You may think that REST APIs are super easy to use with tRESTClient in Talend and nothing really can surprise you here. Until you try to get data from token based authenticated API.
In such case you don’t use built-in authentication feature in tRESTClient but you rely on auth tokens delivered by the API provider. So the tRESTClient component will look somehow like this
Everything seems to be fine at this point but suddenly when you run the script you got bunch of strange errors including:
Could not send message. PKIX path building failed
As this can be read in between the lines of this horrifying error above, the real problem is with the security certificate API provider is using.
There are at least 2 easy ways to solve this problem. First requires tSetKeystore component to be used together with tRESTClient but in my opinion more robust and elegant solution should be used.
True nature of the issue is that Java cannot find certificate used in the HTTPS communication in the local trusted keystore. So the most natural way is to add missing certificate (of course as long as we trust the provider).
1. find Java Install path
In order to add certificate we need to find path where JDE/JRE is installed. In Windows is pretty straightforward. You go to Start>Control Panel> type Java > Java Configuration and after you click View button in Java tab you will see all versions installed with paths:
As I am using java 1.8 in my Talend projects, I will focus on it’s path. So i go to top directory for this version and then to lib\security folder which is in my case
C:\Program Files (x86)\Java\jre1.8.0_91\lib\securty
Note that there’s a cacerts file. This is the binary file holding all certificates for Java. Super important note: cacert file is also present in various others folders within whole Java directory. However if you would like to get streamlined experience without need for adjustments, let’s focus on the one in lib\security.
2. Download Certificate
Now when we have located our target path, let’s go and download the certificate. You simply go to API URL (same you are using in tRestClient) and click Certificate icon in your browser.
Click on the Certificate button and then on Details tab you will have option to Copy to file. Use Default DER format. This should result in .cer file saved somewhere on your drive. Make sure to copy this file to some simple high level location for ease of use in the next step
3. Add Certificate to keystore
To add certificate you need to access command line (cmd.exe) and run the following command (make sure to run cmd.exe as Administrator)
cd java_path\bin keytool -keystore ..\lib\security\cacerts -import -alias your_api_name -file path_to_downloaded_cert\cert_name.cer
so in my case it will be:
cd C:\Program Files (x86)\Java\jre1.8.0_91\lib\ keytool -keystore ..\lib\security\cacerts -import -alias test_api -file C:\Users\darth0s\Downloads\certu.cer
Note the double ..\ as cacert file is in the different location than keystore application.
After hitting enter, you might be asked for password. If just pressing enter doesn’t work, then default Java keystore password is changeit. Yes, it’s the phrase changeit. Don’t ask..
If certificate file was found in the files system, you will be asked to trust this certificate and you obviously need to type yes and hit Enter
Now when you run
keytool -v -list -keystore ..\lib\security\cacerts -alias test_api
you should get positive response from the keytool showing that it was added. Right now, you should go ahead restart Talend and tRESTClient should function properly.