Closed yvesonline closed 1 year ago
Hi! It does indeed look like your SSL/certificates setup is not working, and not like an issue with the client itself. What are the nl.altindag.ssl.util.
packages? I don't think they're in this project, which indicates to me that you're using some other method than the one described in the README.
That is totally fine, but I recommend re-reading the prerequisites here: https://github.com/alex-therapeutics/diga-api-client#prerequisites and to try to generate the certificates file with the secon-keystore-generator
first even if you want to use your own solution in the long run. If the generator works, you know what to shoot for with your own implementation/keystore builders and you can also check out the source code for how the keystore is built in that project to have an idea of how to build your own.
Getting the certificates to work is definately the most difficult and annoying part of getting this to work, but once you do it's usually smooth sailing so don't give up! And thanks for trying out this project :)
Thanks @fongie !
This is odd, I did use the secon-keystore-generator
exactly the way as described here. Is there any way to check that the public certificates were added correctly?
For the mappings, I reckon the changes described here are not necessary anymore with the v3 issue? I'm using the 1.2.5-v3-xml
tag.
Re the nl.altindag.ssl.util
packages, I have no clue, I was expecting those to be from this package 😅 I'll need to investigate.
UPDATE: @fongie , I see that nl.altindag.ssl
is from sslcontext-kickstart which is mentioned as a dependency in pom.xml, is this not expected?
UPDATE 2: Just inspected the keystore and that looks ok too:
$ keytool -list -v -keystore keystore.p12 Enter keystore password:
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 62 entries
Alias name: ik100395611
[...]
There are also entries for BITMARCK Service GmbH
which I assume is responsible for [CN=*.bitmarck-daten.de]
.
UPDATE 3: What I realise is that my public key is not in there under the IK...
alias, just under the private
. Should my public key also be in the keystore under an alias IK<my IK number>
?
Hi! Sorry for the altindag
package thing, I thought I checked my dependencies and couldnt find that, but it makes sense that it's from the ssl dependency.
It's true that you don't need to make the xml schema changes, I just tried with the latest mapping file and it works for me out of the box.
As for the certificates, I just inspected mine. We do not have our public key in there, but I'm suspicious of this log message of yours No system KeyStores available for [linux]
. What is your "alias" for your private key in your keystore? Mine is
Aliasnamn: private
Skapat den: 19 jan. 2022
(for some reason keytool localizes the text, but it says "Alias name")
If your alias is linux
then that might make sense as the diga client expects it to be called private
. The alias name should be named "private" automatically if you used the command suggested in the keystore generator readme, but could you double check?
Edit: Actually, nevermind, we shouldnt be using the system keystore anyway.
Looking into it some more @yvesonline , I think a good place to start is to check how the ssl context is loaded for you.
If you put a debug breakpoint on DigaOkHttpClient#133 (client = ...
) and run your code, you can inspect the sslFactory
variable.
sslFactory->sslMaterial->keyManager
should have:
credentialsMap
size 1, with key private
and value should contain (atleast for me) 3 certificates: your own, ITSG, and "Datenaustausch im Gesundheits- und Sozialwesen"trustManager->trustManagers
should contain atleast one trust manager which has trustedCerts
set with the 60-65 public insurance certificates in itHow does that look for you?
Thanks @fongie .
This all looks OK to me, see the following screenshot:
credentialsMap
has 3 certificates, including my own, ITSG and "Datenaustausch im Gesundheits- und Sozialwesen"trustManager->trustManagers
has 62 certificatesI replayed the keystore creation and saw that some certificates were skipped, maybe that's an issue?
I do the following:
$ java -jar secon-keystore-generator-0.1.1.jar -k annahme-rsa4096.key -s keystore2.p12 -p 123456789.prv.key.pem -c 12345678.p7c --debug
Enter password for key store:
No IK in certificate subject: O=Datenaustausch im Gesundheits- und Sozialwesen,C=DE
No IK in certificate subject: O=ITSG TrustCenter fuer sonstige Leistungserbringer,C=DE
No IK in certificate subject: O=ITSG TrustCenter fuer sonstige Leistungserbringer,C=DE
No IK in certificate subject: O=Datenaustausch im Gesundheits- und Sozialwesen,C=DE
No IK in certificate subject: O=ITSG TrustCenter fuer sonstige Leistungserbringer,C=DE
Warning: Unable to load 5 certificate(s).
Add certificate for IK108310400 to key store
[...]
That log is coming from here, is this expected?
I think it all looks correct. When did you receive your private certificate? Sometimes in the past it has taken ITSG and the insurances a while to update their keystores, as discussed in this issue #64
If you received it recently, I would wait a bit and try again in a week or so. If not, then I'm afraid I'm short on ideas right now on what it could be :/
Oh then I better hold my horses, we've received the certificate just last Wednesday!
I'll close the issue for now and hopefully when I test again next week it'll be solved.
Thanks for all the help!
Hi @fongie ! It's been more than two weeks since our certificates have been issued and unfortunately we're still seeing this error. Any idea how we can further debug this?
@fongie I've tried this on the command line but I'm hitting the same issue here, always getting an unknown ca
error.
Just to sense check, is the following correct?
My XML file looks like this:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Pruefung_Freischaltcode xmlns="http://www.gkv-datenaustausch.de/XML-Schema/EDFC0_Pruefung/3.0" version="003.000.000" gueltigab="2022-08-25" verfahrenskennung="TDFC0" nachrichtentyp="ANF" absender="580200104" empfaenger="108035576">
<Anfrage>
<IK_DiGA_Hersteller>580200104</IK_DiGA_Hersteller>
<IK_Krankenkasse>108035576</IK_Krankenkasse>
<DiGAID>12345</DiGAID>
<Freischaltcode>77AAAAAAAAAAAAAX</Freischaltcode>
</Anfrage>
</Pruefung_Freischaltcode>
And then I send this using HTTPie like this:
cat temp.xml | http --ssl=tls1.2 --cert=pub.certs.pem --cert-key=prv.key.pem --verbose POST https://diga.bitmarck-daten.de
Where:
pub.certs.pem
is my public certificate from ITSGprv.key.pem
is my private keyThis comes back with: http: error: SSLError: HTTPSConnectionPool(host='diga.bitmarck-daten.de', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:1129)'))) while doing a POST request to URL: https://diga.bitmarck-daten.de/
Or do I need to provide the CA certs somehow? If yes, in which format? Anything else I'm missing? Trying to isolate the problem at the moment.
Hi @yvesonline ! I tried httpie with my keys:
http --cert=cert.pem --ssl=tls1.2 --cert-key=MY_IK.prv.key.pem -f POST https://diga.bitmarck-daten.de/diga
This returns "Bad request" because it also needs form data and the encrypted XML request, but it passes the ssl handshake which is what you want.
where:
cert.pem
is the file you get if you run openssl pkcs7 -in test.p7c -inform der -print_certs -out cert.pem
on the p7c you recieved from ITSG
MY_IK.prv.key.pem
is your private key
If this still fails for you, then there's something wrong with your certificate or key. If it passes with Bad Request, then you should try the secon-keystore-generator and the library again :)
Thanks @fongie !
It turns out that the ITSG changed the root CA from where they issue certificates in late 2021.
The URL for the new root CA is diga2.bitmarck-daten.de
.
I've changed my mappings.xml
like this: sed -i 's/diga\.bitmarck-daten\.de/diga2\.bitmarck-daten\.de/' mappings.xml
and now it is working 🎉
A final question, Bitmarck mentioned the URL https://diga2.bitmarck-daten.de/diga but I understand that the /diga
will be appended by the library, correct?
Ah I see, great! Yes, the client adds the endpoint (/diga) and the protocol (https)
Problem
I'm trying to use
sendTestCodeValidationRequest
but it results in aERROR com.alextherapeutics.diga.implementation.DigaOkHttpClient - Http request failed
withjavax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
.I'm initialising the client as described but when I try to send a test code validation request like this:
I've got the latest
mappings.xml
from https://kkv.gkv-diga.de/ and my key store includes the latestannahme-rsa4096.key
but theunknown_ca
somehow suggests something is wrong with my SSL setup.I'm a bit lost and out of pointers how to continue debugging, it's probably something very simple.
Any ideas?
I receive the following error, and status code and response in
System.out.println
are empty:Full log
```bash 18:27:34.193 [main] WARN nl.altindag.ssl.util.KeyStoreUtils - No system KeyStores available for [linux] 18:27:35.012 [main] DEBUG nl.altindag.ssl.trustmanager.CompositeX509ExtendedTrustManager - Received the following server certificate: [CN=*.bitmarck-daten.de] 18:27:35.152 [main] ERROR com.alextherapeutics.diga.implementation.DigaOkHttpClient - Http request failed javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:358) at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293) at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:204) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1505) at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1420) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426) at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:379) at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337) at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209) at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226) at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106) at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74) at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255) at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201) at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154) at com.alextherapeutics.diga.implementation.DigaOkHttpClient.post(DigaOkHttpClient.java:69) at com.alextherapeutics.diga.DigaApiClient.performCodeValidation(DigaApiClient.java:225) at com.alextherapeutics.diga.DigaApiClient.sendTestCodeValidationRequest(DigaApiClient.java:152) at io.unahealth.digaapi.DigaapiApplication.main(DigaapiApplication.java:77) 18:27:35.154 [main] ERROR com.alextherapeutics.diga.DigaApiClient - Failed to validate DiGA code 77AAAAAAAAAAAAAX com.alextherapeutics.diga.DigaHttpClientException: Diga Http Client error at com.alextherapeutics.diga.implementation.DigaOkHttpClient.post(DigaOkHttpClient.java:79) at com.alextherapeutics.diga.DigaApiClient.performCodeValidation(DigaApiClient.java:225) at com.alextherapeutics.diga.DigaApiClient.sendTestCodeValidationRequest(DigaApiClient.java:152) at io.unahealth.digaapi.DigaapiApplication.main(DigaapiApplication.java:77) Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:358) at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293) at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:204) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1505) at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1420) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426) at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:379) at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337) at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209) at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226) at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106) at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74) at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255) at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201) at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154) at com.alextherapeutics.diga.implementation.DigaOkHttpClient.post(DigaOkHttpClient.java:69) ... 3 common frames omitted 0 DigaCodeValidationResponse(validatedDigaCode=null, validatedDigaveid=null, dayOfServiceProvision=null) 18:27:35.463 [restartedMain] WARN nl.altindag.ssl.util.KeyStoreUtils - No system KeyStores available for [linux] 18:27:35.745 [restartedMain] DEBUG nl.altindag.ssl.trustmanager.CompositeX509ExtendedTrustManager - Received the following server certificate: [CN=*.bitmarck-daten.de] 18:27:35.865 [restartedMain] ERROR com.alextherapeutics.diga.implementation.DigaOkHttpClient - Http request failed java.net.SocketException: Broken pipe at java.base/sun.nio.ch.NioSocketImpl.implWrite(NioSocketImpl.java:420) at java.base/sun.nio.ch.NioSocketImpl.write(NioSocketImpl.java:440) at java.base/sun.nio.ch.NioSocketImpl$2.write(NioSocketImpl.java:826) at java.base/java.net.Socket$SocketOutputStream.write(Socket.java:1035) at java.base/sun.security.ssl.SSLSocketOutputRecord.flush(SSLSocketOutputRecord.java:271) at java.base/sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:89) at java.base/sun.security.ssl.CertificateVerify$T12CertificateVerifyProducer.produce(CertificateVerify.java:773) at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:440) at java.base/sun.security.ssl.ServerHelloDone$ServerHelloDoneConsumer.consume(ServerHelloDone.java:182) at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458) at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1505) at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1420) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426) at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:379) at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337) at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209) at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226) at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106) at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74) at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255) at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201) at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154) at com.alextherapeutics.diga.implementation.DigaOkHttpClient.post(DigaOkHttpClient.java:69) at com.alextherapeutics.diga.DigaApiClient.performCodeValidation(DigaApiClient.java:225) at com.alextherapeutics.diga.DigaApiClient.sendTestCodeValidationRequest(DigaApiClient.java:152) at io.unahealth.digaapi.DigaapiApplication.main(DigaapiApplication.java:77) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.springframework.boot.devtools.restart.RestartLauncher.run(RestartLauncher.java:49) 18:27:35.866 [restartedMain] ERROR com.alextherapeutics.diga.DigaApiClient - Failed to validate DiGA code 77AAAAAAAAAAAAAX com.alextherapeutics.diga.DigaHttpClientException: Diga Http Client error at com.alextherapeutics.diga.implementation.DigaOkHttpClient.post(DigaOkHttpClient.java:79) at com.alextherapeutics.diga.DigaApiClient.performCodeValidation(DigaApiClient.java:225) at com.alextherapeutics.diga.DigaApiClient.sendTestCodeValidationRequest(DigaApiClient.java:152) at io.unahealth.digaapi.DigaapiApplication.main(DigaapiApplication.java:77) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.springframework.boot.devtools.restart.RestartLauncher.run(RestartLauncher.java:49) Caused by: java.net.SocketException: Broken pipe at java.base/sun.nio.ch.NioSocketImpl.implWrite(NioSocketImpl.java:420) at java.base/sun.nio.ch.NioSocketImpl.write(NioSocketImpl.java:440) at java.base/sun.nio.ch.NioSocketImpl$2.write(NioSocketImpl.java:826) at java.base/java.net.Socket$SocketOutputStream.write(Socket.java:1035) at java.base/sun.security.ssl.SSLSocketOutputRecord.flush(SSLSocketOutputRecord.java:271) at java.base/sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:89) at java.base/sun.security.ssl.CertificateVerify$T12CertificateVerifyProducer.produce(CertificateVerify.java:773) at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:440) at java.base/sun.security.ssl.ServerHelloDone$ServerHelloDoneConsumer.consume(ServerHelloDone.java:182) at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458) at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1505) at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1420) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426) at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:379) at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337) at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209) at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226) at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106) at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74) at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255) at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201) at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154) at com.alextherapeutics.diga.implementation.DigaOkHttpClient.post(DigaOkHttpClient.java:69) ... 8 common frames omitted 0 DigaCodeValidationResponse(validatedDigaCode=null, validatedDigaveid=null, dayOfServiceProvision=null) ```