使用Java Apache FTPClient进行FTP TLS获取“握手时远程主机关闭连接”

时间:2017-10-08 12:53:35

标签: java apache ftp ftps apache-commons-net

我在Windows 10 64x上为FTP TLS运行了一个Java(1.8)程序(org.apache.commons.net.ftp):

FTPSClient ftpClient = new FTPSClient();

System.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2");
// LISTENER
ftpClient.addProtocolCommandListener(
    new PrintCommandListener(new PrintWriter(System.out), true));

ftpClient.connect(server);
ftpClient.login(user, pass);

// Enter local passive mode
ftpClient.enterLocalPassiveMode();
// useEpsvWithIPv4
ftpClient.setUseEPSVwithIPv4(true);
// Set protection buffer size
ftpClient.execPBSZ(0);
// Set data channel protection to private
ftpClient.execPROT("P");

System.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2");

ftpClient.setTrustManager(TrustManagerUtils.getAcceptAllTrustManager());

ftpClient.setFileType(FTP.BINARY_FILE_TYPE);

System.out.println("Remote system is " + 
ftpClient.getEnabledCipherSuites());

System.out.println("SSL: " + 
ftpClient.getEnableSessionCreation());
// PROTOCOLOS
String[] Protocols = ftpClient.getEnabledProtocols();
System.out.println("Protocols " + Protocols);
// AUTH
boolean Auth = ftpClient.getNeedClientAuth();
System.out.println("Auth: " + Auth);
ftpClient.getWantClientAuth();
ftpClient.getTrustManager();
ftpClient.feat();              

// APPROACH #1: using retrieveFile(String, OutputStream)
String remoteFile1 = "/readme.txt";
File downloadFile1 = new File("C:\\readme.txt");
OutputStream outputStream1 = new BufferedOutputStream(new 
FileOutputStream(downloadFile1));
ftpClient.retrieveFile(remoteFile1, outputStream1);
outputStream1.close();

对于第一个FTP服务器(Microsoft FTP服务)工作正常!调试:

run:
220 Microsoft FTP Service
AUTH TLS
234 AUTH command ok. Expecting TLS Negotiation.
USER *******
331 Password required for demo.
PASS *******
230 User logged in.
PBSZ 0
200 PBSZ command successful.
PROT P
200 PROT command successful.
TYPE I
200 Type set to I.
SSL: true
SYST
215 Windows_NT
Remote system is Windows_NT
Protocols [Ljava.lang.String;@3f2a3a5
Auth: false
FEAT
211-Extended features supported:
 LANG EN*
 UTF8
 AUTH TLS;TLS-C;SSL;TLS-P;
 PBSZ
 PROT C;P;
 CCC
 HOST
 SIZE
 MDTM
 REST STREAM
211 END
EPSV
229 Entering Extended Passive Mode (|||1025|)
RETR /readme.txt
125 Data connection already open; Transfer starting.
226 Transfer complete.
QUIT
221 Goodbye.
BUILD SUCCESSFUL (total time: 7 seconds)

对于第二个FTP服务器(FileZilla Server 0.9.59 beta)出错,请调试:

run:
220-FileZilla Server 0.9.59 beta
220-written by Tim Kosse (tim.kosse@filezilla-project.org)
220 Please visit https://filezilla-project.org/
AUTH TLS
234 Using authentication type TLS
USER *******
331 Password required for xxx
PASS *******
230 Logged on
PBSZ 0
200 PBSZ=0
PROT P
200 Protection level set to P
TYPE I
200 Type set to I
SSL: true
SYST
215 UNIX emulated by FileZilla
Remote system is UNIX emulated by FileZilla
Protocols [Ljava.lang.String;@246ae04d
Auth: false
FEAT
211-Features:
 MDTM
 REST STREAM
 SIZE
 MLST type*;size*;modify*;
 MLSD
 AUTH SSL
 AUTH TLS
 PROT
 PBSZ
 UTF8
 CLNT
 MFMT
 EPSV
 EPRT
211 End
EPSV
229 Entering Extended Passive Mode (|||14393|)
RETR /readme.txt
150 Opening data channel for file download from server of "/readme.txt"
Error: Remote host closed connection during handshake
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
QUIT
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1002)
450 TLS session of data connection has not resumed or the session does not match the control connection
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
    at org.apache.commons.net.ftp.FTPSClient._openDataConnection_(FTPSClient.java:646)
    at org.apache.commons.net.ftp.FTPClient._retrieveFile(FTPClient.java:1899)
    at org.apache.commons.net.ftp.FTPClient.retrieveFile(FTPClient.java:1885)
    at ftps.App_FTP.main(App_FTP.java:96)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
    at sun.security.ssl.InputRecord.read(InputRecord.java:505)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:983)
    ... 7 more
BUILD SUCCESSFUL (total time: 5 seconds)

使用FileZilla客户端工作正常(下载/上传文件),但使用Java代码我连接和登录都无能为力。有什么建议吗?或自动FTP TLS的任何其他解决方案?

My ftp Object

2 个答案:

答案 0 :(得分:3)

我使用Cyber​​duck库解决了这个问题。 https://github.com/iterate-ch/cyberduck
首先是为什么会出现握手问题, 因为一些进步FTP服务器只允许一个会话进行连接和数据传输。

1)控制会话 - >用于连接
 2)数据会话 - >数据存储/下载/等

那么如何解决这个问题。

第1步 -

首先你需要从GitHub查看cyberduck repo。 从这里 - :https://github.com/iterate-ch/cyberduck

第2步 - 您将在结帐回购中看到FTP和核心模块 ftp and core modules

第3步 - 将此模块转换为maven并为其创建jar。

第4步 - 将此jar添加到您的项目中,但此jar还需要其他依赖项,因此也将相应的内容添加到项目构建路径中。

第5步 - 代码段。

public class TestFTPS {
    public static void main(String[] args) throws SocketException, IOException {
        TrustManager[] trustManagers = new TrustManager[] { new X509TrustManager() {
            @Override
            public X509Certificate[] getAcceptedIssuers() {
                // TODO Auto-generated method stub
                return null;
            }
            @Override
            public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                // TODO Auto-generated method stub
            }

            @Override
            public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                // TODO Auto-generated method stub
            }
        } };
        SSLContext sslContext = null;
        try {
            sslContext = SSLContext.getInstance("SSL");
            sslContext.init(null, trustManagers, new SecureRandom());
        } catch (Exception e) {
            e.printStackTrace();
        }
        SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
        Protocol protocol = new FTPTLSProtocol();
        FTPClient client = new FTPClient(protocol, sslSocketFactory, sslContext);
        client.addProtocolCommandListener(new PrintCommandListener(new PrintWriter(System.out)));
        client.connect(ftphostname, port);
        client.execAUTH("TLS"); //SSL
        System.out.println(client.getReplyCode());
        if (client.login(username, password)) {
            client.execPBSZ(0);
            client.execPROT("P");
            String date = "Testing Data Send to provide FTP location";
            client.setFileType(FTP.BINARY_FILE_TYPE);
            client.enterLocalPassiveMode();
            InputStream is = new ByteArrayInputStream(date.getBytes());
            client.storeFile("test.txt", is);
            System.out.print(client.getReplyCode());
        }
    }
}

步骤6 - :运行此代码后,您的文件将成功传输到ftp位置。

注意 - :请在项目中添加所需的jar

希望这会对你有帮助。

答案 1 :(得分:2)

重要信息不是异常消息本身,而是日志中的此消息:

  

450 TLS数据连接会话尚未恢复或会话与控制连接不匹配

某些FTP服务器确实要求您重复使用TLS会话进行数据连接。

Apache Commons Net库本身并不支持这一点,但实现它并不困难。

如何做到这一点,在我的回答中显示:
How to connect to FTPS server with data connection using same TLS session?

相关问题
最新问题