001/* 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 018package org.apache.commons.net.ftp; 019 020import java.io.BufferedReader; 021import java.io.BufferedWriter; 022import java.io.IOException; 023import java.io.InputStreamReader; 024import java.io.OutputStreamWriter; 025import java.net.Socket; 026 027import javax.net.ssl.HostnameVerifier; 028import javax.net.ssl.KeyManager; 029import javax.net.ssl.SSLContext; 030import javax.net.ssl.SSLException; 031import javax.net.ssl.SSLHandshakeException; 032import javax.net.ssl.SSLSocket; 033import javax.net.ssl.SSLSocketFactory; 034import javax.net.ssl.TrustManager; 035 036import org.apache.commons.net.util.Base64; 037import org.apache.commons.net.util.SSLContextUtils; 038import org.apache.commons.net.util.SSLSocketUtils; 039import org.apache.commons.net.util.TrustManagerUtils; 040 041/** 042 * FTP over SSL processing. If desired, the JVM property -Djavax.net.debug=all can be used to 043 * see wire-level SSL details. 044 * 045 * Warning: the hostname is not verified against the certificate by default, use 046 * {@link #setHostnameVerifier(HostnameVerifier)} or {@link #setEndpointCheckingEnabled(boolean)} 047 * (on Java 1.7+) to enable verification. Verification is only performed on client mode connections. 048 * @version $Id: FTPSClient.java 1697433 2015-08-24 15:11:40Z sebb $ 049 * @since 2.0 050 */ 051public class FTPSClient extends FTPClient { 052 053// From http://www.iana.org/assignments/port-numbers 054 055// ftps-data 989/tcp ftp protocol, data, over TLS/SSL 056// ftps-data 989/udp ftp protocol, data, over TLS/SSL 057// ftps 990/tcp ftp protocol, control, over TLS/SSL 058// ftps 990/udp ftp protocol, control, over TLS/SSL 059 060 public static final int DEFAULT_FTPS_DATA_PORT = 989; 061 public static final int DEFAULT_FTPS_PORT = 990; 062 063 /** The value that I can set in PROT command (C = Clear, P = Protected) */ 064 private static final String[] PROT_COMMAND_VALUE = {"C","E","S","P"}; 065 /** Default PROT Command */ 066 private static final String DEFAULT_PROT = "C"; 067 /** Default secure socket protocol name, i.e. TLS */ 068 private static final String DEFAULT_PROTOCOL = "TLS"; 069 070 /** The AUTH (Authentication/Security Mechanism) command. */ 071 private static final String CMD_AUTH = "AUTH"; 072 /** The ADAT (Authentication/Security Data) command. */ 073 private static final String CMD_ADAT = "ADAT"; 074 /** The PROT (Data Channel Protection Level) command. */ 075 private static final String CMD_PROT = "PROT"; 076 /** The PBSZ (Protection Buffer Size) command. */ 077 private static final String CMD_PBSZ = "PBSZ"; 078 /** The MIC (Integrity Protected Command) command. */ 079 private static final String CMD_MIC = "MIC"; 080 /** The CONF (Confidentiality Protected Command) command. */ 081 private static final String CMD_CONF = "CONF"; 082 /** The ENC (Privacy Protected Command) command. */ 083 private static final String CMD_ENC = "ENC"; 084 /** The CCC (Clear Command Channel) command. */ 085 private static final String CMD_CCC = "CCC"; 086 087 /** The security mode. (True - Implicit Mode / False - Explicit Mode) */ 088 private final boolean isImplicit; 089 /** The secure socket protocol to be used, e.g. SSL/TLS. */ 090 private final String protocol; 091 /** The AUTH Command value */ 092 private String auth = DEFAULT_PROTOCOL; 093 /** The context object. */ 094 private SSLContext context; 095 /** The socket object. */ 096 private Socket plainSocket; 097 /** Controls whether a new SSL session may be established by this socket. Default true. */ 098 private boolean isCreation = true; 099 /** The use client mode flag. */ 100 private boolean isClientMode = true; 101 /** The need client auth flag. */ 102 private boolean isNeedClientAuth = false; 103 /** The want client auth flag. */ 104 private boolean isWantClientAuth = false; 105 /** The cipher suites */ 106 private String[] suites = null; 107 /** The protocol versions */ 108 private String[] protocols = null; 109 110 /** The FTPS {@link TrustManager} implementation, default validate only 111 * {@link TrustManagerUtils#getValidateServerCertificateTrustManager()}. 112 */ 113 private TrustManager trustManager = TrustManagerUtils.getValidateServerCertificateTrustManager(); 114 115 /** The {@link KeyManager}, default null (i.e. use system default). */ 116 private KeyManager keyManager = null; 117 118 /** The {@link HostnameVerifier} to use post-TLS, default null (i.e. no verification). */ 119 private HostnameVerifier hostnameVerifier = null; 120 121 /** Use Java 1.7+ HTTPS Endpoint Identification Algorithim. */ 122 private boolean tlsEndpointChecking; 123 124 /** 125 * Constructor for FTPSClient, calls {@link #FTPSClient(String, boolean)}. 126 * 127 * Sets protocol to {@link #DEFAULT_PROTOCOL} - i.e. TLS - and security mode to explicit (isImplicit = false) 128 */ 129 public FTPSClient() { 130 this(DEFAULT_PROTOCOL, false); 131 } 132 133 /** 134 * Constructor for FTPSClient, using {@link #DEFAULT_PROTOCOL} - i.e. TLS 135 * Calls {@link #FTPSClient(String, boolean)} 136 * @param isImplicit The security mode (Implicit/Explicit). 137 */ 138 public FTPSClient(boolean isImplicit) { 139 this(DEFAULT_PROTOCOL, isImplicit); 140 } 141 142 /** 143 * Constructor for FTPSClient, using explict mode, calls {@link #FTPSClient(String, boolean)}. 144 * 145 * @param protocol the protocol to use 146 */ 147 public FTPSClient(String protocol) { 148 this(protocol, false); 149 } 150 151 /** 152 * Constructor for FTPSClient allowing specification of protocol 153 * and security mode. If isImplicit is true, the port is set to 154 * {@link #DEFAULT_FTPS_PORT} i.e. 990. 155 * The default TrustManager is set from {@link TrustManagerUtils#getValidateServerCertificateTrustManager()} 156 * @param protocol the protocol 157 * @param isImplicit The security mode(Implicit/Explicit). 158 */ 159 public FTPSClient(String protocol, boolean isImplicit) { 160 super(); 161 this.protocol = protocol; 162 this.isImplicit = isImplicit; 163 if (isImplicit) { 164 setDefaultPort(DEFAULT_FTPS_PORT); 165 } 166 } 167 168 /** 169 * Constructor for FTPSClient, using {@link #DEFAULT_PROTOCOL} - i.e. TLS 170 * The default TrustManager is set from {@link TrustManagerUtils#getValidateServerCertificateTrustManager()} 171 * @param isImplicit The security mode(Implicit/Explicit). 172 * @param context A pre-configured SSL Context 173 */ 174 public FTPSClient(boolean isImplicit, SSLContext context) { 175 this(DEFAULT_PROTOCOL, isImplicit); 176 this.context = context; 177 } 178 179 /** 180 * Constructor for FTPSClient, using {@link #DEFAULT_PROTOCOL} - i.e. TLS 181 * and isImplicit {@code false} 182 * Calls {@link #FTPSClient(boolean, SSLContext)} 183 * @param context A pre-configured SSL Context 184 */ 185 public FTPSClient(SSLContext context) { 186 this(false, context); 187 } 188 189 190 /** 191 * Set AUTH command use value. 192 * This processing is done before connected processing. 193 * @param auth AUTH command use value. 194 */ 195 public void setAuthValue(String auth) { 196 this.auth = auth; 197 } 198 199 /** 200 * Return AUTH command use value. 201 * @return AUTH command use value. 202 */ 203 public String getAuthValue() { 204 return this.auth; 205 } 206 207 208 /** 209 * Because there are so many connect() methods, 210 * the _connectAction_() method is provided as a means of performing 211 * some action immediately after establishing a connection, 212 * rather than reimplementing all of the connect() methods. 213 * @throws IOException If it throw by _connectAction_. 214 * @see org.apache.commons.net.SocketClient#_connectAction_() 215 */ 216 @Override 217 protected void _connectAction_() throws IOException { 218 // Implicit mode. 219 if (isImplicit) { 220 sslNegotiation(); 221 } 222 super._connectAction_(); 223 // Explicit mode. 224 if (!isImplicit) { 225 execAUTH(); 226 sslNegotiation(); 227 } 228 } 229 230 /** 231 * AUTH command. 232 * @throws SSLException If it server reply code not equal "234" and "334". 233 * @throws IOException If an I/O error occurs while either sending 234 * the command. 235 */ 236 protected void execAUTH() throws SSLException, IOException { 237 int replyCode = sendCommand(CMD_AUTH, auth); 238 if (FTPReply.SECURITY_MECHANISM_IS_OK == replyCode) { 239 // replyCode = 334 240 // I carry out an ADAT command. 241 } else if (FTPReply.SECURITY_DATA_EXCHANGE_COMPLETE != replyCode) { 242 throw new SSLException(getReplyString()); 243 } 244 } 245 246 /** 247 * Performs a lazy init of the SSL context 248 * @throws IOException 249 */ 250 private void initSslContext() throws IOException { 251 if (context == null) { 252 context = SSLContextUtils.createSSLContext(protocol, getKeyManager(), getTrustManager()); 253 } 254 } 255 256 /** 257 * SSL/TLS negotiation. Acquires an SSL socket of a control 258 * connection and carries out handshake processing. 259 * @throws IOException If server negotiation fails 260 */ 261 protected void sslNegotiation() throws IOException { 262 plainSocket = _socket_; 263 initSslContext(); 264 265 SSLSocketFactory ssf = context.getSocketFactory(); 266 String host = (_hostname_ != null) ? _hostname_ : getRemoteAddress().getHostAddress(); 267 int port = _socket_.getPort(); 268 SSLSocket socket = 269 (SSLSocket) ssf.createSocket(_socket_, host, port, false); 270 socket.setEnableSessionCreation(isCreation); 271 socket.setUseClientMode(isClientMode); 272 273 // client mode 274 if (isClientMode) { 275 if (tlsEndpointChecking) { 276 SSLSocketUtils.enableEndpointNameVerification(socket); 277 } 278 } else { // server mode 279 socket.setNeedClientAuth(isNeedClientAuth); 280 socket.setWantClientAuth(isWantClientAuth); 281 } 282 283 if (protocols != null) { 284 socket.setEnabledProtocols(protocols); 285 } 286 if (suites != null) { 287 socket.setEnabledCipherSuites(suites); 288 } 289 socket.startHandshake(); 290 291 // TODO the following setup appears to duplicate that in the super class methods 292 _socket_ = socket; 293 _controlInput_ = new BufferedReader(new InputStreamReader( 294 socket .getInputStream(), getControlEncoding())); 295 _controlOutput_ = new BufferedWriter(new OutputStreamWriter( 296 socket.getOutputStream(), getControlEncoding())); 297 298 if (isClientMode) { 299 if (hostnameVerifier != null && !hostnameVerifier.verify(host, socket.getSession())) { 300 throw new SSLHandshakeException("Hostname doesn't match certificate"); 301 } 302 } 303 } 304 305 /** 306 * Get the {@link KeyManager} instance. 307 * @return The {@link KeyManager} instance 308 */ 309 private KeyManager getKeyManager() { 310 return keyManager; 311 } 312 313 /** 314 * Set a {@link KeyManager} to use 315 * 316 * @param keyManager The KeyManager implementation to set. 317 * @see org.apache.commons.net.util.KeyManagerUtils 318 */ 319 public void setKeyManager(KeyManager keyManager) { 320 this.keyManager = keyManager; 321 } 322 323 /** 324 * Controls whether a new SSL session may be established by this socket. 325 * @param isCreation The established socket flag. 326 */ 327 public void setEnabledSessionCreation(boolean isCreation) { 328 this.isCreation = isCreation; 329 } 330 331 /** 332 * Returns true if new SSL sessions may be established by this socket. 333 * When the underlying {@link Socket} instance is not SSL-enabled (i.e. an 334 * instance of {@link SSLSocket} with {@link SSLSocket}{@link #getEnableSessionCreation()}) enabled, 335 * this returns False. 336 * @return true - Indicates that sessions may be created; 337 * this is the default. 338 * false - indicates that an existing session must be resumed. 339 */ 340 public boolean getEnableSessionCreation() { 341 if (_socket_ instanceof SSLSocket) { 342 return ((SSLSocket)_socket_).getEnableSessionCreation(); 343 } 344 return false; 345 } 346 347 /** 348 * Configures the socket to require client authentication. 349 * @param isNeedClientAuth The need client auth flag. 350 */ 351 public void setNeedClientAuth(boolean isNeedClientAuth) { 352 this.isNeedClientAuth = isNeedClientAuth; 353 } 354 355 /** 356 * Returns true if the socket will require client authentication. 357 * When the underlying {@link Socket} is not an {@link SSLSocket} instance, returns false. 358 * @return true - If the server mode socket should request 359 * that the client authenticate itself. 360 */ 361 public boolean getNeedClientAuth() { 362 if (_socket_ instanceof SSLSocket) { 363 return ((SSLSocket)_socket_).getNeedClientAuth(); 364 } 365 return false; 366 } 367 368 /** 369 * Configures the socket to request client authentication, 370 * but only if such a request is appropriate to the cipher 371 * suite negotiated. 372 * @param isWantClientAuth The want client auth flag. 373 */ 374 public void setWantClientAuth(boolean isWantClientAuth) { 375 this.isWantClientAuth = isWantClientAuth; 376 } 377 378 /** 379 * Returns true if the socket will request client authentication. 380 * When the underlying {@link Socket} is not an {@link SSLSocket} instance, returns false. 381 * @return true - If the server mode socket should request 382 * that the client authenticate itself. 383 */ 384 public boolean getWantClientAuth() { 385 if (_socket_ instanceof SSLSocket) { 386 return ((SSLSocket)_socket_).getWantClientAuth(); 387 } 388 return false; 389 } 390 391 /** 392 * Configures the socket to use client (or server) mode in its first 393 * handshake. 394 * @param isClientMode The use client mode flag. 395 */ 396 public void setUseClientMode(boolean isClientMode) { 397 this.isClientMode = isClientMode; 398 } 399 400 /** 401 * Returns true if the socket is set to use client mode 402 * in its first handshake. 403 * When the underlying {@link Socket} is not an {@link SSLSocket} instance, returns false. 404 * @return true - If the socket should start its first handshake 405 * in "client" mode. 406 */ 407 public boolean getUseClientMode() { 408 if (_socket_ instanceof SSLSocket) { 409 return ((SSLSocket)_socket_).getUseClientMode(); 410 } 411 return false; 412 } 413 414 /** 415 * Controls which particular cipher suites are enabled for use on this 416 * connection. Called before server negotiation. 417 * @param cipherSuites The cipher suites. 418 */ 419 public void setEnabledCipherSuites(String[] cipherSuites) { 420 suites = new String[cipherSuites.length]; 421 System.arraycopy(cipherSuites, 0, suites, 0, cipherSuites.length); 422 } 423 424 /** 425 * Returns the names of the cipher suites which could be enabled 426 * for use on this connection. 427 * When the underlying {@link Socket} is not an {@link SSLSocket} instance, returns null. 428 * @return An array of cipher suite names, or <code>null</code> 429 */ 430 public String[] getEnabledCipherSuites() { 431 if (_socket_ instanceof SSLSocket) { 432 return ((SSLSocket)_socket_).getEnabledCipherSuites(); 433 } 434 return null; 435 } 436 437 /** 438 * Controls which particular protocol versions are enabled for use on this 439 * connection. I perform setting before a server negotiation. 440 * @param protocolVersions The protocol versions. 441 */ 442 public void setEnabledProtocols(String[] protocolVersions) { 443 protocols = new String[protocolVersions.length]; 444 System.arraycopy(protocolVersions, 0, protocols, 0, protocolVersions.length); 445 } 446 447 /** 448 * Returns the names of the protocol versions which are currently 449 * enabled for use on this connection. 450 * When the underlying {@link Socket} is not an {@link SSLSocket} instance, returns null. 451 * @return An array of protocols, or <code>null</code> 452 */ 453 public String[] getEnabledProtocols() { 454 if (_socket_ instanceof SSLSocket) { 455 return ((SSLSocket)_socket_).getEnabledProtocols(); 456 } 457 return null; 458 } 459 460 /** 461 * PBSZ command. pbsz value: 0 to (2^32)-1 decimal integer. 462 * @param pbsz Protection Buffer Size. 463 * @throws SSLException If the server reply code does not equal "200". 464 * @throws IOException If an I/O error occurs while sending 465 * the command. 466 * @see #parsePBSZ(long) 467 */ 468 public void execPBSZ(long pbsz) throws SSLException, IOException { 469 if (pbsz < 0 || 4294967295L < pbsz) { // 32-bit unsigned number 470 throw new IllegalArgumentException(); 471 } 472 int status = sendCommand(CMD_PBSZ, String.valueOf(pbsz)); 473 if (FTPReply.COMMAND_OK != status) { 474 throw new SSLException(getReplyString()); 475 } 476 } 477 478 /** 479 * PBSZ command. pbsz value: 0 to (2^32)-1 decimal integer. 480 * Issues the command and parses the response to return the negotiated value. 481 * 482 * @param pbsz Protection Buffer Size. 483 * @throws SSLException If the server reply code does not equal "200". 484 * @throws IOException If an I/O error occurs while sending 485 * the command. 486 * @return the negotiated value. 487 * @see #execPBSZ(long) 488 * @since 3.0 489 */ 490 public long parsePBSZ(long pbsz) throws SSLException, IOException { 491 execPBSZ(pbsz); 492 long minvalue = pbsz; 493 String remainder = extractPrefixedData("PBSZ=", getReplyString()); 494 if (remainder != null) { 495 long replysz = Long.parseLong(remainder); 496 if (replysz < minvalue) { 497 minvalue = replysz; 498 } 499 } 500 return minvalue; 501 } 502 503 /** 504 * PROT command. 505 * <ul> 506 * <li>C - Clear</li> 507 * <li>S - Safe(SSL protocol only)</li> 508 * <li>E - Confidential(SSL protocol only)</li> 509 * <li>P - Private</li> 510 * </ul> 511 * <b>N.B.</b> the method calls 512 * {@link #setSocketFactory(javax.net.SocketFactory)} and 513 * {@link #setServerSocketFactory(javax.net.ServerSocketFactory)} 514 * 515 * @param prot Data Channel Protection Level, if {@code null}, use {@link #DEFAULT_PROT}. 516 * @throws SSLException If the server reply code does not equal {@code 200}. 517 * @throws IOException If an I/O error occurs while sending 518 * the command. 519 */ 520 public void execPROT(String prot) throws SSLException, IOException { 521 if (prot == null) { 522 prot = DEFAULT_PROT; 523 } 524 if (!checkPROTValue(prot)) { 525 throw new IllegalArgumentException(); 526 } 527 if (FTPReply.COMMAND_OK != sendCommand(CMD_PROT, prot)) { 528 throw new SSLException(getReplyString()); 529 } 530 if (DEFAULT_PROT.equals(prot)) { 531 setSocketFactory(null); 532 setServerSocketFactory(null); 533 } else { 534 setSocketFactory(new FTPSSocketFactory(context)); 535 setServerSocketFactory(new FTPSServerSocketFactory(context)); 536 initSslContext(); 537 } 538 } 539 540 /** 541 * Check the value that can be set in PROT Command value. 542 * @param prot Data Channel Protection Level. 543 * @return True - A set point is right / False - A set point is not right 544 */ 545 private boolean checkPROTValue(String prot) { 546 for (String element : PROT_COMMAND_VALUE) 547 { 548 if (element.equals(prot)) { 549 return true; 550 } 551 } 552 return false; 553 } 554 555 /** 556 * Send an FTP command. 557 * A successful CCC (Clear Command Channel) command causes the underlying {@link SSLSocket} 558 * instance to be assigned to a plain {@link Socket} 559 * @param command The FTP command. 560 * @return server reply. 561 * @throws IOException If an I/O error occurs while sending the command. 562 * @throws SSLException if a CCC command fails 563 * @see org.apache.commons.net.ftp.FTP#sendCommand(java.lang.String) 564 */ 565 // Would like to remove this method, but that will break any existing clients that are using CCC 566 @Override 567 public int sendCommand(String command, String args) throws IOException { 568 int repCode = super.sendCommand(command, args); 569 /* If CCC is issued, restore socket i/o streams to unsecured versions */ 570 if (CMD_CCC.equals(command)) { 571 if (FTPReply.COMMAND_OK == repCode) { 572 _socket_.close(); 573 _socket_ = plainSocket; 574 _controlInput_ = new BufferedReader( 575 new InputStreamReader( 576 _socket_ .getInputStream(), getControlEncoding())); 577 _controlOutput_ = new BufferedWriter( 578 new OutputStreamWriter( 579 _socket_.getOutputStream(), getControlEncoding())); 580 } else { 581 throw new SSLException(getReplyString()); 582 } 583 } 584 return repCode; 585 } 586 587 /** 588 * Returns a socket of the data connection. 589 * Wrapped as an {@link SSLSocket}, which carries out handshake processing. 590 * @param command The int representation of the FTP command to send. 591 * @param arg The arguments to the FTP command. 592 * If this parameter is set to null, then the command is sent with 593 * no arguments. 594 * @return corresponding to the established data connection. 595 * Null is returned if an FTP protocol error is reported at any point 596 * during the establishment and initialization of the connection. 597 * @throws IOException If there is any problem with the connection. 598 * @see FTPClient#_openDataConnection_(int, String) 599 * @deprecated (3.3) Use {@link FTPClient#_openDataConnection_(FTPCmd, String)} instead 600 */ 601 @Override 602 // Strictly speaking this is not needed, but it works round a Clirr bug 603 // So rather than invoke the parent code, we do it here 604 @Deprecated 605 protected Socket _openDataConnection_(int command, String arg) 606 throws IOException { 607 return _openDataConnection_(FTPCommand.getCommand(command), arg); 608 } 609 610 /** 611 * Returns a socket of the data connection. 612 * Wrapped as an {@link SSLSocket}, which carries out handshake processing. 613 * @param command The textual representation of the FTP command to send. 614 * @param arg The arguments to the FTP command. 615 * If this parameter is set to null, then the command is sent with 616 * no arguments. 617 * @return corresponding to the established data connection. 618 * Null is returned if an FTP protocol error is reported at any point 619 * during the establishment and initialization of the connection. 620 * @throws IOException If there is any problem with the connection. 621 * @see FTPClient#_openDataConnection_(int, String) 622 * @since 3.2 623 */ 624 @Override 625 protected Socket _openDataConnection_(String command, String arg) 626 throws IOException { 627 Socket socket = super._openDataConnection_(command, arg); 628 _prepareDataSocket_(socket); 629 if (socket instanceof SSLSocket) { 630 SSLSocket sslSocket = (SSLSocket)socket; 631 632 sslSocket.setUseClientMode(isClientMode); 633 sslSocket.setEnableSessionCreation(isCreation); 634 635 // server mode 636 if (!isClientMode) { 637 sslSocket.setNeedClientAuth(isNeedClientAuth); 638 sslSocket.setWantClientAuth(isWantClientAuth); 639 } 640 if (suites != null) { 641 sslSocket.setEnabledCipherSuites(suites); 642 } 643 if (protocols != null) { 644 sslSocket.setEnabledProtocols(protocols); 645 } 646 sslSocket.startHandshake(); 647 } 648 649 return socket; 650 } 651 652 /** 653 * Performs any custom initialization for a newly created SSLSocket (before 654 * the SSL handshake happens). 655 * Called by {@link #_openDataConnection_(int, String)} immediately 656 * after creating the socket. 657 * The default implementation is a no-op 658 * @param socket the socket to set up 659 * @throws IOException on error 660 * @since 3.1 661 */ 662 protected void _prepareDataSocket_(Socket socket) 663 throws IOException { 664 } 665 666 /** 667 * Get the currently configured {@link TrustManager}. 668 * 669 * @return A TrustManager instance. 670 */ 671 public TrustManager getTrustManager() { 672 return trustManager; 673 } 674 675 /** 676 * Override the default {@link TrustManager} to use; if set to {@code null}, 677 * the default TrustManager from the JVM will be used. 678 * 679 * @param trustManager The TrustManager implementation to set, may be {@code null} 680 * @see org.apache.commons.net.util.TrustManagerUtils 681 */ 682 public void setTrustManager(TrustManager trustManager) { 683 this.trustManager = trustManager; 684 } 685 686 /** 687 * Get the currently configured {@link HostnameVerifier}. 688 * The verifier is only used on client mode connections. 689 * @return A HostnameVerifier instance. 690 * @since 3.4 691 */ 692 public HostnameVerifier getHostnameVerifier() 693 { 694 return hostnameVerifier; 695 } 696 697 /** 698 * Override the default {@link HostnameVerifier} to use. 699 * The verifier is only used on client mode connections. 700 * @param newHostnameVerifier The HostnameVerifier implementation to set or <code>null</code> to disable. 701 * @since 3.4 702 */ 703 public void setHostnameVerifier(HostnameVerifier newHostnameVerifier) 704 { 705 hostnameVerifier = newHostnameVerifier; 706 } 707 708 /** 709 * Return whether or not endpoint identification using the HTTPS algorithm 710 * on Java 1.7+ is enabled. The default behaviour is for this to be disabled. 711 * 712 * This check is only performed on client mode connections. 713 * 714 * @return True if enabled, false if not. 715 * @since 3.4 716 */ 717 public boolean isEndpointCheckingEnabled() 718 { 719 return tlsEndpointChecking; 720 } 721 722 /** 723 * Automatic endpoint identification checking using the HTTPS algorithm 724 * is supported on Java 1.7+. The default behaviour is for this to be disabled. 725 * 726 * This check is only performed on client mode connections. 727 * 728 * @param enable Enable automatic endpoint identification checking using the HTTPS algorithm on Java 1.7+. 729 * @since 3.4 730 */ 731 public void setEndpointCheckingEnabled(boolean enable) 732 { 733 tlsEndpointChecking = enable; 734 } 735 736 /** 737 * Closes the connection to the FTP server and restores 738 * connection parameters to the default values. 739 * <p> 740 * Calls {@code setSocketFactory(null)} and {@code setServerSocketFactory(null)} 741 * to reset the factories that may have been changed during the session, 742 * e.g. by {@link #execPROT(String)} 743 * @exception IOException If an error occurs while disconnecting. 744 * @since 3.0 745 */ 746 @Override 747 public void disconnect() throws IOException 748 { 749 super.disconnect(); 750 setSocketFactory(null); 751 setServerSocketFactory(null); 752 } 753 754 /** 755 * Send the AUTH command with the specified mechanism. 756 * @param mechanism The mechanism name to send with the command. 757 * @return server reply. 758 * @throws IOException If an I/O error occurs while sending 759 * the command. 760 * @since 3.0 761 */ 762 public int execAUTH(String mechanism) throws IOException 763 { 764 return sendCommand(CMD_AUTH, mechanism); 765 } 766 767 /** 768 * Send the ADAT command with the specified authentication data. 769 * @param data The data to send with the command. 770 * @return server reply. 771 * @throws IOException If an I/O error occurs while sending 772 * the command. 773 * @since 3.0 774 */ 775 public int execADAT(byte[] data) throws IOException 776 { 777 if (data != null) 778 { 779 return sendCommand(CMD_ADAT, Base64.encodeBase64StringUnChunked(data)); 780 } 781 else 782 { 783 return sendCommand(CMD_ADAT); 784 } 785 } 786 787 /** 788 * Send the CCC command to the server. 789 * The CCC (Clear Command Channel) command causes the underlying {@link SSLSocket} instance to be assigned 790 * to a plain {@link Socket} instances 791 * @return server reply. 792 * @throws IOException If an I/O error occurs while sending 793 * the command. 794 * @since 3.0 795 */ 796 public int execCCC() throws IOException 797 { 798 int repCode = sendCommand(CMD_CCC); 799// This will be performed by sendCommand(String, String) 800// if (FTPReply.isPositiveCompletion(repCode)) { 801// _socket_.close(); 802// _socket_ = plainSocket; 803// _controlInput_ = new BufferedReader( 804// new InputStreamReader( 805// _socket_.getInputStream(), getControlEncoding())); 806// _controlOutput_ = new BufferedWriter( 807// new OutputStreamWriter( 808// _socket_.getOutputStream(), getControlEncoding())); 809// } 810 return repCode; 811 } 812 813 /** 814 * Send the MIC command with the specified data. 815 * @param data The data to send with the command. 816 * @return server reply. 817 * @throws IOException If an I/O error occurs while sending 818 * the command. 819 * @since 3.0 820 */ 821 public int execMIC(byte[] data) throws IOException 822 { 823 if (data != null) 824 { 825 return sendCommand(CMD_MIC, Base64.encodeBase64StringUnChunked(data)); 826 } 827 else 828 { 829 return sendCommand(CMD_MIC, ""); // perhaps "=" or just sendCommand(String)? 830 } 831 } 832 833 /** 834 * Send the CONF command with the specified data. 835 * @param data The data to send with the command. 836 * @return server reply. 837 * @throws IOException If an I/O error occurs while sending 838 * the command. 839 * @since 3.0 840 */ 841 public int execCONF(byte[] data) throws IOException 842 { 843 if (data != null) 844 { 845 return sendCommand(CMD_CONF, Base64.encodeBase64StringUnChunked(data)); 846 } 847 else 848 { 849 return sendCommand(CMD_CONF, ""); // perhaps "=" or just sendCommand(String)? 850 } 851 } 852 853 /** 854 * Send the ENC command with the specified data. 855 * @param data The data to send with the command. 856 * @return server reply. 857 * @throws IOException If an I/O error occurs while sending 858 * the command. 859 * @since 3.0 860 */ 861 public int execENC(byte[] data) throws IOException 862 { 863 if (data != null) 864 { 865 return sendCommand(CMD_ENC, Base64.encodeBase64StringUnChunked(data)); 866 } 867 else 868 { 869 return sendCommand(CMD_ENC, ""); // perhaps "=" or just sendCommand(String)? 870 } 871 } 872 873 /** 874 * Parses the given ADAT response line and base64-decodes the data. 875 * @param reply The ADAT reply to parse. 876 * @return the data in the reply, base64-decoded. 877 * @since 3.0 878 */ 879 public byte[] parseADATReply(String reply) 880 { 881 if (reply == null) { 882 return null; 883 } else { 884 return Base64.decodeBase64(extractPrefixedData("ADAT=", reply)); 885 } 886 } 887 888 /** 889 * Extract the data from a reply with a prefix, e.g. PBSZ=1234 => 1234 890 * @param prefix the prefix to find 891 * @param reply where to find the prefix 892 * @return the remainder of the string after the prefix, or null if the prefix was not present. 893 */ 894 private String extractPrefixedData(String prefix, String reply) { 895 int idx = reply.indexOf(prefix); 896 if (idx == -1) { 897 return null; 898 } 899 // N.B. Cannot use trim before substring as leading space would affect the offset. 900 return reply.substring(idx+prefix.length()).trim(); 901 } 902 903 // DEPRECATED - for API compatibility only - DO NOT USE 904 905 /** @deprecated - not used - may be removed in a future release */ 906 @Deprecated 907 public static String KEYSTORE_ALGORITHM; 908 909 /** @deprecated - not used - may be removed in a future release */ 910 @Deprecated 911 public static String TRUSTSTORE_ALGORITHM; 912 913 /** @deprecated - not used - may be removed in a future release */ 914 @Deprecated 915 public static String PROVIDER; 916 917 /** @deprecated - not used - may be removed in a future release */ 918 @Deprecated 919 public static String STORE_TYPE; 920 921} 922/* kate: indent-width 4; replace-tabs on; */