在Java中打开SSLSocket时对证书链的验证

Question

My Setup

My goal is to set up a SSL/TLS secured connection (explicit) with an FTP-Server. The appropriate Root CA Certificate is stored in a Truststore called truststore.jks . After the AUTH TLS command I'm using the following code to build up the SSLSocket.

public SSLSocket enterSecureMode(Socket s) throws Exception {
        KeyStore truststore = KeyStore.getInstance("JKS");
        truststore.load(Files.newInputStream(Paths.get("truststore.jks")), "mypass".toCharArray());

        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(truststore);

        SSLContext sCon = SSLContext.getInstance("TLS");
        sCon.init(null, tmf.getTrustManagers(), null);

        SSLSocketFactory sslSocketFactory = sCon.getSocketFactory();
        return (SSLSocket) sslSocketFactory.createSocket(s, "<HOSTNAME>", 21, true);
}

The code itself is running fine and I received a secured Socket-Connection, but I wonder whether this can stand attacks like eg MITM or not. I mean would that program discover an attempt of somebody trying to 'give me a Fake-Certificate'. Therefore I'd be very happy if some more experienced SSL-Network-Programmers could enlight me :D

Answer 1

This is sufficient. The attacker would have to provide a certificate signed by the root CA. However you don't need all this code: you only need

System.setProperty("javax.net.ssl.trustStore", "truststore.jks");
SSLContext sCon = SSLContext.getDefault();
SSLSocketFactory sslSocketFactory = sCon.getSocketFactory();
return (SSLSocket) sslSocketFactory.createSocket(s, "<HOSTNAME>", 21, true)

If you want to be totally paranoid, after creating the SSLSocket you can get the SSLSession and then the peer certificate chain and make sure that the zeroth entry exactly matches the exact server's certificate, but this step is mostly omitted.