
  272.         String algorithms = config.getProperty(SshConstants.KEX_ALGORITHMS);
  273.         if (!StringUtils.isEmptyOrNull(algorithms)) {
  274.             Set<String> allAvailable = new HashSet<>();
  275.             BuiltinDHFactories.VALUES
  276.                     .forEach(s -> allAvailable.add(s.getName()));
  277.             BuiltinDHFactories.getRegisteredExtensions()
  278.                     .forEach(s -> allAvailable.add(s.getName()));
  279.             List<String> result = modifyAlgorithmList(defaultKexMethods,
  280.                     allAvailable, algorithms, SshConstants.KEX_ALGORITHMS);
  281.             if (!result.isEmpty()) {
  282.                 // If new ones were added, update the installed factories
  283.                 Set<String> configuredKexMethods = new HashSet<>(
  284.                         defaultKexMethods);
  285.                 List<KeyExchangeFactory> newKexFactories = new ArrayList<>();
  286.                 result.forEach(name -> {
  287.                     if (!configuredKexMethods.contains(name)) {
  288.                         DHFactory factory = BuiltinDHFactories
  289.                                 .resolveFactory(name);
  290.                         if (factory == null) {
  291.                             // Should not occur here
  292.                             if (log.isDebugEnabled()) {
  293.                                 log.debug(
  294.                                         "determineKexProposal({}) unknown KEX algorithm {} ignored", //$NON-NLS-1$
  295.                                         this, name);
  296.                             }
  297.                         } else {
  298.                             newKexFactories
  299.                                     .add(ClientBuilder.DH2KEX.apply(factory));
  300.                         }
  301.                     }
  302.                 });
  303.                 if (!newKexFactories.isEmpty()) {
  304.                     newKexFactories.addAll(kexFactories);
  305.                     setKeyExchangeFactories(newKexFactories);
  306.                 }
  307.                 return result;
  308.             }
  309.             log.warn(format(SshdText.get().configNoKnownAlgorithms,
  310.                     SshConstants.KEX_ALGORITHMS, algorithms));
  311.         }
  312.         return defaultKexMethods;
  313.     }

  314.     @Override
  315.     protected String resolveSessionKexProposal(String hostKeyTypes)
  316.             throws IOException {
  317.         String kexMethods = String.join(",", determineKexProposal()); //$NON-NLS-1$
  318.         Boolean isRekey = getAttribute(INITIAL_KEX_DONE);
  319.         if (isRekey == null || !isRekey.booleanValue()) {
  320.             // First time
  321.             KexExtensionHandler extHandler = getKexExtensionHandler();
  322.             if (extHandler != null && extHandler.isKexExtensionsAvailable(this,
  323.                     AvailabilityPhase.PROPOSAL)) {
  324.                 if (kexMethods.isEmpty()) {
  325.                     kexMethods = KexExtensions.CLIENT_KEX_EXTENSION;
  326.                 } else {
  327.                     kexMethods += ',' + KexExtensions.CLIENT_KEX_EXTENSION;
  328.                 }
  329.             }
  330.             setAttribute(INITIAL_KEX_DONE, Boolean.TRUE);
  331.         }
  332.         if (log.isDebugEnabled()) {
  333.             log.debug(SshConstants.KEX_ALGORITHMS + ' ' + kexMethods);
  334.         }
  335.         return kexMethods;
  336.     }

  337.     /**
  338.      * Modifies a given algorithm list according to a list from the ssh config,
  339.      * including add ('+'), remove ('-') and reordering ('^') operators.
  340.      *
  341.      * @param defaultList
  342.      *            to modify
  343.      * @param allAvailable
  344.      *            all available values
  345.      * @param fromConfig
  346.      *            telling how to modify the {@code defaultList}, must not be
  347.      *            {@code null} or empty
  348.      * @param overrideKey
  349.      *            ssh config key; used for logging
  350.      * @return the modified list or {@code null} if {@code overrideKey} is not
  351.      *         set
  352.      */
  353.     public List<String> modifyAlgorithmList(List<String> defaultList,
  354.             Set<String> allAvailable, String fromConfig, String overrideKey) {
  355.         Set<String> defaults = new LinkedHashSet<>();
  356.         defaults.addAll(defaultList);
  357.         switch (fromConfig.charAt(0)) {
  358.         case '+':
  359.             List<String> newSignatures = filteredList(allAvailable, overrideKey,
  360.                     fromConfig.substring(1));
  361.             defaults.addAll(newSignatures);
  362.             return new ArrayList<>(defaults);
  363.         case '-':
  364.             // This takes wildcard patterns!
  365.             removeFromList(defaults, overrideKey, fromConfig.substring(1));
  366.             return new ArrayList<>(defaults);
  367.         case '^':
  368.             // Specified entries go to the front of the default list
  369.             List<String> allSignatures = filteredList(allAvailable, overrideKey,
  370.                     fromConfig.substring(1));
  371.             Set<String> atFront = new HashSet<>(allSignatures);
  372.             for (String sig : defaults) {
  373.                 if (!atFront.contains(sig)) {
  374.                     allSignatures.add(sig);
  375.                 }
  376.             }
  377.             return allSignatures;
  378.         default:
  379.             // Default is overridden -- only accept the ones for which we do
  380.             // have an implementation.
  381.             return filteredList(allAvailable, overrideKey, fromConfig);
  382.         }
  383.     }

  384.     private void removeFromList(Set<String> current, String key,
  385.             String patterns) {
  386.         for (String toRemove : patterns.split("\\s*,\\s*")) { //$NON-NLS-1$
  387.             if (toRemove.indexOf('*') < 0 && toRemove.indexOf('?') < 0) {
  388.                 current.remove(toRemove);
  389.                 continue;
  390.             }
  391.             try {
  392.                 FileNameMatcher matcher = new FileNameMatcher(toRemove, null);
  393.                 for (Iterator<String> i = current.iterator(); i.hasNext();) {
  394.                     matcher.reset();
  395.                     matcher.append(i.next());
  396.                     if (matcher.isMatch()) {
  397.                         i.remove();
  398.                     }
  399.                 }
  400.             } catch (InvalidPatternException e) {
  401.                 log.warn(format(SshdText.get().configInvalidPattern, key,
  402.                         toRemove));
  403.             }
  404.         }
  405.     }

  406.     private List<String> filteredList(Set<String> known, String key,
  407.             String values) {
  408.         List<String> newNames = new ArrayList<>();
  409.         for (String newValue : values.split("\\s*,\\s*")) { //$NON-NLS-1$
  410.             if (known.contains(newValue)) {
  411.                 newNames.add(newValue);
  412.             } else {
  413.                 log.warn(format(SshdText.get().configUnknownAlgorithm, this,
  414.                         newValue, key, values));
  415.             }
  416.         }
  417.         return newNames;
  418.     }

  419.     /**
  420.      * Reads the RFC 4253, section 4.2 protocol version identification. The
  421.      * Apache MINA sshd default implementation checks for NUL bytes also in any
  422.      * preceding lines, whereas RFC 4253 requires such a check only for the
  423.      * actual identification string starting with "SSH-". Likewise, the 255
  424.      * character limit exists only for the identification string, not for the
  425.      * preceding lines. CR-LF handling is also relaxed.
  426.      *
  427.      * @param buffer
  428.      *            to read from
  429.      * @param server
  430.      *            whether we're an SSH server (should always be {@code false})
  431.      * @return the lines read, with the server identification line last, or
  432.      *         {@code null} if no identification line was found and more bytes
  433.      *         are needed
  434.      * @throws StreamCorruptedException
  435.      *             if the identification is malformed
  436.      * @see <a href="https://tools.ietf.org/html/rfc4253#section-4.2">RFC 4253,
  437.      *      section 4.2</a>
  438.      */
  439.     @Override
  440.     protected List<String> doReadIdentification(Buffer buffer, boolean server)
  441.             throws StreamCorruptedException {
  442.         if (server) {
  443.             // Should never happen. No translation; internal bug.
  444.             throw new IllegalStateException(
  445.                     "doReadIdentification of client called with server=true"); //$NON-NLS-1$
  446.         }
  447.         Integer maxIdentLength = MAX_IDENTIFICATION_SIZE.get(this).orElse(null);
  448.         int maxIdentSize;
  449.         if (maxIdentLength == null || maxIdentLength
  450.                 .intValue() < DEFAULT_MAX_IDENTIFICATION_SIZE) {
  451.             maxIdentSize = DEFAULT_MAX_IDENTIFICATION_SIZE;
  452.             MAX_IDENTIFICATION_SIZE.set(this, Integer.valueOf(maxIdentSize));
  453.         } else {
  454.             maxIdentSize = maxIdentLength.intValue();
  455.         }
  456.         int current = buffer.rpos();
  457.         int end = current + buffer.available();
  458.         if (current >= end) {
  459.             return null;
  460.         }
  461.         byte[] raw = buffer.array();
  462.         List<String> ident = new ArrayList<>();
  463.         int start = current;
  464.         boolean hasNul = false;
  465.         for (int i = current; i < end; i++) {
  466.             switch (raw[i]) {
  467.             case 0:
  468.                 hasNul = true;
  469.                 break;
  470.             case '\n':
  471.                 int eol = 1;
  472.                 if (i > start && raw[i - 1] == '\r') {
  473.                     eol++;
  474.                 }
  475.                 String line = new String(raw, start, i + 1 - eol - start,
  476.                         StandardCharsets.UTF_8);
  477.                 start = i + 1;
  478.                 if (log.isDebugEnabled()) {
  479.                     log.debug(format("doReadIdentification({0}) line: ", this) + //$NON-NLS-1$
  480.                             escapeControls(line));
  481.                 }
  482.                 ident.add(line);
  483.                 if (line.startsWith("SSH-")) { //$NON-NLS-1$
  484.                     if (hasNul) {
  485.                         throw new StreamCorruptedException(
  486.                                 format(SshdText.get().serverIdWithNul,
  487.                                         escapeControls(line)));
  488.                     }
  489.                     if (line.length() + eol > 255) {
  490.                         throw new StreamCorruptedException(
  491.                                 format(SshdText.get().serverIdTooLong,
  492.                                         escapeControls(line)));
  493.                     }
  494.                     buffer.rpos(start);
  495.                     return ident;
  496.                 }
  497.                 // If this were a server, we could throw an exception here: a
  498.                 // client is not supposed to send any extra lines before its
  499.                 // identification string.
  500.                 hasNul = false;
  501.                 break;
  502.             default:
  503.                 break;
  504.             }
  505.             if (i - current + 1 >= maxIdentSize) {
  506.                 String msg = format(SshdText.get().serverIdNotReceived,
  507.                         Integer.toString(maxIdentSize));
  508.                 if (log.isDebugEnabled()) {
  509.                     log.debug(msg);
  510.                     log.debug(buffer.toHex());
  511.                 }
  512.                 throw new StreamCorruptedException(msg);
  513.             }
  514.         }
  515.         // Need more data
  516.         return null;
  517.     }

  518.     private static String escapeControls(String s) {
  519.         StringBuilder b = new StringBuilder();
  520.         int l = s.length();
  521.         for (int i = 0; i < l; i++) {
  522.             char ch = s.charAt(i);
  523.             if (Character.isISOControl(ch)) {
  524.                 b.append(ch <= 0xF ? "\\u000" : "\\u00") //$NON-NLS-1$ //$NON-NLS-2$
  525.                         .append(Integer.toHexString(ch));
  526.             } else {
  527.                 b.append(ch);
  528.             }
  529.         }
  530.         return b.toString();
  531.     }

  532.     @Override
  533.     public <T> T getAttribute(AttributeKey<T> key) {
  534.         T value = super.getAttribute(key);
  535.         if (value == null) {
  536.             IoSession ioSession = getIoSession();
  537.             if (ioSession != null) {
  538.                 Object obj = ioSession.getAttribute(AttributeRepository.class);
  539.                 if (obj instanceof AttributeRepository) {
  540.                     AttributeRepository sessionAttributes = (AttributeRepository) obj;
  541.                     value = sessionAttributes.resolveAttribute(key);
  542.                 }
  543.             }
  544.         }
  545.         return value;
  546.     }

  547.     @Override
  548.     public PropertyResolver getParentPropertyResolver() {
  549.         IoSession ioSession = getIoSession();
  550.         if (ioSession != null) {
  551.             Object obj = ioSession.getAttribute(AttributeRepository.class);
  552.             if (obj instanceof PropertyResolver) {
  553.                 return (PropertyResolver) obj;
  554.             }
  555.         }
  556.         return super.getParentPropertyResolver();
  557.     }

  558.     /**
  559.      * An {@link AttributeRepository} that chains together two other attribute
  560.      * sources in a hierarchy.
  561.      */
  562.     public static class ChainingAttributes implements AttributeRepository {

  563.         private final AttributeRepository delegate;

  564.         private final AttributeRepository parent;

  565.         /**
  566.          * Create a new {@link ChainingAttributes} attribute source.
  567.          *
  568.          * @param self
  569.          *            to search for attributes first
  570.          * @param parent
  571.          *            to search for attributes if not found in {@code self}
  572.          */
  573.         public ChainingAttributes(AttributeRepository self,
  574.                 AttributeRepository parent) {
  575.             this.delegate = self;
  576.             this.parent = parent;
  577.         }

  578.         @Override
  579.         public int getAttributesCount() {
  580.             return delegate.getAttributesCount();
  581.         }

  582.         @Override
  583.         public <T> T getAttribute(AttributeKey<T> key) {
  584.             return delegate.getAttribute(Objects.requireNonNull(key));
  585.         }

  586.         @Override
  587.         public Collection<AttributeKey<?>> attributeKeys() {
  588.             return delegate.attributeKeys();
  589.         }

  590.         @Override
  591.         public <T> T resolveAttribute(AttributeKey<T> key) {
  592.             T value = getAttribute(Objects.requireNonNull(key));
  593.             if (value == null) {
  594.                 return parent.getAttribute(key);
  595.             }
  596.             return value;
  597.         }
  598.     }

  599.     /**
  600.      * A {@link ChainingAttributes} repository that doubles as a
  601.      * {@link PropertyResolver}. The property map can be set via the attribute
  602.      * key {@link SessionAttributes#PROPERTIES}.
  603.      */
  604.     public static class SessionAttributes extends ChainingAttributes
  605.             implements PropertyResolver {

  606.         /** Key for storing a map of properties in the attributes. */
  607.         public static final AttributeKey<Map<String, Object>> PROPERTIES = new AttributeKey<>();

  608.         private final PropertyResolver parentProperties;

  609.         /**
  610.          * Creates a new {@link SessionAttributes} attribute and property
  611.          * source.
  612.          *
  613.          * @param self
  614.          *            to search for attributes first
  615.          * @param parent
  616.          *            to search for attributes if not found in {@code self}
  617.          * @param parentProperties
  618.          *            to search for properties if not found in {@code self}
  619.          */
  620.         public SessionAttributes(AttributeRepository self,
  621.                 AttributeRepository parent, PropertyResolver parentProperties) {
  622.             super(self, parent);
  623.             this.parentProperties = parentProperties;
  624.         }

  625.         @Override
  626.         public PropertyResolver getParentPropertyResolver() {
  627.             return parentProperties;
  628.         }

  629.         @Override
  630.         public Map<String, Object> getProperties() {
  631.             Map<String, Object> props = getAttribute(PROPERTIES);
  632.             return props == null ? Collections.emptyMap() : props;
  633.         }
  634.     }
  635. }