好的,现在我知道了。
我从一开始就做错了。首先,您需要将两个文件(vsftpd.crt和vsftpd.key)转换为单个PKCS12文件。
openssl pkcs12 -export -in vsftpd.crt -inkey vsftpd.key > vsftpd.p12
接下来,您需要将PKCS12文件导入密钥库:
keytool -importkeystore -srckeystore vsftpd.p12 -destkeystore keystore.jks -srcstoretype pkcs12
详细说明[此处]。2
最后,您只需要使用生成的密钥库实例化信任管理器,然后将其交给FTPSClient。就像是:
import java.io.File;import java.io.FileInputStream;import java.io.FileOutputStream;import java.io.IOException;import java.security.KeyStore;import java.security.KeyStoreException;import javax.net.ssl.X509TrustManager;import org.apache.commons.net.ftp.FTP;import org.apache.commons.net.ftp.FTPSClient;import org.apache.commons.net.io.Util;import org.apache.commons.net.util.TrustManagerUtils;public method() throws IOException, GeneralSecurityException{ File storeFile = new File("path/to/keystore"); KeyStore keyStore = loadStore("JKS", storeFile, "password"); X509TrustManager defaultTrustManager = TrustManagerUtils.getDefaultTrustManager(keyStore); client = new FTPSClient(properties.getProtocol(), isImpicit); client.setTrustManager(defaultTrustManager); logOutput = new LogOutputStream(log, Level.INFO);}//Helper method from apache: http://commons.apache.org/proper/commons-net/apidocs/index.html?org/apache/commons/net/util/KeyManagerUtils.htmlprivate KeyStore loadStore(String storeType, File storePath, String storePass) throws KeyStoreException, IOException, GeneralSecurityException { KeyStore ks = KeyStore.getInstance(storeType); FileInputStream stream = null; try { stream = new FileInputStream(storePath); ks.load(stream, storePass.toCharArray()); } finally { Util.closeQuietly(stream); } return ks; }
