Hi Rory.
I tried the apache Jakarta FTPSClient to connect to filezilla ftps listening
on port 990.
When I use ftps.connect("localhost", 990); it does not get connected.
FTPSClient client = new FTPSClient("JKS","SSL","password","0","P");
System.out.println("*****");
client.connect("127.0.0.1",990);
System.out.println("*****");
client.getStatus();
System.out.println("*****");
Appreciate any tips. Thanks.
Here's the code I downloaded from Apache Jakarta:
/*
* Copyright 2001-2005 The Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.InetAddress;
import java.net.Socket;
import java.net.SocketException;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import org.apache.commons.net.SocketFactory;
import org.apache.commons.net.ftp.FTPClient;
/**
*
* This class extends [EMAIL PROTECTED] org.apache.commons.net.ftp.FTPClient}
to add
* the necessary methods that implement SSL/TLS-FTPS.
*
*/
public class FTPSClient extends FTPClient {
// Represent the method to the FTP command AUTH...
private String sslContext;
// Secure context (can be "TLS" or "SSL")
private SSLContext context;
private String pbsz;
private String prot;
private BufferedReader _controlInput_;
private BufferedWriter _controlOutput_;
/**
* Default constructor that selects some default options (TLS
encryption)
*
*/
public FTPSClient() {
this("JCEKS", "TLS", "password", "0", "P");
}
/**
*
* Constructor that initializes the secure connection.
*
* @param keyStoreName Type of instance KeyStore, JKS for Java 1.3 y
JCEKS
for Java 1.4
* @param sslContext Type of the instance SSLContext, can be SSL or TLS.
* @param password The password to access the KeyStore.
* @param pbsz Protection buffer size (Use 0 to indicate streaming)
* @param prot The protection level for the data channel
*/
public FTPSClient(String keyStoreName, String sslContext, String
password,
String pbsz, String prot) {
this.sslContext = sslContext;
this.pbsz = pbsz;
this.prot = prot;
try {
KeyStore keyStore = KeyStore.getInstance(keyStoreName);
keyStore.load(null, password.toCharArray());
KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore,
password.toCharArray());
this.context = SSLContext.getInstance(sslContext);
this.context.init(
keyManagerFactory.getKeyManagers(),
new TrustManager[] { (TrustManager) new
FTPSTrustManager() }, null
);
} catch (Exception e) {
e.printStackTrace();
}
}
/**
* @see
org.apache.commons.net.SocketClient#connect(java.net.InetAddress,
int, java.net.InetAddress, int)
*/
public void connect(InetAddress address, int port, InetAddress
localAddress, int localPort) throws SocketException, IOException
{
System.out.println("***** In 1 ********");
super.connect(address, port, localAddress, localPort);
this.secure(this.pbsz,this.prot);
}
/**
* @see
org.apache.commons.net.SocketClient#connect(java.net.InetAddress,
int)
*/
public void connect(InetAddress address, int port) throws
SocketException,
IOException
{
System.out.println("***** In 2 ********");
super.connect(address, port);
this.secure(this.pbsz,this.prot);
}
/**
* @see org.apache.commons.net.SocketClient#connect(java.lang.String,
int,
java.net.InetAddress, int)
*/
public void connect(String address, int port, InetAddress localAddress,
int
localPort) throws SocketException, IOException
{
System.out.println("***** In 3 ********");
super.connect(address, port, localAddress, localPort);
this.secure(this.pbsz,this.prot);
}
/**
* @see org.apache.commons.net.SocketClient#connect(java.lang.String,
int)
*/
public void connect(String address, int port) throws SocketException,
IOException
{
System.out.println("FTPSClient***** In 4 ********");
System.out.println("Address=" + address);
System.out.println("Port=" + port);
super.connect(address, port);
this.secure(this.pbsz,this.prot);
}
/**
*
* Initialize the secure connection with the FTP server, throw the AUTH
SSL
o TLS command.
* Get the socket with the server, starting the "handshake" making the
socket, with a layer of securety,
* and initializing the stream of connection.
*
*
* @param pbsz Protection Buffer Size: "0" is a good value
* @param prot Data Channel Protection Level:
* Posible values:
* C - Clear
* S - Safe
* E - Confidential
* P - PrivateType of secure connection
*
* @throws IOException If there is any problem with the connection.
*/
protected void secure(String pbsz, String prot) throws IOException {
this.sendCommand("AUTH", sslContext);
SSLSocket socket =
(SSLSocket)this.context.getSocketFactory().createSocket(this._socket_,
this.getRemoteAddress().getHostAddress(), this.getRemotePort(), true);
socket.startHandshake();
this._socket_ = socket;
this._controlInput_ = new BufferedReader(new
InputStreamReader(socket.getInputStream(), getControlEncoding()));
this._controlOutput_ = new BufferedWriter(new
OutputStreamWriter(socket.getOutputStream(), getControlEncoding()));
this.setSocketFactory( new FTPSSocketFactory(this.context));
this.sendCommand("PBSZ", pbsz);
this.sendCommand("PROT", prot);
}
/**
* @see
org.apache.commons.net.ftp.FTPCliente#_openDataConnection_(java.lang.String,
int)
*/
protected Socket _openDataConnection_(int command, String arg) throws
IOException {
Socket socket = super._openDataConnection_(command, arg);
if (socket != null) {
((SSLSocket)socket).startHandshake();
}
return socket;
}
}
Regards,
Rory Winston wrote:
>
> Stevw
>
> I think that's a great suggestion. It moves us forward without
> necessarily sacrificing backwards compatability.
>
> I have had a look at the classes written by Jose and Paul, and
> incorporated them into my local branch copy. I had to make one minor
> change to get them to work, but other than that they seem to work well.
> I set up a test FTPS server using FileZilla on my local machine and
> wrote some client code:
>
> FtpsClient client = new FtpsClient();
>
> client.connect("127.0.0.1");
> client.addProtocolCommandListener(new
> PrintCommandListener(new PrintWriter(System.out)));
> client.login("user", "pass");
> client.cwd("test");
>
> for (FTPFile file : client.listFiles()) {
> System.out.println(file.getName());
> }
>
> OutputStream out = new FileOutputStream("c:\\temp\\test.war");
> client.retrieveFile("test.war", out);
> client.disconnect();
>
> and it seems to work a treat. If we are agreed that we should go down
> this parallel branch route, then I can move the JDK_1_4_BRANCH to
> something more sensible (i.e. Daniel's suggestion a while back to make
> the 1.4+ branch version 2), maybe NET_2_0_0. We can use the com.sun.*
> stuff for the 1.3 branch (which will probably be our 1.5.0 release)?
>
> Rory
>
> Steve Cohen wrote:
>
>> Thank you for this explanation. It is good to actually look at the
>> code instead of making assumptions, which is what I have been doing.
>>
>> The JSSE's jar does not provide javax.net.ssl versions of the
>> com.sun.net.ssl interfaces And, after doing a little research, I find
>> that there are differences between JSSE 1.0.3 and the packages in JDK
>> 1.4, such that there is no backward compatibility. Basically, JSSE
>> 1.0.x is a prototype, a hack through which Sun worked out the bugs,
>> culminating in the better implementation that they released in 1.4.
>> They did not just move the JSSE.jar code into JDK 1.4. They also
>> improved it.
>>
>> Since these are new classes for us, I think it makes little sense to
>> tie into backward compatibility from the start, when that backward
>> compatibility is already out of date. I don't think there is a clean
>> way to have one code base that will work the way we'd like it for both
>> cases.
>>
>> Therefore, I think the solution for this is for Jakarta Commons Net to
>> take Rory Winston's suggestion and start a new branch of Commons Net
>> for JDK 1.4 only (for this and other reasons) and maintain two
>> branches for awhile, the current HEAD branch for 1.3 compatibility and
>> the new branch for 1.4. The new branch can use the javax.ssl.net
>> classes, the old one can use com.sun.net.
>>
>>
>> Jose Juan Montiel wrote:
>>
>>> Hi Steve,
>>>
>>>
>>>> What I think you're missing is that if you put jsse.jar on your
>>>> classpath, you can use javax.net.ssl with java 1.3.
>>>
>>>
>>>
>>> maybe i don't explain well, sorry.
>>>
>>> The three classes of com.sun.net.ssl that are used for implement FTPS
>>> (in the way that Paul did and I modified, maybe there is another...)
>>> are...
>>>
>>> com.sun.net.ssl.KeyManagerFactory
>>> (http://java.sun.com/products/jsse/doc/apidoc/com/sun/net/ssl/KeyManagerFactory.html)
>>>
>>>
>>>
>>> com.sun.net.ssl.SSLContext
>>> (http://java.sun.com/products/jsse/doc/apidoc/com/sun/net/ssl/SSLContext.html)
>>>
>>>
>>>
>>> com.sun.net.ssl.TrustManager
>>> (http://java.sun.com/products/jsse/doc/apidoc/com/sun/net/ssl/TrustManager.html)
>>>
>>>
>>>
>>> This classes in JSSE are only in the package com.sun.net.ssl, and
>>> although in JSSE 1.0.3 there are a packege javax.net.ssl, it doesn't
>>> contain this classes, it contains javax.net.ssl.SSLSocket, a classes
>>> soon used, to implement FTPS.
>>>
>>>
>>>> And the commons-net team would prefer to go that way because Sun
>>>> says that
>>>> com.sun.net may go away with some future release, but not
>>>> javax.net. Yes, this
>>>> would be a small inconvenience for java 1.3 users, but the stability
>>>> is worth it.
>>>
>>>
>>>
>>> This three classes in JDK 1.4.2, were move to
>>>
>>> javax.net.ssl.KeyManagerFactory
>>> (http://java.sun.com/j2se/1.4.2/docs/api/javax/net/ssl/KeyManagerFactory.html)
>>>
>>>
>>>
>>> javax.net.ssl.SSLContext
>>> (http://java.sun.com/j2se/1.4.2/docs/api/javax/net/ssl/SSLContext.html)
>>>
>>> javax.net.ssl.TrustManager
>>> (http://java.sun.com/j2se/1.4.2/docs/api/javax/net/ssl/TrustManager.html)
>>>
>>>
>>> But if you download for example JDK 1.4.2 and look inside of (jre/lib)
>>> you'll find jsse.jar, the jar where still are com.sun.net.ssl. Sun,
>>> still mantain compatiblity with JDK 1.3.
>>>
>>> And still in JDK 1.5, you'll find jre/lib/jsse.jar.
>>>
>>> But when jsse.jar desapear, i offer to modified code...
>>>
>>> In other way if use javax.net.ssl.KeyManagerFactory ,
>>> javax.net.ssl.SSLContext, javax.net.ssl.TrustManager, ftps don't work
>>> under JDK 1.3.
>>>
>>> I hope explain better, this time.
>>>
>>> Then, make that you consider appropiate...
>>>
>>> Thanks all, for your time.
>>>
>>> --
>>> The whole purpose of places like Starbucks is
>>> for people with no decision-making ability
>>> whatsoever to make six decisions just to buy
>>> one cup of coffee. Short, tall, light, dark, caf,
>>> decaf, low-fat, non-fat, etc. So people who
>>> don't know what the hell they're doing or who
>>> on earth they are can, for only $2.95, get not
>>> just a cup of coffee but an absolutely defining
>>> sense of self: Tall. Decaf. Cappuccino.
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
View this message in context:
http://www.nabble.com/-net--JSSE-classes-in-FTPS-WAS-Re%3A--net--FTPS-submission---legal-issues-tf1019716.html#a6313989
Sent from the Commons - Dev forum at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
