From 87d2abae6355cfb9993edb89cc60912d0d8230a5 Mon Sep 17 00:00:00 2001 From: Nils Schwabe Date: Thu, 24 Apr 2014 15:26:58 +0200 Subject: Add FTPS to MasterFtpServer --- src/main/java/org/openslx/imagemaster/App.java | 7 +++++-- src/main/java/org/openslx/imagemaster/Globals.java | 20 ++++++++++++++++---- .../org/openslx/imagemaster/server/ApiServer.java | 11 ++++++----- .../imagemaster/server/FtpCredentialsScheduler.java | 11 ++++++----- .../openslx/imagemaster/server/MasterFtpServer.java | 16 +++++++++++----- 5 files changed, 44 insertions(+), 21 deletions(-) (limited to 'src/main/java/org') diff --git a/src/main/java/org/openslx/imagemaster/App.java b/src/main/java/org/openslx/imagemaster/App.java index 989f39e..85ec50b 100644 --- a/src/main/java/org/openslx/imagemaster/App.java +++ b/src/main/java/org/openslx/imagemaster/App.java @@ -7,6 +7,7 @@ import java.util.List; import org.apache.log4j.Logger; import org.openslx.imagemaster.Globals.PropInt; import org.openslx.imagemaster.server.FtpCredentialsScheduler; +import org.openslx.imagemaster.server.MasterFtpServer; import org.openslx.imagemaster.thrift.server.BinaryListener; public class App @@ -15,6 +16,8 @@ public class App private static Logger log = Logger.getLogger( App.class ); private static List servers = new ArrayList<>(); + + public static final MasterFtpServer ftpServer = new MasterFtpServer(); public static void main( String[] args ) { @@ -41,9 +44,9 @@ public class App t.start(); // Create Ftp Server - Globals.ftpServer.init( Globals.getPropertyInt( PropInt.FTPPORT ) ); + ftpServer.init( Globals.getPropertyInt( PropInt.FTPPORT ) ); Thread f; - f = new Thread( Globals.ftpServer, "FtpServer" ); + f = new Thread( ftpServer, "FtpServer" ); servers.add( f ); f.start(); diff --git a/src/main/java/org/openslx/imagemaster/Globals.java b/src/main/java/org/openslx/imagemaster/Globals.java index 6f3524b..717cb1e 100644 --- a/src/main/java/org/openslx/imagemaster/Globals.java +++ b/src/main/java/org/openslx/imagemaster/Globals.java @@ -6,16 +6,16 @@ import java.io.IOException; import java.util.Properties; import org.apache.commons.lang3.StringUtils; +import org.apache.log4j.Logger; import org.openslx.imagemaster.server.MasterFtpServer; public class Globals { + private static Logger log = Logger.getLogger( Globals.class ); private static final Properties properties = new Properties(); private static boolean loadedProperties = false; - public static final MasterFtpServer ftpServer = new MasterFtpServer(); - public static enum PropInt { LDAPPORT, SESSIONTIMEOUTUSER, SESSIONTIMEOUTSERVER, FTPPORT, FTPTIMEOUT @@ -23,7 +23,7 @@ public class Globals public static enum PropString { - IMAGEDIR, LDAPHOST, LDAPBINDQUERY, LDAPSEARCHBASEDN, LDAPSEARCHFILTER, FTPBASEDIR + IMAGEDIR, KEYSTORE, LDAPHOST, LDAPBINDQUERY, LDAPSEARCHBASEDN, LDAPSEARCHFILTER, FTPBASEDIR } public static enum PropBool @@ -64,6 +64,8 @@ public class Globals || Globals.getPropertyString( PropString.LDAPSEARCHFILTER ).isEmpty() || Globals.getPropertyString( PropString.FTPBASEDIR ) == null || Globals.getPropertyString( PropString.FTPBASEDIR ).isEmpty() + || Globals.getPropertyString( PropString.KEYSTORE ) == null + || Globals.getPropertyString( PropString.KEYSTORE ).isEmpty() || Globals.getPropertyInt( PropInt.LDAPPORT ) == 0 || Globals.getPropertyInt( PropInt.SESSIONTIMEOUTUSER ) == 0 @@ -73,15 +75,25 @@ public class Globals return false; } + // check ldap_bind_query if ( StringUtils.countMatches( Globals.getPropertyString( PropString.LDAPBINDQUERY ), "%" ) != 1 ) { + log.error( "ldap_bind_query does not contain '%'" ); return false; } + // check ldap_search_filter if ( StringUtils.countMatches( Globals.getPropertyString( PropString.LDAPSEARCHFILTER ), "%" ) != 1 ) { + log.error( "ldap_search_filter does not contain '%'" ); + return false; + } + + // check keystore + if ( !Globals.getPropertyString( PropString.KEYSTORE ).endsWith( ".jks" )) { + log.error( "Keystore is not in jks format." ); return false; } - // remove "/" at the end of the path + // remove "/" at the end of the paths String ftp = Globals.getPropertyString( PropString.FTPBASEDIR ); if ( ftp.endsWith( "/" ) ) { Globals.properties.put( "ftp_base_dir", ftp.substring( 0, ftp.length() - 1 ) ); diff --git a/src/main/java/org/openslx/imagemaster/server/ApiServer.java b/src/main/java/org/openslx/imagemaster/server/ApiServer.java index 30fb0a8..c88bd05 100644 --- a/src/main/java/org/openslx/imagemaster/server/ApiServer.java +++ b/src/main/java/org/openslx/imagemaster/server/ApiServer.java @@ -4,6 +4,7 @@ import java.io.File; import org.apache.log4j.Logger; import org.apache.thrift.TException; +import org.openslx.imagemaster.App; import org.openslx.imagemaster.Globals; import org.openslx.imagemaster.db.DbSatellite; import org.openslx.imagemaster.db.ImageProcessor; @@ -100,7 +101,7 @@ public class ApiServer } // create new user - FtpCredentials ftpCredentials = Globals.ftpServer.addUser( serverSessionId ); + FtpCredentials ftpCredentials = App.ftpServer.addUser( serverSessionId ); if ( ftpCredentials == null ) { log.error( "Could not create ftp credentials" ); @@ -108,7 +109,7 @@ public class ApiServer } if ( !ImageProcessor.addImageDataToProcess( imageDescription, ftpCredentials.username ) ) { - Globals.ftpServer.removeUser( serverSessionId ); + App.ftpServer.removeUser( serverSessionId ); throw new TException( "ImageData is not valid." ); } @@ -179,7 +180,7 @@ public class ApiServer } // process the image - String username = Globals.ftpServer.getCredentialsFromSessionId( serverSessionId ).username; + String username = App.ftpServer.getCredentialsFromSessionId( serverSessionId ).username; File userDirectory = new File( Globals.getPropertyString( Globals.PropString.FTPBASEDIR ) + "/" + username ); File[] list = userDirectory.listFiles(); @@ -190,12 +191,12 @@ public class ApiServer log.info( username + " is done with upload" ); // remove user that is not needed anymore - Globals.ftpServer.removeUser( username ); + App.ftpServer.removeUser( username ); log.info( "Removed user: " + username ); ImageProcessor.processImageAfterUpload( username, list[0].getName() ); - Globals.ftpServer.removeUser( serverSessionId ); + App.ftpServer.removeUser( serverSessionId ); return true; } diff --git a/src/main/java/org/openslx/imagemaster/server/FtpCredentialsScheduler.java b/src/main/java/org/openslx/imagemaster/server/FtpCredentialsScheduler.java index c5fad4f..ba88f33 100644 --- a/src/main/java/org/openslx/imagemaster/server/FtpCredentialsScheduler.java +++ b/src/main/java/org/openslx/imagemaster/server/FtpCredentialsScheduler.java @@ -7,6 +7,7 @@ import java.util.Timer; import java.util.TimerTask; import org.apache.log4j.Logger; +import org.openslx.imagemaster.App; import org.openslx.imagemaster.Globals; import org.openslx.imagemaster.thrift.iface.FtpCredentials; import org.openslx.imagemaster.util.Util; @@ -21,7 +22,7 @@ public class FtpCredentialsScheduler extends TimerTask public void run() { // check all folders - for ( Map.Entry entry : Globals.ftpServer.users.entrySet() ) { + for ( Map.Entry entry : App.ftpServer.users.entrySet() ) { String sessionId = entry.getKey(); String username = entry.getValue().username; File dir = new File( Globals.getPropertyString( Globals.PropString.FTPBASEDIR ) + "/" + username ); @@ -32,18 +33,18 @@ public class FtpCredentialsScheduler extends TimerTask if ( ( new Date().getTime() - list[0].lastModified() ) >= timeout ) { log.info( username + "'s files are too old. Deleting him and his folder." ); Util.deleteFolder( dir ); - Globals.ftpServer.removeUser( sessionId ); + App.ftpServer.removeUser( sessionId ); } } else if ( list.length > 1 ) { log.info( username + " uploaded too many files. Deleting his account and his folder." ); Util.deleteFolder( dir ); - Globals.ftpServer.removeUser( sessionId ); + App.ftpServer.removeUser( sessionId ); } else { // check the creation time of the user - if ( ( new Date().getTime() - Globals.ftpServer.timeouts.get( username ).getTime() ) >= timeout ) { + if ( ( new Date().getTime() - App.ftpServer.timeouts.get( username ).getTime() ) >= timeout ) { // remove user and his folder Util.deleteFolder( dir ); - Globals.ftpServer.removeUser( sessionId ); + App.ftpServer.removeUser( sessionId ); log.info( username + " did nothing for too long. Deleting him and his folder" ); } } diff --git a/src/main/java/org/openslx/imagemaster/server/MasterFtpServer.java b/src/main/java/org/openslx/imagemaster/server/MasterFtpServer.java index f68e909..de0d758 100644 --- a/src/main/java/org/openslx/imagemaster/server/MasterFtpServer.java +++ b/src/main/java/org/openslx/imagemaster/server/MasterFtpServer.java @@ -13,6 +13,7 @@ import org.apache.ftpserver.ftplet.FtpException; import org.apache.ftpserver.ftplet.Ftplet; import org.apache.ftpserver.ftplet.UserManager; import org.apache.ftpserver.listener.ListenerFactory; +import org.apache.ftpserver.ssl.SslConfigurationFactory; import org.apache.ftpserver.usermanager.PropertiesUserManagerFactory; import org.apache.ftpserver.usermanager.SaltedPasswordEncryptor; import org.apache.ftpserver.usermanager.impl.BaseUser; @@ -40,8 +41,17 @@ public class MasterFtpServer implements Runnable FtpServerFactory serverFactory = new FtpServerFactory(); ListenerFactory factory = new ListenerFactory(); + + // config ssl + SslConfigurationFactory sslConfigFactory = new SslConfigurationFactory(); + sslConfigFactory.setKeystoreFile( new File( "./keyfiles/ftp.jks" ) ); + sslConfigFactory.setKeyAlias( "ftp" ); + sslConfigFactory.setKeystorePassword( "password" ); + // set the port of the listener factory.setPort( port ); + factory.setSslConfiguration( sslConfigFactory.createSslConfiguration() ); + factory.setImplicitSsl( true ); // replace the default listener serverFactory.addListener( "default", factory.createListener() ); @@ -51,9 +61,6 @@ public class MasterFtpServer implements Runnable userManagerFactory.setFile( new File( "src/main/properties/ftp.properties" ) ); userManagerFactory.setPasswordEncryptor( new SaltedPasswordEncryptor() ); userManager = userManagerFactory.createUserManager(); - - // create new admin user - //addUser(adminUsername, adminPassword, ftproot, true); serverFactory.setUserManager( userManager ); // add the Ftplet @@ -63,12 +70,11 @@ public class MasterFtpServer implements Runnable // start the server server = serverFactory.createServer(); + ini = true; } public FtpCredentials addUser( final String serverSessionId ) { - // TODO: enable SSL - FtpCredentials ftpCredentials = null; String generatedUser = RandomString.generate( 10, false ); -- cgit v1.2.3-55-g7522