2

I am trying to fetch some data from an API secured with SSL. I have configured my OAUth2RestTemplate with the necessary configuration but I am getting the following exception

Caused by: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://.../oauth/token": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

This is my RestTemplate config:

@EnableOAuth2Client
@Configuration
public class RestTemplateConfig {

    private final MyConfig config;

    public RestTemplateConfig(MyConfig config) {
        this.config = config;
    }

    @Bean
    protected OAuth2ProtectedResourceDetails resource() {

        ResourceOwnerPasswordResourceDetails resource = new ResourceOwnerPasswordResourceDetails();

        List scopes = new ArrayList<String>();
        scopes.add("read");
        resource.setAccessTokenUri(nikolaConfig.getBaseUrl() + "/oauth/token");
        resource.setClientId("...");
        resource.setClientSecret("...");
        resource.setGrantType("...");
        resource.setScope(scopes);

        resource.setUsername(config.getLogin());
        resource.setPassword(config.getPassword());

        return resource;
    }

    @Bean
    public OAuth2RestOperations restTemplate() {
        AccessTokenRequest atr = new DefaultAccessTokenRequest();

        return new OAuth2RestTemplate(resource(), new DefaultOAuth2ClientContext(atr));
    }
}

And my call:

String test = restTemplate.getForObject(URI.create(config.getBaseUrl() + "/configuration/all"), String.class);

Could someone explain how to set the resttemplate up so it works with Https?

EDIT: I tried adding keystore.p12 containing the site's cert to the application but that changed nothing:

server.ssl.key-store=classpath:keystore.p12
server.ssl.key-store-password=xxx
server.ssl.key-password=xxx
server.ssl.trust-store=classpath:keystore.p12
server.ssl.trust-store-password=xxx
Smajl
  • 7,555
  • 29
  • 108
  • 179
  • https://stackoverflow.com/questions/9619030/resolving-javax-net-ssl-sslhandshakeexception-sun-security-validator-validatore?rq=1 – Dzmitry Prakapenka Jan 10 '19 at 13:56
  • I tried importing keystore.p12 via application.properties with the certificate downloaded from the site. It did not change anything. – Smajl Jan 10 '19 at 15:26

1 Answers1

1

It is because the AccessTokenProvider on the OAuth2RestTemplate creates its own RestTemplate internally in order to request the token. In order to set the provider for that internal RestTemplate, you can do the below (change to different types of AccessTokenProviders based on what kind of OAuth you're doing)

ResourceOwnerPasswordAccessTokenProvider provider = new ResourceOwnerPasswordAccessTokenProvider();
provider.setRequestFactory(requestFactory);
restTemplate.setAccessTokenProvider(provider);
Will M.
  • 1,864
  • 17
  • 28