I have already posted this question in the Intel Forums, but my schedule is limited and I need a quick answer, so I am reaching out to all available media.
I am developing a small Intel SGX Application that does remote attestation with an Android Service Provider. I need your help trying to understand how to use the certificate that I have registered with Intel to make HTTPS requests to the IAS (as referenced in the documentation).
I have a small test Java program that makes a simple Retreive SigRL GET request to the IAS, just to test out if it works at all. But I keep getting SSLHandshakeException when it tries to execute the HTTPS request.
Java Code:
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.NoSuchAlgorithmException;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
public class Prog {
public static void main(String[] args) throws Exception {
makeRequest();
}
public static void makeRequest() throws Exception {
String url = "https://test-as.sgx.trustedservices.intel.com:443/attestation/sgx/v2/sigrl/00000010";
URL target = new URL(url);
/* Force TLSv1.2 */
SSLContext sc = SSLContext.getInstance("TLSv1.2");
sc.init(null, null, new java.security.SecureRandom());
/* Set up HTTP properties. */
HttpsURLConnection connection = (HttpsURLConnection) target.openConnection();
connection.setSSLSocketFactory(sc.getSocketFactory());
connection.setRequestMethod("GET");
connection.setDoOutput(true);
/* Obtain and check response status quote. */
int responseCode = connection.getResponseCode();
/* Read response body into a String */
BufferedReader in = new BufferedReader(new InputStreamReader(connection.getInputStream()));
String inputLine;
StringBuffer responseBuffer = new StringBuffer();
while((inputLine = in.readLine()) != null){
responseBuffer.append(inputLine);
}
in.close();
String response = responseBuffer.toString();
/* Evaluate result and print messages. */
System.out.println("HTTP response status code: " + responseCode + "\n");
System.out.println(response);
}
}
Console output:
Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2038)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1135)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:347)
at Prog.makeRequest(Prog.java:32)
at Prog.main(Prog.java:13)
This tutorial generates a client.pfx file that can be used to import the certificate to other platforms. I have copied this file to the Ubuntu system that runs my Java program and double-clicked it to import it. Everything seemed sucessful, but I still keep getting these Exceptions when running the program.
I have also installed the client.crt file on Android using the option in (Settings)>(Lockscreen and security)>(Other security settings)>(Credential Storage/Install from device storage). When I try to run this code from an Android Activity (just by copypasting the method), I get the exact same error.
I need to be able to make the IAS requests both from Ubuntu and Android (7.0, API 24). The certificate I generated using this tutorial is already registered with Intel (I have received E-Mail confirmation and a service provider ID from Intel Developer Services).
In principle the only thing I need to know is how to properly use/install the certificate that I generated on both Ubuntu and on Android and if I am properly issuing the HTTP request in the program. I am still a student and I need to work with SGX for a project, so please bear with my limited knowledge. I would be very grateful for an answer.
