search

bunq / tinker_php

Install Tinker by just running this command: bash <(curl -s https://tinker.bunq.com/php/setup.sh)
MIT License
7 stars 8 forks source link

Correct certificate chain format for `client_service_provider_certificate_chain` #48

Open Noah-Vincenz opened 2 years ago

Noah-Vincenz commented 2 years ago

Steps to reproduce:

  1. running tinker/create-psd2-configuration.php --certificate ~/path/to/certs/signing_cert.pem --chain ~/path/to/certs/signing_cert_chain.pem --key ~/path/to/certs/signing_cert.key from terminal

What should happen:

  1. Create PSD2 Provider

What happens:

  1. Running into Error message: Certificate root is not trusted. Make sure that the last certificate in the chain is the root certificate. in /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Exception/ExceptionFactory.php:52

Traceback

PHP Fatal error: Uncaught bunq\Exception\BadRequestException: HTTP Response Code: 400 The response id to help bunq debug: 6b3487d7-44e8-4a99-8f3c-45441bc7e810 Error message: Certificate root is not trusted. Make sure that the last certificate in the chain is the root certificate. in /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Exception/ExceptionFactory.php:52 Stack trace:

0 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Http/Handler/ResponseHandlerError.php(54): bunq\Exception\ExceptionFactory::createExceptionForResponse(Array, 400, '6b3487d7-44e8-4...')

1 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Http/Handler/HandlerUtil.php(42): bunq\Http\Handler\ResponseHandlerError->execute(Object(GuzzleHttp\Psr7\Response))

2 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/FulfilledPromise.php(39): bunq\Http\Handler\HandlerUtil::bunq\Http\Handler{closure}(Object(GuzzleHttp\Psr7\Response))

3 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/TaskQueue.php(47): GuzzleHttp\Promise\FulfilledPromise::GuzzleHttp\Promise{closure}()

4 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/Promise.php(246): GuzzleHttp\Promise\TaskQueue->run(true)

5 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/Promise.php(223): GuzzleHttp\Promise\Promise->invokeWaitFn()

6 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/Promise.php(267): GuzzleHttp\Promise\Promise->waitIfPending()

7 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/Promise.php(225): GuzzleHttp\Promise\Promise->invokeWaitList()

8 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/Promise.php(62): GuzzleHttp\Promise\Promise->waitIfPending()

9 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/guzzle/src/Client.php(183): GuzzleHttp\Promise\Promise->wait()

10 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Http/ApiClient.php(220): GuzzleHttp\Client->request('POST', Object(GuzzleHttp\Psr7\Uri), Array)

11 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Http/ApiClient.php(492): bunq\Http\ApiClient->request('POST', 'payment-service...', Array, Array, Array)

12 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Model/Core/PaymentServiceProviderCredentialInternal.php(46): bunq\Http\ApiClient->post('payment-service...', Array, Array)

13 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Context/ApiContext.php(221): bunq\Model\Core\PaymentServiceProviderCredentialInternal::createWithApiContext('-----BEGIN CERT...', '-----BEGIN CERT...', 'UvMNfs5vOA2TV9e...', Object(bunq\Context\ApiContext))

14 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Context/ApiContext.php(153): bunq\Context\ApiContext->initializePsd2Credential(Object(bunq\Model\Generated\Object\Certificate), Object(bunq\Security\PrivateKey), Array)

15 /Users/noah-vincenznoah/Desktop/tinker2/tinker/create-psd2-configuration.php(57): bunq\Context\ApiContext::createForPsd2(Object(bunq\Util\BunqEnumApiEnvironmentType), Object(bunq\Model\Generated\Object\Certificate), Object(bunq\Security\PrivateKey), Array, '##### YOUR DEVI...')

16 {main}

thrown in /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Exception/ExceptionFactory.php on line 52

Fatal error: Uncaught bunq\Exception\BadRequestException: HTTP Response Code: 400 The response id to help bunq debug: 6b3487d7-44e8-4a99-8f3c-45441bc7e810 Error message: Certificate root is not trusted. Make sure that the last certificate in the chain is the root certificate. in /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Exception/ExceptionFactory.php:52 Stack trace:

0 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Http/Handler/ResponseHandlerError.php(54): bunq\Exception\ExceptionFactory::createExceptionForResponse(Array, 400, '6b3487d7-44e8-4...')

1 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Http/Handler/HandlerUtil.php(42): bunq\Http\Handler\ResponseHandlerError->execute(Object(GuzzleHttp\Psr7\Response))

2 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/FulfilledPromise.php(39): bunq\Http\Handler\HandlerUtil::bunq\Http\Handler{closure}(Object(GuzzleHttp\Psr7\Response))

3 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/TaskQueue.php(47): GuzzleHttp\Promise\FulfilledPromise::GuzzleHttp\Promise{closure}()

4 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/Promise.php(246): GuzzleHttp\Promise\TaskQueue->run(true)

5 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/Promise.php(223): GuzzleHttp\Promise\Promise->invokeWaitFn()

6 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/Promise.php(267): GuzzleHttp\Promise\Promise->waitIfPending()

7 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/Promise.php(225): GuzzleHttp\Promise\Promise->invokeWaitList()

8 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/Promise.php(62): GuzzleHttp\Promise\Promise->waitIfPending()

9 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/guzzle/src/Client.php(183): GuzzleHttp\Promise\Promise->wait()

10 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Http/ApiClient.php(220): GuzzleHttp\Client->request('POST', Object(GuzzleHttp\Psr7\Uri), Array)

11 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Http/ApiClient.php(492): bunq\Http\ApiClient->request('POST', 'payment-service...', Array, Array, Array)

12 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Model/Core/PaymentServiceProviderCredentialInternal.php(46): bunq\Http\ApiClient->post('payment-service...', Array, Array)

13 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Context/ApiContext.php(221): bunq\Model\Core\PaymentServiceProviderCredentialInternal::createWithApiContext('-----BEGIN CERT...', '-----BEGIN CERT...', 'UvMNfs5vOA2TV9e...', Object(bunq\Context\ApiContext))

14 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Context/ApiContext.php(153): bunq\Context\ApiContext->initializePsd2Credential(Object(bunq\Model\Generated\Object\Certificate), Object(bunq\Security\PrivateKey), Array)

15 /Users/noah-vincenznoah/Desktop/tinker2/tinker/create-psd2-configuration.php(57): bunq\Context\ApiContext::createForPsd2(Object(bunq\Util\BunqEnumApiEnvironmentType), Object(bunq\Model\Generated\Object\Certificate), Object(bunq\Security\PrivateKey), Array, '##### YOUR DEVI...')

16 {main}

thrown in /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Exception/ExceptionFactory.php on line 52

SDK version and environment

Response id

Extra info:

I have verified my certificate and its root certificate. I am unsure about the format for the client_service_provider_certificate_chain parameter value for the request body to the POST /payment-service-credential-provider endpoint for our certificates? Assuming I have the three certificates:

  1. client signing certificate A
  2. intermediate certificate B
  3. root certificate C

What should the client_service_provider_certificate_chain value be (ie the format of the signing_cert_chain.pem file in the Steps to reproduce command)? We have tried many different combinations

  1. BC with new-line characters (\n) and -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- prefix and suffix for both B and C
  2. BC without new-line characters (\n) and -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- prefix and without suffix for both B and C
  3. B,C
  4. [B,C]
  5. CB ... and so on. Any help would be greatly appreciated.
Noah-Vincenz commented 2 years ago

also followed everything in this thread https://together.bunq.com/d/46832 and this Medium blog post