Software Archive
Read-only legacy content
17061 Discussions

Problem with App Security API. Calling a web service in a server with self signed certificate

Ismael_M_
Beginner
‎06-29-2016 02:18 AM
430 Views

Hello,

I'm developing an apk that communicates with a web service with a self-signed certificate and have problems with the App Security API.
  - The error that gives me the device is "fail: code = 33, message authentication = Communication error"
  - And in the emulator error is "fail: code = 16, message = Server not accessible error"

This is the function, the lines discussed, I think they are not useful because the function of webservice which I call has no input parameter, ie data only returns me.

function Prueba(){
    var options = { url: "https://XXXXXXXXXX", method:'POST', serverKey: "-----BEGIN PUBLIC KEY-----\nXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-----END PUBLIC KEY-----" };
    intel.security.secureTransport.open(
        function (instanceID) {
		alert("Succeeded in open, instance id is: "+instanceID);
                var instance=instanceID;
			// Define the head Content-type
//    		intel.security.secureTransport.setHeaders(
//        		function(){
//					alert('Succeeded in setHeaderValue');
//					// Send the request
//					intel.security.secureTransport.sendRequest(
//						function(response){alert(response.responseBody);}, 
//						function(errorObj){alert('fail: code = '+errorObj.code+', message = '+errorObj.message);},
//						{instanceID:instance, requestBody:'', requestFormat:'JSON'}
//					);     
//				}, 
//        		function(errorObj){alert('fail: code = '+errorObj.code+', message = '+errorObj.message);},
//        		{instanceID:instance, 'key':'Content-Type', 'value':'application/xml'}
//    		);
            intel.security.secureTransport.sendRequest(
                function(response){alert(response.responseBody);}, 
                function(errorObj){alert('fail: code = '+errorObj.code+', message = '+errorObj.message);},
                {instanceID:instance, requestBody:'', requestFormat:'JSON'}
            ); 
        },
        function (errorMsg) {
            alert("failed callback is called, code: "+errorMsg.code+', message = '+errorMsg.message);
        },
        options
    );
}

I have seen the following thread because my problem is similar, but I could not fix it.

https://software.intel.com/es-es/forums/intel-xdk/topic/562592

Regards.

0 Kudos

Link Copied

5 Replies
Dennis_F_Intel
Employee
‎06-29-2016 02:22 PM
430 Views

Hi Ismael,

Thank you for your interest in AppSecurityAPI.

Self signed certificate feature is not supported by the AppSecurityAPI on the XDK Emulator, however there exists a workaround.

In the link you provided, OHAD.B provides an explanation of how to enable this functionality on the XDK emulator for a specific server and how to correctly extract the public key for your server. Were you able to follow those examples?

Are you able to provide a full code snippet so we can recreate the issue?

thanks,

Dennis.

 

0 Kudos
Copy link
Ismael_M_
Beginner
‎06-30-2016 12:56 AM
430 Views

Hi Dennis,

Yes, I have followed all the steps to create public key.

This is my way to extract the public key certificate:

OpenSSL> x509 -pubkey -noout -in Certificado_SSL.cer
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqEKrwux1Pbpk5l1UNq7NoG5An
usSvqShTxKtuO35dSq+s36nXiiycZRatcPODVlFsVgW+6Gujl59rEF4SjKHOzyoQ
L9j8NyM7nIXfMoFQwjFEfNiip74/lkLjTmzrKiQAvuP/TzRdLHie6TqrgdxAUPkK
mdKgwkD7p82G0M+NrwIDAQAB
-----END PUBLIC KEY-----

This is the function complete:

function PruebaHTTPS(){
	var options = { 'url':"https://81.45.78.242/Service1.asmx/Sincronizar", 'method':"POST", serverKey:"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqEKrwux1Pbpk5l1UNq7NoG5An\nusSvqShTxKtuO35dSq+s36nXiiycZRatcPODVlFsVgW+6Gujl59rEF4SjKHOzyoQ\nL9j8NyM7nIXfMoFQwjFEfNiip74/lkLjTmzrKiQAvuP/TzRdLHie6TqrgdxAUPkK\nmdKgwkD7p82G0M+NrwIDAQAB\n-----END PUBLIC KEY-----" };
	intel.security.secureTransport.open(
	function (instanceID) {
		alert("Succeeded in open, instance id is: "+instanceID);
		var myInstanceID=instanceID;  
        intel.security.secureTransport.setHeaders(   
			function(){
				alert('Succeeded in setHeaderValue');
				intel.security.secureTransport.sendRequest(
					function(response){
						alert('Succeeded in sendRequest, response.responseBody = ' + response.responseBody);
					},
					function(errorObj){
						alert('Failed in sendRequest, code = '+errorObj.code+', message = '+errorObj.message);
					},
					{'instanceID':myInstanceID}
				);
			},
			function(errorObj){
				alert('Failed in setHeaderValue, code = '+errorObj.code+', message = '+errorObj.message);
			},
			{'instanceID':myInstanceID}
		);
	},
	function (errorObj) {
		alert('Failed in open, code = '+errorObj.code+', message = '+errorObj.message);
	},
	options
	);  
}

Thanks.

0 Kudos
Copy link
Dennis_F_Intel
Employee
‎07-03-2016 05:10 AM
430 Views

Hi,

I'm getting timeout error when i try to open the url of your service, can you check that it is correct and accessible?

i don't get a response even in a browser.

Can you also detail for me the steps you took to generate the server key you use?

 

Thanks.

Dennis. 

0 Kudos
Copy link
Ismael_M_
Beginner
‎07-03-2016 11:27 PM
430 Views

Hi DENNIS,

The server has been shutdown at the weekeend.

To extract public key from a server.

  1. - Download the certificate from the server URL (using browser go to the server’ URL, right click on the certificate (left side of the navigation bar), go to connection tab, click on certificate information, go to Details tab, copy to File, Next, Base 64 encoded x.509 (.cer), Next, c:\Certificado_SSL.cer, Save, Next and Finish).
  2. Extract the public key from the certificate file using OpenSSL command line tool:  OpenSSL> x509 -pubkey -noout -in Certificado_SSL.cer

Thank you so much.

0 Kudos
Copy link
Dennis_F_Intel
Employee
‎07-07-2016 03:26 PM
430 Views

Hi Ismael,

Please excuse me for the delay in response,

There are a number of possible reasons for the error you are getting.

AppSecurityAPI's Secure Transport API enforces a number of security policies.

Looking at your certificate i can see two possible issues, it uses an obsolete cipher suite (SHA-1) and in addition the Host name on the certificate is different then the host name in the URL (you provide an IP address).

Are you able to generate a new certificate for your web server that addresses these issues?

Dennis.

 

 

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.