Correctly set the data connection as protected when using AUTH SSL Fixes FTPSERVER-431
Also adds support for the TLS-C and TLS-P auth types git-svn-id: https://svn.apache.org/repos/asf/mina/ftpserver/trunk@1332855 13f79535-47bb-0310-9956-ffa450edef68 Project: http://git-wip-us.apache.org/repos/asf/mina-ftpserver/repo Commit: http://git-wip-us.apache.org/repos/asf/mina-ftpserver/commit/7defa046 Tree: http://git-wip-us.apache.org/repos/asf/mina-ftpserver/tree/7defa046 Diff: http://git-wip-us.apache.org/repos/asf/mina-ftpserver/diff/7defa046 Branch: refs/heads/trunk Commit: 7defa046ecab70f76568232c9f9504e26a101a74 Parents: ba0962b Author: Niklas Gustavsson <[email protected]> Authored: Tue May 1 21:52:58 2012 +0000 Committer: Niklas Gustavsson <[email protected]> Committed: Tue May 1 21:52:58 2012 +0000 ---------------------------------------------------------------------- .../java/org/apache/ftpserver/command/impl/AUTH.java | 11 ++++++++++- .../ftpserver/ssl/ExplicitSecurityTestTemplate.java | 7 +++++++ .../ftpserver/ssl/MinaImplicitDataChannelTest.java | 4 ++++ 3 files changed, 21 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mina-ftpserver/blob/7defa046/core/src/main/java/org/apache/ftpserver/command/impl/AUTH.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/ftpserver/command/impl/AUTH.java b/core/src/main/java/org/apache/ftpserver/command/impl/AUTH.java index 06e030c..070ef48 100644 --- a/core/src/main/java/org/apache/ftpserver/command/impl/AUTH.java +++ b/core/src/main/java/org/apache/ftpserver/command/impl/AUTH.java @@ -50,7 +50,7 @@ public class AUTH extends AbstractCommand { private final Logger LOG = LoggerFactory.getLogger(AUTH.class); - private static final List<String> VALID_AUTH_TYPES = Arrays.asList("SSL", "TLS"); + private static final List<String> VALID_AUTH_TYPES = Arrays.asList("SSL", "TLS", "TLS-C", "TLS-P"); /** * Execute command @@ -100,6 +100,12 @@ public class AUTH extends AbstractCommand { // check parameter String authType = request.getArgument().toUpperCase(); if (VALID_AUTH_TYPES.contains(authType)) { + if(authType.equals("TLS-C")) { + authType = "TLS"; + } else if(authType.equals("TLS-P")) { + authType = "SSL"; + } + try { secureSession(session, authType); session.write(LocalizedFtpReply.translate(session, request, context, @@ -141,6 +147,9 @@ public class AUTH extends AbstractCommand { session.getFilterChain().addFirst(SSL_SESSION_FILTER_NAME, sslFilter); + if("SSL".equals(type)) { + session.getDataConnection().setSecure(true); + } } else { throw new FtpException("Socket factory SSL not configured"); } http://git-wip-us.apache.org/repos/asf/mina-ftpserver/blob/7defa046/core/src/test/java/org/apache/ftpserver/ssl/ExplicitSecurityTestTemplate.java ---------------------------------------------------------------------- diff --git a/core/src/test/java/org/apache/ftpserver/ssl/ExplicitSecurityTestTemplate.java b/core/src/test/java/org/apache/ftpserver/ssl/ExplicitSecurityTestTemplate.java index a8bd82d..69b0df0 100644 --- a/core/src/test/java/org/apache/ftpserver/ssl/ExplicitSecurityTestTemplate.java +++ b/core/src/test/java/org/apache/ftpserver/ssl/ExplicitSecurityTestTemplate.java @@ -47,12 +47,19 @@ public abstract class ExplicitSecurityTestTemplate extends SSLTestTemplate { client.login(ADMIN_USERNAME, ADMIN_PASSWORD); } + protected boolean expectDataConnectionSecure() { + return getAuthValue().equals("SSL") && !useImplicit(); + } + /** * Tests that we can send command over the command channel. This is, in fact * already tested by login in setup but an explicit test is good anyways. */ public void testCommandChannel() throws Exception { assertTrue(getActiveSession().isSecure()); + + assertEquals(expectDataConnectionSecure(), getActiveSession().getDataConnection().isSecure()); + assertTrue(FTPReply.isPositiveCompletion(client.noop())); } http://git-wip-us.apache.org/repos/asf/mina-ftpserver/blob/7defa046/core/src/test/java/org/apache/ftpserver/ssl/MinaImplicitDataChannelTest.java ---------------------------------------------------------------------- diff --git a/core/src/test/java/org/apache/ftpserver/ssl/MinaImplicitDataChannelTest.java b/core/src/test/java/org/apache/ftpserver/ssl/MinaImplicitDataChannelTest.java index 2f34be7..e9d0355 100644 --- a/core/src/test/java/org/apache/ftpserver/ssl/MinaImplicitDataChannelTest.java +++ b/core/src/test/java/org/apache/ftpserver/ssl/MinaImplicitDataChannelTest.java @@ -61,6 +61,10 @@ public class MinaImplicitDataChannelTest extends ImplicitSecurityTestTemplate { return true; } + protected boolean expectDataConnectionSecure() { + return true; + } + /** * Simple test that the {@link ServerDataConnectionFactory#isSecure()} * works as expected
