AnsweredAssumed Answered

this connection is not secure - System.Security.SecurityException

Question asked by cboebel on Mar 27, 2019
Latest reply on Mar 27, 2019 by cboebel

Hello -

 

I'm working with triPOS (Linux flavor). I am in test mode, and I have use https set to false. I have written code to create all the hmacs and have verified that my hashes match those returned in the response from triPOS. Everything matches and I am, as far as I can ascertain, sending all the required headers.

 

I am receiving, however, this message: "this connection is not secure." Aside from describing what should be sent and how things should be calculated, I'm receiving no other information about the issue. The 'connection is not secure' also comes along a 401 (not authorized).

 

Here's the data I received back:

 

{
"_errors": [
{
"userMessage": "",
"developerMessage": "",
"errorType": "",
"exceptionMessage": "this connection is not secure",
"exceptionTypeFullName": "System.Security.SecurityException",
"exceptionTypeShortName": "SecurityException"
}
],
"_hasErrors": true,
"_links": [],
"_logs": [
"---------- Test Mode Help For Signing Messages Start ----------",
"Request headers should be in the following format, using ISO 8601 for the UTC requestdate:",
"tp-authorization: Version=1.0, Algorithm=tp-hmac-sha256, Credential=AllYourBase, SignedHeaders=accept, Nonce=e506cc6c-45b9-448b-b556-99c23656d1a0, RequestDate=2019-03-27T12:47:28.816717Z, Signature=a80ae96c24c84c3aa260eb12e2adec2fe3aff803dd83e519eebbaff480a0e42b",
"Valid signature algorithm: tp-hmac-sha256. Valid algorithms: tp-hmac-md5,tp-hmac-sha1,tp-hmac-sha256,tp-hmac-sha384,tp-hmac-sha512.",
"",
"Creating HMAC signature",
"No payload to hash (no message body)",
"---------- 'Payload Hash' Start ----------",
"---------- 'Payload Hash' End ----------",
"---------- Canonical Headers Start ---------- ",
"accept:application/json",
"---------- Canonical Headers End ---------- ",
"---------- Canonical Query String Start ----------",
"---------- Canonical Query String End ----------",
"---------- Canonical Uri Start ---------- ",
"/api/v1",
"---------- Canonical Uri End ---------- ",
"Canonical Request format:[HTTP Method][newline][Canonical Uri][newline][Canonical Query String][newline][Canonical Headers][newline][Canonical Signed Headers][newline][Payload Hash]",
"---------- Canonical Request Start ----------",
"GET",
"/api/v1",
"",
"accept:application/json",
"accept",
"",
"---------- Canonical Request End ----------",
"Starting to Hex Encode data [length=44] using [tp-hmac-sha256] algorithm",
"---------- Data to Hash Encode Start ----------",
"GET",
"/api/v1",
"",
"accept:application/json",
"accept",
"",
"---------- Data to Hash Encode End ----------",
"---------- Hex Encoded Hashed Canonical Request Start ----------",
"d2dffef5efd12091d546657b1b39bba03f8061cc093f8a982347d63be619b91a",
"---------- Hex Encoded Hashed Canonical Request End ----------",
"Creating 'HMAC Key Signature' using Nonce + DeveloperSecret as data, RequestDate as key",
"---------- Creating HMAC Signature Start ---------- ",
"Key: 2019-03-27T12:47:28.816717Z",
"Data: e506cc6c-45b9-448b-b556-99c23656d1a0AreBelongToUs",
"Current Hashing Algorithm: HMACSHA256",
"Setting Current Hashing Algorithm key based on UTF-8 bytes of key",
"Computing hash based on UTF-8 bytes of data using the Current Hashing Algorithm",
"Converting computed hash to hex: 79d32320acd082242d39f393a2ececcded98385fc28943de9230324a9b1a42f0",
"---------- Creating HMAC Signature End ---------- ",
"---------- 'HMAC Key To Sign' Start ---------- ",
"79d32320acd082242d39f393a2ececcded98385fc28943de9230324a9b1a42f0",
"---------- 'HMAC Key To Sign' End ---------- ",
"---------- 'HMAC Signature To Sign' Start ---------- ",
"tp-hmac-sha256",
"2019-03-27T12:47:28.816717Z",
"AllYourBase",
"d2dffef5efd12091d546657b1b39bba03f8061cc093f8a982347d63be619b91a",
"---------- 'HMAC Signature To Sign' End ---------- ",
"Creating HMAC signature using 'HMAC Signature To Sign' as data, 'HMAC Key To Sign' as key",
"---------- Creating HMAC Signature Start ---------- ",
"Key: 79d32320acd082242d39f393a2ececcded98385fc28943de9230324a9b1a42f0",
"Data: tp-hmac-sha256",
"2019-03-27T12:47:28.816717Z",
"AllYourBase",
"d2dffef5efd12091d546657b1b39bba03f8061cc093f8a982347d63be619b91a",
"Current Hashing Algorithm: HMACSHA256",
"Setting Current Hashing Algorithm key based on UTF-8 bytes of key",
"Computing hash based on UTF-8 bytes of data using the Current Hashing Algorithm",
"Converting computed hash to hex: a80ae96c24c84c3aa260eb12e2adec2fe3aff803dd83e519eebbaff480a0e42b",
"---------- Creating HMAC Signature End ---------- ",
"---------- Final Signature (signature for tp-authorization) Start ---------- ",
"a80ae96c24c84c3aa260eb12e2adec2fe3aff803dd83e519eebbaff480a0e42b",
"---------- Final Signature (signature for tp-authorization) End ---------- ",
"",
"---------- Test Mode Help For Signing Messages End ----------"
],
"_type": "unknown",
"_warnings": []
}

 

And here's my internal data.

 

{
canonicalheaders: "accept:application/json",
canonicalqs: "",
canonicalrequest: "GET\n/api/v1\n\naccept:application/json\naccept\n",
canonicalrequest_hash: "d2dffef5efd12091d546657b1b39bba03f8061cc093f8a982347d63be619b91a",
canonicalurl: "/api/v1",
devsecret: "AreBelongToUs",
headers: [
{"tp-application-id", "9888"},
{"tp-application-name", "deltapos"},
{"tp-application-version", "1.0.0"},
{"tp-request-id", "d506cc39-98ed-4eaa-8adf-7cce54b09bb3"},
{"tp-return-logs", "true"},
{"accept", "application/json"},
{"tp-express-acceptor-id", "3928907"},
{"tp-express-account-id", "1062062"},
{"tp-express-account-token",
"1E4D9F7E875CF14B771FAC26B12C2F589BF764EC9A55625A6F13E611A2CC3C1E1052B101"},
{"tp-authorization",
"Version=1.0, Algorithm=tp-hmac-sha256, Credential=AllYourBase, SignedHeaders=accept, Nonce=e506cc6c-45b9-448b-b556-99c23656d1a0, RequestDate=2019-03-27T12:47:28.816717Z, Signature=a80ae96c24c84c3aa260eb12e2adec2fe3aff803dd83e519eebbaff480a0e42b"}
],
keysignaturehash: "79d32320acd082242d39f393a2ececcded98385fc28943de9230324a9b1a42f0",
method: "GET",
nonce: "e506cc6c-45b9-448b-b556-99c23656d1a0",
requestdate: "2019-03-27T12:47:28.816717Z",
signaturehash: "a80ae96c24c84c3aa260eb12e2adec2fe3aff803dd83e519eebbaff480a0e42b",
unhashedsignature: "tp-hmac-sha256\n2019-03-27T12:47:28.816717Z\nAllYourBase\nd2dffef5efd12091d546657b1b39bba03f8061cc093f8a982347d63be619b91a",
url: "/api/v1"
}

Outcomes