Sandbox pinned ssl certificate changed from root to server certificate

[maartenn]

Steps to reproduce:

1. In our own application we use the certificate directly from public-api.sandbox.bunq.com (old key in our version is: SUiIQk086/o/n95Z/GMKJYaV7SBbvr/pZC8lNxfvzu0= ) instead of the parent certificate that is used in this SDK (amazon root CA 1 ) . When I tried to connect with the SDK to the sandbox with our own version to ( public-api.sandbox.bunq.com ). I noticed this in ApiClient::post

What should happen:

1. A connection should be made and pinned ssl certificate should match the server certificate. When using a root certificate you're not really doing ssl pinning because it's not specific enough.

What happens:

1. When you use the old server sha256 pin key an error like below is logged :

Caused by: com.bunq.sdk.exception.UncaughtExceptionError: Uncaught exception \\"Certificate pinning failure!\\n  Peer certificate chain:\\n    sha256/FJNOnWe35VGrcWveVyDln+w6vZNqJW5b4D7PlUWPlo8=: CN=sandbox.bunq.com\\n    sha256/JSMzqOOrtyOT1kmau6zKhgT676hGgczD5VMdRMyJZFA=: CN=Amazon, OU=Server CA 1B, O=Amazon, C=US    sha256/++MBgDH5WGvL9Bcn5Be30cRcL0f5O+NyoXuWtQdX1aI=: CN=Amazon Root CA 1, O=Amazon, C=US\\n  Pinned certificates for public-api.sandbox.bunq.com:
sha256/SUiIQk086/o/n95Z/GMKJYaV7SBbvr/pZC8lNxfvzu0=\\".
com.bunq.sdk.http.ApiClient.post(ApiClient.java:173)
com.bunq.sdk.model.core.Installation.create(Installation.java:46)
com.bunq.sdk.context.ApiContext.initializeInstallation(ApiContext.java:241)
com.bunq.sdk.context.ApiContext.initialize(ApiContext.java:231) 
com.bunq.sdk.context.ApiContext.create(ApiContext.java:147)
com.bunq.sdk.context.ApiContext.create(ApiContext.java:124)
com.bunq.sdk.context.ApiContext.create(ApiContext.java:114)

Traceback

SDK version and environment

• Tested on 1.14.18
• [ x ] Sandbox
• [ ] Production

Response id

n/a

Extra info:

easy way to get the pinnedkey is by dropping the url ( public-api.sandbox.bunq.com ) into https://www.ssllabs.com/ssltest/ and search for Pin SHA256