Search code examples
oauth-2.0wso2certificatewso2-enterprise-integratorwso2-esb

Peer not authenticated Observed while securing API , using WSO2 EI Oauth 2.0 in localhost

I tried to secure my API using Oauth 2.0 http://abeykoon.blogspot.com/2015/04/wso2-esb-securing-rest-end-point-using.html in wso2 EI custom SimpleOauthhandler and I'm observing this exception Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated. I tried to import certificates using keytool, but I'm not sure which certificates are expired, if certificate expiry is the cause for this exception.

Line 63(return stub.validate(dto).getValid();) in SimpleOAuthHandler class http://abeykoon.blogspot.com/2015/04/wso2-esb-securing-rest-end-point-using.html causing this exception

Exception:

[2020-01-10 13:10:54,931] [EI-Core]  INFO - HTTPSender Unable to sendViaPost to url[https://localhost:9445/services/OAuth2TokenValidationService]
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
    at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:450)
    at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:276)
    at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:186)
    at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
    at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
    at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:704)
    at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:199)
    at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:81)
    at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:459)
    at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:286)
    at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
    at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:441)
    at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:227)
    at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
    at org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub.validate(OAuth2TokenValidationServiceStub.java:738)
    at org.wso2.handler.SimpleOauthHandler.handleRequest(SimpleOauthHandler.java:93)
    at org.apache.synapse.rest.API.process(API.java:325)
    at org.apache.synapse.rest.RESTRequestHandler.apiProcess(RESTRequestHandler.java:135)
    at org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:113)
    at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:71)
    at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:303)
    at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:92)
    at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
    at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:337)
    at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:158)
    at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
[2020-01-10 13:10:54,933] [EI-Core] ERROR - SimpleOauthHandler Error occurred while processing the message
org.apache.axis2.AxisFault: peer not authenticated
    at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
Solution
    1. Download server certificat (here is desrcibed how: https://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file) In your case from localhost:9445
    2. Add downloaded server SSL certificate to client-truststore.jks in WSO2.

    keytool -import -alias localhost -file {PathToDownloadedCertFile} -keystore {WSO2HomeDir}\repository\resources\security\client-truststore.jks

    1. Restart WSO2