commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From M <Throns...@yahoo.com>
Subject Re: [net] JSSE classes in FTPS WAS Re: [net] FTPS submission - legal issues
Date Fri, 15 Sep 2006 00:21:13 GMT

Hi.

Oddly enough, I took out the code where you pass the login and password, in
my FTPSClient (i.e. //client.login("test","test");)  and got connected.

However, whenever I did a command listing, it will just hang like before.

so anything to do like 

//client.cwd("temp"); 
//client.list();

will hang.. 

btw. I took the latest FTPSClient code from Apache too.  


M wrote:
> 
> Hi.
> 
> Yes I did generate the certificate and tested using filezilla client. It
> worked from filezilla client though. 
> 
> I updated apache's secure code..
> 
> meaning commented: 
> //this.sendCommand("PBSZ", pbsz);
> //this.sendCommand("PROT", prot);
> 
> 
> It got connected but not the login now..
> 
> 220-FileZilla Server version 0.9.18 beta
> 220-written by Tim Kosse (Tim.Kosse@gmx.de)
> 220 Please visit http://sourceforge.net/projects/filezilla/
> AUTH SSL
> 234 Using authentication type SSL
> ******1
> ******2
> ******3
> ******4
> ******5
> *** Connected ************
> Is Connected:true
> USER test
> Exception in thread "main"
> org.apache.commons.net.ftp.FTPConnectionClosedException: Connection closed
> without indication.
> 	at org.apache.commons.net.ftp.FTP.__getReply(FTP.java:267)
> 	at org.apache.commons.net.ftp.FTP.sendCommand(FTP.java:460)
> 	at org.apache.commons.net.ftp.FTP.sendCommand(FTP.java:520)
> 	at org.apache.commons.net.ftp.FTP.user(FTP.java:670)
> 	at org.apache.commons.net.ftp.FTPClient.login(FTPClient.java:637)
> 	at TestFTPS.main(TestFTPS.java:31)
> 
> FTPSClient client = new FTPSClient("JKS","SSL","password","0","P"); 
> 		 //FTPSClient client = new FTPSClient();
> 		//client.setReaderThread(false);
> 	     client.addProtocolCommandListener(new PrintCommandListener(new
> PrintWriter(System.out)));	     
> 	     client.connect("127.0.0.1"); 
> 	     System.out.println("*** Connected ************");
> 	     System.out.println("Is Connected:" + client.isConnected());
> 	     client.login("test", "test"); 
> 	     System.out.println("Is Connected:" + client.isConnected());
> 	     System.out.println("*** Passed Login ****");
> 
> Appreciate any advise.
> 
> regards,
> 
> Rory Winston wrote:
>> 
>> I've tried this with Filezilla server, and it worked fine for me. Some 
>> initial issues I had:
>> 
>> 1. Home dirs not being set up correctly (Filezilla will complain about
>> this)
>> 2. Have you generated the server certificate yourself?
>> 
>> M wrote:
>>> Hi.
>>> Thanks for your reply.  I did try that but still dont see anything more
>>> that
>>> would be helpful.  I see an entry in the filezilla server but says not
>>> logged in.
>>>
>>> FTPSClient client = new FTPSClient(); 
>>> 		 //client.setReaderThread(false);
>>> client.addProtocolCommandListener(new PrintCommandListener(new
>>> PrintWriter(System.out)));
>>> client.connect("127.0.0.1", 990); 
>>> 	     
>>> regards,
>>>
>>>
>>> Rory Winston wrote:
>>>   
>>>> Can you attach a PrintCommandListener to the client, so you can see the 
>>>> commands being passed over the wire?
>>>>
>>>> FTPSClient client = new FTPSClient( ... );
>>>> client.addProtocolCommandListener(new PrintCommandListener(new
>>>> PrintWriter(System.out)));
>>>>                 
>>>> Then you can see what is actually happening.
>>>>
>>>> Cheers
>>>> Rory
>>>>
>>>>
>>>>
>>>> M wrote:
>>>>     
>>>>> Hi Rory.
>>>>>
>>>>> I tried the apache Jakarta FTPSClient to connect to filezilla ftps
>>>>> listening
>>>>> on port 990.
>>>>>
>>>>> When I use ftps.connect("localhost", 990); it does not get connected.
 
>>>>>
>>>>> FTPSClient client = new FTPSClient("JKS","SSL","password","0","P"); 
>>>>> System.out.println("*****");
>>>>> 		 
>>>>> client.connect("127.0.0.1",990); 
>>>>> System.out.println("*****");
>>>>> client.getStatus();
>>>>> System.out.println("*****");
>>>>>
>>>>>
>>>>> Appreciate any tips.  Thanks.
>>>>>
>>>>> Here's the code I downloaded from Apache Jakarta:
>>>>>
>>>>> /*
>>>>>  * Copyright 2001-2005 The Apache Software Foundation
>>>>>  *
>>>>>  * Licensed under the Apache License, Version 2.0 (the "License");
>>>>>  * you may not use this file except in compliance with the License.
>>>>>  * You may obtain a copy of the License at
>>>>>  *
>>>>>  *     http://www.apache.org/licenses/LICENSE-2.0
>>>>>  *
>>>>>  * Unless required by applicable law or agreed to in writing, software
>>>>>  * distributed under the License is distributed on an "AS IS" BASIS,
>>>>>  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>>>> implied.
>>>>>  * See the License for the specific language governing permissions and
>>>>>  * limitations under the License.
>>>>>  */
>>>>>
>>>>>
>>>>> import java.io.BufferedReader;
>>>>> import java.io.BufferedWriter;
>>>>> import java.io.IOException;
>>>>> import java.io.InputStreamReader;
>>>>> import java.io.OutputStreamWriter;
>>>>> import java.net.InetAddress;
>>>>> import java.net.Socket;
>>>>> import java.net.SocketException;
>>>>> import java.security.KeyStore;
>>>>>
>>>>> import javax.net.ssl.KeyManagerFactory;
>>>>> import javax.net.ssl.SSLContext;
>>>>> import javax.net.ssl.SSLSocket;
>>>>> import javax.net.ssl.TrustManager;
>>>>>
>>>>> import org.apache.commons.net.SocketFactory;
>>>>> import org.apache.commons.net.ftp.FTPClient;
>>>>>
>>>>>
>>>>>
>>>>> /**
>>>>>  * 
>>>>>  * This class extends {@link org.apache.commons.net.ftp.FTPClient} to
>>>>> add
>>>>>  * the necessary methods that implement SSL/TLS-FTPS.
>>>>>  *
>>>>>  */
>>>>> public class FTPSClient extends FTPClient {
>>>>>
>>>>> 	// Represent the method to the FTP command AUTH...
>>>>> 	private String sslContext;
>>>>> 	
>>>>> 	// Secure context (can be "TLS" or "SSL")
>>>>> 	private SSLContext context;
>>>>> 	
>>>>> 	private String pbsz;
>>>>> 	private String prot;
>>>>>
>>>>> 	private BufferedReader _controlInput_;
>>>>>
>>>>> 	private BufferedWriter _controlOutput_;
>>>>>
>>>>> 	
>>>>> 	/**
>>>>> 	 * Default constructor that selects some default options (TLS
>>>>> encryption)
>>>>> 	 *
>>>>> 	 */
>>>>> 	public FTPSClient() {
>>>>> 		this("JCEKS", "TLS", "password", "0", "P");
>>>>> 	}
>>>>> 	
>>>>> 	
>>>>> 	/**
>>>>> 	 * 
>>>>> 	 * Constructor that initializes the secure connection. 
>>>>> 	 * 
>>>>> 	 * @param keyStoreName Type of instance KeyStore, JKS for Java 1.3 y
>>>>> JCEKS
>>>>> for Java 1.4 
>>>>> 	 * @param sslContext Type of the instance SSLContext, can be SSL or
>>>>> TLS.
>>>>> 	 * @param password The password to access the KeyStore.
>>>>> 	 * @param pbsz Protection buffer size (Use 0 to indicate streaming)

>>>>> 	 * @param prot The protection level for the data channel
>>>>> 	 */
>>>>> 	public FTPSClient(String keyStoreName, String sslContext, String
>>>>> password,
>>>>> String pbsz, String prot) {
>>>>> 		this.sslContext = sslContext;
>>>>> 		this.pbsz = pbsz;
>>>>> 		this.prot = prot;
>>>>> 		
>>>>> 		try {
>>>>> 			KeyStore keyStore = KeyStore.getInstance(keyStoreName);
>>>>> 			
>>>>> 			keyStore.load(null, password.toCharArray());
>>>>>
>>>>> 			KeyManagerFactory keyManagerFactory =
>>>>> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
>>>>> 			
>>>>> 			keyManagerFactory.init(keyStore, password.toCharArray());
>>>>>
>>>>> 			this.context = SSLContext.getInstance(sslContext);
>>>>>
>>>>> 			this.context.init(
>>>>> 				keyManagerFactory.getKeyManagers(), 
>>>>> 				new TrustManager[] { (TrustManager) new FTPSTrustManager() }, null
>>>>> 			);
>>>>> 		} catch (Exception e) {
>>>>> 			e.printStackTrace();
>>>>> 		}
>>>>> 	}
>>>>> 	
>>>>> 	/**
>>>>> 	 * @see
>>>>> org.apache.commons.net.SocketClient#connect(java.net.InetAddress,
>>>>> int, java.net.InetAddress, int)
>>>>> 	 */
>>>>> 	public void connect(InetAddress address, int port, InetAddress
>>>>> localAddress, int localPort) throws SocketException, IOException
>>>>> 	{
>>>>> 		System.out.println("***** In 1 ********");
>>>>> 		super.connect(address, port, localAddress, localPort);
>>>>> 		
>>>>> 		this.secure(this.pbsz,this.prot);
>>>>> 	}
>>>>>
>>>>> 	/**
>>>>> 	 * @see
>>>>> org.apache.commons.net.SocketClient#connect(java.net.InetAddress,
>>>>> int)
>>>>> 	 */
>>>>> 	public void connect(InetAddress address, int port) throws
>>>>> SocketException,
>>>>> IOException
>>>>> 	{
>>>>> 		System.out.println("***** In 2 ********");
>>>>> 		super.connect(address, port);
>>>>> 		
>>>>> 		this.secure(this.pbsz,this.prot);
>>>>> 	}
>>>>>
>>>>> 	/**
>>>>> 	 * @see org.apache.commons.net.SocketClient#connect(java.lang.String,
>>>>> int,
>>>>> java.net.InetAddress, int)
>>>>> 	 */
>>>>> 	public void connect(String address, int port, InetAddress
>>>>> localAddress,
>>>>> int
>>>>> localPort) throws SocketException, IOException
>>>>> 	{
>>>>> 		System.out.println("***** In 3 ********");
>>>>> 		super.connect(address, port, localAddress, localPort);
>>>>> 		
>>>>> 		this.secure(this.pbsz,this.prot);
>>>>> 	}
>>>>>
>>>>> 	/**
>>>>> 	 * @see org.apache.commons.net.SocketClient#connect(java.lang.String,
>>>>> int)
>>>>> 	 */
>>>>> 	public void connect(String address, int port) throws SocketException,
>>>>> IOException
>>>>> 	{
>>>>> 		System.out.println("FTPSClient***** In 4 ********");
>>>>> 		System.out.println("Address=" + address);
>>>>> 		System.out.println("Port=" + port);
>>>>> 		super.connect(address, port);
>>>>> 		
>>>>> 		this.secure(this.pbsz,this.prot);
>>>>> 	}
>>>>> 	
>>>>> 	/**
>>>>> 	 *
>>>>> 	 * Initialize the secure connection with the FTP server, throw the
>>>>> AUTH
>>>>> SSL
>>>>> o TLS command.
>>>>> 	 * Get the socket with the server, starting the "handshake" making
>>>>> the
>>>>> socket, with a layer of securety,
>>>>> 	 * and initializing the stream of connection.
>>>>> 	 * 
>>>>> 	 * 
>>>>> 	 * @param pbsz Protection Buffer Size: "0" is a good value
>>>>> 	 * @param prot Data Channel Protection Level:
>>>>> 	 * Posible values:
>>>>> 	 * C - Clear
>>>>> 	 * S - Safe
>>>>> 	 * E - Confidential 
>>>>> 	 * P - PrivateType of secure connection
>>>>> 	 *  
>>>>> 	 * @throws IOException If there is any problem with the connection.
>>>>> 	 */
>>>>> 	protected void secure(String pbsz, String prot) throws IOException {
>>>>> 		this.sendCommand("AUTH", sslContext);
>>>>> 		
>>>>> 		SSLSocket socket =
>>>>> (SSLSocket)this.context.getSocketFactory().createSocket(this._socket_,
>>>>> this.getRemoteAddress().getHostAddress(), this.getRemotePort(), true);
>>>>> 		
>>>>> 		socket.startHandshake();
>>>>>
>>>>> 		this._socket_ = socket;
>>>>> 		
>>>>> 		this._controlInput_ = new BufferedReader(new
>>>>> InputStreamReader(socket.getInputStream(), getControlEncoding()));
>>>>> 		this._controlOutput_ = new BufferedWriter(new
>>>>> OutputStreamWriter(socket.getOutputStream(), getControlEncoding()));
>>>>>
>>>>> 		this.setSocketFactory( new FTPSSocketFactory(this.context));
>>>>>
>>>>> 		this.sendCommand("PBSZ", pbsz);
>>>>> 		this.sendCommand("PROT", prot);
>>>>> 	}
>>>>>
>>>>> 	/**
>>>>> 	 * @see
>>>>> org.apache.commons.net.ftp.FTPCliente#_openDataConnection_(java.lang.String,
>>>>> int)
>>>>> 	 */	
>>>>> 	protected Socket _openDataConnection_(int command, String arg) throws
>>>>> IOException {
>>>>> 		Socket socket = super._openDataConnection_(command, arg);
>>>>> 		if (socket != null) {
>>>>> 			((SSLSocket)socket).startHandshake();
>>>>> 		}
>>>>> 		return socket;
>>>>> 	}	
>>>>>
>>>>> }
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Regards,
>>>>>
>>>>>
>>>>>
>>>>> Rory Winston wrote:
>>>>>   
>>>>>       
>>>>>> Stevw
>>>>>>
>>>>>> I think that's a great suggestion. It moves us forward without 
>>>>>> necessarily sacrificing backwards compatability.
>>>>>>
>>>>>> I have had a look at the classes written by Jose and Paul, and 
>>>>>> incorporated them into my local branch copy. I had to make one minor

>>>>>> change to get them to work, but other than that they seem to work
>>>>>> well. 
>>>>>> I set up a test FTPS server using FileZilla on my local machine and

>>>>>> wrote some client code:
>>>>>>
>>>>>>             FtpsClient client = new FtpsClient();
>>>>>>        
>>>>>>             client.connect("127.0.0.1");
>>>>>>             client.addProtocolCommandListener(new 
>>>>>> PrintCommandListener(new PrintWriter(System.out)));
>>>>>>             client.login("user", "pass");
>>>>>>             client.cwd("test");
>>>>>>            
>>>>>>             for (FTPFile file : client.listFiles()) {
>>>>>>                 System.out.println(file.getName());
>>>>>>             }
>>>>>>            
>>>>>>             OutputStream out = new
>>>>>> FileOutputStream("c:\\temp\\test.war");
>>>>>>             client.retrieveFile("test.war", out);           
>>>>>>             client.disconnect();
>>>>>>
>>>>>> and it seems to work a treat. If we are agreed that we should go
down 
>>>>>> this parallel branch route, then I can move the JDK_1_4_BRANCH to

>>>>>> something more sensible (i.e. Daniel's suggestion a while back to
>>>>>> make 
>>>>>> the 1.4+ branch version 2), maybe NET_2_0_0. We can use the com.sun.*

>>>>>> stuff for the 1.3 branch (which will probably be our 1.5.0 release)?
>>>>>>
>>>>>> Rory
>>>>>>
>>>>>> Steve Cohen wrote:
>>>>>>
>>>>>>     
>>>>>>         
>>>>>>> Thank you for this explanation.  It is good to actually look
at the 
>>>>>>> code instead of making assumptions, which is what I have been
doing.
>>>>>>>
>>>>>>> The JSSE's jar does not provide javax.net.ssl versions of the

>>>>>>> com.sun.net.ssl interfaces  And, after doing a little research,
I
>>>>>>> find 
>>>>>>> that there are differences between JSSE 1.0.3 and the packages
in
>>>>>>> JDK 
>>>>>>> 1.4, such that there is no backward compatibility.  Basically,
JSSE 
>>>>>>> 1.0.x is a prototype, a hack through which Sun worked out the
bugs, 
>>>>>>> culminating in the better implementation that they released in
1.4. 
>>>>>>> They did not just move the JSSE.jar code into JDK 1.4.  They
also 
>>>>>>> improved it.
>>>>>>>
>>>>>>> Since these are new classes for us, I think it makes little sense
to 
>>>>>>> tie into backward compatibility from the start, when that backward

>>>>>>> compatibility is already out of date.  I don't think there is
a
>>>>>>> clean 
>>>>>>> way to have one code base that will work the way we'd like it
for
>>>>>>> both 
>>>>>>> cases.
>>>>>>>
>>>>>>> Therefore, I think the solution for this is for Jakarta Commons
Net
>>>>>>> to 
>>>>>>> take Rory Winston's suggestion and start a new branch of Commons
Net 
>>>>>>> for JDK 1.4 only (for this and other reasons) and maintain two

>>>>>>> branches for awhile, the current HEAD branch for 1.3 compatibility
>>>>>>> and 
>>>>>>> the new branch for 1.4.  The new branch can use the javax.ssl.net

>>>>>>> classes, the old one can use com.sun.net.
>>>>>>>
>>>>>>>
>>>>>>> Jose Juan Montiel wrote:
>>>>>>>
>>>>>>>       
>>>>>>>           
>>>>>>>> Hi Steve,
>>>>>>>>
>>>>>>>>
>>>>>>>>         
>>>>>>>>             
>>>>>>>>> What I think you're missing is that if you put jsse.jar
on your
>>>>>>>>> classpath, you can use javax.net.ssl with java 1.3.
>>>>>>>>>           
>>>>>>>>>               
>>>>>>>> maybe i don't explain well, sorry.
>>>>>>>>
>>>>>>>> The three classes of com.sun.net.ssl that are used for implement
>>>>>>>> FTPS
>>>>>>>> (in the way that Paul did and I modified, maybe there is
>>>>>>>> another...)
>>>>>>>> are...
>>>>>>>>
>>>>>>>> com.sun.net.ssl.KeyManagerFactory
>>>>>>>> (http://java.sun.com/products/jsse/doc/apidoc/com/sun/net/ssl/KeyManagerFactory.html)

>>>>>>>>
>>>>>>>>
>>>>>>>> com.sun.net.ssl.SSLContext
>>>>>>>> (http://java.sun.com/products/jsse/doc/apidoc/com/sun/net/ssl/SSLContext.html)

>>>>>>>>
>>>>>>>>
>>>>>>>> com.sun.net.ssl.TrustManager
>>>>>>>> (http://java.sun.com/products/jsse/doc/apidoc/com/sun/net/ssl/TrustManager.html)

>>>>>>>>
>>>>>>>>
>>>>>>>> This classes in JSSE are only in the package com.sun.net.ssl,
and
>>>>>>>> although in JSSE 1.0.3 there are a packege javax.net.ssl,
it
>>>>>>>> doesn't
>>>>>>>> contain this classes, it contains javax.net.ssl.SSLSocket,
a
>>>>>>>> classes
>>>>>>>> soon used, to implement FTPS.
>>>>>>>>
>>>>>>>>
>>>>>>>>         
>>>>>>>>             
>>>>>>>>> And the commons-net team would prefer to go that way
because Sun 
>>>>>>>>> says that
>>>>>>>>> com.sun.net may go away with some future release, but
not 
>>>>>>>>> javax.net.  Yes, this
>>>>>>>>> would be a small inconvenience for java 1.3 users, but
the
>>>>>>>>> stability 
>>>>>>>>> is worth it.
>>>>>>>>>           
>>>>>>>>>               
>>>>>>>> This three classes in JDK 1.4.2, were move to
>>>>>>>>
>>>>>>>> javax.net.ssl.KeyManagerFactory
>>>>>>>> (http://java.sun.com/j2se/1.4.2/docs/api/javax/net/ssl/KeyManagerFactory.html)

>>>>>>>>
>>>>>>>>
>>>>>>>> javax.net.ssl.SSLContext
>>>>>>>> (http://java.sun.com/j2se/1.4.2/docs/api/javax/net/ssl/SSLContext.html)
>>>>>>>>
>>>>>>>> javax.net.ssl.TrustManager
>>>>>>>> (http://java.sun.com/j2se/1.4.2/docs/api/javax/net/ssl/TrustManager.html)

>>>>>>>>
>>>>>>>>
>>>>>>>> But if you download for example JDK 1.4.2 and look inside
of
>>>>>>>> (jre/lib)
>>>>>>>> you'll find jsse.jar, the jar where still are com.sun.net.ssl.
Sun,
>>>>>>>> still mantain compatiblity with JDK 1.3.
>>>>>>>>
>>>>>>>> And still in JDK 1.5, you'll find jre/lib/jsse.jar.
>>>>>>>>
>>>>>>>> But when jsse.jar desapear, i offer to modified code...
>>>>>>>>
>>>>>>>> In other way if use javax.net.ssl.KeyManagerFactory ,
>>>>>>>> javax.net.ssl.SSLContext, javax.net.ssl.TrustManager, ftps
don't
>>>>>>>> work
>>>>>>>> under JDK 1.3.
>>>>>>>>
>>>>>>>> I hope explain better, this time.
>>>>>>>>
>>>>>>>> Then, make that you consider appropiate...
>>>>>>>>
>>>>>>>> Thanks all, for your time.
>>>>>>>>
>>>>>>>> -- 
>>>>>>>> The whole purpose of places like Starbucks is
>>>>>>>> for people with no decision-making ability
>>>>>>>> whatsoever to make six decisions just to buy
>>>>>>>> one cup of coffee. Short, tall, light, dark, caf,
>>>>>>>> decaf, low-fat, non-fat, etc. So people who
>>>>>>>> don't know what the hell they're doing or who
>>>>>>>> on earth they are can, for only $2.95, get not
>>>>>>>> just a cup of coffee but an absolutely defining
>>>>>>>> sense of self: Tall. Decaf. Cappuccino.
>>>>>>>>
>>>>>>>> ---------------------------------------------------------------------
>>>>>>>> To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
>>>>>>>> For additional commands, e-mail:
>>>>>>>> commons-dev-help@jakarta.apache.org
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>         
>>>>>>>>             
>>>>>>> ---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
>>>>>>> For additional commands, e-mail: commons-dev-help@jakarta.apache.org
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>       
>>>>>>>           
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
>>>>>> For additional commands, e-mail: commons-dev-help@jakarta.apache.org
>>>>>>
>>>>>>
>>>>>>
>>>>>>     
>>>>>>         
>>>>>   
>>>>>       
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
>>>> For additional commands, e-mail: commons-dev-help@jakarta.apache.org
>>>>
>>>>
>>>>
>>>>     
>>>
>>>   
>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: commons-dev-help@jakarta.apache.org
>> 
>> 
>> 
> 
> 

-- 
View this message in context: http://www.nabble.com/-net--JSSE-classes-in-FTPS-WAS-Re%3A--net--FTPS-submission---legal-issues-tf1019716.html#a6317306
Sent from the Commons - Dev forum at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message