public class AdvancedSSLSettings
extends java.lang.Object
All settings must be set before connecting to the server.
Modifier and Type | Method and Description |
---|---|
void |
disableSSL3(boolean disable)
Set whether to disable SSL3.
|
java.security.cert.Certificate |
getClientCertificate()
Get the client certificate to be used
|
java.lang.String |
getClientCertificatePassphrase()
Get the passphrase that has been set for the client certificate, or
null if it has not been set.
|
java.lang.String |
getClientCertificatePath()
Get the path of the PEM file containing the client certificate and private key.
|
java.security.PrivateKey |
getClientPrivateKey()
Get the client certificate to be used
|
SSLFTPCipherSuite[] |
getEnabledCipherSuites()
Get a list of the enabled cipher suites.
|
int |
getMaxSSLVersion()
Get the maximum SSL/TLS version
|
int |
getMinSSLVersion()
Get the minimum SSL/TLS version
|
SSLFTPSecurityMechanism |
getSecurityMechanism()
Set the security mechanism that should be used to set up the
secure connection.
|
java.lang.String[] |
getSSLServerCommonNames()
Gets the names that will be used to match the CommonName (CN) field while the certificate
is being validated.
|
SSLFTPCertificateStore |
getSSLServerValidationCertificates()
Returns a reference to the
SSLFTPCertificateStore
which contains the root certificates that will be used
to validate the server certificate. |
SSLFTPValidator |
getSSLValidator()
Get the SSL validator that was set
|
boolean |
isAllowBasicConstraintsNonCA()
Are non-CA certificates (e.g.
|
boolean |
isDisableSessionResumption()
Is session resumption disabled? The default is false (i.e.
|
boolean |
isDisableSSLClosure()
Is standard SSL closure disabled? If disabled, SSL connections are
forced to close.
|
boolean |
isDisableWaitOnClose()
Is the disable waiting on close flag set? If set, stops the client
waiting for an SSL closure acknowledgement on
both the control channel and the data channel.
|
boolean |
isSSL3Disabled()
return if SSL3 is disabled
|
boolean |
isStartWithClearDataChannels()
Are clear data channels used initially? By default the client switches
to private data channels immediately after AUTH.
|
boolean |
isUseUnencryptedCommands()
Should FTPS command-channel be revert to plain text after establishing
an encrypted connection (FTPS only).
|
void |
setAllowBasicConstraintsNonCA(boolean allowBasicConstraintsNonCA)
Are non-CA certificates (e.g.
|
void |
setClientCertificate(java.security.cert.Certificate cert)
Set the client certificate to be used
|
void |
setClientCertificatePassphrase(java.lang.String clientCertificatePassphrase)
Set the passphrase for the client certificate.
|
void |
setClientCertificatePath(java.lang.String clientCertificatePath)
Set the path of the PEM file containing the client certificate and private key.
|
void |
setClientPrivateKey(java.security.PrivateKey key)
Set the client private key to be used
|
void |
setDisableSessionResumption(boolean disableSessionResumption)
Set session resumption on or off.
|
void |
setDisableSSLClosure(boolean disableSSLClosure)
Disables standard SSL closure by forcing on both data and control
channels SSL connections to close in a non-standard
manner.
|
void |
setDisableWaitOnClose(boolean disableWaitOnClose)
If set, stops the client waiting for an SSL closure acknowledgement on
both the control channel and the data channel.
|
void |
setEnabledCipherSuites(SSLFTPCipherSuite[] enabledCipherSuites)
Set the list of enabled ciper suites.
|
void |
setMaxSSLVersion(int maxSSLVersion)
Set the maximum SSL/TLS version
|
void |
setMinSSLVersion(int minSSLVersion)
Set the minimum SSL/TLS version
|
void |
setSecurityMechanism(SSLFTPSecurityMechanism auth)
Get the security mechanism that should be used to set up the
secure connection.
|
void |
setSSLServerCommonNames(java.lang.String[] serverCommonNames)
Set the names that will be used to match the CommonName (CN) field while the certificate
is being validated.
|
void |
setSSLValidator(SSLFTPValidator sslValidator)
Set the SSL validator instance.
|
void |
setStartWithClearDataChannels(boolean startWithClearDataChannels)
By default the client switches to private
data channels immediately after the
auth(String) method
is called. |
void |
setUseUnencryptedCommands(boolean useUnencryptedCommands)
Changed whether command-channel reverts to plain text after connecting (FTPS only).
|
public SSLFTPCertificateStore getSSLServerValidationCertificates()
SSLFTPCertificateStore
which contains the root certificates that will be used
to validate the server certificate.public java.security.cert.Certificate getClientCertificate()
public void setClientCertificate(java.security.cert.Certificate cert)
cert
- client certificatepublic java.security.PrivateKey getClientPrivateKey()
public void setClientPrivateKey(java.security.PrivateKey key)
key
- client private keypublic java.lang.String getClientCertificatePath()
public void setClientCertificatePath(java.lang.String clientCertificatePath)
The file must be formatted as follows:
-----BEGIN xxx PRIVATE KEY----- ... client's private key ... -----END xxx PRIVATE KEY----- -----BEGIN CERTIFICATE----- ... client's certificate ... -----END CERTIFICATE-----where
xxx
defines the keytype which must be either
RSA or DSA.
A chain of keys (ordered from client's certificate to the root) may be placed in the file. Each certificate must be bracketed as shown above.
clientCertificatePath
- path of the client certificate filepublic java.lang.String getClientCertificatePassphrase()
public void setClientCertificatePassphrase(java.lang.String clientCertificatePassphrase)
clientCertificatePassphrase
- passphrase to setpublic boolean isAllowBasicConstraintsNonCA()
public void setAllowBasicConstraintsNonCA(boolean allowBasicConstraintsNonCA)
allowBasicConstraintsNonCA
- true to allow basic constraints in non-CA certs.public boolean isStartWithClearDataChannels()
public void setStartWithClearDataChannels(boolean startWithClearDataChannels)
auth(String)
method
is called. It does this by invoking pbsz(0)
and
prot('P')
from inside the auth()
method.
This flag stops this behaviour if set to true. The default is false.startWithClearDataChannels
- true to force clear data channelspublic boolean isDisableSessionResumption()
public void setDisableSessionResumption(boolean disableSessionResumption)
disableSessionResumption
- true to disable.public boolean isDisableWaitOnClose()
public void setDisableWaitOnClose(boolean disableWaitOnClose)
disableWaitOnClose
- true to disable wait on closepublic boolean isDisableSSLClosure()
public void setDisableSSLClosure(boolean disableSSLClosure)
disableSSLClosure
- true to disable SSL closurepublic void disableSSL3(boolean disable)
disable
- true to disable SSL3public boolean isSSL3Disabled()
public int getMinSSLVersion()
SSLFTPClient.SSLVersion
public void setMinSSLVersion(int minSSLVersion)
int
- minimum SSL/TLS versionSSLFTPClient.SSLVersion
public int getMaxSSLVersion()
SSLFTPClient.SSLVersion
public void setMaxSSLVersion(int maxSSLVersion)
int
- maximum SSL/TLS versionSSLFTPClient.SSLVersion
public SSLFTPSecurityMechanism getSecurityMechanism()
public void setSecurityMechanism(SSLFTPSecurityMechanism auth)
auth
- security mechanism to usepublic SSLFTPCipherSuite[] getEnabledCipherSuites()
public void setEnabledCipherSuites(SSLFTPCipherSuite[] enabledCipherSuites)
enabledCipherSuites
- cipher suites to enabledpublic boolean isUseUnencryptedCommands()
public void setUseUnencryptedCommands(boolean useUnencryptedCommands)
useUnencryptedCommands
- true if commands should be sent in plain text (FTPS only).public java.lang.String[] getSSLServerCommonNames()
public void setSSLServerCommonNames(java.lang.String[] serverCommonNames)
serverCommonNames
- names which will be used for matching.public SSLFTPValidator getSSLValidator()
public void setSSLValidator(SSLFTPValidator sslValidator)
sslValidator
- validator to useCopyright © 2001-2014 Enterprise Distributed Technologies Ltd. All Rights Reserved.