From 9b3105cfe9ca10f21c53128577993ec296989ed0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mika=C3=ABl=20Guichard?= Date: Wed, 15 Jan 2025 12:10:44 +0100 Subject: [PATCH 1/5] FTPES with TLS Session Reuse for FileZilla Server (need BouncyCastle and a subclass). Connecting to ftp.example.com on the command port and then to the corresponding IP x.x.x.x on the data port prevents the server from accepting the same TLS session. Therefore, the Filezilla server needs to set peerHost before socket.connect to allow TLS session resumption. --- src/main/java/org/apache/commons/net/ftp/FTPSClient.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/apache/commons/net/ftp/FTPSClient.java b/src/main/java/org/apache/commons/net/ftp/FTPSClient.java index 806e1c0e7..f1c2e017e 100644 --- a/src/main/java/org/apache/commons/net/ftp/FTPSClient.java +++ b/src/main/java/org/apache/commons/net/ftp/FTPSClient.java @@ -279,7 +279,6 @@ protected Socket _openDataConnection_(final int command, final String arg) throw @Override protected Socket _openDataConnection_(final String command, final String arg) throws IOException { final Socket socket = openDataSecureConnection(command, arg); - _prepareDataSocket_(socket); if (socket instanceof SSLSocket) { final SSLSocket sslSocket = (SSLSocket) socket; @@ -313,7 +312,7 @@ protected Socket _openDataConnection_(final String command, final String arg) th */ protected void _prepareDataSocket_(final Socket socket) throws IOException { } - + /** * Check the value that can be set in PROT Command value. * @@ -831,6 +830,8 @@ private Socket openDataSecureConnection(final String command, final String arg) } socket = server.accept(); + _prepareDataSocket_(socket); + // Ensure the timeout is set before any commands are issued on the new socket if (soTimeoutMillis >= 0) { socket.setSoTimeout(soTimeoutMillis); @@ -871,6 +872,8 @@ private Socket openDataSecureConnection(final String command, final String arg) socket = _socketFactory_.createSocket(); } + _prepareDataSocket_(socket); + if (getReceiveDataSocketBufferSize() > 0) { socket.setReceiveBufferSize(getReceiveDataSocketBufferSize()); } From ccede14b065c8dbffe3fdec7fd8e8ca9f2dac64f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mika=C3=ABl=20Guichard?= Date: Wed, 15 Jan 2025 16:04:01 +0100 Subject: [PATCH 2/5] Checkstyle => OK --- src/main/java/org/apache/commons/net/ftp/FTPSClient.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/apache/commons/net/ftp/FTPSClient.java b/src/main/java/org/apache/commons/net/ftp/FTPSClient.java index f1c2e017e..02667af82 100644 --- a/src/main/java/org/apache/commons/net/ftp/FTPSClient.java +++ b/src/main/java/org/apache/commons/net/ftp/FTPSClient.java @@ -312,7 +312,7 @@ protected Socket _openDataConnection_(final String command, final String arg) th */ protected void _prepareDataSocket_(final Socket socket) throws IOException { } - + /** * Check the value that can be set in PROT Command value. * @@ -831,7 +831,7 @@ private Socket openDataSecureConnection(final String command, final String arg) socket = server.accept(); _prepareDataSocket_(socket); - + // Ensure the timeout is set before any commands are issued on the new socket if (soTimeoutMillis >= 0) { socket.setSoTimeout(soTimeoutMillis); @@ -873,7 +873,7 @@ private Socket openDataSecureConnection(final String command, final String arg) } _prepareDataSocket_(socket); - + if (getReceiveDataSocketBufferSize() > 0) { socket.setReceiveBufferSize(getReceiveDataSocketBufferSize()); } From 8c1bb99fdd95a4b2cf59a9fde4bf3e83f33f0a3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mika=C3=ABl=20Guichard?= Date: Mon, 20 Jan 2025 10:14:09 +0100 Subject: [PATCH 3/5] WIP --- pom.xml | 36 ++++++++ src/dockerfile/filezilla-server/dockerfile | 31 +++++++ .../apache/commons/net/ftp/FTPSClient.java | 51 ++++++------ .../commons/net/ftp/AbstractFtpsTest.java | 82 ++++++++++++++++++- .../commons/net/ftp/FTPSClientTest.java | 8 ++ .../filezillaserver.properties | 22 +++++ 6 files changed, 202 insertions(+), 28 deletions(-) create mode 100644 src/dockerfile/filezilla-server/dockerfile create mode 100644 src/test/resources/org/apache/commons/net/filezillaserver/filezillaserver.properties diff --git a/pom.xml b/pom.xml index 8b28a6ec9..6200b6e41 100644 --- a/pom.xml +++ b/pom.xml @@ -384,6 +384,42 @@ Supported protocols include Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Teln false + + io.fabric8 + docker-maven-plugin + 0.38.1 + + + + filezilla-server + + ${project.basedir}/Dockerfile + + + + 21:21 + + + + + + + + start-docker-container + pre-integration-test + + start + + + + stop-docker-container + post-integration-test + + stop + + + + diff --git a/src/dockerfile/filezilla-server/dockerfile b/src/dockerfile/filezilla-server/dockerfile new file mode 100644 index 000000000..c88096c5d --- /dev/null +++ b/src/dockerfile/filezilla-server/dockerfile @@ -0,0 +1,31 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# Utiliser une image de base Debian ou Ubuntu +FROM ubuntu:latest + +# Installer les mises à jour et FileZilla Server +RUN apt-get update && \ + apt-get install -y filezilla && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +# Exposer le port par défaut de FileZilla Server +EXPOSE 21 + +# Commande pour démarrer FileZilla Server (remplacez cette commande avec la commande appropriée pour démarrer le serveur) +CMD ["filezilla-server"] diff --git a/src/main/java/org/apache/commons/net/ftp/FTPSClient.java b/src/main/java/org/apache/commons/net/ftp/FTPSClient.java index 02667af82..a8ec9bada 100644 --- a/src/main/java/org/apache/commons/net/ftp/FTPSClient.java +++ b/src/main/java/org/apache/commons/net/ftp/FTPSClient.java @@ -184,7 +184,7 @@ public FTPSClient(final boolean isImplicit) { * {@link TrustManagerUtils#getValidateServerCertificateTrustManager()} * * @param isImplicit The security mode(Implicit/Explicit). - * @param context A pre-configured SSL Context + * @param context A pre-configured SSL Context */ public FTPSClient(final boolean isImplicit, final SSLContext context) { this(DEFAULT_PROTOCOL, isImplicit); @@ -213,7 +213,7 @@ public FTPSClient(final String protocol) { * Constructor for FTPSClient allowing specification of protocol and security mode. If isImplicit is true, the port is set to {@link #DEFAULT_FTPS_PORT} * i.e. 990. The default TrustManager is set from {@link TrustManagerUtils#getValidateServerCertificateTrustManager()} * - * @param protocol the protocol + * @param protocol the protocol * @param isImplicit The security mode(Implicit/Explicit). */ public FTPSClient(final String protocol, final boolean isImplicit) { @@ -250,9 +250,9 @@ protected void _connectAction_() throws IOException { * Returns a socket of the data connection. Wrapped as an {@link SSLSocket}, which carries out handshake processing. * * @param command The int representation of the FTP command to send. - * @param arg The arguments to the FTP command. If this parameter is set to null, then the command is sent with no arguments. + * @param arg The arguments to the FTP command. If this parameter is set to null, then the command is sent with no arguments. * @return corresponding to the established data connection. Null is returned if an FTP protocol error is reported at any point during the establishment and - * initialization of the connection. + * initialization of the connection. * @throws IOException If there is any problem with the connection. * @see FTPClient#_openDataConnection_(int, String) * @deprecated (3.3) Use {@link FTPClient#_openDataConnection_(FTPCmd, String)} instead @@ -269,9 +269,9 @@ protected Socket _openDataConnection_(final int command, final String arg) throw * Returns a socket of the data connection. Wrapped as an {@link SSLSocket}, which carries out handshake processing. * * @param command The textual representation of the FTP command to send. - * @param arg The arguments to the FTP command. If this parameter is set to null, then the command is sent with no arguments. + * @param arg The arguments to the FTP command. If this parameter is set to null, then the command is sent with no arguments. * @return corresponding to the established data connection. Null is returned if an FTP protocol error is reported at any point during the establishment and - * initialization of the connection. + * initialization of the connection. * @throws IOException If there is any problem with the connection. * @see FTPClient#_openDataConnection_(int, String) * @since 3.2 @@ -331,7 +331,7 @@ private boolean checkPROTValue(final String prot) { /** * Close open sockets. * - * @param socket main socket for proxy if enabled + * @param socket main socket for proxy if enabled * @param sslSocket ssl socket * @throws IOException closing sockets is not successful */ @@ -397,7 +397,7 @@ public int execADAT(final byte[] data) throws IOException { * Sends the AUTH command. * * @throws SSLException If the server reply code equals neither "234" nor "334". - * @throws IOException If an I/O error occurs while either sending the command. + * @throws IOException If an I/O error occurs while either sending the command. */ protected void execAUTH() throws SSLException, IOException { final int replyCode = sendCommand(CMD_AUTH, auth); @@ -495,7 +495,7 @@ public int execMIC(final byte[] data) throws IOException { * * @param pbsz Protection Buffer Size. * @throws SSLException If the server reply code does not equal "200". - * @throws IOException If an I/O error occurs while sending the command. + * @throws IOException If an I/O error occurs while sending the command. * @see #parsePBSZ(long) */ public void execPBSZ(final long pbsz) throws SSLException, IOException { @@ -521,7 +521,7 @@ public void execPBSZ(final long pbsz) throws SSLException, IOException { * * @param prot Data Channel Protection Level, if {@code null}, use {@link #DEFAULT_PROT}. * @throws SSLException If the server reply code does not equal {@code 200}. - * @throws IOException If an I/O error occurs while sending the command. + * @throws IOException If an I/O error occurs while sending the command. */ public void execPROT(String prot) throws SSLException, IOException { if (prot == null) { @@ -547,7 +547,7 @@ public void execPROT(String prot) throws SSLException, IOException { * Extract the data from a reply with a prefix, e.g. PBSZ=1234 => 1234 * * @param prefix the prefix to find - * @param reply where to find the prefix + * @param reply where to find the prefix * @return the remainder of the string after the prefix, or null if the prefix was not present. */ private String extractPrefixedData(final String prefix, final String reply) { @@ -648,8 +648,8 @@ protected String getProtocol() { } /** - * Gets the protocol versions. The {@link #getEnabledProtocols()} method gets the value from the socket while - * this method gets its value from this instance's config. + * Gets the protocol versions. The {@link #getEnabledProtocols()} method gets the value from the socket while this method gets its value from this + * instance's config. * @since 3.11.0 * @return a clone of the protocols, may be null */ @@ -658,8 +658,8 @@ protected String[] getProtocols() { } /** - * Gets the cipher suites. The {@link #getEnabledCipherSuites()} method gets the value from the socket while - * this method gets its value from this instance's config. + * Gets the cipher suites. The {@link #getEnabledCipherSuites()} method gets the value from the socket while this method gets its value from this instance's + * config. * @since 3.11.0 * @return a clone of the suites, may be null */ @@ -713,8 +713,8 @@ private void initSslContext() throws IOException { } /** - * Gets the use client mode flag. The {@link #getUseClientMode()} method gets the value from the socket while - * this method gets its value from this instance's config. + * Gets the use client mode flag. The {@link #getUseClientMode()} method gets the value from the socket while this method gets its value from this + * instance's config. * @since 3.11.0 * @return True If the socket should start its first handshake in "client" mode. */ @@ -753,8 +753,8 @@ protected boolean isImplicit() { } /** - * Gets the need client auth flag. The {@link #getNeedClientAuth()} method gets the value from the socket while - * this method gets its value from this instance's config. + * Gets the need client auth flag. The {@link #getNeedClientAuth()} method gets the value from the socket while this method gets its value from this + * instance's config. * @since 3.11.0 * @return True if enabled, false if not. */ @@ -763,8 +763,8 @@ protected boolean isNeedClientAuth() { } /** - * Gets the want client auth flag. The {@link #getWantClientAuth()} method gets the value from the socket while - * this method gets its value from this instance's config. + * Gets the want client auth flag. The {@link #getWantClientAuth()} method gets the value from the socket while this method gets its value from this + * instance's config. * @since 3.11.0 * @return True if enabled, false if not. */ @@ -778,9 +778,9 @@ protected boolean isWantClientAuth() { * mode connections also cause a local PORT command to be issued. * * @param command The text representation of the FTP command to send. - * @param arg The arguments to the FTP command. If this parameter is set to null, then the command is sent with no argument. + * @param arg The arguments to the FTP command. If this parameter is set to null, then the command is sent with no argument. * @return A Socket corresponding to the established data connection. Null is returned if an FTP protocol error is reported at any point during the - * establishment and initialization of the connection. + * establishment and initialization of the connection. * @throws IOException If an I/O error occurs while either sending a command to the server or receiving a reply from the server. * @since 3.1 */ @@ -941,7 +941,7 @@ public byte[] parseADATReply(final String reply) { * * @param pbsz Protection Buffer Size. * @throws SSLException If the server reply code does not equal "200". - * @throws IOException If an I/O error occurs while sending the command. + * @throws IOException If an I/O error occurs while sending the command. * @return the negotiated value. * @see #execPBSZ(long) * @since 3.0 @@ -967,7 +967,7 @@ public long parsePBSZ(final long pbsz) throws SSLException, IOException { * * @param command The FTP command. * @return server reply. - * @throws IOException If an I/O error occurs while sending the command. + * @throws IOException If an I/O error occurs while sending the command. * @throws SSLException if a CCC command fails * @see org.apache.commons.net.ftp.FTP#sendCommand(String) */ @@ -1133,4 +1133,3 @@ protected void sslNegotiation() throws IOException { } } } - diff --git a/src/test/java/org/apache/commons/net/ftp/AbstractFtpsTest.java b/src/test/java/org/apache/commons/net/ftp/AbstractFtpsTest.java index 88d7553e7..6d785c6ce 100644 --- a/src/test/java/org/apache/commons/net/ftp/AbstractFtpsTest.java +++ b/src/test/java/org/apache/commons/net/ftp/AbstractFtpsTest.java @@ -19,14 +19,19 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; +import static org.junit.jupiter.api.Assertions.assertNotEquals; +import java.io.BufferedInputStream; import java.io.File; import java.io.IOException; +import java.io.InputStream; import java.net.SocketException; import java.net.URL; import java.time.Duration; +import java.util.Properties; import org.apache.commons.io.FileUtils; +import org.apache.commons.io.IOUtils; import org.apache.commons.io.output.NullOutputStream; import org.apache.commons.net.PrintCommandListener; import org.apache.ftpserver.FtpServer; @@ -56,6 +61,7 @@ public abstract class AbstractFtpsTest { private static int SocketPort; + private static int FZSocketPort = -1; private static FtpServer EmbeddedFtpServer; protected static final boolean IMPLICIT = false; protected static final long TEST_TIMEOUT = 10000; // individual test timeout @@ -72,6 +78,15 @@ protected static String getTestHomeDirectory(final String defaultHome) { return System.getProperty("test.basedir", defaultHome); } + protected static void initFZServer(String fzPropertiesResource) throws IOException { + final URL fzPropsResource = ClassLoader.getSystemClassLoader().getResource(fzPropertiesResource); + Properties prop = new Properties(); + try (InputStream in = fzPropsResource.openStream()) { + prop.load(in); + } + FZSocketPort = Integer.parseInt(prop.getProperty("filezillaserver.port")); + } + /** * Creates and starts an embedded Apache MINA FTP Server. * @@ -81,8 +96,8 @@ protected static String getTestHomeDirectory(final String defaultHome) { * @param defaultHome default home folder * @throws FtpException Thrown when the FTP classes cannot fulfill a request. */ - protected synchronized static void setupServer(final boolean implicit, final String userPropertiesResource, final String serverJksResourceResource, final String defaultHome) - throws FtpException { + protected synchronized static void setupServer(final boolean implicit, final String userPropertiesResource, final String serverJksResourceResource, + final String defaultHome) throws FtpException { if (EmbeddedFtpServer != null) { return; } @@ -196,6 +211,57 @@ protected FTPSClient loginClient() throws SocketException, IOException { return client; } + protected FTPSClient loginClientToFZ() throws SocketException, IOException { + trace(">>loginClientToFZ"); + assertNotEquals(FZSocketPort, -1, "initFZServer not called"); + final FTPSClient client = new FTPSClient(IMPLICIT); + if (ADD_LISTENER) { + client.addProtocolCommandListener(new PrintCommandListener(System.err)); + } + // + client.setControlKeepAliveReplyTimeout(null); + assertEquals(0, client.getControlKeepAliveReplyTimeoutDuration().getSeconds()); + client.setControlKeepAliveReplyTimeout(Duration.ofSeconds(60)); + assertEquals(60, client.getControlKeepAliveReplyTimeoutDuration().getSeconds()); + // + client.setControlKeepAliveTimeout(null); + assertEquals(0, client.getControlKeepAliveTimeoutDuration().getSeconds()); + client.setControlKeepAliveTimeout(Duration.ofSeconds(61)); + assertEquals(61, client.getControlKeepAliveTimeoutDuration().getSeconds()); + // + client.setDataTimeout(null); + assertEquals(0, client.getDataTimeout().getSeconds()); + client.setDataTimeout(Duration.ofSeconds(62)); + assertEquals(62, client.getDataTimeout().getSeconds()); + // + client.setEndpointCheckingEnabled(endpointCheckingEnabled); + client.connect("localhost", FZSocketPort); + // + assertClientCode(client); + assertEquals(FZSocketPort, client.getRemotePort()); + // + try { + // HACK: Without this sleep, the user command sometimes does not reach the ftpserver + // This only seems to affect GitHub builds, and only Java 11+ + Thread.sleep(200); // 100 seems to be not always enough + } catch (final InterruptedException ignore) { + // ignore + } + assertTrue(client.login("test", "test")); + assertClientCode(client); + // + client.setFileType(FTP.BINARY_FILE_TYPE); + assertClientCode(client); + // + client.execPBSZ(0); + assertClientCode(client); + // + client.execPROT("P"); + assertClientCode(client); + trace("<>testFileZillaTlsResume"); + retrieveFileOnFZ("/file.txt"); + trace("< Date: Fri, 31 Jan 2025 14:56:41 +0100 Subject: [PATCH 4/5] Test with Filezilla docker and external server for SSL Session reuse (with SNI) in passive mode. --- pom.xml | 138 ++++++-- .../commons/net/ftp/AbstractFtpsTest.java | 82 +---- .../net/ftp/FTPSClientIntegrationTest.java | 311 ++++++++++++++++++ .../net/ftp/FTPSClientSSLSessionReuse.java | 80 +++++ .../commons/net/ftp/FTPSClientTest.java | 8 - src/test/resources/logback.xml | 33 ++ .../resources/logging.properties} | 16 +- .../net/filezillaserver/conf/settings.xml | 202 ++++++++++++ .../conf/settings_filezilla-server.xml | 203 ++++++++++++ .../filezillaserver.properties | 17 +- 10 files changed, 950 insertions(+), 140 deletions(-) create mode 100644 src/test/java/org/apache/commons/net/ftp/FTPSClientIntegrationTest.java create mode 100644 src/test/java/org/apache/commons/net/ftp/FTPSClientSSLSessionReuse.java create mode 100644 src/test/resources/logback.xml rename src/{dockerfile/filezilla-server/dockerfile => test/resources/logging.properties} (64%) create mode 100644 src/test/resources/org/apache/commons/net/filezillaserver/conf/settings.xml create mode 100644 src/test/resources/org/apache/commons/net/filezillaserver/conf/settings_filezilla-server.xml diff --git a/pom.xml b/pom.xml index 6200b6e41..233e2775b 100644 --- a/pom.xml +++ b/pom.xml @@ -99,6 +99,30 @@ Supported protocols include Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Teln + + ch.qos.logback + logback-classic + 1.2.13 + test + + + org.slf4j + jul-to-slf4j + 1.7.32 + test + + + + org.bouncycastle + bctls-debug-jdk18on + 1.79 + test + org.junit.jupiter junit-jupiter-api @@ -204,9 +228,12 @@ Supported protocols include Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Teln org.apache.maven.plugins maven-surefire-plugin + ${skipUnitTests} **/*FunctionalTest.java **/POP3*Test.java + **/*IntegrationTest.java + **/*IT.java ${commons.net.trace_calls} @@ -214,6 +241,34 @@ Supported protocols include Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Teln + + + org.apache.maven.plugins + maven-failsafe-plugin + + + + integration-tests + integration-test + + integration-test + + + + verify-tests + verify + + verify + + + + + + + **/*IntegrationTest.java + + + maven-assembly-plugin @@ -385,41 +440,54 @@ Supported protocols include Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Teln - io.fabric8 - docker-maven-plugin - 0.38.1 - - - - filezilla-server - - ${project.basedir}/Dockerfile - - - - 21:21 - - - - - - - - start-docker-container - pre-integration-test - - start - - - - stop-docker-container - post-integration-test - - stop - - - - + io.fabric8 + docker-maven-plugin + 0.45.1 + + + + mguichar/filezilla-server + + + 21:21 + 14148:14148 + 49152:49152 + 49153:49153 + 49154:49154 + 49155:49155 + 49156:49156 + 49157:49157 + 49158:49158 + 49159:49159 + 49160:49160 + + + + target/test-classes/org/apache/commons/net/test-data:/usr/test + target/test-classes/org/apache/commons/net/filezillaserver/conf:/opt/filezilla-server/etc + + + + + + + + + start-docker-container + pre-integration-test + + start + + + + stop-docker-container + post-integration-test + + stop + + + + diff --git a/src/test/java/org/apache/commons/net/ftp/AbstractFtpsTest.java b/src/test/java/org/apache/commons/net/ftp/AbstractFtpsTest.java index 6d785c6ce..88d7553e7 100644 --- a/src/test/java/org/apache/commons/net/ftp/AbstractFtpsTest.java +++ b/src/test/java/org/apache/commons/net/ftp/AbstractFtpsTest.java @@ -19,19 +19,14 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; -import static org.junit.jupiter.api.Assertions.assertNotEquals; -import java.io.BufferedInputStream; import java.io.File; import java.io.IOException; -import java.io.InputStream; import java.net.SocketException; import java.net.URL; import java.time.Duration; -import java.util.Properties; import org.apache.commons.io.FileUtils; -import org.apache.commons.io.IOUtils; import org.apache.commons.io.output.NullOutputStream; import org.apache.commons.net.PrintCommandListener; import org.apache.ftpserver.FtpServer; @@ -61,7 +56,6 @@ public abstract class AbstractFtpsTest { private static int SocketPort; - private static int FZSocketPort = -1; private static FtpServer EmbeddedFtpServer; protected static final boolean IMPLICIT = false; protected static final long TEST_TIMEOUT = 10000; // individual test timeout @@ -78,15 +72,6 @@ protected static String getTestHomeDirectory(final String defaultHome) { return System.getProperty("test.basedir", defaultHome); } - protected static void initFZServer(String fzPropertiesResource) throws IOException { - final URL fzPropsResource = ClassLoader.getSystemClassLoader().getResource(fzPropertiesResource); - Properties prop = new Properties(); - try (InputStream in = fzPropsResource.openStream()) { - prop.load(in); - } - FZSocketPort = Integer.parseInt(prop.getProperty("filezillaserver.port")); - } - /** * Creates and starts an embedded Apache MINA FTP Server. * @@ -96,8 +81,8 @@ protected static void initFZServer(String fzPropertiesResource) throws IOExcepti * @param defaultHome default home folder * @throws FtpException Thrown when the FTP classes cannot fulfill a request. */ - protected synchronized static void setupServer(final boolean implicit, final String userPropertiesResource, final String serverJksResourceResource, - final String defaultHome) throws FtpException { + protected synchronized static void setupServer(final boolean implicit, final String userPropertiesResource, final String serverJksResourceResource, final String defaultHome) + throws FtpException { if (EmbeddedFtpServer != null) { return; } @@ -211,57 +196,6 @@ protected FTPSClient loginClient() throws SocketException, IOException { return client; } - protected FTPSClient loginClientToFZ() throws SocketException, IOException { - trace(">>loginClientToFZ"); - assertNotEquals(FZSocketPort, -1, "initFZServer not called"); - final FTPSClient client = new FTPSClient(IMPLICIT); - if (ADD_LISTENER) { - client.addProtocolCommandListener(new PrintCommandListener(System.err)); - } - // - client.setControlKeepAliveReplyTimeout(null); - assertEquals(0, client.getControlKeepAliveReplyTimeoutDuration().getSeconds()); - client.setControlKeepAliveReplyTimeout(Duration.ofSeconds(60)); - assertEquals(60, client.getControlKeepAliveReplyTimeoutDuration().getSeconds()); - // - client.setControlKeepAliveTimeout(null); - assertEquals(0, client.getControlKeepAliveTimeoutDuration().getSeconds()); - client.setControlKeepAliveTimeout(Duration.ofSeconds(61)); - assertEquals(61, client.getControlKeepAliveTimeoutDuration().getSeconds()); - // - client.setDataTimeout(null); - assertEquals(0, client.getDataTimeout().getSeconds()); - client.setDataTimeout(Duration.ofSeconds(62)); - assertEquals(62, client.getDataTimeout().getSeconds()); - // - client.setEndpointCheckingEnabled(endpointCheckingEnabled); - client.connect("localhost", FZSocketPort); - // - assertClientCode(client); - assertEquals(FZSocketPort, client.getRemotePort()); - // - try { - // HACK: Without this sleep, the user command sometimes does not reach the ftpserver - // This only seems to affect GitHub builds, and only Java 11+ - Thread.sleep(200); // 100 seems to be not always enough - } catch (final InterruptedException ignore) { - // ignore - } - assertTrue(client.login("test", "test")); - assertClientCode(client); - // - client.setFileType(FTP.BINARY_FILE_TYPE); - assertClientCode(client); - // - client.execPBSZ(0); - assertClientCode(client); - // - client.execPROT("P"); - assertClientCode(client); - trace("< + * To get our test cert to work on Java 11, this test must be run with: + *

+ * + * 
+ * -Djdk.tls.client.protocols="TLSv1.1"
+ *
+ *

+ * This test does the above programmatically. + *

+ */ +@RunWith(Parameterized.class) +public class FTPSClientIntegrationTest { + + private static final String FILEZILLA_PROPS_RES = "org/apache/commons/net/filezillaserver/filezillaserver.properties"; + private static final String LOGGING_PROPS_RES = "logging.properties"; + private static int FZSocketPort = -1; + private static String FZServerHost = ""; + + private static boolean UseExtFZServer = false; + private static String ExtFZServerHost = ""; + private static int ExtFZServerPort = -1; + + private static final boolean ADD_LISTENER = Boolean.parseBoolean(System.getenv("ADD_LISTENER")); + private final boolean endpointCheckingEnabled; + private static final boolean TRACE_CALLS = Boolean.parseBoolean(System.getenv("TRACE_CALLS")); + private static final long startTime = System.nanoTime(); + protected static final boolean IMPLICIT = false; + private static final Logger LOGGER = Logger.getLogger(FTPSClientIntegrationTest.class.getPackage().getName()); + protected static final long TEST_TIMEOUT = 10000; // individual test timeout + + // Configure java.util.logging for lib bouncy castle + // Redirect log to logback via org.slf4j.bridge.SLF4JBridgeHandler + // So, we can check log to see if session really resumed + static { + try { + LogManager logManager = LogManager.getLogManager(); + final URL logPropsFile = ClassLoader.getSystemClassLoader().getResource(LOGGING_PROPS_RES); + logManager.readConfiguration(logPropsFile.openStream()); + } catch (IOException exception) { + System.out.println("Cannot read configuration file " + LOGGING_PROPS_RES); + exception.printStackTrace(); + } + } + + protected void assertClientCode(final FTPSClient client) { + final int replyCode = client.getReplyCode(); + assertTrue(FTPReply.isPositiveCompletion(replyCode)); + } + + protected static void initFZServer(String fzPropertiesResource) throws IOException { + // Make a try to activate SNI (using a real hostname for control connection) + // with docker but don't work. +// Map hostAliases = new LinkedHashMap<>(); +// hostAliases.put("filezilla-server", "127.0.0.1"); +// +// // Installing the host resolvers +// HostResolutionRequestInterceptor.INSTANCE.install(new MappedHostResolver(hostAliases), +// // This is the system default resolving wrapper +// DefaultHostResolver.INSTANCE); + + final URL fzPropsResource = ClassLoader.getSystemClassLoader().getResource(fzPropertiesResource); + Properties prop = new Properties(); + try (InputStream in = fzPropsResource.openStream()) { + prop.load(in); + } + FZSocketPort = Integer.parseInt(prop.getProperty("filezillaserver.port")); + FZServerHost = prop.getProperty("filezillaserver.host"); + + UseExtFZServer = Boolean.valueOf(prop.getProperty("filezillaserver.external.enable")); + if (UseExtFZServer) { + ExtFZServerHost = prop.getProperty("filezillaserver.external.host"); + ExtFZServerPort = Integer.parseInt(prop.getProperty("filezillaserver.external.port")); + } + + } + + @BeforeClass + public static void setupServer() throws Exception { + initFZServer(FILEZILLA_PROPS_RES); + } + + @Parameters(name = "endpointCheckingEnabled={0}") + public static Boolean[] testConstructurData() { + return new Boolean[] { Boolean.FALSE, Boolean.TRUE }; + } + + public FTPSClientIntegrationTest(final boolean endpointCheckingEnabled) { + this.endpointCheckingEnabled = endpointCheckingEnabled; + } + + protected static void trace(final String msg) { + if (TRACE_CALLS) { + System.err.println(msg + " " + (System.nanoTime() - startTime)); + } + } + + // Only passive mode tested + protected FTPSClient loginClientTo(String hostname, int port, boolean withSSLSessionReuse) throws Exception { + trace(">>loginClientTo"); + LOGGER.fine("Server " + FZServerHost); + LOGGER.fine("Port " + FZSocketPort); + FTPSClient client = null; + if (withSSLSessionReuse) { + client = new FTPSClientSSLSessionReuse(IMPLICIT); + } else { + client = new FTPSClient(IMPLICIT); + } + if (ADD_LISTENER) { + client.addProtocolCommandListener(new PrintCommandListener(System.err)); + } + + // HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> true); + + // + client.setControlKeepAliveReplyTimeout(null); + assertEquals(0, client.getControlKeepAliveReplyTimeoutDuration().getSeconds()); + client.setControlKeepAliveReplyTimeout(Duration.ofSeconds(60)); + assertEquals(60, client.getControlKeepAliveReplyTimeoutDuration().getSeconds()); + // + client.setControlKeepAliveTimeout(null); + assertEquals(0, client.getControlKeepAliveTimeoutDuration().getSeconds()); + client.setControlKeepAliveTimeout(Duration.ofSeconds(61)); + assertEquals(61, client.getControlKeepAliveTimeoutDuration().getSeconds()); + // + client.setDataTimeout(null); + assertEquals(0, client.getDataTimeout().getSeconds()); + client.setDataTimeout(Duration.ofSeconds(62)); + assertEquals(62, client.getDataTimeout().getSeconds()); + + client.setUseClientMode(true); + // + client.setEndpointCheckingEnabled(endpointCheckingEnabled); + client.connect(hostname, port); + // + assertClientCode(client); + assertEquals(port, client.getRemotePort()); + // + try { + // HACK: Without this sleep, the user command sometimes does not reach the ftpserver + // This only seems to affect GitHub builds, and only Java 11+ + Thread.sleep(200); // 100 seems to be not always enough + } catch (final InterruptedException ignore) { + // ignore + } + assertTrue(client.login("test", "test")); + assertClientCode(client); + // + client.setFileType(FTP.BINARY_FILE_TYPE); + assertClientCode(client); + // + client.execPBSZ(0); + assertClientCode(client); + // + client.execPROT("P"); + assertClientCode(client); + // + // Only passive mode tested + client.enterLocalPassiveMode(); + + trace("<>loginClientToFZ"); + assertNotEquals(FZSocketPort, -1, "initFZServer not called"); + final FTPSClient client = loginClientTo(FZServerHost, FZSocketPort, withSSLSessionReuse); + trace("< client.retrieveFile(pathname, NullOutputStream.INSTANCE)); + } + } finally { + client.disconnect(); + } + } + + @Test(timeout = TEST_TIMEOUT) + public void testFileZillaTlsResume() throws Exception { + trace(">>testFileZillaTlsResume"); + retrieveFile("/file.txt", true); + trace("<>testFileZillaNoTlsResume"); + final FTPSClient client = loginClientToFZ(false); + try { + // Do it twice. + // Just testing that we are not getting an SSL error (the file MUST be present). + assertFalse("/file.txt", client.retrieveFile("/file.txt", NullOutputStream.INSTANCE)); + assertFalse("/file.txt", client.retrieveFile("/file.txt", NullOutputStream.INSTANCE)); + } finally { + client.disconnect(); + } + trace("<>testExtFileZillaServerForSNI"); + retrieveFileOnExtServer("/file.txt", true); + trace("<>testExtFileZillaServerNoSNI"); + retrieveFileOnExtServer("/file.txt", false); + trace("<>testFileZillaTlsResume"); - retrieveFileOnFZ("/file.txt"); - trace("< + + + + %d{yyyy-MM-dd HH:mm:ss} %-5level %logger{36} - %msg%n + + + + + + + + + + + \ No newline at end of file diff --git a/src/dockerfile/filezilla-server/dockerfile b/src/test/resources/logging.properties similarity index 64% rename from src/dockerfile/filezilla-server/dockerfile rename to src/test/resources/logging.properties index c88096c5d..9f5c93e81 100644 --- a/src/dockerfile/filezilla-server/dockerfile +++ b/src/test/resources/logging.properties @@ -15,17 +15,5 @@ # specific language governing permissions and limitations # under the License. -# Utiliser une image de base Debian ou Ubuntu -FROM ubuntu:latest - -# Installer les mises à jour et FileZilla Server -RUN apt-get update && \ - apt-get install -y filezilla && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* - -# Exposer le port par défaut de FileZilla Server -EXPOSE 21 - -# Commande pour démarrer FileZilla Server (remplacez cette commande avec la commande appropriée pour démarrer le serveur) -CMD ["filezilla-server"] +handlers = org.slf4j.bridge.SLF4JBridgeHandler +.level=FINEST diff --git a/src/test/resources/org/apache/commons/net/filezillaserver/conf/settings.xml b/src/test/resources/org/apache/commons/net/filezillaserver/conf/settings.xml new file mode 100644 index 000000000..7df8d5b2c --- /dev/null +++ b/src/test/resources/org/apache/commons/net/filezillaserver/conf/settings.xml @@ -0,0 +1,202 @@ + + + + + + + + + + + + 1 + + 9223372036854775807 + + 15 + + 0 + + false + + false + + + + + + + 300000 + + 0 + + 0 + + + + + 0 + + -1 + + -1 + + + + + 60000 + + 3600000 + + + + + + +
0.0.0.0
+ 21 + 2 + + +
::
+ 21 + 2 + + + + + + + + + true + + + + 49152 + + 49160 + + + + + + + -----BEGIN EC PRIVATE KEY----- +MHcCAQEEIHrmnc8p/0SjT2aZEK2h9hoO0CHadEF8PMt36MhOkv+woAoGCCqGSM49 +AwEHoUQDQgAEhy4e3BORejV3n4lg1I+NeS4zQKhxk7/M9a/8Z5VWC7PJVWtb+Zjq +J6PQLO9FMgYE0bP4UKkRb0CaGYvwExvX6A== +-----END EC PRIVATE KEY----- + + + + -----BEGIN CERTIFICATE----- +MIIBSjCB8KADAgECAhTRYlWUGps1ZPgAQ/XJXOtLyxQ0pDAKBggqhkjOPQQDAjAU +MRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMjUwMTMxMTAzMzE1WhcNMjYwMjAxMTAz +ODE1WjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMB +BwNCAASHLh7cE5F6NXefiWDUj415LjNAqHGTv8z1r/xnlVYLs8lVa1v5mOono9As +70UyBgTRs/hQqRFvQJoZi/ATG9fooyAwHjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0T +AQH/BAIwADAKBggqhkjOPQQDAgNJADBGAiEA02yK+o42pFyVjDHRKQUiN8zK9hEc +cTlFYCefw0CrT34CIQC0S07ZLWDSXLLQEMHRfmFVeHRIYP51XxOK+6BWvehE5Q== +-----END CERTIFICATE----- + + + + + + + + + + + + + + 300000 + + 1296000000 + + 15000 + + 30000 + + + + + + + 14148 + true + +
0.0.0.0
+ 14148 + true + + +
::
+ 14148 + true + + + IVUV2eYKYKRFW2rZX0AEJWuZPp5BeNKX+YEXI8susmo + 1b92/rHKRi3Q8utZI8gugyUNKKHFRfdqo9ySdpEu0bs + 100000 + + + + + -----BEGIN EC PRIVATE KEY----- +MHcCAQEEIAaSQdoEL4PbTqzb4KY3ZOF71mSIrBdFWZx7m9ra4FIDoAoGCCqGSM49 +AwEHoUQDQgAES9fGv8Yp05XUU483Xxnc17VuE7VsHXFd2vdi2NyhMRNLZowT8qlS +ANnG7LFfhTmcS+vJ7pavBPYV9HdKUfy0og== +-----END EC PRIVATE KEY----- + + + -----BEGIN CERTIFICATE----- +MIIBiDCCAS6gAwIBAgIUoF7wXnXF9PXDHwqZVLPjWedGhUYwCgYIKoZIzj0EAwIw +MzExMC8GA1UEAxMoZmlsZXppbGxhLXNlcnZlciBzZWxmIHNpZ25lZCBjZXJ0aWZp +Y2F0ZTAeFw0yNTAxMTcwOTAyNTVaFw0yNjAxMTgwOTA3NTVaMDMxMTAvBgNVBAMT +KGZpbGV6aWxsYS1zZXJ2ZXIgc2VsZiBzaWduZWQgY2VydGlmaWNhdGUwWTATBgcq +hkjOPQIBBggqhkjOPQMBBwNCAARL18a/xinTldRTjzdfGdzXtW4TtWwdcV3a92LY +3KExE0tmjBPyqVIA2cbssV+FOZxL68nulq8E9hX0d0pR/LSioyAwHjAOBgNVHQ8B +Af8EBAMCBaAwDAYDVR0TAQH/BAIwADAKBggqhkjOPQQDAgNIADBFAiEA6wDLKiIC +ko0Plie8tYfIsH32JcOnU0Uw0F1ssGQYSOkCIGBe0G7hUEWOZW9X0DEs7E5BGchP +gAdv9Rivb4uwoBi+ +-----END CERTIFICATE----- + + + + + + + + + + + + + + 0 + 604800000 + + + + + + + diff --git a/src/test/resources/org/apache/commons/net/filezillaserver/conf/settings_filezilla-server.xml b/src/test/resources/org/apache/commons/net/filezillaserver/conf/settings_filezilla-server.xml new file mode 100644 index 000000000..d91044996 --- /dev/null +++ b/src/test/resources/org/apache/commons/net/filezillaserver/conf/settings_filezilla-server.xml @@ -0,0 +1,203 @@ + + + + + + + + + + + + 1 + + 9223372036854775807 + + 15 + + 0 + + false + + false + + + + + + + 300000 + + 0 + + 0 + + + + + 0 + + -1 + + -1 + + + + + 60000 + + 3600000 + + + + + + +
0.0.0.0
+ 21 + 2 + + +
::
+ 21 + 2 + + + + + + + + + true + + + + 49152 + + 49160 + + + + + + + -----BEGIN EC PRIVATE KEY----- +MHgCAQEEIQD6DEpLcmisEIpl5zh6R2cgPRRUkUGNNFB2hqywH1zxlqAKBggqhkjO +PQMBB6FEA0IABIWdR7RYqnF6ygAIlj/w/3G/D5hyQ9DCkBkZmauknS6I8JkMvWqk +7DGF4FmN931V7+/tOWJNzEGfO8rnsErmqso= +-----END EC PRIVATE KEY----- + + + + -----BEGIN CERTIFICATE----- +MIIBVzCB/qADAgECAhTMl4SxTF8JmJ3F09VSmO+WIuPZ9TAKBggqhkjOPQQDAjAb +MRkwFwYDVQQDExBmaWxlemlsbGEtc2VydmVyMB4XDTI1MDEyMDE1Mjk0N1oXDTI2 +MDEyMTE1MzQ0N1owGzEZMBcGA1UEAxMQZmlsZXppbGxhLXNlcnZlcjBZMBMGByqG +SM49AgEGCCqGSM49AwEHA0IABIWdR7RYqnF6ygAIlj/w/3G/D5hyQ9DCkBkZmauk +nS6I8JkMvWqk7DGF4FmN931V7+/tOWJNzEGfO8rnsErmqsqjIDAeMA4GA1UdDwEB +/wQEAwIFoDAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0gAMEUCIQCFH1HewfMo +1NMxzYIFPV1uZpT+3qAg9+lBw9a8268MfwIgYg9GGu8lhP5lpMu7jOowJmtcDYeX +cSfSt2iB8lyLtf0= +-----END CERTIFICATE----- + + + + + + + + + + + + + + 300000 + + 1296000000 + + 15000 + + 30000 + + + + + + + 14148 + true + +
0.0.0.0
+ 14148 + true + + +
::
+ 14148 + true + + + IVUV2eYKYKRFW2rZX0AEJWuZPp5BeNKX+YEXI8susmo + 1b92/rHKRi3Q8utZI8gugyUNKKHFRfdqo9ySdpEu0bs + 100000 + + + + + -----BEGIN EC PRIVATE KEY----- +MHcCAQEEIAaSQdoEL4PbTqzb4KY3ZOF71mSIrBdFWZx7m9ra4FIDoAoGCCqGSM49 +AwEHoUQDQgAES9fGv8Yp05XUU483Xxnc17VuE7VsHXFd2vdi2NyhMRNLZowT8qlS +ANnG7LFfhTmcS+vJ7pavBPYV9HdKUfy0og== +-----END EC PRIVATE KEY----- + + + -----BEGIN CERTIFICATE----- +MIIBiDCCAS6gAwIBAgIUoF7wXnXF9PXDHwqZVLPjWedGhUYwCgYIKoZIzj0EAwIw +MzExMC8GA1UEAxMoZmlsZXppbGxhLXNlcnZlciBzZWxmIHNpZ25lZCBjZXJ0aWZp +Y2F0ZTAeFw0yNTAxMTcwOTAyNTVaFw0yNjAxMTgwOTA3NTVaMDMxMTAvBgNVBAMT +KGZpbGV6aWxsYS1zZXJ2ZXIgc2VsZiBzaWduZWQgY2VydGlmaWNhdGUwWTATBgcq +hkjOPQIBBggqhkjOPQMBBwNCAARL18a/xinTldRTjzdfGdzXtW4TtWwdcV3a92LY +3KExE0tmjBPyqVIA2cbssV+FOZxL68nulq8E9hX0d0pR/LSioyAwHjAOBgNVHQ8B +Af8EBAMCBaAwDAYDVR0TAQH/BAIwADAKBggqhkjOPQQDAgNIADBFAiEA6wDLKiIC +ko0Plie8tYfIsH32JcOnU0Uw0F1ssGQYSOkCIGBe0G7hUEWOZW9X0DEs7E5BGchP +gAdv9Rivb4uwoBi+ +-----END CERTIFICATE----- + + + + + + + + + + + + + + 0 + 604800000 + + + + + + + diff --git a/src/test/resources/org/apache/commons/net/filezillaserver/filezillaserver.properties b/src/test/resources/org/apache/commons/net/filezillaserver/filezillaserver.properties index 8b84702b5..1af2a84bb 100644 --- a/src/test/resources/org/apache/commons/net/filezillaserver/filezillaserver.properties +++ b/src/test/resources/org/apache/commons/net/filezillaserver/filezillaserver.properties @@ -15,8 +15,19 @@ # specific language governing permissions and limitations # under the License. -filezillaserver.port=221 +filezillaserver.port=21 +# Tried to use a hostname (other than localhost) to activate SNI but don't work... +# Test realised with HostResolutionRequestInterceptor of BurningWave library +# to give a hostname to docker filezilla server +# see FTPSClientIntegrationTest.initFZServer() +# Need another certificate in server configuration (with CN=filezilla-server) +# Use src\test\resources\org\apache\commons\net\filezillaserver\conf\settings_filezilla-server.xml +# filezillaserver.host=filezila-server +filezillaserver.host=localhost # password is "test" -ftpserver.user.test.userpassword=098f6bcd4621d373cade4e832627b4f6 -ftpserver.user.test.homedirectory=target/test-classes/org/apache/commons/net/test-data +filezillaserver.user.test.userpassword=098f6bcd4621d373cade4e832627b4f6 + +filezillaserver.external.enable=false +filezillaserver.external.host= +filezillaserver.external.port= From 5a8f477e6641f579ed6753cff86592880fcb49d7 Mon Sep 17 00:00:00 2001 From: Gary Gregory Date: Sun, 16 Feb 2025 09:38:42 -0500 Subject: [PATCH 5/5] Added EOL to end the file --- src/test/resources/logback.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/resources/logback.xml b/src/test/resources/logback.xml index 04f9f6a42..96fb8906a 100644 --- a/src/test/resources/logback.xml +++ b/src/test/resources/logback.xml @@ -30,4 +30,4 @@ - \ No newline at end of file +