I have implemented APACHE Mina server to connect to my local FTP client i.e. Command prompt, which is working fine. Now I want to send this FTP request i.e. FTP commands to an http proxy server (Apache http server) as an http request which will further connect to an FTP server.
I have used Apache common net FTPHTTP client class but I don't know how to implement the whole logic. Any link or example will be helpful.
My code is as follow:s
FTPClient ftpclient = new FTPHTTPClient("HTTPProxy",int port); //connecting to Apache HTTP server
boolean status = ftpclient.isConnected //This is returning me false
ftpclient.connect("FTPserver",int port); //connecting to FTP server
ftpclient.login("userId","userPassword"); //Login into FTP server
status = ftpclient.isConnected //This is returning me true
Is this connection is is an HTTP connection i.e. Http tunneling via Connect Http method ?
my exact requirement is :-
Ftp client <---> Ftp local server <----> Http server <---> Ftp server
Related
For the Apache MINA FTP Server SSL FILTER configuration : I tried everything and I read more than 50 posts on stackoverflow to find the error. But still no solution.
Problem Is that,
When the SSL Filter Enabled for the Apache MINA FTP, it is working on server side and at the Server Locally FileZilla Client Can Access to server over implicitSSL it works without problem.
I allowed the 21 port and passive ports over firewall for all ips.
But when the remote client wants to access to the server, SERVER getting request but session.write not works then MINA can not switch to USER exec, SO REMOTE client can not connect FTP server.
But when I disable implicitSSL mode on SERVER side, CLIENT can connect . SO, without SSL, Client Connect Remote SERVER. It is tricky But WHY, what is the problem.
If the problem is firewall , why the client connects when I disable implicitSSL.
If the CODE is or configuration is the problem, WHEN I enable implicitSSL =true, WHY local SERVER filezilla application can connect to server over implicitSSL.
**
Please help.
**
In HTTP CONNECT tunneling (see http://en.wikipedia.org/wiki/HTTP_tunnel for reference), the client/browser sends a CONNET method request instead of a client hello as in the direct https connection.
My question is can I force the browser to still send client hello if I put a simple port forwarder between the client and the destination server? Or what makes a browser know that it should send a CONNECT method request other than client hello when there is a HTTP proxy between?
sends a CONNET method request instead of a client hello
No. It first sends the CONNECT to let the proxy built a tunnel to the original server. Once the tunnel is established the normal SSL Handshake is done, i.e.
With CONNECT (i.e. proxy)
--- connect to proxy
>> CONNECT sslhost:port HTTP/1.0
<< HTTP/1.0 200 Connection established
--- everything from now own is transferred by the proxy to/from the target host
>> SSLClientHello
<< SSLServerHello
....
without CONNECT (no proxy)
--- direct connection to sslhost:port
>> SSLClientHello
<< SSLServerHello
....
Problem Description
Getting "javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake" error while sending SOAP request over Https URL
Environnent:
1) Weblogic 10.3.6.0.1
2) java version "1.6.0_31" Java(TM) SE Runtime Environnent (build 1.6.0_31-b04)
3) Https Server where posting the request is Jetty Server
Overview:
1) In previous release of application it was sending SOAP message to Server 1 over https URL
2) In current release we implemented new requirement where we are using Third party client jar which internally call third party https server
3) Third party client jar is setting up SSL certificate and posting the request. For SSL they are using 443 port and we have opened Proxy for their host server.
4) Now we have 2 third party servers where we are connecting over Https. Server 1 https port is 30042 and Server2 https port is 443.
Usecase Scenario for error:
1) Submit a request to server 1 over https, getting back response properly.
2) Submit a request to Server2 using Third party client jar through proxy server, getting back response properly.
3) Submit a request to server 1 over https, it failing with error “javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake”.
4) Submit a request to Server2 using Third party client jar , getting back response properly.
5) On server 1 it will always fail and we are not able to send SOAP message over Https
6) For Server 1 app is using SOAPConnection and URL API to post SOAPmessage over Https URL
7) For Server 2 app is using third party provided jar which internally opening the socket and writing on it
Error Codes
---------------------------------------------------
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
Recent Changes to this Environment
Currently we migrated our application from Solaris to Suse Lunix servers.
Processor specs
Linux onsrnasdfgpsdev1 2.6.32.54-0.3-default #1 SMP 2012-01-27 17:38:56 +0100 x86_64 x86_64 x86_64 GNU/Linux
Weblogic 10.3.6.01
java version "1.6.0_31" Java(TM) SE Runtime Environment (build 1.6.0_31-b04) Java HotSpot(TM) 64-Bit Server VM (build 20.6-b01, mixed mode)
Workaround
• For Server 1 connection if we create a raw Socket and set Host and Port(30042).
• The request is going fine.
• But if we use SOAPConnection or HttpsURLConnection the request are not going and throwing Handshake error
• If we use Http Url for Server1 everything works fine
If the Proxy is set using System Property in that case all the subsequent Https call will use that proxy even though your are not setting in your program, java do that internally.
In our case we want to access Server 1 without proxy and for server 2 we want proxy.
So when we were trying first time to access Server2 we were setting Proxy with system property, after that when we were trying to connect to server 1 it was failing coz the https request was going throught proxy and at our proxy server there was no policy set for server 1
Solutions:
1) Donot set proxy at system level, add at connection level
2) Add rule in proxy server for server 1, so both server 1 & 2 go through proxy
3) At runtime remove proxy from system property before calling server1 and after that set it again. So that Server 2 go through proxy.
Solutions will depend on conditions; choose which is suitable for you.
Thanks Bhanu Thapa
Let's say you want to perform an https request to a certain website but you have a proxy on the middle.
The aforesaid proxy doesn't look into the request but just relay all the traffic to the actual HTTPS server after the user-agent has used the HTTP CONNECT method (as in http://www.web-cache.com/Writings/Internet-Drafts/draft-luotonen-web-proxy-tunneling-01.txt).
Now my question is the following: after the proxy opens a SSL connection to the destination webserver, should it also upgrade the socket which handles the connection with the client to SSL as well? And if so, how would it forward packets to the server without sniffing the actual content?
What I mean here is that if the proxy actually reads data from SSL client socket and forwards them to SSL server socket, the data will be not encrypted to it.
The proxy has a plaintext connection open to the client, via which it received the CONNECT command. It opens a plaintext connection to the server. Thereafter it just copies bytes in both directions. The bytes coming from both client and server are SSL, so this works without the proxy knowing what's inside the ciphertext.
I just read over node-tls-proxy (http://code.google.com/p/node-tls-proxy/), a https proxy. I like the idea of it, but I'm not getting why this proxy needs a local http server (see the local-proxy.js script).
So I was wondering if this is necessary?
My idea of the proxy was actually like this: Client -> HTTPS Connection to trusted Server/Proxy -> Internets
In this case network sniffing between the Client and the Server wouldn't (hardly) be possible because it would be ssl encrypted.
Thanks,
Seb
If I get the idea correctly, the goal is to set up a "remote" proxy in a location that one trusts to be secure. Your client shall only communicate with this remote proxy using TLS, the remote proxy is then allowed to do the actual (no longer encrypted) HTTP requests.
What you do on the client side now is this: you configure the "local" proxy in your browser. Since you type "http://..." in your browser even when using the proxy, your browser will initiate an unencrypted HTTP connection to the local proxy first. Then the local proxy will open an encrypted TLS connection to the remote proxy and forward your request over a secured channel.
This means you need the local proxy for the purpose of "transforming" HTTP into HTTPS requests because your browser will dutifully only use HTTP when asked to make an actual HTTP request.