Ftps proxy error

[sebastian-alfers]

As requested in https://issues.apache.org/jira/browse/NET-718

FYI @garydgregory

[pjfanning]

@garydgregory Running this test case requires the use of Docker Compose. Are the Commons Team amenable to have test cases adding to your unit tests or integration tests that rely on Docker Compose?

[garydgregory]

I'm OK with it.

[garydgregory]

Hm, I can't get the reproducer to work.

WARN[0000] /Users/garydgregory/git/commons-net/docker-compose.yml: `version` is obsolete
[+] Running 11/11
 ✔ ftp Pulled                                                                                                                                                                                                                                  11.3s
   ✔ b4d181a07f80 Pull complete                                                                                                                                                                                                                 8.0s
   ✔ e98cb485cfd8 Pull complete                                                                                                                                                                                                                 9.9s
   ✔ 0822c77e0e0b Pull complete                                                                                                                                                                                                                10.0s
   ✔ 8588bb5b4480 Pull complete                                                                                                                                                                                                                10.1s
   ✔ a41cb6218cc9 Pull complete                                                                                                                                                                                                                10.1s
   ✔ 7ac94abef10b Pull complete                                                                                                                                                                                                                10.1s
   ✔ 8d5dc14fad00 Pull complete                                                                                                                                                                                                                10.1s
   ✔ 417d6be4b5ec Pull complete                                                                                                                                                                                                                10.2s
   ✔ 71cd100c9ec0 Pull complete                                                                                                                                                                                                                10.2s
   ✔ 227193214c34 Pull complete                                                                                                                                                                                                                10.2s
[+] Running 2/2
 ✔ Network commons-net_default  Created                                                                                                                                                                                                         0.1s
 ✔ Container commons-net-ftp-1  Created                                                                                                                                                                                                         0.8s
Attaching to ftp-1
ftp-1  | Creating user...
ftp-1  | Password:
ftp-1  | Enter it again:
ftp-1  |  root user give /home/username directory 2000 owner
ftp-1  | Setting default port range to: 30000:30009
ftp-1  | Setting default max clients to: 5
ftp-1  | Setting default max connections per ip to: 5
ftp-1  | Starting Pure-FTPd:
ftp-1  |   pure-ftpd  -l puredb:/etc/pure-ftpd/pureftpd.pdb -E -j -R -P localhost --tls=1  -p 30000:30009 -c 5 -C 5

and running the using test cannot connect:

java.net.ConnectException: Connection refused (Connection refused)
	at java.net.PlainSocketImpl.socketConnect(Native Method)
	at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
	at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
	at java.net.Socket.connect(Socket.java:607)
	at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
	at sun.net.www.http.HttpClient.openServer(HttpClient.java:463)
	at sun.net.www.http.HttpClient$1.run(HttpClient.java:515)
	at sun.net.www.http.HttpClient$1.run(HttpClient.java:513)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.net.www.http.HttpClient.privilegedOpenServer(HttpClient.java:512)
	at sun.net.www.http.HttpClient.openServer(HttpClient.java:553)
	at sun.net.www.http.HttpClient.<init>(HttpClient.java:242)
	at sun.net.www.http.HttpClient.New(HttpClient.java:339)
	at sun.net.www.http.HttpClient.New(HttpClient.java:357)
	at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1228)
	at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1207)
	at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1056)
	at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:990)
	at java.net.HttpConnectSocketImpl.doTunnel(HttpConnectSocketImpl.java:167)
	at java.net.HttpConnectSocketImpl.access$200(HttpConnectSocketImpl.java:44)
	at java.net.HttpConnectSocketImpl$2.run(HttpConnectSocketImpl.java:151)
	at java.net.HttpConnectSocketImpl$2.run(HttpConnectSocketImpl.java:149)
	at java.security.AccessController.doPrivileged(Native Method)
	at java.net.HttpConnectSocketImpl.privilegedDoTunnel(HttpConnectSocketImpl.java:148)
	at java.net.HttpConnectSocketImpl.connect(HttpConnectSocketImpl.java:111)
	at java.net.Socket.connect(Socket.java:607)
	at org.apache.commons.net.SocketClient._connect(SocketClient.java:141)
	at org.apache.commons.net.SocketClient.connect(SocketClient.java:308)
	at org.apache.commons.net.SocketClient.connect(SocketClient.java:290)
	at org.apache.commons.net.ftp.FTPSProxyClientTest.testListFiles(FTPSProxyClientTest.java:84)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.lang.Thread.run(Thread.java:750)

[pjfanning]

I tried the test myself on my mac and I'm getting an issue with the SSL handshake due to a cert having expired.
I suspect the pem file that is part of this PR was generated a while ago and the cert that the PEM contains has expired. It could be something else though.

javax.net.ssl.SSLHandshakeException: NotAfter: Wed Apr 24 07:36:56 IST 2024
	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:360)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:303)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:298)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175)
	at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:183)
	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1511)
	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:456)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:427)
	at org.apache.commons.net.ftp.FTPSClient.sslNegotiation(FTPSClient.java:1120)

[pjfanning]

I got the test to run on my mac by regenerating the pem file.

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650 -nodes -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=CommonNameOrHostname"

key.pem and cert.pem are then manually merged to created pure-ftp.pem

The tests failed as expected with this change and when I applied potential solution b in https://github.com/apache/commons-net/pull/154/files#diff-cbb58f257b18c23645163433a3a2f989d76df71e55c5a2ac77bba86ed4540215

[garydgregory]

Yeah, I'm not even getting that far, the test can't seem to connect. Maybe the port is misconfigured?

[pjfanning]

Yeah, I'm not even getting that far, the test can't seem to connect. Maybe the port is misconfigured?

Do you have Squid running?

[garydgregory]

I followed the Homebrew instructions...

[garydgregory]

But what's confusing is that it's not clear (to me) if you need the Docker part of the setup on macOS. If I could get clear macOS instructions that would help ...