Add FTPS to MasterFtpServer

7 files changed, 59 insertions, 28 deletions

diff --git a/.gitignore b/.gitignore
index c218b85..e31a5ff 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,4 +8,5 @@
 /src/main/java/org/openslx/imagemaster/thrift/iface
 /gen-java
 /src/main/properties/ftp.properties
+/config/keystore.jks
 
diff --git a/config/global.properties.example b/config/global.properties.example
index 1b2ea39..0b26f75 100644
--- a/config/global.properties.example
+++ b/config/global.properties.example
@@ -1,12 +1,15 @@
 # fill in properties and rename to global.properties
 
 #####################
-#	Directories		#
+#	Main			#
 #####################
 
 # the dir where the images are stored
 image_dir=/tmp
 
+# keystore (.jks format)
+keystore=./config/keystore.jks
+
 #####################
 #	LDAP data		#
 #####################
@@ -26,6 +29,7 @@ ldap_bind_query=uid\=%,ou\=people,dc\=uni-freiburg,dc\=de
 # search baseDn
 ldap_search_base_dn=ou\=people,dc\=uni-freiburg,dc\=de
 
+
 # search filter (use a % for the username replacement
 ldap_search_filter=(&(objectclass\=person)(uid\=%))
 
@@ -33,18 +37,21 @@ ldap_search_filter=(&(objectclass\=person)(uid\=%))
 #	Session 		#
 #####################
 
-# session timeout for users (in minutes)
-session_timeout_user=30
+# session timeout for users (in seconds)
+session_timeout_user=600
 
-# session timeout for servers (in minutes)
-session_timeout_server=30
+# session timeout for servers (in seconds)
+session_timeout_server=600
 
 #####################
 #	FTP Server		#
 #####################
 
 # the base dir of the ftp server (should exists)
-ftp_base_dir=/home/nils/ftp
+ftp_base_dir=/tmp
 
 # the port of the ftp server
-ftp_port=2221
\ No newline at end of file
+ftp_port=2221
+
+# timeout for kicking ftp users (in minutes)
+ftp_timeout=60
\ No newline at end of file
diff --git a/src/main/java/org/openslx/imagemaster/App.java b/src/main/java/org/openslx/imagemaster/App.java
index 989f39e..85ec50b 100644
--- a/src/main/java/org/openslx/imagemaster/App.java
+++ b/src/main/java/org/openslx/imagemaster/App.java
@@ -7,6 +7,7 @@ import java.util.List;
 import org.apache.log4j.Logger;
 import org.openslx.imagemaster.Globals.PropInt;
 import org.openslx.imagemaster.server.FtpCredentialsScheduler;
+import org.openslx.imagemaster.server.MasterFtpServer;
 import org.openslx.imagemaster.thrift.server.BinaryListener;
 
 public class App
@@ -15,6 +16,8 @@ public class App
 	private static Logger log = Logger.getLogger( App.class );
 
 	private static List<Thread> servers = new ArrayList<>();
+	
+	public static final MasterFtpServer ftpServer = new MasterFtpServer();
 
 	public static void main( String[] args )
 	{
@@ -41,9 +44,9 @@ public class App
 		t.start();
 
 		// Create Ftp Server
-		Globals.ftpServer.init( Globals.getPropertyInt( PropInt.FTPPORT ) );
+		ftpServer.init( Globals.getPropertyInt( PropInt.FTPPORT ) );
 		Thread f;
-		f = new Thread( Globals.ftpServer, "FtpServer" );
+		f = new Thread( ftpServer, "FtpServer" );
 		servers.add( f );
 		f.start();
 
diff --git a/src/main/java/org/openslx/imagemaster/Globals.java b/src/main/java/org/openslx/imagemaster/Globals.java
index 6f3524b..717cb1e 100644
--- a/src/main/java/org/openslx/imagemaster/Globals.java
+++ b/src/main/java/org/openslx/imagemaster/Globals.java
@@ -6,16 +6,16 @@ import java.io.IOException;
 import java.util.Properties;
 
 import org.apache.commons.lang3.StringUtils;
+import org.apache.log4j.Logger;
 import org.openslx.imagemaster.server.MasterFtpServer;
 
 public class Globals
 {
 
+	private static Logger log = Logger.getLogger( Globals.class );
 	private static final Properties properties = new Properties();
 	private static boolean loadedProperties = false;
 
-	public static final MasterFtpServer ftpServer = new MasterFtpServer();
-
 	public static enum PropInt
 	{
 		LDAPPORT, SESSIONTIMEOUTUSER, SESSIONTIMEOUTSERVER, FTPPORT, FTPTIMEOUT
@@ -23,7 +23,7 @@ public class Globals
 
 	public static enum PropString
 	{
-		IMAGEDIR, LDAPHOST, LDAPBINDQUERY, LDAPSEARCHBASEDN, LDAPSEARCHFILTER, FTPBASEDIR
+		IMAGEDIR, KEYSTORE, LDAPHOST, LDAPBINDQUERY, LDAPSEARCHBASEDN, LDAPSEARCHFILTER, FTPBASEDIR
 	}
 
 	public static enum PropBool
@@ -64,6 +64,8 @@ public class Globals
 				|| Globals.getPropertyString( PropString.LDAPSEARCHFILTER ).isEmpty()
 				|| Globals.getPropertyString( PropString.FTPBASEDIR ) == null
 				|| Globals.getPropertyString( PropString.FTPBASEDIR ).isEmpty()
+				|| Globals.getPropertyString( PropString.KEYSTORE ) == null
+				|| Globals.getPropertyString( PropString.KEYSTORE ).isEmpty()
 
 				|| Globals.getPropertyInt( PropInt.LDAPPORT ) == 0
 				|| Globals.getPropertyInt( PropInt.SESSIONTIMEOUTUSER ) == 0
@@ -73,15 +75,25 @@ public class Globals
 			return false;
 		}
 
+		// check ldap_bind_query
 		if ( StringUtils.countMatches( Globals.getPropertyString( PropString.LDAPBINDQUERY ), "%" ) != 1 ) {
+			log.error( "ldap_bind_query does not contain '%'" );
 			return false;
 		}
 
+		// check ldap_search_filter
 		if ( StringUtils.countMatches( Globals.getPropertyString( PropString.LDAPSEARCHFILTER ), "%" ) != 1 ) {
+			log.error( "ldap_search_filter does not contain '%'" );
+			return false;
+		}
+		
+		// check keystore
+		if ( !Globals.getPropertyString( PropString.KEYSTORE ).endsWith( ".jks" )) {
+			log.error( "Keystore is not in jks format." );
 			return false;
 		}
 
-		// remove "/" at the end of the path
+		// remove "/" at the end of the paths
 		String ftp = Globals.getPropertyString( PropString.FTPBASEDIR );
 		if ( ftp.endsWith( "/" ) ) {
 			Globals.properties.put( "ftp_base_dir", ftp.substring( 0, ftp.length() - 1 ) );
diff --git a/src/main/java/org/openslx/imagemaster/server/ApiServer.java b/src/main/java/org/openslx/imagemaster/server/ApiServer.java
index 30fb0a8..c88bd05 100644
--- a/src/main/java/org/openslx/imagemaster/server/ApiServer.java
+++ b/src/main/java/org/openslx/imagemaster/server/ApiServer.java
@@ -4,6 +4,7 @@ import java.io.File;
 
 import org.apache.log4j.Logger;
 import org.apache.thrift.TException;
+import org.openslx.imagemaster.App;
 import org.openslx.imagemaster.Globals;
 import org.openslx.imagemaster.db.DbSatellite;
 import org.openslx.imagemaster.db.ImageProcessor;
@@ -100,7 +101,7 @@ public class ApiServer
 		}
 
 		// create new user
-		FtpCredentials ftpCredentials = Globals.ftpServer.addUser( serverSessionId );
+		FtpCredentials ftpCredentials = App.ftpServer.addUser( serverSessionId );
 
 		if ( ftpCredentials == null ) {
 			log.error( "Could not create ftp credentials" );
@@ -108,7 +109,7 @@ public class ApiServer
 		}
 
 		if ( !ImageProcessor.addImageDataToProcess( imageDescription, ftpCredentials.username ) ) {
-			Globals.ftpServer.removeUser( serverSessionId );
+			App.ftpServer.removeUser( serverSessionId );
 			throw new TException( "ImageData is not valid." );
 		}
 
@@ -179,7 +180,7 @@ public class ApiServer
 		}
 
 		// process the image
-		String username = Globals.ftpServer.getCredentialsFromSessionId( serverSessionId ).username;
+		String username = App.ftpServer.getCredentialsFromSessionId( serverSessionId ).username;
 
 		File userDirectory = new File( Globals.getPropertyString( Globals.PropString.FTPBASEDIR ) + "/" + username );
 		File[] list = userDirectory.listFiles();
@@ -190,12 +191,12 @@ public class ApiServer
 		log.info( username + " is done with upload" );
 
 		// remove user that is not needed anymore
-		Globals.ftpServer.removeUser( username );
+		App.ftpServer.removeUser( username );
 		log.info( "Removed user: " + username );
 
 		ImageProcessor.processImageAfterUpload( username, list[0].getName() );
 
-		Globals.ftpServer.removeUser( serverSessionId );
+		App.ftpServer.removeUser( serverSessionId );
 
 		return true;
 	}
diff --git a/src/main/java/org/openslx/imagemaster/server/FtpCredentialsScheduler.java b/src/main/java/org/openslx/imagemaster/server/FtpCredentialsScheduler.java
index c5fad4f..ba88f33 100644
--- a/src/main/java/org/openslx/imagemaster/server/FtpCredentialsScheduler.java
+++ b/src/main/java/org/openslx/imagemaster/server/FtpCredentialsScheduler.java
@@ -7,6 +7,7 @@ import java.util.Timer;
 import java.util.TimerTask;
 
 import org.apache.log4j.Logger;
+import org.openslx.imagemaster.App;
 import org.openslx.imagemaster.Globals;
 import org.openslx.imagemaster.thrift.iface.FtpCredentials;
 import org.openslx.imagemaster.util.Util;
@@ -21,7 +22,7 @@ public class FtpCredentialsScheduler extends TimerTask
 	public void run()
 	{
 		// check all folders
-		for ( Map.Entry<String, FtpCredentials> entry : Globals.ftpServer.users.entrySet() ) {
+		for ( Map.Entry<String, FtpCredentials> entry : App.ftpServer.users.entrySet() ) {
 			String sessionId = entry.getKey();
 			String username = entry.getValue().username;
 			File dir = new File( Globals.getPropertyString( Globals.PropString.FTPBASEDIR ) + "/" + username );
@@ -32,18 +33,18 @@ public class FtpCredentialsScheduler extends TimerTask
 				if ( ( new Date().getTime() - list[0].lastModified() ) >= timeout ) {
 					log.info( username + "'s files are too old. Deleting him and his folder." );
 					Util.deleteFolder( dir );
-					Globals.ftpServer.removeUser( sessionId );
+					App.ftpServer.removeUser( sessionId );
 				}
 			} else if ( list.length > 1 ) {
 				log.info( username + " uploaded too many files. Deleting his account and his folder." );
 				Util.deleteFolder( dir );
-				Globals.ftpServer.removeUser( sessionId );
+				App.ftpServer.removeUser( sessionId );
 			} else {
 				// check the creation time of the user
-				if ( ( new Date().getTime() - Globals.ftpServer.timeouts.get( username ).getTime() ) >= timeout ) {
+				if ( ( new Date().getTime() - App.ftpServer.timeouts.get( username ).getTime() ) >= timeout ) {
 					// remove user and his folder
 					Util.deleteFolder( dir );
-					Globals.ftpServer.removeUser( sessionId );
+					App.ftpServer.removeUser( sessionId );
 					log.info( username + " did nothing for too long. Deleting him and his folder" );
 				}
 			}
diff --git a/src/main/java/org/openslx/imagemaster/server/MasterFtpServer.java b/src/main/java/org/openslx/imagemaster/server/MasterFtpServer.java
index f68e909..de0d758 100644
--- a/src/main/java/org/openslx/imagemaster/server/MasterFtpServer.java
+++ b/src/main/java/org/openslx/imagemaster/server/MasterFtpServer.java
@@ -13,6 +13,7 @@ import org.apache.ftpserver.ftplet.FtpException;
 import org.apache.ftpserver.ftplet.Ftplet;
 import org.apache.ftpserver.ftplet.UserManager;
 import org.apache.ftpserver.listener.ListenerFactory;
+import org.apache.ftpserver.ssl.SslConfigurationFactory;
 import org.apache.ftpserver.usermanager.PropertiesUserManagerFactory;
 import org.apache.ftpserver.usermanager.SaltedPasswordEncryptor;
 import org.apache.ftpserver.usermanager.impl.BaseUser;
@@ -40,8 +41,17 @@ public class MasterFtpServer implements Runnable
 
 		FtpServerFactory serverFactory = new FtpServerFactory();
 		ListenerFactory factory = new ListenerFactory();
+
+		// config ssl
+		SslConfigurationFactory sslConfigFactory = new SslConfigurationFactory();
+		sslConfigFactory.setKeystoreFile( new File( "./keyfiles/ftp.jks" ) );
+		sslConfigFactory.setKeyAlias( "ftp" );
+		sslConfigFactory.setKeystorePassword( "password" );
+
 		// set the port of the listener
 		factory.setPort( port );
+		factory.setSslConfiguration( sslConfigFactory.createSslConfiguration() );
+		factory.setImplicitSsl( true );
 
 		// replace the default listener
 		serverFactory.addListener( "default", factory.createListener() );
@@ -51,9 +61,6 @@ public class MasterFtpServer implements Runnable
 		userManagerFactory.setFile( new File( "src/main/properties/ftp.properties" ) );
 		userManagerFactory.setPasswordEncryptor( new SaltedPasswordEncryptor() );
 		userManager = userManagerFactory.createUserManager();
-
-		// create new admin user
-		//addUser(adminUsername, adminPassword, ftproot, true);
 		serverFactory.setUserManager( userManager );
 
 		// add the Ftplet
@@ -63,12 +70,11 @@ public class MasterFtpServer implements Runnable
 
 		// start the server
 		server = serverFactory.createServer();
+		ini = true;
 	}
 
 	public FtpCredentials addUser( final String serverSessionId )
 	{
-		// TODO: enable SSL
-
 		FtpCredentials ftpCredentials = null;
 
 		String generatedUser = RandomString.generate( 10, false );