I'm using a com.nimbusds.jose implementation in order to validate a token by retrieving the public key which was used to sign the JWT from Microsoft authorization server configuration (property jwks_uri). When I'm trying to validate the token by using the code written below, I'm getting:
com.nimbusds.jose.RemoteKeySourceException: Couldn't retrieve remote JWK set: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Code:
try {
ConfigurableJWTProcessor jwtProcessor = new DefaultJWTProcessor();
JWKSource keySource = null;
try {
ResourceRetriever jwkRetriever = new DefaultResourceRetriever(100000, 100000);
JWKSetCache jwkSetCache = new DefaultJWKSetCache(1440,
1430, TimeUnit.MINUTES);
keySource = new RemoteJWKSet(new URL(
"https://login.windows.net/36799f34-92fd-4612-8473-80173f2406e8/discovery/v2.0/keys"),jwkRetriever,jwkSetCache);
} catch (MalformedURLException e) {
e.printStackTrace();
}
JWSAlgorithm expectedJWSAlg = JWSAlgorithm.RS256;
JWSKeySelector keySelector = new JWSVerificationKeySelector(expectedJWSAlg,keySource);
jwtProcessor.setJWSKeySelector(keySelector);
JWTClaimsSet claimsSet = null;
SecurityContext ctx = null; // optional context parameter, not required here
try {
claimsSet = jwtProcessor.process(token, ctx);
} catch (ParseException e) {
e.printStackTrace();
} catch (BadJOSEException e) {
e.printStackTrace();
} catch (JOSEException e) {
e.printStackTrace();
}
I've added the certificates in the truststore. See below the configuration from Spring application.properties file:
trust.store=myapp_dev.p12
trust.store.password=changeit
What am I doing wrong?