Hi Rory.
I tried the apache Jakarta FTPSClient to connect to filezilla ftps
listening
on port 990.
When I use ftps.connect("localhost", 990); it does not get connected.
FTPSClient client = new FTPSClient("JKS","SSL","password","0","P");
System.out.println("*****");
client.connect("127.0.0.1",990);
System.out.println("*****");
client.getStatus();
System.out.println("*****");
Appreciate any tips. Thanks.
Here's the code I downloaded from Apache Jakarta:
/*
* Copyright 2001-2005 The Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.InetAddress;
import java.net.Socket;
import java.net.SocketException;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import org.apache.commons.net.SocketFactory;
import org.apache.commons.net.ftp.FTPClient;
/**
*
* This class extends [EMAIL PROTECTED] org.apache.commons.net.ftp.FTPClient} to add
* the necessary methods that implement SSL/TLS-FTPS.
*
*/
public class FTPSClient extends FTPClient {
// Represent the method to the FTP command AUTH...
private String sslContext;
// Secure context (can be "TLS" or "SSL")
private SSLContext context;
private String pbsz;
private String prot;
private BufferedReader _controlInput_;
private BufferedWriter _controlOutput_;
/**
* Default constructor that selects some default options (TLS
encryption)
*
*/
public FTPSClient() {
this("JCEKS", "TLS", "password", "0", "P");
}
/**
*
* Constructor that initializes the secure connection.
*
* @param keyStoreName Type of instance KeyStore, JKS for Java 1.3 y
JCEKS
for Java 1.4
* @param sslContext Type of the instance SSLContext, can be SSL or TLS.
* @param password The password to access the KeyStore.
* @param pbsz Protection buffer size (Use 0 to indicate streaming)
* @param prot The protection level for the data channel
*/
public FTPSClient(String keyStoreName, String sslContext, String
password,
String pbsz, String prot) {
this.sslContext = sslContext;
this.pbsz = pbsz;
this.prot = prot;
try {
KeyStore keyStore = KeyStore.getInstance(keyStoreName);
keyStore.load(null, password.toCharArray());
KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore,
password.toCharArray());
this.context = SSLContext.getInstance(sslContext);
this.context.init(
keyManagerFactory.getKeyManagers(),
new TrustManager[] { (TrustManager) new FTPSTrustManager() }, null
);
} catch (Exception e) {
e.printStackTrace();
}
}
/**
* @see
org.apache.commons.net.SocketClient#connect(java.net.InetAddress,
int, java.net.InetAddress, int)
*/
public void connect(InetAddress address, int port, InetAddress
localAddress, int localPort) throws SocketException, IOException
{
System.out.println("***** In 1 ********");
super.connect(address, port, localAddress, localPort);
this.secure(this.pbsz,this.prot);
}
/**
* @see
org.apache.commons.net.SocketClient#connect(java.net.InetAddress,
int)
*/
public void connect(InetAddress address, int port) throws
SocketException,
IOException
{
System.out.println("***** In 2 ********");
super.connect(address, port);
this.secure(this.pbsz,this.prot);
}
/**
* @see org.apache.commons.net.SocketClient#connect(java.lang.String,
int,
java.net.InetAddress, int)
*/
public void connect(String address, int port, InetAddress localAddress,
int
localPort) throws SocketException, IOException
{
System.out.println("***** In 3 ********");
super.connect(address, port, localAddress, localPort);
this.secure(this.pbsz,this.prot);
}
/**
* @see org.apache.commons.net.SocketClient#connect(java.lang.String,
int)
*/
public void connect(String address, int port) throws SocketException,
IOException
{
System.out.println("FTPSClient***** In 4 ********");
System.out.println("Address=" + address);
System.out.println("Port=" + port);
super.connect(address, port);
this.secure(this.pbsz,this.prot);
}
/**
*
* Initialize the secure connection with the FTP server, throw the AUTH
SSL
o TLS command.
* Get the socket with the server, starting the "handshake" making the
socket, with a layer of securety,
* and initializing the stream of connection.
*
*
* @param pbsz Protection Buffer Size: "0" is a good value
* @param prot Data Channel Protection Level:
* Posible values:
* C - Clear
* S - Safe
* E - Confidential
* P - PrivateType of secure connection
*
* @throws IOException If there is any problem with the connection.
*/
protected void secure(String pbsz, String prot) throws IOException {
this.sendCommand("AUTH", sslContext);
SSLSocket socket =
(SSLSocket)this.context.getSocketFactory().createSocket(this._socket_,
this.getRemoteAddress().getHostAddress(), this.getRemotePort(), true);
socket.startHandshake();
this._socket_ = socket;
this._controlInput_ = new BufferedReader(new
InputStreamReader(socket.getInputStream(), getControlEncoding()));
this._controlOutput_ = new BufferedWriter(new
OutputStreamWriter(socket.getOutputStream(), getControlEncoding()));
this.setSocketFactory( new FTPSSocketFactory(this.context));
this.sendCommand("PBSZ", pbsz);
this.sendCommand("PROT", prot);
}
/**
* @see
org.apache.commons.net.ftp.FTPCliente#_openDataConnection_(java.lang.String,
int)
*/
protected Socket _openDataConnection_(int command, String arg) throws
IOException {
Socket socket = super._openDataConnection_(command, arg);
if (socket != null) {
((SSLSocket)socket).startHandshake();
}
return socket;
}
}
Regards,
Rory Winston wrote:
Stevw
I think that's a great suggestion. It moves us forward without
necessarily sacrificing backwards compatability.
I have had a look at the classes written by Jose and Paul, and
incorporated them into my local branch copy. I had to make one minor
change to get them to work, but other than that they seem to work well.
I set up a test FTPS server using FileZilla on my local machine and
wrote some client code:
FtpsClient client = new FtpsClient();
client.connect("127.0.0.1");
client.addProtocolCommandListener(new
PrintCommandListener(new PrintWriter(System.out)));
client.login("user", "pass");
client.cwd("test");
for (FTPFile file : client.listFiles()) {
System.out.println(file.getName());
}
OutputStream out = new
FileOutputStream("c:\\temp\\test.war");
client.retrieveFile("test.war", out);
client.disconnect();
and it seems to work a treat. If we are agreed that we should go down
this parallel branch route, then I can move the JDK_1_4_BRANCH to
something more sensible (i.e. Daniel's suggestion a while back to make
the 1.4+ branch version 2), maybe NET_2_0_0. We can use the com.sun.*
stuff for the 1.3 branch (which will probably be our 1.5.0 release)?
Rory
Steve Cohen wrote:
Thank you for this explanation. It is good to actually look at the
code instead of making assumptions, which is what I have been doing.
The JSSE's jar does not provide javax.net.ssl versions of the
com.sun.net.ssl interfaces And, after doing a little research, I find
that there are differences between JSSE 1.0.3 and the packages in JDK
1.4, such that there is no backward compatibility. Basically, JSSE
1.0.x is a prototype, a hack through which Sun worked out the bugs,
culminating in the better implementation that they released in 1.4.
They did not just move the JSSE.jar code into JDK 1.4. They also
improved it.
Since these are new classes for us, I think it makes little sense to
tie into backward compatibility from the start, when that backward
compatibility is already out of date. I don't think there is a clean
way to have one code base that will work the way we'd like it for both
cases.
Therefore, I think the solution for this is for Jakarta Commons Net to
take Rory Winston's suggestion and start a new branch of Commons Net
for JDK 1.4 only (for this and other reasons) and maintain two
branches for awhile, the current HEAD branch for 1.3 compatibility and
the new branch for 1.4. The new branch can use the javax.ssl.net
classes, the old one can use com.sun.net.
Jose Juan Montiel wrote:
Hi Steve,
What I think you're missing is that if you put jsse.jar on your
classpath, you can use javax.net.ssl with java 1.3.
maybe i don't explain well, sorry.
The three classes of com.sun.net.ssl that are used for implement FTPS
(in the way that Paul did and I modified, maybe there is another...)
are...
com.sun.net.ssl.KeyManagerFactory
(http://java.sun.com/products/jsse/doc/apidoc/com/sun/net/ssl/KeyManagerFactory.html)
com.sun.net.ssl.SSLContext
(http://java.sun.com/products/jsse/doc/apidoc/com/sun/net/ssl/SSLContext.html)
com.sun.net.ssl.TrustManager
(http://java.sun.com/products/jsse/doc/apidoc/com/sun/net/ssl/TrustManager.html)
This classes in JSSE are only in the package com.sun.net.ssl, and
although in JSSE 1.0.3 there are a packege javax.net.ssl, it doesn't
contain this classes, it contains javax.net.ssl.SSLSocket, a classes
soon used, to implement FTPS.
And the commons-net team would prefer to go that way because Sun
says that
com.sun.net may go away with some future release, but not
javax.net. Yes, this
would be a small inconvenience for java 1.3 users, but the stability
is worth it.
This three classes in JDK 1.4.2, were move to
javax.net.ssl.KeyManagerFactory
(http://java.sun.com/j2se/1.4.2/docs/api/javax/net/ssl/KeyManagerFactory.html)
javax.net.ssl.SSLContext
(http://java.sun.com/j2se/1.4.2/docs/api/javax/net/ssl/SSLContext.html)
javax.net.ssl.TrustManager
(http://java.sun.com/j2se/1.4.2/docs/api/javax/net/ssl/TrustManager.html)
But if you download for example JDK 1.4.2 and look inside of (jre/lib)
you'll find jsse.jar, the jar where still are com.sun.net.ssl. Sun,
still mantain compatiblity with JDK 1.3.
And still in JDK 1.5, you'll find jre/lib/jsse.jar.
But when jsse.jar desapear, i offer to modified code...
In other way if use javax.net.ssl.KeyManagerFactory ,
javax.net.ssl.SSLContext, javax.net.ssl.TrustManager, ftps don't work
under JDK 1.3.
I hope explain better, this time.
Then, make that you consider appropiate...
Thanks all, for your time.
--
The whole purpose of places like Starbucks is
for people with no decision-making ability
whatsoever to make six decisions just to buy
one cup of coffee. Short, tall, light, dark, caf,
decaf, low-fat, non-fat, etc. So people who
don't know what the hell they're doing or who
on earth they are can, for only $2.95, get not
just a cup of coffee but an absolutely defining
sense of self: Tall. Decaf. Cappuccino.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
