org.apache.commons.net.ftp
Class FTPSClient

java.lang.Object
  org.apache.commons.net.SocketClient
      org.apache.commons.net.ftp.FTP
          org.apache.commons.net.ftp.FTPClient
              org.apache.commons.net.ftp.FTPSClient

All Implemented Interfaces:

Configurable

public class FTPSClient
extends FTPClient

FTP over SSL processing. If desired, the JVM property -Djavax.net.debug=all can be used to see wire-level SSL details.

Since:

2.0

Version:

$Id: FTPSClient.java 1407341 2012-11-09 01:31:00Z ggregory $

Field Summary

static int	DEFAULT_FTPS_DATA_PORT
static int	DEFAULT_FTPS_PORT
static String	KEYSTORE_ALGORITHM Deprecated. - not used - may be removed in a future release
static String	PROVIDER Deprecated. - not used - may be removed in a future release
static String	STORE_TYPE Deprecated. - not used - may be removed in a future release
static String	TRUSTSTORE_ALGORITHM Deprecated. - not used - may be removed in a future release

Fields inherited from class org.apache.commons.net.ftp.FTPClient

ACTIVE_LOCAL_DATA_CONNECTION_MODE, ACTIVE_REMOTE_DATA_CONNECTION_MODE, FTP_SYSTEM_TYPE, FTP_SYSTEM_TYPE_DEFAULT, PASSIVE_LOCAL_DATA_CONNECTION_MODE, PASSIVE_REMOTE_DATA_CONNECTION_MODE, SYSTEM_TYPE_PROPERTIES

Fields inherited from class org.apache.commons.net.ftp.FTP

_commandSupport_, _controlEncoding, _controlInput_, _controlOutput_, _newReplyString, _replyCode, _replyLines, _replyString, ASCII_FILE_TYPE, BINARY_FILE_TYPE, BLOCK_TRANSFER_MODE, CARRIAGE_CONTROL_TEXT_FORMAT, COMPRESSED_TRANSFER_MODE, DEFAULT_CONTROL_ENCODING, DEFAULT_DATA_PORT, DEFAULT_PORT, EBCDIC_FILE_TYPE, FILE_STRUCTURE, LOCAL_FILE_TYPE, NON_PRINT_TEXT_FORMAT, PAGE_STRUCTURE, RECORD_STRUCTURE, REPLY_CODE_LEN, STREAM_TRANSFER_MODE, strictMultilineParsing, TELNET_TEXT_FORMAT

Fields inherited from class org.apache.commons.net.SocketClient

_defaultPort_, _input_, _output_, _serverSocketFactory_, _socket_, _socketFactory_, _timeout_, connectTimeout, NETASCII_EOL

Constructor Summary

FTPSClient()
Constructor for FTPSClient, calls FTPSClient(String, boolean).

FTPSClient(boolean isImplicit)
Constructor for FTPSClient, using DEFAULT_PROTOCOL - i.e.

FTPSClient(boolean isImplicit, SSLContext context)
Constructor for FTPSClient, using DEFAULT_PROTOCOL - i.e.

FTPSClient(SSLContext context)
Constructor for FTPSClient, using DEFAULT_PROTOCOL - i.e.

FTPSClient(String protocol)
Constructor for FTPSClient, using explict mode, calls FTPSClient(String, boolean).

FTPSClient(String protocol, boolean isImplicit)
Constructor for FTPSClient allowing specification of protocol and security mode.

Method Summary

protected void	_connectAction_() Because there are so many connect() methods, the _connectAction_() method is provided as a means of performing some action immediately after establishing a connection, rather than reimplementing all of the connect() methods.
protected Socket	_openDataConnection_(int command, String arg) Returns a socket of the data connection.
protected Socket	_openDataConnection_(String command, String arg) Returns a socket of the data connection.
protected void	_prepareDataSocket_(Socket socket) Performs any custom initialization for a newly created SSLSocket (before the SSL handshake happens).
void	disconnect() Closes the connection to the FTP server and restores connection parameters to the default values.
int	execADAT(byte[] data) Send the ADAT command with the specified authentication data.
protected void	execAUTH() AUTH command.
int	execAUTH(String mechanism) Send the AUTH command with the specified mechanism.
int	execCCC() Send the CCC command to the server.
int	execCONF(byte[] data) Send the CONF command with the specified data.
int	execENC(byte[] data) Send the ENC command with the specified data.
int	execMIC(byte[] data) Send the MIC command with the specified data.
void	execPBSZ(long pbsz) PBSZ command.
void	execPROT(String prot) PROT command.
String	getAuthValue() Return AUTH command use value.
String[]	getEnabledCipherSuites() Returns the names of the cipher suites which could be enabled for use on this connection.
String[]	getEnabledProtocols() Returns the names of the protocol versions which are currently enabled for use on this connection.
boolean	getEnableSessionCreation() Returns true if new SSL sessions may be established by this socket.
boolean	getNeedClientAuth() Returns true if the socket will require client authentication.
TrustManager	getTrustManager() Get the currently configured TrustManager.
boolean	getUseClientMode() Returns true if the socket is set to use client mode in its first handshake.
boolean	getWantClientAuth() Returns true if the socket will request client authentication.
byte[]	parseADATReply(String reply) Parses the given ADAT response line and base64-decodes the data.
long	parsePBSZ(long pbsz) PBSZ command.
int	sendCommand(String command, String args) Send an FTP command.
void	setAuthValue(String auth) Set AUTH command use value.
void	setEnabledCipherSuites(String[] cipherSuites) Controls which particular cipher suites are enabled for use on this connection.
void	setEnabledProtocols(String[] protocolVersions) Controls which particular protocol versions are enabled for use on this connection.
void	setEnabledSessionCreation(boolean isCreation) Controls whether a new SSL session may be established by this socket.
void	setKeyManager(KeyManager keyManager) Set a KeyManager to use
void	setNeedClientAuth(boolean isNeedClientAuth) Configures the socket to require client authentication.
void	setTrustManager(TrustManager trustManager) Override the default TrustManager to use; if set to null, the default TrustManager from the JVM will be used.
void	setUseClientMode(boolean isClientMode) Configures the socket to use client (or server) mode in its first handshake.
void	setWantClientAuth(boolean isWantClientAuth) Configures the socket to request client authentication, but only if such a request is appropriate to the cipher suite negotiated.
protected void	sslNegotiation() SSL/TLS negotiation.

Methods inherited from class org.apache.commons.net.ftp.FTPClient

_parseExtendedPassiveModeReply, _parsePassiveModeReply, _retrieveFile, _retrieveFileStream, _storeFile, _storeFileStream, abort, allocate, allocate, appendFile, appendFileStream, changeToParentDirectory, changeWorkingDirectory, completePendingCommand, configure, deleteFile, doCommand, doCommandAsStrings, enterLocalActiveMode, enterLocalPassiveMode, enterRemoteActiveMode, enterRemotePassiveMode, features, featureValue, featureValues, getAutodetectUTF8, getBufferSize, getControlKeepAliveReplyTimeout, getControlKeepAliveTimeout, getCopyStreamListener, getDataConnectionMode, getListArguments, getListHiddenFiles, getModificationTime, getPassiveHost, getPassiveLocalIPAddress, getPassivePort, getRestartOffset, getStatus, getStatus, getSystemName, getSystemType, hasFeature, hasFeature, initiateListParsing, initiateListParsing, initiateListParsing, isRemoteVerificationEnabled, isUseEPSVwithIPv4, listDirectories, listDirectories, listFiles, listFiles, listFiles, listHelp, listHelp, listNames, listNames, login, login, logout, makeDirectory, mlistDir, mlistDir, mlistDir, mlistFile, printWorkingDirectory, remoteAppend, remoteRetrieve, remoteStore, remoteStoreUnique, remoteStoreUnique, removeDirectory, rename, restart, retrieveFile, retrieveFileStream, sendNoOp, sendSiteCommand, setActiveExternalIPAddress, setActivePortRange, setAutodetectUTF8, setBufferSize, setControlKeepAliveReplyTimeout, setControlKeepAliveTimeout, setCopyStreamListener, setDataTimeout, setFileStructure, setFileTransferMode, setFileType, setFileType, setListHiddenFiles, setModificationTime, setParserFactory, setPassiveLocalIPAddress, setPassiveLocalIPAddress, setRemoteVerificationEnabled, setReportActiveExternalIPAddress, setRestartOffset, setUseEPSVwithIPv4, storeFile, storeFileStream, storeUniqueFile, storeUniqueFile, storeUniqueFileStream, storeUniqueFileStream, structureMount

Methods inherited from class org.apache.commons.net.ftp.FTP

__getReplyNoReport, __noop, abor, acct, allo, allo, appe, cdup, cwd, dele, eprt, epsv, feat, getCommandSupport, getControlEncoding, getReply, getReplyCode, getReplyString, getReplyStrings, help, help, isStrictMultilineParsing, list, list, mdtm, mfmt, mkd, mlsd, mlsd, mlst, mlst, mode, nlst, nlst, noop, pass, pasv, port, pwd, quit, rein, rest, retr, rmd, rnfr, rnto, sendCommand, sendCommand, sendCommand, setControlEncoding, setStrictMultilineParsing, site, smnt, stat, stat, stor, stou, stou, stru, syst, type, type, user

Methods inherited from class org.apache.commons.net.SocketClient

addProtocolCommandListener, connect, connect, connect, connect, connect, connect, createCommandSupport, fireCommandSent, fireReplyReceived, getConnectTimeout, getDefaultPort, getDefaultTimeout, getKeepAlive, getLocalAddress, getLocalPort, getProxy, getReceiveBufferSize, getRemoteAddress, getRemotePort, getSendBufferSize, getServerSocketFactory, getSoLinger, getSoTimeout, getTcpNoDelay, isAvailable, isConnected, removeProtocolCommandListener, setConnectTimeout, setDefaultPort, setDefaultTimeout, setKeepAlive, setProxy, setReceiveBufferSize, setSendBufferSize, setServerSocketFactory, setSocketFactory, setSoLinger, setSoTimeout, setTcpNoDelay, verifyRemote

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_FTPS_DATA_PORT

public static final int DEFAULT_FTPS_DATA_PORT

See Also:

Constant Field Values

DEFAULT_FTPS_PORT

public static final int DEFAULT_FTPS_PORT

See Also:

Constant Field Values

KEYSTORE_ALGORITHM

@Deprecated
public static String KEYSTORE_ALGORITHM

Deprecated. - not used - may be removed in a future release

TRUSTSTORE_ALGORITHM

@Deprecated
public static String TRUSTSTORE_ALGORITHM

Deprecated. - not used - may be removed in a future release

PROVIDER

@Deprecated
public static String PROVIDER

Deprecated. - not used - may be removed in a future release

STORE_TYPE

@Deprecated
public static String STORE_TYPE

Deprecated. - not used - may be removed in a future release

Constructor Detail

FTPSClient

public FTPSClient()

Constructor for FTPSClient, calls FTPSClient(String, boolean). Sets protocol to DEFAULT_PROTOCOL - i.e. TLS - and security mode to explicit (isImplicit = false)

FTPSClient

public FTPSClient(boolean isImplicit)

Constructor for FTPSClient, using DEFAULT_PROTOCOL - i.e. TLS Calls FTPSClient(String, boolean)

Parameters:

isImplicit - The security mode (Implicit/Explicit).

FTPSClient

public FTPSClient(String protocol)

Constructor for FTPSClient, using explict mode, calls FTPSClient(String, boolean).

Parameters:

protocol - the protocol to use

FTPSClient

public FTPSClient(String protocol,
                  boolean isImplicit)

Constructor for FTPSClient allowing specification of protocol and security mode. If isImplicit is true, the port is set to DEFAULT_FTPS_PORT i.e. 990. The default TrustManager is set from TrustManagerUtils.getValidateServerCertificateTrustManager()

Parameters:

protocol - the protocol

isImplicit - The security mode(Implicit/Explicit).

FTPSClient

public FTPSClient(boolean isImplicit,
                  SSLContext context)

Constructor for FTPSClient, using DEFAULT_PROTOCOL - i.e. TLS The default TrustManager is set from TrustManagerUtils.getValidateServerCertificateTrustManager()

Parameters:

isImplicit - The security mode(Implicit/Explicit).

context - A pre-configured SSL Context

FTPSClient

public FTPSClient(SSLContext context)

Constructor for FTPSClient, using DEFAULT_PROTOCOL - i.e. TLS and isImplicit false Calls FTPSClient(boolean, SSLContext)

Parameters:

context - A pre-configured SSL Context

Method Detail

setAuthValue

public void setAuthValue(String auth)

Set AUTH command use value. This processing is done before connected processing.

Parameters:

auth - AUTH command use value.

getAuthValue

public String getAuthValue()

Return AUTH command use value.

Returns:

AUTH command use value.

_connectAction_

protected void _connectAction_()
                        throws IOException

Because there are so many connect() methods, the _connectAction_() method is provided as a means of performing some action immediately after establishing a connection, rather than reimplementing all of the connect() methods.

Overrides:

_connectAction_ in class FTPClient

Throws:

IOException - If it throw by _connectAction_.

See Also:

SocketClient._connectAction_()

execAUTH

protected void execAUTH()
                 throws SSLException,
                        IOException

AUTH command.

Throws:

SSLException - If it server reply code not equal "234" and "334".

IOException - If an I/O error occurs while either sending the command.

sslNegotiation

protected void sslNegotiation()
                       throws IOException

SSL/TLS negotiation. Acquires an SSL socket of a control connection and carries out handshake processing.

Throws:

IOException - If server negotiation fails

setKeyManager

public void setKeyManager(KeyManager keyManager)

Set a KeyManager to use

Parameters:

keyManager - The KeyManager implementation to set.

See Also:

KeyManagerUtils

setEnabledSessionCreation

public void setEnabledSessionCreation(boolean isCreation)

Controls whether a new SSL session may be established by this socket.

Parameters:

isCreation - The established socket flag.

getEnableSessionCreation

public boolean getEnableSessionCreation()

Returns true if new SSL sessions may be established by this socket. When the underlying Socket instance is not SSL-enabled (i.e. an instance of SSLSocket with SSLSocketgetEnableSessionCreation()) enabled, this returns False.

Returns:

true - Indicates that sessions may be created; this is the default. false - indicates that an existing session must be resumed.

setNeedClientAuth

public void setNeedClientAuth(boolean isNeedClientAuth)

Configures the socket to require client authentication.

Parameters:

isNeedClientAuth - The need client auth flag.

getNeedClientAuth

public boolean getNeedClientAuth()

Returns true if the socket will require client authentication. When the underlying Socket is not an SSLSocket instance, returns false.

Returns:

true - If the server mode socket should request that the client authenticate itself.

setWantClientAuth

public void setWantClientAuth(boolean isWantClientAuth)

Configures the socket to request client authentication, but only if such a request is appropriate to the cipher suite negotiated.

Parameters:

isWantClientAuth - The want client auth flag.

getWantClientAuth

public boolean getWantClientAuth()

Returns true if the socket will request client authentication. When the underlying Socket is not an SSLSocket instance, returns false.

Returns:

true - If the server mode socket should request that the client authenticate itself.

setUseClientMode

public void setUseClientMode(boolean isClientMode)

Configures the socket to use client (or server) mode in its first handshake.

Parameters:

isClientMode - The use client mode flag.

getUseClientMode

public boolean getUseClientMode()

Returns true if the socket is set to use client mode in its first handshake. When the underlying Socket is not an SSLSocket instance, returns false.

Returns:

true - If the socket should start its first handshake in "client" mode.

setEnabledCipherSuites

public void setEnabledCipherSuites(String[] cipherSuites)

Controls which particular cipher suites are enabled for use on this connection. Called before server negotiation.

Parameters:

cipherSuites - The cipher suites.

getEnabledCipherSuites

public String[] getEnabledCipherSuites()

Returns the names of the cipher suites which could be enabled for use on this connection. When the underlying Socket is not an SSLSocket instance, returns null.

Returns:

An array of cipher suite names, or null

setEnabledProtocols

public void setEnabledProtocols(String[] protocolVersions)

Controls which particular protocol versions are enabled for use on this connection. I perform setting before a server negotiation.

Parameters:

protocolVersions - The protocol versions.

getEnabledProtocols

public String[] getEnabledProtocols()

Returns the names of the protocol versions which are currently enabled for use on this connection. When the underlying Socket is not an SSLSocket instance, returns null.

Returns:

An array of protocols, or null

execPBSZ

public void execPBSZ(long pbsz)
              throws SSLException,
                     IOException

PBSZ command. pbsz value: 0 to (2^32)-1 decimal integer.

Parameters:

pbsz - Protection Buffer Size.

Throws:

SSLException - If the server reply code does not equal "200".

IOException - If an I/O error occurs while sending the command.

See Also:

parsePBSZ(long)

parsePBSZ

public long parsePBSZ(long pbsz)
               throws SSLException,
                      IOException

PBSZ command. pbsz value: 0 to (2^32)-1 decimal integer. Issues the command and parses the response to return the negotiated value.

Parameters:

pbsz - Protection Buffer Size.

Returns:

the negotiated value.

Throws:

SSLException - If the server reply code does not equal "200".

IOException - If an I/O error occurs while sending the command.

Since:

3.0

See Also:

execPBSZ(long)

execPROT

public void execPROT(String prot)
              throws SSLException,
                     IOException

PROT command.

• C - Clear
• S - Safe(SSL protocol only)
• E - Confidential(SSL protocol only)
• P - Private

N.B. the method calls SocketClient.setSocketFactory(javax.net.SocketFactory) and SocketClient.setServerSocketFactory(javax.net.ServerSocketFactory)

Parameters:

prot - Data Channel Protection Level, if null, use DEFAULT_PROT.

Throws:

SSLException - If the server reply code does not equal 200.

IOException - If an I/O error occurs while sending the command.

sendCommand

public int sendCommand(String command,
                       String args)
                throws IOException

Send an FTP command. A successful CCC (Clear Command Channel) command causes the underlying SSLSocket instance to be assigned to a plain Socket

Overrides:

sendCommand in class FTP

Parameters:

command - The FTP command.

args - The arguments to the FTP command. If this parameter is set to null, then the command is sent with no argument.

Returns:

server reply.

Throws:

IOException - If an I/O error occurs while sending the command.

SSLException - if a CCC command fails

See Also:

FTP.sendCommand(java.lang.String)

_openDataConnection_

protected Socket _openDataConnection_(int command,
                                      String arg)
                               throws IOException

Returns a socket of the data connection. Wrapped as an SSLSocket, which carries out handshake processing.

Overrides:

_openDataConnection_ in class FTPClient

Parameters:

command - The int representation of the FTP command to send.

arg - The arguments to the FTP command. If this parameter is set to null, then the command is sent with no arguments.

Returns:

corresponding to the established data connection. Null is returned if an FTP protocol error is reported at any point during the establishment and initialization of the connection.

Throws:

IOException - If there is any problem with the connection.

See Also:

FTPClient._openDataConnection_(int, String)

_openDataConnection_

protected Socket _openDataConnection_(String command,
                                      String arg)
                               throws IOException

Returns a socket of the data connection. Wrapped as an SSLSocket, which carries out handshake processing.

Overrides:

_openDataConnection_ in class FTPClient

Parameters:

command - The textual representation of the FTP command to send.

arg - The arguments to the FTP command. If this parameter is set to null, then the command is sent with no arguments.

Returns:

corresponding to the established data connection. Null is returned if an FTP protocol error is reported at any point during the establishment and initialization of the connection.

Throws:

IOException - If there is any problem with the connection.

Since:

3.2

See Also:

FTPClient._openDataConnection_(int, String)

_prepareDataSocket_

protected void _prepareDataSocket_(Socket socket)
                            throws IOException

Performs any custom initialization for a newly created SSLSocket (before the SSL handshake happens). Called by _openDataConnection_(int, String) immediately after creating the socket. The default implementation is a no-op

Throws:

IOException

Since:

3.1

getTrustManager

public TrustManager getTrustManager()

Get the currently configured TrustManager.

Returns:

A TrustManager instance.

setTrustManager

public void setTrustManager(TrustManager trustManager)

Override the default TrustManager to use; if set to null, the default TrustManager from the JVM will be used.

Parameters:

trustManager - The TrustManager implementation to set, may be null

See Also:

TrustManagerUtils

disconnect

public void disconnect()
                throws IOException

Closes the connection to the FTP server and restores connection parameters to the default values.

Calls setSocketFactory(null) and setServerSocketFactory(null) to reset the factories that may have been changed during the session, e.g. by execPROT(String)

Overrides:

disconnect in class FTPClient

Throws:

IOException - If an error occurs while disconnecting.

Since:

3.0

execAUTH

public int execAUTH(String mechanism)
             throws IOException

Send the AUTH command with the specified mechanism.

Parameters:

mechanism - The mechanism name to send with the command.

Returns:

server reply.

Throws:

IOException - If an I/O error occurs while sending the command.

Since:

3.0

execADAT

public int execADAT(byte[] data)
             throws IOException

Send the ADAT command with the specified authentication data.

Parameters:

data - The data to send with the command.

Returns:

server reply.

Throws:

IOException - If an I/O error occurs while sending the command.

Since:

3.0

execCCC

public int execCCC()
            throws IOException

Send the CCC command to the server. The CCC (Clear Command Channel) command causes the underlying SSLSocket instance to be assigned to a plain Socket instances

Returns:

server reply.

Throws:

IOException - If an I/O error occurs while sending the command.

Since:

3.0

execMIC

public int execMIC(byte[] data)
            throws IOException

Send the MIC command with the specified data.

Parameters:

data - The data to send with the command.

Returns:

server reply.

Throws:

IOException - If an I/O error occurs while sending the command.

Since:

3.0

execCONF

public int execCONF(byte[] data)
             throws IOException

Send the CONF command with the specified data.

Parameters:

data - The data to send with the command.

Returns:

server reply.

Throws:

IOException - If an I/O error occurs while sending the command.

Since:

3.0

execENC

public int execENC(byte[] data)
            throws IOException

Send the ENC command with the specified data.

Parameters:

data - The data to send with the command.

Returns:

server reply.

Throws:

IOException - If an I/O error occurs while sending the command.

Since:

3.0

parseADATReply

public byte[] parseADATReply(String reply)

Parses the given ADAT response line and base64-decodes the data.

Parameters:

reply - The ADAT reply to parse.

Returns:

the data in the reply, base64-decoded.

Since:

3.0