Closed RexTremendae closed 1 month ago
I have the same issue but using Flutter to connect to my .Net 8 API that has the ActiveLogin NuGet installed.
I wonder if it can have anything to do with this merge . What do you think @elinohlsson or @elinohlsson that worked on that? :)
PS. I am not casting any blame just curious as this is halting our test environment.
If you get this error in the test environment, it is most likely caused by the fact that the test certificate used to connect to BankIDs test API has expired. The certificate is embedded in Active Login. To solve this problem, you can either upgrade to 10.0.0 RC 1 of Active Login where the certificate is replaced with the new one (a non-prerelease will be coming soon). Or you can disable using the embedded certificate and provide the certificate yourself. Read more about how this is done here Active Login - Test environment . The certificate for the test environment can be downloaded from BankID. The root certificate for the test environment is still valid. You only need to replace the client certificate.
Even if I specify .UseTestEnvironment(useBankIdClientCertificate: false)
, I still get an error at startup:
Exception Info: System.TypeInitializationException: The type initializer for 'ActiveLogin.Authentication.BankId.Core.BankIdCertificates' threw an exception.
---> System.Security.Cryptography.CryptographicException: The specified network password is not correct.
at System.Security.Cryptography.X509Certificates.CertificatePal.FilterPFXStore(ReadOnlySpan`1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags)
at System.Security.Cryptography.X509Certificates.CertificatePal.FromBlobOrFile(ReadOnlySpan`1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
at ActiveLogin.Authentication.BankId.Core.BankIdCertificates.GetCertFromResourceStream(String filename, String password)
at ActiveLogin.Authentication.BankId.Core.BankIdCertificates..cctor()
--- End of inner exception stack trace ---
at ActiveLogin.Authentication.BankId.Core.IBankIdBuilderExtensions.UseTestEnvironment(IBankIdBuilder builder, Boolean useBankIdRootCertificate, Boolean useBankIdClientCertificate)
I am not sure exactly why this happens, but I do realize when I investigate the code a bit that this might be a problem:
internal static class BankIdCertificates
{
public static readonly X509Certificate2 BankIdApiRootCertificateProd = GetCertFromResourceStream("BankIdApiRootCertificate-Prod.crt");
public static readonly X509Certificate2 BankIdApiRootCertificateTest = GetCertFromResourceStream("BankIdApiRootCertificate-Test.crt");
public static readonly X509Certificate2 BankIdApiClientCertificateTest = GetCertFromResourceStream("FPTestcert5_20240610.p12", "qwerty123");
Since the fields are static, they will always be initialized even though I explicitly ask not to use the bundled certificate. The bundled certificate should of course work and I am not sure what is exactly causing this error (it doesn't happen locally, only when running on the server) - it might be some configuration or IIS-related issue. However, if the fields would not be static but only initialized when asked for, it would not be a problem regardless of my server configuration.
@RexTremendae It could be that your environment does not support the encryption of the new certificate FPTestcert5_20240610.p12. The new test certificate from BankID is provided in three different versions (FPTestcert5_20240610.p12, FPTestcert5_20240610.pem and FPTestcert5_20240610-legacy.pfx). FPTestcert5_20240610.p12 is not supported on Windows Server earlier versions than 2022. Try using FPTestcert5_20240610-legacy.pfx instead.
I am currently working on a change where all the three different versions will be embedded in ActiveLogin and making it configurable which version to use. I agree that it is not optimal that the certificate is initialized even if it is not used. I will change that too. However it should not be a problem to initialize the old test certificate even if it is not used.
Fixed in release 10.0.0.
Describe the bug Running the stand-alone MVC sample locally, I get "HttpRequestException: The SSL connection could not be established" without any further useful information. I have a memory that this just worked out of the box before the summer vacations (or maybe I remember wrong - maybe I have missed something critical?). If my memory is correct then it leads me to suspect that something has changed on the BankID side.
What area is it related to SSL connection
To Reproduce Steps to reproduce the behavior:
Expected behavior I expect to come to the BankID login screen
Screenshots
NuGet package version Not using nuget, I cloned the latest repo version today, 2024-08-23
Runtime version Are you using .NET Core / .NET Framework? What version?
Desktop (please complete the following information):