com.enterprisedt.net.ftp.FTPClient
com.enterprisedt.net.ftp.pro.ProFTPClient
com.enterprisedt.net.ftp.ssl.SSLFTPClient
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Object
public class SSLFTPClient
SSLFTPClient supports standard FTP and the two
types of FTPS, explicit and implicit.
Explicit FTPS is specified by the Internet Draft, "Securing FTP with TLS",
Ford-Hutchinson, et al. As directed by the draft, the FTP client connects
in plain (non-SSL) mode and operates in this mode until the "AUTH" command is
issued by means of the auth(String) method. This will cause
the client and server to negotiate an SSL connection. Once complete
commands sent from the client to the server, and their corresponding replies
will be secure. Below is an example of a simple explicit FTPS session:
// create an explicit FTPS client
SSLFTPClient ftp = new SSLFTPClient("123.123.123.123", 0);
// Turn off server validation (ONLY do this when testing)
ftp.setValidateServer(false);
// connect to the server
ftp.connect();
// switch to secure command channel
ftp.auth(SSLFTPClient.AUTH_SSL);
// log in
ftp.login("test", "test");
// get a file
ftp.get("file.txt", "file.txt");
// close the connection
ftp.quit();
This example uses no client authentication and does not attempt to verify
server certificates (which should be done only when testing).
Implicit FTPS is an older form of FTPS which uses pure SSL connection, i.e. SSL sessions are established immediately upon socket connection for all FTP channels. The following is an example of a simple implicit FTPS session:
// create an implicit FTPS client
SSLFTPClient ftp = new SSLFTPClient("123.123.123.123", SSLFTPClient.ConfigFlags.IMPLICIT_FTPS);
// Turn off server validation (ONLY do this when testing)
ftp.setValidateServer(false);
// connect to the server
ftp.connect();
// log in
ftp.login("test", "test");
// get a file
ftp.get("file.txt", "file.txt");
// close the connection
ftp.quit();
Like the previous example, this example uses no client authentication
and does not attempt to verify server certificates (which should be
done only when testing).
SSL Certificates:
Both the examples above used no server validation. This is only normally
acceptable only when testing. To be secure applications should always
validate the server that they're communicating with. If setValidateServer()
is not called then
SSLFTPClient will attempt to validate the server's certificate. In
explicit FTPS this occurs when the auth(String) method is invoked, whereas
in implicit FTPS, it occurs upon connection.
The server's certificate is matched against the root certificates
in the root certificate-store (accessible via getRootCertificateStore().
Some server certificates are
issued by Certificate Authorities (CAs). In such cases, it is sufficient for the
CA's certificate to be in the root certicate file. If a non-CA certificate is used then
the server certificate itself must be in root certificate file.
If client authentication is required
then a user's private key and certificate must be set using the
loadClientCertificate(String,String),
loadClientCertificate(InputStream,String) or
setClientCertificate(Certificate,PrivateKey) methods.
Configuration flags:There are variations in the
interpretation of the FTPS standard as
implemented in various servers. For this reason non-standard compatibility
options may activated by passing ConfigFlags to the
SSLFTPClient constructor. For example, to communicate
with a GlobalSCAPE (tm) server, the following code would be used:
SSLFTPClient ftp = new SSLFTPClient("123.123.123.123",
SSLFTPClient.ConfigFlags.DISABLE_SSL_CLOSURE
| SSLFTPClient.ConfigFlags.DISABLE_WAIT_ON_CLOSURE);
Cipher-Suites: A cipher-suite is a set of algorithms that is used for various aspects of SSL security. For a client and a server to be able to communicate, they must be able to agree on a particular cipher-suite. Different types of servers recognize different cipher-suites, so it is usually up to the client make sure that it shares at least one cipher-suite with the server that it is trying to communicate securely with. By itself, this fact would imply that the client should simply enable all possible suites in order to increase the chances of overlap. However, this is not necessarily wise since some cipher-suites (esp. those which adhered to the (now defunct) US export restrictions are relatively easy to break, whereas some others are trusted as currently being virtually unbreakable.
This library supports many cipher-suites (see SSLFTPCipherSuite)
so it should be possible to find a suitable cipher-suite in most cases. Cipher-suites
are configured on the client using the disableAllCipherSuites(),
enableCipherSuite(SSLFTPCipherSuite), and getEnabledCipherSuites()
methods.
(Note: GlobalSCAPE is a registered trademark of GlobalSCAPE)
| Nested Class Summary | |
|---|---|
static class |
SSLFTPClient.ConfigFlags
ConfigFlags contains various static integers which are used
to configure clients. |
| Field Summary | |
|---|---|
static java.lang.String |
AUTH_SSL
Deprecated - use AUTH_TLS. |
static java.lang.String |
AUTH_TLS
Synonym for AUTH_TLS_C. |
static java.lang.String |
AUTH_TLS_C
May be passed to the auth(String) method to ask for
SSL negotiation without implicitly protecting the data connection. |
static char |
PROT_CLEAR
May be passed to the prot(char) method to specify that
data-transfers should be done WITHOUT security. |
static char |
PROT_PRIVATE
May be passed to the prot(char) method to specify that
data-transfers should be done WITH security. |
| Fields inherited from class com.enterprisedt.net.ftp.pro.ProFTPClient |
|---|
cvsId |
| Fields inherited from class com.enterprisedt.net.ftp.FTPClient |
|---|
CARRIAGE_RETURN, control, controlEncoding, controlPort, data, DEFAULT_BUFFER_SIZE, DEFAULT_ENCODING, DEFAULT_LISTING_LOCALES, DEFAULT_MONITOR_INTERVAL, DEFAULT_TIMEOUT, dirEmptyStrings, fileNotFoundStrings, FTP_LINE_SEPARATOR, id, lastReply, lastValidReply, LINE_FEED, messageListener, monitor, monitorEx, monitorInterval, remoteAddr, remoteHost, serverWakeupInterval, timeout, transferBufferSize, transferCompleteStrings, transferType |
| Fields inherited from interface com.enterprisedt.net.ftp.pro.ProFTPClientInterface |
|---|
cvsId |
| Constructor Summary | |
|---|---|
SSLFTPClient()
Constructs an FTPS client for the given remote host. |
|
SSLFTPClient(java.net.InetAddress remoteAddr,
int configFlags)
Deprecated. use setter methods to set properties |
|
SSLFTPClient(java.net.InetAddress remoteAddr,
int controlPort,
int configFlags)
Deprecated. use setter methods to set properties |
|
SSLFTPClient(java.net.InetAddress remoteAddr,
int controlPort,
int timeout,
int configFlags)
Deprecated. use setter methods to set properties |
|
SSLFTPClient(java.lang.String remoteHost,
int configFlags)
Deprecated. use setter methods to set properties |
|
SSLFTPClient(java.lang.String remoteHost,
int controlPort,
int configFlags)
Deprecated. use setter methods to set properties |
|
SSLFTPClient(java.lang.String remoteHost,
int controlPort,
int timeout,
int configFlags)
Deprecated. use setter methods to set properties |
|
| Method Summary | |
|---|---|
void |
auth(char command)
Required for certain implementations of implicit SSL. |
void |
auth(java.lang.String securityMechanism)
Switches the control-channel (the connection which carries commands) to secure mode. |
void |
ccc()
Clears the control channel, setting it back to plain text. |
void |
connect()
Connects to the server at the address and port number defined in the constructor. |
void |
disableAllCipherSuites()
Disables all cipher-suites. |
void |
enableCipherSuite(SSLFTPCipherSuite cipherSuite)
Enables the given cipher-suite. |
void |
enableCipherSuites(SSLFTPCipherSuite[] cipherSuites)
Enables the given cipher-suites. |
java.util.Vector |
getCertificateChain()
Returns a vector containing the certificates ( SSLFTPCertificate)
presented by the server with the Certificate Authority's certificate first
and the server's certificate last. |
int |
getConfigFlags()
Get the set configuration flags. |
SSLFTPCipherSuite[] |
getEnabledCipherSuites()
Returns an array of all currently enabled cipher-suites. |
SSLFTPCertificateStore |
getRootCertificateStore()
Returns a reference to the SSLFTPCertificateStore
which contains the root certificates that will be used
to validate the server certificate. |
static SSLFTPCertificate |
getServerCertificate(java.lang.String hostName)
Connects to the given host and retrieves its certificate. |
static SSLFTPCertificate |
getServerCertificate(java.lang.String hostName,
int remotePort)
Connects to the given host and retrieves its certificate. |
static java.lang.String |
getServerSecurityMechanism(java.lang.String remoteHost)
Returns the safest explicit FTPS security mechanism supported by the server. |
static java.lang.String |
getServerSecurityMechanism(java.lang.String remoteHost,
int remotePort)
Returns the safest explicit FTPS security mechanism supported by the server. |
boolean |
getValidateServer()
Returns a flag indicating whether or not this client will attempt to validate server certificates. |
boolean |
isImplicitFTPS()
Is implicit FTPS being used? |
void |
loadClientCertificate(java.io.InputStream inputStream,
java.lang.String password)
Loads the client's private key and certificate in PEM format from the given input-stream. |
void |
loadClientCertificate(java.lang.String path,
java.lang.String password)
Loads the client's private key and certificate in PEM format from the given file. |
void |
loadClientKeyFile(java.io.InputStream inputStream,
java.lang.String password)
Deprecated. Use setClientCertificate<(inputStream, password)/code>. |
void |
loadClientKeyFile(java.lang.String path,
java.lang.String password)
Deprecated. Use loadClientCertificate<(path, password)/code>. |
void |
loadRootCertificates(java.io.InputStream inputStream)
Deprecated. Use getRootCertificateStore().SSLFTPCertificateStore.importPEMFile(InputStream) |
void |
loadRootCertificates(java.lang.String path)
Deprecated. Use getRootCertificateStore().SSLFTPCertificateStore.importPEMFile(String) |
void |
pbsz(int bufferSize)
Defines the buffer-size to be used on data-connections. |
void |
prot(char command)
Defines the security-level of subsequent data-transfers. |
protected int |
readChar(java.io.LineNumberReader in)
Attempts to read a single character from the given InputStream. |
int |
readChunk(java.io.BufferedInputStream in,
byte[] chunk,
int chunksize)
Attempts to read a specified number of bytes from the given InputStream and place it in the given byte-array. |
protected java.lang.String |
readLine(java.io.LineNumberReader in)
Attempts to read a single line from the given InputStream. |
void |
setClientCertificate(java.security.cert.Certificate certificate,
java.security.PrivateKey privateKey)
Sets the client's certificate and private key given standard Java Certificate and PrivateKey
objects. |
void |
setConfigFlags(int configFlags)
Set the configuration flags which control various compatibility features. |
void |
setCustomValidator(SSLFTPValidator newValidator)
Sets the validator. |
void |
setImplicitFTPS(boolean implicitFTPS)
Set implicit FTPS on or off. |
void |
setRootCertificateStore(SSLFTPCertificateStore store)
Sets the SSLFTPCertificateStore
which contains the root certificates that will be used
to validate the server certificate. |
void |
setValidateServer(boolean validate)
Determines whether or not this client will attempt to validate server certificates. |
java.lang.String |
toString()
String representation |
| Methods inherited from class com.enterprisedt.net.ftp.pro.ProFTPClient |
|---|
getCountBeforeSleep, getSleepTime, isSleepEnabled, mdelete, mdelete, mdelete, mdelete, mget, mget, mget, mget, mput, mput, mput, mput, rmdir, setCountBeforeSleep, setSleepEnabled, setSleepTime |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
| Methods inherited from interface com.enterprisedt.net.ftp.pro.ProFTPClientInterface |
|---|
getCountBeforeSleep, getSleepTime, isSleepEnabled, mdelete, mdelete, mdelete, mdelete, mget, mget, mget, mget, mput, mput, mput, mput, rmdir, setCountBeforeSleep, setSleepEnabled, setSleepTime |
| Methods inherited from interface com.enterprisedt.net.ftp.FTPClientInterface |
|---|
cancelResume, cancelTransfer, cdup, chdir, connected, delete, dir, dir, dir, dirDetails, executeCommand, exists, get, get, get, getDeleteCount, getDetectTransferMode, getDownloadCount, getId, getMonitorInterval, getRemoteHost, getRemotePort, getTimeout, getType, getUploadCount, keepAlive, mkdir, modtime, put, put, put, put, put, put, pwd, quit, quitImmediately, rename, resetDeleteCount, resetDownloadCount, resetUploadCount, resume, rmdir, setControlEncoding, setDetectTransferMode, setId, setModTime, setProgressMonitor, setProgressMonitor, setRemoteHost, setRemotePort, setTimeout, setType, size, system |
| Field Detail |
|---|
public static final java.lang.String AUTH_TLS
auth(String) method to ask for
SSL negotiation without implicitly protecting the data connection.
public static final java.lang.String AUTH_TLS_C
auth(String) method to ask for
SSL negotiation without implicitly protecting the data connection.
public static final java.lang.String AUTH_SSL
auth(String) method to
ask for SSL negotiation and implicitly protect further data connections.
public static final char PROT_CLEAR
prot(char) method to specify that
data-transfers should be done WITHOUT security.
public static final char PROT_PRIVATE
prot(char) method to specify that
data-transfers should be done WITH security.
| Constructor Detail |
|---|
public SSLFTPClient()
throws FTPException
IMPORTANT NOTE: This constructor does NOT connect to
the server. The connect() method must be called
to do this.
All other constructors are deprecated. This constructor should be used, and then setter methods used (most inherited from FTPClient) to set the control port, remote host etc
FTPException
public SSLFTPClient(java.lang.String remoteHost,
int configFlags)
throws java.net.UnknownHostException
IMPORTANT NOTE: This constructor does NOT connect to
the server. The connect() method must be called
to do this.
remoteHost - Remote FTP server to connect to.configFlags - Combination of flags used to configure the client for
implicit FTPS or compatibility with servers that don't fully comply with standards
(see SSLFTPClient.ConfigFlags). For servers that comply with standards this value
may be set to 0.
java.net.UnknownHostException - Thrown if the remoteHost argument does not resolved to a known host.
public SSLFTPClient(java.lang.String remoteHost,
int controlPort,
int configFlags)
throws java.net.UnknownHostException
IMPORTANT NOTE: This constructor does NOT connect to
the server. The connect() method must be called
to do this.
remoteHost - Remote FTP server to connect to.controlPort - Port on remote FTP server to connect to.configFlags - Combination of flags used to configure the client for
implicit FTPS or compatibility with servers that don't fully comply with standards
(see SSLFTPClient.ConfigFlags). For servers that comply with standards this value
may be set to 0.
java.net.UnknownHostException - Thrown if the remoteHost argument does not resolved to a known host.
public SSLFTPClient(java.lang.String remoteHost,
int controlPort,
int timeout,
int configFlags)
throws java.net.UnknownHostException
IMPORTANT NOTE: This constructor does NOT connect to
the server. The connect() method must be called
to do this.
remoteHost - Remote FTP server to connect to.controlPort - Port on remote FTP server to connect to.timeout - Time-out of connections (0 means no time-out).configFlags - Combination of flags used to configure the client for
implicit FTPS or compatibility with servers that don't fully comply with standards
(see SSLFTPClient.ConfigFlags). For servers that comply with standards this value
may be set to 0.
java.net.UnknownHostException - Thrown if the remoteHost argument does not resolved to a known host.
public SSLFTPClient(java.net.InetAddress remoteAddr,
int configFlags)
IMPORTANT NOTE: This constructor does NOT connect to
the server. The connect() method must be called
to do this.
remoteAddr - Address of remote FTP server to connect to.configFlags - Combination of flags used to configure the client for
implicit FTPS or compatibility with servers that don't fully comply with standards
(see SSLFTPClient.ConfigFlags). For servers that comply with standards this value
may be set to 0.
public SSLFTPClient(java.net.InetAddress remoteAddr,
int controlPort,
int configFlags)
IMPORTANT NOTE: This constructor does NOT connect to
the server. The connect() method must be called
to do this.
remoteAddr - Address of remote FTP server to connect to.controlPort - Port on remote FTP server to connect to.configFlags - Combination of flags used to configure the client for
implicit FTPS or compatibility with servers that don't fully comply with standards
(see SSLFTPClient.ConfigFlags). For servers that comply with standards this value
may be set to 0.
public SSLFTPClient(java.net.InetAddress remoteAddr,
int controlPort,
int timeout,
int configFlags)
IMPORTANT NOTE: This constructor does NOT connect to
the server. The connect() method must be called
to do this.
remoteAddr - Address of remote FTP server to connect to.controlPort - Port on remote FTP server to connect to.timeout - Time-out of connections (0 means no time-out).configFlags - Combination of flags used to configure the client for
implicit FTPS or compatibility with servers that don't fully comply with standards
(see SSLFTPClient.ConfigFlags). For servers that comply with standards this value
may be set to 0.| Method Detail |
|---|
public void setConfigFlags(int configFlags)
throws FTPException
SSLFTPClient.ConfigFlags.
They are integers so they should be OR'd together if more than one is
required. For example,
ftpClient.SetConfigFlags(SSLFTPClient.ConfigFlags.DISABLE_SESSION_RESUMPTION
| SSLFTPClient.ConfigFlags.DISABLE_SSL_CLOSURE);
Note that implict FTPS should not longer be set via ConfigFlags.IMPLICIT_FTPS, which
is now deprecated.
Instead, use setImplicitFTPS(boolean). If ConfigFlags.IMPLICIT_FTPS is
supplied, implict FTPS will be enabled for backward compatibility. However if it is
not supplied, the implicit FTPS mode will be unaltered, i.e. if implicit
FTPS is currently enabled, it will not be disabled by not supplying ConfigFlags.IMPLICIT_FTPS.
configFlags - Configuration flags to set (see SSLFTPClient.ConfigFlags)
FTPException - Thrown if the client is already connected to the server.public int getConfigFlags()
public void connect()
throws java.io.IOException,
FTPException,
SSLFTPCertificateException
SSLFTPClient.ConfigFlags.IMPLICIT_FTPS) then the client and server
will negotiate a secure connection upon connection.
connect in interface FTPClientInterfaceconnect in class ProFTPClientjava.io.IOException - Thrown if there is a TCP/IP-related error.
FTPException - Thrown if there is an error related to the FTP protocol.
SSLFTPCertificateException - If connecting in implicit FTPS mode
(i.e. see SSLFTPClient.ConfigFlags.IMPLICIT_FTPS) then the
SSLFTPCertificateException may be thrown if there's a certificate
validation error. In this case, SSLFTPCertificateException.getCertificates()
returns the server's certificate(s).
protected int readChar(java.io.LineNumberReader in)
throws java.io.IOException
FTPClientInputStream.
The purpose of this method is to permit subclasses to execute
any additional code necessary when performing this operation.
readChar in class FTPClientin - The LineNumberReader to read from.
java.io.IOException - Thrown if there was an error while reading.
protected java.lang.String readLine(java.io.LineNumberReader in)
throws java.io.IOException
FTPClientInputStream.
The purpose of this method is to permit subclasses to execute
any additional code necessary when performing this operation.
readLine in class FTPClientin - The LineNumberReader to read from.
java.io.IOException - Thrown if there was an error while reading.
public int readChunk(java.io.BufferedInputStream in,
byte[] chunk,
int chunksize)
throws java.io.IOException
FTPClientInputStream and place it in the given byte-array. The
purpose of this method is to permit subclasses to execute any additional
code necessary when performing this operation.
readChunk in class FTPClientin - The InputStream to read from.chunk - The byte-array to place read bytes in.chunksize - Number of bytes to read.
java.io.IOException - Thrown if there was an error while reading.public java.util.Vector getCertificateChain()
SSLFTPCertificate)
presented by the server with the Certificate Authority's certificate first
and the server's certificate last.
It allows you to inspect the certificates that the server presented to the
client during the establishment of a secure connection. There should be one
or more certificates in this chain. The last one in the chain is the
server's certificate. Any preceding certificates are certificates of issuers.
For example, if there are three: A, B, and C. Then C is the server certificate.
C was issued by B, and B was issued by A. At least one of these three certificates
must be in the root certificate store for the server to be validated.
SSLFTPCertificate objects.public boolean getValidateServer()
getRootCertificateStore()).
Setting this method to false makes it trivial for an attacker
to impersonate a server, so it should be done only for testing purposes.
public void setValidateServer(boolean validate)
throws FTPException
loadRootCertificates(String) method.
Setting this method to false makes it trivial for an attacker
to impersonate a server, so it should be done only for testing purposes.
validate - True if servers are to be validated.
FTPException
public void setCustomValidator(SSLFTPValidator newValidator)
throws FTPException
SSLFTPStandardValidator will be used.
Custom validators may be used to provide user interaction, such as allowing the user view a server's certificate before accepting the connection. See SSLFTPValidator and SSLFTPStandardValidator.
Note that this method must be called before auth is called,
otherwise the standard validator will be used.
newValidator - Custom validator to use.
FTPExceptionpublic SSLFTPCipherSuite[] getEnabledCipherSuites()
public void disableAllCipherSuites()
throws FTPException
FTPException
public void enableCipherSuite(SSLFTPCipherSuite cipherSuite)
throws FTPException
cipherSuite - Cipher-suite to enable.
SSLFTPException - Thrown if the given cipher-suite is not valid.
FTPException
public void enableCipherSuites(SSLFTPCipherSuite[] cipherSuites)
throws FTPException
cipherSuites - Cipher-suites to enable.
SSLFTPException - Thrown if a cipher-suite is not valid.
FTPException
public void loadClientKeyFile(java.io.InputStream inputStream,
java.lang.String password)
throws java.io.FileNotFoundException,
java.io.IOException,
FTPException
setClientCertificate<(inputStream, password)/code>.
java.io.FileNotFoundException
java.io.IOException
FTPException
public void loadClientKeyFile(java.lang.String path,
java.lang.String password)
throws java.io.FileNotFoundException,
java.io.IOException,
FTPException
loadClientCertificate<(path, password)/code>.
java.io.FileNotFoundException
java.io.IOException
FTPException
public void loadClientCertificate(java.io.InputStream inputStream,
java.lang.String password)
throws java.io.FileNotFoundException,
java.io.IOException,
FTPException
-----BEGIN xxx PRIVATE KEY----- ... client's private key ... -----END xxx PRIVATE KEY----- -----BEGIN CERTIFICATE----- ... client's certificate ... -----END CERTIFICATE-----where
xxx defines the keytype which must be either
RSA or DSA.A chain of keys (ordered from client's certificate to the root) may be placed in the file. Each certificate must be bracketed as shown above.
inputStream - InputStream to read from.password - Pass-phrase for accessing the key.
java.io.FileNotFoundException - Thrown if the file could not be found.
java.io.IOException - Thrown if there was an error reading the key.
FTPException
public void loadClientCertificate(java.lang.String path,
java.lang.String password)
throws java.io.FileNotFoundException,
java.io.IOException,
FTPException
-----BEGIN xxx PRIVATE KEY----- ... client's private key ... -----END xxx PRIVATE KEY----- -----BEGIN CERTIFICATE----- ... client's certificate ... -----END CERTIFICATE-----where
xxx defines the keytype which must be either
RSA or DSA.A chain of keys (ordered from client's certificate to the root) may be placed in the file. Each certificate must be bracketed as shown above.
path - Path of the filepassword - Pass-phrase for accessing the key.
java.io.FileNotFoundException - Thrown if the file could not be found.
java.io.IOException - Thrown if there was an error reading the key.
FTPException
public void setClientCertificate(java.security.cert.Certificate certificate,
java.security.PrivateKey privateKey)
throws SSLFTPCertificateException
Certificate and PrivateKey
objects.
To load a certificate and a private key from a Java keystore, code similar
to the following should be used:
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream(keyStoreFileName, keyStorePassword.toCharArray());
Certificate certificate = keyStore.getCertificate(alias);
PrivateKey privateKey = (PrivateKey)keyStore.getKey(alias, privateKeyPassword.toCharArray());
ftp.setClientCertificate(certificate, privateKey);
certificate - The client's certificate.privateKey - The client's private key.
SSLFTPCertificateException - Thrown if there was a problem accessing
the key or the private key.
public void loadRootCertificates(java.io.InputStream inputStream)
throws java.io.FileNotFoundException,
java.io.IOException,
FTPException
getRootCertificateStore().SSLFTPCertificateStore.importPEMFile(InputStream)
-----BEGIN CERTIFICATE----- ... first certificate ... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ... second certificate ... -----END CERTIFICATE----- etc
The ca-root package of FreeBSD has a file, ca-roots.crt, which contains a list of root certificates. It may be downloaded from the FreeBSD website (search for "ca-root") It is important to be aware that the root certificates file is a potential point of attack since an errant entry in this file may allow attackers obtain access to secured resources.
inputStream - InputStream to read from.
java.io.FileNotFoundException - Thrown if the file could not be found.
java.io.IOException - Thrown if there was an error reading the certificates.
FTPException
public void loadRootCertificates(java.lang.String path)
throws java.io.IOException,
FTPException
getRootCertificateStore().SSLFTPCertificateStore.importPEMFile(String)
-----BEGIN CERTIFICATE----- ... first certificate ... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ... second certificate ... -----END CERTIFICATE----- etc
The ca-root package of FreeBSD has a file, ca-roots.crt, which contains a list of root certificates. It may be downloaded from the FreeBSD website (search for "ca-root") It is important to be aware that the root certificates file is a potential point of attack since an errant entry in this file may allow attackers obtain access to secured resources.
path - Path of the file.
java.io.FileNotFoundException - Thrown if the file could not be found.
java.io.IOException - Thrown if there was an error reading the certificates.
FTPExceptionpublic SSLFTPCertificateStore getRootCertificateStore()
SSLFTPCertificateStore
which contains the root certificates that will be used
to validate the server certificate.
public void setRootCertificateStore(SSLFTPCertificateStore store)
SSLFTPCertificateStore
which contains the root certificates that will be used
to validate the server certificate.
store - The root certificate-store to use
public void auth(java.lang.String securityMechanism)
throws java.io.IOException,
FTPException
ConfigFlags.START_WITH_CLEAR_DATA_CHANNELS flag was
passed in during construction, the client will switch to private
(i.e. secure) data channels immediately after a connection is made. It does
this by invoking pbsz(0) and prot('P').
This library supports three arguments to this methods,
SSLFTPClient.AUTH_TLS, SSLFTPClient.AUTH_TLS_C,
and SSLFTPClient.SSL.
securityMechanism - Security mechanism to use (see above)
java.io.IOException - Thrown if a communication error occurred.
FTPException - Thrown if an FTP-protocol related error occurred.
SSLFTPCertificateException - thrown if there's a certificate
validation error. Use SSLFTPCertificateException.getCertificates()
to obtain the server's certificate(s).
public void ccc()
throws FTPException,
java.io.IOException
The server will not accept any more PBSZ or PROT commands. All subsequent data transfers must be protected with the current PROT settings.
FTPException
java.io.IOException
public void auth(char command)
throws java.io.IOException,
FTPException
command - Seurity level to be used (must be either
SSLFTPClient.PROT_PRIVATE or SSLFTPClient.PROT_CLEAR.
java.io.IOException - Thrown if a communication error occurred.
FTPException - Thrown if an FTP-protocol related error occurred.
public void prot(char command)
throws java.io.IOException,
FTPException
'C' (Clear) and 'P' (Private).
The former dictates that data-transfers should be insecure and the latter
that they should be secure. There are two public member-variables,
SSLFTPClient.PROT_PRIVATE and SSLFTPClient.PROT_CLEAR
defined for use with this method.
command - Seurity level to be used (must be either
SSLFTPClient.PROT_PRIVATE or SSLFTPClient.PROT_CLEAR.
java.io.IOException - Thrown if a communication error occurred.
FTPException - Thrown if an FTP-protocol related error occurred.
public void pbsz(int bufferSize)
throws java.io.IOException,
FTPException
0 (zero). Note that
this method is required only to conform with the standard.
bufferSize - Buffer-size to use (must be zero).
java.io.IOException - Thrown if a communication error occurred.
FTPException - Thrown if an FTP-protocol related error occurred.
public static SSLFTPCertificate getServerCertificate(java.lang.String hostName)
throws FTPException,
java.io.IOException
hostName - Host-name of server.
FTPException - Thrown if an FTP-related error occurred.
java.io.IOException - Thrown if a TCP/IP-related error occurred.
public static SSLFTPCertificate getServerCertificate(java.lang.String hostName,
int remotePort)
throws FTPException,
java.io.IOException
hostName - Host-name of server.remotePort - Port to connect to.
FTPException - Thrown if an FTP-related error occurred.
java.io.IOException - Thrown if a TCP/IP-related error occurred.
public static java.lang.String getServerSecurityMechanism(java.lang.String remoteHost)
throws FTPException,
java.io.IOException
AUTH_TLS
is returned. If the server supports explicit FTPS using SLL but not TLS then
AUTH_SSL is returned. If explicit FTPS is not supported then
the method returns null.
remoteHost - Host from which to retrieve a security mechanism.
AUTH_TLS, AUTH_SSL or
null (see above).
FTPException - Thrown if an FTP-related error occurred.
java.io.IOException - Thrown if a TCP/IP-related error occurred.
public static java.lang.String getServerSecurityMechanism(java.lang.String remoteHost,
int remotePort)
throws FTPException,
java.io.IOException
AUTH_TLS
is returned. If the server supports explicit FTPS using SLL but not TLS then
AUTH_SSL is returned. If explicit FTPS is not supported then
the method returns null.
remoteHost - Host from which to retrieve a security mechanism.remotePort - Port on which to connect to the server.
AUTH_TLS, AUTH_SSL or
null (see above).
FTPException - Thrown if an FTP-related error occurred.
java.io.IOException - Thrown if a TCP/IP-related error occurred.public boolean isImplicitFTPS()
public void setImplicitFTPS(boolean implicitFTPS)
Implicit FTPS is not recommended because it is not compatible with FTP standards and not supported by as many systems. It is however, no less secure than explicit FTPS.
implicitFTPS - true if switching on, false if switching offpublic java.lang.String toString()
toString in class FTPClient
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||