Skip to content

Less drama, more information #313

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
runeflobakk merged 3 commits into from
Oct 12, 2023
Merged

Less drama, more information #313

runeflobakk merged 3 commits into from
Oct 12, 2023

Conversation

@runeflobakk
Copy link
Member

@runeflobakk runeflobakk commented Oct 11, 2023

More informational (and a bit less dramatic) message if the client refuses to trust the TLS server certificate.

E.g. if attempting to use a Posten signering web site URL in place of an API URL, the exception now looks like:

no.digipost.signature.client.core.exceptions.HttpIOException:
Error executing POST https://difitest.signering.posten.no/, because SSLException 
'Untrusted server certificate, according to OrganizationNumberValidation trusting organization number '984661185'.
Actual certificate from server response: CN=difitest.signering.posten.no
(serial number 266807810224456931373439957111026753236316, expires 2024-01-08T12:27:38+01:00[Europe/Oslo]),
issued by CN=R3, O=Let's Encrypt, C=US.
This normally indicates either a misconfiguration of this client library, or a mixup of URLs used to communicate with the API.
Make sure the request URL is correct, is actually for the API, and it aligns with the configured ServiceEnvironment.
It should e.g. not be a URL that is to be accessed by a user from a web browser.'
	at no.digipost.signature.client.core.internal.ClientHelper.requestNewRedirectUrl(ClientHelper.java:124)
	at no.digipost.signature.client.direct.DirectClient.requestNewRedirectUrl(DirectClient.java:54)
        ...

Notably, this removes a mention of a possible man-in-the-middle attack, and also contains some more hints on how to resolve the error.

This PR will solve and close #199

@runeflobakk
Remove redundant interface
cf85b05
@runeflobakk
More informative, less dramatic exception message
a522ffa 
Includes some more information on what to check (request URL for API, certificate from
server, align with configured ServiceEnvionment) when a server
certificate is evaluated as untrusted when intending to use the API.

Also removes the overly dramatic reference to a possible
"man-in-the-middle attack".

Fixes #199
@runeflobakk
Upgrade dependencies
4742a3c
simenstoa
simenstoa approved these changes Oct 12, 2023
View reviewed changes
Copy link
Contributor

@simenstoa simenstoa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👌

@runeflobakk runeflobakk merged commit a9c5800 into main Oct 12, 2023
@runeflobakk runeflobakk deleted the less-drama-more-information branch October 12, 2023 07:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@haralkvi haralkvi Awaiting requested review from haralkvi

@hernil hernil Awaiting requested review from hernil

@sarawe sarawe Awaiting requested review from sarawe

1 more reviewer

@simenstoa simenstoa simenstoa approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Provide better error message when user submits wrong signer url while requesting new redirect url

2 participants

@runeflobakk @simenstoa