Package org.apache.commons.net.ftp

Class FTPSClient

  • All Implemented Interfaces:
    Configurable
    public class FTPSClient
extends FTPClient
    FTP over SSL processing. If desired, the JVM property -Djavax.net.debug=all can be used to see wire-level SSL details. Warning: the hostname is not verified against the certificate by default, use setHostnameVerifier(HostnameVerifier) or setEndpointCheckingEnabled(boolean) (on Java 1.7+) to enable verification. Verification is only performed on client mode connections.
    Since:
    2.0
    Version:
    $Id: FTPSClient.java 1747829 2016-06-11 00:57:57Z sebb $

    • Field Detail

      • PROT_COMMAND_VALUE

        private static final java.lang.String[] PROT_COMMAND_VALUE
        The value that I can set in PROT command (C = Clear, P = Protected)

      • DEFAULT_PROT

        private static final java.lang.String DEFAULT_PROT
        Default PROT Command
        See Also:
        Constant Field Values

      • DEFAULT_PROTOCOL

        private static final java.lang.String DEFAULT_PROTOCOL
        Default secure socket protocol name, i.e. TLS
        See Also:
        Constant Field Values

      • CMD_AUTH

        private static final java.lang.String CMD_AUTH
        The AUTH (Authentication/Security Mechanism) command.
        See Also:
        Constant Field Values

      • CMD_ADAT

        private static final java.lang.String CMD_ADAT
        The ADAT (Authentication/Security Data) command.
        See Also:
        Constant Field Values

      • CMD_PROT

        private static final java.lang.String CMD_PROT
        The PROT (Data Channel Protection Level) command.
        See Also:
        Constant Field Values

      • CMD_PBSZ

        private static final java.lang.String CMD_PBSZ
        The PBSZ (Protection Buffer Size) command.
        See Also:
        Constant Field Values

      • CMD_MIC

        private static final java.lang.String CMD_MIC
        The MIC (Integrity Protected Command) command.
        See Also:
        Constant Field Values

      • CMD_CONF

        private static final java.lang.String CMD_CONF
        The CONF (Confidentiality Protected Command) command.
        See Also:
        Constant Field Values

      • CMD_ENC

        private static final java.lang.String CMD_ENC
        The ENC (Privacy Protected Command) command.
        See Also:
        Constant Field Values

      • CMD_CCC

        private static final java.lang.String CMD_CCC
        The CCC (Clear Command Channel) command.
        See Also:
        Constant Field Values

      • isImplicit

        private final boolean isImplicit
        The security mode. (True - Implicit Mode / False - Explicit Mode)

      • protocol

        private final java.lang.String protocol
        The secure socket protocol to be used, e.g. SSL/TLS.

      • auth

        private java.lang.String auth
        The AUTH Command value

      • context

        private javax.net.ssl.SSLContext context
        The context object.

      • plainSocket

        private java.net.Socket plainSocket
        The socket object.

      • isCreation

        private boolean isCreation
        Controls whether a new SSL session may be established by this socket. Default true.

      • isClientMode

        private boolean isClientMode
        The use client mode flag.

      • isNeedClientAuth

        private boolean isNeedClientAuth
        The need client auth flag.

      • isWantClientAuth

        private boolean isWantClientAuth
        The want client auth flag.

      • suites

        private java.lang.String[] suites
        The cipher suites

      • protocols

        private java.lang.String[] protocols
        The protocol versions

      • keyManager

        private javax.net.ssl.KeyManager keyManager
        The KeyManager, default null (i.e. use system default).

      • hostnameVerifier

        private javax.net.ssl.HostnameVerifier hostnameVerifier
        The HostnameVerifier to use post-TLS, default null (i.e. no verification).

      • tlsEndpointChecking

        private boolean tlsEndpointChecking
        Use Java 1.7+ HTTPS Endpoint Identification Algorithim.

      • KEYSTORE_ALGORITHM

        @Deprecated
public static java.lang.String KEYSTORE_ALGORITHM
        Deprecated.
        - not used - may be removed in a future release

      • TRUSTSTORE_ALGORITHM

        @Deprecated
public static java.lang.String TRUSTSTORE_ALGORITHM
        Deprecated.
        - not used - may be removed in a future release

      • PROVIDER

        @Deprecated
public static java.lang.String PROVIDER
        Deprecated.
        - not used - may be removed in a future release

      • STORE_TYPE

        @Deprecated
public static java.lang.String STORE_TYPE
        Deprecated.
        - not used - may be removed in a future release

    • Constructor Detail

      • FTPSClient

        public FTPSClient​(boolean isImplicit)
        Constructor for FTPSClient, using DEFAULT_PROTOCOL - i.e. TLS Calls FTPSClient(String, boolean)
        Parameters:
        isImplicit - The security mode (Implicit/Explicit).

      • FTPSClient

        public FTPSClient​(java.lang.String protocol)
        Constructor for FTPSClient, using explict mode, calls FTPSClient(String, boolean).
        Parameters:
        protocol - the protocol to use

      • FTPSClient

        public FTPSClient​(java.lang.String protocol,
                  boolean isImplicit)
        Constructor for FTPSClient allowing specification of protocol and security mode. If isImplicit is true, the port is set to DEFAULT_FTPS_PORT i.e. 990. The default TrustManager is set from TrustManagerUtils.getValidateServerCertificateTrustManager()
        Parameters:
        protocol - the protocol
        isImplicit - The security mode(Implicit/Explicit).

      • FTPSClient

        public FTPSClient​(javax.net.ssl.SSLContext context)
        Constructor for FTPSClient, using DEFAULT_PROTOCOL - i.e. TLS and isImplicit false Calls FTPSClient(boolean, SSLContext)
        Parameters:
        context - A pre-configured SSL Context

    • Method Detail

      • setAuthValue

        public void setAuthValue​(java.lang.String auth)
        Set AUTH command use value. This processing is done before connected processing.
        Parameters:
        auth - AUTH command use value.

      • getAuthValue

        public java.lang.String getAuthValue()
        Return AUTH command use value.
        Returns:
        AUTH command use value.

      • _connectAction_

        protected void _connectAction_()
                        throws java.io.IOException
        Because there are so many connect() methods, the _connectAction_() method is provided as a means of performing some action immediately after establishing a connection, rather than reimplementing all of the connect() methods.
        Overrides:
        _connectAction_ in class FTPClient
        Throws:
        java.io.IOException - If it throw by _connectAction_.
        See Also:
        SocketClient._connectAction_()

      • execAUTH

        protected void execAUTH()
                 throws javax.net.ssl.SSLException,
                        java.io.IOException
        AUTH command.
        Throws:
        javax.net.ssl.SSLException - If it server reply code not equal "234" and "334".
        java.io.IOException - If an I/O error occurs while either sending the command.

      • initSslContext

        private void initSslContext()
                     throws java.io.IOException
        Performs a lazy init of the SSL context
        Throws:
        java.io.IOException

      • sslNegotiation

        protected void sslNegotiation()
                       throws java.io.IOException
        SSL/TLS negotiation. Acquires an SSL socket of a control connection and carries out handshake processing.
        Throws:
        java.io.IOException - If server negotiation fails

      • getKeyManager

        private javax.net.ssl.KeyManager getKeyManager()
        Get the KeyManager instance.
        Returns:
        The KeyManager instance

      • setKeyManager

        public void setKeyManager​(javax.net.ssl.KeyManager keyManager)
        Set a KeyManager to use
        Parameters:
        keyManager - The KeyManager implementation to set.
        See Also:
        KeyManagerUtils

      • setEnabledSessionCreation

        public void setEnabledSessionCreation​(boolean isCreation)
        Controls whether a new SSL session may be established by this socket.
        Parameters:
        isCreation - The established socket flag.

      • getEnableSessionCreation

        public boolean getEnableSessionCreation()
        Returns true if new SSL sessions may be established by this socket. When the underlying Socket instance is not SSL-enabled (i.e. an instance of SSLSocket with SSLSocketgetEnableSessionCreation()) enabled, this returns False.
        Returns:
        true - Indicates that sessions may be created; this is the default. false - indicates that an existing session must be resumed.

      • setNeedClientAuth

        public void setNeedClientAuth​(boolean isNeedClientAuth)
        Configures the socket to require client authentication.
        Parameters:
        isNeedClientAuth - The need client auth flag.

      • getNeedClientAuth

        public boolean getNeedClientAuth()
        Returns true if the socket will require client authentication. When the underlying Socket is not an SSLSocket instance, returns false.
        Returns:
        true - If the server mode socket should request that the client authenticate itself.

      • setWantClientAuth

        public void setWantClientAuth​(boolean isWantClientAuth)
        Configures the socket to request client authentication, but only if such a request is appropriate to the cipher suite negotiated.
        Parameters:
        isWantClientAuth - The want client auth flag.

      • getWantClientAuth

        public boolean getWantClientAuth()
        Returns true if the socket will request client authentication. When the underlying Socket is not an SSLSocket instance, returns false.
        Returns:
        true - If the server mode socket should request that the client authenticate itself.

      • setUseClientMode

        public void setUseClientMode​(boolean isClientMode)
        Configures the socket to use client (or server) mode in its first handshake.
        Parameters:
        isClientMode - The use client mode flag.

      • getUseClientMode

        public boolean getUseClientMode()
        Returns true if the socket is set to use client mode in its first handshake. When the underlying Socket is not an SSLSocket instance, returns false.
        Returns:
        true - If the socket should start its first handshake in "client" mode.

      • setEnabledCipherSuites

        public void setEnabledCipherSuites​(java.lang.String[] cipherSuites)
        Controls which particular cipher suites are enabled for use on this connection. Called before server negotiation.
        Parameters:
        cipherSuites - The cipher suites.

      • getEnabledCipherSuites

        public java.lang.String[] getEnabledCipherSuites()
        Returns the names of the cipher suites which could be enabled for use on this connection. When the underlying Socket is not an SSLSocket instance, returns null.
        Returns:
        An array of cipher suite names, or null

      • setEnabledProtocols

        public void setEnabledProtocols​(java.lang.String[] protocolVersions)
        Controls which particular protocol versions are enabled for use on this connection. I perform setting before a server negotiation.
        Parameters:
        protocolVersions - The protocol versions.

      • getEnabledProtocols

        public java.lang.String[] getEnabledProtocols()
        Returns the names of the protocol versions which are currently enabled for use on this connection. When the underlying Socket is not an SSLSocket instance, returns null.
        Returns:
        An array of protocols, or null

      • execPBSZ

        public void execPBSZ​(long pbsz)
              throws javax.net.ssl.SSLException,
                     java.io.IOException
        PBSZ command. pbsz value: 0 to (2^32)-1 decimal integer.
        Parameters:
        pbsz - Protection Buffer Size.
        Throws:
        javax.net.ssl.SSLException - If the server reply code does not equal "200".
        java.io.IOException - If an I/O error occurs while sending the command.
        See Also:
        parsePBSZ(long)

      • parsePBSZ

        public long parsePBSZ​(long pbsz)
               throws javax.net.ssl.SSLException,
                      java.io.IOException
        PBSZ command. pbsz value: 0 to (2^32)-1 decimal integer. Issues the command and parses the response to return the negotiated value.
        Parameters:
        pbsz - Protection Buffer Size.
        Returns:
        the negotiated value.
        Throws:
        javax.net.ssl.SSLException - If the server reply code does not equal "200".
        java.io.IOException - If an I/O error occurs while sending the command.
        Since:
        3.0
        See Also:
        execPBSZ(long)

      • checkPROTValue

        private boolean checkPROTValue​(java.lang.String prot)
        Check the value that can be set in PROT Command value.
        Parameters:
        prot - Data Channel Protection Level.
        Returns:
        True - A set point is right / False - A set point is not right

      • sendCommand

        public int sendCommand​(java.lang.String command,
                       java.lang.String args)
                throws java.io.IOException
        Send an FTP command. A successful CCC (Clear Command Channel) command causes the underlying SSLSocket instance to be assigned to a plain Socket
        Overrides:
        sendCommand in class FTP
        Parameters:
        command - The FTP command.
        args - The arguments to the FTP command. If this parameter is set to null, then the command is sent with no argument.
        Returns:
        server reply.
        Throws:
        java.io.IOException - If an I/O error occurs while sending the command.
        javax.net.ssl.SSLException - if a CCC command fails
        See Also:
        FTP.sendCommand(java.lang.String)

      • _openDataConnection_

        @Deprecated
protected java.net.Socket _openDataConnection_​(int command,
                                               java.lang.String arg)
                                        throws java.io.IOException
        Deprecated.
        (3.3) Use FTPClient._openDataConnection_(FTPCmd, String) instead
        Returns a socket of the data connection. Wrapped as an SSLSocket, which carries out handshake processing.
        Overrides:
        _openDataConnection_ in class FTPClient
        Parameters:
        command - The int representation of the FTP command to send.
        arg - The arguments to the FTP command. If this parameter is set to null, then the command is sent with no arguments.
        Returns:
        corresponding to the established data connection. Null is returned if an FTP protocol error is reported at any point during the establishment and initialization of the connection.
        Throws:
        java.io.IOException - If there is any problem with the connection.
        See Also:
        FTPClient._openDataConnection_(int, String)

      • _openDataConnection_

        protected java.net.Socket _openDataConnection_​(java.lang.String command,
                                               java.lang.String arg)
                                        throws java.io.IOException
        Returns a socket of the data connection. Wrapped as an SSLSocket, which carries out handshake processing.
        Overrides:
        _openDataConnection_ in class FTPClient
        Parameters:
        command - The textual representation of the FTP command to send.
        arg - The arguments to the FTP command. If this parameter is set to null, then the command is sent with no arguments.
        Returns:
        corresponding to the established data connection. Null is returned if an FTP protocol error is reported at any point during the establishment and initialization of the connection.
        Throws:
        java.io.IOException - If there is any problem with the connection.
        Since:
        3.2
        See Also:
        FTPClient._openDataConnection_(int, String)

      • _prepareDataSocket_

        protected void _prepareDataSocket_​(java.net.Socket socket)
                            throws java.io.IOException
        Performs any custom initialization for a newly created SSLSocket (before the SSL handshake happens). Called by _openDataConnection_(int, String) immediately after creating the socket. The default implementation is a no-op
        Parameters:
        socket - the socket to set up
        Throws:
        java.io.IOException - on error
        Since:
        3.1

      • getTrustManager

        public javax.net.ssl.TrustManager getTrustManager()
        Get the currently configured TrustManager.
        Returns:
        A TrustManager instance.

      • setTrustManager

        public void setTrustManager​(javax.net.ssl.TrustManager trustManager)
        Override the default TrustManager to use; if set to null, the default TrustManager from the JVM will be used.
        Parameters:
        trustManager - The TrustManager implementation to set, may be null
        See Also:
        TrustManagerUtils

      • getHostnameVerifier

        public javax.net.ssl.HostnameVerifier getHostnameVerifier()
        Get the currently configured HostnameVerifier. The verifier is only used on client mode connections.
        Returns:
        A HostnameVerifier instance.
        Since:
        3.4

      • setHostnameVerifier

        public void setHostnameVerifier​(javax.net.ssl.HostnameVerifier newHostnameVerifier)
        Override the default HostnameVerifier to use. The verifier is only used on client mode connections.
        Parameters:
        newHostnameVerifier - The HostnameVerifier implementation to set or null to disable.
        Since:
        3.4

      • isEndpointCheckingEnabled

        public boolean isEndpointCheckingEnabled()
        Return whether or not endpoint identification using the HTTPS algorithm on Java 1.7+ is enabled. The default behaviour is for this to be disabled. This check is only performed on client mode connections.
        Returns:
        True if enabled, false if not.
        Since:
        3.4

      • setEndpointCheckingEnabled

        public void setEndpointCheckingEnabled​(boolean enable)
        Automatic endpoint identification checking using the HTTPS algorithm is supported on Java 1.7+. The default behaviour is for this to be disabled. This check is only performed on client mode connections.
        Parameters:
        enable - Enable automatic endpoint identification checking using the HTTPS algorithm on Java 1.7+.
        Since:
        3.4

      • disconnect

        public void disconnect()
                throws java.io.IOException
        Closes the connection to the FTP server and restores connection parameters to the default values.

        Calls setSocketFactory(null) and setServerSocketFactory(null) to reset the factories that may have been changed during the session, e.g. by execPROT(String)

        Overrides:
        disconnect in class FTPClient
        Throws:
        java.io.IOException - If an error occurs while disconnecting.
        Since:
        3.0

      • execAUTH

        public int execAUTH​(java.lang.String mechanism)
             throws java.io.IOException
        Send the AUTH command with the specified mechanism.
        Parameters:
        mechanism - The mechanism name to send with the command.
        Returns:
        server reply.
        Throws:
        java.io.IOException - If an I/O error occurs while sending the command.
        Since:
        3.0

      • execADAT

        public int execADAT​(byte[] data)
             throws java.io.IOException
        Send the ADAT command with the specified authentication data.
        Parameters:
        data - The data to send with the command.
        Returns:
        server reply.
        Throws:
        java.io.IOException - If an I/O error occurs while sending the command.
        Since:
        3.0

      • execCCC

        public int execCCC()
            throws java.io.IOException
        Send the CCC command to the server. The CCC (Clear Command Channel) command causes the underlying SSLSocket instance to be assigned to a plain Socket instances
        Returns:
        server reply.
        Throws:
        java.io.IOException - If an I/O error occurs while sending the command.
        Since:
        3.0

      • execMIC

        public int execMIC​(byte[] data)
            throws java.io.IOException
        Send the MIC command with the specified data.
        Parameters:
        data - The data to send with the command.
        Returns:
        server reply.
        Throws:
        java.io.IOException - If an I/O error occurs while sending the command.
        Since:
        3.0

      • execCONF

        public int execCONF​(byte[] data)
             throws java.io.IOException
        Send the CONF command with the specified data.
        Parameters:
        data - The data to send with the command.
        Returns:
        server reply.
        Throws:
        java.io.IOException - If an I/O error occurs while sending the command.
        Since:
        3.0

      • execENC

        public int execENC​(byte[] data)
            throws java.io.IOException
        Send the ENC command with the specified data.
        Parameters:
        data - The data to send with the command.
        Returns:
        server reply.
        Throws:
        java.io.IOException - If an I/O error occurs while sending the command.
        Since:
        3.0

      • parseADATReply

        public byte[] parseADATReply​(java.lang.String reply)
        Parses the given ADAT response line and base64-decodes the data.
        Parameters:
        reply - The ADAT reply to parse.
        Returns:
        the data in the reply, base64-decoded.
        Since:
        3.0

      • extractPrefixedData

        private java.lang.String extractPrefixedData​(java.lang.String prefix,
                                             java.lang.String reply)
        Extract the data from a reply with a prefix, e.g. PBSZ=1234 => 1234
        Parameters:
        prefix - the prefix to find
        reply - where to find the prefix
        Returns:
        the remainder of the string after the prefix, or null if the prefix was not present.