Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

FTP over SSL

 
Sri Nivas
Ranch Hand
Posts: 58
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am using the FTPConnection.java (Bret Taylor's) which I found on javaranch.com. Now I want to make it work using SSL. I have a SSL enabled FTP Server and I want to upload and download files from this server using SSL.
I have read some stuff about SSL but I need some suggestions/ideas on how to start.
For example, instead of using Socket class, I need to use SSLSocket(from Sun's JSSE Package) class to connect to the server. And before I send USER command, I need to send AUTH SSL command
etc. But I do not know how the SSL handshake takes place, and how to code it.
Can anybody help?
Thanks
Sri
 
Peter den Haan
author
Ranch Hand
Posts: 3252
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In many cases, replacing (Server)Socket by SSL(Server)Socket is all you have to do. However I don't have experience with sftp specifically so there may be some snakes in the grass.
You certainly will not have to worry about the SSL handshaking process (apart from making sure having the necessary CA and optionally client certificates are available); this is completely abstracted away from you.
Where are you getting stuck? Are you seeing any errors?
- Peter
 
Sri Nivas
Ranch Hand
Posts: 58
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Peter, thanks for the reply.
I am getting the following exception.
I am using j2sdk 1.4.1 on windows 2000 and I am connecting to a Solaris 2.6 running ProFTPD with TLS enabled running as a standalone service.
Do I need to add the ftp server's public key or certificate in my 'cacerts' file?
Any help is appreciated.
--------------------------------------------------
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Co
uldn't find trusted certificate
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:406)
at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:446)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:180)
at java.io.InputStreamReader.read(InputStreamReader.java:167)
at java.io.BufferedReader.fill(BufferedReader.java:136)
at java.io.BufferedReader.readLine(BufferedReader.java:299)
at java.io.BufferedReader.readLine(BufferedReader.java:362)
at FTPConnection.getFullServerReply(FTPConnection.java:314)
at FTPConnection.getServerReply(FTPConnection.java:300)
at FTPConnection.connect(FTPConnection.java:76)
at ftpclient.main(ftpclient.java:6)
Caused by: java.security.cert.CertificateException: Couldn't find trusted certif
icate
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(
DashoA6275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(
DashoA6275)
... 18 more
--------------------------------------------------
[ October 25, 2002: Message edited by: Sri Nivas ]
 
Sri Nivas
Ranch Hand
Posts: 58
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am including the debug output by using -Djavax.net.debug=ssl when I ran my client program.
Now I am using a secure ftp wrapper from www.glub.com on my windows 2000 ftp server.
Do I need to add the server's public key to my cacerts file? Do I need to have .keystore file?
How can I tell my client program to accept the key from the server always?
Any info is appreciated.
--------------------------------------------------
init context
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1018962994 bytes = { 117, 4, 105, 138, 146, 24, 91, 72, 159, 47, 1, 184, 140, 96, 44, 178, 41, 190, 232, 64, 118, 39, 169, 20, 6, 209, 103, 18 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
main, WRITE: TLSv1 Handshake, length = 59
main, WRITE: SSLv2 client hello message, length = 77
main, READ: TLSv1 Handshake, length = 684
*** ServerHello, TLSv1
RandomCookie: GMT: 1018962994 bytes = { 26, 193, 82, 201, 155, 60, 230, 112, 253, 6, 69, 177, 177, 104, 94, 58, 104, 164, 187, 24, 139, 20, 13, 31, 214, 152, 199, 110 }
Session ID: {61, 188, 36, 50, 18, 82, 137, 97, 172, 213, 112, 123, 98, 15, 248, 127, 141, 124, 175, 185, 25, 149, 40, 144, 60, 42, 15, 198, 40, 13, 229, 27}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: CN=127.0.0.1, OU=Secure FTP Wrapper, O=Org, L=Location, ST=CA, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@15f
Validity: [From: Sat Oct 26 17:42:51 PDT 2002,
To: Tue Oct 25 17:42:51 PDT 2005]
Issuer: CN=127.0.0.1, OU=Secure FTP Wrapper, O=Org, L=Location, ST=CA, C=US
SerialNumber: [ 3dbb368b]
]
Algorithm: [MD5withRSA]
Signature:
0000: 6B 60 7F 17 5A B1 86 83 A1 35 D0 45 85 1E D9 D6 k`..Z....5.E....
0010: 90 5E 09 32 C1 FC 77 78 C6 2C 9B 08 64 D7 0E 38 .^.2..wx.,..d..8
0020: 6E 34 C9 DC 44 B4 9D 30 A2 F1 38 25 D9 7E 98 7F n4..D..0..8%....
0030: CB 30 2B C0 29 8A 3D B4 EF 63 11 E7 14 49 BB 0B .0+.).=..c...I..
0040: 20 8A 42 CC 38 F2 D2 17 7D 4B BE E5 82 CB 9B 67 .B.8....K.....g
0050: 45 B8 F2 89 18 69 84 BD 5E 52 C0 56 48 4B BD 66 E....i..^R.VHK.f
0060: A2 16 B5 A5 B3 A0 13 71 5F B0 74 CF 31 99 5E 6E .......q_.t.1.^n
0070: C1 12 73 DC 9D 77 B5 02 6A 6F 12 1E 70 E8 1C 7D ..s..w..jo..p...
]
***
main, SEND TLSv1 ALERT: fatal, description = certificate_unknown
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Couldn't find trusted certificate
Exception:javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Couldn't find trusted certificate
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
--------------------------------------------------
[ October 27, 2002: Message edited by: Sri Nivas ]
 
Sri Nivas
Ranch Hand
Posts: 58
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I could solve it by adding the server certificate into my cacerts file in my jre directory.
 
Peter den Haan
author
Ranch Hand
Posts: 3252
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for letting us know the outcome, Sri -- and sorry I wasn't back in time to help you
- Peter
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic