I'm trying to connect to a z/OS system and get a list of datasets. When I do the listFiles() command, I get a 425 error. I looked up the error and the IBM site at https://www.ibm.com/support/knowledgecenter/SSLTBW_2.4.0/com.ibm.zos.v2r4.cs3cod0/ftp425-04.htm says
"The session is protected by a security mechanism and the protection level for the data connection is Clear. The minimum data connection protection required by the server is Safe or Private."
I am providing a password and I'm logging in with TLS and a certificate. If I add ftp.execPBSZ(0);ftp.execPROT("P"); it gives me an unrecognized SSL message. I've tried these before the login and after and it does not matter.
How can I execute ftp.listFiles(*) and get a valid list of files.
snippet from my pom.xml
<dependency>
<groupId>commons-net</groupId>
<artifactId>commons-net</artifactId>
<version>3.7</version>
</dependency>
My Java code:
private int testConnectivity(Configuration configuration) {
int systemExitCode = 0;
FTPSClient ftp;
try {
ftp = new FTPSClient(false, getSelfSignedCertificate(configuration));
try {
ftp.connect(configuration.getzOsStagingHostName(), configuration.getzOsStagingHostFtpPort());
logger.info(ftp.getReplyString());
int reply = ftp.getReplyCode();
logger.info("ftp.getReplyCode =" + reply);
if (!FTPReply.isPositiveCompletion(reply)) {
// Bad reply code.
ftp.disconnect();
logger.error("FTP server refused connection.");
ftp.disconnect();
} else {
logger.info("FTP: connected to " + configuration.getzOsStagingHostName() + ":"
+ configuration.getzOsStagingHostFtpPort());
ftp.enterLocalPassiveMode();
ftp.login(configuration.getzOsStagingUserId(), configuration.getzOsStagingUserPassword());
logger.info("Login completed
" + ftp.getStatus());
//(1)
//(1) ftp.execPBSZ(0);ftp.execPROT("P");
ftp.enterLocalPassiveMode();
logger.info("PWD=" + ftp.printWorkingDirectory());
ftp.enterLocalPassiveMode();
FTPFile[] ftpFiles = ftp.listFiles("*");
logger.info("REPLY after list: "+Arrays.stream(ftp.getReplyStrings()).collect(Collectors.joining("
")));
for (FTPFile file : ftpFiles) {
logger.info("FTP File: " + ftpFiles);
}
ftp.disconnect();
}
} catch (IOException e) {
logger.error("Error connecting to z/OS host" + configuration.getzOsStagingHostName() + ":"
+ configuration.getzOsStagingHostFtpPort(), e);
systemExitCode = 1;
}
} catch (KeyManagementException | CertificateException | KeyStoreException | NoSuchAlgorithmException
| IOException e1) {
systemExitCode = 1;
logger.error("An error occurred getting a certifcate for host", e1);
}
return systemExitCode;
}
private SSLContext getSelfSignedCertificate(Configuration configuration) throws CertificateException,
KeyStoreException, NoSuchAlgorithmException, IOException, KeyManagementException {
File crtFile = new File(configuration.getzOsStagingHostCertificateFileName());
Certificate certificate = CertificateFactory.getInstance("X.509")
.generateCertificate(new FileInputStream(crtFile));
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
keyStore.setCertificateEntry("server", certificate);
TrustManagerFactory trustManagerFactory = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
return sslContext;
}
Note. If I uncomment the lines marked with (1), I get
javax.net.ssl.SSLException: Unsupported or unrecognized SSL message
at sun.security.ssl.SSLSocketInputRecord.handleUnknownRecord(SSLSocketInputRecord.java:448) ~[?:1.8.0_271]
at sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:174) ~[?:1.8.0_271]
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:110) ~[?:1.8.0_271]
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1279) ~[?:1.8.0_271]
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1188) ~[?:1.8.0_271]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:401) ~[?:1.8.0_271]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:373) ~[?:1.8.0_271]
at org.apache.commons.net.ftp.FTPSClient._openDataConnection_(FTPSClient.java:642) ~[commons-net-3.7.jar:3.7]
at org.apache.commons.net.ftp.FTPClient._openDataConnection_(FTPClient.java:790) ~[commons-net-3.7.jar:3.7]
at org.apache.commons.net.ftp.FTPClient.initiateListParsing(FTPClient.java:3456) ~[commons-net-3.7.jar:3.7]
at org.apache.commons.net.ftp.FTPClient.initiateListParsing(FTPClient.java:3386) ~[commons-net-3.7.jar:3.7]
at org.apache.commons.net.ftp.FTPClient.listFiles(FTPClient.java:3063) ~[commons-net-3.7.jar:3.7]
at com.mycompany.myprod.sprint.App.testConnectivity(App.java:215) [classes/:?]
at com.mycompany.myprod.sprint.App.<init>(App.java:90) [classes/:?]
at com.mycompany.myprod.sprint.App.main(App.java:65) [classes/:?]
question from:
https://stackoverflow.com/questions/65650910/why-does-my-ftp-list-returning-error-reply-code-425 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
