You are viewing a plain text version of this content. The canonical link for it is here.
Posted to ftpserver-commits@incubator.apache.org by ng...@apache.org on 2007/01/16 21:24:31 UTC
svn commit: r496862 - in /incubator/ftpserver/trunk/core/src:
java/org/apache/ftpserver/command/ java/org/apache/ftpserver/listener/
java/org/apache/ftpserver/listener/io/
java/org/apache/ftpserver/listener/mina/
test/org/apache/ftpserver/clienttests/ ...
Author: ngn
Date: Tue Jan 16 13:24:30 2007
New Revision: 496862
URL: http://svn.apache.org/viewvc?view=rev&rev=496862
Log:
On-the-fly SSL security (as with AUTH) now works with MINA thanks to Trustin Lee over at dev@mina (http://permalink.gmane.org/gmane.comp.apache.directory.mina.devel/2896).
Modified:
incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/command/AUTH.java
incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/Connection.java
incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/io/IOConnection.java
incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/mina/MinaConnection.java
incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/clienttests/LoginTest.java
incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/interfaces/ServerFtpStatisticsTestTemplate.java
Modified: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/command/AUTH.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/command/AUTH.java?view=diff&rev=496862&r1=496861&r2=496862
==============================================================================
--- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/command/AUTH.java (original)
+++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/command/AUTH.java Tue Jan 16 13:24:30 2007
@@ -66,27 +66,25 @@
// check parameter
String authType = request.getArgument().toUpperCase();
if(authType.equals("SSL")) {
- out.send(234, "AUTH.SSL", null);
try {
- connection.secureControlChannel("SSL");
- }
- catch(FtpException ex) {
+ connection.beforeSecureControlChannel("SSL");
+ out.send(234, "AUTH.SSL", null);
+ connection.afterSecureControlChannel("SSL");
+ } catch(FtpException ex) {
throw ex;
- }
- catch(Exception ex) {
+ } catch(Exception ex) {
log.warn("AUTH.execute()", ex);
throw new FtpException("AUTH.execute()", ex);
}
}
else if(authType.equals("TLS")) {
- out.send(234, "AUTH.TLS", null);
try {
- connection.secureControlChannel("TLS");
- }
- catch(FtpException ex) {
+ connection.beforeSecureControlChannel("TLS");
+ out.send(234, "AUTH.TLS", null);
+ connection.afterSecureControlChannel("TLS");
+ } catch(FtpException ex) {
throw ex;
- }
- catch(Exception ex) {
+ } catch(Exception ex) {
log.warn("AUTH.execute()", ex);
throw new FtpException("AUTH.execute()", ex);
}
Modified: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/Connection.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/Connection.java?view=diff&rev=496862&r1=496861&r2=496862
==============================================================================
--- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/Connection.java (original)
+++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/Connection.java Tue Jan 16 13:24:30 2007
@@ -60,7 +60,9 @@
* @param type The type of security to use, i.e. SSL or TLS
* @throws Exception
*/
- void secureControlChannel(String type) throws Exception;
+ void beforeSecureControlChannel(String type) throws Exception;
+
+ void afterSecureControlChannel(String type) throws Exception;
long transfer(InputStream bis, OutputStream bos, int maxRate) throws IOException;
}
Modified: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/io/IOConnection.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/io/IOConnection.java?view=diff&rev=496862&r1=496861&r2=496862
==============================================================================
--- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/io/IOConnection.java (original)
+++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/io/IOConnection.java Tue Jan 16 13:24:30 2007
@@ -199,7 +199,7 @@
/**
* Create secure socket.
*/
- public void secureControlChannel(String protocol) throws Exception {
+ public void afterSecureControlChannel(String protocol) throws Exception {
// change socket to SSL socket
Ssl ssl = serverContext.getSocketFactory().getSSL();
@@ -214,5 +214,10 @@
// set control socket
controlSocket = ssoc;
+ }
+
+ public void beforeSecureControlChannel(String type) throws Exception {
+ // do nothing
+
}
}
Modified: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/mina/MinaConnection.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/mina/MinaConnection.java?view=diff&rev=496862&r1=496861&r2=496862
==============================================================================
--- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/mina/MinaConnection.java (original)
+++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/mina/MinaConnection.java Tue Jan 16 13:24:30 2007
@@ -23,6 +23,7 @@
import java.net.InetSocketAddress;
import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLSession;
import org.apache.ftpserver.FtpDataConnection;
import org.apache.ftpserver.FtpSessionImpl;
@@ -56,10 +57,14 @@
if(session.getFilterChain().contains("sslFilter")) {
SSLFilter sslFilter = (SSLFilter) session.getFilterChain().get("sslFilter");
- try {
- ftpSession.setClientCertificates(sslFilter.getSSLSession(session).getPeerCertificates());
- } catch(SSLPeerUnverifiedException e) {
- // ignore, certificate will not be available to the session
+ SSLSession sslSession = sslFilter.getSSLSession(session);
+
+ if(sslSession != null) {
+ try {
+ ftpSession.setClientCertificates(sslFilter.getSSLSession(session).getPeerCertificates());
+ } catch(SSLPeerUnverifiedException e) {
+ // ignore, certificate will not be available to the session
+ }
}
}
}
@@ -76,10 +81,12 @@
}
- public void secureControlChannel(String type) throws Exception {
+ public void beforeSecureControlChannel(String type) throws Exception {
Ssl ssl = serverContext.getSocketFactory().getSSL();
if(ssl != null) {
+ session.setAttribute(SSLFilter.DISABLE_ENCRYPTION_ONCE);
+
SSLFilter sslFilter = new SSLFilter( ssl.getSSLContext() );
sslFilter.setNeedClientAuth(ssl.getClientAuthenticationRequired());
session.getFilterChain().addFirst("sslSessionFilter", sslFilter);
@@ -89,6 +96,8 @@
}
}
-
- // TODO do we need to override setObserver?
+
+ public void afterSecureControlChannel(String type) throws Exception {
+ // do nothing
+ }
}
Modified: incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/clienttests/LoginTest.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/clienttests/LoginTest.java?view=diff&rev=496862&r1=496861&r2=496862
==============================================================================
--- incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/clienttests/LoginTest.java (original)
+++ incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/clienttests/LoginTest.java Tue Jan 16 13:24:30 2007
@@ -132,11 +132,11 @@
}
}
*/
- public void testLoginWithMaxConnectionsMulti() throws Exception {
+ /*public void testLoginWithMaxConnectionsMulti() throws Exception {
for(int i = 0; i<50; i++) {
testLoginWithMaxConnections();
}
- }
+ }*/
public void testLoginWithMaxConnections() throws Exception {
FTPClient client1 = new FTPClient();
Modified: incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/interfaces/ServerFtpStatisticsTestTemplate.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/interfaces/ServerFtpStatisticsTestTemplate.java?view=diff&rev=496862&r1=496861&r2=496862
==============================================================================
--- incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/interfaces/ServerFtpStatisticsTestTemplate.java (original)
+++ incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/interfaces/ServerFtpStatisticsTestTemplate.java Tue Jan 16 13:24:30 2007
@@ -49,7 +49,7 @@
public void run() {
}
- public void secureControlChannel(String type) throws Exception {
+ public void beforeSecureControlChannel(String type) throws Exception {
}
@@ -63,6 +63,10 @@
public long transfer(InputStream bis, OutputStream bos, int maxRate) throws IOException {
return 0;
+ }
+
+ public void afterSecureControlChannel(String type) throws Exception {
+
}
}