任务:使用自签名证书使用FTP4J FTP连接到CentOS盒。
我可以使用
成功通过FTP连接到CentOS盒子 org.apache.commons.net.ftp.FTPSClient
然而,我收到以下错误,我知道这是来自自签名证书,使用FTP4J。
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
这里的related question问了一个类似的问题,只有泽西客户。那里的答案(在下面清理,因为接受的答案产生编译器错误)不起作用。
以下是具有信任所有证书代码的FTP4J代码,但不起作用。
import java.io.IOException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import it.sauronsoftware.ftp4j.FTPClient;
import it.sauronsoftware.ftp4j.FTPDataTransferListener;
import it.sauronsoftware.ftp4j.FTPException;
import it.sauronsoftware.ftp4j.FTPIllegalReplyException;
FTPClient ftpsClient = new FTPClient();
try
{
// Initialize the transfer information.
this.oFtpArgs.oFtp.transferCount = this.oFtpArgs.pathFiles.size();
this.oFtpArgs.oFtp.transferCompleted = 0;
this.oFtpArgs.oFtp.filePercentComplete = 0L;
this.oFtpArgs.oFtp.bytesTransferredTotal = 0L;
// Connect to the server using active mode enabling FTP over explicit TLS/SSL (FTPES).
ftpsClient.setSecurity(FTPClient.SECURITY_FTPES);
ftpsClient.setPassive(false);
ftpsClient.connect(this.oFtpArgs.serverIp, port);
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager()
{
@Override
public X509Certificate[] getAcceptedIssuers(){return null;}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType){}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType){}
}};
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
// Log into the server.
ftpsClient.login(user, pass);
}
catch (IOException ex)
{
System.out.println("Error: " + ex.getMessage());
ex.printStackTrace();
}
catch (Exception ex)
{
System.out.println("Error: " + ex.getMessage());
ex.printStackTrace();
}
Apache FTPSClient代码连接完美,上传时遇到问题,现在就是FTP4J代码。
import java.io.IOException;
import org.apache.commons.net.ftp.FTP;
import org.apache.commons.net.ftp.FTPClientConfig;
import org.apache.commons.net.ftp.FTPReply;
import org.apache.commons.net.ftp.FTPSClient;
FTPSClient ftpsClient = new FTPSClient("TLS", false);
try
{
FTPClientConfig ftpClientConfig = new FTPClientConfig(FTPClientConfig.SYST_UNIX);
ftpsClient.configure(ftpClientConfig);
ftpsClient.connect(this.oFtpArgs.serverIp, port);
int ftpReplyCode = ftpsClient.getReplyCode();
if (!FTPReply.isPositiveCompletion(ftpReplyCode))
return;
// Set protection buffer size
ftpsClient.execPBSZ(0);
// Set data channel protection to private
ftpsClient.execPROT("P");
// Log into the server.
ftpsClient.login(user, pass);
ftpReplyCode = ftpsClient.getReplyCode();
if (!FTPReply.isPositiveCompletion(ftpReplyCode))
return;
// Enter local active mode .
ftpsClient.enterLocalActiveMode();
}
catch (IOException ex)
{
System.out.println("Error: " + ex.getMessage());
ex.printStackTrace();
}
我确实仔细阅读了其他问题,但找不到有用的东西。关于如何告诉FTP4J忽略自签名证书上的错误的任何想法?
答案 0 :(得分:1)
你是如此亲密。首先,摆脱对HttpsURLConnection的引用。与FTP或FTPS完全无关。
但请保留TrustManager和SSLContext内容,只需进行一次小修改......指示您的FTPClient使用结果SSLSocketFactory。
所以你的最终结果看起来像这样:
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager()
{
@Override
public X509Certificate[] getAcceptedIssuers(){return null;}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType){}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType){}
}};
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new SecureRandom());
ftpsClient.setSSLSocketFactory(sc.getSocketFactory());
我的来源? The FTP4J manual。 (我注意到那个例子使用的是“SSL”而不是“TLS”;你可能必须尝试两种方式。)