You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Niklas Gustavsson (JIRA)" <ji...@apache.org> on 2008/08/07 21:34:46 UTC
[jira] Created: (FTPSERVER-149) Provide convenience methods for
checking is the control and data sockets are secure
Provide convenience methods for checking is the control and data sockets are secure
-----------------------------------------------------------------------------------
Key: FTPSERVER-149
URL: https://issues.apache.org/jira/browse/FTPSERVER-149
Project: FtpServer
Issue Type: Improvement
Affects Versions: 1.0-M2
Reporter: Niklas Gustavsson
Assignee: Niklas Gustavsson
Fix For: 1.0-M3
Checking if the data and control sockets are secure (running over SSL/TLS) from a Ftplet is quite intricate and depends on knowledge of the internal implementation in FtpServer. We should make this simple. Suggestion by Jeroen Cranendonk
I've cobbled together some code which should give an idea of what I'm trying
to achieve, haven't tested it yet though. And I do realize this probably
breaks your design in all kinds of ways :)
Firstly, I've added the following to FtpSessionImpl:
public boolean isDataConnectionSecure() {
return ioSession.getDataConnection().isSecure();
}
public boolean isSecure() {
return
ioSession.getFilterChain().contains("sslSessionFilter");
}
public void write(final Object message) {
ioSession.write(message);
}
And then my Ftplet looks like this (and it probably won't compile unless
it's against the full ftpserver code):
public class MyFtplet extends DefaultFtplet implements Ftplet {
@Override
public FtpletEnum onUploadStart(final FtpSession session, final
FtpRequest request) throws FtpException,
IOException {
return this.onLimitedStart(session, request);
}
private FtpletEnum onLimitedStart(final FtpSession session, final
FtpRequest request) {
if (session.isSecure() && session.isDataConnectionSecure())
{
return FtpletEnum.RET_DEFAULT;
}
session.write(new
DefaultFtpReply(FtpReply.REPLY_550_REQUESTED_ACTION_NOT_TAKEN,
"Cannot do this before securing the connection."));
return FtpletEnum.RET_SKIP;
}
}
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (FTPSERVER-149) Provide convenience methods for
checking is the control and data sockets are secure
Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-149?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Niklas Gustavsson closed FTPSERVER-149.
---------------------------------------
Resolution: Fixed
Fixed, again :-)
svn commit "/media/big/home/svn/apache/ftpserver-trunk/core" -m "Crappy implementation of isSecure on the control socket as it only checked for the session base SSL filter (FTPSERVER-149). Same (but opposite) problem for getClientCertificates() (FTPSERVER-151). Also, we should not allow AUTH to be issued on an already secure session or trouble will occur (multiple SSL filters) (FTPSERVER-154) All three fixed and tests added." --username "ngn"
M /media/big/home/svn/apache/ftpserver-trunk/core/src/main/java/org/apache/ftpserver/command/AUTH.java
M /media/big/home/svn/apache/ftpserver-trunk/core/src/main/java/org/apache/ftpserver/interfaces/FtpIoSession.java
M /media/big/home/svn/apache/ftpserver-trunk/core/src/main/resources/org/apache/ftpserver/message/FtpStatus.properties
M /media/big/home/svn/apache/ftpserver-trunk/core/src/test/java/org/apache/ftpserver/ssl/ExplicitSecurityTestTemplate.java
M /media/big/home/svn/apache/ftpserver-trunk/core/src/test/java/org/apache/ftpserver/ssl/MinaClientAuthTest.java
Transmitting file data: /media/big/home/svn/apache/ftpserver-trunk/core/src/main/java/org/apache/ftpserver/command/AUTH.java
Transmitting file data: /media/big/home/svn/apache/ftpserver-trunk/core/src/main/java/org/apache/ftpserver/interfaces/FtpIoSession.java
Transmitting file data: /media/big/home/svn/apache/ftpserver-trunk/core/src/main/resources/org/apache/ftpserver/message/FtpStatus.properties
Transmitting file data: /media/big/home/svn/apache/ftpserver-trunk/core/src/test/java/org/apache/ftpserver/ssl/ExplicitSecurityTestTemplate.java
Transmitting file data: /media/big/home/svn/apache/ftpserver-trunk/core/src/test/java/org/apache/ftpserver/ssl/MinaClientAuthTest.java
Committed revision 685647
> Provide convenience methods for checking is the control and data sockets are secure
> -----------------------------------------------------------------------------------
>
> Key: FTPSERVER-149
> URL: https://issues.apache.org/jira/browse/FTPSERVER-149
> Project: FtpServer
> Issue Type: Improvement
> Affects Versions: 1.0-M2
> Reporter: Niklas Gustavsson
> Assignee: Niklas Gustavsson
> Fix For: 1.0-M3
>
>
> Checking if the data and control sockets are secure (running over SSL/TLS) from a Ftplet is quite intricate and depends on knowledge of the internal implementation in FtpServer. We should make this simple. Suggestion by Jeroen Cranendonk
> I've cobbled together some code which should give an idea of what I'm trying
> to achieve, haven't tested it yet though. And I do realize this probably
> breaks your design in all kinds of ways :)
> Firstly, I've added the following to FtpSessionImpl:
> public boolean isDataConnectionSecure() {
> return ioSession.getDataConnection().isSecure();
> }
> public boolean isSecure() {
> return
> ioSession.getFilterChain().contains("sslSessionFilter");
> }
> public void write(final Object message) {
> ioSession.write(message);
> }
> And then my Ftplet looks like this (and it probably won't compile unless
> it's against the full ftpserver code):
> public class MyFtplet extends DefaultFtplet implements Ftplet {
> @Override
> public FtpletEnum onUploadStart(final FtpSession session, final
> FtpRequest request) throws FtpException,
> IOException {
> return this.onLimitedStart(session, request);
> }
> private FtpletEnum onLimitedStart(final FtpSession session, final
> FtpRequest request) {
> if (session.isSecure() && session.isDataConnectionSecure())
> {
> return FtpletEnum.RET_DEFAULT;
> }
> session.write(new
> DefaultFtpReply(FtpReply.REPLY_550_REQUESTED_ACTION_NOT_TAKEN,
> "Cannot do this before securing the connection."));
> return FtpletEnum.RET_SKIP;
> }
> }
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (FTPSERVER-149) Provide convenience methods for
checking is the control and data sockets are secure
Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-149?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Niklas Gustavsson closed FTPSERVER-149.
---------------------------------------
Resolution: Fixed
Fixed
svn commit "/media/big/home/svn/apache/ftpserver-trunk/core/src/main/java/org/apache/ftpserver/FtpSessionImpl.java" "/media/big/home/svn/apache/ftpserver-trunk/core/src/main/java/org/apache/ftpserver/IODataConnectionFactory.java" "/media/big/home/svn/apache/ftpserver-trunk/core/src/main/java/org/apache/ftpserver/interfaces/FtpIoSession.java" "/media/big/home/svn/apache/ftpserver-trunk/ftplet-api/src/main/java/org/apache/ftpserver/ftplet/DataConnectionFactory.java" "/media/big/home/svn/apache/ftpserver-trunk/ftplet-api/src/main/java/org/apache/ftpserver/ftplet/FtpSession.java" -N -m "Provide convenience methods for checking is the control and data sockets are secure (FTPSERVER-149)" --username "ngn"
M /media/big/home/svn/apache/ftpserver-trunk/core/src/main/java/org/apache/ftpserver/FtpSessionImpl.java
M /media/big/home/svn/apache/ftpserver-trunk/core/src/main/java/org/apache/ftpserver/interfaces/FtpIoSession.java
M /media/big/home/svn/apache/ftpserver-trunk/core/src/main/java/org/apache/ftpserver/IODataConnectionFactory.java
M /media/big/home/svn/apache/ftpserver-trunk/ftplet-api/src/main/java/org/apache/ftpserver/ftplet/DataConnectionFactory.java
M /media/big/home/svn/apache/ftpserver-trunk/ftplet-api/src/main/java/org/apache/ftpserver/ftplet/FtpSession.java
Transmitting file data: /media/big/home/svn/apache/ftpserver-trunk/core/src/main/java/org/apache/ftpserver/FtpSessionImpl.java
Transmitting file data: /media/big/home/svn/apache/ftpserver-trunk/core/src/main/java/org/apache/ftpserver/IODataConnectionFactory.java
Transmitting file data: /media/big/home/svn/apache/ftpserver-trunk/core/src/main/java/org/apache/ftpserver/interfaces/FtpIoSession.java
Transmitting file data: /media/big/home/svn/apache/ftpserver-trunk/ftplet-api/src/main/java/org/apache/ftpserver/ftplet/DataConnectionFactory.java
Transmitting file data: /media/big/home/svn/apache/ftpserver-trunk/ftplet-api/src/main/java/org/apache/ftpserver/ftplet/FtpSession.java
Committed revision 683687
> Provide convenience methods for checking is the control and data sockets are secure
> -----------------------------------------------------------------------------------
>
> Key: FTPSERVER-149
> URL: https://issues.apache.org/jira/browse/FTPSERVER-149
> Project: FtpServer
> Issue Type: Improvement
> Affects Versions: 1.0-M2
> Reporter: Niklas Gustavsson
> Assignee: Niklas Gustavsson
> Fix For: 1.0-M3
>
>
> Checking if the data and control sockets are secure (running over SSL/TLS) from a Ftplet is quite intricate and depends on knowledge of the internal implementation in FtpServer. We should make this simple. Suggestion by Jeroen Cranendonk
> I've cobbled together some code which should give an idea of what I'm trying
> to achieve, haven't tested it yet though. And I do realize this probably
> breaks your design in all kinds of ways :)
> Firstly, I've added the following to FtpSessionImpl:
> public boolean isDataConnectionSecure() {
> return ioSession.getDataConnection().isSecure();
> }
> public boolean isSecure() {
> return
> ioSession.getFilterChain().contains("sslSessionFilter");
> }
> public void write(final Object message) {
> ioSession.write(message);
> }
> And then my Ftplet looks like this (and it probably won't compile unless
> it's against the full ftpserver code):
> public class MyFtplet extends DefaultFtplet implements Ftplet {
> @Override
> public FtpletEnum onUploadStart(final FtpSession session, final
> FtpRequest request) throws FtpException,
> IOException {
> return this.onLimitedStart(session, request);
> }
> private FtpletEnum onLimitedStart(final FtpSession session, final
> FtpRequest request) {
> if (session.isSecure() && session.isDataConnectionSecure())
> {
> return FtpletEnum.RET_DEFAULT;
> }
> session.write(new
> DefaultFtpReply(FtpReply.REPLY_550_REQUESTED_ACTION_NOT_TAKEN,
> "Cannot do this before securing the connection."));
> return FtpletEnum.RET_SKIP;
> }
> }
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Reopened: (FTPSERVER-149) Provide convenience methods for
checking is the control and data sockets are secure
Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-149?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Niklas Gustavsson reopened FTPSERVER-149:
-----------------------------------------
Comment on FTPSERVER-150 by David Latorre:
The provided method to find if the connection is secure:
public boolean isSecure() {
return ioSession.getFilterChain().contains("sslSessionFilter");
}
is not sufficient as the SSLFilter in implicit-ssl mode is called "sslFilter" rather than "sslSessionFilter".
> Provide convenience methods for checking is the control and data sockets are secure
> -----------------------------------------------------------------------------------
>
> Key: FTPSERVER-149
> URL: https://issues.apache.org/jira/browse/FTPSERVER-149
> Project: FtpServer
> Issue Type: Improvement
> Affects Versions: 1.0-M2
> Reporter: Niklas Gustavsson
> Assignee: Niklas Gustavsson
> Fix For: 1.0-M3
>
>
> Checking if the data and control sockets are secure (running over SSL/TLS) from a Ftplet is quite intricate and depends on knowledge of the internal implementation in FtpServer. We should make this simple. Suggestion by Jeroen Cranendonk
> I've cobbled together some code which should give an idea of what I'm trying
> to achieve, haven't tested it yet though. And I do realize this probably
> breaks your design in all kinds of ways :)
> Firstly, I've added the following to FtpSessionImpl:
> public boolean isDataConnectionSecure() {
> return ioSession.getDataConnection().isSecure();
> }
> public boolean isSecure() {
> return
> ioSession.getFilterChain().contains("sslSessionFilter");
> }
> public void write(final Object message) {
> ioSession.write(message);
> }
> And then my Ftplet looks like this (and it probably won't compile unless
> it's against the full ftpserver code):
> public class MyFtplet extends DefaultFtplet implements Ftplet {
> @Override
> public FtpletEnum onUploadStart(final FtpSession session, final
> FtpRequest request) throws FtpException,
> IOException {
> return this.onLimitedStart(session, request);
> }
> private FtpletEnum onLimitedStart(final FtpSession session, final
> FtpRequest request) {
> if (session.isSecure() && session.isDataConnectionSecure())
> {
> return FtpletEnum.RET_DEFAULT;
> }
> session.write(new
> DefaultFtpReply(FtpReply.REPLY_550_REQUESTED_ACTION_NOT_TAKEN,
> "Cannot do this before securing the connection."));
> return FtpletEnum.RET_SKIP;
> }
> }
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.