Reputation: 2951
SunCertPathBuilderException when using Firebase
I have a Java Rest API running with Jersey on a Glassfish server, and I use Firebase Auth to authenticate my users.
So I use the Firebase Admin SDK to verify the token FirebaseAuth.getInstance().verifyIdToken(idToken)
But it throws the following error:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I initialize my app correctly, by calling:
FirebaseOptions options = new FirebaseOptions.Builder().setCredentials(GoogleCredentials.fromStream(serviceAccountStream)).build();
With serviceAccountStream an InputStream to my service account JSON file.
Edit: I got the same problem with Firebase's auth emulator and other Firebase services such as Firestore, that's weird
Upvotes: 3
Views: 1736
Answers (2)
Reputation: 1
Here I listed five pointer, may be helpful for someone.
- ID token verification requires a project ID.Did you check that?
For example,
FirebaseOptions options = new FirebaseOptions.Builder().setCredentials(GoogleCredentials.fromStream(serviceAccountStream)).setProjectId("my-project-id").build();
The Firebase Admin SDK attempts to obtain a project ID via one of the following methods:
- If the SDK was initialized with an explicit projectId app option, the SDK uses the value of that option.
- If the SDK was initialized with service account credentials, the SDK uses the project_id field of the service account JSON object.
- If the GOOGLE_CLOUD_PROJECT environment variable is set, the SDK uses its value as the project ID. This environment variable is available for code running on Google infrastructure such as App Engine and Compute Engine.
- If your are still facing the issue.Please refer this links
https://github.com/googleapis/google-api-java-client/issues/1114
https://github.com/googleapis/google-auth-library-java#configuring-a-proxy
Could you please check whether your machine is behind corporate proxy.
- You can add server certificate into the trustStore.
keytool -import -alias mycertificate -keystore "/Library/Java/JavaVirtualMachines/jdk-15.0.1.jdk/Contents/Home/lib/security/cacerts " -file yourcertificate.cer
password: changeit
- SSL Certificate expired SSL peer not authenticated Exception for Firebase real time database
- Java Firebase admin compatible with Jersey? Is Java Firebase admin compatible with Jersey?
Upvotes: 0
Reputation: 912
The problem is coming from the old libraries you use. The following code works fine on SpringBoot 2.5 set up:
try {
InputStream serviceAccount credStream = getClass().getResourceAsStream(credsPath);
FirebaseOptions options = new FirebaseOptions.Builder()
.setCredentials(GoogleCredentials.fromStream(credStream))
.setDatabaseUrl(databaseURL)
.build();
FirebaseApp.initializeApp(options);
} catch (Exception e) {
logger.error(e.getMessage());
} finally {
...
}
If you cannot upgrade the libraries, you need to add your server certificate into the trustStore. Please, look here for the steps: Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Upvotes: 1
Related Questions
- Firebase Authentication Not successfull
- java firebase-admin cannot log user in and get token no client
- Firebase Admin SDK: NoSuchMethodError for setCredential()
- Firebase JAVA admin sdk FirebaseAuthException
- Firebase authentication doesn't work on Java(jvm) (Desktop)
- Firebase Admin SDK: unable to find valid certification path to requested target
- Firebase Authentication Failing
- Firebase AuthUI - Uknown Error Code
- Firebase auth error android studio
- Adding Firebase Admin to Java Application