[
https://issues.apache.org/jira/browse/FTPSERVER-277?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Emmanuel Lécharny updated FTPSERVER-277:
----------------------------------------
Fix Version/s: 1.1.5
(was: 1.1.2)
> Ftplet which forces TLS/SSL for control and data channels when using explicit
> FTPS
> ----------------------------------------------------------------------------------
>
> Key: FTPSERVER-277
> URL: https://issues.apache.org/jira/browse/FTPSERVER-277
> Project: FtpServer
> Issue Type: New Feature
> Components: Ftplets
> Reporter: Niklas Therning
> Assignee: Niklas Therning
> Priority: Minor
> Fix For: 1.1.5
>
>
> I've developed a simple Ftplet which forces the client to use secure control
> and data channels when the server has been configured for explicit FTPS. The
> code has been pasted below. Let me know what you think about it. I've tried
> it with curl and it seems to work as expected both for passive and active
> data channels. Feel free to include it in Ftpserver if you find it useful.
> import java.io.IOException;
> import java.util.HashSet;
> import java.util.Set;
> import org.apache.ftpserver.ftplet.DefaultFtpReply;
> import org.apache.ftpserver.ftplet.FtpException;
> import org.apache.ftpserver.ftplet.FtpReply;
> import org.apache.ftpserver.ftplet.FtpRequest;
> import org.apache.ftpserver.ftplet.FtpSession;
> import org.apache.ftpserver.ftplet.Ftplet;
> import org.apache.ftpserver.ftplet.FtpletContext;
> import org.apache.ftpserver.ftplet.FtpletResult;
> /**
> * {@link Ftplet} which forces the client to use secure control and data
> * channels when connecting in explicit FTPS mode. In implicit FTPS the
> control
> * channel is always secure, however, the data channel can be plain text. This
> * {@link Ftplet} will not allow clients to open insecure data channels in
> * implicit FTPS mode.
> *
> * @version $Id$
> */
> public class ExplicitSslForcingFtplet implements Ftplet {
> private static final String SECURE =
> ExplicitSslForcingFtplet.class.getName() + ".secure";
> private static final Set<String> DATA_CHANNEL_COMMANDS;
>
> static {
> DATA_CHANNEL_COMMANDS = new HashSet<String>();
> DATA_CHANNEL_COMMANDS.add("APPE");
> DATA_CHANNEL_COMMANDS.add("LIST");
> DATA_CHANNEL_COMMANDS.add("MLSD");
> DATA_CHANNEL_COMMANDS.add("NLST");
> DATA_CHANNEL_COMMANDS.add("RETR");
> DATA_CHANNEL_COMMANDS.add("STOR");
> DATA_CHANNEL_COMMANDS.add("STOU");
> }
> public FtpletResult afterCommand(FtpSession session, FtpRequest request,
> FtpReply reply) throws FtpException, IOException {
> String cmd = request.getCommand().toUpperCase();
> int code = reply.getCode();
> if ("AUTH".equals(cmd) && code >= 200 && code < 300) {
> session.setAttribute(SECURE, true);
> }
>
> return FtpletResult.DEFAULT;
> }
> public FtpletResult beforeCommand(FtpSession session, FtpRequest request)
> throws FtpException, IOException {
> String cmd = request.getCommand().toUpperCase();
> boolean secure = (Boolean) session.getAttribute(SECURE);
> if ("USER".equals(cmd)) {
> if (!secure) {
> session.write(new DefaultFtpReply(500, "Control channel not
> secure. Issue AUTH command first."));
> return FtpletResult.SKIP;
> }
> } else if (DATA_CHANNEL_COMMANDS.contains(cmd)) {
> if (!session.getDataConnection().isSecure()) {
> session.write(new DefaultFtpReply(500, "Data channel not
> secure. Issue PROT command first."));
> return FtpletResult.SKIP;
> }
> }
> return FtpletResult.DEFAULT;
> }
> public void destroy() {
> }
> public void init(FtpletContext ftpletContext) throws FtpException {
> }
> public FtpletResult onConnect(FtpSession session) throws FtpException,
> IOException {
> session.setAttribute(SECURE, session.isSecure());
> return FtpletResult.DEFAULT;
> }
> public FtpletResult onDisconnect(FtpSession session) throws FtpException,
> IOException {
>
> return FtpletResult.DEFAULT;
> }
> }
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
