inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

FTP over SSL/TLS configuration additions.

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@22185 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Gary Spencer
2010-09-02 14:40:53 +00:00
parent d9748ebdf0
commit 853efa586a
5 changed files with 216 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
config/alfresco/subsystems/fileServers/default/file-servers-context.xml
View File

@@ -221,6 +221,27 @@
<property name="dataPortTo">
<value>${ftp.dataPortTo}</value>
</property>
<!-- FTPS support -->
<property name="keyStorePath">
<value>${ftp.keyStore}</value>
</property>
<property name="trustStorePath">
<value>${ftp.trustStore}</value>
</property>
<property name="passphrase">
<value>${ftp.passphrase}</value>
</property>
<property name="requireSecureSession">
<value>${ftp.requireSecureSession}</value>
</property>
<property name="sslEngineDebug">
<value>${ftp.sslEngineDebug}</value>
</property>
</bean>
<!--The configurable RPC user mappings - actually a post-processed composite property! -->

11
config/alfresco/subsystems/fileServers/default/file-servers.properties
View File

@@ -3,7 +3,7 @@ filesystem.acl.global.defaultAccessLevel=
### CIFS Server Configuration ###
cifs.enabled=true
cifs.serverName=${localname}A
cifs.serverName=${localname}
cifs.domain=
cifs.broadcast=255.255.255.255
# An empty value indicates bind to all available network adapters
@@ -46,9 +46,16 @@ ftp.ipv6.enabled=false
ftp.dataPortFrom=0
ftp.dataPortTo=0
# FTPS support (enabled when the keystore, truststore and passphrase are set)
ftp.keyStore=
ftp.trustStore=
ftp.passphrase=
ftp.requireSecureSession=true
ftp.sslEngineDebug=false
# FTP session debug flags (also enable org.alfresco.fileserver=debug logging level)
# Comma delimeted list of levels :-
# STATE, RXDATA, TXDATA, DUMPDATA, SEARCH, INFO, FILE, FILEIO, ERROR, PKTTYPE, TIMING, DATAPORT, DIRECTORY
# STATE, RXDATA, TXDATA, DUMPDATA, SEARCH, INFO, FILE, FILEIO, ERROR, PKTTYPE, TIMING, DATAPORT, DIRECTORY, SSL
ftp.sessionDebug=
### NFS Server Configuration ###

2
source/java/org/alfresco/filesys/AbstractServerConfigurationBean.java
View File

@@ -91,7 +91,7 @@ public abstract class AbstractServerConfigurationBean extends ServerConfiguratio
// FTP server debug type strings
protected static final String m_ftpDebugStr[] = { "STATE", "RXDATA", "TXDATA", "DUMPDATA", "SEARCH", "INFO", "FILE", "FILEIO", "ERROR", "PKTTYPE",
"TIMING", "DATAPORT", "DIRECTORY" };
"TIMING", "DATAPORT", "DIRECTORY", "SSL" };
// Default FTP server port

107
source/java/org/alfresco/filesys/config/FTPConfigBean.java
View File

@@ -64,6 +64,23 @@ public class FTPConfigBean
private int dataPortFrom;
private int dataPortTo;
// FTPS configuration
//
// Path to the keystore/truststore files
private String m_keyStorePath;
private String m_trustStorePath;
private String m_passphrase;
// Only allow FTPS/encrypted session logons
private boolean m_requireSecureSess;
// SSL engine debug enable
private boolean m_sslDebug;
/**
* Checks if is server enabled.
*
@@ -309,4 +326,94 @@ public class FTPConfigBean
public void setDataPortTo(int toPort) {
dataPortTo = toPort;
}
/**
* Return the key store path
*
* @return String
*/
public final String getKeyStorePath() {
return m_keyStorePath;
}
/**
* Return the trust store path
*
* @return String
*/
public final String getTrustStorePath() {
return m_trustStorePath;
}
/**
* Return the passphrase for the key store/trust store
*
* @return String
*/
public final String getPassphrase() {
return m_passphrase;
}
/**
* Determine if only secure sessions will be allowed to logon
*
* @return boolean
*/
public final boolean hasRequireSecureSession() {
return m_requireSecureSess;
}
/**
* Set/clear the require secure sessions flag
*
* @param reqSec boolean
*/
public final void setRequireSecureSession( boolean reqSec) {
m_requireSecureSess = reqSec;
}
/**
* Set the key store path
*
* @param path String
*/
public final void setKeyStorePath( String path) {
m_keyStorePath = path;
}
/**
* Set the trust store path
*
* @param path String
*/
public final void setTrustStorePath( String path) {
m_trustStorePath = path;
}
/**
* Set the passphrase
*
* @param phrase String
*/
public final void setPassphrase( String phrase) {
m_passphrase = phrase;
}
/**
* Check if SSLEngine debug output should be enabled
*
* @return boolean
*/
public final boolean hasSslEngineDebug() {
return m_sslDebug;
}
/**
* Enable SSLEngine class debug output
*
* @param sslDebug boolean
*/
public final void setSslEngineDebug( boolean sslDebug) {
m_sslDebug = sslDebug;
}
}

79
source/java/org/alfresco/filesys/config/ServerConfigurationBean.java
View File

@@ -18,6 +18,7 @@
*/
package org.alfresco.filesys.config;
import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
@@ -1331,12 +1332,88 @@ public class ServerConfigurationBean extends AbstractServerConfigurationBean
logger.info("FTP server data ports restricted to range " + rangeFrom + ":" + rangeTo);
}
}
// FTPS parameter parsing
//
// Check if a key store path has been specified
if ( ftpConfigBean.getKeyStorePath() != null && ftpConfigBean.getKeyStorePath().length() > 0) {
// Get the path to the key store, check that the file exists
String keyStorePath = ftpConfigBean.getKeyStorePath();
File keyStoreFile = new File( keyStorePath);
if ( keyStoreFile.exists() == false)
throw new InvalidConfigurationException("FTPS key store file does not exist, " + keyStorePath);
else if ( keyStoreFile.isDirectory())
throw new InvalidConfigurationException("FTPS key store path is a directory, " + keyStorePath);
// Set the key store path
ftpConfig.setKeyStorePath( keyStorePath);
}
// Check if the trust store path has been specified
if ( ftpConfigBean.getTrustStorePath() != null && ftpConfigBean.getTrustStorePath().length() > 0) {
// Get the path to the trust store, check that the file exists
String trustStorePath = ftpConfigBean.getTrustStorePath();
File trustStoreFile = new File( trustStorePath);
if ( trustStoreFile.exists() == false)
throw new InvalidConfigurationException("FTPS trust store file does not exist, " + trustStorePath);
else if ( trustStoreFile.isDirectory())
throw new InvalidConfigurationException("FTPS trust store path is a directory, " + trustStorePath);
// Set the trust store path
ftpConfig.setTrustStorePath( trustStorePath);
}
// Check if the store passphrase has been specified
if ( ftpConfigBean.getPassphrase() != null && ftpConfigBean.getPassphrase().length() > 0) {
// Set the store passphrase
ftpConfig.setPassphrase( ftpConfigBean.getPassphrase());
}
// Check if only secure sessions should be allowed to logon
if ( ftpConfigBean.hasRequireSecureSession()) {
// Only allow secure sessions to logon to the FTP server
ftpConfig.setRequireSecureSession( true);
}
// Check that all the required FTPS parameters have been set
if ( ftpConfig.getKeyStorePath() != null || ftpConfig.getTrustStorePath() != null || ftpConfig.getPassphrase() != null) {
// Make sure all parameters are set
if ( ftpConfig.getKeyStorePath() == null || ftpConfig.getTrustStorePath() == null || ftpConfig.getPassphrase() == null)
throw new InvalidConfigurationException("FTPS configuration requires keyStore, trustStore and storePassphrase to be set");
}
// Check if SSLEngine debug output should be enabled
if ( ftpConfigBean.hasSslEngineDebug()) {
// Enable SSLEngine debug output
System.setProperty("javax.net.debug", "ssl,handshake");
}
}
catch (InvalidConfigurationException ex)
{
throw new AlfrescoRuntimeException(ex.getMessage());
}
}
/**