68773: initial experiment to support enabling secure data channel for FTPS

jaikiran · jaikiran · commit 98f1b774fb83 · 2024-03-16T18:00:30.000+05:30
diff --git a/src/main/org/apache/tools/ant/taskdefs/optional/net/FTP.java b/src/main/org/apache/tools/ant/taskdefs/optional/net/FTP.java
@@ -116,6 +116,7 @@ public class FTP extends Task implements FTPTaskConfig {
     private String password;
     private String account;
     private boolean useFtps = false;
+    private boolean useSecureDataChannel = false;
     private HostnameVerifier hostnameVerifier;
     private File listing;
     private boolean binary = true;
@@ -1277,6 +1278,15 @@ public void setUseFtps(boolean useFtps) {
         this.useFtps = useFtps;
     }
 
+    /**
+     * Whether to use secure data channel when using FTPS
+     *
+     * @since 1.10.15
+     */
+    public void setUseSecureDataChannel(boolean useSecureDataChannel) {
+        this.useSecureDataChannel = useSecureDataChannel;
+    }
+
     public void add(HostnameVerifier hostnameVerifier) {
         this.hostnameVerifier = hostnameVerifier;
     }
@@ -2575,6 +2585,17 @@ public void execute() throws BuildException {
                         ftp.getReplyString());
                 }
             }
+            // if it is FTPS and secure data channel is desired, then we exec "PROT P"
+            // command to enable secure data channel, for the lifetime of this client
+            if (useFtps && useSecureDataChannel) {
+                FTPSClient ftps = (FTPSClient) ftp;
+                try {
+                    ftps.execPROT("P"); // P implies PRIVATE and enables encryption
+                } catch (IOException e) {
+                    throw new BuildException("failed to enable secure data channel: " + e, e);
+                }
+                log("enabled secure data channel", Project.MSG_VERBOSE);
+            }
 
             // If an initial command was configured then send it.
             // Some FTP servers offer different modes of operation,
