Pentaho

Hi Guys,

I am struggling with the Get a file FTPS step. I have configured the step and all the built-in checks are ok:

Test Connection button

Check folder button

But I cannot make the job download any file. The error looks like this


I have the same configuration that works perfectly on the Filezilla FTP client


Any Idea about what am I missing?

Thanks for your time

Best regards

------------------------------
Juan Sierra Pons
Systems Engineer
Juan Sierra Pons
------------------------------

I think this issue could be related with the SSL/TLS certificate as it is expired :(

I have imported using keytool the expired certificate just in case with no luck.

Filezilla client show a warning related the expired SSL/TLS certificate but allows you to ignore it and continue

Any Idea how to bypass this issue?

------------------------------
Juan Sierra Pons
Systems Engineer
Juan Sierra Pons
------------------------------

Original Message:
Sent: 10-11-2022 02:21
From: Juan Sierra Pons
Subject: [Get a file with FTPS] failling with Get a file with FTPS - java.net.SocketException: Socket is closed

Hi Guys,

I am struggling with the Get a file FTPS step. I have configured the step and all the built-in checks are ok:

Test Connection button

Check folder button

But I cannot make the job download any file. The error looks like this


I have the same configuration that works perfectly on the Filezilla FTP client


Any Idea about what am I missing?

Thanks for your time

Best regards

------------------------------
Juan Sierra Pons
Systems Engineer
Juan Sierra Pons
------------------------------

By using the SpoonConsole.bat instead I can get more logs:

2022/10/11 12:09:36 - Get a file with FTPS - Start of FTPS job entry
2022/10/11 12:09:36 - Get a file with FTPS - Opened FTPS connection to server [SERVER.com]
2022/10/11 12:09:36 - Get a file with FTPS - set passive FTPS connection mode
2022/10/11 12:09:36 - Get a file with FTPS - set timeout to 0
2022/10/11 12:09:36 - Get a file with FTPS - logged in with user USER
2022/10/11 12:09:36 - Get a file with FTPS - Current directory [/]
2022/10/11 12:09:36 - Get a file with FTPS - Changed to directory []
12:09:37,402 FATAL [SocketProvider] javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
at sun.security.ssl.SSLSocketImpl.handleEOF(SSLSocketImpl.java:1696) ~[?:?]
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1514) ~[?:?]
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1416) ~[?:?]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:456) ~[?:?]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:427) ~[?:?]
at org.ftp4che.io.SSLSupport.handshake(SSLSupport.java:108) ~[ftp4che-0.7.1.jar:?]
at org.ftp4che.io.SocketProvider.negotiate(SocketProvider.java:219) [ftp4che-0.7.1.jar:?]
at org.ftp4che.FTPConnection.initDataSocket(FTPConnection.java:1577) [ftp4che-0.7.1.jar:?]
at org.ftp4che.FTPConnection.getDirectoryListing(FTPConnection.java:775) [ftp4che-0.7.1.jar:?]
at org.pentaho.di.job.entries.ftpsget.ftp4che.SecureDataFTPConnection.getDirectoryListing(SecureDataFTPConnection.java:60) [kettle-engine-9.3.0.0-428.jar:9.3.0.0-428]
at org.pentaho.di.job.entries.ftpsget.FTPSConnection.getFileList(FTPSConnection.java:428) [kettle-engine-9.3.0.0-428.jar:9.3.0.0-428]
at org.pentaho.di.job.entries.ftpsget.JobEntryFTPSGet.downloadFiles(JobEntryFTPSGet.java:833) [kettle-engine-9.3.0.0-428.jar:9.3.0.0-428]
at org.pentaho.di.job.entries.ftpsget.JobEntryFTPSGet.execute(JobEntryFTPSGet.java:799) [kettle-engine-9.3.0.0-428.jar:9.3.0.0-428]
at org.pentaho.di.job.Job.execute(Job.java:703) [kettle-engine-9.3.0.0-428.jar:9.3.0.0-428]
at org.pentaho.di.job.Job.execute(Job.java:844) [kettle-engine-9.3.0.0-428.jar:9.3.0.0-428]
at org.pentaho.di.job.Job.execute(Job.java:513) [kettle-engine-9.3.0.0-428.jar:9.3.0.0-428]
at org.pentaho.di.job.Job.run(Job.java:393) [kettle-engine-9.3.0.0-428.jar:9.3.0.0-428]
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:483) ~[?:?]
at sun.security.ssl.SSLSocketInputRecord.readHeader(SSLSocketInputRecord.java:472) ~[?:?]
at sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:160) ~[?:?]
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:111) ~[?:?]
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506) ~[?:?]
... 15 more
2022/10/11 12:09:37 - Get a file with FTPS - ERROR (version 9.3.0.0-428, build 9.3.0.0-428 from 2022-04-12 04.56.25 by buildguy) : Error getting files from FTPS :
2022/10/11 12:09:37 - Get a file with FTPS - java.net.SocketException: Socket is closed
2022/10/11 12:09:37 - Get a file with FTPS - Socket is closed
2022/10/11 12:09:37 - Get a file with FTPS - ERROR (version 9.3.0.0-428, build 9.3.0.0-428 from 2022-04-12 04.56.25 by buildguy) : Error quiting FTPS connection: null
2022/10/11 12:09:37 - Get a file with FTPS - =======================================
2022/10/11 12:09:37 - Get a file with FTPS - Nr errors : 1
2022/10/11 12:09:37 - Get a file with FTPS - Nr files downloaded : 0
2022/10/11 12:09:37 - Get a file with FTPS - =======================================
2022/10/11 12:09:37 - PruebaFTPSXXXXX - Finished job entry [Get a file with FTPS] (result=[false])

Definitely is an certificate issue.

Any idea how to ignore the warning and proceed? This FTPs is soon to be migrated to another solution so it is a temporary solution

Thanks for your time

------------------------------
Juan Sierra Pons
Systems Engineer
Juan Sierra Pons
------------------------------

Original Message:
Sent: 10-11-2022 03:48
From: Juan Sierra Pons
Subject: [Get a file with FTPS] failling with Get a file with FTPS - java.net.SocketException: Socket is closed

I think this issue could be related with the SSL/TLS certificate as it is expired :(

I have imported using keytool the expired certificate just in case with no luck.

Filezilla client show a warning related the expired SSL/TLS certificate but allows you to ignore it and continue

Any Idea how to bypass this issue?

------------------------------
Juan Sierra Pons
Systems Engineer
Juan Sierra Pons

Original Message:
Sent: 10-11-2022 02:21
From: Juan Sierra Pons
Subject: [Get a file with FTPS] failling with Get a file with FTPS - java.net.SocketException: Socket is closed

Hi Guys,

I am struggling with the Get a file FTPS step. I have configured the step and all the built-in checks are ok:

Test Connection button

Check folder button

But I cannot make the job download any file. The error looks like this


I have the same configuration that works perfectly on the Filezilla FTP client


Any Idea about what am I missing?

Thanks for your time

Best regards

------------------------------
Juan Sierra Pons
Systems Engineer
Juan Sierra Pons
------------------------------

It is look at problem with version of JRE and used version TLS.

You can run Spoon with additional debug of SSL. Run Spoon with this additional system property -Djavax.net.debug=ssl,handshake or -Djavax.net.debug=all. More info is in Oracle docs.

------------------------------
Petr Prochazka
Systems Engineer
P.V.A. systems s.r.o.
------------------------------

Original Message:
Sent: 10-11-2022 06:15
From: Juan Sierra Pons
Subject: [Get a file with FTPS] failling with Get a file with FTPS - java.net.SocketException: Socket is closed

By using the SpoonConsole.bat instead I can get more logs:

2022/10/11 12:09:36 - Get a file with FTPS - Start of FTPS job entry
2022/10/11 12:09:36 - Get a file with FTPS - Opened FTPS connection to server [SERVER.com]
2022/10/11 12:09:36 - Get a file with FTPS - set passive FTPS connection mode
2022/10/11 12:09:36 - Get a file with FTPS - set timeout to 0
2022/10/11 12:09:36 - Get a file with FTPS - logged in with user USER
2022/10/11 12:09:36 - Get a file with FTPS - Current directory [/]
2022/10/11 12:09:36 - Get a file with FTPS - Changed to directory []
12:09:37,402 FATAL [SocketProvider] javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
at sun.security.ssl.SSLSocketImpl.handleEOF(SSLSocketImpl.java:1696) ~[?:?]
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1514) ~[?:?]
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1416) ~[?:?]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:456) ~[?:?]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:427) ~[?:?]
at org.ftp4che.io.SSLSupport.handshake(SSLSupport.java:108) ~[ftp4che-0.7.1.jar:?]
at org.ftp4che.io.SocketProvider.negotiate(SocketProvider.java:219) [ftp4che-0.7.1.jar:?]
at org.ftp4che.FTPConnection.initDataSocket(FTPConnection.java:1577) [ftp4che-0.7.1.jar:?]
at org.ftp4che.FTPConnection.getDirectoryListing(FTPConnection.java:775) [ftp4che-0.7.1.jar:?]
at org.pentaho.di.job.entries.ftpsget.ftp4che.SecureDataFTPConnection.getDirectoryListing(SecureDataFTPConnection.java:60) [kettle-engine-9.3.0.0-428.jar:9.3.0.0-428]
at org.pentaho.di.job.entries.ftpsget.FTPSConnection.getFileList(FTPSConnection.java:428) [kettle-engine-9.3.0.0-428.jar:9.3.0.0-428]
at org.pentaho.di.job.entries.ftpsget.JobEntryFTPSGet.downloadFiles(JobEntryFTPSGet.java:833) [kettle-engine-9.3.0.0-428.jar:9.3.0.0-428]
at org.pentaho.di.job.entries.ftpsget.JobEntryFTPSGet.execute(JobEntryFTPSGet.java:799) [kettle-engine-9.3.0.0-428.jar:9.3.0.0-428]
at org.pentaho.di.job.Job.execute(Job.java:703) [kettle-engine-9.3.0.0-428.jar:9.3.0.0-428]
at org.pentaho.di.job.Job.execute(Job.java:844) [kettle-engine-9.3.0.0-428.jar:9.3.0.0-428]
at org.pentaho.di.job.Job.execute(Job.java:513) [kettle-engine-9.3.0.0-428.jar:9.3.0.0-428]
at org.pentaho.di.job.Job.run(Job.java:393) [kettle-engine-9.3.0.0-428.jar:9.3.0.0-428]
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:483) ~[?:?]
at sun.security.ssl.SSLSocketInputRecord.readHeader(SSLSocketInputRecord.java:472) ~[?:?]
at sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:160) ~[?:?]
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:111) ~[?:?]
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506) ~[?:?]
... 15 more
2022/10/11 12:09:37 - Get a file with FTPS - ERROR (version 9.3.0.0-428, build 9.3.0.0-428 from 2022-04-12 04.56.25 by buildguy) : Error getting files from FTPS :
2022/10/11 12:09:37 - Get a file with FTPS - java.net.SocketException: Socket is closed
2022/10/11 12:09:37 - Get a file with FTPS - Socket is closed
2022/10/11 12:09:37 - Get a file with FTPS - ERROR (version 9.3.0.0-428, build 9.3.0.0-428 from 2022-04-12 04.56.25 by buildguy) : Error quiting FTPS connection: null
2022/10/11 12:09:37 - Get a file with FTPS - =======================================
2022/10/11 12:09:37 - Get a file with FTPS - Nr errors : 1
2022/10/11 12:09:37 - Get a file with FTPS - Nr files downloaded : 0
2022/10/11 12:09:37 - Get a file with FTPS - =======================================
2022/10/11 12:09:37 - PruebaFTPSXXXXX - Finished job entry [Get a file with FTPS] (result=[false])

Definitely is an certificate issue.

Any idea how to ignore the warning and proceed? This FTPs is soon to be migrated to another solution so it is a temporary solution

Thanks for your time

------------------------------
Juan Sierra Pons
Systems Engineer
Juan Sierra Pons

Original Message:
Sent: 10-11-2022 03:48
From: Juan Sierra Pons
Subject: [Get a file with FTPS] failling with Get a file with FTPS - java.net.SocketException: Socket is closed

I think this issue could be related with the SSL/TLS certificate as it is expired :(

I have imported using keytool the expired certificate just in case with no luck.

Filezilla client show a warning related the expired SSL/TLS certificate but allows you to ignore it and continue

Any Idea how to bypass this issue?

------------------------------
Juan Sierra Pons
Systems Engineer
Juan Sierra Pons

Original Message:
Sent: 10-11-2022 02:21
From: Juan Sierra Pons
Subject: [Get a file with FTPS] failling with Get a file with FTPS - java.net.SocketException: Socket is closed

Hi Guys,

I am struggling with the Get a file FTPS step. I have configured the step and all the built-in checks are ok:

Test Connection button

Check folder button

But I cannot make the job download any file. The error looks like this


I have the same configuration that works perfectly on the Filezilla FTP client


Any Idea about what am I missing?

Thanks for your time

Best regards

------------------------------
Juan Sierra Pons
Systems Engineer
Juan Sierra Pons
------------------------------

Did you make the certificate  trusted when you added it to the keystore?

Add

-Djavax.net.ssl.trustStore=/path/to/truststore
-Djavax.net.ssl.trustStorePassword=truststorepassword

to the start-pentaho.sh to point to the truststore and

-Djavax.net.debug=all

to get the (extremely verbose) logging output where you should be able to see the TLS exchange between Pentaho and the SFTP server


------------------------------
Andrew Cave
Systems Engineer
BizCubed Pty Ltd
Australia
------------------------------

Original Message:
Sent: 10-11-2022 03:48
From: Juan Sierra Pons
Subject: [Get a file with FTPS] failling with Get a file with FTPS - java.net.SocketException: Socket is closed

I think this issue could be related with the SSL/TLS certificate as it is expired :(

I have imported using keytool the expired certificate just in case with no luck.

Filezilla client show a warning related the expired SSL/TLS certificate but allows you to ignore it and continue

Any Idea how to bypass this issue?

------------------------------
Juan Sierra Pons
Systems Engineer
Juan Sierra Pons

Original Message:
Sent: 10-11-2022 02:21
From: Juan Sierra Pons
Subject: [Get a file with FTPS] failling with Get a file with FTPS - java.net.SocketException: Socket is closed

Hi Guys,

I am struggling with the Get a file FTPS step. I have configured the step and all the built-in checks are ok:

Test Connection button

Check folder button

But I cannot make the job download any file. The error looks like this


I have the same configuration that works perfectly on the Filezilla FTP client


Any Idea about what am I missing?

Thanks for your time

Best regards

------------------------------
Juan Sierra Pons
Systems Engineer
Juan Sierra Pons
------------------------------

Hi Juan,

IMHO you can not bypass verification of certificate by any system properties config only. If server is in your control generate new certificate or contact server admin.

I have only one idea. Change default SSL context to trust any certificate. But this is very dangerous because this changes context for all TLS connections in running JVM.

This is snippet in Groovy howto change default SSL context.

import javax.net.ssl.KeyManager
import javax.net.ssl.SSLContext
import javax.net.ssl.TrustManager
import javax.net.ssl.X509TrustManager
import java.security.cert.CertificateException
import java.security.cert.X509Certificate


def alwaysTrustManager = new X509TrustManager() {
  @Override
  void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
  }

  @Override
  void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
  }

  @Override
  X509Certificate[] getAcceptedIssuers() {
    return new X509Certificate[0]
  }
}

def context = SSLContext.getInstance('TLS')
context.init(new KeyManager[0], [alwaysTrustManager].toArray(new TrustManager[0]), null)
SSLContext.setDefault(context)

new URL('https://expired.badssl.com').openConnection().with {
  println it.inputStream.text
}

------------------------------
Petr Prochazka
Systems Engineer
P.V.A. systems s.r.o.
------------------------------

Original Message:
Sent: 10-11-2022 02:21
From: Juan Sierra Pons
Subject: [Get a file with FTPS] failling with Get a file with FTPS - java.net.SocketException: Socket is closed

Hi Guys,

I am struggling with the Get a file FTPS step. I have configured the step and all the built-in checks are ok:

Test Connection button

Check folder button

But I cannot make the job download any file. The error looks like this


I have the same configuration that works perfectly on the Filezilla FTP client


Any Idea about what am I missing?

Thanks for your time

Best regards

------------------------------
Juan Sierra Pons
Systems Engineer
Juan Sierra Pons
------------------------------