I am trying to follow along the sandbox connection using the Java API. This used to work last week, but now I get
the following error:

Exception in thread "main" com.bunq.sdk.exception.UncaughtExceptionError: Uncaught exception "Certificate pinning failure!
Peer certificate chain:
sha256/SUiIQk086/o/n95Z/GMKJYaV7SBbvr/pZC8lNxfvzu0=: CN=sandbox.bunq.com
sha256/JSMzqOOrtyOT1kmau6zKhgT676hGgczD5VMdRMyJZFA=: CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
sha256/++MBgDH5WGvL9Bcn5Be30cRcL0f5O+NyoXuWtQdX1aI=: CN=Amazon Root CA 1, O=Amazon, C=US
Pinned certificates for public-api.sandbox.bunq.com:
sha256/SEJfjAW74vHQmGe/lb9NwBjzAw5y7rpJH3UWpGE5q8A=".
at com.bunq.sdk.http.ApiClient.post(ApiClient.java:173)
at com.bunq.sdk.model.core.Installation.create(Installation.java:46)
at com.bunq.sdk.context.ApiContext.initializeInstallation(ApiContext.java:241)
at com.bunq.sdk.context.ApiContext.createForPsd2(ApiContext.java:165)

Is this a known issue? Thank you for any information on resolving this problem.

Update: I have figured out what is the issue here: I am using the Bunq provided Java API, which uses certificate pinning to explicitly check for a certificate hash. The sandbox certificate has been changed on 21-2-2021, and the new sha for this certificate is now considered invalid by the Java API. I am using version 1.14.18 which is latest release right now. Any updates on when this will be fixed?

    @New-Golden-Panther-3153949932#217039 Hi, bunq probably changed the certificate for that API endpoint. You would need to update the pinned key in the SDK code and then it should work again. They're in the file src/main/java/com/bunq/sdk/context/ApiEnvironmentType.java right at the beginning.

    In your case:
    Change the line 16 so that it contains "sha256/SUiIQk086/o/n95Z/GMKJYaV7SBbvr/pZC8lNxfvzu0="

      I am currently working around instead by changing the pinnedKey using reflection in the enum, that also works in my case, and avoids having to deal with a fork. Would be nice to hear from Bunq when they cut a new release where this is fixed, I also notice that the current code does not support pinning multiple certificates well, so currently, both Sandbox and production will break when rotating certificates.

        @New-Golden-Panther-3153949932#217192 both Sandbox and production will break when rotating certificates.

        True, they should really make this possible and update their SDKs in advance so that nobody's code breaks.

          a month later
          Write a Reply...