从命令行执行第三方Jar,标记为忽略SSL问题?

时间:2013-08-07 22:35:58

标签: java command-line jar

我正在从命令行执行W3C CSS验证器jar,它是从最新的源代码构建的。当jar请求一些HTTPS URL时会引发异常。

有些HTTPS网址很好,有些则不是。在导致我知道的异常(仅一个)的那些中,在Chrome中请求相关URL时,SSL证书似乎没问题。

我按如下方式调用CSS验证器:

java -jar css-validator.jar "https://example.com/"

并获得以下错误输出:

javax.net.ssl.SSLException: Server key
    at sun.security.ssl.Handshaker.throwSSLException(Handshaker.java:1274)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1032)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:515)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
    at org.w3c.css.util.HTTPURL.getConnection(HTTPURL.java:257)
    at org.w3c.css.util.HTTPURL.getConnection(HTTPURL.java:312)
    at org.w3c.css.css.DocumentParser.<init>(DocumentParser.java:124)
    at org.w3c.css.css.CssValidator.main(CssValidator.java:154)
Caused by: java.security.spec.InvalidKeySpecException: Could not create EC public key
    at sun.security.pkcs11.P11ECKeyFactory.engineGeneratePublic(P11ECKeyFactory.java:169)
    at java.security.KeyFactory.generatePublic(KeyFactory.java:334)
    at sun.security.ssl.HandshakeMessage$ECDH_ServerKeyExchange.<init>(HandshakeMessage.java:1057)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:218)
    ... 13 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID
    at sun.security.pkcs11.wrapper.PKCS11.C_CreateObject(Native Method)
    at sun.security.pkcs11.P11ECKeyFactory.generatePublic(P11ECKeyFactory.java:233)
    at sun.security.pkcs11.P11ECKeyFactory.engineGeneratePublic(P11ECKeyFactory.java:164)
    ... 16 more

理想情况下,我绝对要忽略从命令行执行此jar时可能引发的所有此类SSL错误:

java -ignore-all-of-these-ssl-errors-please -jar css-validator.jar "https://example.com/"

显然ignore-all-of-these-ssl-errors-please不是有效的命令行标志。

是否有标志可以做到这一点?

1 个答案:

答案 0 :(得分:1)

不可能。出于某种原因,这就是这种方式,原因是为了防止您编写其他人隐含信任的代码,以确保SSL会话安全且真实。它在Chrome中而不是在Java中工作的原因是Java带有一组非常稀疏的根CA.

如果您不控制代码,唯一的方法是将必要的CA证书添加到本地密钥库。我相信您可以以可导入密钥库的形式导出Chrome的CA.

相关问题
最新问题