Class FTPSClient

All Implemented Interfaces:
Configurable

public class FTPSClient extends FTPClient
FTP over SSL processing. If desired, the JVM property -Djavax.net.debug=all can be used to see wire-level SSL details. Warning: the hostname is not verified against the certificate by default, use setHostnameVerifier(HostnameVerifier) or setEndpointCheckingEnabled(boolean) (on Java 1.7+) to enable verification. Verification is only performed on client mode connections.
Since:
2.0
  • Field Details

  • Constructor Details

  • Method Details

    • _connectAction_

      protected void _connectAction_() throws IOException
      Because there are so many connect() methods, the _connectAction_() method is provided as a means of performing some action immediately after establishing a connection, rather than reimplementing all the connect() methods.
      Overrides:
      _connectAction_ in class FTPClient
      Throws:
      IOException - If there is any problem with establishing the connection.
      See Also:
    • _openDataConnection_

      @Deprecated protected Socket _openDataConnection_(int command, String arg) throws IOException
      Deprecated.
      Returns a socket of the data connection. Wrapped as an SSLSocket, which carries out handshake processing.
      Overrides:
      _openDataConnection_ in class FTPClient
      Parameters:
      command - The int representation of the FTP command to send.
      arg - The arguments to the FTP command. If this parameter is set to null, then the command is sent with no arguments.
      Returns:
      corresponding to the established data connection. Null is returned if an FTP protocol error is reported at any point during the establishment and initialization of the connection.
      Throws:
      IOException - If there is any problem with the connection.
      See Also:
    • _openDataConnection_

      protected Socket _openDataConnection_(String command, String arg) throws IOException
      Returns a socket of the data connection. Wrapped as an SSLSocket, which carries out handshake processing.
      Overrides:
      _openDataConnection_ in class FTPClient
      Parameters:
      command - The textual representation of the FTP command to send.
      arg - The arguments to the FTP command. If this parameter is set to null, then the command is sent with no arguments.
      Returns:
      corresponding to the established data connection. Null is returned if an FTP protocol error is reported at any point during the establishment and initialization of the connection.
      Throws:
      IOException - If there is any problem with the connection.
      Since:
      3.2
      See Also:
    • _prepareDataSocket_

      protected void _prepareDataSocket_(Socket socket) throws IOException
      Performs any custom initialization for a newly created SSLSocket (before the SSL handshake happens). Called by _openDataConnection_(int, String) immediately after creating the socket. The default implementation is a no-op
      Parameters:
      socket - the socket to set up
      Throws:
      IOException - on error
      Since:
      3.1
    • disconnect

      public void disconnect() throws IOException
      Closes the connection to the FTP server and restores connection parameters to the default values.

      Calls setSocketFactory(null) and setServerSocketFactory(null) to reset the factories that may have been changed during the session, e.g. by execPROT(String)

      Overrides:
      disconnect in class FTPClient
      Throws:
      IOException - If an error occurs while disconnecting.
      Since:
      3.0
    • execADAT

      public int execADAT(byte[] data) throws IOException
      Sends the ADAT command with the specified authentication data.
      Parameters:
      data - The data to send with the command.
      Returns:
      server reply.
      Throws:
      IOException - If an I/O error occurs while sending the command.
      Since:
      3.0
    • execAUTH

      protected void execAUTH() throws SSLException, IOException
      Sends the AUTH command.
      Throws:
      SSLException - If the server reply code equals neither "234" nor "334".
      IOException - If an I/O error occurs while either sending the command.
    • execAUTH

      public int execAUTH(String mechanism) throws IOException
      Sends the AUTH command with the specified mechanism.
      Parameters:
      mechanism - The mechanism name to send with the command.
      Returns:
      server reply.
      Throws:
      IOException - If an I/O error occurs while sending the command.
      Since:
      3.0
    • execCCC

      public int execCCC() throws IOException
      Sends the CCC command to the server. The CCC (Clear Command Channel) command causes the underlying SSLSocket instance to be assigned to a plain Socket instances
      Returns:
      server reply.
      Throws:
      IOException - If an I/O error occurs while sending the command.
      Since:
      3.0
    • execCONF

      public int execCONF(byte[] data) throws IOException
      Sends the CONF command with the specified data.
      Parameters:
      data - The data to send with the command.
      Returns:
      server reply.
      Throws:
      IOException - If an I/O error occurs while sending the command.
      Since:
      3.0
    • execENC

      public int execENC(byte[] data) throws IOException
      Sends the ENC command with the specified data.
      Parameters:
      data - The data to send with the command.
      Returns:
      server reply.
      Throws:
      IOException - If an I/O error occurs while sending the command.
      Since:
      3.0
    • execMIC

      public int execMIC(byte[] data) throws IOException
      Sends the MIC command with the specified data.
      Parameters:
      data - The data to send with the command.
      Returns:
      server reply.
      Throws:
      IOException - If an I/O error occurs while sending the command.
      Since:
      3.0
    • execPBSZ

      public void execPBSZ(long pbsz) throws SSLException, IOException
      PBSZ command. pbsz value: 0 to (2^32)-1 decimal integer.
      Parameters:
      pbsz - Protection Buffer Size.
      Throws:
      SSLException - If the server reply code does not equal "200".
      IOException - If an I/O error occurs while sending the command.
      See Also:
    • execPROT

      public void execPROT(String prot) throws SSLException, IOException
      PROT command.
      • C - Clear
      • S - Safe(SSL protocol only)
      • E - Confidential(SSL protocol only)
      • P - Private
      N.B. the method calls SocketClient.setSocketFactory(javax.net.SocketFactory) and SocketClient.setServerSocketFactory(javax.net.ServerSocketFactory)
      Parameters:
      prot - Data Channel Protection Level, if null, use DEFAULT_PROT.
      Throws:
      SSLException - If the server reply code does not equal 200.
      IOException - If an I/O error occurs while sending the command.
    • getAuthValue

      public String getAuthValue()
      Return AUTH command use value.
      Returns:
      AUTH command use value.
    • getEnabledCipherSuites

      Returns the names of the cipher suites which could be enabled for use on this connection. When the underlying Socket is not an SSLSocket instance, returns null.
      Returns:
      An array of cipher suite names, or null
    • getEnabledProtocols

      Returns the names of the protocol versions which are currently enabled for use on this connection. When the underlying Socket is not an SSLSocket instance, returns null.
      Returns:
      An array of protocols, or null
    • getEnableSessionCreation

      public boolean getEnableSessionCreation()
      Returns true if new SSL sessions may be established by this socket. When the underlying Socket instance is not SSL-enabled (i.e. an instance of SSLSocket with SSLSocketgetEnableSessionCreation()) enabled, this returns False.
      Returns:
      true - Indicates that sessions may be created; this is the default. false - indicates that an existing session must be resumed.
    • getHostnameVerifier

      Gets the currently configured HostnameVerifier. The verifier is only used on client mode connections.
      Returns:
      A HostnameVerifier instance.
      Since:
      3.4
    • getNeedClientAuth

      public boolean getNeedClientAuth()
      Returns true if the socket will require client authentication. When the underlying Socket is not an SSLSocket instance, returns false.
      Returns:
      true - If the server mode socket should request that the client authenticate itself.
    • getProtocol

      protected String getProtocol()
      Gets the secure socket protocol to be used, e.g. SSL/TLS.
      Returns:
      the protocol
      Since:
      3.11.0
    • getProtocols

      protected String[] getProtocols()
      Gets the protocol versions. The getEnabledProtocols() method gets the value from the socket while this method gets its value from this instance's config.
      Returns:
      a clone of the protocols, may be null
      Since:
      3.11.0
    • getSuites

      protected String[] getSuites()
      Gets the cipher suites. The getEnabledCipherSuites() method gets the value from the socket while this method gets its value from this instance's config.
      Returns:
      a clone of the suites, may be null
      Since:
      3.11.0
    • getTrustManager

      Gets the currently configured TrustManager.
      Returns:
      A TrustManager instance.
    • getUseClientMode

      public boolean getUseClientMode()
      Returns true if the socket is set to use client mode in its first handshake. When the underlying Socket is not an SSLSocket instance, returns false.
      Returns:
      true - If the socket should start its first handshake in "client" mode.
    • getWantClientAuth

      public boolean getWantClientAuth()
      Returns true if the socket will request client authentication. When the underlying Socket is not an SSLSocket instance, returns false.
      Returns:
      true - If the server mode socket should request that the client authenticate itself.
    • isClientMode

      protected boolean isClientMode()
      Gets the use client mode flag. The getUseClientMode() method gets the value from the socket while this method gets its value from this instance's config.
      Returns:
      True If the socket should start its first handshake in "client" mode.
      Since:
      3.11.0
    • isCreation

      protected boolean isCreation()
      Gets whether a new SSL session may be established by this socket. Default true
      Returns:
      True if session may be established
      Since:
      3.11.0
    • isEndpointCheckingEnabled

      public boolean isEndpointCheckingEnabled()
      Return whether or not endpoint identification using the HTTPS algorithm on Java 1.7+ is enabled. The default behavior is for this to be disabled. This check is only performed on client mode connections.
      Returns:
      True if enabled, false if not.
      Since:
      3.4
    • isImplicit

      protected boolean isImplicit()
      Gets the security mode. (True - Implicit Mode / False - Explicit Mode)
      Returns:
      True if enabled, false if not.
      Since:
      3.11.0
    • isNeedClientAuth

      protected boolean isNeedClientAuth()
      Gets the need client auth flag. The getNeedClientAuth() method gets the value from the socket while this method gets its value from this instance's config.
      Returns:
      True if enabled, false if not.
      Since:
      3.11.0
    • isWantClientAuth

      protected boolean isWantClientAuth()
      Gets the want client auth flag. The getWantClientAuth() method gets the value from the socket while this method gets its value from this instance's config.
      Returns:
      True if enabled, false if not.
      Since:
      3.11.0
    • parseADATReply

      public byte[] parseADATReply(String reply)
      Parses the given ADAT response line and base64-decodes the data.
      Parameters:
      reply - The ADAT reply to parse.
      Returns:
      the data in the reply, base64-decoded.
      Since:
      3.0
    • parsePBSZ

      public long parsePBSZ(long pbsz) throws SSLException, IOException
      PBSZ command. pbsz value: 0 to (2^32)-1 decimal integer. Issues the command and parses the response to return the negotiated value.
      Parameters:
      pbsz - Protection Buffer Size.
      Returns:
      the negotiated value.
      Throws:
      SSLException - If the server reply code does not equal "200".
      IOException - If an I/O error occurs while sending the command.
      Since:
      3.0
      See Also:
    • sendCommand

      public int sendCommand(String command, String args) throws IOException
      Send an FTP command. A successful CCC (Clear Command Channel) command causes the underlying SSLSocket instance to be assigned to a plain Socket
      Overrides:
      sendCommand in class FTP
      Parameters:
      command - The FTP command.
      args - The arguments to the FTP command. If this parameter is set to null, then the command is sent with no argument.
      Returns:
      server reply.
      Throws:
      IOException - If an I/O error occurs while sending the command.
      SSLException - if a CCC command fails
      See Also:
    • setAuthValue

      public void setAuthValue(String auth)
      Sets AUTH command use value. This processing is done before connected processing.
      Parameters:
      auth - AUTH command use value.
    • setEnabledCipherSuites

      public void setEnabledCipherSuites(String[] cipherSuites)
      Controls which particular cipher suites are enabled for use on this connection. Called before server negotiation.
      Parameters:
      cipherSuites - The cipher suites.
    • setEnabledProtocols

      public void setEnabledProtocols(String[] protocolVersions)
      Controls which particular protocol versions are enabled for use on this connection. I perform setting before a server negotiation.
      Parameters:
      protocolVersions - The protocol versions.
    • setEnabledSessionCreation

      public void setEnabledSessionCreation(boolean isCreation)
      Controls whether a new SSL session may be established by this socket.
      Parameters:
      isCreation - The established socket flag.
    • setEndpointCheckingEnabled

      public void setEndpointCheckingEnabled(boolean enable)
      Automatic endpoint identification checking using the HTTPS algorithm is supported on Java 1.7+. The default behavior is for this to be disabled. This check is only performed on client mode connections.
      Parameters:
      enable - Enable automatic endpoint identification checking using the HTTPS algorithm on Java 1.7+.
      Since:
      3.4
    • setHostnameVerifier

      public void setHostnameVerifier(HostnameVerifier newHostnameVerifier)
      Override the default HostnameVerifier to use. The verifier is only used on client mode connections.
      Parameters:
      newHostnameVerifier - The HostnameVerifier implementation to set or null to disable.
      Since:
      3.4
    • setKeyManager

      public void setKeyManager(KeyManager keyManager)
      Sets a KeyManager to use
      Parameters:
      keyManager - The KeyManager implementation to set.
      See Also:
    • setNeedClientAuth

      public void setNeedClientAuth(boolean isNeedClientAuth)
      Configures the socket to require client authentication.
      Parameters:
      isNeedClientAuth - The need client auth flag.
    • setTrustManager

      public void setTrustManager(TrustManager trustManager)
      Override the default TrustManager to use; if set to null, the default TrustManager from the JVM will be used.
      Parameters:
      trustManager - The TrustManager implementation to set, may be null
      See Also:
    • setUseClientMode

      public void setUseClientMode(boolean isClientMode)
      Configures the socket to use client (or server) mode in its first handshake.
      Parameters:
      isClientMode - The use client mode flag.
    • setWantClientAuth

      public void setWantClientAuth(boolean isWantClientAuth)
      Configures the socket to request client authentication, but only if such a request is appropriate to the cipher suite negotiated.
      Parameters:
      isWantClientAuth - The want client auth flag.
    • sslNegotiation

      protected void sslNegotiation() throws IOException
      SSL/TLS negotiation. Acquires an SSL socket of a control connection and carries out handshake processing.
      Throws:
      IOException - If server negotiation fails