发表新帖
发表新帖

How do I configure client authentication with generated certificate in apache-commons net

前端 未结
关注
2 2012
清歌不尽
清歌不尽 2020-12-18 13:46

First off, I know there is a similar question here but it doesn\'t answer my doubts. I have a FTPS server (vsftpd) configured with SSL.

I\'ve generated the appropria

相关标签:
2条回答
  • Happy的楠姐
    2020-12-18 14:18

    Ok, now I have it.

    I was doing it wrong from the beginning. To start with, you need to convert the two files (vsftpd.crt and vsftpd.key) into a single PKCS12 file. 

    openssl pkcs12 -export -in vsftpd.crt -inkey vsftpd.key > vsftpd.p12

    Next, you need to import the PKCS12 file into a keystore:

    keytool -importkeystore -srckeystore vsftpd.p12 -destkeystore keystore.jks -srcstoretype pkcs12

    Detailed instructions [here].2

    Finally, you just need to instantiate a trust manager with the generated keystore, and hand it to the FTPSClient. Something like:

    import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import javax.net.ssl.X509TrustManager;

import org.apache.commons.net.ftp.FTP;
import org.apache.commons.net.ftp.FTPSClient;
import org.apache.commons.net.io.Util;
import org.apache.commons.net.util.TrustManagerUtils;

public method() throws IOException, GeneralSecurityException{

    File storeFile = new File("path/to/keystore");

    KeyStore keyStore = loadStore("JKS", storeFile, "password");
    X509TrustManager defaultTrustManager = TrustManagerUtils.getDefaultTrustManager(keyStore);

    client = new FTPSClient(properties.getProtocol(), isImpicit);

    client.setTrustManager(defaultTrustManager);
    logOutput = new LogOutputStream(log, Level.INFO);
}

//Helper method from apache: http://commons.apache.org/proper/commons-net/apidocs/index.html?org/apache/commons/net/util/KeyManagerUtils.html
private KeyStore loadStore(String storeType, File storePath, String storePass)
        throws KeyStoreException,  IOException, GeneralSecurityException {
        KeyStore ks = KeyStore.getInstance(storeType);
        FileInputStream stream = null;
        try {
            stream = new FileInputStream(storePath);
            ks.load(stream, storePass.toCharArray());
        } finally {
            Util.closeQuietly(stream);
        }
        return ks;
    }
    0 讨论(0)
  • 谎友^
    2020-12-18 14:19

    you have to generate your own keystore from previous comment.

    Now use this link https://issues.apache.org/jira/browse/NET-326 Find this comment (Bogdan Drozdowski added a comment - 10/Mar/11 15:16) and do FTPSCLient(SSLContext sslContext) constructor like in this comment, and your ftpsClient will work with certificate and private key auth.

    0 讨论(0)
 看不清?
提交回复
热议问题