在客户端使用CentOS上的ftp4j忽略自签名ssl证书

Question

任务:使用使用自签名证书的CentOS FTP4J连接到FTP4J框。

我能够通过FTP成功地连接到CentOS框

org.apache.commons.net.ftp.FTPSClient

但是，我收到以下错误，我知道它来自自签名证书，使用FTP4J。

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

这里的一个相关问题问了一个类似的问题，就在泽西的一个客户端。那里的答案(在下面清理，因为接受的答案会产生一个编译器错误)不起作用。

下面是带有信任所有证书代码的FTP4J代码，该代码不起作用。

import java.io.IOException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import it.sauronsoftware.ftp4j.FTPClient;
import it.sauronsoftware.ftp4j.FTPDataTransferListener;
import it.sauronsoftware.ftp4j.FTPException;
import it.sauronsoftware.ftp4j.FTPIllegalReplyException;

FTPClient ftpsClient = new FTPClient();
try
{
    // Initialize the transfer information.
    this.oFtpArgs.oFtp.transferCount = this.oFtpArgs.pathFiles.size();
    this.oFtpArgs.oFtp.transferCompleted = 0;
    this.oFtpArgs.oFtp.filePercentComplete = 0L;
    this.oFtpArgs.oFtp.bytesTransferredTotal = 0L;

    // Connect to the server using active mode enabling FTP over explicit TLS/SSL (FTPES).
    ftpsClient.setSecurity(FTPClient.SECURITY_FTPES);
    ftpsClient.setPassive(false);
    ftpsClient.connect(this.oFtpArgs.serverIp, port);

    TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager()
    {
        @Override
        public X509Certificate[] getAcceptedIssuers(){return null;}
        @Override
        public void checkClientTrusted(X509Certificate[] certs, String authType){}
        @Override
        public void checkServerTrusted(X509Certificate[] certs, String authType){}
    }};

    // Install the all-trusting trust manager
    SSLContext sc = SSLContext.getInstance("TLS");
    sc.init(null, trustAllCerts, new SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

    // Log into the server.
    ftpsClient.login(user, pass);
}

catch (IOException ex)
{
    System.out.println("Error: " + ex.getMessage());
    ex.printStackTrace();
}

catch (Exception ex)
{
    System.out.println("Error: " + ex.getMessage());
    ex.printStackTrace();
}

Apache FTPSClient代码连接得完美无缺，只是在上传时遇到了困难，因此现在使用了FTP4J代码。

import java.io.IOException;
import org.apache.commons.net.ftp.FTP;
import org.apache.commons.net.ftp.FTPClientConfig;
import org.apache.commons.net.ftp.FTPReply;
import org.apache.commons.net.ftp.FTPSClient;

FTPSClient ftpsClient = new FTPSClient("TLS", false);
try
{
    FTPClientConfig ftpClientConfig = new FTPClientConfig(FTPClientConfig.SYST_UNIX);
    ftpsClient.configure(ftpClientConfig);
    ftpsClient.connect(this.oFtpArgs.serverIp, port);
    int ftpReplyCode = ftpsClient.getReplyCode();
    if (!FTPReply.isPositiveCompletion(ftpReplyCode))
        return;

    // Set protection buffer size
    ftpsClient.execPBSZ(0);

    // Set data channel protection to private
    ftpsClient.execPROT("P");

    // Log into the server.
    ftpsClient.login(user, pass);
    ftpReplyCode = ftpsClient.getReplyCode();
    if (!FTPReply.isPositiveCompletion(ftpReplyCode))
        return;

    // Enter local active mode .
    ftpsClient.enterLocalActiveMode();
}

catch (IOException ex)
{
    System.out.println("Error: " + ex.getMessage());
    ex.printStackTrace();
}

我确实研究过其他问题，但找不到有用的东西。对于如何让FTP4J忽略自签名证书上的错误，有什么想法吗？

Answer 1

你离我这么近。首先，去掉对HttpsURLConnection的引用。与FTP或FTPS完全无关。

但是保留TrustManager和SSLContext的东西，只要一个小小的改变.指示您的FTPClient使用结果SSLSocketFactory。

因此，您的最终结果如下：

TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager()
{
    @Override
    public X509Certificate[] getAcceptedIssuers(){return null;}
    @Override
    public void checkClientTrusted(X509Certificate[] certs, String authType){}
    @Override
    public void checkServerTrusted(X509Certificate[] certs, String authType){}
}};

// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new SecureRandom());
ftpsClient.setSSLSocketFactory(sc.getSocketFactory());

我的线人？FTP4J手册。(我确实注意到，该示例使用的是"SSL“而不是"TLS"；您可能必须同时尝试。)