if (!passive) {
if (secure) {
LOG.debug("Opening secure active data connection");
SslConfiguration ssl = getSslConfiguration();
if (ssl == null) {
throw new FtpException(
"Data connection SSL not configured");
}
// get socket factory
SSLContext ctx = ssl.getSSLContext();
SSLSocketFactory socFactory = ctx.getSocketFactory();
// create socket
SSLSocket ssoc = (SSLSocket) socFactory.createSocket();
ssoc.setUseClientMode(false);
// initialize socket
if (ssl.getEnabledCipherSuites() != null) {
ssoc.setEnabledCipherSuites(ssl.getEnabledCipherSuites());
}
dataSoc = ssoc;
} else {
LOG.debug("Opening active data connection");
dataSoc = new Socket();
}
dataSoc.setReuseAddress(true);
InetAddress localAddr = resolveAddress(dataConfig
.getActiveLocalAddress());
// if no local address has been configured, make sure we use the same as the client connects from
if(localAddr == null) {
localAddr = ((InetSocketAddress)session.getLocalAddress()).getAddress();
}
SocketAddress localSocketAddress = new InetSocketAddress(localAddr, dataConfig.getActiveLocalPort());
LOG.debug("Binding active data connection to {}", localSocketAddress);
dataSoc.bind(localSocketAddress);
dataSoc.connect(new InetSocketAddress(address, port));
} else {
if (secure) {
LOG.debug("Opening secure passive data connection");
// this is where we wrap the unsecured socket as a SSLSocket. This is
// due to the JVM bug described in FTPSERVER-241.
// get server socket factory
SslConfiguration ssl = getSslConfiguration();
// we've already checked this, but let's do it again
if (ssl == null) {
throw new FtpException(
"Data connection SSL not configured");
}
SSLContext ctx = ssl.getSSLContext();
SSLSocketFactory ssocketFactory = ctx.getSocketFactory();