This is an automated email from the ASF dual-hosted git repository.
elecharny pushed a commit to branch 1.1.X
in repository https://gitbox.apache.org/repos/asf/mina-ftpserver.git
The following commit(s) were added to refs/heads/1.1.X by this push:
new cc9cb0c Rversed changes rekated to enabled TLS protocol made in 1.1.3
cc9cb0c is described below
commit cc9cb0cfc5e98c99ae08e59bd03784a3cac405c6
Author: emmanuel lecharny <elecha...@apache.org>
AuthorDate: Mon Mar 7 05:51:30 2022 +0100
Rversed changes rekated to enabled TLS protocol made in 1.1.3
---
.../org/apache/ftpserver/command/impl/AUTH.java | 4 +-
.../ftpserver/impl/IODataConnectionFactory.java | 8 +-
.../apache/ftpserver/listener/nio/NioListener.java | 238 +++++++++++----------
.../org/apache/ftpserver/ssl/SslConfiguration.java | 13 +-
.../ftpserver/ssl/SslConfigurationFactory.java | 205 +++++++++---------
.../ssl/impl/DefaultSslConfiguration.java | 44 +---
6 files changed, 239 insertions(+), 273 deletions(-)
diff --git a/core/src/main/java/org/apache/ftpserver/command/impl/AUTH.java
b/core/src/main/java/org/apache/ftpserver/command/impl/AUTH.java
index 3e7fa1a..baa1f0b 100644
--- a/core/src/main/java/org/apache/ftpserver/command/impl/AUTH.java
+++ b/core/src/main/java/org/apache/ftpserver/command/impl/AUTH.java
@@ -139,8 +139,8 @@ public class AUTH extends AbstractCommand {
sslFilter.setEnabledCipherSuites(ssl.getEnabledCipherSuites());
}
- if (ssl.getEnabledProtocols() != null) {
- sslFilter.setEnabledProtocols(ssl.getEnabledProtocols());
+ if (ssl.getEnabledProtocol() != null) {
+ sslFilter.setEnabledProtocols(new String[]
{ssl.getEnabledProtocol()});
}
session.getFilterChain().addFirst(SSL_SESSION_FILTER_NAME,
sslFilter);
diff --git
a/core/src/main/java/org/apache/ftpserver/impl/IODataConnectionFactory.java
b/core/src/main/java/org/apache/ftpserver/impl/IODataConnectionFactory.java
index 180800f..ba86514 100644
--- a/core/src/main/java/org/apache/ftpserver/impl/IODataConnectionFactory.java
+++ b/core/src/main/java/org/apache/ftpserver/impl/IODataConnectionFactory.java
@@ -260,8 +260,8 @@ public class IODataConnectionFactory implements
ServerDataConnectionFactory {
ssoc.setEnabledCipherSuites(ssl.getEnabledCipherSuites());
}
- if (ssl.getEnabledProtocols() != null) {
- ssoc.setEnabledProtocols(ssl.getEnabledProtocols());
+ if (ssl.getEnabledProtocol() != null) {
+ ssoc.setEnabledProtocols(new String[]
{ssl.getEnabledProtocol()});
}
dataSoc = ssoc;
@@ -318,8 +318,8 @@ public class IODataConnectionFactory implements
ServerDataConnectionFactory {
sslSocket.setEnabledCipherSuites(ssl.getEnabledCipherSuites());
}
- if (ssl.getEnabledProtocols() != null) {
- sslSocket.setEnabledProtocols(ssl.getEnabledProtocols());
+ if (ssl.getEnabledProtocol() != null) {
+ sslSocket.setEnabledProtocols(new String[]
{ssl.getEnabledProtocol()});
}
dataSoc = sslSocket;
diff --git
a/core/src/main/java/org/apache/ftpserver/listener/nio/NioListener.java
b/core/src/main/java/org/apache/ftpserver/listener/nio/NioListener.java
index cfa5d45..b2850f3 100644
--- a/core/src/main/java/org/apache/ftpserver/listener/nio/NioListener.java
+++ b/core/src/main/java/org/apache/ftpserver/listener/nio/NioListener.java
@@ -79,178 +79,182 @@ public class NioListener extends AbstractListener {
*/
@Deprecated
public NioListener(String serverAddress, int port, boolean implicitSsl,
SslConfiguration sslConfiguration, DataConnectionConfiguration
dataConnectionConfig, int idleTimeout, List<InetAddress> blockedAddresses,
List<Subnet> blockedSubnets) {
- super(serverAddress, port, implicitSsl, sslConfiguration,
dataConnectionConfig, idleTimeout, blockedAddresses, blockedSubnets);
+ super(serverAddress, port, implicitSsl, sslConfiguration,
dataConnectionConfig, idleTimeout, blockedAddresses, blockedSubnets);
}
/**
* Constructor for internal use, do not use directly. Instead use {@link
ListenerFactory}
*/
public NioListener(String serverAddress, int port, boolean implicitSsl,
SslConfiguration sslConfiguration, DataConnectionConfiguration
dataConnectionConfig, int idleTimeout, SessionFilter sessionFilter) {
- super(serverAddress, port, implicitSsl, sslConfiguration,
dataConnectionConfig, idleTimeout, sessionFilter);
+ super(serverAddress, port, implicitSsl, sslConfiguration,
dataConnectionConfig, idleTimeout, sessionFilter);
}
/**
* @see Listener#start(FtpServerContext)
*/
public synchronized void start(FtpServerContext context) {
- if (!isStopped()) {
- // listener already started, don't allow
- throw new IllegalStateException("Listener already started");
- }
-
- try {
-
- this.context = context;
-
- acceptor = new
NioSocketAcceptor(Runtime.getRuntime().availableProcessors());
-
- if (getServerAddress() != null) {
- address = new InetSocketAddress(getServerAddress(), getPort());
- } else {
- address = new InetSocketAddress(getPort());
- }
-
- acceptor.setReuseAddress(true);
- acceptor.getSessionConfig().setReadBufferSize(2048);
- acceptor.getSessionConfig().setIdleTime(IdleStatus.BOTH_IDLE,
getIdleTimeout());
- // Decrease the default receiver buffer size
- acceptor.getSessionConfig().setReceiveBufferSize(512);
-
- MdcInjectionFilter mdcFilter = new MdcInjectionFilter();
-
- acceptor.getFilterChain().addLast("mdcFilter", mdcFilter);
-
- SessionFilter sessionFilter = getSessionFilter();
- if (sessionFilter != null) {
- // add and IP filter to the filter chain.
- acceptor.getFilterChain().addLast("sessionFilter", new
MinaSessionFilter(sessionFilter));
- }
-
- acceptor.getFilterChain().addLast("threadPool", new
ExecutorFilter(context.getThreadPoolExecutor()));
- acceptor.getFilterChain().addLast("codec", new ProtocolCodecFilter(new
FtpServerProtocolCodecFactory()));
- acceptor.getFilterChain().addLast("mdcFilter2", mdcFilter);
- acceptor.getFilterChain().addLast("logger", new FtpLoggingFilter());
-
- if (isImplicitSsl()) {
- SslConfiguration ssl_conf = getSslConfiguration();
- SslFilter ssl_filter;
- try {
- ssl_filter = new SslFilter(ssl_conf.getSSLContext());
- } catch (GeneralSecurityException e) {
- throw new FtpServerConfigurationException("SSL could not be
initialized, check configuration");
- }
-
- if (ssl_conf.getClientAuth() == ClientAuth.NEED) {
- ssl_filter.setNeedClientAuth(true);
- } else if (ssl_conf.getClientAuth() == ClientAuth.WANT) {
- ssl_filter.setWantClientAuth(true);
- }
-
- if (ssl_conf.getEnabledProtocols() != null) {
- ssl_filter.setEnabledProtocols(ssl_conf.getEnabledProtocols());
- }
-
- if (ssl_conf.getEnabledCipherSuites() != null) {
-
ssl_filter.setEnabledCipherSuites(ssl_conf.getEnabledCipherSuites());
+ if (!isStopped()) {
+ // listener already started, don't allow
+ throw new IllegalStateException("Listener already started");
}
-
- acceptor.getFilterChain().addFirst("sslFilter", ssl_filter);
- }
-
- handler.init(context, this);
- acceptor.setHandler(new FtpHandlerAdapter(context, handler));
-
+
try {
- acceptor.bind(address);
- } catch (IOException e) {
- throw new FtpServerConfigurationException("Failed to bind to address "
+ address + ", check configuration", e);
+
+ this.context = context;
+
+ acceptor = new
NioSocketAcceptor(Runtime.getRuntime().availableProcessors());
+
+ if (getServerAddress() != null) {
+ address = new InetSocketAddress(getServerAddress(), getPort());
+ } else {
+ address = new InetSocketAddress(getPort());
+ }
+
+ acceptor.setReuseAddress(true);
+ acceptor.getSessionConfig().setReadBufferSize(2048);
+ acceptor.getSessionConfig().setIdleTime(IdleStatus.BOTH_IDLE,
getIdleTimeout());
+ // Decrease the default receiver buffer size
+ acceptor.getSessionConfig().setReceiveBufferSize(512);
+
+ MdcInjectionFilter mdcFilter = new MdcInjectionFilter();
+
+ acceptor.getFilterChain().addLast("mdcFilter", mdcFilter);
+
+ SessionFilter sessionFilter = getSessionFilter();
+
+ if (sessionFilter != null) {
+ // add and IP filter to the filter chain.
+ acceptor.getFilterChain().addLast("sessionFilter", new
MinaSessionFilter(sessionFilter));
+ }
+
+ acceptor.getFilterChain().addLast("threadPool", new
ExecutorFilter(context.getThreadPoolExecutor()));
+ acceptor.getFilterChain().addLast("codec", new
ProtocolCodecFilter(new FtpServerProtocolCodecFactory()));
+ acceptor.getFilterChain().addLast("mdcFilter2", mdcFilter);
+ acceptor.getFilterChain().addLast("logger", new
FtpLoggingFilter());
+
+ if (isImplicitSsl()) {
+ SslConfiguration ssl_conf = getSslConfiguration();
+ SslFilter ssl_filter;
+
+ try {
+ ssl_filter = new SslFilter(ssl_conf.getSSLContext());
+ } catch (GeneralSecurityException e) {
+ throw new FtpServerConfigurationException("SSL could not
be initialized, check configuration");
+ }
+
+ if (ssl_conf.getClientAuth() == ClientAuth.NEED) {
+ ssl_filter.setNeedClientAuth(true);
+ } else if (ssl_conf.getClientAuth() == ClientAuth.WANT) {
+ ssl_filter.setWantClientAuth(true);
+ }
+
+ if (ssl_conf.getEnabledProtocol() != null) {
+ ssl_filter.setEnabledProtocols(new
String[]{ssl_conf.getEnabledProtocol()});
+ }
+
+ if (ssl_conf.getEnabledCipherSuites() != null) {
+
ssl_filter.setEnabledCipherSuites(ssl_conf.getEnabledCipherSuites());
+ }
+
+ acceptor.getFilterChain().addFirst("sslFilter", ssl_filter);
+ }
+
+ handler.init(context, this);
+ acceptor.setHandler(new FtpHandlerAdapter(context, handler));
+
+ try {
+ acceptor.bind(address);
+ } catch (IOException e) {
+ throw new FtpServerConfigurationException("Failed to bind to
address " + address + ", check configuration", e);
+ }
+
+ updatePort();
+
+ } catch (RuntimeException e) {
+ // clean up if we fail to start
+ stop();
+
+ throw e;
}
-
- updatePort();
-
- } catch (RuntimeException e) {
- // clean up if we fail to start
- stop();
-
- throw e;
- }
}
private void updatePort() {
- // update the port to the real port bound by the listener
- setPort(acceptor.getLocalAddress().getPort());
+ // update the port to the real port bound by the listener
+ setPort(acceptor.getLocalAddress().getPort());
}
/**
* @see Listener#stop()
*/
public synchronized void stop() {
- // close server socket
- if (acceptor != null) {
- acceptor.unbind();
- acceptor.dispose();
- acceptor = null;
- }
- context = null;
+ // close server socket
+ if (acceptor != null) {
+ acceptor.unbind();
+ acceptor.dispose();
+ acceptor = null;
+ }
+
+ context = null;
}
/**
* @see Listener#isStopped()
*/
public boolean isStopped() {
- return acceptor == null;
+ return acceptor == null;
}
/**
* @see Listener#isSuspended()
*/
public boolean isSuspended() {
- return suspended;
-
+ return suspended;
}
/**
* @see Listener#resume()
*/
public synchronized void resume() {
- if (acceptor != null && suspended) {
- try {
- LOG.debug("Resuming listener");
- acceptor.bind(address);
- LOG.debug("Listener resumed");
-
- updatePort();
-
- suspended = false;
- } catch (IOException e) {
- LOG.error("Failed to resume listener", e);
+ if (acceptor != null && suspended) {
+ try {
+ LOG.debug("Resuming listener");
+ acceptor.bind(address);
+ LOG.debug("Listener resumed");
+
+ updatePort();
+
+ suspended = false;
+ } catch (IOException e) {
+ LOG.error("Failed to resume listener", e);
+ }
}
}
- }
/**
* @see Listener#suspend()
*/
public synchronized void suspend() {
- if (acceptor != null && !suspended) {
- LOG.debug("Suspending listener");
- acceptor.unbind();
-
- suspended = true;
- LOG.debug("Listener suspended");
- }
+ if (acceptor != null && !suspended) {
+ LOG.debug("Suspending listener");
+ acceptor.unbind();
+
+ suspended = true;
+ LOG.debug("Listener suspended");
+ }
}
/**
* @see Listener#getActiveSessions()
*/
public synchronized Set<FtpIoSession> getActiveSessions() {
- Map<Long, IoSession> sessions = acceptor.getManagedSessions();
+ Map<Long, IoSession> sessions = acceptor.getManagedSessions();
+
+ Set<FtpIoSession> ftpSessions = new HashSet<FtpIoSession>();
- Set<FtpIoSession> ftpSessions = new HashSet<FtpIoSession>();
- for (IoSession session : sessions.values()) {
- ftpSessions.add(new FtpIoSession(session, context));
- }
- return ftpSessions;
+ for (IoSession session : sessions.values()) {
+ ftpSessions.add(new FtpIoSession(session, context));
+ }
+
+ return ftpSessions;
}
}
diff --git a/core/src/main/java/org/apache/ftpserver/ssl/SslConfiguration.java
b/core/src/main/java/org/apache/ftpserver/ssl/SslConfiguration.java
index 1c646c3..420d8fd 100644
--- a/core/src/main/java/org/apache/ftpserver/ssl/SslConfiguration.java
+++ b/core/src/main/java/org/apache/ftpserver/ssl/SslConfiguration.java
@@ -30,8 +30,6 @@ import javax.net.ssl.SSLSocketFactory;
* @author <a href="http://mina.apache.org";>Apache MINA Project</a>
*/
public interface SslConfiguration {
- public static final String DEFAULT_ENABLED_PROTOCOL = "TLSv1.2";
-
/**
* Returns the socket factory that can be used to create sockets using
this <code>SslConfiguration</code>.
*
@@ -73,16 +71,7 @@ public interface SslConfiguration {
*
* @return The name of the protocol as a String
*/
- default String getEnabledProtocol() {
- return DEFAULT_ENABLED_PROTOCOL;
- }
-
- /**
- * Returns the list of ssl protocols
- *
- * @return The list of enabled protocols as a String
- */
- String[] getEnabledProtocols();
+ String getEnabledProtocol();
/**
* Return the required client authentication setting
diff --git
a/core/src/main/java/org/apache/ftpserver/ssl/SslConfigurationFactory.java
b/core/src/main/java/org/apache/ftpserver/ssl/SslConfigurationFactory.java
index 6ee613a..9bc192c 100644
--- a/core/src/main/java/org/apache/ftpserver/ssl/SslConfigurationFactory.java
+++ b/core/src/main/java/org/apache/ftpserver/ssl/SslConfigurationFactory.java
@@ -60,7 +60,7 @@ public class SslConfigurationFactory {
private String trustStoreAlgorithm =
TrustManagerFactory.getDefaultAlgorithm();
- private String[] sslProtocols = new String[] {"TLSv1.2"};
+ private String sslProtocol = "TLSv1.2";
private ClientAuth clientAuth = ClientAuth.NONE;
@@ -76,7 +76,7 @@ public class SslConfigurationFactory {
* @return The key store file
*/
public File getKeystoreFile() {
- return keystoreFile;
+ return keystoreFile;
}
/**
@@ -86,9 +86,11 @@ public class SslConfigurationFactory {
* A path to an existing key store file
*/
public void setKeystoreFile(File keyStoreFile) {
- if (keyStoreFile == null || keyStoreFile.length() == 0)
- throw new FtpServerConfigurationException("KeystoreFile must not be
null or zero length");
- this.keystoreFile = keyStoreFile;
+ if (keyStoreFile == null || keyStoreFile.length() == 0) {
+ throw new FtpServerConfigurationException("KeystoreFile must not
be null or zero length");
+ }
+
+ this.keystoreFile = keyStoreFile;
}
/**
@@ -97,7 +99,7 @@ public class SslConfigurationFactory {
* @return The password
*/
public String getKeystorePassword() {
- return keystorePass;
+ return keystorePass;
}
/**
@@ -107,7 +109,7 @@ public class SslConfigurationFactory {
* The password
*/
public void setKeystorePassword(String keystorePass) {
- this.keystorePass = keystorePass;
+ this.keystorePass = keystorePass;
}
/**
@@ -116,7 +118,7 @@ public class SslConfigurationFactory {
* @return The key store type
*/
public String getKeystoreType() {
- return keystoreType;
+ return keystoreType;
}
/**
@@ -126,9 +128,11 @@ public class SslConfigurationFactory {
* The key store type
*/
public void setKeystoreType(String keystoreType) {
- if (keystoreType == null || keystoreType.length() == 0)
- throw new FtpServerConfigurationException("KeystoreType must not be
null or zero length");
- this.keystoreType = keystoreType;
+ if (keystoreType == null || keystoreType.length() == 0) {
+ throw new FtpServerConfigurationException("KeystoreType must not
be null or zero length");
+ }
+
+ this.keystoreType = keystoreType;
}
/**
@@ -137,7 +141,7 @@ public class SslConfigurationFactory {
* @return The key store algorithm
*/
public String getKeystoreAlgorithm() {
- return keystoreAlgorithm;
+ return keystoreAlgorithm;
}
/**
@@ -147,10 +151,11 @@ public class SslConfigurationFactory {
* The key store algorithm
*/
public void setKeystoreAlgorithm(String keystoreAlgorithm) {
- if (keystoreAlgorithm == null || keystoreAlgorithm.length() == 0)
- throw new FtpServerConfigurationException("KeystoreAlgorithm must not
be null or zero length");
- this.keystoreAlgorithm = keystoreAlgorithm;
-
+ if (keystoreAlgorithm == null || keystoreAlgorithm.length() == 0) {
+ throw new FtpServerConfigurationException("KeystoreAlgorithm must
not be null or zero length");
+ }
+
+ this.keystoreAlgorithm = keystoreAlgorithm;
}
/**
@@ -158,8 +163,8 @@ public class SslConfigurationFactory {
*
* @return The SSL protocol
*/
- public String[] getSslProtocols() {
- return sslProtocols;
+ public String getSslProtocol() {
+ return sslProtocol;
}
/**
@@ -168,12 +173,12 @@ public class SslConfigurationFactory {
* @param sslProtocols
* The SSL protocols
*/
- public void setSslProtocol(String... sslProtocols) {
- if (sslProtocols == null || sslProtocols.length == 0) {
+ public void setSslProtocol(String sslProtocol) {
+ if (sslProtocol == null || sslProtocol.length() == 0) {
throw new FtpServerConfigurationException("SslProcotol must not be
null or zero length");
}
- this.sslProtocols = sslProtocols;
+ this.sslProtocol = sslProtocol;
}
/**
@@ -199,7 +204,7 @@ public class SslConfigurationFactory {
* @return The password
*/
public String getKeyPassword() {
- return keyPass;
+ return keyPass;
}
/**
@@ -209,7 +214,7 @@ public class SslConfigurationFactory {
* The password
*/
public void setKeyPassword(String keyPass) {
- this.keyPass = keyPass;
+ this.keyPass = keyPass;
}
/**
@@ -218,7 +223,7 @@ public class SslConfigurationFactory {
* @return The {@link File} containing the truststore
*/
public File getTruststoreFile() {
- return trustStoreFile;
+ return trustStoreFile;
}
/**
@@ -228,7 +233,7 @@ public class SslConfigurationFactory {
* The password
*/
public void setTruststoreFile(File trustStoreFile) {
- this.trustStoreFile = trustStoreFile;
+ this.trustStoreFile = trustStoreFile;
}
/**
@@ -237,7 +242,7 @@ public class SslConfigurationFactory {
* @return The password
*/
public String getTruststorePassword() {
- return trustStorePass;
+ return trustStorePass;
}
/**
@@ -247,7 +252,7 @@ public class SslConfigurationFactory {
* The password
*/
public void setTruststorePassword(String trustStorePass) {
- this.trustStorePass = trustStorePass;
+ this.trustStorePass = trustStorePass;
}
/**
@@ -257,7 +262,7 @@ public class SslConfigurationFactory {
*/
public String getTruststoreType() {
return trustStoreType;
- }
+ }
/**
* Set the trust store type
@@ -266,7 +271,7 @@ public class SslConfigurationFactory {
* The trust store type
*/
public void setTruststoreType(String trustStoreType) {
- this.trustStoreType = trustStoreType;
+ this.trustStoreType = trustStoreType;
}
/**
@@ -275,7 +280,7 @@ public class SslConfigurationFactory {
* @return The trust store algorithm
*/
public String getTruststoreAlgorithm() {
- return trustStoreAlgorithm;
+ return trustStoreAlgorithm;
}
/**
@@ -285,32 +290,31 @@ public class SslConfigurationFactory {
* The trust store algorithm
*/
public void setTruststoreAlgorithm(String trustStoreAlgorithm) {
- this.trustStoreAlgorithm = trustStoreAlgorithm;
-
+ this.trustStoreAlgorithm = trustStoreAlgorithm;
}
private KeyStore loadStore(File storeFile, String storeType, String
storePass) throws IOException, GeneralSecurityException {
- InputStream fin = null;
- try {
- if (storeFile.exists()) {
- LOG.debug("Trying to load store from file");
- fin = new FileInputStream(storeFile);
- } else {
- LOG.debug("Trying to load store from classpath");
- fin =
getClass().getClassLoader().getResourceAsStream(storeFile.getPath());
-
- if (fin == null) {
- throw new FtpServerConfigurationException("Key store could not be
loaded from " + storeFile.getPath());
- }
+ InputStream fin = null;
+ try {
+ if (storeFile.exists()) {
+ LOG.debug("Trying to load store from file");
+ fin = new FileInputStream(storeFile);
+ } else {
+ LOG.debug("Trying to load store from classpath");
+ fin =
getClass().getClassLoader().getResourceAsStream(storeFile.getPath());
+
+ if (fin == null) {
+ throw new FtpServerConfigurationException("Key store could
not be loaded from " + storeFile.getPath());
+ }
+ }
+
+ KeyStore store = KeyStore.getInstance(storeType);
+ store.load(fin, storePass.toCharArray());
+
+ return store;
+ } finally {
+ IoUtils.close(fin);
}
-
- KeyStore store = KeyStore.getInstance(storeType);
- store.load(fin, storePass.toCharArray());
-
- return store;
- } finally {
- IoUtils.close(fin);
- }
}
/**
@@ -319,43 +323,42 @@ public class SslConfigurationFactory {
* @return The {@link SslConfiguration} instance
*/
public SslConfiguration createSslConfiguration() {
-
- try {
- // initialize keystore
- LOG.debug("Loading key store from \"{}\", using the key store type
\"{}\"", keystoreFile.getAbsolutePath(), keystoreType);
- KeyStore keyStore = loadStore(keystoreFile, keystoreType,
keystorePass);
-
- KeyStore trustStore;
-
- if (trustStoreFile != null) {
- LOG.debug("Loading trust store from \"{}\", using the key store
type \"{}\"", trustStoreFile.getAbsolutePath(), trustStoreType);
- trustStore = loadStore(trustStoreFile, trustStoreType,
trustStorePass);
- } else {
- trustStore = keyStore;
- }
-
- String keyPassToUse;
-
- if (keyPass == null) {
- keyPassToUse = keystorePass;
- } else {
- keyPassToUse = keyPass;
+ try {
+ // initialize keystore
+ LOG.debug("Loading key store from \"{}\", using the key store type
\"{}\"", keystoreFile.getAbsolutePath(), keystoreType);
+ KeyStore keyStore = loadStore(keystoreFile, keystoreType,
keystorePass);
+
+ KeyStore trustStore;
+
+ if (trustStoreFile != null) {
+ LOG.debug("Loading trust store from \"{}\", using the key
store type \"{}\"", trustStoreFile.getAbsolutePath(), trustStoreType);
+ trustStore = loadStore(trustStoreFile, trustStoreType,
trustStorePass);
+ } else {
+ trustStore = keyStore;
+ }
+
+ String keyPassToUse;
+
+ if (keyPass == null) {
+ keyPassToUse = keystorePass;
+ } else {
+ keyPassToUse = keyPass;
+ }
+
+ // initialize key manager factory
+ KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(keystoreAlgorithm);
+ keyManagerFactory.init(keyStore, keyPassToUse.toCharArray());
+
+ // initialize trust manager factory
+ TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance(trustStoreAlgorithm);
+ trustManagerFactory.init(trustStore);
+
+ return new DefaultSslConfiguration(keyManagerFactory,
trustManagerFactory, clientAuth, sslProtocol,
+ enabledCipherSuites, keyAlias);
+ } catch (Exception ex) {
+ LOG.error("DefaultSsl.configure()", ex);
+ throw new
FtpServerConfigurationException("DefaultSsl.configure()", ex);
}
-
- // initialize key manager factory
- KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(keystoreAlgorithm);
- keyManagerFactory.init(keyStore, keyPassToUse.toCharArray());
-
- // initialize trust manager factory
- TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance(trustStoreAlgorithm);
- trustManagerFactory.init(trustStore);
-
- return new DefaultSslConfiguration(keyManagerFactory,
trustManagerFactory, clientAuth, sslProtocols,
- enabledCipherSuites, keyAlias);
- } catch (Exception ex) {
- LOG.error("DefaultSsl.configure()", ex);
- throw new FtpServerConfigurationException("DefaultSsl.configure()",
ex);
- }
}
/**
@@ -365,7 +368,7 @@ public class SslConfigurationFactory {
* authentication is wanted or {@link ClientAuth#NONE} if no
client authentication is the be performed
*/
public ClientAuth getClientAuth() {
- return clientAuth;
+ return clientAuth;
}
/**
@@ -375,11 +378,11 @@ public class SslConfigurationFactory {
* @return An array of cipher suites, or null.
*/
public String[] getEnabledCipherSuites() {
- if (enabledCipherSuites != null) {
- return enabledCipherSuites.clone();
- } else {
- return null;
- }
+ if (enabledCipherSuites != null) {
+ return enabledCipherSuites.clone();
+ } else {
+ return null;
+ }
}
/**
@@ -389,11 +392,11 @@ public class SslConfigurationFactory {
* @param enabledCipherSuites
*/
public void setEnabledCipherSuites(String[] enabledCipherSuites) {
- if (enabledCipherSuites != null) {
- this.enabledCipherSuites = enabledCipherSuites.clone();
- } else {
- this.enabledCipherSuites = null;
- }
+ if (enabledCipherSuites != null) {
+ this.enabledCipherSuites = enabledCipherSuites.clone();
+ } else {
+ this.enabledCipherSuites = null;
+ }
}
/**
@@ -402,7 +405,7 @@ public class SslConfigurationFactory {
* @return The alias, or null if none is set
*/
public String getKeyAlias() {
- return keyAlias;
+ return keyAlias;
}
/**
@@ -413,6 +416,6 @@ public class SslConfigurationFactory {
* The alias to use, or null if JSSE should be allowed to
choose the key.
*/
public void setKeyAlias(String keyAlias) {
- this.keyAlias = keyAlias;
+ this.keyAlias = keyAlias;
}
}
diff --git
a/core/src/main/java/org/apache/ftpserver/ssl/impl/DefaultSslConfiguration.java
b/core/src/main/java/org/apache/ftpserver/ssl/impl/DefaultSslConfiguration.java
index 019170c..75f2fe5 100644
---
a/core/src/main/java/org/apache/ftpserver/ssl/impl/DefaultSslConfiguration.java
+++
b/core/src/main/java/org/apache/ftpserver/ssl/impl/DefaultSslConfiguration.java
@@ -48,7 +48,7 @@ public class DefaultSslConfiguration implements
SslConfiguration {
private final TrustManagerFactory trustManagerFactory;
- private String[] enabledProtocols = new String[] {"TLSv1.2"};
+ private String enabledProtocol = "SSLv1.2";
private final ClientAuth clientAuth;// = ClientAuth.NONE;
@@ -66,36 +66,18 @@ public class DefaultSslConfiguration implements
SslConfiguration {
* @throws GeneralSecurityException
*/
public DefaultSslConfiguration(KeyManagerFactory keyManagerFactory,
TrustManagerFactory trustManagerFactory,
- ClientAuth clientAuthReqd, String[] sslProtocols, String[]
enabledCipherSuites, String keyAlias) throws GeneralSecurityException {
- super();
- this.clientAuth = clientAuthReqd;
- this.enabledCipherSuites = enabledCipherSuites;
- this.keyAlias = keyAlias;
- this.keyManagerFactory = keyManagerFactory;
- this.enabledProtocols = sslProtocols;
- this.trustManagerFactory = trustManagerFactory;
- this.sslContext = initContext();
- this.socketFactory = sslContext.getSocketFactory();
- }
-
- /**
- * Internal constructor, do not use directly. Instead, use {@link
SslConfigurationFactory}
- *
- * @throws GeneralSecurityException
- */
- public DefaultSslConfiguration(KeyManagerFactory keyManagerFactory,
TrustManagerFactory trustManagerFactory,
ClientAuth clientAuthReqd, String sslProtocol, String[]
enabledCipherSuites, String keyAlias) throws GeneralSecurityException {
super();
this.clientAuth = clientAuthReqd;
this.enabledCipherSuites = enabledCipherSuites;
this.keyAlias = keyAlias;
this.keyManagerFactory = keyManagerFactory;
- this.enabledProtocols = new String[] {sslProtocol};
+ this.enabledProtocol = sslProtocol;
this.trustManagerFactory = trustManagerFactory;
this.sslContext = initContext();
this.socketFactory = sslContext.getSocketFactory();
}
-
+
public SSLSocketFactory getSocketFactory() throws GeneralSecurityException
{
return socketFactory;
}
@@ -110,20 +92,8 @@ public class DefaultSslConfiguration implements
SslConfiguration {
/**
* @see SslConfiguration#getEnabledProtocol()
*/
- public String getEnabledProtoco() {
- if ((enabledProtocols != null) && (enabledProtocols.length > 0)) {
- // We use the first one
- return enabledProtocols[0];
- } else {
- return DEFAULT_ENABLED_PROTOCOL;
- }
- }
-
- /**
- * @see SslConfiguration#getEnabledProtocols()
- */
- public String[] getEnabledProtocols() {
- return enabledProtocols;
+ public String getEnabledProtocol() {
+ return enabledProtocol;
}
/**
@@ -137,7 +107,7 @@ public class DefaultSslConfiguration implements
SslConfiguration {
* @see SslConfiguration#getSSLContext()
*/
public SSLContext getSSLContext() throws GeneralSecurityException {
- return getSSLContext(enabledProtocols[0]);
+ return getSSLContext(enabledProtocol);
}
/**
@@ -165,7 +135,7 @@ public class DefaultSslConfiguration implements
SslConfiguration {
}
// create and initialize the SSLContext
- SSLContext ctx = SSLContext.getInstance(enabledProtocols[0]);
+ SSLContext ctx = SSLContext.getInstance(enabledProtocol);
ctx.init(keyManagers, trustManagerFactory.getTrustManagers(), null);
// Create the socket factory
