Service account Throws - SSLHandshakeException

Question

Thank you very much for reading this post, any help will be greatly appreciated!!

I am trying to use service account to list and create a text file in the Drive. Have generated a Service account, downloaded the p12 file also enabled Drive api for the account. But I am getting SSLHandshakeException.

Googleapi version: libs-sources/google-api-services-drive-v2-rev168-1.20.0-sources.jar

java version: "1.7.0_79" Java(TM) SE Runtime Environment (build 1.7.0_79-b15) Java HotSpot(TM) 64-Bit Server VM (build 24.79-b02, mixed mode)

Have also loaded the downloaded p12 file to cacerts file under \jdk1.7.0_79\jre\lib\security.

An error occurred: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Unknown Source) ........... Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source) ................ Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)

Here is my source code:

private static void getSomethingFromDrive() throws Exception {

    String emailAddress ="XXXXXtest@XXXXX.iam.gserviceaccount.com";
    JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();
    HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
    GoogleCredential.Builder credBuilder = new GoogleCredential.Builder();
    credBuilder.setTransport(httpTransport);
    credBuilder.setJsonFactory(JSON_FACTORY);
    credBuilder.setServiceAccountId(emailAddress);
    credBuilder.setServiceAccountPrivateKeyFromP12File(new File("XXXXX.p12"));
    credBuilder.setServiceAccountScopes(Arrays.asList(DriveScopes.DRIVE));
    GoogleCredential credential = credBuilder.build();

      Drive service = new Drive.Builder(httpTransport, JSON_FACTORY, credential).build();
      DriveOperation.printAbout(service);
        //Insert a file  
      com.google.api.services.drive.model.File body = new com.google.api.services.drive.model.File();
        body.setTitle("My document");
        body.setDescription("A test document");
        body.setMimeType("text/plain");

        java.io.File fileContent = new java.io.File("C:/Personal/document.txt");
        FileContent mediaContent = new FileContent("text/plain", fileContent);

        com.google.api.services.drive.model.File file = service.files().insert(body, mediaContent).execute();
        System.out.println("File ID: " + file.getId());

}

neal · Answer 1 · 2016-03-05T04:27:58.003

0

sounds like a keystore issue. Did you import the certificate into the .jks file?

hmmm. I did some quick research and it sounds like it should work. Are you able to view the cert you added in cacerts?

or is it possible it's pointed to jre cacerts rather than jdk cacerts?

edited Mar 05 '16 at 04:27

answered Mar 05 '16 at 04:08

neal

880
6
11

I have 3 cacerts file in all of my C drive. I have added the p12 file to all of the cacerts files, still no luck. I do see the privatekey enry in the cacerts file. – Venki Ram Mar 05 '16 at 05:08
Neal, I have added the p12 file to all the cacerts (Both jdk and jre and also added to 32 jre.) when I listed the keystore I can see the privatekeys as follows lias name: privatekey Creation date: Mar 4, 2016 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=111996787216743957705 Issuer: CN=111996787216743957705 Serial number: 7b5bc826c2aaa1ff Valid from: Fri Mar 04 19:13:50 PST 2016 until: Mon Mar 02 19:13:50 PST 2026 Certificate fingerprints: MD5: E7:BF:.... SHA1: 60:... SHA256: 1A:8D:5D...:...... Signature algorithm name: SHA1withRSA Version: 3 – Venki Ram Mar 05 '16 at 16:24
my only other suggestions would be: 1) create a keystore (used to autheticate yourself) and see if that works and 2) check to ensure you imported the certificate as the correct type of certificate. Concerning point number 2, I can't remember off-hand the differences between certificate types because I do this so infrequently but I have run into issues at work in which I imported a certificate but I still could not authenticate because I added the cert as the wrong type. – neal Mar 05 '16 at 16:32

score 0 · Answer 2 · answered Mar 05 '16 at 22:40

SOLVED!!!!! I was using my work laptop and never expected that my work computer under the MIM realm :) I found that out when I tried to get the certs for accounts.google.com by clicking lock icon on the browser address bar. I moved the code to my personal device and it worked as it should be. Damn BIG corps!!!!!...

Service account Throws - SSLHandshakeException

2 Answers2