I am trying to get JWK from a server which works fine on http. Does nimbus-jose-jwt provide any alternative approaches to tackle when the server is behind mTls?
Please find the code that works as expected with http.
public JWTProcessor<SecurityContext> prepareJwtProcessor(String jwkUrl, String jwtIssuer)
throws MalformedURLException {
log.debug("Fetching JWK from url: {}", jwkUrl);
ConfigurableJWTProcessor<SecurityContext> jwtProcessor = new DefaultJWTProcessor<>();
JWKSource<SecurityContext> keySource = new RemoteJWKSet<>(new URL(jwkUrl));
JWSAlgorithm expectedAlgorithm = JWSAlgorithm.RS512;
JWSKeySelector<SecurityContext> keySelector = new JWSVerificationKeySelector<>(
expectedAlgorithm, keySource);
jwtProcessor.setJWSKeySelector(keySelector);
jwtProcessor.setJWTClaimsSetVerifier(
new DefaultJWTClaimsVerifier<>(new JWTClaimsSet.Builder().issuer(jwtIssuer).build(),
new HashSet<>(
Arrays.asList("sub", "iat", "exp", "jti"))));
return jwtProcessor;
}
jwtProcessor.process(accessToken, null).toJSONObject()
.forEach((key, value) -> claims.put(key, objectMapper.convertValue(value, String.class)));
However, when I enable https on the server that serves the JWK, I am getting the following exception:
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Does nimbus-jose-jwt provide an option to make a successful handshake before retrieving JWK from a remote source?
