I encounter this exception while trying to decode the Play Integrity token on the server side:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Here is the code:
DecodeIntegrityTokenRequest decodeRequest = new DecodeIntegrityTokenRequest();
decodeRequest.setIntegrityToken(integrityToken);
InputStream stream = Resources.getResource("credentials.json").openStream();
GoogleCredentials credentials = GoogleCredentials.fromStream(stream);
HttpRequestInitializer requestInitializer = new HttpCredentialsAdapter(credentials);
HttpTransport transport = new NetHttpTransport();
GoogleClientRequestInitializer initializer = new PlayIntegrityRequestInitializer();
// <my-project> is the project-id from service account credentials JSON file
PlayIntegrity.Builder playIntegrity = new PlayIntegrity.Builder(
transport, jsonFactory.getDefaultInstance(),
requestInitializer).setApplicationName("<my-project>").setGoogleClientRequestInitializer(initializer);
PlayIntegrity play = playIntegrity.build();
DecodeIntegrityTokenResponse response = play.v1().decodeIntegrityToken(appId, decodeRequest).execute();
Solutions found in SO suggest that I need to install certificate into the local keystore but not sure certificate from which site. I tried the one from playintegrity.googleapis.com/v1/PACKAGE_NAME but did not help.
Not much help I can get with SSL debug enabled either.
javax.net.ssl|DEBUG|2C|XNIO-1 task-4|2023-04-24 16:44:26.860 PDT|Utilities.java:73|the previous server name in SNI (type=host_name (0), value=playintegrity.googleapis.com) was replaced with (type=host_name (0), value=playintegrity.googleapis.com)
javax.net.ssl|DEBUG|2C|XNIO-1 task-4|2023-04-24 16:44:26.942 PDT|SSLCipher.java:1850|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|2C|XNIO-1 task-4|2023-04-24 16:44:26.942 PDT|SSLCipher.java:2004|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|ERROR|2C|XNIO-1 task-4|2023-04-24 16:44:26.965 PDT|TransportContext.java:312|Fatal (CERTIFICATE_UNKNOWN): PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (
"throwable" : {
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Any idea how to fix this?
I had originally updated keystore that is part of the JRE and then realized that the server was using its keystore file. After updating the server's own keystore, I am not getting this error anymore.