org.apache.commons.net.ftp
Class FTPSClient

java.lang.Object
  extended by org.apache.commons.net.SocketClient
      extended by org.apache.commons.net.ftp.FTP
          extended by org.apache.commons.net.ftp.FTPClient
              extended by org.apache.commons.net.ftp.FTPSClient
All Implemented Interfaces:
Configurable

public class FTPSClient
extends FTPClient

FTP over SSL processing. If desired, the JVM property -Djavax.net.debug=all can be used to see wire-level SSL details.

Since:
2.0
Version:
$Id: FTPSClient.java 1407341 2012-11-09 01:31:00Z ggregory $

Field Summary
static int DEFAULT_FTPS_DATA_PORT
           
static int DEFAULT_FTPS_PORT
           
static String KEYSTORE_ALGORITHM
          Deprecated. - not used - may be removed in a future release
static String PROVIDER
          Deprecated. - not used - may be removed in a future release
static String STORE_TYPE
          Deprecated. - not used - may be removed in a future release
static String TRUSTSTORE_ALGORITHM
          Deprecated. - not used - may be removed in a future release
 
Fields inherited from class org.apache.commons.net.ftp.FTPClient
ACTIVE_LOCAL_DATA_CONNECTION_MODE, ACTIVE_REMOTE_DATA_CONNECTION_MODE, FTP_SYSTEM_TYPE, FTP_SYSTEM_TYPE_DEFAULT, PASSIVE_LOCAL_DATA_CONNECTION_MODE, PASSIVE_REMOTE_DATA_CONNECTION_MODE, SYSTEM_TYPE_PROPERTIES
 
Fields inherited from class org.apache.commons.net.ftp.FTP
_commandSupport_, _controlEncoding, _controlInput_, _controlOutput_, _newReplyString, _replyCode, _replyLines, _replyString, ASCII_FILE_TYPE, BINARY_FILE_TYPE, BLOCK_TRANSFER_MODE, CARRIAGE_CONTROL_TEXT_FORMAT, COMPRESSED_TRANSFER_MODE, DEFAULT_CONTROL_ENCODING, DEFAULT_DATA_PORT, DEFAULT_PORT, EBCDIC_FILE_TYPE, FILE_STRUCTURE, LOCAL_FILE_TYPE, NON_PRINT_TEXT_FORMAT, PAGE_STRUCTURE, RECORD_STRUCTURE, REPLY_CODE_LEN, STREAM_TRANSFER_MODE, strictMultilineParsing, TELNET_TEXT_FORMAT
 
Fields inherited from class org.apache.commons.net.SocketClient
_defaultPort_, _input_, _output_, _serverSocketFactory_, _socket_, _socketFactory_, _timeout_, connectTimeout, NETASCII_EOL
 
Constructor Summary
FTPSClient()
          Constructor for FTPSClient, calls FTPSClient(String, boolean).
FTPSClient(boolean isImplicit)
          Constructor for FTPSClient, using DEFAULT_PROTOCOL - i.e.
FTPSClient(boolean isImplicit, SSLContext context)
          Constructor for FTPSClient, using DEFAULT_PROTOCOL - i.e.
FTPSClient(SSLContext context)
          Constructor for FTPSClient, using DEFAULT_PROTOCOL - i.e.
FTPSClient(String protocol)
          Constructor for FTPSClient, using explict mode, calls FTPSClient(String, boolean).
FTPSClient(String protocol, boolean isImplicit)
          Constructor for FTPSClient allowing specification of protocol and security mode.
 
Method Summary
protected  void _connectAction_()
          Because there are so many connect() methods, the _connectAction_() method is provided as a means of performing some action immediately after establishing a connection, rather than reimplementing all of the connect() methods.
protected  Socket _openDataConnection_(int command, String arg)
          Returns a socket of the data connection.
protected  Socket _openDataConnection_(String command, String arg)
          Returns a socket of the data connection.
protected  void _prepareDataSocket_(Socket socket)
          Performs any custom initialization for a newly created SSLSocket (before the SSL handshake happens).
 void disconnect()
          Closes the connection to the FTP server and restores connection parameters to the default values.
 int execADAT(byte[] data)
          Send the ADAT command with the specified authentication data.
protected  void execAUTH()
          AUTH command.
 int execAUTH(String mechanism)
          Send the AUTH command with the specified mechanism.
 int execCCC()
          Send the CCC command to the server.
 int execCONF(byte[] data)
          Send the CONF command with the specified data.
 int execENC(byte[] data)
          Send the ENC command with the specified data.
 int execMIC(byte[] data)
          Send the MIC command with the specified data.
 void execPBSZ(long pbsz)
          PBSZ command.
 void execPROT(String prot)
          PROT command.
 String getAuthValue()
          Return AUTH command use value.
 String[] getEnabledCipherSuites()
          Returns the names of the cipher suites which could be enabled for use on this connection.
 String[] getEnabledProtocols()
          Returns the names of the protocol versions which are currently enabled for use on this connection.
 boolean getEnableSessionCreation()
          Returns true if new SSL sessions may be established by this socket.
 boolean getNeedClientAuth()
          Returns true if the socket will require client authentication.
 TrustManager getTrustManager()
          Get the currently configured TrustManager.
 boolean getUseClientMode()
          Returns true if the socket is set to use client mode in its first handshake.
 boolean getWantClientAuth()
          Returns true if the socket will request client authentication.
 byte[] parseADATReply(String reply)
          Parses the given ADAT response line and base64-decodes the data.
 long parsePBSZ(long pbsz)
          PBSZ command.
 int sendCommand(String command, String args)
          Send an FTP command.
 void setAuthValue(String auth)
          Set AUTH command use value.
 void setEnabledCipherSuites(String[] cipherSuites)
          Controls which particular cipher suites are enabled for use on this connection.
 void setEnabledProtocols(String[] protocolVersions)
          Controls which particular protocol versions are enabled for use on this connection.
 void setEnabledSessionCreation(boolean isCreation)
          Controls whether a new SSL session may be established by this socket.
 void setKeyManager(KeyManager keyManager)
          Set a KeyManager to use
 void setNeedClientAuth(boolean isNeedClientAuth)
          Configures the socket to require client authentication.
 void setTrustManager(TrustManager trustManager)
          Override the default TrustManager to use; if set to null, the default TrustManager from the JVM will be used.
 void setUseClientMode(boolean isClientMode)
          Configures the socket to use client (or server) mode in its first handshake.
 void setWantClientAuth(boolean isWantClientAuth)
          Configures the socket to request client authentication, but only if such a request is appropriate to the cipher suite negotiated.
protected  void sslNegotiation()
          SSL/TLS negotiation.
 
Methods inherited from class org.apache.commons.net.ftp.FTPClient
_parseExtendedPassiveModeReply, _parsePassiveModeReply, _retrieveFile, _retrieveFileStream, _storeFile, _storeFileStream, abort, allocate, allocate, appendFile, appendFileStream, changeToParentDirectory, changeWorkingDirectory, completePendingCommand, configure, deleteFile, doCommand, doCommandAsStrings, enterLocalActiveMode, enterLocalPassiveMode, enterRemoteActiveMode, enterRemotePassiveMode, features, featureValue, featureValues, getAutodetectUTF8, getBufferSize, getControlKeepAliveReplyTimeout, getControlKeepAliveTimeout, getCopyStreamListener, getDataConnectionMode, getListArguments, getListHiddenFiles, getModificationTime, getPassiveHost, getPassiveLocalIPAddress, getPassivePort, getRestartOffset, getStatus, getStatus, getSystemName, getSystemType, hasFeature, hasFeature, initiateListParsing, initiateListParsing, initiateListParsing, isRemoteVerificationEnabled, isUseEPSVwithIPv4, listDirectories, listDirectories, listFiles, listFiles, listFiles, listHelp, listHelp, listNames, listNames, login, login, logout, makeDirectory, mlistDir, mlistDir, mlistDir, mlistFile, printWorkingDirectory, remoteAppend, remoteRetrieve, remoteStore, remoteStoreUnique, remoteStoreUnique, removeDirectory, rename, restart, retrieveFile, retrieveFileStream, sendNoOp, sendSiteCommand, setActiveExternalIPAddress, setActivePortRange, setAutodetectUTF8, setBufferSize, setControlKeepAliveReplyTimeout, setControlKeepAliveTimeout, setCopyStreamListener, setDataTimeout, setFileStructure, setFileTransferMode, setFileType, setFileType, setListHiddenFiles, setModificationTime, setParserFactory, setPassiveLocalIPAddress, setPassiveLocalIPAddress, setRemoteVerificationEnabled, setReportActiveExternalIPAddress, setRestartOffset, setUseEPSVwithIPv4, storeFile, storeFileStream, storeUniqueFile, storeUniqueFile, storeUniqueFileStream, storeUniqueFileStream, structureMount
 
Methods inherited from class org.apache.commons.net.ftp.FTP
__getReplyNoReport, __noop, abor, acct, allo, allo, appe, cdup, cwd, dele, eprt, epsv, feat, getCommandSupport, getControlEncoding, getReply, getReplyCode, getReplyString, getReplyStrings, help, help, isStrictMultilineParsing, list, list, mdtm, mfmt, mkd, mlsd, mlsd, mlst, mlst, mode, nlst, nlst, noop, pass, pasv, port, pwd, quit, rein, rest, retr, rmd, rnfr, rnto, sendCommand, sendCommand, sendCommand, setControlEncoding, setStrictMultilineParsing, site, smnt, stat, stat, stor, stou, stou, stru, syst, type, type, user
 
Methods inherited from class org.apache.commons.net.SocketClient
addProtocolCommandListener, connect, connect, connect, connect, connect, connect, createCommandSupport, fireCommandSent, fireReplyReceived, getConnectTimeout, getDefaultPort, getDefaultTimeout, getKeepAlive, getLocalAddress, getLocalPort, getProxy, getReceiveBufferSize, getRemoteAddress, getRemotePort, getSendBufferSize, getServerSocketFactory, getSoLinger, getSoTimeout, getTcpNoDelay, isAvailable, isConnected, removeProtocolCommandListener, setConnectTimeout, setDefaultPort, setDefaultTimeout, setKeepAlive, setProxy, setReceiveBufferSize, setSendBufferSize, setServerSocketFactory, setSocketFactory, setSoLinger, setSoTimeout, setTcpNoDelay, verifyRemote
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

DEFAULT_FTPS_DATA_PORT

public static final int DEFAULT_FTPS_DATA_PORT
See Also:
Constant Field Values

DEFAULT_FTPS_PORT

public static final int DEFAULT_FTPS_PORT
See Also:
Constant Field Values

KEYSTORE_ALGORITHM

@Deprecated
public static String KEYSTORE_ALGORITHM
Deprecated. - not used - may be removed in a future release

TRUSTSTORE_ALGORITHM

@Deprecated
public static String TRUSTSTORE_ALGORITHM
Deprecated. - not used - may be removed in a future release

PROVIDER

@Deprecated
public static String PROVIDER
Deprecated. - not used - may be removed in a future release

STORE_TYPE

@Deprecated
public static String STORE_TYPE
Deprecated. - not used - may be removed in a future release
Constructor Detail

FTPSClient

public FTPSClient()
Constructor for FTPSClient, calls FTPSClient(String, boolean). Sets protocol to DEFAULT_PROTOCOL - i.e. TLS - and security mode to explicit (isImplicit = false)


FTPSClient

public FTPSClient(boolean isImplicit)
Constructor for FTPSClient, using DEFAULT_PROTOCOL - i.e. TLS Calls FTPSClient(String, boolean)

Parameters:
isImplicit - The security mode (Implicit/Explicit).

FTPSClient

public FTPSClient(String protocol)
Constructor for FTPSClient, using explict mode, calls FTPSClient(String, boolean).

Parameters:
protocol - the protocol to use

FTPSClient

public FTPSClient(String protocol,
                  boolean isImplicit)
Constructor for FTPSClient allowing specification of protocol and security mode. If isImplicit is true, the port is set to DEFAULT_FTPS_PORT i.e. 990. The default TrustManager is set from TrustManagerUtils.getValidateServerCertificateTrustManager()

Parameters:
protocol - the protocol
isImplicit - The security mode(Implicit/Explicit).

FTPSClient

public FTPSClient(boolean isImplicit,
                  SSLContext context)
Constructor for FTPSClient, using DEFAULT_PROTOCOL - i.e. TLS The default TrustManager is set from TrustManagerUtils.getValidateServerCertificateTrustManager()

Parameters:
isImplicit - The security mode(Implicit/Explicit).
context - A pre-configured SSL Context

FTPSClient

public FTPSClient(SSLContext context)
Constructor for FTPSClient, using DEFAULT_PROTOCOL - i.e. TLS and isImplicit false Calls FTPSClient(boolean, SSLContext)

Parameters:
context - A pre-configured SSL Context
Method Detail

setAuthValue

public void setAuthValue(String auth)
Set AUTH command use value. This processing is done before connected processing.

Parameters:
auth - AUTH command use value.

getAuthValue

public String getAuthValue()
Return AUTH command use value.

Returns:
AUTH command use value.

_connectAction_

protected void _connectAction_()
                        throws IOException
Because there are so many connect() methods, the _connectAction_() method is provided as a means of performing some action immediately after establishing a connection, rather than reimplementing all of the connect() methods.

Overrides:
_connectAction_ in class FTPClient
Throws:
IOException - If it throw by _connectAction_.
See Also:
SocketClient._connectAction_()

execAUTH

protected void execAUTH()
                 throws SSLException,
                        IOException
AUTH command.

Throws:
SSLException - If it server reply code not equal "234" and "334".
IOException - If an I/O error occurs while either sending the command.

sslNegotiation

protected void sslNegotiation()
                       throws IOException
SSL/TLS negotiation. Acquires an SSL socket of a control connection and carries out handshake processing.

Throws:
IOException - If server negotiation fails

setKeyManager

public void setKeyManager(KeyManager keyManager)
Set a KeyManager to use

Parameters:
keyManager - The KeyManager implementation to set.
See Also:
KeyManagerUtils

setEnabledSessionCreation

public void setEnabledSessionCreation(boolean isCreation)
Controls whether a new SSL session may be established by this socket.

Parameters:
isCreation - The established socket flag.

getEnableSessionCreation

public boolean getEnableSessionCreation()
Returns true if new SSL sessions may be established by this socket. When the underlying Socket instance is not SSL-enabled (i.e. an instance of SSLSocket with SSLSocketgetEnableSessionCreation()) enabled, this returns False.

Returns:
true - Indicates that sessions may be created; this is the default. false - indicates that an existing session must be resumed.

setNeedClientAuth

public void setNeedClientAuth(boolean isNeedClientAuth)
Configures the socket to require client authentication.

Parameters:
isNeedClientAuth - The need client auth flag.

getNeedClientAuth

public boolean getNeedClientAuth()
Returns true if the socket will require client authentication. When the underlying Socket is not an SSLSocket instance, returns false.

Returns:
true - If the server mode socket should request that the client authenticate itself.

setWantClientAuth

public void setWantClientAuth(boolean isWantClientAuth)
Configures the socket to request client authentication, but only if such a request is appropriate to the cipher suite negotiated.

Parameters:
isWantClientAuth - The want client auth flag.

getWantClientAuth

public boolean getWantClientAuth()
Returns true if the socket will request client authentication. When the underlying Socket is not an SSLSocket instance, returns false.

Returns:
true - If the server mode socket should request that the client authenticate itself.

setUseClientMode

public void setUseClientMode(boolean isClientMode)
Configures the socket to use client (or server) mode in its first handshake.

Parameters:
isClientMode - The use client mode flag.

getUseClientMode

public boolean getUseClientMode()
Returns true if the socket is set to use client mode in its first handshake. When the underlying Socket is not an SSLSocket instance, returns false.

Returns:
true - If the socket should start its first handshake in "client" mode.

setEnabledCipherSuites

public void setEnabledCipherSuites(String[] cipherSuites)
Controls which particular cipher suites are enabled for use on this connection. Called before server negotiation.

Parameters:
cipherSuites - The cipher suites.

getEnabledCipherSuites

public String[] getEnabledCipherSuites()
Returns the names of the cipher suites which could be enabled for use on this connection. When the underlying Socket is not an SSLSocket instance, returns null.

Returns:
An array of cipher suite names, or null

setEnabledProtocols

public void setEnabledProtocols(String[] protocolVersions)
Controls which particular protocol versions are enabled for use on this connection. I perform setting before a server negotiation.

Parameters:
protocolVersions - The protocol versions.

getEnabledProtocols

public String[] getEnabledProtocols()
Returns the names of the protocol versions which are currently enabled for use on this connection. When the underlying Socket is not an SSLSocket instance, returns null.

Returns:
An array of protocols, or null

execPBSZ

public void execPBSZ(long pbsz)
              throws SSLException,
                     IOException
PBSZ command. pbsz value: 0 to (2^32)-1 decimal integer.

Parameters:
pbsz - Protection Buffer Size.
Throws:
SSLException - If the server reply code does not equal "200".
IOException - If an I/O error occurs while sending the command.
See Also:
parsePBSZ(long)

parsePBSZ

public long parsePBSZ(long pbsz)
               throws SSLException,
                      IOException
PBSZ command. pbsz value: 0 to (2^32)-1 decimal integer. Issues the command and parses the response to return the negotiated value.

Parameters:
pbsz - Protection Buffer Size.
Returns:
the negotiated value.
Throws:
SSLException - If the server reply code does not equal "200".
IOException - If an I/O error occurs while sending the command.
Since:
3.0
See Also:
execPBSZ(long)

execPROT

public void execPROT(String prot)
              throws SSLException,
                     IOException
PROT command. N.B. the method calls SocketClient.setSocketFactory(javax.net.SocketFactory) and SocketClient.setServerSocketFactory(javax.net.ServerSocketFactory)

Parameters:
prot - Data Channel Protection Level, if null, use DEFAULT_PROT.
Throws:
SSLException - If the server reply code does not equal 200.
IOException - If an I/O error occurs while sending the command.

sendCommand

public int sendCommand(String command,
                       String args)
                throws IOException
Send an FTP command. A successful CCC (Clear Command Channel) command causes the underlying SSLSocket instance to be assigned to a plain Socket

Overrides:
sendCommand in class FTP
Parameters:
command - The FTP command.
args - The arguments to the FTP command. If this parameter is set to null, then the command is sent with no argument.
Returns:
server reply.
Throws:
IOException - If an I/O error occurs while sending the command.
SSLException - if a CCC command fails
See Also:
FTP.sendCommand(java.lang.String)

_openDataConnection_

protected Socket _openDataConnection_(int command,
                                      String arg)
                               throws IOException
Returns a socket of the data connection. Wrapped as an SSLSocket, which carries out handshake processing.

Overrides:
_openDataConnection_ in class FTPClient
Parameters:
command - The int representation of the FTP command to send.
arg - The arguments to the FTP command. If this parameter is set to null, then the command is sent with no arguments.
Returns:
corresponding to the established data connection. Null is returned if an FTP protocol error is reported at any point during the establishment and initialization of the connection.
Throws:
IOException - If there is any problem with the connection.
See Also:
FTPClient._openDataConnection_(int, String)

_openDataConnection_

protected Socket _openDataConnection_(String command,
                                      String arg)
                               throws IOException
Returns a socket of the data connection. Wrapped as an SSLSocket, which carries out handshake processing.

Overrides:
_openDataConnection_ in class FTPClient
Parameters:
command - The textual representation of the FTP command to send.
arg - The arguments to the FTP command. If this parameter is set to null, then the command is sent with no arguments.
Returns:
corresponding to the established data connection. Null is returned if an FTP protocol error is reported at any point during the establishment and initialization of the connection.
Throws:
IOException - If there is any problem with the connection.
Since:
3.2
See Also:
FTPClient._openDataConnection_(int, String)

_prepareDataSocket_

protected void _prepareDataSocket_(Socket socket)
                            throws IOException
Performs any custom initialization for a newly created SSLSocket (before the SSL handshake happens). Called by _openDataConnection_(int, String) immediately after creating the socket. The default implementation is a no-op

Throws:
IOException
Since:
3.1

getTrustManager

public TrustManager getTrustManager()
Get the currently configured TrustManager.

Returns:
A TrustManager instance.

setTrustManager

public void setTrustManager(TrustManager trustManager)
Override the default TrustManager to use; if set to null, the default TrustManager from the JVM will be used.

Parameters:
trustManager - The TrustManager implementation to set, may be null
See Also:
TrustManagerUtils

disconnect

public void disconnect()
                throws IOException
Closes the connection to the FTP server and restores connection parameters to the default values.

Calls setSocketFactory(null) and setServerSocketFactory(null) to reset the factories that may have been changed during the session, e.g. by execPROT(String)

Overrides:
disconnect in class FTPClient
Throws:
IOException - If an error occurs while disconnecting.
Since:
3.0

execAUTH

public int execAUTH(String mechanism)
             throws IOException
Send the AUTH command with the specified mechanism.

Parameters:
mechanism - The mechanism name to send with the command.
Returns:
server reply.
Throws:
IOException - If an I/O error occurs while sending the command.
Since:
3.0

execADAT

public int execADAT(byte[] data)
             throws IOException
Send the ADAT command with the specified authentication data.

Parameters:
data - The data to send with the command.
Returns:
server reply.
Throws:
IOException - If an I/O error occurs while sending the command.
Since:
3.0

execCCC

public int execCCC()
            throws IOException
Send the CCC command to the server. The CCC (Clear Command Channel) command causes the underlying SSLSocket instance to be assigned to a plain Socket instances

Returns:
server reply.
Throws:
IOException - If an I/O error occurs while sending the command.
Since:
3.0

execMIC

public int execMIC(byte[] data)
            throws IOException
Send the MIC command with the specified data.

Parameters:
data - The data to send with the command.
Returns:
server reply.
Throws:
IOException - If an I/O error occurs while sending the command.
Since:
3.0

execCONF

public int execCONF(byte[] data)
             throws IOException
Send the CONF command with the specified data.

Parameters:
data - The data to send with the command.
Returns:
server reply.
Throws:
IOException - If an I/O error occurs while sending the command.
Since:
3.0

execENC

public int execENC(byte[] data)
            throws IOException
Send the ENC command with the specified data.

Parameters:
data - The data to send with the command.
Returns:
server reply.
Throws:
IOException - If an I/O error occurs while sending the command.
Since:
3.0

parseADATReply

public byte[] parseADATReply(String reply)
Parses the given ADAT response line and base64-decodes the data.

Parameters:
reply - The ADAT reply to parse.
Returns:
the data in the reply, base64-decoded.
Since:
3.0


Copyright © 2001-2012 The Apache Software Foundation. All Rights Reserved.