From 98f1b774fb836a903ac3942c5b1c268734cb7b53 Mon Sep 17 00:00:00 2001
From: Jaikiran Pai <jaikiran@apache.org>
Date: Sat, 16 Mar 2024 18:00:30 +0530
Subject: [PATCH] 68773: initial experiment to support enabling secure data
 channel for FTPS

---
 .../tools/ant/taskdefs/optional/net/FTP.java  | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/src/main/org/apache/tools/ant/taskdefs/optional/net/FTP.java b/src/main/org/apache/tools/ant/taskdefs/optional/net/FTP.java
index 8662993fd7..d435a355a0 100644
--- a/src/main/org/apache/tools/ant/taskdefs/optional/net/FTP.java
+++ b/src/main/org/apache/tools/ant/taskdefs/optional/net/FTP.java
@@ -116,6 +116,7 @@ public class FTP extends Task implements FTPTaskConfig {
     private String password;
     private String account;
     private boolean useFtps = false;
+    private boolean useSecureDataChannel = false;
     private HostnameVerifier hostnameVerifier;
     private File listing;
     private boolean binary = true;
@@ -1277,6 +1278,15 @@ public void setUseFtps(boolean useFtps) {
         this.useFtps = useFtps;
     }
 
+    /**
+     * Whether to use secure data channel when using FTPS
+     *
+     * @since 1.10.15
+     */
+    public void setUseSecureDataChannel(boolean useSecureDataChannel) {
+        this.useSecureDataChannel = useSecureDataChannel;
+    }
+
     public void add(HostnameVerifier hostnameVerifier) {
         this.hostnameVerifier = hostnameVerifier;
     }
@@ -2575,6 +2585,17 @@ public void execute() throws BuildException {
                         ftp.getReplyString());
                 }
             }
+            // if it is FTPS and secure data channel is desired, then we exec "PROT P"
+            // command to enable secure data channel, for the lifetime of this client
+            if (useFtps && useSecureDataChannel) {
+                FTPSClient ftps = (FTPSClient) ftp;
+                try {
+                    ftps.execPROT("P"); // P implies PRIVATE and enables encryption
+                } catch (IOException e) {
+                    throw new BuildException("failed to enable secure data channel: " + e, e);
+                }
+                log("enabled secure data channel", Project.MSG_VERBOSE);
+            }
 
             // If an initial command was configured then send it.
             // Some FTP servers offer different modes of operation,