[PATCH] Add FTPS support and use it by default
Lubomir Rintel
--proto. It enables/disables encryption for both HTTP and FTP at the
same time (defaulting to enabled).
---
Please review.
.../gooddata/integration/ftp/GdcFTPApiWrapper.java | 14 ++++++++-
.../configuration/NamePasswordConfiguration.java | 22 +++++----------
.../main/java/com/gooddata/processor/GdcDI.java | 28 ++++++++++++--------
.../resources/com/gooddata/processor/COMMANDS.txt | 3 +-
4 files changed, 39 insertions(+), 28 deletions(-)
diff --git a/backend/src/main/java/com/gooddata/integration/ftp/GdcFTPApiWrapper.java b/backend/src/main/java/com/gooddata/integration/ftp/GdcFTPApiWrapper.java
index 0168a9a..ffd92a9 100644
--- a/backend/src/main/java/com/gooddata/integration/ftp/GdcFTPApiWrapper.java
+++ b/backend/src/main/java/com/gooddata/integration/ftp/GdcFTPApiWrapper.java
@@ -27,12 +27,14 @@ import com.gooddata.exception.GdcUploadErrorException;
import com.gooddata.integration.rest.configuration.NamePasswordConfiguration;
import com.gooddata.util.FileUtil;
import org.apache.commons.net.ftp.FTPClient;
+import org.apache.commons.net.ftp.FTPSClient;
import org.apache.commons.net.ftp.FTPReply;
import org.apache.log4j.Logger;
import java.io.*;
import java.util.HashMap;
import java.util.Map;
+import java.security.NoSuchAlgorithmException;
/**
* GoodData FTP API Java wrapper
@@ -56,10 +58,18 @@ public class GdcFTPApiWrapper {
*/
public GdcFTPApiWrapper(NamePasswordConfiguration config) {
this.config = config;
- client = new FTPClient();
+ if (config.getProtocol().equals("ftps")) {
+ try {
+ client = new FTPSClient();
+ } catch (NoSuchAlgorithmException e) {
+ throw new GdcUploadErrorException ("Failed to initialize secure FTP client");
+ }
+ } else {
+ l.debug("Using insecure FTP transfer");
+ client = new FTPClient();
+ }
}
-
/**
* FTP transfers a local directory to the remote GDC FTP server
* @param archiveName the name of the ZIP archive that is going to be transferred
diff --git a/backend/src/main/java/com/gooddata/integration/rest/configuration/NamePasswordConfiguration.java b/backend/src/main/java/com/gooddata/integration/rest/configuration/NamePasswordConfiguration.java
index ea915d6..79c6192 100644
--- a/backend/src/main/java/com/gooddata/integration/rest/configuration/NamePasswordConfiguration.java
+++ b/backend/src/main/java/com/gooddata/integration/rest/configuration/NamePasswordConfiguration.java
@@ -39,10 +39,6 @@ public class NamePasswordConfiguration {
* default GDC host
*/
public static final String DEFAULT_GDC_HOST = Defaults.DEFAULT_HOST;
- /**
- * default Gdc protocol
- */
- public static final String DEFAULT_GCD_PROTO = Defaults.DEFAULT_PROTO;
// GDC protocol
private String protocol;
@@ -55,16 +51,6 @@ public class NamePasswordConfiguration {
/**
* Constructor
- * @param username GoodData username
- * @param password GoodData password
- */
- public NamePasswordConfiguration(String username, String password) {
- this(DEFAULT_GCD_PROTO, DEFAULT_GDC_HOST, username, password);
-
- }
-
- /**
- * Constructor
* @param protocol GoodData protocol (HTTP | FTP)
* @param gdcHost GoodData host (e.g. secure.gooddata.com)
* @param username GoodData username
@@ -92,6 +78,14 @@ public class NamePasswordConfiguration {
}
/**
+ * GoodData protocol getter
+ * @return GoodData protocol
+ */
+ public String getProtocol() {
+ return protocol;
+ }
+
+ /**
* GoodData host getter
* @return GoodData host
*/
diff --git a/cli/src/main/java/com/gooddata/processor/GdcDI.java b/cli/src/main/java/com/gooddata/processor/GdcDI.java
index 32e4586..b1367a7 100644
--- a/cli/src/main/java/com/gooddata/processor/GdcDI.java
+++ b/cli/src/main/java/com/gooddata/processor/GdcDI.java
@@ -92,6 +92,7 @@ public class GdcDI implements Executor {
public static String[] CLI_PARAM_DB_USERNAME = {"dbusername","d"};
public static String[] CLI_PARAM_DB_PASSWORD = {"dbpassword","c"};
public static String[] CLI_PARAM_PROTO = {"proto","t"};
+ public static String[] CLI_PARAM_INSECURE = {"insecure","s"};
public static String[] CLI_PARAM_EXECUTE = {"execute","e"};
public static String CLI_PARAM_SCRIPT = "script";
@@ -110,7 +111,8 @@ public class GdcDI implements Executor {
new Option(CLI_PARAM_BACKEND[1], CLI_PARAM_BACKEND[0], true, "Database backend DERBY or MYSQL"),
new Option(CLI_PARAM_DB_USERNAME[1], CLI_PARAM_DB_USERNAME[0], true, "Database backend username (not required for the local Derby SQL)"),
new Option(CLI_PARAM_DB_PASSWORD[1], CLI_PARAM_DB_PASSWORD[0], true, "Database backend password (not required for the local Derby SQL)"),
- new Option(CLI_PARAM_PROTO[1], CLI_PARAM_PROTO[0], true, "HTTP or HTTPS"),
+ new Option(CLI_PARAM_PROTO[1], CLI_PARAM_PROTO[0], true, "HTTP or HTTPS (deprecated)"),
+ new Option(CLI_PARAM_INSECURE[1], CLI_PARAM_INSECURE[0], false, "Disable encryption"),
new Option(CLI_PARAM_EXECUTE[1], CLI_PARAM_EXECUTE[0], true, "Commands and params to execute before the commands in provided files")
};
@@ -127,10 +129,12 @@ public class GdcDI implements Executor {
try {
cliParams = parse(ln, defaults);
cliParams.setHttpConfig(new NamePasswordConfiguration(
- cliParams.get(CLI_PARAM_PROTO[0]), cliParams.get(CLI_PARAM_HOST[0]),
+ cliParams.containsKey(CLI_PARAM_INSECURE[0]) ? "http" : "https",
+ cliParams.get(CLI_PARAM_HOST[0]),
cliParams.get(CLI_PARAM_USERNAME[0]), cliParams.get(CLI_PARAM_PASSWORD[0])));
cliParams.setFtpConfig(new NamePasswordConfiguration(
- cliParams.get(CLI_PARAM_PROTO[0]), cliParams.get(CLI_PARAM_FTP_HOST[0]),
+ cliParams.containsKey(CLI_PARAM_INSECURE[0]) ? "ftp" : "ftps",
+ cliParams.get(CLI_PARAM_FTP_HOST[0]),
cliParams.get(CLI_PARAM_USERNAME[0]), cliParams.get(CLI_PARAM_PASSWORD[0])));
ConnectorBackend backend = null;
try {
@@ -359,19 +363,21 @@ public class GdcDI implements Executor {
l.debug("Using FTP host "+cp.get(CLI_PARAM_FTP_HOST[0]));
- // use default protocol if there is no host in the CLI params
- if(!cp.containsKey(CLI_PARAM_PROTO[0])) {
- cp.put(CLI_PARAM_PROTO[0], Defaults.DEFAULT_PROTO);
- }
- else {
+ // Default to secure protocol if there is no host in the CLI params
+ // Assume insecure protocol if user specifies "HTTPS", for backwards compatibility
+ if(cp.containsKey(CLI_PARAM_PROTO[0])) {
String proto = ln.getOptionValue(CLI_PARAM_PROTO[0]).toLowerCase();
if(!"http".equalsIgnoreCase(proto) && !"https".equalsIgnoreCase(proto)) {
throw new InvalidArgumentException("Invalid '"+CLI_PARAM_PROTO[0]+"' parameter. Use HTTP or HTTPS.");
}
- cp.put(CLI_PARAM_PROTO[0], proto);
+ if ("http".equalsIgnoreCase(proto)) {
+ cp.put(CLI_PARAM_INSECURE[0], "true");
+ }
}
+ if(cp.containsKey(CLI_PARAM_INSECURE[0]))
+ cp.put(CLI_PARAM_INSECURE[0], "true");
- l.debug("Using protocol "+cp.get(CLI_PARAM_PROTO[0]));
+ l.debug("Using " + (cp.containsKey(CLI_PARAM_INSECURE[0]) ? "in" : "") + "secure protocols");
// use default backend if there is no host in the CLI params
if(!cp.containsKey(CLI_PARAM_BACKEND[0])) {
@@ -800,4 +806,4 @@ public class GdcDI implements Executor {
return props;
}
-}
\ No newline at end of file
+}
diff --git a/cli/src/main/resources/com/gooddata/processor/COMMANDS.txt b/cli/src/main/resources/com/gooddata/processor/COMMANDS.txt
index a5840e4..9915a4a 100644
--- a/cli/src/main/resources/com/gooddata/processor/COMMANDS.txt
+++ b/cli/src/main/resources/com/gooddata/processor/COMMANDS.txt
@@ -1,7 +1,8 @@
Usage: gdi.sh -u username -p password [ -h hostname ] [ -i project_id ] [-e commands] [<file1>, ...]
-h,--host <arg> GoodData host (secure.gooddata.com by default)
-f, --ftphost <arg> GoodData FTP host (secure-di.gooddata.com by default)
- -t, --proto <arg> URL Protocol (HTTP or HTTPS, HTTPS by default)
+ -t, --proto <arg> Protocol to access GoodData (HTTP or HTTPS, HTTPS by default)
+ -s, --insecure Disable encryption for HTTP and FTP (prefer this to -t)
-p,--password <arg> GoodData password
-u,--username <arg> GoodData username
-i,--project <arg> GoodData project identifier (takes the form of an MD5 hash)
--
1.7.1
Lubomir Rintel
> This introduces --insecure options, which is intended to replace
> --proto. It enables/disables encryption for both HTTP and FTP at the
> same time (defaulting to enabled).
> ---
> Please review.
Noone? :(
--
Lubomir Rintel (GoodData), phone: #7715