在客户端上使用 ftp4j 忽略 CentOS 上的自签名 ssl 证书
Ignore self-signed ssl cert on CentOS using ftp4j on client
任务:使用 FTP4J FTP 使用自签名证书连接到 CentOS 机器。
我能够通过 FTP 使用
成功连接到 CentOS 机器
org.apache.commons.net.ftp.FTPSClient
但是我收到以下错误,我知道这是来自使用 FTP4J 的自签名证书。
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
A related question here on SO 问了一个类似的问题,只是和一个泽西客户端。那里的答案(在下面清理,因为接受的答案会产生编译器错误)不起作用。
这里是 FTP4J 代码,其中包含信任所有证书的代码,它不起作用。
import java.io.IOException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import it.sauronsoftware.ftp4j.FTPClient;
import it.sauronsoftware.ftp4j.FTPDataTransferListener;
import it.sauronsoftware.ftp4j.FTPException;
import it.sauronsoftware.ftp4j.FTPIllegalReplyException;
FTPClient ftpsClient = new FTPClient();
try
{
// Initialize the transfer information.
this.oFtpArgs.oFtp.transferCount = this.oFtpArgs.pathFiles.size();
this.oFtpArgs.oFtp.transferCompleted = 0;
this.oFtpArgs.oFtp.filePercentComplete = 0L;
this.oFtpArgs.oFtp.bytesTransferredTotal = 0L;
// Connect to the server using active mode enabling FTP over explicit TLS/SSL (FTPES).
ftpsClient.setSecurity(FTPClient.SECURITY_FTPES);
ftpsClient.setPassive(false);
ftpsClient.connect(this.oFtpArgs.serverIp, port);
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager()
{
@Override
public X509Certificate[] getAcceptedIssuers(){return null;}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType){}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType){}
}};
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
// Log into the server.
ftpsClient.login(user, pass);
}
catch (IOException ex)
{
System.out.println("Error: " + ex.getMessage());
ex.printStackTrace();
}
catch (Exception ex)
{
System.out.println("Error: " + ex.getMessage());
ex.printStackTrace();
}
Apache FTPSClient 代码连接完美,只是上传有问题,因此现在是 FTP4J 代码。
import java.io.IOException;
import org.apache.commons.net.ftp.FTP;
import org.apache.commons.net.ftp.FTPClientConfig;
import org.apache.commons.net.ftp.FTPReply;
import org.apache.commons.net.ftp.FTPSClient;
FTPSClient ftpsClient = new FTPSClient("TLS", false);
try
{
FTPClientConfig ftpClientConfig = new FTPClientConfig(FTPClientConfig.SYST_UNIX);
ftpsClient.configure(ftpClientConfig);
ftpsClient.connect(this.oFtpArgs.serverIp, port);
int ftpReplyCode = ftpsClient.getReplyCode();
if (!FTPReply.isPositiveCompletion(ftpReplyCode))
return;
// Set protection buffer size
ftpsClient.execPBSZ(0);
// Set data channel protection to private
ftpsClient.execPROT("P");
// Log into the server.
ftpsClient.login(user, pass);
ftpReplyCode = ftpsClient.getReplyCode();
if (!FTPReply.isPositiveCompletion(ftpReplyCode))
return;
// Enter local active mode .
ftpsClient.enterLocalActiveMode();
}
catch (IOException ex)
{
System.out.println("Error: " + ex.getMessage());
ex.printStackTrace();
}
我仔细阅读了其他问题,但找不到有用的东西。关于如何告诉 FTP4J 忽略自签名证书上的错误有什么想法吗?
你们真亲密。首先,删除对 HttpsURLConnection 的引用。与 FTP 或 FTPS.
完全无关
但保留 TrustManager 和 SSLContext 的东西,只有一个小改动....指示您的 FTPClient 使用结果 SSLSocketFactory.
所以你的最终结果看起来像这样:
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager()
{
@Override
public X509Certificate[] getAcceptedIssuers(){return null;}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType){}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType){}
}};
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new SecureRandom());
ftpsClient.setSSLSocketFactory(sc.getSocketFactory());
我的来源? The FTP4J manual。 (我确实注意到那个例子使用 "SSL" 而不是 "TLS";你可能需要两种方法都试一下。)
任务:使用 FTP4J FTP 使用自签名证书连接到 CentOS 机器。
我能够通过 FTP 使用
成功连接到 CentOS 机器org.apache.commons.net.ftp.FTPSClient
但是我收到以下错误,我知道这是来自使用 FTP4J 的自签名证书。
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
A related question here on SO 问了一个类似的问题,只是和一个泽西客户端。那里的答案(在下面清理,因为接受的答案会产生编译器错误)不起作用。
这里是 FTP4J 代码,其中包含信任所有证书的代码,它不起作用。
import java.io.IOException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import it.sauronsoftware.ftp4j.FTPClient;
import it.sauronsoftware.ftp4j.FTPDataTransferListener;
import it.sauronsoftware.ftp4j.FTPException;
import it.sauronsoftware.ftp4j.FTPIllegalReplyException;
FTPClient ftpsClient = new FTPClient();
try
{
// Initialize the transfer information.
this.oFtpArgs.oFtp.transferCount = this.oFtpArgs.pathFiles.size();
this.oFtpArgs.oFtp.transferCompleted = 0;
this.oFtpArgs.oFtp.filePercentComplete = 0L;
this.oFtpArgs.oFtp.bytesTransferredTotal = 0L;
// Connect to the server using active mode enabling FTP over explicit TLS/SSL (FTPES).
ftpsClient.setSecurity(FTPClient.SECURITY_FTPES);
ftpsClient.setPassive(false);
ftpsClient.connect(this.oFtpArgs.serverIp, port);
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager()
{
@Override
public X509Certificate[] getAcceptedIssuers(){return null;}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType){}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType){}
}};
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
// Log into the server.
ftpsClient.login(user, pass);
}
catch (IOException ex)
{
System.out.println("Error: " + ex.getMessage());
ex.printStackTrace();
}
catch (Exception ex)
{
System.out.println("Error: " + ex.getMessage());
ex.printStackTrace();
}
Apache FTPSClient 代码连接完美,只是上传有问题,因此现在是 FTP4J 代码。
import java.io.IOException;
import org.apache.commons.net.ftp.FTP;
import org.apache.commons.net.ftp.FTPClientConfig;
import org.apache.commons.net.ftp.FTPReply;
import org.apache.commons.net.ftp.FTPSClient;
FTPSClient ftpsClient = new FTPSClient("TLS", false);
try
{
FTPClientConfig ftpClientConfig = new FTPClientConfig(FTPClientConfig.SYST_UNIX);
ftpsClient.configure(ftpClientConfig);
ftpsClient.connect(this.oFtpArgs.serverIp, port);
int ftpReplyCode = ftpsClient.getReplyCode();
if (!FTPReply.isPositiveCompletion(ftpReplyCode))
return;
// Set protection buffer size
ftpsClient.execPBSZ(0);
// Set data channel protection to private
ftpsClient.execPROT("P");
// Log into the server.
ftpsClient.login(user, pass);
ftpReplyCode = ftpsClient.getReplyCode();
if (!FTPReply.isPositiveCompletion(ftpReplyCode))
return;
// Enter local active mode .
ftpsClient.enterLocalActiveMode();
}
catch (IOException ex)
{
System.out.println("Error: " + ex.getMessage());
ex.printStackTrace();
}
我仔细阅读了其他问题,但找不到有用的东西。关于如何告诉 FTP4J 忽略自签名证书上的错误有什么想法吗?
你们真亲密。首先,删除对 HttpsURLConnection 的引用。与 FTP 或 FTPS.
但保留 TrustManager 和 SSLContext 的东西,只有一个小改动....指示您的 FTPClient 使用结果 SSLSocketFactory.
所以你的最终结果看起来像这样:
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager()
{
@Override
public X509Certificate[] getAcceptedIssuers(){return null;}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType){}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType){}
}};
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new SecureRandom());
ftpsClient.setSSLSocketFactory(sc.getSocketFactory());
我的来源? The FTP4J manual。 (我确实注意到那个例子使用 "SSL" 而不是 "TLS";你可能需要两种方法都试一下。)