HTTP/SOCKS Proxy support through SFTP protocol has been removed

[Tqup3]

In what version(s) of Spring Integration are you seeing this issue?

6.0.2

Describe the bug

Unable to connect through a HTTP/SOCKS proxy to a (S)FTP server anymore because "setProxy(...)" method in class DefaultSftpSessionFactory has been removed during the MINA migration (https://github.com/spring-projects/spring-integration/commit/4aa2f91bd9ae023a59cc2e9eb5622420cf0a038e#diff-cf4cad9de8156c5ff3155fa553b9e01af9d0a62a128dc58858f6ee62fcc14cbe)

Expected behavior

Be able to connect to a FTP server (protocol SFTP) through a HTTP/SOCKS proxy. (ProxyJump is not the same thing, I think)

[artembilan]

See this one for more info: #3988

And then this one: apache/mina-sshd#309.

I see that there is a org.apache.sshd.common.forward.SocksProxy and respective SshClient.addPortForwardingEventListener(PortForwardingEventListener listener), but not fully clear how to wire all of them together.
This sample does something on the matter, but it is not fully clear (at least for me) what is going on: https://github.com/ankitkatiyar91/java-framework-examples/blob/master/java-tunneling/src/main/java/mina/TunnelMina.java.

If you are familiar with this SOCKS feature, we are OK for contribution to make respective fix in the DefaultSftpSessionFactory.

[Tqup3]

Hello Artem,

Many thanks for your fast answer.
I'm sorry I missed the issue you mentioned above.

My requirement is mainly about the HTTP Proxy (using CONNECT method).
I just made some queries about Apache MINA and proxy feature and I conclude that Apache MINA doesn't support connection through proxies and I think Proxy implementation should not be in spring integration sftp project if the underlying library doesn't support that.
But it still remains a big regression.

I found 2 differents ways to manage proxy but I'm not an expert with this.

• In HostConfigEntry, we can add something like "ProxyCommand connect my.proxy.fr:8080 %h %p" but I think it's not read by MINA after doing some tests on my side. But in the real ssh_config file, it's an existing feature.
• In Jsch source code I found the following in HTTPProxy.class (simplified and with some added comments) :

public void connect(SocketFactory socket_factory, String host, int port, int timeout) {
        socket=Util.createSocket(proxy_host, proxy_port, timeout); // Just create a socket to the proxy
        in=socket.getInputStream();
        out=socket.getOutputStream();
        out.write(Util.str2byte("CONNECT "+host+":"+port+" HTTP/1.0\r\n")); // Send the connect command to the proxy
        if(user!=null && passwd!=null) { // If authentication, just pass : Proxy-Authorization: Basic **Base64(user:password)**
  	        byte[] code=Util.str2byte(user+":"+passwd);
        	code=Util.toBase64(code, 0, code.length);
	        out.write(Util.str2byte("Proxy-Authorization: Basic "));
        	out.write(code);
	        out.write(Util.str2byte("\r\n"));
      }

      out.write(Util.str2byte("\r\n"));
      out.flush();
}

1/ Connect to proxy with simple TCP Socket.
2/ Send "CONNECT FtpPHost:FtpPort HTTP/1.0 (May be HTTP/1.1 works directly)
3/ If auth needed on proxy : send a Basic authentication on Proxy-Authorization header.

As I'm migrating my project to Spring Boot 3, I have so many other regressions to fix, I temporarly downgrade to the spring integration sftp v5.5.15 (last version with Jsch).

It would be a real pleasure to contribute to the project within the limits of my skills and my time ;)

[artembilan]

See this comment from MINA contributors: apache/mina-sshd#309 (comment).

The DefaultSftpSessionFactory can be supplied with an external client:

	/**
	 * Intended for use in tests so the MINA SSHD can be mocked.
	 * @param sshClient The SshClient instance.
	 * @param isSharedSession true if the session is to be shared.
	 */
	public DefaultSftpSessionFactory(SshClient sshClient, boolean isSharedSession) {

So, probably that jGit solution may help you somehow as an interim workaround.

[Tqup3]

Indeed, I missed this constructor.
Will try when I have time.
Do you want a contribution if it's a success (only for HTTP Proxy) or do you prefer let this implementation to MINA ?

[artembilan]

Well, it depends how much effort it will take to implement such a customization in the DefaultSftpSessionFactory if we won't agree that external SshClient is not enough for Spring integration to work.

[artembilan]

See the last comment in the mentioned MINA issue: apache/mina-sshd#309 (comment)

The sample is pretty clear:

		JGitSshClient client = (JGitSshClient) ClientBuilder.builder().factory(JGitSshClient::new).build();
		client.start();

		String proxyHost = "localhost";
		int proxyPort = 3333;
		client.setProxyDatabase(remote -> new ProxyData(new Proxy(Type.SOCKS, new InetSocketAddress(proxyHost, proxyPort))));

So, I guess we can address this issue as a doc for now until Apache MINA comes up with some out-of-the-box solution for us.