Merge branch 'local' into ftps

Author: sgrampone

GeneXusCryptography/pom.xml

@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>com.genexus</groupId>
 		<artifactId>SecurityAPIParent</artifactId>
-		<version>1.0.0.1</version>
+		<version>1.0.0.2</version>
 	</parent>
 
 

GeneXusFtps/pom.xml

@@ -8,7 +8,7 @@
 	<parent>
 		<groupId>com.genexus</groupId>
 		<artifactId>SecurityAPIParent</artifactId>
-		<version>1.0.0.1</version>
+		<version>1.0.0.2</version>
 	</parent>
 
 
@@ -37,7 +37,7 @@
 		<dependency>
 			<groupId>commons-net</groupId>
 			<artifactId>commons-net</artifactId>
-			<version>3.6</version>
+			<version>3.3</version>
 		</dependency>
 	</dependencies>
 	<build>

GeneXusFtps/src/main/java/com/genexus/ftps/FtpsClient.java

@@ -8,23 +8,31 @@
 import java.io.InputStream;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+
+import javax.net.ssl.X509TrustManager;
 
 import org.apache.commons.net.ftp.FTP;
 import org.apache.commons.net.ftp.FTPReply;
 import org.apache.commons.net.ftp.FTPSClient;
+import org.apache.commons.net.util.TrustManagerUtils;
 
 import com.genexus.commons.ftps.FtpsClientObject;
 import com.genexus.ftps.utils.FtpConnectionMode;
+import com.genexus.securityapicommons.utils.ExtensionsWhiteList;
 import com.genexus.securityapicommons.utils.SecurityUtils;
 
 public class FtpsClient extends FtpsClientObject {
 
 	private FTPSClient client;
 	private String pwd;
+	private ExtensionsWhiteList whiteList;
 
 	public FtpsClient() {
 		super();
 		this.client = null;
+		this.whiteList = null;
 	}
 
 	/******** EXTERNAL OBJECT PUBLIC METHODS - BEGIN ********/
@@ -38,8 +46,14 @@ public boolean connect(FtpsOptions options) {
 			this.error.setError("FS001", "Empty connection data");
 			return false;
 		}
-		
+
 		setProtocol(options);
+
+		if (!SecurityUtils.compareStrings("", options.getTrustStorePath())) {
+			if (!setCertificateValidation(options)) {
+				return false;
+			}
+		}
 		try {
 			this.client.connect(options.getHost(), options.getPort());
 			if (options.getForceEncryption()) {
@@ -51,9 +65,8 @@ public boolean connect(FtpsOptions options) {
 				return false;
 			}
 			boolean login = this.client.login(options.getUser(), options.getPassword());
-			if(!login)
-			{
-				this.error.setError("FS0016",  "Login error");
+			if (!login) {
+				this.error.setError("FS0016", "Login error");
 				return false;
 			}
 			setEncoding(options);
@@ -68,11 +81,18 @@ public boolean connect(FtpsOptions options) {
 			this.error.setError("FS009", "Connection error");
 			return false;
 		}
-
+		this.whiteList = options.getWhiteList();
 		return true;
 	}
 
 	public boolean put(String localPath, String remoteDir) {
+		if (this.whiteList != null) {
+			if (!this.whiteList.isValid(localPath)) {
+				this.error.setError("WL001", "Invalid file extension");
+				return false;
+			}
+		}
+
 		if (this.client == null || !this.client.isConnected()
 				|| !FTPReply.isPositiveCompletion(this.client.getReplyCode())) {
 			this.error.setError("FS003", "The connection is invalid, reconect");
@@ -118,6 +138,12 @@ public boolean put(String localPath, String remoteDir) {
 	}
 
 	public boolean get(String remoteFilePath, String localDir) {
+		if (this.whiteList != null) {
+			if (!this.whiteList.isValid(remoteFilePath)) {
+				this.error.setError("WL002", "Invalid file extension");
+				return false;
+			}
+		}
 		if (this.client == null || !this.client.isConnected()) {
 			this.error.setError("FS010", "The connection is invalid, reconect");
 			return false;
@@ -184,8 +210,7 @@ public String getWorkingDirectory() {
 			this.error.setError("FS006", "Could not obtain working directory, try reconnect");
 			return "";
 		}
-		if(pwd == null)
-		{
+		if (pwd == null) {
 			return this.pwd;
 		}
 		return pwd;
@@ -247,24 +272,21 @@ private static void copyInputStreamToFile(InputStream inputStream, File file) th
 		}
 
 	}
-	
-	private void setEncoding(FtpsOptions options) throws IOException
-	{
-		switch(options.getFtpEncoding())
-		{
+
+	private void setEncoding(FtpsOptions options) throws IOException {
+		switch (options.getFtpEncoding()) {
 		case BINARY:
 			this.client.setFileType(FTP.BINARY_FILE_TYPE);
 			break;
 		case ASCII:
 			this.client.sendCommand(FTP.ASCII_FILE_TYPE);
 			break;
-			default:
-				this.client.setFileType(FTP.BINARY_FILE_TYPE);
+		default:
+			this.client.setFileType(FTP.BINARY_FILE_TYPE);
 		}
 	}
-	
-	private void setConnectionMode(FtpsOptions options)
-	{
+
+	private void setConnectionMode(FtpsOptions options) {
 		FtpConnectionMode mode = options.getFtpConnectionMode();
 		switch (mode) {
 		case ACTIVE:
@@ -273,15 +295,13 @@ private void setConnectionMode(FtpsOptions options)
 		case PASSIVE:
 			this.client.enterLocalPassiveMode();
 			break;
-			default:
-				this.client.enterLocalPassiveMode();
+		default:
+			this.client.enterLocalPassiveMode();
 		}
 	}
-	
-	private void setProtocol(FtpsOptions options)
-	{
-		switch(options.getFtpsProtocol())
-		{
+
+	private void setProtocol(FtpsOptions options) {
+		switch (options.getFtpsProtocol()) {
 		case TLS1_0:
 			this.client = new FTPSClient("TLS", isImplicit(options));
 			break;
@@ -301,18 +321,37 @@ private void setProtocol(FtpsOptions options)
 			this.client = new FTPSClient("TLS", isImplicit(options));
 		}
 	}
-	
-	private boolean isImplicit(FtpsOptions options)
-	{
-		switch(options.getFtpEncryptionMode())
-		{
+
+	private boolean isImplicit(FtpsOptions options) {
+		switch (options.getFtpEncryptionMode()) {
 		case EXPLICIT:
 			return false;
 		case IMPLICIT:
 			return true;
-			default:
-				return false;
+		default:
+			return false;
 		}
 	}
 
+	private boolean setCertificateValidation(FtpsOptions options) {
+		X509TrustManager trustManager = null;
+		KeyStore keyStore = null;
+		InputStream in = null;
+		try {
+			in = SecurityUtils.inputFileToStream(options.getTrustStorePath());
+			keyStore = KeyStore.getInstance("PKCS12");
+			keyStore.load(in, options.getTrustStorePassword().toCharArray());
+			trustManager = TrustManagerUtils.getDefaultTrustManager(keyStore);
+		} catch (IOException | GeneralSecurityException e) {
+			this.error.setError("FS017", "Could not load trust store");
+			return false;
+		}
+		if (trustManager == null) {
+			this.error.setError("FS018", "Could not load trust store");
+			return false;
+		}
+		client.setTrustManager(trustManager);
+		return true;
+	}
+
 }

GeneXusFtps/src/main/java/com/genexus/ftps/FtpsOptions.java

@@ -5,6 +5,7 @@
 import com.genexus.ftps.utils.FtpEncryptionMode;
 import com.genexus.ftps.utils.FtpsProtocol;
 import com.genexus.securityapicommons.commons.SecurityAPIObject;
+import com.genexus.securityapicommons.utils.ExtensionsWhiteList;
 import com.genexus.securityapicommons.utils.SecurityUtils;
 
 public class FtpsOptions extends SecurityAPIObject {
@@ -18,7 +19,9 @@ public class FtpsOptions extends SecurityAPIObject {
 	private FtpEncoding encoding;
 	private FtpEncryptionMode encryptionMode;
 	private String trustStorePath;
+	private String trustStorePassword;
 	private FtpsProtocol protocol;
+	private ExtensionsWhiteList whiteList;
 
 	public FtpsOptions() {
 		this.host = "";
@@ -30,7 +33,9 @@ public FtpsOptions() {
 		this.encoding = FtpEncoding.BINARY;
 		this.encryptionMode = FtpEncryptionMode.EXPLICIT;
 		this.trustStorePath = "";
+		this.trustStorePassword = "";
 		this.protocol = FtpsProtocol.TLS1_2;
+		this.whiteList = null;
 	}
 
 	public String getHost() {
@@ -122,6 +127,14 @@ public String getTrustStorePath() {
 		return this.trustStorePath;
 	}
 
+	public void setTrustStorePassword(String value) {
+		this.trustStorePassword = value;
+	}
+
+	public String getTrustStorePassword() {
+		return this.trustStorePassword;
+	}
+
 	public void setProtocol(String value) {
 		this.protocol = FtpsProtocol.getFtpsProtocol(value, this.error);
 	}
@@ -133,4 +146,12 @@ public String getProtocol() {
 	public FtpsProtocol getFtpsProtocol() {
 		return this.protocol;
 	}
+
+	public void setWhiteList(ExtensionsWhiteList value) {
+		this.whiteList = value;
+	}
+
+	public ExtensionsWhiteList getWhiteList() {
+		return this.whiteList;
+	}
 }

GeneXusJWT/pom.xml

@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>com.genexus</groupId>
 		<artifactId>SecurityAPIParent</artifactId>
-		<version>1.0.0.1</version>
+		<version>1.0.0.2</version>
 	</parent>
 
 

GeneXusSftp/pom.xml

@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>com.genexus</groupId>
 		<artifactId>SecurityAPIParent</artifactId>
-		<version>1.0.0.1</version>
+		<version>1.0.0.2</version>
 	</parent>
 
 

GeneXusXmlSignature/pom.xml

@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>com.genexus</groupId>
 		<artifactId>SecurityAPIParent</artifactId>
-		<version>1.0.0.1</version>
+		<version>1.0.0.2</version>
 	</parent>
 
 	<artifactId>GeneXusXmlSignature</artifactId>

SecurityAPICommons/pom.xml

@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>com.genexus</groupId>
 		<artifactId>SecurityAPIParent</artifactId>
-		<version>1.0.0.1</version>
+		<version>1.0.0.2</version>
 	</parent>
 
 

SecurityAPICommons/src/main/java/com/genexus/securityapicommons/utils/SecurityUtils.java

@@ -32,7 +32,7 @@ public static boolean validateExtension(String path, String extension) {
 	 *            path to the file
 	 * @return file extension
 	 */
-	protected static String getFileExtension(String path) {
+	public static String getFileExtension(String path) {
 
 		int lastIndexOf = path.lastIndexOf(".");
 		if (lastIndexOf == -1) {

pom.xml

@@ -6,7 +6,7 @@
 
 	<groupId>com.genexus</groupId>
 	<artifactId>SecurityAPIParent</artifactId>
-	<version>1.0.0.1</version>
+	<version>1.0.0.2</version>
 	<packaging>pom</packaging>
 
 	<name>GeneXusSecurityAPI (Parent)</name>