【发布时间】:2016-04-09 13:34:29
【问题描述】:
任务:使用自签名证书的 FTP4J FTP 连接到 CentOS 机器。
我能够使用 FTP 成功连接到 CentOS 机器
org.apache.commons.net.ftp.FTPSClient
但是我收到以下错误,我知道这是来自使用 FTP4J 的自签名证书。
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
related question 在 SO 上问了一个类似的问题,只是针对 Jersey 客户。那里的答案(在下面清理,因为接受的答案会产生编译器错误)不起作用。
这是带有信任所有证书代码的 FTP4J 代码,它不起作用。
import java.io.IOException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import it.sauronsoftware.ftp4j.FTPClient;
import it.sauronsoftware.ftp4j.FTPDataTransferListener;
import it.sauronsoftware.ftp4j.FTPException;
import it.sauronsoftware.ftp4j.FTPIllegalReplyException;
FTPClient ftpsClient = new FTPClient();
try
{
// Initialize the transfer information.
this.oFtpArgs.oFtp.transferCount = this.oFtpArgs.pathFiles.size();
this.oFtpArgs.oFtp.transferCompleted = 0;
this.oFtpArgs.oFtp.filePercentComplete = 0L;
this.oFtpArgs.oFtp.bytesTransferredTotal = 0L;
// Connect to the server using active mode enabling FTP over explicit TLS/SSL (FTPES).
ftpsClient.setSecurity(FTPClient.SECURITY_FTPES);
ftpsClient.setPassive(false);
ftpsClient.connect(this.oFtpArgs.serverIp, port);
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager()
{
@Override
public X509Certificate[] getAcceptedIssuers(){return null;}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType){}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType){}
}};
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
// Log into the server.
ftpsClient.login(user, pass);
}
catch (IOException ex)
{
System.out.println("Error: " + ex.getMessage());
ex.printStackTrace();
}
catch (Exception ex)
{
System.out.println("Error: " + ex.getMessage());
ex.printStackTrace();
}
Apache FTPSClient 代码完美连接,只是在上传时遇到问题,因此现在使用 FTP4J 代码。
import java.io.IOException;
import org.apache.commons.net.ftp.FTP;
import org.apache.commons.net.ftp.FTPClientConfig;
import org.apache.commons.net.ftp.FTPReply;
import org.apache.commons.net.ftp.FTPSClient;
FTPSClient ftpsClient = new FTPSClient("TLS", false);
try
{
FTPClientConfig ftpClientConfig = new FTPClientConfig(FTPClientConfig.SYST_UNIX);
ftpsClient.configure(ftpClientConfig);
ftpsClient.connect(this.oFtpArgs.serverIp, port);
int ftpReplyCode = ftpsClient.getReplyCode();
if (!FTPReply.isPositiveCompletion(ftpReplyCode))
return;
// Set protection buffer size
ftpsClient.execPBSZ(0);
// Set data channel protection to private
ftpsClient.execPROT("P");
// Log into the server.
ftpsClient.login(user, pass);
ftpReplyCode = ftpsClient.getReplyCode();
if (!FTPReply.isPositiveCompletion(ftpReplyCode))
return;
// Enter local active mode .
ftpsClient.enterLocalActiveMode();
}
catch (IOException ex)
{
System.out.println("Error: " + ex.getMessage());
ex.printStackTrace();
}
我确实仔细阅读了其他问题,但找不到有用的东西。关于如何告诉 FTP4J 忽略自签名证书上的错误有什么想法吗?
【问题讨论】: