Spring OAuth2RestTemplate and Token Edpoint with self-signed certificate

gistfile1.java

    
    
    class SSLContextRequestFactory extends SimpleClientHttpRequestFactory {

        private final SSLContext sslContext;

        public SSLContextRequestFactory(SSLContext sslContext) {
            this.sslContext = sslContext;
        }

        @Override
        protected void prepareConnection(HttpURLConnection connection, String httpMethod) throws IOException {
            if (connection instanceof HttpsURLConnection) {
                ((HttpsURLConnection) connection).setSSLSocketFactory(sslContext.getSocketFactory());
            }
            super.prepareConnection(connection, httpMethod);
        }
    }

    class Dumb509TrustManager implements X509TrustManager {

        @Override
        public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType)
                throws CertificateException {

        }

        @Override
        public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType)
                throws CertificateException {

        }

        @Override
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

gistfile2.java

@Configuration
@EnableOAuth2Client
public class  OAuthResourceConfiguration {
    
    @Resource
    @Qualifier("accessTokenRequest")
    private AccessTokenRequest accessTokenRequest;
        
    @Bean
    @Scope(value = "session", proxyMode = ScopedProxyMode.INTERFACES)
    public OAuth2RestTemplate someOAuthRestTemplate() {
            
        OAuth2ProtectedResourceDetails resource = ...;
        OAuth2ClientContext context = ...;
            
        OAuth2RestTemplate oauthTemplate = new OAuth2RestTemplate(resource, context);

        disableCertificateChecking(oauthTemplate);

        return oauthTemplate;
    }    
    
    private static void disableCertificateChecks(OAuth2RestTemplate oauthTemplate) throws Exception {

        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(null, new TrustManager[] { new DumbX509TrustManager() }, null);
        ClientHttpRequestFactory requestFactory = new SSLContextRequestFactory(sslContext);

        //This is for OAuth protected resources
        oauthTemplate.setRequestFactory(requestFactory);

        //AuthorizationCodeAccessTokenProvider creates it's own RestTemplate for token operations
        AuthorizationCodeAccessTokenProvider provider = new AuthorizationCodeAccessTokenProvider();
        provider.setRequestFactory(requestFactory);
        oauthTemplate.setAccessTokenProvider(provider);
    }
}

Hey man, I'm trying to use your code but it is still not working.

Here is what I tried:

public class SSLUtil {
    private static final TrustManager[] UNQUESTIONING_TRUST_MANAGER = new TrustManager[]{
        new X509TrustManager() {
            public java.security.cert.X509Certificate[] getAcceptedIssuers(){
                return null;
            }
            public void checkClientTrusted(X509Certificate[] certs, String authType ){}
            public void checkServerTrusted( X509Certificate[] certs, String authType ){}
        }
    };

    public static void turnOffSslChecking(OAuth2RestTemplate oAuth2RestTemplate) throws NoSuchAlgorithmException, KeyManagementException {
        // Install the all-trusting trust manager
        SSLContext sc = SSLContext.getInstance("TLS");
        sc.init( null, UNQUESTIONING_TRUST_MANAGER, null );

        //This is for OAuth protected resources
        SSLContextRequestFactory requestFactory = new SSLContextRequestFactory(sc);
        oAuth2RestTemplate.setRequestFactory(requestFactory);

        //AuthorizationCodeAccessTokenProvider creates it's own RestTemplate for token operations
        AuthorizationCodeAccessTokenProvider provider = new AuthorizationCodeAccessTokenProvider();
        provider.setRequestFactory(requestFactory);
        oAuth2RestTemplate.setAccessTokenProvider(provider);
    }
}

Do you have any sugestions?