Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Ismael_M_
Beginner
72 Views

Problem with App Security API. Calling a web service in a server with self signed certificate

Hello,

I'm developing an apk that communicates with a web service with a self-signed certificate and have problems with the App Security API.
  - The error that gives me the device is "fail: code = 33, message authentication = Communication error"
  - And in the emulator error is "fail: code = 16, message = Server not accessible error"

This is the function, the lines discussed, I think they are not useful because the function of webservice which I call has no input parameter, ie data only returns me.

function Prueba(){
    var options = { url: "https://XXXXXXXXXX", method:'POST', serverKey: "-----BEGIN PUBLIC KEY-----\nXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-----END PUBLIC KEY-----" };
    intel.security.secureTransport.open(
        function (instanceID) {
		alert("Succeeded in open, instance id is: "+instanceID);
                var instance=instanceID;
			// Define the head Content-type
//    		intel.security.secureTransport.setHeaders(
//        		function(){
//					alert('Succeeded in setHeaderValue');
//					// Send the request
//					intel.security.secureTransport.sendRequest(
//						function(response){alert(response.responseBody);}, 
//						function(errorObj){alert('fail: code = '+errorObj.code+', message = '+errorObj.message);},
//						{instanceID:instance, requestBody:'', requestFormat:'JSON'}
//					);     
//				}, 
//        		function(errorObj){alert('fail: code = '+errorObj.code+', message = '+errorObj.message);},
//        		{instanceID:instance, 'key':'Content-Type', 'value':'application/xml'}
//    		);
            intel.security.secureTransport.sendRequest(
                function(response){alert(response.responseBody);}, 
                function(errorObj){alert('fail: code = '+errorObj.code+', message = '+errorObj.message);},
                {instanceID:instance, requestBody:'', requestFormat:'JSON'}
            ); 
        },
        function (errorMsg) {
            alert("failed callback is called, code: "+errorMsg.code+', message = '+errorMsg.message);
        },
        options
    );
}

I have seen the following thread because my problem is similar, but I could not fix it.

https://software.intel.com/es-es/forums/intel-xdk/topic/562592

Regards.

Tags (2)
0 Kudos
5 Replies
Dennis_F_Intel
Employee
72 Views

Hi Ismael,

Thank you for your interest in AppSecurityAPI.

Self signed certificate feature is not supported by the AppSecurityAPI on the XDK Emulator, however there exists a workaround.

In the link you provided, OHAD.B provides an explanation of how to enable this functionality on the XDK emulator for a specific server and how to correctly extract the public key for your server. Were you able to follow those examples?

Are you able to provide a full code snippet so we can recreate the issue?

thanks,

Dennis.

 

Ismael_M_
Beginner
72 Views

Hi Dennis,

Yes, I have followed all the steps to create public key.

This is my way to extract the public key certificate:

OpenSSL> x509 -pubkey -noout -in Certificado_SSL.cer
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqEKrwux1Pbpk5l1UNq7NoG5An
usSvqShTxKtuO35dSq+s36nXiiycZRatcPODVlFsVgW+6Gujl59rEF4SjKHOzyoQ
L9j8NyM7nIXfMoFQwjFEfNiip74/lkLjTmzrKiQAvuP/TzRdLHie6TqrgdxAUPkK
mdKgwkD7p82G0M+NrwIDAQAB
-----END PUBLIC KEY-----

This is the function complete:

function PruebaHTTPS(){
	var options = { 'url':"https://81.45.78.242/Service1.asmx/Sincronizar", 'method':"POST", serverKey:"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqEKrwux1Pbpk5l1UNq7NoG5An\nusSvqShTxKtuO35dSq+s36nXiiycZRatcPODVlFsVgW+6Gujl59rEF4SjKHOzyoQ\nL9j8NyM7nIXfMoFQwjFEfNiip74/lkLjTmzrKiQAvuP/TzRdLHie6TqrgdxAUPkK\nmdKgwkD7p82G0M+NrwIDAQAB\n-----END PUBLIC KEY-----" };
	intel.security.secureTransport.open(
	function (instanceID) {
		alert("Succeeded in open, instance id is: "+instanceID);
		var myInstanceID=instanceID;  
        intel.security.secureTransport.setHeaders(   
			function(){
				alert('Succeeded in setHeaderValue');
				intel.security.secureTransport.sendRequest(
					function(response){
						alert('Succeeded in sendRequest, response.responseBody = ' + response.responseBody);
					},
					function(errorObj){
						alert('Failed in sendRequest, code = '+errorObj.code+', message = '+errorObj.message);
					},
					{'instanceID':myInstanceID}
				);
			},
			function(errorObj){
				alert('Failed in setHeaderValue, code = '+errorObj.code+', message = '+errorObj.message);
			},
			{'instanceID':myInstanceID}
		);
	},
	function (errorObj) {
		alert('Failed in open, code = '+errorObj.code+', message = '+errorObj.message);
	},
	options
	);  
}

Thanks.

Dennis_F_Intel
Employee
72 Views

Hi,

I'm getting timeout error when i try to open the url of your service, can you check that it is correct and accessible?

i don't get a response even in a browser.

Can you also detail for me the steps you took to generate the server key you use?

 

Thanks.

Dennis. 

Ismael_M_
Beginner
72 Views

Hi DENNIS,

The server has been shutdown at the weekeend.

To extract public key from a server.

  1. - Download the certificate from the server URL (using browser go to the server’ URL, right click on the certificate (left side of the navigation bar), go to connection tab, click on certificate information, go to Details tab, copy to File, Next, Base 64 encoded x.509 (.cer), Next, c:\Certificado_SSL.cer, Save, Next and Finish).
  2. Extract the public key from the certificate file using OpenSSL command line tool:  OpenSSL> x509 -pubkey -noout -in Certificado_SSL.cer

Thank you so much.

Dennis_F_Intel
Employee
72 Views

Hi Ismael,

Please excuse me for the delay in response,

There are a number of possible reasons for the error you are getting.

AppSecurityAPI's Secure Transport API enforces a number of security policies.

Looking at your certificate i can see two possible issues, it uses an obsolete cipher suite (SHA-1) and in addition the Host name on the certificate is different then the host name in the URL (you provide an IP address).

Are you able to generate a new certificate for your web server that addresses these issues?

Dennis.

 

 

Reply