Several issues with the multi-protocol client

Question

I'm using the SecureFileTransferClient class because I need to write a Java client that supports both SFTP & FTPS (implicit & explicit), & this seemed like exactly what I need.  I'm using the latest pro version 5.2.5.  Here are my questions:

1. I would like to use the new function of specifying a minimum TLS version when using FTPS.  I can see the new method takes an int, but there is no online doc that explains what that int should be if I only want to accept TLSv1.1 or higher.  Can you tell me what that int should be?

2. Your online doc for using implicit FTPS says to do this:

   ftp.setImplicitFTPS(true);
   ftp.connect();
   ftp.auth(SSLFTPClient.PROT_PRIVATE);

   But how do I translate that series of commands when using the SecureFileTransferClient, which has no auth() method?  Heres what my code looks like so far:

   SecureFileTransferClient client=new SecureFileTransferClient();
   client.setProtocol(Protocol.FTPS_IMPLICIT);
   client.getAdvancedFTPSettings().setConnectMode(FTPConnectMode.PASV);
   client.getAdvancedSSLSettings().setSecurityMechanism(SSLFTPSecurityMechanism.AUTH_TLS);
   client.getAdvancedSSLSettings().setUseUnencryptedCommands(false);
   client.setServerValidationEnabled(false);

   So with server validation disabled, I need to execute the following command (after I connect to the server) in order for a file upload to work:
   client.executeCommand("PROT P");

   Is this really the correct way to get the SecureFileTransferClient class to encrypt the data channel?

   If server validation is enabled, then even that executeCommand() from above doesnt work when I try to upload a file (the server tells me a 'PROT P' is required, even though I executed that command prior to running client.uploadFile()).
   What am I missing here as I try to get implicit FTPS working using the SecureFileTransferClient class?

3. I'm having problems getting key-based auth to work when using SFTP.  The following sftp command uses a private key file to connect to a host without needing a password:
   sftp -i /users/wasadm/.ssh/id_wasadm_rsa foo@acme.com
   
   When I try to emulate that same command in Java, I get this error message:
   ERROR [TransportProtocolOutputStream] 3 Jul 2018 00:13:32.607 : sendMessage() failed: Socket closed (state=5)
   ERROR [ConnectTask] 3 Jul 2018 00:13:32.607 : 1:Connect[acme.com:22] failed : The host signature is invalid or the host key was not accepted!
   com.enterprisedt.net.ftp.ssh.SSHFTPKeyException: The host signature is invalid or the host key was not accepted!
   Here is my Java code:
   client.setProtocol(Protocol.SFTP);
   client.loadSSHServerValidation("/users/wasadm/.ssh/known_hosts");
   client.getAdvancedSSHSettings().setPrivateKeyFile("/users/wasadm/.ssh/id_wasadm_rsa");
   client.getAdvancedSSHSettings().setPortsInKnownHosts(true); //some hosts do not use the default port of 22
   client.getAdvancedSSHSettings().setAuthenticationType(SSHAuthenticationType.PUBLIC_KEY);
   
   Any idea why the same files used by the built-in sftp command do not work with your Java client?

Answer 1

1. See SSLFTPClient.SSLVersion.TLS_V1_1 (we'll amend the documentation as it is a bit hard to find).

2. You don't need to do anything other than this to set up implicit mode TLS. 

 SecureFileTransferClient client=new SecureFileTransferClient();
 client.setProtocol(Protocol.FTPS_IMPLICIT);
 client.setServerValidationEnabled(false);

The other commands are set internally.

3. I'm not sure. We'll need a debug log to find out, which is going a bit beyond what this forum is for. Please open a support ticket here.

Comments

I have a question about this method: client.createDirectory()

If the path string I pass in contains multiple path components, like "incoming/tickets/ID123456/logs", and none of those path components exist on the server, will this method create all those paths for me, or do I need to loop through all the path components and call createDirectory() on each one?

---

Can you please create this as a separate question? It should really be one issue per discussion thread.

---

It seems that I may have spoken too soon when I said that executing a 'PBSZ 0' followed by a 'PROT P' fixed that implicit FTPS issue.  It fails about half the time, & I don't know what else to look at (other than server logs, which I've put in a request for).  In the following log output, you can clearly see that both those commands are successfully executed on the server, & yet I still get the 'PROT P required' error from the server.

220-FileZilla Server 0.9.60 beta
220 Welcome to Acme FTPS
---> USER Acme
331 Password required for acme
---> PASS ********
230 Logged on
---> TYPE A
200 Type set to A
---> PWD
257 "/" is current directory.
---> PBSZ 0
200 PBSZ=0
---> NOOP
200 OK
---> TYPE A
200 Type set to A
---> PROT P
200 Protection level set to P
---> NOOP
200 OK
---> PWD
257 "/" is current directory.
---> CWD 45146,724,724
250 CWD successful. "/45146,724,724" is current directory.
---> CWD /
250 CWD successful. "/" is current directory.
---> NOOP
200 OK
---> CWD 45146,724,724
250 CWD successful. "/45146,724,724" is current directory.
---> PWD
257 "/45146,724,724" is current directory.

ERROR [FTPClient] 12 Jul 2018 16:38:18.612 : Failed to configure data socket:java.net.SocketTimeoutException: Read timed out
ERROR [FTPClient] 12 Jul 2018 16:38:18.614 : Caught and rethrowing exception in initPut() : PROT P required
com.enterprisedt.net.ftp.FTPException: 521 PROT P required
        at com.enterprisedt.net.ftp.FTPControlSocket.validateReply(FTPControlSocket.java:1330)
        at com.enterprisedt.net.ftp.FTPClient.initPut(FTPClient.java:2862)


Any ideas on what else to try?