search

Travelport-Ukraine / uapi-json

Best Travelport Universal API wrapper ever :airplane: :mountain_railway: :hotel:
https://travelport-ukraine.github.io/uapi-json/
MIT License
74 stars 61 forks source link

Getting SSL TLS1.2 error #637

Open frhnfrq opened 1 year ago

frhnfrq commented 1 year ago

Hi, I am getting the following error whenever trying to make a request,

Unexpected Error: {
  message: "write EPROTO 80C5D60501000000:error:0A000172:SSL routines:tls12_check_peer_sigalg:wrong signature type:../deps/openssl/openssl/ssl/t1_lib.c:1573:",
  name: "Error",
  stack: "Error: write EPROTO 80C5D60501000000:error:0A000172:SSL routines:tls12_check_peer_sigalg:wrong signature type:../deps/openssl/openssl/ssl/t1_lib.c:1573:\n
    at __node_internal_captureLargerStackTrace (node:internal/errors:496:5)\n
    at __node_internal_errnoException (node:internal/errors:623:12)\n
    at WriteWrap.onWriteComplete [as oncomplete] (node:internal/stream_base_commons:94:16)\n
    at WriteWrap.callbackTrampoline (node:internal/async_hooks:130:17)"
  config: {
    transitional: {
      silentJSONParsing: true,
      forcedJSONParsing: true,
      clarifyTimeoutError: false
    },
    transformRequest: [ null ],
    transformResponse: [ null ],
    timeout: 20000,
    xsrfCookieName: "XSRF-TOKEN",
    xsrfHeaderName: "X-XSRF-TOKEN",
    maxContentLength: -1,
    maxBodyLength: -1,
    env: {},
    headers: {
      Accept: "application/json, text/plain, */*",
      Content-Type: "text/xml",
      Accept-Encoding: "gzip",
      User-Agent: "axios/0.27.2",
      Content-Length: 1754
    },
    url: "https://apac.universal-api.travelport.com/B2BGateway/connect/uAPI/AirService",
    method: "post",
    auth: {
      username: "_______",
      password: "_______"
    },
    data: "..."
  },
  code: "EPROTO",
  status: null
}

I'm assuming it's because Travelport only supports TLS1.2 and the client is trying to make the request using a different version. Please let me know how I can fix this.

frhnfrq commented 1 year ago

I have tried monkey patching, by setting a custom httpsAgent with TLS v1.2 to the Axios instance in uapi-request but it didn't work.

kommandant-topp commented 1 year ago

Hello @frhnfrq, Could you provide me with the next information?

Thank you, and have a nice day!

frhnfrq commented 1 year ago

Hi @kommandant-topp,

uapi-json: 1.16.0 nodejs version: 18.17.1 & 20.5.1

Here's the full request dump, request log.txt

kommandant-topp commented 1 year ago

Hello @frhnfrq, Looks like this is the problem with the disabled TLS 1.3 version on the apac region subdomain: https://www.ssllabs.com/ssltest/analyze.html?d=apac.universal-api.travelport.com (emec region is ok). You can try to use Node 16 or lower as a quick solution. You can also create a support ticket for Travelport to ask about this issue.

We'll discuss with our team the possible solution, but I'm not sure that we'll be able de deploy it fast.

Thank you, and have a nice day!

frhnfrq commented 1 year ago

Hi @kommandant-topp, Thanks. Switching to 16.14.2 solved the TLS error, however I am getting error of invalid credentials, even though my credentials are correct. It works on the demo portal of travelport.

Here's the log

Input params  {
  "legs": [
    {
      "from": "DEL",
      "to": "BOM",
      "departureDate": "2023-08-28"
    }
  ],
  "passengers": {
    "ADT": 1
  },
  "cabins": [
    "Economy"
  ],
  "requestId": "4e2fd1f8-2221-4b6c-bb6e-cf05c367cf60",
  "maxJourneyTime": 300,
  "pricing": {
    "currency": "USD"
  }
}
Request URL:  https://apac.universal-api.travelport.com/B2BGateway/connect/uAPI/AirService
Request XML:
<!--Release 33-->
<!--Version Dated as of 14/Aug/2015 18:47:44-->
<!--Air Low Fare Search For Galileo(1G) Request-->
<soap:Envelope
  xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <air:LowFareSearchReq
            AuthorizedBy="user" TraceId="4e2fd1f8-2221-4b6c-bb6e-cf05c367cf60" TargetBranch="P7205768"
            ReturnUpsellFare="true"

      xmlns:air="http://www.travelport.com/schema/air_v52_0"

      xmlns:com="http://www.travelport.com/schema/common_v52_0"
            >
      <com:BillingPointOfSaleInfo OriginApplication="uAPI"/>
      <air:SearchAirLeg>
        <air:SearchOrigin>
          <com:CityOrAirport Code="DEL" PreferCity="true"/>
        </air:SearchOrigin>
        <air:SearchDestination>
          <com:CityOrAirport Code="BOM" PreferCity="true"/>
        </air:SearchDestination>
        <air:SearchDepTime PreferredTime="2023-08-28"/>
        <air:AirLegModifiers>
          <air:PreferredCabins>
            <com:CabinClass Type="Economy"/>
          </air:PreferredCabins>
        </air:AirLegModifiers>
      </air:SearchAirLeg>
      <air:AirSearchModifiers
                    MaxJourneyTime="300"
            >
        <air:PreferredProviders>
          <com:Provider Code="1G"
            xmlns:com="http://www.travelport.com/schema/common_v52_0"/>
          </air:PreferredProviders>
        </air:AirSearchModifiers>
        <com:SearchPassenger Code="ADT"
          xmlns:com="http://www.travelport.com/schema/common_v52_0"/>
          <air:AirPricingModifiers
                CurrencyType="USD"

            />
        </air:LowFareSearchReq>
      </soap:Body>
    </soap:Envelope>

Error Response SOAP:  {
  "status": 401,
  "data": "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><SOAP-ENV:Fault><SOAP-ENV:faultcode>76</SOAP-ENV:faultcode><SOAP-ENV:faultstring>Authentication Result Error Message Response  (76): Authentication credentials are invalid.</SOAP-ENV:faultstring><SOAP-ENV:faultactor>            </SOAP-ENV:faultactor><SOAP-ENV:detail>Authentication Result Error Message Response  (76): Authentication credentials are invalid.</SOAP-ENV:detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>"
}

/Users/farhan/NodeProjects/uapi-json-test/node_modules/uapi-json/src/Request/uapi-request.js:131
          return Promise.reject(new RequestSoapError.SoapRequestError(error));
                                ^
SoapRequestError [RequestSoapError.SoapRequestError]: Error during request to SOAP API. Check url validity
    at /Users/farhan/NodeProjects/uapi-json-test/node_modules/uapi-json/src/Request/uapi-request.js:131:33
    at processTicksAndRejections (node:internal/process/task_queues:96:5) {
  source: 'uapi-json',
  data: {
    status: 401,
    data: '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Body><SOAP-ENV:Fault><SOAP-ENV:faultcode>76</SOAP-ENV:faultcode><SOAP-ENV:faultstring>Authentication Result Error Message Response  (76): Authentication credentials are invalid.</SOAP-ENV:faultstring><SOAP-ENV:faultactor>            </SOAP-ENV:faultactor><SOAP-ENV:detail>Authentication Result Error Message Response  (76): Authentication credentials are invalid.</SOAP-ENV:detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>'
  },
  statusCode: undefined
}

Moreover, please do have a discussion with your team regarding the TLS issue for newer version of node.

Thank you very much, you have a nice day too!

frhnfrq commented 1 year ago

My bad, I missed the fact that production flag is set to true by default

misoag commented 1 year ago

Hello developer, when can this issue be resolved and merged into the main branch. Thanks!

kommandant-topp commented 1 year ago

Hello @misoag, Not sure about the terms of this update to be done.

Meanwhile, do you consider contributing to this fix? Check our contribution instruction.

Thank you, and have a nice day

kim00425 commented 9 months ago

@kommandant-topp i have same problem this issue. i use nodejs 20.10.0 and npm version 10. then should i downgrade my nodejs version?

kommandant-topp commented 9 months ago

Hello @kim00425, you can try to downgrade your nodejs version for the local solution or contribute a global fix. Check our contribution instruction.

Thank you, and have a nice day

kim00425 commented 9 months ago

@kommandant-topp i understand that support for nodejs version 16 is now ending. can this be resolved by contacting Travelport?

kim00425 commented 8 months ago

@kommandant-topp It is said that Travelport recently renewed its SSL certificate. please confirm.

kommandant-topp commented 8 months ago

Hello @kim00425, As I can see from here: https://www.ssllabs.com/ssltest/analyze.html?d=apac.universal-api.travelport.com, TLS1.3 is still disabled for the apac region subdomain. I'll try to test it again a bit later.

Thank you, and have a nice day!

kim00425 commented 8 months ago

@kommandant-topp If you run it now, it will work. when i run on version 20.10.0, the request was made normally. APAC UAPI endpoint has been updated with the newest ciphers

@frhnfrq try to node 18

kommandant-topp commented 8 months ago

Hello @kim00425,

Thank you a lot for the update!