topic Hello @Ohad: in Software Archive

Intel xdk ssl security

Alfred_M_ — Sat, 09 Apr 2016 22:01:12 GMT

I want to use intel xdk's ssl security plugin i have looked at the following https://software.intel.com/en-us/node/564377 im not sure

How i would translate that to my below code. can anyone help?

var TransResponse;

 function Transport(parameters,Page) {

var http = new XMLHttpRequest();

http.open("POST", "http:/000.000.000.000/"+Page, false);

//Send the proper header information along with the request
http.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http.setRequestHeader("Content-length", parameters.length);

http.onreadystatechange = function() {//Call a function when the state changes.
   if(http.readyState == 4 && http.status == 200) {
      
     TransResponse=http.response;
     }
}
http.send(parameters);
return TransResponse;
 }

Alfred -- I'll ask one of the

PaulF_IntelCorp — Wed, 13 Apr 2016 00:59:10 GMT

Alfred -- I'll ask one of the App Security API experts to reply.

Hi Alfred,

Ohad_B_Intel — Wed, 13 Apr 2016 13:28:45 GMT

Hi Alfred,

Here is code that implements the Transport function above using the App Security API plugin:

function Transport(parameters, page){    			
	
	// create a connection instance 
	intel.security.secureTransport.open(
		function (instanceID){
			alert('open succeeded, instanceID = '+instanceID);
			
			// set headers 
			intel.security.secureTransport.setHeaders(
				function() {
					alert('setHeaders succeeded');
					
					// send the request 
					intel.security.secureTransport.sendRequest(
						function(response){									
							alert('sendRequest succeeded');
							
							// assign response HTTP status
							var responseHttpStatus = response.responseHttpStatus;

							// assign response body
							var responseBody = response.responseBody;

							// assign response header
							var responseHeader = response.responseHeader;
							
							// assign the response body to TransResponse variable
							TransResponse = responseBody;
							alert('responseBody = '+responseBody);
							
							// destroy the trsnport handle
							intel.security.secureTransport.destroy(
								function (){
									alert('all pass');
								},
								failCallback, 
								instanceID);
								
						},
						failCallback,
						{'instanceID':instanceID, 'requestBody': parameters});
						
				},
				failCallback,
				{'instanceID':instanceID, 'headers':{"Content-type":"application/x-www-form-urlencoded"}});
				
				
		}, 
		failCallback, 
		{'url':'http:/000.000.000.000/'+page, 'method':'POST'});
			
}
function failCallback(error) {
	alert("Fail, error code is: " + error.code + ", error message is: " + error.message);
}

Please note that it includes many alerts, I hope it will help you with your first debugging.

Please let us know if you need further help.

Thanks,

Ohad

Hello @Ohad:

Valery_M_ — Mon, 16 May 2016 08:40:30 GMT

Hello @Ohad:

I managed to work out the https communication but it only runs fine when I use the Intel XDK debug tag... when I generate the APK does not work (error 13, Policy violation detected). I tried to search for some more information about this specific error but did not find it. Do you know why it is reporting such error? Why the intel security plugin works fine in debug mode and fail when the apk is generated?

Thank you.

Valery -- I suspect your

PaulF_IntelCorp — Mon, 16 May 2016 17:48:11 GMT

Valery -- I suspect your whitelist settings are the problem (and CSP tag). In the Debug tab those settings are mostly set to be "wide open" for easier debugging, but in the built app they follow whatever you've set in your app. I recommend you use the "Cordova Android Whitelist" setting and that you DO use CSP. See these links as starting points: