[
https://issues.apache.org/jira/browse/FTPSERVER-150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12620918#action_12620918
]
David Latorre commented on FTPSERVER-150:
-----------------------------------------
Hello,
First of all I apologize if cloning the issue is not the appropriate way of
reporting a problem with a closed issue.
The provided method to find if the connection is secure:
public boolean isSecure() {
return ioSession.getFilterChain().contains("sslSessionFilter");
}
is not sufficient as the SSLFilter in implicit-ssl mode is called "sslFilter"
rather than "sslSessionFilter".
Another possible issue regarding the name of the filters is the metod
getClientCertificates() in FTPIoSession.java:
if(getFilterChain().contains("sslFilter")) {
SslFilter sslFilter = (SslFilter) getFilterChain().get("sslFilter");
Here, we only check if implicit SSL mode is set - and I guess we also want to
be able to obtain the client certificate in explicit-ssl mode.
It would probably be a good idea to distinguish between implicit and explicit
mode (although there's no current usage I can see) so we have several options:
-Rename to "sslFilter" both the session-related and the listener-related
filter.
-Just check for both filters and maybe create support methods to obtain the
actual sslfilter object or the type of ssl-mode.
What do you think?
> CLONE -Provide convenience methods for checking is the control and data
> sockets are secure
> ------------------------------------------------------------------------------------------
>
> Key: FTPSERVER-150
> URL: https://issues.apache.org/jira/browse/FTPSERVER-150
> Project: FtpServer
> Issue Type: Improvement
> Affects Versions: 1.0-M2
> Reporter: David Latorre
> Assignee: Niklas Gustavsson
> Fix For: 1.0-M3
>
>
> Checking if the data and control sockets are secure (running over SSL/TLS)
> from a Ftplet is quite intricate and depends on knowledge of the internal
> implementation in FtpServer. We should make this simple. Suggestion by Jeroen
> Cranendonk
> I've cobbled together some code which should give an idea of what I'm trying
> to achieve, haven't tested it yet though. And I do realize this probably
> breaks your design in all kinds of ways :)
> Firstly, I've added the following to FtpSessionImpl:
> public boolean isDataConnectionSecure() {
> return ioSession.getDataConnection().isSecure();
> }
> public boolean isSecure() {
> return
> ioSession.getFilterChain().contains("sslSessionFilter");
> }
> public void write(final Object message) {
> ioSession.write(message);
> }
> And then my Ftplet looks like this (and it probably won't compile unless
> it's against the full ftpserver code):
> public class MyFtplet extends DefaultFtplet implements Ftplet {
> @Override
> public FtpletEnum onUploadStart(final FtpSession session, final
> FtpRequest request) throws FtpException,
> IOException {
> return this.onLimitedStart(session, request);
> }
> private FtpletEnum onLimitedStart(final FtpSession session, final
> FtpRequest request) {
> if (session.isSecure() && session.isDataConnectionSecure())
> {
> return FtpletEnum.RET_DEFAULT;
> }
> session.write(new
> DefaultFtpReply(FtpReply.REPLY_550_REQUESTED_ACTION_NOT_TAKEN,
> "Cannot do this before securing the connection."));
> return FtpletEnum.RET_SKIP;
> }
> }
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
