my dog learned polymorphism*
The moose likes Sockets and Internet Protocols and the fly likes FTP over SSL Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Sockets and Internet Protocols
Bookmark "FTP over SSL" Watch "FTP over SSL" New topic
Author

FTP over SSL

Sri Nivas
Ranch Hand

Joined: Apr 18, 2001
Posts: 58
I am using the FTPConnection.java (Bret Taylor's) which I found on javaranch.com. Now I want to make it work using SSL. I have a SSL enabled FTP Server and I want to upload and download files from this server using SSL.
I have read some stuff about SSL but I need some suggestions/ideas on how to start.
For example, instead of using Socket class, I need to use SSLSocket(from Sun's JSSE Package) class to connect to the server. And before I send USER command, I need to send AUTH SSL command
etc. But I do not know how the SSL handshake takes place, and how to code it.
Can anybody help?
Thanks
Sri
Peter den Haan
author
Ranch Hand

Joined: Apr 20, 2000
Posts: 3252
In many cases, replacing (Server)Socket by SSL(Server)Socket is all you have to do. However I don't have experience with sftp specifically so there may be some snakes in the grass.
You certainly will not have to worry about the SSL handshaking process (apart from making sure having the necessary CA and optionally client certificates are available); this is completely abstracted away from you.
Where are you getting stuck? Are you seeing any errors?
- Peter
Sri Nivas
Ranch Hand

Joined: Apr 18, 2001
Posts: 58
Peter, thanks for the reply.
I am getting the following exception.
I am using j2sdk 1.4.1 on windows 2000 and I am connecting to a Solaris 2.6 running ProFTPD with TLS enabled running as a standalone service.
Do I need to add the ftp server's public key or certificate in my 'cacerts' file?
Any help is appreciated.
--------------------------------------------------
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Co
uldn't find trusted certificate
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:406)
at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:446)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:180)
at java.io.InputStreamReader.read(InputStreamReader.java:167)
at java.io.BufferedReader.fill(BufferedReader.java:136)
at java.io.BufferedReader.readLine(BufferedReader.java:299)
at java.io.BufferedReader.readLine(BufferedReader.java:362)
at FTPConnection.getFullServerReply(FTPConnection.java:314)
at FTPConnection.getServerReply(FTPConnection.java:300)
at FTPConnection.connect(FTPConnection.java:76)
at ftpclient.main(ftpclient.java:6)
Caused by: java.security.cert.CertificateException: Couldn't find trusted certif
icate
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(
DashoA6275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(
DashoA6275)
... 18 more
--------------------------------------------------
[ October 25, 2002: Message edited by: Sri Nivas ]
Sri Nivas
Ranch Hand

Joined: Apr 18, 2001
Posts: 58
I am including the debug output by using -Djavax.net.debug=ssl when I ran my client program.
Now I am using a secure ftp wrapper from www.glub.com on my windows 2000 ftp server.
Do I need to add the server's public key to my cacerts file? Do I need to have .keystore file?
How can I tell my client program to accept the key from the server always?
Any info is appreciated.
--------------------------------------------------
init context
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1018962994 bytes = { 117, 4, 105, 138, 146, 24, 91, 72, 159, 47, 1, 184, 140, 96, 44, 178, 41, 190, 232, 64, 118, 39, 169, 20, 6, 209, 103, 18 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
main, WRITE: TLSv1 Handshake, length = 59
main, WRITE: SSLv2 client hello message, length = 77
main, READ: TLSv1 Handshake, length = 684
*** ServerHello, TLSv1
RandomCookie: GMT: 1018962994 bytes = { 26, 193, 82, 201, 155, 60, 230, 112, 253, 6, 69, 177, 177, 104, 94, 58, 104, 164, 187, 24, 139, 20, 13, 31, 214, 152, 199, 110 }
Session ID: {61, 188, 36, 50, 18, 82, 137, 97, 172, 213, 112, 123, 98, 15, 248, 127, 141, 124, 175, 185, 25, 149, 40, 144, 60, 42, 15, 198, 40, 13, 229, 27}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: CN=127.0.0.1, OU=Secure FTP Wrapper, O=Org, L=Location, ST=CA, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@15f
Validity: [From: Sat Oct 26 17:42:51 PDT 2002,
To: Tue Oct 25 17:42:51 PDT 2005]
Issuer: CN=127.0.0.1, OU=Secure FTP Wrapper, O=Org, L=Location, ST=CA, C=US
SerialNumber: [ 3dbb368b]
]
Algorithm: [MD5withRSA]
Signature:
0000: 6B 60 7F 17 5A B1 86 83 A1 35 D0 45 85 1E D9 D6 k`..Z....5.E....
0010: 90 5E 09 32 C1 FC 77 78 C6 2C 9B 08 64 D7 0E 38 .^.2..wx.,..d..8
0020: 6E 34 C9 DC 44 B4 9D 30 A2 F1 38 25 D9 7E 98 7F n4..D..0..8%....
0030: CB 30 2B C0 29 8A 3D B4 EF 63 11 E7 14 49 BB 0B .0+.).=..c...I..
0040: 20 8A 42 CC 38 F2 D2 17 7D 4B BE E5 82 CB 9B 67 .B.8....K.....g
0050: 45 B8 F2 89 18 69 84 BD 5E 52 C0 56 48 4B BD 66 E....i..^R.VHK.f
0060: A2 16 B5 A5 B3 A0 13 71 5F B0 74 CF 31 99 5E 6E .......q_.t.1.^n
0070: C1 12 73 DC 9D 77 B5 02 6A 6F 12 1E 70 E8 1C 7D ..s..w..jo..p...
]
***
main, SEND TLSv1 ALERT: fatal, description = certificate_unknown
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Couldn't find trusted certificate
Exception:javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Couldn't find trusted certificate
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
--------------------------------------------------
[ October 27, 2002: Message edited by: Sri Nivas ]
Sri Nivas
Ranch Hand

Joined: Apr 18, 2001
Posts: 58
I could solve it by adding the server certificate into my cacerts file in my jre directory.
Peter den Haan
author
Ranch Hand

Joined: Apr 20, 2000
Posts: 3252
Thanks for letting us know the outcome, Sri -- and sorry I wasn't back in time to help you
- Peter
 
wood burning stoves
 
subject: FTP over SSL