Class AdvancedSSLSettings

java.lang.Object
com.enterprisedt.net.ftp.AdvancedSSLSettings

public class AdvancedSSLSettings extends Object
Settings specifically for the FTPS (FTP over SSL) protocol. Generally these settings are not required for basic use of the protocol.

All settings must be set before connecting to the server.

Version:
$Revision$
Author:
Bruce Blackshaw
  • Method Details

    • allowCustomDHGroups

      public boolean allowCustomDHGroups()
      Indicates whether custom diffie-helman groups are permitted
      Returns:
      true if custom diffie-helman groups are permitted, otherwise false
    • setAllowCustomDHGroups

      public void setAllowCustomDHGroups(boolean allowCustomDHGroups)
      Allows custom diffie-helman groups to be permitted
      Parameters:
      allowCustomDHGroups - if true, custom diffie-helman groups are permitted
    • getSSLServerValidationCertificates

      public SSLFTPCertificateStore getSSLServerValidationCertificates()
      Returns a reference to the SSLFTPCertificateStore which contains the root certificates that will be used to validate the server certificate.
      Returns:
      The root certificate-store.
    • getClientCertificate

      public Certificate getClientCertificate()
      Get the client certificate to be used
      Returns:
      client certificate
    • setClientCertificate

      public void setClientCertificate(Certificate cert)
      Set the client certificate to be used
      Parameters:
      cert - client certificate
    • getClientPrivateKey

      public PrivateKey getClientPrivateKey()
      Get the client certificate to be used
      Returns:
      client certificate
    • setClientPrivateKey

      public void setClientPrivateKey(PrivateKey key)
      Set the client private key to be used
      Parameters:
      key - client private key
    • getClientCertificatePath

      public String getClientCertificatePath()
      Get the path of the PEM file containing the client certificate and private key. This is required if client authentication is to be used.
      Returns:
      file path
    • setClientCertificatePath

      public void setClientCertificatePath(String clientCertificatePath)
      Set the path of the PEM file containing the client certificate and private key. This is required if client authentication is to be used.

      The file must be formatted as follows:

         -----BEGIN xxx PRIVATE KEY-----
         ... client's private key ...
         -----END xxx PRIVATE KEY-----
         -----BEGIN CERTIFICATE-----
         ... client's certificate ...
         -----END CERTIFICATE-----
       
      where xxx defines the keytype which must be either RSA or DSA.

      A chain of keys (ordered from client's certificate to the root) may be placed in the file. Each certificate must be bracketed as shown above.

      Parameters:
      clientCertificatePath - path of the client certificate file
    • getClientCertificatePassphrase

      public String getClientCertificatePassphrase()
      Get the passphrase that has been set for the client certificate, or null if it has not been set.
      Returns:
      passphrase or null
    • setClientCertificatePassphrase

      public void setClientCertificatePassphrase(String clientCertificatePassphrase)
      Set the passphrase for the client certificate.
      Parameters:
      clientCertificatePassphrase - passphrase to set
    • isAllowBasicConstraintsNonCA

      public boolean isAllowBasicConstraintsNonCA()
      Are non-CA certificates (e.g. client certificates) permitted to have basic constraints? By default, they are not.
      Returns:
      true if basic constraints permitted, false if not
    • setAllowBasicConstraintsNonCA

      public void setAllowBasicConstraintsNonCA(boolean allowBasicConstraintsNonCA)
      Are non-CA certificates (e.g. client certificates) permitted to have basic constraints? By default, they are not. Enabling this flag permits non-CA certificates to have basic constraints.
      Parameters:
      allowBasicConstraintsNonCA - true to allow basic constraints in non-CA certs.
    • isStartWithClearDataChannels

      public boolean isStartWithClearDataChannels()
      Are clear data channels used initially? By default the client switches to private data channels immediately after AUTH.
      Returns:
      true if starting with clear channels, false if private
    • setStartWithClearDataChannels

      public void setStartWithClearDataChannels(boolean startWithClearDataChannels)
      By default the client switches to private data channels immediately after the auth(String) method is called. It does this by invoking pbsz(0) and prot('P') from inside the auth() method. This flag stops this behaviour if set to true. The default is false.
      Parameters:
      startWithClearDataChannels - true to force clear data channels
    • isDisableSessionResumption

      public boolean isDisableSessionResumption()
      Is session resumption disabled? The default is false (i.e. it is enabled).
      Returns:
      true if disabled, false if enabled
    • setDisableSessionResumption

      public void setDisableSessionResumption(boolean disableSessionResumption)
      Set session resumption on or off. Session resumption is a feature of SSL/TLS, which speeds up the establishment of secure connections by caching certain cryptographic parameters during the first connection, such that they may be used in subsequent connections. This is particularly handy for FTPS which opens a new connection for each file transfer. Occasionally it can cause problems when establishing secure connections on data-channels, so this flag is provided for disabling the feature and thus forcing a full exchange of cryptographic data for every file.
      Parameters:
      disableSessionResumption - true to disable.
    • isDisableWaitOnClose

      public boolean isDisableWaitOnClose()
      Is the disable waiting on close flag set? If set, stops the client waiting for an SSL closure acknowledgement on both the control channel and the data channel. This flag may be useful if it is found that the client freezes after a data-transfer or when the FTP connection is closed.
      Returns:
      true if wait on close is disabled
    • setDisableWaitOnClose

      public void setDisableWaitOnClose(boolean disableWaitOnClose)
      If set, stops the client waiting for an SSL closure acknowledgement on both the control channel and the data channel. This flag may be useful if it is found that the client freezes after a data-transfer or when the FTP connection is closed.
      Parameters:
      disableWaitOnClose - true to disable wait on close
    • isDisableSSLClosure

      public boolean isDisableSSLClosure()
      Is standard SSL closure disabled? If disabled, SSL connections are forced to close. This flag may be useful if it is found that the client or the server (or both) freezes after a data-transfer or when the FTP connection is closed.
      Returns:
    • setDisableSSLClosure

      public void setDisableSSLClosure(boolean disableSSLClosure)
      Disables standard SSL closure by forcing on both data and control channels SSL connections to close in a non-standard manner. This flag may be useful if it is found that the client or the server (or both) freezes after a data-transfer or when the FTP connection is closed.
      Parameters:
      disableSSLClosure - true to disable SSL closure
    • disableSSL3

      public void disableSSL3(boolean disable)
      Set whether to disable SSL3. The default is true/yes.
      Parameters:
      disable - true to disable SSL3
    • isSSL3Disabled

      public boolean isSSL3Disabled()
      return if SSL3 is disabled
      Returns:
      true if SSL3 is disabled (the default)
    • getMinSSLVersion

      public int getMinSSLVersion()
      Get the minimum SSL/TLS version
      See Also:
    • setMinSSLVersion

      public void setMinSSLVersion(int minSSLVersion)
      Set the minimum SSL/TLS version
      Parameters:
      int - minimum SSL/TLS version
      See Also:
    • getMaxSSLVersion

      public int getMaxSSLVersion()
      Get the maximum SSL/TLS version
      See Also:
    • setMaxSSLVersion

      public void setMaxSSLVersion(int maxSSLVersion)
      Set the maximum SSL/TLS version
      Parameters:
      int - maximum SSL/TLS version
      See Also:
    • getSecurityMechanism

      public SSLFTPSecurityMechanism getSecurityMechanism()
      Set the security mechanism that should be used to set up the secure connection.
      Returns:
      SSLFTPSecurityMechanism
    • setSecurityMechanism

      public void setSecurityMechanism(SSLFTPSecurityMechanism auth)
      Get the security mechanism that should be used to set up the secure connection.
      Parameters:
      auth - security mechanism to use
    • getEnabledCipherSuites

      public SSLFTPCipherSuite[] getEnabledCipherSuites()
      Get a list of the enabled cipher suites.
      Returns:
      SSLFTPCipherSuite[]
    • setEnabledCipherSuites

      public void setEnabledCipherSuites(SSLFTPCipherSuite[] enabledCipherSuites)
      Set the list of enabled ciper suites.
      Parameters:
      enabledCipherSuites - cipher suites to enabled
    • isUseUnencryptedCommands

      public boolean isUseUnencryptedCommands()
      Should FTPS command-channel be revert to plain text after establishing an encrypted connection (FTPS only). If enabled this results in the CCC command being sent immediately after log-in.
      Returns:
      true if command-channel reverts to plain text after connecting (FTPS only).
    • setUseUnencryptedCommands

      public void setUseUnencryptedCommands(boolean useUnencryptedCommands)
      Changed whether command-channel reverts to plain text after connecting (FTPS only). If enabled this results in the CCC command being sent immediately after log-in.
      Parameters:
      useUnencryptedCommands - true if commands should be sent in plain text (FTPS only).
    • getSSLServerCommonNames

      public String[] getSSLServerCommonNames()
      Gets the names that will be used to match the CommonName (CN) field while the certificate is being validated.
      Returns:
      names that will be used for matching.
    • setSSLServerCommonNames

      public void setSSLServerCommonNames(String[] serverCommonNames)
      Set the names that will be used to match the CommonName (CN) field while the certificate is being validated.
      Parameters:
      serverCommonNames - names which will be used for matching.
    • getSSLValidator

      public SSLFTPValidator getSSLValidator()
      Get the SSL validator that was set
      Returns:
      SSLFTPValidator
    • setSSLValidator

      public void setSSLValidator(SSLFTPValidator sslValidator)
      Set the SSL validator instance. Note that if this is set, the common names that are set will not be used, @see setSSLServerCommonNames
      Parameters:
      sslValidator - validator to use