我有一个非常简单的Java 8项目(FTP服务器),它使用了Apache FTPS(Mina)服务器库(版本为1.1.1)。代码如下:
ListenerFactory factory = new ListenerFactory();
factory.setPort(2221);
// SSL config
SslConfigurationFactory ssl = new SslConfigurationFactory();
ssl.setKeystoreFile(new File("keystore.jks"));
ssl.setKeystorePassword("password");
// set the SSL configuration for the listener
factory.setSslConfiguration(ssl.createSslConfiguration());
factory.setImplicitSsl(true);
FtpServerFactory serverFactory = new FtpServerFactory();
// replace the default listener
serverFactory.addListener("default", factory.createListener());
//Configure user manager and set admin user
PropertiesUserManagerFactory userManagerFactory = new PropertiesUserManagerFactory();
userManagerFactory.setFile(new File("users.properties"));
UserManager userManager = userManagerFactory.createUserManager();
if (!userManager.doesExist("admin")) {
BaseUser user = new BaseUser();
user.setName("admin");
user.setPassword("password");
user.setEnabled(true);
user.setHomeDirectory(USER_HOME_DIR);
user.setAuthorities(Collections.<Authority>singletonList(new WritePermission()));
userManager.save(user);
}
serverFactory.setUserManager(userManager);
// start the server
FtpServer server = serverFactory.createServer();
server.start();
所需 Maven 依赖:
<dependency>
<groupId>org.apache.ftpserver</groupId>
<artifactId>ftpserver-core</artifactId>
<version>1.1.1</version>
</dependency>
简单创建自签名Keystore的方法:
keytool -genkey -keyalg RSA -alias self-signed -keystore keystore.jks -validity 360 -keysize 2048
我遵循官方指南编写了这段代码:https://mina.apache.org/ftpserver-project/embedding_ftpserver.html 如果我使用Java 8编译并运行这段代码,则我的FTPS服务器可以正常工作,我可以通过本地主机的localhost:2221访问该服务器,并使用用户名“admin”和密码“password”。从我的FTP客户端(我使用Filezilla)中,我可以看到TLS连接已成功建立。
如果我使用Java 11+(我尝试过11和15)编译并运行相同的代码,则会在我的FTP客户端中看到以下消息,并且目录列表会失败:
Status: Connecting to 127.0.0.1:2223...
Status: Connection established, initializing TLS...
Status: Verifying certificate...
Status: TLS connection established, waiting for welcome message...
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Command TYPE okay.
Command: PASV
Response: 227 Entering Passive Mode (127,0,0,1,225,229)
Command: MLSD
Response: 150 File status okay; about to open data connection.
Error: Received TLS alert from the server: User canceled (90)
Error: Could not read from transfer socket: ECONNABORTED - Connection aborted
Response: 226 Closing data connection.
Error: Failed to retrieve directory listing
以下是带有 VM 参数的完整应用程序日志:
2021-03-30 22:59:09.304 INFO 10557 --- [ main] com.example.ftp.demo.DemoApplication : Starting DemoApplication using Java 11.0.7 on Kara's-MBP with PID 10557 (...)
2021-03-30 22:59:09.306 INFO 10557 --- [ main] com.example.ftp.demo.DemoApplication : No active profile set, falling back to default profiles: default
2021-03-30 22:59:09.601 INFO 10557 --- [ main] com.example.ftp.demo.DemoApplication : Started DemoApplication in 0.487 seconds (JVM running for 1.046)
javax.net.ssl|DEBUG|01|main|2021-03-30 22:59:09.886 CEST|SSLCipher.java:438|jdk.tls.keyLimits: entry = AES/GCM/NoPadding KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472
2021-03-30 22:59:09.966 INFO 10557 --- [ main] o.a.ftpserver.impl.DefaultFtpServer : FTP server started
2021-03-30 22:59:24.393 INFO 10557 --- [ NioProcessor-3] o.a.f.listener.nio.FtpLoggingFilter : CREATED
2021-03-30 22:59:24.395 INFO 10557 --- [pool-3-thread-1] o.a.f.listener.nio.FtpLoggingFilter : OPENED
javax.net.ssl|DEBUG|1B|NioProcessor-3|2021-03-30 22:59:24.443 CEST|SSLCipher.java:1840|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE-countdown value = 137438953472
javax.net.ssl|DEBUG|1B|NioProcessor-3|2021-03-30 22:59:24.444 CEST|SSLCipher.java:1994|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE-countdown value = 137438953472
javax.net.ssl|DEBUG|1B|NioProcessor-3|2021-03-30 22:59:24.472 CEST|SSLCipher.java:1994|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE-countdown value = 137438953472
javax.net.ssl|DEBUG|1B|NioProcessor-3|2021-03-30 22:59:24.490 CEST|SSLCipher.java:1840|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE-countdown value = 137438953472
2021-03-30 22:59:24.493 INFO 10557 --- [pool-3-thread-1] o.a.f.listener.nio.FtpLoggingFilter : SENT: 220 Service ready for new user.
2021-03-30 22:59:24.501 INFO 10557 --- [pool-3-thread-1] o.a.f.listener.nio.FtpLoggingFilter : RECEIVED: USER admin
2021-03-30 22:59:24.503 INFO 10557 --- [pool-3-thread-1] o.a.f.listener.nio.FtpLoggingFilter : SENT: 331 User name okay, need password for admin.
2021-03-30 22:59:24.503 INFO 10557 --- [pool-3-thread-1] o.a.f.listener.nio.FtpLoggingFilter : RECEIVED: PASS *****
2021-03-30 22:59:24.505 INFO 10557 --- [pool-3-thread-1] org.apache.ftpserver.command.impl.PASS : Login success - admin
2021-03-30 22:59:24.505 INFO 10557 --- [pool-3-thread-1] o.a.f.listener.nio.FtpLoggingFilter : SENT: 230 User logged in, proceed.
2021-03-30 22:59:24.505 INFO 10557 --- [pool-3-thread-2] o.a.f.listener.nio.FtpLoggingFilter : RECEIVED: OPTS UTF8 ON
2021-03-30 22:59:24.506 INFO 10557 --- [pool-3-thread-2] o.a.f.listener.nio.FtpLoggingFilter : SENT: 200 Command OPTS okay.
2021-03-30 22:59:24.506 INFO 10557 --- [pool-3-thread-1] o.a.f.listener.nio.FtpLoggingFilter : RECEIVED: PBSZ 0
2021-03-30 22:59:24.506 INFO 10557 --- [pool-3-thread-1] o.a.f.listener.nio.FtpLoggingFilter : SENT: 200 Command PBSZ okay.
2021-03-30 22:59:24.507 INFO 10557 --- [pool-3-thread-2] o.a.f.listener.nio.FtpLoggingFilter : RECEIVED: PROT P
2021-03-30 22:59:24.508 INFO 10557 --- [pool-3-thread-2] o.a.f.listener.nio.FtpLoggingFilter : SENT: 200 Command PROT okay.
2021-03-30 22:59:24.508 INFO 10557 --- [pool-3-thread-1] o.a.f.listener.nio.FtpLoggingFilter : RECEIVED: OPTS MLST size;modify;type;
2021-03-30 22:59:24.509 INFO 10557 --- [pool-3-thread-1] o.a.f.listener.nio.FtpLoggingFilter : SENT: 200 Command OPTS okay.
2021-03-30 22:59:24.509 INFO 10557 --- [pool-3-thread-2] o.a.f.listener.nio.FtpLoggingFilter : RECEIVED: CWD /
2021-03-30 22:59:24.511 INFO 10557 --- [pool-3-thread-2] o.a.f.listener.nio.FtpLoggingFilter : SENT: 250 Directory changed to /
2021-03-30 22:59:24.511 INFO 10557 --- [pool-3-thread-2] o.a.f.listener.nio.FtpLoggingFilter : RECEIVED: TYPE I
2021-03-30 22:59:24.512 INFO 10557 --- [pool-3-thread-2] o.a.f.listener.nio.FtpLoggingFilter : SENT: 200 Command TYPE okay.
2021-03-30 22:59:24.512 INFO 10557 --- [pool-3-thread-1] o.a.f.listener.nio.FtpLoggingFilter : RECEIVED: PASV
2021-03-30 22:59:24.513 INFO 10557 --- [pool-3-thread-1] o.a.f.listener.nio.FtpLoggingFilter : SENT: 227 Entering Passive Mode (127,0,0,1,226,235)
2021-03-30 22:59:24.513 INFO 10557 --- [pool-3-thread-2] o.a.f.listener.nio.FtpLoggingFilter : RECEIVED: MLSD
javax.net.ssl|DEBUG|1D|pool-3-thread-2|2021-03-30 22:59:24.526 CEST|SSLCipher.java:1840|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE-countdown value = 137438953472
javax.net.ssl|DEBUG|1D|pool-3-thread-2|2021-03-30 22:59:24.527 CEST|SSLCipher.java:1994|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE-countdown value = 137438953472
javax.net.ssl|DEBUG|1D|pool-3-thread-2|2021-03-30 22:59:24.528 CEST|SSLCipher.java:1994|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE-countdown value = 137438953472
javax.net.ssl|DEBUG|1D|pool-3-thread-2|2021-03-30 22:59:24.529 CEST|SSLCipher.java:1840|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE-countdown value = 137438953472
javax.net.ssl|ALL|1D|pool-3-thread-2|2021-03-30 22:59:24.533 CEST|SSLSocketImpl.java:994|Closing output stream
javax.net.ssl|DEBUG|1D|pool-3-thread-2|2021-03-30 22:59:24.533 CEST|SSLSocketImpl.java:466|duplex close of SSLSocket
javax.net.ssl|DEBUG|1D|pool-3-thread-2|2021-03-30 22:59:24.534 CEST|SSLSocketImpl.java:1372|close the SSL connection (passive)
2021-03-30 22:59:24.535 WARN 10557 --- [pool-3-thread-2] org.apache.ftpserver.impl.PassivePorts : Releasing unreserved passive port: 58091
2021-03-30 22:59:24.535 INFO 10557 --- [pool-3-thread-2] o.a.f.listener.nio.FtpLoggingFilter : SENT: 150 File status okay; about to open data connection.
2021-03-30 22:59:24.535 INFO 10557 --- [pool-3-thread-2] o.a.f.listener.nio.FtpLoggingFilter : SENT: 226 Closing data connection.
此外,如果我从代码中删除SSL支持,在Java 11+的情况下,我的FTP服务器仍可以正常工作。
你们有人在使用Apache FTPS和Java 11+时遇到类似的问题吗?如果有,你们是如何找到解决方案的?