Sandbox pinned ssl certificate changed from root to server certificate

[maartenn]

Steps to reproduce:

1. In our own application we use the certificate directly from public-api.sandbox.bunq.com (old key in our version is: SUiIQk086/o/n95Z/GMKJYaV7SBbvr/pZC8lNxfvzu0= ) instead of the parent certificate that is used in this SDK (amazon root CA 1 ) .
   When I tried to connect with the SDK to the sandbox with our own version to ( public-api.sandbox.bunq.com ). I noticed this in ApiClient::post

What should happen:

1. A connection should be made and pinned ssl certificate should match the server certificate. When using a root certificate you're not really doing ssl pinning because it's not specific enough.

What happens:

1. When you use the old server sha256 pin key an error like below is logged :

Caused by: com.bunq.sdk.exception.UncaughtExceptionError: Uncaught exception \\"Certificate pinning failure!\\n  Peer certificate chain:\\n    sha256/FJNOnWe35VGrcWveVyDln+w6vZNqJW5b4D7PlUWPlo8=: CN=sandbox.bunq.com\\n    sha256/JSMzqOOrtyOT1kmau6zKhgT676hGgczD5VMdRMyJZFA=: CN=Amazon, OU=Server CA 1B, O=Amazon, C=US    sha256/++MBgDH5WGvL9Bcn5Be30cRcL0f5O+NyoXuWtQdX1aI=: CN=Amazon Root CA 1, O=Amazon, C=US\\n  Pinned certificates for public-api.sandbox.bunq.com:
sha256/SUiIQk086/o/n95Z/GMKJYaV7SBbvr/pZC8lNxfvzu0=\\".
com.bunq.sdk.http.ApiClient.post(ApiClient.java:173)
com.bunq.sdk.model.core.Installation.create(Installation.java:46)
com.bunq.sdk.context.ApiContext.initializeInstallation(ApiContext.java:241)
com.bunq.sdk.context.ApiContext.initialize(ApiContext.java:231) 
com.bunq.sdk.context.ApiContext.create(ApiContext.java:147)
com.bunq.sdk.context.ApiContext.create(ApiContext.java:124)
com.bunq.sdk.context.ApiContext.create(ApiContext.java:114)

Traceback

SDK version and environment

• Tested on 1.14.18
• [ x ] Sandbox
• Production

Response id

n/a

Extra info:

easy way to get the pinnedkey is by dropping the url ( public-api.sandbox.bunq.com ) into https://www.ssllabs.com/ssltest/ and search for Pin SHA256

[two-trick-pony-NL]

👋 Hey @maartenn

I work at bunq and am currently reviewing the bunq API docs, open issues and SDK’s and came across your issue. I know it’s been open for a while, and I’d love to understand how it’s impacting you. Beyond the obvious -fixing this issue-, what else could we do to improve your experience with our API?

If you want to share your thoughts on how we can improve on our public API:

📅 I'd love to schedule a 15 minute interview to understand your needs through: Calendly
💬 Or if you don't have time for a call, you can give us some general feedback through this form

Your feedback will go straight to our product team! 🚀

[two-trick-pony-NL]

Hi! We're closing this issue as it's tied to an older version of our SDKs, and we've since completely revamped them as part of bunq Update 28.

This is a fresh start—we've tested the new SDKs extensively, and we’ll be putting them to the test again during our upcoming hackathon this Friday, where we’ll fix idiosyncrasies on the spot. (You’re welcome to join us!)

If this issue (or a new one) shows up with the updated SDKs, feel free to reopen or file a new report—we're happy to jump on it.