AdvancedSSLSettings (edtFTPj/PRO by Enterprise Distributed Technologies Ltd)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.enterprisedt.net.ftp
Class AdvancedSSLSettings

java.lang.Object
  com.enterprisedt.net.ftp.AdvancedSSLSettings

public class AdvancedSSLSettings
extends java.lang.Object
extends java.lang.Object

Settings specifically for the FTPS (FTP over SSL) protocol. Generally these settings are not required for basic use of the protocol.

All settings must be set before connecting to the server.

Version:: $Revision: 1.7 $
Author:: Bruce Blackshaw

Method Summary
`java.lang.String`	`getClientCertificatePassphrase()` Get the passphrase that has been set for the client certificate, or null if it has not been set.
`java.lang.String`	`getClientCertificatePath()` Set the path of the PEM file containing the client certificate and private key.
`SSLFTPCipherSuite[]`	`getEnabledCipherSuites()` Get a list of the enabled cipher suites.
`SSLFTPSecurityMechanism`	`getSecurityMechanism()` Set the security mechanism that should be used to set up the secure connection.
`java.lang.String[]`	`getSSLServerCommonNames()` Gets the names that will be used to match the CommonName (CN) field while the certificate is being validated.
`SSLFTPCertificateStore`	`getSSLServerValidationCertificates()` Returns a reference to the `SSLFTPCertificateStore` which contains the root certificates that will be used to validate the server certificate.
`boolean`	`isAllowBasicConstraintsNonCA()` Are non-CA certificates (e.g.
`boolean`	`isDisableSessionResumption()` Is session resumption disabled? The default is false (i.e.
`boolean`	`isDisableSSLClosure()` Is standard SSL closure disabled? If disabled, SSL connections are forced to close.
`boolean`	`isDisableWaitOnClose()` Is the disable waiting on close flag set? If set, stops the client waiting for an SSL closure acknowledgement on both the control channel and the data channel.
`boolean`	`isStartWithClearDataChannels()` Are clear data channels used initially? By default the client switches to private data channels immediately after AUTH.
`boolean`	`isUseUnencryptedCommands()` Should FTPS command-channel be revert to plain text after establishing an encrypted connection (FTPS only).
`void`	`setAllowBasicConstraintsNonCA(boolean allowBasicConstraintsNonCA)` Are non-CA certificates (e.g.
`void`	`setClientCertificatePassphrase(java.lang.String clientCertificatePassphrase)` Set the passphrase for the client certificate.
`void`	`setClientCertificatePath(java.lang.String clientCertificatePath)` Set the path of the PEM file containing the client certificate and private key.
`void`	`setDisableSessionResumption(boolean disableSessionResumption)` Set session resumption on or off.
`void`	`setDisableSSLClosure(boolean disableSSLClosure)` Disables standard SSL closure by forcing on both data and control channels SSL connections to close in a non-standard manner.
`void`	`setDisableWaitOnClose(boolean disableWaitOnClose)` If set, stops the client waiting for an SSL closure acknowledgement on both the control channel and the data channel.
`void`	`setEnabledCipherSuites(SSLFTPCipherSuite[] enabledCipherSuites)` Set the list of enabled ciper suites.
`void`	`setSecurityMechanism(SSLFTPSecurityMechanism auth)` Get the security mechanism that should be used to set up the secure connection.
`void`	`setSSLServerCommonNames(java.lang.String[] serverCommonNames)` Set the names that will be used to match the CommonName (CN) field while the certificate is being validated.
`void`	`setStartWithClearDataChannels(boolean startWithClearDataChannels)` By default the client switches to private data channels immediately after the `auth(String)` method is called.
`void`	`setUseUnencryptedCommands(boolean useUnencryptedCommands)` Changed whether command-channel reverts to plain text after connecting (FTPS only).

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Method Detail

getSSLServerValidationCertificates

public SSLFTPCertificateStore getSSLServerValidationCertificates()

Returns a reference to the SSLFTPCertificateStore which contains the root certificates that will be used to validate the server certificate.

Returns:: The root certificate-store.

getClientCertificatePath

public java.lang.String getClientCertificatePath()

Set the path of the PEM file containing the client certificate and private key. This is required if client authentication is to be used.

Returns:: file path

setClientCertificatePath

public void setClientCertificatePath(java.lang.String clientCertificatePath)

Set the path of the PEM file containing the client certificate and private key. This is required if client authentication is to be used.

The file must be formatted as follows:

   -----BEGIN xxx PRIVATE KEY-----
   ... client's private key ...
   -----END xxx PRIVATE KEY-----
   -----BEGIN CERTIFICATE-----
   ... client's certificate ...
   -----END CERTIFICATE-----

where xxx defines the keytype which must be either RSA or DSA.

A chain of keys (ordered from client's certificate to the root) may be placed in the file. Each certificate must be bracketed as shown above.

Parameters:: clientCertificatePath - path of the client certificate file

getClientCertificatePassphrase

public java.lang.String getClientCertificatePassphrase()

Get the passphrase that has been set for the client certificate, or null if it has not been set.

Returns:: passphrase or null

setClientCertificatePassphrase

public void setClientCertificatePassphrase(java.lang.String clientCertificatePassphrase)

Set the passphrase for the client certificate.

Parameters:: clientCertificatePassphrase - passphrase to set

isAllowBasicConstraintsNonCA

public boolean isAllowBasicConstraintsNonCA()

Are non-CA certificates (e.g. client certificates) permitted to have basic constraints? By default, they are not.

Returns:: true if basic constraints permitted, false if not

setAllowBasicConstraintsNonCA

public void setAllowBasicConstraintsNonCA(boolean allowBasicConstraintsNonCA)

Are non-CA certificates (e.g. client certificates) permitted to have basic constraints? By default, they are not. Enabling this flag permits non-CA certificates to have basic constraints.

Parameters:: allowBasicConstraintsNonCA - true to allow basic constraints in non-CA certs.

isStartWithClearDataChannels

public boolean isStartWithClearDataChannels()

Are clear data channels used initially? By default the client switches to private data channels immediately after AUTH.

Returns:: true if starting with clear channels, false if private

setStartWithClearDataChannels

public void setStartWithClearDataChannels(boolean startWithClearDataChannels)

By default the client switches to private data channels immediately after the auth(String) method is called. It does this by invoking pbsz(0) and prot('P') from inside the auth() method. This flag stops this behaviour if set to true. The default is false.

Parameters:: startWithClearDataChannels - true to force clear data channels

isDisableSessionResumption

public boolean isDisableSessionResumption()

Is session resumption disabled? The default is false (i.e. it is enabled).

Returns:: true if disabled, false if enabled

setDisableSessionResumption

public void setDisableSessionResumption(boolean disableSessionResumption)

Set session resumption on or off. Session resumption is a feature of SSL/TLS, which speeds up the establishment of secure connections by caching certain cryptographic parameters during the first connection, such that they may be used in subsequent connections. This is particularly handy for FTPS which opens a new connection for each file transfer. Occasionally it can cause problems when establishing secure connections on data-channels, so this flag is provided for disabling the feature and thus forcing a full exchange of cryptographic data for every file.

Parameters:: disableSessionResumption - true to disable.

isDisableWaitOnClose

public boolean isDisableWaitOnClose()

Is the disable waiting on close flag set? If set, stops the client waiting for an SSL closure acknowledgement on both the control channel and the data channel. This flag may be useful if it is found that the client freezes after a data-transfer or when the FTP connection is closed.

Returns:: true if wait on close is disabled

setDisableWaitOnClose

public void setDisableWaitOnClose(boolean disableWaitOnClose)

If set, stops the client waiting for an SSL closure acknowledgement on both the control channel and the data channel. This flag may be useful if it is found that the client freezes after a data-transfer or when the FTP connection is closed.

Parameters:: disableWaitOnClose - true to disable wait on close

isDisableSSLClosure

public boolean isDisableSSLClosure()

Is standard SSL closure disabled? If disabled, SSL connections are forced to close. This flag may be useful if it is found that the client or the server (or both) freezes after a data-transfer or when the FTP connection is closed.

Returns:

setDisableSSLClosure

public void setDisableSSLClosure(boolean disableSSLClosure)

Disables standard SSL closure by forcing on both data and control channels SSL connections to close in a non-standard manner. This flag may be useful if it is found that the client or the server (or both) freezes after a data-transfer or when the FTP connection is closed.

Parameters:: disableSSLClosure - true to disable SSL closure

getSecurityMechanism

public SSLFTPSecurityMechanism getSecurityMechanism()

Set the security mechanism that should be used to set up the secure connection.

Returns:: SSLFTPSecurityMechanism

setSecurityMechanism

public void setSecurityMechanism(SSLFTPSecurityMechanism auth)

Get the security mechanism that should be used to set up the secure connection.

Parameters:: auth - security mechanism to use

getEnabledCipherSuites

public SSLFTPCipherSuite[] getEnabledCipherSuites()

Get a list of the enabled cipher suites.

Returns:: SSLFTPCipherSuite[]

setEnabledCipherSuites

public void setEnabledCipherSuites(SSLFTPCipherSuite[] enabledCipherSuites)

Set the list of enabled ciper suites.

Parameters:: enabledCipherSuites - cipher suites to enabled

isUseUnencryptedCommands

public boolean isUseUnencryptedCommands()

Should FTPS command-channel be revert to plain text after establishing an encrypted connection (FTPS only). If enabled this results in the CCC command being sent immediately after log-in.

Returns:: true if command-channel reverts to plain text after connecting (FTPS only).

setUseUnencryptedCommands

public void setUseUnencryptedCommands(boolean useUnencryptedCommands)

Changed whether command-channel reverts to plain text after connecting (FTPS only). If enabled this results in the CCC command being sent immediately after log-in.

Parameters:: useUnencryptedCommands - true if commands should be sent in plain text (FTPS only).

getSSLServerCommonNames

public java.lang.String[] getSSLServerCommonNames()

Gets the names that will be used to match the CommonName (CN) field while the certificate is being validated.

Returns:: names that will be used for matching.

setSSLServerCommonNames

public void setSSLServerCommonNames(java.lang.String[] serverCommonNames)

Set the names that will be used to match the CommonName (CN) field while the certificate is being validated.

Parameters:: serverCommonNames - names which will be used for matching.