Hi
Anyone got any idea as to how I could solve the issue I describe
below? The MINA integration into FtpServer is not full functional,
except for the SSL support :-/
Thanks!
/niklas
Niklas Gustavsson wrote:
Hi
I'm trying to integrate MINA with Apache FtpServer, basically base
FtpServer's socket handling on MINA. So far it's been a great
experience. However, I just got stuck. It might very likely be an
error on my side but I need some pointers :-)
The FTP AUTH command is sent by a client to tell the server that it
wants to secure the FTP control socket with SSL. The flow is like
this:
1. Client sends "AUTH TLS"
2. Server sends "234 Command AUTH okay; starting TLS connection."
3. Server secures the socket
4. Next client call is over the secure socket
Now, to implement this I add a SSLFilter at step 3. However, I seem
to run into a condition where the response sent at step 2 sometimes
end up in the, not yet initialized, SSLFilter. This results in:
java.lang.IllegalStateException
at org.apache.mina.filter.SSLFilter.getSSLSessionHandler(SSLFilter.java:634)
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:371)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
at
org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
at
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
at
org.apache.mina.common.support.AbstractIoFilterChain$HeadFilter.messageReceived(AbstractIoFilterChain.java:617)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain..java:362)
at
org.apache.mina.common.support.AbstractIoFilterChain.fireMessageReceived(AbstractIoFilterChain.java:353)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java:281)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:241)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.access$500(SocketIoProcessor.java:44)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:559)
at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:43)
at java.lang.Thread.run(Thread.java:595)
From my understanding, the response should already has been sent
to the client but that seems not to be the case. The response (step 2)
is sent as:
session.write(response).join();
Shouldn't the join() make that call wait until the write is
completely done? If not, how would I otherwise ensure that the
response has been sent before I add the SSL filter?
The full trace is attached.
Thanks!
/niklas
------------------------------------------------------------------------
Server ready :: Apache FTP Server
------- Apache FTP Server started ------
[/127.0.0.1:2291] CREATED
Launching thread for /127.0.0.1:2291
[/127.0.0.1:2291] OPENED
[/127.0.0.1:2291] WRITE: 220 Service ready for new user.
< 220 Service ready for new user.
AUTH TLS
AUTH TLS
AUTH TLS
[/127.0.0.1:2291] RECEIVED: AUTH TLS
[/127.0.0.1:2291] WRITE: 234 Command AUTH okay; starting TLS connection.
< 220 Service ready for new user.
234 Command AUTH okay; starting TLS connection.
[/127.0.0.1:2291] doHandshake()
[/127.0.0.1:2291] initialHandshakeStatus=NEED_UNWRAP
[/127.0.0.1:2291] unwrapHandshake()
[/127.0.0.1:2291] inNetBuffer: java.nio.DirectByteBuffer[pos=0
lim=0 cap=16665]
[/127.0.0.1:2291] appBuffer: java.nio.DirectByteBuffer[pos=0
lim=33330 cap=33330]
[/127.0.0.1:2291] Unwrap res:Status = BUFFER_UNDERFLOW
HandshakeStatus = NEED_UNWRAP
bytesConsumed = 0 bytesProduced = 0
[EMAIL PROTECTED]
[/127.0.0.1:2291] SENT: 220 Service ready for new user.
[/127.0.0.1:2291] SENT: 234 Command AUTH okay; starting TLS connection.
[/127.0.0.1:2291] EXCEPTION:
java.lang.IllegalStateException
at org.apache.mina.filter.SSLFilter.getSSLSessionHandler(SSLFilter.java:634)
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:371)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
at
org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
at
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
at
org.apache.mina.common.support.AbstractIoFilterChain$HeadFilter.messageReceived(AbstractIoFilterChain.java:617)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
at
org.apache.mina.common.support.AbstractIoFilterChain.fireMessageReceived(AbstractIoFilterChain.java:353)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java:281)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:241)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.access$500(SocketIoProcessor.java:44)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:559)
at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:43)
at java.lang.Thread.run(Thread.java:595)
[/127.0.0.1:2291] CLOSE
[/127.0.0.1:2291] write outNetBuffer:
java.nio.DirectByteBuffer[pos=0 lim=7 cap=16665]
[/127.0.0.1:2291] session write: DirectBuffer[pos=0 lim=7 cap=8:
15 03 01 00 02 01 00]
[/127.0.0.1:2291] Data Read:
[EMAIL PROTECTED] (DirectBuffer[pos=0
lim=7 cap=8192: 15 03 01 00 02 02 0A])
[/127.0.0.1:2291] doHandshake()
[/127.0.0.1:2291] initialHandshakeStatus=NEED_UNWRAP
[/127.0.0.1:2291] unwrapHandshake()
[/127.0.0.1:2291] inNetBuffer: java.nio.DirectByteBuffer[pos=0
lim=7 cap=16665]
[/127.0.0.1:2291] appBuffer: java.nio.DirectByteBuffer[pos=0
lim=33330 cap=33330]
[/127.0.0.1:2291] Unexpected exception from SSLEngine.closeInbound().
javax.net.ssl.SSLException: Inbound closed before receiving peer's
close_notify: possible truncation attack?
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1352)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1320)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1259)
at org.apache.mina.filter.support.SSLHandler.destroy(SSLHandler.java:165)
at org.apache.mina.filter.SSLFilter.sessionClosed(SSLFilter.java:358)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextSessionClosed(AbstractIoFilterChain.java:321)
at
org.apache.mina.common.support.AbstractIoFilterChain.access$900(AbstractIoFilterChain.java:54)
at
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.sessionClosed(AbstractIoFilterChain.java:781)
at
org.apache.mina.common.support.AbstractIoFilterChain$HeadFilter.sessionClosed(AbstractIoFilterChain.java:599)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextSessionClosed(AbstractIoFilterChain.java:321)
at
org.apache.mina.common.support.AbstractIoFilterChain.fireSessionClosed(AbstractIoFilterChain.java:313)
at
org.apache.mina.common.support.IoServiceListenerSupport.fireSessionDestroyed(IoServiceListenerSupport.java:271)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.doRemove(SocketIoProcessor.java:225)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.access$700(SocketIoProcessor.java:44)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:563)
at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:43)
at java.lang.Thread.run(Thread.java:595)
[/127.0.0.1:2291] EXCEPTION:
javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:424)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
at
org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
at
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
at
org.apache.mina.common.support.AbstractIoFilterChain$HeadFilter.messageReceived(AbstractIoFilterChain.java:617)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
at
org.apache.mina.common.support.AbstractIoFilterChain.fireMessageReceived(AbstractIoFilterChain.java:353)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java:281)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:241)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.access$500(SocketIoProcessor.java:44)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:559)
at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:43)
at java.lang.Thread.run(Thread.java:595)
Caused by: javax.net.ssl.SSLException: Received fatal alert:
unexpected_message
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1352)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1320)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1482)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:957)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:782)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:674)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566)
at
org.apache.mina.filter.support.SSLHandler.unwrapHandshake(SSLHandler.java:677)
at org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:494)
at
org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:293)
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:392)
... 12 more
[/127.0.0.1:2291] CLOSED
Exiting since queue is empty for /127.0.0.1:2291
