PDA

View Full Version : Using XMLHttpRequest for HTTPS Post to server with SSL certificate



rmattew
15th September 2011, 12:15
Hi all,

I'm developing an app for Symbian S60 5th and Sym^3 phones using Nokia Qt SDK v.1.1.3.

My app needs to communicate with a server through HTTPS Post. The server has a certificate (.cer file) to be used for verification and encryption.

I'm trying to implement the network communication in QML/JS using XmlHttpRequest but it does not work: it is interrupted during handshake with readystate = DONE but with status = 0 and status text = 0.

My code is:


var https = new XMLHttpRequest();
https.open("POST", url, true);

https.setRequestHeader("Content-type", "application/json");
https.onreadystatechange = function() {
if (https.readyState == XMLHttpRequest.HEADERS_RECEIVED) {
var status = https.status;
if(status != 200) {
app.logWrite("HttpsPostToService; Headers received; Error. Status: " + status + ". Status text: " + https.statusText, 4);
return;
}
} else if (https.readyState == XMLHttpRequest.DONE) {
var status = https.status;
if(status != 200) {
app.logWrite("HttpsPostToService; Done; Not OK. Status: " + status + ". Status text: " + https.statusText, 4);
return;
}
var data = null;
data = https.responseText;
app.logWrite("HttpsPostToService; Done; OK. Received following data:", 4);
app.logWrite("HttpsPostToService; " + data, 4);
}
}
https.send(jsonpar);



I tried successfully to load server certificate among the default CA Certificates for QSSLSockets but this does not solve the problem (see code below).
I was thinking QML to use QSSLSocket in SSL communication but perhaps I'm wrong.

My question is: is it possible to manage SSL with XMLHttpRequest? If yes how can I add the certificate in order to use it?
Or have I to go with a Qt implementation?

Thanks in advance for any support.




if (QFile::exists("C:/Data/Certs/certificate.cer"))
{
QFile certFile("C:/Data/Certs/certificate.cer");
if (certFile.open(QIODevice::ReadOnly))
{
QSslCertificate cert(&certFile, QSsl::Der);
if (! cert.isNull())
{
qDebug() << "Cert not null";
if (cert.isValid())
{
qDebug() << "Cert is valid";
QSslSocket::addDefaultCaCertificate(cert);
qDebug() << "Cert was added. Info: " << cert.serialNumber();
}
else
{
qDebug() << "Cert is NOT valid";
}


}
else
{
qDebug() << "Cert is null";
}
if (certFile.isOpen())
certFile.close();
}
}


qDebug() << "Root CA certificates: \n" << QSslSocket::defaultCaCertificates();

wysota
15th September 2011, 13:22
Are you sure this is the issue with certificates? What happens if you don't use SSL at all?

rmattew
15th September 2011, 15:18
Are you sure this is the issue with certificates? What happens if you don't use SSL at all?

Hi wysota,

thanks for your response.

If I do a simple GET to http://www.google.com all is OK.

If I do a HTTPS GET to for example https://market.android.com/?hl=it also it works (Done OK)

My target service is reachable through POST both via HTTP and via HTTPS at the same link. I must use HTTPS for security reasons.

If I do a HTTP POST to it all is OK.

If I do a HTTPS POST it doesn't work as I was explaining above.

I can do the same HTTPS POST through REST Client Firefox Addin (but the browser asks me to confirm secury exception for unverified server certificate).

At this point I suspect issue with certificate.

juanjex
20th November 2014, 18:12
how did you make the POST with XMLHttpRequest for HTTP post i've created a app for androit with QT+QML and is not Working at all :

function sendDataPost()
{
var doc = new XMLHttpRequest();
doc.onreadystatechange = function() {
if (doc.readyState == XMLHttpRequest.HEADERS_RECEIVED) {
console.log("Headers 1 -->");
console.log(doc.getAllResponseHeaders ());
console.log("Last modified -->");
console.log(doc.getResponseHeader ("Last-Modified"));
console.log('responseText');
console.log(doc.responseText);
} else if (doc.readyState == XMLHttpRequest.DONE) {
var a = doc.responseXML.documentElement;
for (var ii = 0; ii < a.childNodes.length; ++ii) {
console.log(a.childNodes[ii].nodeName);
}
console.log("Headers 2 -->");
console.log(doc.getAllResponseHeaders ());
console.log("Last modified -->");
console.log(doc.getResponseHeader ("Last-Modified"));
}
}

doc.open("POST", "http://104.131.179.18/velneo/proceso?dos=hola");
doc.send("dos=Comoestas");


Do you see if im doing something wrong or i need to do something different? im really stock in this or! the problem is in my server?