commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rwins...@apache.org
Subject svn commit: r437151 - in /jakarta/commons/proper/net/branches/JDK_1_5_BRANCH/src/main/java/org/apache/commons/net/ftp: FTPSClient.java FTPSCommand.java FTPSReply.java FTPSSocketFactory.java
Date Sat, 26 Aug 2006 12:09:52 GMT
Author: rwinston
Date: Sat Aug 26 05:09:50 2006
New Revision: 437151

URL: http://svn.apache.org/viewvc?rev=437151&view=rev
Log:
Added FTPS impl based on submission inb https://issues.apache.org/jira/browse/NET-28

Added:
    jakarta/commons/proper/net/branches/JDK_1_5_BRANCH/src/main/java/org/apache/commons/net/ftp/FTPSCommand.java
    jakarta/commons/proper/net/branches/JDK_1_5_BRANCH/src/main/java/org/apache/commons/net/ftp/FTPSReply.java
Modified:
    jakarta/commons/proper/net/branches/JDK_1_5_BRANCH/src/main/java/org/apache/commons/net/ftp/FTPSClient.java
    jakarta/commons/proper/net/branches/JDK_1_5_BRANCH/src/main/java/org/apache/commons/net/ftp/FTPSSocketFactory.java

Modified: jakarta/commons/proper/net/branches/JDK_1_5_BRANCH/src/main/java/org/apache/commons/net/ftp/FTPSClient.java
URL: http://svn.apache.org/viewvc/jakarta/commons/proper/net/branches/JDK_1_5_BRANCH/src/main/java/org/apache/commons/net/ftp/FTPSClient.java?rev=437151&r1=437150&r2=437151&view=diff
==============================================================================
--- jakarta/commons/proper/net/branches/JDK_1_5_BRANCH/src/main/java/org/apache/commons/net/ftp/FTPSClient.java
(original)
+++ jakarta/commons/proper/net/branches/JDK_1_5_BRANCH/src/main/java/org/apache/commons/net/ftp/FTPSClient.java
Sat Aug 26 05:09:50 2006
@@ -1,12 +1,11 @@
-/*
- * Copyright 2001-2006 The Apache Software Foundation
- *
+/**
+ * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -23,160 +22,629 @@
 import java.net.InetAddress;
 import java.net.Socket;
 import java.net.SocketException;
+import java.security.KeyManagementException;
 import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.util.Enumeration;
+import java.util.Vector;
 
+import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.TrustManager;
-
+import javax.net.ssl.TrustManagerFactory;
 
 /**
- * 
- * This class extends {@link org.apache.commons.net.ftp.FTPClient} to add
- * the necessary methods that implement SSL/TLS-FTPS.
- *
+ * FTP over SSL processing.
  */
 public class FTPSClient extends FTPClient {
 
-	// Represent the method to the FTP command AUTH...
-	private String sslContext;
-	
-	// Secure context (can be "TLS" or "SSL")
-	private SSLContext context;
-	
-	private String pbsz;
-	private String prot;
-
-	/**
-	 * Default constructor that selects some default options (TLS encryption)
-	 *
-	 */
-	public FTPSClient() {
-		this("JCEKS", "TLS", "password", "0", "P");
-	}
-	
-	
-	/**
-	 * 
-	 * Constructor that initializes the secure connection. 
-	 * 
-	 * @param keyStoreName Type of instance KeyStore, JKS for Java 1.3 y JCEKS for Java 1.4

-	 * @param sslContext Type of the instance SSLContext, can be SSL or TLS.
-	 * @param password The password to access the KeyStore.
-	 * @param pbsz Protection buffer size (Use 0 to indicate streaming) 
-	 * @param prot The protection level for the data channel
-	 */
-	public FTPSClient(String keyStoreName, String sslContext, String password, String pbsz,
String prot) {
-		this.sslContext = sslContext;
-		this.pbsz = pbsz;
-		this.prot = prot;
-		
-		try {
-			KeyStore keyStore = KeyStore.getInstance(keyStoreName);
-			
-			keyStore.load(null, password.toCharArray());
-
-			KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
-			
-			keyManagerFactory.init(keyStore, password.toCharArray());
-
-			this.context = SSLContext.getInstance(sslContext);
-
-			this.context.init(
-				keyManagerFactory.getKeyManagers(), 
-				new TrustManager[] { (TrustManager) new FTPSTrustManager() }, null
-			);
-		} catch (Exception e) {
-			e.printStackTrace();
-		}
-	}
-	
-	/**
-	 * @see org.apache.commons.net.SocketClient#connect(java.net.InetAddress, int, java.net.InetAddress,
int)
-	 */
-	public void connect(InetAddress address, int port, InetAddress localAddress, int localPort)
throws SocketException, IOException
-	{
-		super.connect(address, port, localAddress, localPort);
-		
-		this.secure(this.pbsz,this.prot);
-	}
-
-	/**
-	 * @see org.apache.commons.net.SocketClient#connect(java.net.InetAddress, int)
-	 */
-	public void connect(InetAddress address, int port) throws SocketException, IOException
-	{
-		super.connect(address, port);
-		
-		this.secure(this.pbsz,this.prot);
-	}
-
-	/**
-	 * @see org.apache.commons.net.SocketClient#connect(java.lang.String, int, java.net.InetAddress,
int)
-	 */
-	public void connect(String address, int port, InetAddress localAddress, int localPort) throws
SocketException, IOException
-	{
-		super.connect(address, port, localAddress, localPort);
-		
-		this.secure(this.pbsz,this.prot);
-	}
-
-	/**
-	 * @see org.apache.commons.net.SocketClient#connect(java.lang.String, int)
-	 */
-	public void connect(String address, int port) throws SocketException, IOException
-	{
-		super.connect(address, port);
-		
-		this.secure(this.pbsz,this.prot);
-	}
-	
-	/**
-	 *
-	 * Initialize the secure connection with the FTP server, throw the AUTH SSL o TLS command.
-	 * Get the socket with the server, starting the "handshake" making the socket, with a layer
of securety,
-	 * and initializing the stream of connection.
-	 * 
-	 * 
-	 * @param pbsz Protection Buffer Size: "0" is a good value
-	 * @param prot Data Channel Protection Level:
-	 * Posible values:
-	 * C - Clear
-	 * S - Safe
-	 * E - Confidential 
-	 * P - PrivateType of secure connection
-	 *  
-	 * @throws IOException If there is any problem with the connection.
-	 */
-	protected void secure(String pbsz, String prot) throws IOException {
-		this.sendCommand("AUTH", sslContext);
-		
-		SSLSocket socket = (SSLSocket)this.context.getSocketFactory().createSocket(this._socket_,
this.getRemoteAddress().getHostAddress(), this.getRemotePort(), true);
-		
-		socket.startHandshake();
-
-		this._socket_ = socket;
-		
-		this._controlInput_ = new BufferedReader(new InputStreamReader(socket.getInputStream(),
getControlEncoding()));
-		this._controlOutput_ = new BufferedWriter(new OutputStreamWriter(socket.getOutputStream(),
getControlEncoding()));
-
-		this.setSocketFactory(new FTPSSocketFactory(this.context));
-
-		this.sendCommand("PBSZ", pbsz);
-		this.sendCommand("PROT", prot);
-	}
-
-	/**
-	 * @see org.apache.commons.net.ftp.FTPCliente#_openDataConnection_(java.lang.String, int)
-	 */	
-	protected Socket _openDataConnection_(int command, String arg) throws IOException {
-		Socket socket = super._openDataConnection_(command, arg);
-		if (socket != null) {
-			((SSLSocket)socket).startHandshake();
-		}
-		return socket;
-	}	
-
+    /** keystore algorithm name. */
+    public static String KEYSTORE_ALGORITHM;
+    /** truststore algorithm name. */
+    public static String TRUSTSTORE_ALGORITHM;
+    /** provider name. */
+    public static String PROVIDER;
+    /** truststore type. */
+    public static String STORE_TYPE;
+
+    /** The value that I can set in PROT command */
+    private static final String[] PROT_COMMAND_VALUE = {"C","E","S","P"}; 
+    /** Default PROT Command */
+    private static final String DEFAULT_PROT = "C";
+    /** Default protocol name */
+    private static final String DEFAULT_PROTOCOL = "TLS";
+
+    /** The security mode. (True - Implicit Mode / False - Explicit Mode) */
+    private boolean isImplicit;
+    /** The use SSL/TLS protocol. */
+    private String protocol = DEFAULT_PROTOCOL;
+    /** The AUTH Command value */
+    private String auth = DEFAULT_PROTOCOL;
+    /** The KeyManager object. */
+    private KeyManager[] keyManager = null;
+    /** The TrustManager object */
+    private TrustManager[] trustManager = null;
+    /** The context object. */
+    private SSLContext context;
+    /** The socket object. */
+    private Socket planeSocket;
+    /** The established socket flag. */
+    private boolean isCreation = true;
+    /** The use client mode flag. */
+    private boolean isClientMode = true;
+    /** The need client auth flag. */
+    private boolean isNeedClientAuth = false;
+    /** The want client auth flag. */
+    private boolean isWantClientAuth = false;
+    /** The cipher suites */
+    private String[] suites = null;
+    /** The protocol versions */
+    private String[] protocols = null;
+
+    /**
+     * Constructor for FTPSClient.
+     * @throws NoSuchAlgorithmException A requested cryptographic algorithm 
+     * is not available in the environment.
+     */
+    public FTPSClient() throws NoSuchAlgorithmException {
+        this.protocol = DEFAULT_PROTOCOL;
+        this.isImplicit = false;
+        context = SSLContext.getInstance(protocol);
+    }
+
+    /**
+     * Constructor for FTPSClient.
+     * @param isImplicit The secutiry mode(Implicit/Explicit).
+     * @throws NoSuchAlgorithmException A requested cryptographic algorithm 
+     * is not available in the environment.
+     */
+    public FTPSClient(boolean isImplicit) throws NoSuchAlgorithmException {
+        this.protocol = DEFAULT_PROTOCOL;
+        this.isImplicit = isImplicit;
+        context = SSLContext.getInstance(protocol);
+    }
+
+    /**
+     * Constructor for FTPSClient.
+     * @param conType The context type
+     * @throws NoSuchAlgorithmException A requested cryptographic algorithm 
+     * is not available in the environment.
+     */
+    public FTPSClient(String protocol) throws NoSuchAlgorithmException {
+        this.protocol = protocol;
+        this.isImplicit = false;
+        context = SSLContext.getInstance(protocol);
+    }
+
+    /**
+     * Constructor for FTPSClient.
+     * @param conType The context type
+     * @param isImplicit The secutiry mode(Implicit/Explicit).
+     * @throws NoSuchAlgorithmException A requested cryptographic algorithm 
+     * is not available in the environment.
+     */
+    public FTPSClient(String protocol, boolean isImplicit) 
+            throws NoSuchAlgorithmException {
+        this.protocol = protocol;
+        this.isImplicit = isImplicit;
+        context = SSLContext.getInstance(protocol);
+    }
+
+    /**
+     * Create KeyManager[] object.
+     * @param ks The KeyStore objects.
+     * @param storePass The Store password.
+     * @throws NoSuchAlgorithmException A requested cryptographic 
+     * algorithm is not available in the environment.
+     * @throws NoSuchProviderException A requested cryptographic provider 
+     * is not available in the environment.
+     * @throws UnrecoverableKeyException This exception is thrown 
+     * if a key in the keystore cannot be recovered.
+     * @throws KeyStoreException This is the generic KeyStore exception.
+     * @throws KeyManagementException It is the generic KeyManager exception.
+     */
+    public void createKeyManager(KeyStore ks, String storePass)
+            throws NoSuchAlgorithmException, NoSuchProviderException,
+            KeyStoreException,UnrecoverableKeyException,KeyManagementException{
+        if (ks == null) {
+            keyManager = null;
+            return;
+        }
+        if (KEYSTORE_ALGORITHM == null)
+            KEYSTORE_ALGORITHM = KeyManagerFactory.getDefaultAlgorithm();
+        KeyManagerFactory kmf;
+        if (PROVIDER == null) {
+            kmf = KeyManagerFactory.getInstance(KEYSTORE_ALGORITHM);
+        } else {
+            kmf = KeyManagerFactory.getInstance(KEYSTORE_ALGORITHM, PROVIDER);
+        }
+        if (kmf == null) {
+            keyManager = null;
+            return;
+        }
+        kmf.init(ks, storePass.toCharArray());
+        keyManager = kmf.getKeyManagers();
+        context.init(keyManager, trustManager, null);
+    }
+
+    /**
+     * Create TrustManager[] object.
+     * @param ks The KeyStore object.
+     * @throws NoSuchAlgorithmException A requested cryptographic algorithm 
+     * is not available in the environment.
+     * @throws NoSuchProviderException A requested cryptographic provider 
+     * is not available in the environment.
+     * @throws KeyStoreException This is the generic KeyStore exception.
+     * @throws KeyManagementException It is the generic KeyManager exception.
+     */
+    public void createTrustManager(KeyStore ks) 
+            throws NoSuchAlgorithmException, NoSuchProviderException, 
+            KeyStoreException, KeyManagementException {
+        if (ks == null) trustManager = null;
+        if (TRUSTSTORE_ALGORITHM == null)
+            TRUSTSTORE_ALGORITHM = TrustManagerFactory.getDefaultAlgorithm();
+        TrustManagerFactory tmf;
+        if (PROVIDER == null) {
+            tmf = TrustManagerFactory.getInstance(TRUSTSTORE_ALGORITHM);
+        } else {
+            tmf = TrustManagerFactory.getInstance(
+                    TRUSTSTORE_ALGORITHM, PROVIDER);
+        }
+        if (tmf == null) {
+            trustManager = null;
+            return;
+        }
+        tmf.init(ks);
+        trustManager = tmf.getTrustManagers();
+        context.init(keyManager, trustManager, null);
+    }
+
+    /**
+     * Create TrustManager[] object.
+     * @param _ks The KeyStore objects.
+     * @throws KeyStoreException This is the generic KeyStore exception.
+     * @throws CertificateException This exception indicates one of 
+     * a variety of certificate problems.
+     * @throws NoSuchAlgorithmException A requested cryptographic algorithm 
+     * is not available in the environment.
+     * @throws NoSuchProviderException A requested cryptographic provider 
+     * is not available in the environment.
+     * @throws KeyManagementException It is the generic KeyManager exception.
+     * @throws IOException
+     */
+    public void createTrustManager(Vector ks) throws KeyStoreException, 
+            NoSuchAlgorithmException, CertificateException, 
+            IOException, NoSuchProviderException, KeyManagementException {
+        if (ks == null) {
+            trustManager = null;
+            return;
+        }
+        KeyStore _ks;
+        if (STORE_TYPE == null) {
+            _ks = KeyStore.getInstance(KeyStore.getDefaultType());
+        } else {
+            _ks = KeyStore.getInstance(STORE_TYPE);
+        }
+        _ks.load(null, null);
+        int n = 0;
+        // as for every keystore
+        for (int i = 0; i < ks.size(); i++) {
+            // as for every alias
+            KeyStore wks = ((KeyStore) ks.get(i));
+            for (Enumeration e = wks.aliases(); e.hasMoreElements();) {
+                String alias = (String) e.nextElement();
+                _ks.setCertificateEntry(String.valueOf(n), 
+                        wks.getCertificate(alias));
+                n++;
+            }
+        }
+        createTrustManager(_ks);
+    }
+
+    /**
+     * Set AUTH command use value.
+     * This processing is done before connected processing.
+     * @param auth AUTH command use value.
+     */
+    public void setAuthValue(String auth) {
+        this.auth = auth;
+    }
+
+    /**
+     * Return AUTH command use value.
+     * @return AUTH command use value.
+     */
+    public String getAuthValue() {
+        return this.auth;
+    }
+
+    /**
+     * I work to be connected. Opens a Socket connected to a remote host 
+     * at the specified port and originating from the current host at 
+     * a system assigned port.
+     * @param address The name of the remote host.
+     * @param port The port to connect to on the remote host.
+     * @throws SocketException If the socket timeout could not be set.
+     * @throws IOException If the socket could not be opened.
+     * In most cases you will only want to catch IOException since 
+     * SocketException is derived from it.
+     * @see org.apache.commons.net.SocketClient#connect(java.lang.String, int)
+     */
+    public void connect(String address, int port) 
+            throws SocketException, IOException {
+        super.connect(address, port);
+    }
+
+    /**
+     * I work to be connected. Opens a Socket connected to a remote host 
+     * at the specified port and originating from the current host at 
+     * a system assigned port.
+     * @param address The name of the remote host.
+     * @param port The port to connect to on the remote host.
+     * @throws SocketException If the socket timeout could not be set.
+     * @throws IOException If the socket could not be opened.
+     * In most cases you will only want to catch IOException since 
+     * SocketException is derived from it.
+     * @see org.apache.commons.net.SocketClient 
+     * #connect(java.net.InetAddress, int)
+     */
+    public void connect(InetAddress address, int port) 
+            throws SocketException, IOException {
+        super.connect(address, port);
+    }
+
+    /**
+     * I work to be connected. Opens a Socket connected to a remote host 
+     * at the specified port and originating from the specified 
+     * local address and port.
+     * @param address The name of the remote host.
+     * @param port The port to connect to on the remote host.
+     * @param localAddress The local address to use.
+     * @param localPort The local port to use.
+     * @throws SocketException If the socket timeout could not be set.
+     * @throws IOException If the socket could not be opened.
+     * In most cases you will only want to catch IOException since 
+     * SocketException is derived from it.
+     * @see org.apache.commons.net.SocketClient
+     * #connect(java.net.InetAddress, int, java.net.InetAddress, int)
+     */
+    public void connect(InetAddress address, int port, 
+            InetAddress localAddress, int localPort) 
+            throws SocketException, IOException {
+        super.connect(address, port, localAddress, localPort);
+    }
+
+    /**
+     * I work to be connected. Opens a Socket connected to a remote host 
+     * at the specified port and originating from the specified 
+     * local address and port.
+     * @param address The name of the remote host.
+     * @param port The port to connect to on the remote host.
+     * @param localAddress The local address to use.
+     * @param localPort The local port to use.
+     * @throws SocketException If the socket timeout could not be set.
+     * @throws IOException If the socket could not be opened. 
+     * In most cases you will only want to catch IOException since 
+     * SocketException is derived from it.
+     * @see org.apache.commons.net.SocketClient 
+     * #connect(java.lang.String, int, java.net.InetAddress, int)
+     */
+    public void connect(String address, int port, InetAddress localAddress,
+            int localPort) throws SocketException, IOException {
+        super.connect(address, port, localAddress, localPort);
+    }
+
+    /**
+     * Because there are so many connect() methods, 
+     * the _connectAction_() method is provided as a means of performing 
+     * some action immediately after establishing a connection, 
+     * rather than reimplementing all of the connect() methods.
+     * @throws IOException If it throw by _connectAction_.
+     * @see org.apache.commons.net.SocketClient#_connectAction_()
+     */
+    protected void _connectAction_() throws IOException {
+        // Implicit mode.
+        if (isImplicit) sslNegotiation();
+        super._connectAction_();
+        // Explicit mode.
+        if (!isImplicit) {
+            execAUTH();
+            sslNegotiation();
+        }
+    }
+
+    /**
+     * I carry out an AUTH command.
+     * @throws SSLException If it server reply code not equal "234" and "334".
+     * @throws IOException If an I/O error occurs while either sending 
+     * the command.
+     */
+    private void execAUTH() throws SSLException, IOException {
+        int replyCode = sendCommand(
+                FTPSCommand._commands[FTPSCommand.AUTH], auth);
+        if (FTPSReply.SECURITY_MECHANISM_IS_OK == replyCode) {
+            // replyCode = 334
+            // I carry out an ADAT command.
+        } else if (FTPSReply.SECURITY_DATA_EXCHANGE_COMPLETE != replyCode) {
+            throw new SSLException(getReplyString());
+        }
+    }
+
+    /**
+     * SSL/TLS negotiation. I acquire an SSL socket of a control 
+     * connection and carry out handshake processing.
+     * @throws IOException A handicap breaks out by sever negotiation.
+     */
+    private void sslNegotiation() throws IOException {
+        // Evacuation not ssl socket.
+        planeSocket = _socket_;
+
+        SSLSocketFactory ssf = context.getSocketFactory();
+        String ip = _socket_.getInetAddress().getHostAddress();
+        int port = _socket_.getPort();
+        SSLSocket socket = 
+            (SSLSocket) ssf.createSocket(_socket_, ip, port, true);
+        socket.setEnableSessionCreation(isCreation);
+        socket.setUseClientMode(isClientMode);
+        // server mode
+        if (!isClientMode) {
+            socket.setNeedClientAuth(isNeedClientAuth);
+            socket.setWantClientAuth(isWantClientAuth);
+        }
+        if (protocols != null) socket.setEnabledProtocols(protocols);
+        if (suites != null) socket.setEnabledCipherSuites(suites);
+
+        socket.startHandshake();
+
+        _socket_ = socket;
+        _controlInput = new BufferedReader(new InputStreamReader(
+                socket .getInputStream(), getControlEncoding()));
+        _controlOutput = new BufferedWriter(new OutputStreamWriter(
+                socket.getOutputStream(), getControlEncoding()));
+    }
+
+    /**
+     * Controls whether new SSL session may be established by this socket.
+     * @param isCreation The established socket flag.
+     */
+    public void setEnabledSessionCreation(boolean isCreation) {
+        this.isCreation = isCreation;
+    }
+
+    /**
+     * Returns true if new SSL sessions may be established by this socket.
+     * When a socket does not have a ssl socket, This return False.
+     * @return true - Indicates that sessions may be created;
+     * this is the default. 
+     * false - indicates that an existing session must be resumed.
+     */
+    public boolean getEnableSeeionCreation() {
+        if (_socket_ instanceof SSLSocket) 
+            return ((SSLSocket)_socket_).getEnableSessionCreation();
+        return false;
+    }
+
+    /**
+     * Configures the socket to require client authentication.
+     * @param isNeedClientAuth The need client auth flag.
+     */
+    public void setNeedClientAuth(boolean isNeedClientAuth) {
+        this.isNeedClientAuth = isNeedClientAuth;
+    }
+
+    /**
+     * Returns true if the socket will require client authentication.
+     * When a socket does not have a ssl socket, This return False.
+     * @return true - If the server mode socket should request 
+     * that the client authenticate itself.
+     */
+    public boolean getNeedClientAuth() {
+        if (_socket_ instanceof SSLSocket) 
+            return ((SSLSocket)_socket_).getNeedClientAuth();
+        return false;
+    }
+
+    /**
+     * Configures the socket to request client authentication, 
+     * but only if such a request is appropriate to the cipher 
+     * suite negotiated.
+     * @param isWantClientAuth The want client auth flag.
+     */
+    public void setWantClientAuth(boolean isWantClientAuth) {
+        this.isWantClientAuth = isWantClientAuth;
+    }
+
+    /**
+     * Returns true if the socket will request client authentication.
+     * When a socket does not have a ssl socket, This return False.
+     * @return true - If the server mode socket should request 
+     * that the client authenticate itself.
+     */
+    public boolean getWantClientAuth() {
+        if (_socket_ instanceof SSLSocket) 
+            return ((SSLSocket)_socket_).getWantClientAuth();
+        return false;
+    }
+
+    /**
+     * Configures the socket to use client (or server) mode in its first 
+     * handshake.
+     * @param isClientMode The use client mode flag.
+     */
+    public void setUseClientMode(boolean isClientMode) {
+        this.isClientMode = isClientMode;
+    }
+
+    /**
+     * Returns true if the socket is set to use client mode 
+     * in its first handshake.
+     * When a socket does not have a ssl socket, This return False.
+     * @return true - If the socket should start its first handshake 
+     * in "client" mode.
+     */
+    public boolean getUseClientMode() {
+        if (_socket_ instanceof SSLSocket) 
+            return ((SSLSocket)_socket_).getUseClientMode();
+        return false;
+    }
+
+    /**
+     * Controls which particular cipher suites are enabled for use on this 
+     * connection. I perform setting before a server negotiation.
+     * @param suites The cipher suites.
+     */
+    public void setEnabledCipherSuites(String[] suites) {
+        this.suites = suites;
+    }
+
+    /**
+     * Returns the names of the cipher suites which could be enabled 
+     * for use on this connection.
+     * When a socket does not have a ssl socket, This return null.
+     * @return An array of cipher suite names.
+     */
+    public String[] getEnabledCipherSuites() {
+        if (_socket_ instanceof SSLSocket) 
+            return ((SSLSocket)_socket_).getEnabledCipherSuites();
+        return null;
+    }
+
+    /**
+     * Controls which particular protocol versions are enabled for use on this
+     * connection. I perform setting before a server negotiation.
+     * @param protocols The protocol versions.
+     */
+    public void setEnabledProtocols(String[] protocols) {
+        this.protocols = protocols;
+    }
+
+    /**
+     * Returns the names of the protocol versions which are currently 
+     * enabled for use on this connection.
+     * When a socket does not have a ssl socket, This return null.
+     * @return An array of protocols.
+     */
+    public String[] getEnabledProtocols() {
+        if (_socket_ instanceof SSLSocket) 
+            return ((SSLSocket)_socket_).getEnabledProtocols();
+        return null;
+    }
+
+    /**
+     * I carry out an PBSZ command. pbsz value: 0 to (2^32)-1 decimal integer.
+     * @param pbsz Protection Buffer Size.
+     * @throws SSLException If it server reply code not equal "200".
+     * @throws IOException If an I/O error occurs while either sending 
+     * the command.
+     */
+    public void execPBSZ(long pbsz) throws SSLException, IOException {
+        if (pbsz < 0 || 4294967295L < pbsz) 
+            throw new IllegalArgumentException();
+        if (FTPSReply.COMMAND_OK != sendCommand(
+                FTPSCommand._commands[FTPSCommand.PBSZ],String.valueOf(pbsz)))
+            throw new SSLException(getReplyString());
+    }
+
+    /**
+     * I carry out an PROT command.</br>
+     * C - Clear</br>
+     * S - Safe(SSL protocol only)</br>
+     * E - Confidential(SSL protocol only)</br>
+     * P - Private
+     * @param prot Data Channel Protection Level.
+     * @throws SSLException If it server reply code not equal "200".
+     * @throws IOException If an I/O error occurs while either sending 
+     * the command.
+     */
+    public void execPROT(String prot) throws SSLException, IOException {
+        if (prot == null) prot = DEFAULT_PROT;
+        if (!checkPROTValue(prot)) throw new IllegalArgumentException();
+        if (FTPSReply.COMMAND_OK != sendCommand(
+                FTPSCommand._commands[FTPSCommand.PROT], prot)) 
+            throw new SSLException(getReplyString());
+        if (DEFAULT_PROT.equals(prot)) {
+            setSocketFactory(null);
+        } else {
+            setSocketFactory(new FTPSSocketFactory(context));
+        }
+    }
+
+    /**
+     * I check the value that I can set in PROT Command value.
+     * @param prot Data Channel Protection Level.
+     * @return True - A set point is right / False - A set point is not right
+     */
+    private boolean checkPROTValue(String prot) {
+        for (int p = 0; p < PROT_COMMAND_VALUE.length; p++) {
+            if (PROT_COMMAND_VALUE[p].equals(prot)) return true;
+        }
+        return false;
+    }
+
+    /**
+     * I carry out an ftp command.
+     * When a CCC command was carried out, I steep socket and SocketFactory 
+     * in a state of not ssl.
+     * @parm command ftp command.
+     * @return server reply.
+     * @throws IOException If an I/O error occurs while either sending 
+     * the command.
+     * @see org.apache.commons.net.ftp.FTP#sendCommand(java.lang.String)
+     */
+    public int sendCommand(String command, String args) throws IOException {
+        int repCode = super.sendCommand(command, args);
+        if (FTPSCommand._commands[FTPSCommand.CCC].equals(command)) {
+            if (FTPSReply.COMMAND_OK == repCode) {
+                _socket_ = planeSocket;
+                setSocketFactory(null);
+            } else {
+                throw new SSLException(getReplyString());
+            }
+        }
+        return repCode;
+    }
+
+    /**
+     * I return a socket of the data connection that I acquired. 
+     * When I ssl it and communicate, I return the SSL socket which 
+     * carried out handshake processing.
+     * @pram command The text representation of the FTP command to send.
+     * @param arg The arguments to the FTP command. 
+     * If this parameter is set to null, then the command is sent with 
+     * no argument.
+     * @return A Socket corresponding to the established data connection. 
+     * Null is returned if an FTP protocol error is reported at any point 
+     * during the establishment and initialization of the connection.
+     * @throws IOException If there is any problem with the connection.
+     * @see org.apache.commons.net.ftp.FTPCliente
+     * #_openDataConnection_(java.lang.String, int)
+     */
+    protected Socket _openDataConnection_(int command, String arg)
+            throws IOException {
+        Socket socket = super._openDataConnection_(command, arg);
+        if (socket != null && socket instanceof SSLSocket) {
+            SSLSocket sslSocket = (SSLSocket)socket;
+            sslSocket.setUseClientMode(isClientMode);
+            sslSocket.setEnableSessionCreation(isCreation);
+            // server mode
+            if (!isClientMode) {
+                sslSocket.setNeedClientAuth(isNeedClientAuth);
+                sslSocket.setWantClientAuth(isWantClientAuth);
+            }
+            if (suites != null)
+                sslSocket.setEnabledCipherSuites(suites);
+            if (protocols != null)
+                sslSocket.setEnabledProtocols(protocols);
+            sslSocket.startHandshake();
+        }
+        return socket;
+    }
 }
-

Added: jakarta/commons/proper/net/branches/JDK_1_5_BRANCH/src/main/java/org/apache/commons/net/ftp/FTPSCommand.java
URL: http://svn.apache.org/viewvc/jakarta/commons/proper/net/branches/JDK_1_5_BRANCH/src/main/java/org/apache/commons/net/ftp/FTPSCommand.java?rev=437151&view=auto
==============================================================================
--- jakarta/commons/proper/net/branches/JDK_1_5_BRANCH/src/main/java/org/apache/commons/net/ftp/FTPSCommand.java
(added)
+++ jakarta/commons/proper/net/branches/JDK_1_5_BRANCH/src/main/java/org/apache/commons/net/ftp/FTPSCommand.java
Sat Aug 26 05:09:50 2006
@@ -0,0 +1,46 @@
+/**
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.commons.net.ftp;
+
+/**
+ * I acquire a command added in FTPS.
+ */
+public final class FTPSCommand {
+    public static final int AUTH = 0;
+    public static final int ADAT = 1;
+    public static final int PBSZ = 2;
+    public static final int PROT = 3;
+    public static final int CCC = 4;
+
+    public static final int AUTHENTICATION_SECURITY_MECHANISM = AUTH;
+    public static final int AUTHENTICATION_SECURITY_DATA = ADAT;
+    public static final int PROTECTION_BUFFER_SIZE = PBSZ;
+    public static final int DATA_CHANNEL_PROTECTION_LEVEL = PROT;
+    public static final int CLEAR_COMMAND_CHANNEL = CCC;
+
+    static final String[] _commands = {"AUTH","ADAT","PBSZ","PROT","CCC"};
+
+    /**
+     * Retrieve the FTPS command string corresponding to a specified
+     * command code.
+     * <p>
+     * @param command The command code.
+     * @return The FTPS command string corresponding to a specified 
+     *  command code.
+     */
+    public static final String getCommand(int command) {
+        return _commands[command];
+    }
+}

Added: jakarta/commons/proper/net/branches/JDK_1_5_BRANCH/src/main/java/org/apache/commons/net/ftp/FTPSReply.java
URL: http://svn.apache.org/viewvc/jakarta/commons/proper/net/branches/JDK_1_5_BRANCH/src/main/java/org/apache/commons/net/ftp/FTPSReply.java?rev=437151&view=auto
==============================================================================
--- jakarta/commons/proper/net/branches/JDK_1_5_BRANCH/src/main/java/org/apache/commons/net/ftp/FTPSReply.java
(added)
+++ jakarta/commons/proper/net/branches/JDK_1_5_BRANCH/src/main/java/org/apache/commons/net/ftp/FTPSReply.java
Sat Aug 26 05:09:50 2006
@@ -0,0 +1,131 @@
+/**
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.commons.net.ftp;
+
+/**
+ * I confirm a response cord of a command added in FTPS.
+ */
+public final class FTPSReply {
+    public static final int CODE_200 = 200;
+    public static final int CODE_234 = 234;
+    public static final int CODE_235 = 235;
+    public static final int CODE_334 = 334;
+    public static final int CODE_335 = 335;
+    public static final int CODE_421 = 421;
+    public static final int CODE_431 = 431;
+    public static final int CODE_500 = 500;
+    public static final int CODE_501 = 501;
+    public static final int CODE_502 = 502;
+    public static final int CODE_503 = 503;
+    public static final int CODE_504 = 504;
+    public static final int CODE_530 = 530;
+    public static final int CODE_533 = 533;
+    public static final int CODE_534 = 534;
+    public static final int CODE_535 = 535;
+    public static final int CODE_536 = 536;
+    
+    public static final int COMMAND_OK = CODE_200;
+    public static final int SECURITY_DATA_EXCHANGE_COMPLETE = CODE_234;
+    public static final int SECURITY_DATA_EXCHANGE_SUCCESSFULLY = CODE_235;
+    public static final int SECURITY_MECHANISM_IS_OK = CODE_334;
+    public static final int SECURITY_DATA_IS_ACCEPTABLE = CODE_335;
+    public static final int SERVICE_NOT_AVAILABLE = CODE_421;
+    public static final int UNAVAILABLE_RESOURCE = CODE_431;
+    public static final int UNRECOGNIZED_COMMAND = CODE_500;
+    public static final int SYNTAX_ERROR_IN_ARGUMENTS = CODE_501;
+    public static final int COMMAND_NOT_IMPLEMENTED = CODE_502;
+    public static final int BAD_COMMAND_SEQUENCE = CODE_503;
+    public static final int COMMAND_NOT_IMPLEMENTED_FOR_PARAMETER=CODE_504;
+    public static final int NOT_LOGGED_IN = CODE_530;
+    public static final int DENIED_FOR_POLICY_REASONS = CODE_533;
+    public static final int REQUEST_DENIED = CODE_534;
+    public static final int FAILED_SECURITY_CHECK = CODE_535;
+    public static final int REQUESTED_PROT_LEVEL_NOT_SUPPORTED = CODE_536;
+
+    /**
+     * Determine if a reply code is a positive preliminary response.  All
+     * codes beginning with a 1 are positive preliminary responses.
+     * Postitive preliminary responses are used to indicate tentative success.
+     * No further commands can be issued to the FTP server after a positive
+     * preliminary response until a follow up response is received from the
+     * server.
+     * <p>
+     * @param reply The reply code.
+     * @return True if a reply code is a postive preliminary pesponse, 
+     *  false if not.
+     */
+    public static boolean isPositivePreliminary(int reply) {
+        return (reply >= 100 && reply < 200);
+    }
+
+    /**
+     * Determine if a reply code is a positive completion response.  All
+     * codes beginning with a 2 are positive completion responses.
+     * The FTP server will send a positive completion response on the final
+     * successful completion of a command.
+     * <p>
+     * @param reply  The reply code.
+     * @return True if a reply code is a postive completion response,
+     *  false if not.
+     */
+    public static boolean isPositiveCompletion(int reply) {
+        return (reply >= 200 && reply < 300);
+    }
+
+    /**
+     * Determine if a reply code is a positive intermediate response.  All
+     * codes beginning with a 3 are positive intermediate responses.
+     * The FTP server will send a positive intermediate response on the
+     * successful completion of one part of a multi-part sequence of
+     * commands.  For example, after a successful USER command, a positive
+     * intermediate response will be sent to indicate that the server is
+     * ready for the PASS command.
+     * <p>
+     * @param reply The reply code.
+     * @return True if a reply code is a postive intermediate response,
+     *  false if not.
+     */
+    public static boolean isPositiveIntermediate(int reply) {
+        return (reply >= 300 && reply < 400);
+    }
+
+    /**
+     * Determine if a reply code is a negative transient response.  All
+     * codes beginning with a 4 are negative transient responses.
+     * The FTP server will send a negative transient response on the
+     * failure of a command that can be reattempted with success.
+     * <p>
+     * @param reply The reply code.
+     * @return True if a reply code is a negative transient response,
+     *  false if not.
+     */
+    public static boolean isNegativeTransient(int reply) {
+        return (reply >= 400 && reply < 500);
+    }
+
+    /**
+     * Determine if a reply code is a negative permanent response.  All
+     * codes beginning with a 5 are negative permanent responses.
+     * The FTP server will send a negative permanent response on the
+     * failure of a command that cannot be reattempted with success.
+     * <p>
+     * @param reply The reply code.
+     * @return True if a reply code is a negative permanent response,
+     *  false if not.
+     */
+    public static boolean isNegativePermanent(int reply) {
+        return (reply >= 500 && reply < 600);
+    }
+}

Modified: jakarta/commons/proper/net/branches/JDK_1_5_BRANCH/src/main/java/org/apache/commons/net/ftp/FTPSSocketFactory.java
URL: http://svn.apache.org/viewvc/jakarta/commons/proper/net/branches/JDK_1_5_BRANCH/src/main/java/org/apache/commons/net/ftp/FTPSSocketFactory.java?rev=437151&r1=437150&r2=437151&view=diff
==============================================================================
--- jakarta/commons/proper/net/branches/JDK_1_5_BRANCH/src/main/java/org/apache/commons/net/ftp/FTPSSocketFactory.java
(original)
+++ jakarta/commons/proper/net/branches/JDK_1_5_BRANCH/src/main/java/org/apache/commons/net/ftp/FTPSSocketFactory.java
Sat Aug 26 05:09:50 2006
@@ -1,18 +1,19 @@
-/*
- * Copyright 2001-2006 The Apache Software Foundation
- *
+/**
+ * Copyright 2006 Paul Ferraro & Jose Juan Montiel
+ * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.apache.commons.net.ftp;
 
 import java.io.IOException;
@@ -23,65 +24,52 @@
 
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLServerSocket;
-import javax.net.ssl.SSLSocket;
 
 import org.apache.commons.net.SocketFactory;
 
-public class FTPSSocketFactory implements SocketFactory
-{
-	private SSLContext context;
-	
-	public FTPSSocketFactory(SSLContext context)
-	{
-		this.context = context;
-	}
-	
-	public Socket createSocket(String address, int port) throws UnknownHostException, IOException
-	{
-		return this.init(this.context.getSocketFactory().createSocket(address, port));
-	}
-
-	public Socket createSocket(InetAddress address, int port) throws IOException
-	{
-		return this.init(this.context.getSocketFactory().createSocket(address, port));
-	}
-
-	public Socket createSocket(String address, int port, InetAddress localAddress, int localPort)
throws UnknownHostException, IOException
-	{
-		return this.init(this.context.getSocketFactory().createSocket(address, port, localAddress,
localPort));
-	}
-
-	public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int
localPort) throws IOException
-	{
-		return this.init(this.context.getSocketFactory().createSocket(address, port, localAddress,
localPort));
-	}
-	
-	public ServerSocket createServerSocket(int port) throws IOException
-	{
-		return this.init(this.context.getServerSocketFactory().createServerSocket(port));
-	}
-
-	public ServerSocket createServerSocket(int port, int backlog) throws IOException
-	{
-		return this.init(this.context.getServerSocketFactory().createServerSocket(port, backlog));
-	}
-
-	public ServerSocket createServerSocket(int port, int backlog, InetAddress ifAddress) throws
IOException
-	{
-		return this.init(this.context.getServerSocketFactory().createServerSocket(port, backlog,
ifAddress));
-	}
-	
-	public Socket init(Socket socket) throws IOException
-	{
-		((SSLSocket) socket).startHandshake();
-		
-		return socket;
-	}
-	
-	public ServerSocket init(ServerSocket socket) throws IOException
-	{
-		((SSLServerSocket) socket).setUseClientMode(true);
-		
-		return socket;
-	}
+/**
+ * 
+ * Implementation of org.apache.commons.net.SocketFactory
+ *
+ */
+public class FTPSSocketFactory implements SocketFactory {
+
+    private SSLContext context;
+    
+    public FTPSSocketFactory(SSLContext context) {
+        this.context = context;
+    }
+    
+    public Socket createSocket(String address, int port) throws UnknownHostException, IOException
{
+        return this.context.getSocketFactory().createSocket(address, port);
+    }
+
+    public Socket createSocket(InetAddress address, int port) throws IOException {
+        return this.context.getSocketFactory().createSocket(address, port);
+    }
+
+    public Socket createSocket(String address, int port, InetAddress localAddress, int localPort)
throws UnknownHostException, IOException {
+        return this.context.getSocketFactory().createSocket(address, port, localAddress,
localPort);
+    }
+
+    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int
localPort) throws IOException {
+        return this.context.getSocketFactory().createSocket(address, port, localAddress,
localPort);
+    }
+    
+    public ServerSocket createServerSocket(int port) throws IOException {
+        return this.init(this.context.getServerSocketFactory().createServerSocket(port));
+    }
+
+    public ServerSocket createServerSocket(int port, int backlog) throws IOException {
+        return this.init(this.context.getServerSocketFactory().createServerSocket(port, backlog));
+    }
+
+    public ServerSocket createServerSocket(int port, int backlog, InetAddress ifAddress)
throws IOException {
+        return this.init(this.context.getServerSocketFactory().createServerSocket(port, backlog,
ifAddress));
+    }
+        
+    public ServerSocket init(ServerSocket socket) throws IOException {
+        ((SSLServerSocket) socket).setUseClientMode(true);
+        return socket;
+    }
 }



---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message