Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error when making DCR with Mock Bank #52

Open
diogoaltoe opened this issue Jul 21, 2022 · 6 comments
Open

Error when making DCR with Mock Bank #52

diogoaltoe opened this issue Jul 21, 2022 · 6 comments

Comments

@diogoaltoe
Copy link

diogoaltoe commented Jul 21, 2022
edited
Loading

I'm trying to do the DCR with Mock Bank but seems the registration_endpoint URL inside mtls_endpoint_aliases in the participants list (https://data.sandbox.directory.openbankingbrasil.org.br/participants) is not correct. The certificate is invalid and URL seems that is invalid too.

Screen Shot 2022-07-21 at 12 35 56

Could someone help me with that?

Thanks!
@diogoaltoe diogoaltoe changed the title DCR Issue Error when making DCR with Mock Bank Jul 21, 2022
@bernardovcampos
Copy link
Contributor

Hi Diogo, did you test this again? Seems it was a one-time issue with the mock bank

@diogoaltoe
Copy link
Author

Hi @bernardovcampos !

I just tried again and faced the same error.

Seems that the URL provided in SBX has an invalid certificate.

Screen Shot 2022-08-03 at 11 56 00

@bernardovcampos
Copy link
Contributor

bernardovcampos commented Aug 3, 2022
edited
Loading

I just tested using the mock tpp to do a DCR against the mock bank and it worked:
image

Can you tell me what steps you're doing?

@diogoaltoe
Copy link
Author

diogoaltoe commented Aug 3, 2022
edited
Loading

I'm trying to do the DCR but it failed because the certificate is not valid.

This is the log (I removed sensitive data) from our TPP:

{"timestamp":"2022-08-03T16:37:48.663Z","level":"SEVERE",...,"message":"Request (timeout=PT30S):\nPOST https://matls-auth.mockbank.poc.raidiam.io/reg\naccept: application/json\ncontent-type: application/json\n\n{\n "software_statement": "eyJraWQiOiJz...CvH3zTDCu7OiQ",\n "jwks_uri": "https://keystore.sandbox.directory.openbankingbrasil.org.br/XXXXXXXXXXX/XXXXXXXXXXX/application.jwks\",\n "redirect_uris": [ "https://xxxx.net/xxxx/code-callback" ],\n "token_endpoint_auth_method": "private_key_jwt",\n "grant_types": [ "authorization_code", "implicit", "refresh_token", "client_credentials" ],\n "response_types": [ "code id_token" ]\n}","exception":"javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target\njava.util.concurrent.CompletionException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target\n\tat java.base/java.util.concurrent.CompletableFuture.encodeRelay(CompletableFuture.java:368)\n\tat java.base/java.util.concurrent.CompletableFuture.completeRelay(CompletableFuture.java:377)\n\tat
...

By the way, I'm not using mock TPP project... I'm using our solution to test as TPP.

As it works for you, a doubt comes to my mind... Are mock TPP accepting invalid certificate on DCR flow?

@bernardovcampos
Copy link
Contributor

Hi Diogo,

There’s no clear evidence that the Mock Bank registration endpoint - https://matls-auth.mockbank.poc.raidiam.io/reg is invalid. Additionally the server is using a valid directory sandbox issued certificate so it’s unclear here how it can be consider invalid. The capture you are sending shows the error ERR_BAD_SSL_CLIENT_AUTH_CERT which meaning it’s refusing to connect with your application because something is wrong with your DCR. Please provide more details on the DCR request you have done against the application so we can be able to help you.

Also, can you please open this ticket in the GitLab? Mock Bank/TPP related issues are there so we can bring visibility to the ecosystem. https://gitlab.com/obb1/certification/-/issues

Thanks

@diogoaltoe
Copy link
Author

Hi @bernardovcampos I added the certificate CA in my application and DCR works.

Now, I'm facing an issue, when I tried to create a AISP consent with Mock Back.
I'm using the CPF as suggested in this wiki: https://gitlab.com/obb1/certification/-/wikis/Phase-2-Customer-Data

{"message":"Request (timeout=PT1M):\nPOST https://matls-auth.mockbank.poc.raidiam.io/token\naccept: application/json;charset=utf-8\ncontent-type: application/x-www-form-urlencoded\n\ngrant_type=client_credentials&scope=accounts&client_assertion=eyJraWQ...G0l4D5IKwg&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer\n\nResponse:\nHTTP 200\ncache-control: no-cache, no-store\ncontent-length: 120\ncontent-type: application/json; charset=utf-8\ndate: Mon, 22 Aug 2022 18:59:46 GMT\npragma: no-cache\nserver: Server\nstrict-transport-security: max-age=15552000; includeSubDomains\nvary: Origin\nx-amz-apigw-id: XR3FbH2YrPEFzQQ=\nx-amzn-remapped-connection: close\nx-amzn-remapped-content-length: 120\nx-amzn-remapped-date: Mon, 22 Aug 2022 18:59:46 GMT\nx-amzn-requestid: c2d7915c-200e-4789-93d4-1241f1345b0d\nx-amzn-trace-id: Root=1-6303d222-a87022e16498ecbcbe9e1f27;Sampled=1\nx-content-type-options: nosniff\nx-dns-prefetch-control: off\nx-download-options: noopen\nx-frame-options: SAMEORIGIN\nx-xss-protection: 1; mode=block\n\n{"access_token":"1A_d...MId","expires_in":900,"token_type":"Bearer","scope":"accounts"}"}

{"message":"Request (timeout=PT1M):\nPOST https://matls-api.mockbank.poc.raidiam.io/open-banking/consents/v1/consents\nAuthorization: Bearer 1A_d...MId\naccept: application/json\ncontent-type: application/json\nx-fapi-auth-date: Mon, 22 Aug 2022 18:59:46 GMT\nx-fapi-financial-id: 8af29675-169c-4258-be11-dc09b29fbc49\nx-idempotency-key: obi780076768259767184\n\n{"data":{"expirationDateTime":"2022-09-22T18:59:46Z","loggedUser":{"document":{"identification":"76109277673","rel":"CPF"}},"permissions":["RESOURCES_READ","ACCOUNTS_BALANCES_READ","ACCOUNTS_READ","ACCOUNTS_TRANSACTIONS_READ"],"transactionFromDateTime":"2021-08-22T18:59:46Z","transactionToDateTime":"2023-08-22T18:59:46Z"}}\n\nResponse:\nHTTP 403\ncontent-length: 150\ncontent-type: application/json\ndate: Mon, 22 Aug 2022 18:59:48 GMT\nserver: Server\nx-amz-apigw-id: XR3FqEJXrPEFYyQ=\nx-amzn-remapped-date: Mon, 22 Aug 2022 18:59:48 GMT\nx-amzn-requestid: 36b9d87e-668f-4bab-b46c-fba8e3f8c14f\nx-amzn-trace-id: Root=1-6303d224-28bae6b75e3475d07a3fafd3;Sampled=0\nx-fapi-interaction-id: 945aa2de-5abb-4837-8432-aa3f86a44aae\n\n{"errors":[{"code":"403","title":"FORBIDDEN","detail":"FORBIDDEN"}],"meta":{"totalRecords":1,"totalPages":1,"requestDateTime":"2022-08-22T18:59:48Z"}}"}

{"message":"Invalid POST https://matls-api.mockbank.poc.raidiam.io/open-banking/consents/v1/consents response: HTTP 403 (expected=201, response_payload={"errors":[{"code":"403","title":"FORBIDDEN","detail":"FORBIDDEN"}],"meta":{"totalRecords":1,"totalPages":1,"requestDateTime":"2022-08-22T18:59:48Z"}})"}

But I created the issue in GitLab as you told me to do: https://gitlab.com/obb1/certification/-/issues/347

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@diogoaltoe @bernardovcampos