Intel XDK SSL (API Secure)
I am developing an application that communicates with a server via an SSL tunnel. For this I am using the intel xdk API called API Secure. Specifically these features: https://software.intel.com/en-us/node/560364
The problem I am having is when I create an instance using the function: "intel.security.secureTransport.open (success, error, parameters)"; https://software.intel.com/es-es/node/560365
This function has 4 options. My problem occurs when I want to enable the server key. I don't know what the format of the server key is. ยฟDo I need to put the path ?, ยฟDo I have to put the serverkey.pem file as a string?
In the serverkey option, I don't know what I need to put. Javascript code:
//function that execute when click on button
function prueba(){
// Create the instance
intel.security.secureTransport.open(
function(instanceID){
console.log('success: instanceID = '+instanceID);
id_instance = instanceID;
},
function(errorObj){console.log('fail: code = '+errorObj.code+', message = '+errorObj.message);},
{'url':'https://193.144.201.45:8443/MobiWallet/rest/UserActions/mb/certificate', 'method':'POST', 'serverKey':''}
);
// Define the head Content-type
intel.security.secureTransport.setHeaderValue(
function(){console.log('success setting header value');},
function(errorObj){console.log('fail: code = '+errorObj.code+', message = '+errorObj.message);},
{'instanceID':id_instance, 'key':'Content-Type', 'value':'application/xml'}
);
//xml to send to the server
var request_body ='<MW_USER_CERTIFICATE>\r\n' +
'<MW_VERSION>1.0</MW_VERSION>\r\n' +
'<MW_USR_ID>scd</MW_USR_ID>\r\n' +
'<MW_USR_PWD>6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b</MW_USR_PWD>\r\n' +
'</MW_USER_CERTIFICATE>'
// Send the request
intel.security.secureTransport.sendRequest(
function(response){
console.log('got response:' + response.responseBody);
resp = response.responseBody;
},
function(errorObj){console.log('fail: code = '+errorObj.code+', message = '+errorObj.message);},
{'instanceID':id_instance, 'requestBody':request_body }
);
}
Next server: serverkey.pem:
"Certificate:
Data:
Version: 3 (0x2)\n'
Serial Number: 10645769954857470290 (0x93bd5f5ec7ce4952)\n'
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=ES, ST=Cantabria, O=UNICAN, OU=TLMAT, CN=MOBIWALLET CA/emailAddress=pcm27@alumnos.unican.es
Validity
Not Before: May 19 14:37:15 2015 GMT
Not After : May 18 14:37:15 2016 GMT
Subject: C=SP, ST=Cantabria, L=Santander, O=Unican, OU=Telemat, CN=193.144.201.45/emailAddress=pcm27@alumnos.unican.es
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e0:d6:be:c1:cf:a5:5b:07:8a:ae:f0:c2:75:62:
5e:cc:85:f4:67:fc:20:98:19:6d:99:ea:c8:74:c5:
29:c6:23:88:3e:90:33:9b:38:b1:bf:a9:a4:20:68:
aa:ac:24:47:58:f7:90:67:6b:60:65:fc:ea:f5:7c:
89:73:53:db:b0:eb:44:a8:92:13:fb:90:2c:50:d8:
01:6e:d1:a1:ca:8d:b8:d4:f4:23:ac:3c:a7:7a:45:
10:91:5b:f5:b0:cb:35:b4:4e:86:74:c9:b5:6a:59:
23:8b:91:61:82:17:8d:d3:e4:1c:68:1e:6e:68:48:
de:41:fe:b5:3d:94:c0:52:0a:20:1e:3f:a8:bb:66:
33:a0:96:cd:a6:d3:18:78:de:27:e2:02:2b:36:20:
e6:04:d2:fd:4e:0b:17:66:45:57:88:28:e7:50:4f:
e2:31:aa:bc:3e:cd:eb:eb:b3:90:c9:c3:38:44:45:
f2:c2:ae:63:6b:0e:6e:2b:93:17:3b:68:52:87:43:
a8:96:2c:32:bf:62:0a:2e:a2:75:12:83:23:ab:68:
a4:f4:15:66:ae:54:4d:8f:c5:77:63:88:82:b3:13:
2d:a9:2a:88:f0:b6:6d:c6:92:38:26:e8:4b:43:0b:
3b:87:ed:69:df:b0:e0:7f:20:07:41:d6:70:4f:86:
de:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
4F:39:13:BB:EE:68:56:93:CB:68:05:E7:88:DB:CD:CE:3F:C8:6C:C5
X509v3 Authority Key Identifier:
keyid:64:5B:C9:0F:C7:BA:84:C7:A6:4C:DF:0E:D9:89:58:D8:DF:81:44:E4
Signature Algorithm: sha256WithRSAEncryption
1c:b3:6a:29:41:63:45:b0:dd:81:c1:b4:36:11:5e:bf:68:2b:
74:13:d2:38:38:87:c8:72:ee:aa:74:81:ba:a1:a6:26:f1:80:
51:67:ca:57:76:c8:63:3f:2d:84:42:81:7c:3f:11:ca:a5:87:
cd:1e:3c:b6:ef:a0:32:53:c3:a3:79:60:65:b1:e0:7a:d9:98:
a8:9c:a8:cd:b2:ce:30:7c:bd:22:20:4a:fb:c4:a7:ed:e5:45:
fe:5a:03:d2:04:e8:f4:ef:29:7d:c1:25:9f:d1:3e:44:ac:1f:
0f:46:c0:f5:66:52:95:63:44:e4:02:b2:5b:a2:ec:51:9d:fa:
18:3d:60:dc:c5:67:96:9a:d7:cd:3b:a9:de:d8:42:c4:c0:c2:
44:3e:63:21:7c:b7:62:72:4d:43:38:fd:1e:ce:dd:92:0d:81:
83:fe:19:b3:6d:60:97:9c:75:53:6f:49:b4:b2:70:cd:14:a1:
68:a2:b9:84:84:d4:01:9a:16:02:27:f8:f3:29:4d:f6:cb:e0:
44:9c:89:e8:d3:44:5a:66:fa:e8:b5:05:30:e6:bf:88:34:41:
14:fc:2a:11:0a:15:65:8e:de:61:95:45:93:ed:24:d4:5c:82:
19:9a:6d:7a:57:60:86:b5:49:99:16:9f:ab:6b:9c:9d:47:22:
4e:b6:b1:2d
-----BEGIN CERTIFICATE-----
MIIEGzCCAwOgAwIBAgIJAJO9X17HzklSMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
VQQGEwJFUzESMBAGA1UECAwJQ2FudGFicmlhMQ8wDQYDVQQKDAZVTklDQU4xDjAM
BgNVBAsMBVRMTUFUMRYwFAYDVQQDDA1NT0JJV0FMTEVUIENBMSYwJAYJKoZIhvcN
AQkBFhdwY20yN0BhbHVtbm9zLnVuaWNhbi5lczAeFw0xNTA1MTkxNDM3MTVaFw0x
NjA1MTgxNDM3MTVaMIGZMQswCQYDVQQGEwJTUDESMBAGA1UECAwJQ2FudGFicmlh
MRIwEAYDVQQHDAlTYW50YW5kZXIxDzANBgNVBAoMBlVuaWNhbjEQMA4GA1UECwwH
VGVsZW1hdDEXMBUGA1UEAwwOMTkzLjE0NC4yMDEuNDUxJjAkBgkqhkiG9w0BCQEW
F3BjbTI3QGFsdW1ub3MudW5pY2FuLmVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA4Na+wc+lWweKrvDCdWJezIX0Z/wgmBltmerIdMUpxiOIPpAzmzix
v6mkIGiqrCRHWPeQZ2tgZfzq9XyJc1PbsOtEqJIT+5AsUNgBbtGhyo241PQjrDyn
ekUQkVv1sMs1tE6GdMm1alkji5FhgheN0+QcaB5uaEjeQf61PZTAUgogHj+ou2Yz
oJbNptMYeN4n4gIrNiDmBNL9TgsXZkVXiCjnUE/iMaq8Ps3r67OQycM4REXywq5j
aw5uK5MXO2hSh0Ooliwyv2IKLqJ1EoMjq2ik9BVmrlRNj8V3Y4iCsxMtqSqI8LZt
xpI4JuhLQws7h+1p37DgfyAHQdZwT4beYwIDAQABo3sweTAJBgNVHRMEAjAAMCwG
CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
HQ4EFgQUTzkTu+5oVpPLaAXniNvNzj/IbMUwHwYDVR0jBBgwFoAUZFvJD8e6hMem
TN8O2YlY2N+BROQwDQYJKoZIhvcNAQELBQADggEBAByzailBY0Ww3YHBtDYRXr9o
K3QT0jg4h8hy7qp0gbqhpibxgFFnyld2yGM/LYRCgXw/Ecqlh80ePLbvoDJTw6N5
YGWx4HrZmKicqM2yzjB8vSIgSvvEp+3lRf5aA9IE6PTvKX3BJZ/RPkSsHw9GwPVm
UpVjROQCslui7FGd+hg9YNzFZ5aa1807qd7YQsTAwkQ+YyF8t2JyTUM4/R7O3ZIN
gYP+GbNtYJecdVNvSbSycM0UoWiiuYSE1AGaFgIn+PMpTfbL4ESciejTRFpm+ui1
BTDmv4g0QRT8KhEKFWWO3mGVRZPtJNRcghmabXpXYIa1SZkWn6trnJ1HIk62sS0=
-----END CERTIFICATE-----
"
An error message appears:
success: instanceID = 1 prueba.js:6
success setting header value prueba.js:14
Failed to load resource: the server responded with a status of 404 (Not Found) http://127.0.0.1:58889/http-services/ui-builder/web/unit_tests/utils/test_styleparsing.css
POST https://193.144.201.45:8443/MobiWallet/rest/UserActions/mb/certificate net::ERR_INSECURE_RESPONSE /C:/Users/sergio/AppData/Local/Intel/XDK/xdk/components/client/emulator/ripple.js:63449
fail: code = 16, message = Server not accessible error prueba.js:31
If you could help me, I would be very grateful, sorry for my english
Many thanks
+3
source to share
1 answer
You should get the public key from the certificate using the OPEN SSL command
openssl x509 -pubkey -inform DER -outform PEM -pubkey -noout -in <serverCert.cer>
the output should be provided in the serverKey option. Something like
function(errorObj){console.log('fail: code = '+errorObj.code+', message = '+errorObj.message);}, {'url':'https://193.144.201.45:8443/MobiWallet/rest/UserActions/mb/certificate', 'method':'POST', 'serverKey':'-----BEGIN PUBLICKEY-----\nMIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgCuvz5mIsEP2gKSrt7+XQg+vgYRS\n
WbwxtT9YeltT8kuVu6mMrD7pzaTPy2to9iCF7YGbzyLMEpDkr5yul66sZVkib9ME\n
8JcnXZ0X8GVP5sRVtY37uGR2rj2HlG/dTsGRVn6FtcPdLHxUsJ04SZuvVbDzgs24\n
QFpbGL5mVtGZ7N25AgMBAAE=\n-----END PUBLIC KEY-----'});
ServerKey, used only for the certificate, https://software.intel.com/en-us/node/564382
+1
source to share