search

MONEI / MONEI-Salesforce-Commerce-Cloud

Salesforce Commerce Cloud module for MONEI
https://docs.monei.com/docs/e-commerce/salesforce/
MIT License
0 stars 0 forks source link

Service int_monei.http.rest returns error #1

Closed federicogiampietro closed 1 year ago

federicogiampietro commented 1 year ago

Hello,

the service int_monei.http.rest upon first call always returns the following message SSLHandshakeException:com.demandware.beehive.core.internal.ssl.WrappedCertificateException: sun.security.validator.ValidatorException: PKIX path validation failed java.security.cert.CertPathValidatorException: validity check failed

this happens both on sandbox and development environment, the latter with a valid SSL certificate. Seems like the API endpoint is protected not only by the authorization header but with a certificate check as well.

A mocked up API call with Postman works ok only if the option to check the SSL certificate validity is turned off

jimmyn commented 1 year ago

Please provide the API call with Postman so we can investigate the issue

federicogiampietro commented 1 year ago

I'll provide partially obscured screenshots since the call contains sensitive info

Schermata 2023-05-16 alle 10 29 20 Schermata 2023-05-16 alle 10 30 14

jimmyn commented 1 year ago

The endpoint should be https://api.monei.com/v1

federicogiampietro commented 1 year ago

What???

the service credentials i've got it configured for being "https://api.monei.com/v1" but the code adds the endpoint to the service url. Obviously it has to be this way because MONEI has a list of available endpoints (https://docs.monei.com/api/) all starts with "https://api.monei.com/v1/" but when making an API call the correct endpoint has to be selected for the call itself.

The url i've used in postman and shared here is the exact url the code is calling when trying to open the MONEI popup (creating the payment in MONEI)

anyway, even by following your suggestion and calling a non-existing MONEI endpoint, i get the same response

can you send me an example of a call that you can make through postman?

Schermata 2023-05-16 alle 11 13 36

jimmyn commented 1 year ago

You can find the postman collection here - https://postman.monei.com/

image 
curl --location 'https://api.monei.com/v1/payments' \
--header 'Authorization: <API_KEY>' \
--header 'Content-Type: application/json' \
--data '{
    "amount": 110,
    "currency": "EUR",
    "orderId": "12345678",
    "callbackUrl": "https://example.com/checkout/callback",
    "completeUrl": "https://example.com/checkout/complete"
}'

But https://api.monei.net/v1/payments works the same.

In your screenshots, I see that you are using insecure http:// endpoint. http requests are not supported. You should use https://api.monei.com/v1

federicogiampietro commented 1 year ago

the endpoint was already with https within Commerce Cloud but indeed with http on my postman example

still, same issue

by the way, by disabling SSL check on Postman, also the http:// endpoint responds with a 200.

in the screenshot you're sharing SSL check is disabled or enabled within postman? Settings -> Enable SSL certificate verification

Did you ever tried making the cartridge work on a CC environment? because the error we are getting

SSLHandshakeException:com.demandware.beehive.core.internal.ssl.WrappedCertificateException: sun.security.validator.ValidatorException: PKIX path validation failed java.security.cert.CertPathValidatorException: validity check failed

seems to clearly state that the api connection is requiring a SSL handshake which is not happening

Schermata 2023-05-16 alle 12 26 06

federicogiampietro commented 1 year ago

follows screenshot of call debugging in CC

Schermata 2023-05-16 alle 12 42 47 Schermata 2023-05-16 alle 12 42 55

federicogiampietro commented 1 year ago

Tried the GET payment endpoint, same result.

Be advised that no other API endpoints to other domains return this error, both on CCloud and Postman

federicogiampietro commented 1 year ago

didn't noticed the endpoint was .NET instead of .COM . it works with the .com endpoint

please update the XML meta definition of the service versioned with the cartridge because it points to the .net domain

Schermata 2023-05-16 alle 12 55 02

jimmyn commented 1 year ago

This is weird, I get the same error in postman if I enable the certificate validation, but the certificate is valid and not expired

 ~ openssl s_client -servername api.monei.com -connect api.monei.com:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Feb 28 00:00:00 2023 GMT
notAfter=Jan 23 23:59:59 2024 GMT
federicogiampietro commented 1 year ago

with the validation enabled, the api.monei.com domain is not returning the error at all for me i only got the issue (both on postman and CCloud) by using the api.monei.net domain which indeed is the wrong domain but it's the one that the versioned xmls in the cartridge contains

i think we can close the issue if you could update the xmls, so it would avoid the issue to happen again to others :)

federicogiampietro commented 1 year ago

there was an open issue for postman regarding ssl certificates generated by let's encrypt that was regarding the error you're mentioning (certificate valid but not recognized) that was fixed at some point https://github.com/postmanlabs/postman-app-support/issues/10338

maybe you could try update the postman app if that's the one you're using

anyway as stated in the previous message my issue was related the .net domain usage instead of the .com

jimmyn commented 1 year ago

Fixed, thank you for pointing that out.