Skip to content

Remove Ajax implementation in Android module #934

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Feb 18, 2025
Merged

Remove Ajax implementation in Android module #934

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
cc2ec01
Remove Ajax implementation in Android module
iroqueta Feb 7, 2025
25d1a0d
Merge branch 'master' into removeKeysFromAndroid
iroqueta Feb 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
146 changes: 2 additions & 144 deletions android/src/main/java/com/genexus/internet/HttpContext.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,50 +11,22 @@

import com.artech.base.services.AndroidContext;
import com.genexus.util.Codecs;
import com.genexus.util.Encryption;

import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

public abstract class HttpContext extends HttpAjaxContext implements IHttpContext
{
private static String GX_AJAX_REQUEST_HEADER = "GxAjaxRequest";

protected boolean PortletMode = false;
protected boolean AjaxCallMode = false;
protected boolean AjaxEventMode = false;
protected boolean FullAjaxMode = false;
public boolean drawingGrid = false;

public void setPortletMode()
{ PortletMode = true; }

public void setAjaxCallMode()
{ AjaxCallMode = true; }

public void setFullAjaxMode()
{ FullAjaxMode = true; }

public void setAjaxEventMode()
{ AjaxEventMode = true; }

public boolean isPortletMode()
{ return PortletMode; }

public boolean isAjaxCallMode()
{ return AjaxCallMode; }

public boolean isAjaxEventMode()
{ return AjaxEventMode; }

public boolean isFullAjaxMode()
{ return FullAjaxMode; }

public boolean isAjaxRequest()
{ return isAjaxCallMode() || isAjaxEventMode() || isPortletMode() || isFullAjaxMode(); }


public byte wbGlbDoneStart = 0;
//nSOAPErr
public HttpResponse GX_webresponse;
Expand Down Expand Up @@ -385,7 +357,7 @@ public void windowClosed()

public void pushCurrentUrl()
{
if (getRequestMethod().equals("GET") && !isAjaxRequest())
if (getRequestMethod().equals("GET"))
{
String sUrl = getRequestNavUrl().trim();
String topUrl = getNavigationHelper().peekUrl(sUrl);
Expand All @@ -409,106 +381,9 @@ public void printReportAtClient(String reportFile, String printerRule)
{
addPrintReportCommand(getResource(reportFile), printerRule);
}

public boolean isGxAjaxRequest()
{
if (this.isMultipartContent())
{
return true;
}
// String gxHeader = getRequest().getHeader(GX_AJAX_REQUEST_HEADER);
// if (gxHeader != null && gxHeader.trim().length() > 0)
// {
// return true;
// }
return false;
}

private String getAjaxEncryptionKey()
{
if(getSessionValue(Encryption.AJAX_ENCRYPTION_KEY) == null)
{
if (!recoverEncryptionKey())
{
webPutSessionValue(Encryption.AJAX_ENCRYPTION_KEY, Encryption.getRijndaelKey());
}
}
return (String)getSessionValue(Encryption.AJAX_ENCRYPTION_KEY);
}

private boolean recoverEncryptionKey()
{
if (getSessionValue(Encryption.AJAX_ENCRYPTION_KEY) == null)
{
// String clientKey = getRequest().getHeader(Encryption.AJAX_SECURITY_TOKEN);
// if (clientKey != null && clientKey.trim().length() > 0)
// {
// boolean candecrypt[]=new boolean[1];
// clientKey = Encryption.decryptRijndael(clientKey, Encryption.GX_AJAX_PRIVATE_KEY, candecrypt);
// if (candecrypt[0])
// {
// webPutSessionValue(Encryption.AJAX_ENCRYPTION_KEY, clientKey);
// return true;
// }else
// {
// return false;
// }
// }
}
return false;
}

public String DecryptAjaxCall(String encrypted)
{
validEncryptedParm = false;
if (isGxAjaxRequest())
{
String key = getAjaxEncryptionKey();
boolean candecrypt[] = new boolean[1];
String decrypted = Encryption.decryptRijndael(encrypted, key, candecrypt);
validEncryptedParm = candecrypt[0];
if (!validEncryptedParm)
{
sendResponseStatus(403, "Forbidden action");
return "";
}
if (validEncryptedParm && !getRequestMethod().equalsIgnoreCase("post"))
{
setQueryString(decrypted);
decrypted = GetNextPar();
}
return decrypted;
}
return encrypted;
}

public boolean IsValidAjaxCall()
{
return IsValidAjaxCall(true);
}

public boolean IsValidAjaxCall(boolean insideAjaxCall)
{
if (insideAjaxCall && !validEncryptedParm)
{
sendResponseStatus(403, "Forbidden action");
return false;
}
else if (!insideAjaxCall && isGxAjaxRequest())
{
sendResponseStatus(440, "Session timeout");
return false;
}
return true;
}

public void sendResponseStatus(int statusCode, String statusDescription)
{
//getResponse().setStatus(statusCode);
//try { getResponse().sendError(statusCode, statusDescription); }
//catch(Exception e) {}
//setAjaxCallMode();
//disableOutput();
}

private void sendReferer()
Expand Down Expand Up @@ -578,28 +453,11 @@ public String decrypt64(String value, String key)
}
return sRet;
}

public void SendAjaxEncryptionKey()
{
if(!encryptionKeySended)
{
String key = getAjaxEncryptionKey();
ajax_rsp_assign_hidden(Encryption.AJAX_ENCRYPTION_KEY, key);
ajax_rsp_assign_hidden(Encryption.AJAX_ENCRYPTION_IV, Encryption.GX_AJAX_PRIVATE_IV);

try
{
ajax_rsp_assign_hidden(Encryption.AJAX_SECURITY_TOKEN, Encryption.encryptRijndael(key, Encryption.GX_AJAX_PRIVATE_KEY));
}
catch(Exception exc) {}
encryptionKeySended = true;
}
}

public void SendServerCommands()
{
try {
if (!isAjaxRequest() && commands.getCount() > 0)
if (commands.getCount() > 0)
{
HiddenValues.put("GX_SRV_COMMANDS", commands.getJSONArray());
}
Expand Down
86 changes: 0 additions & 86 deletions common/src/main/java/com/genexus/util/Encryption.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,21 +3,10 @@
import java.security.InvalidKeyException;
import com.genexus.CommonUtil;
import com.genexus.common.interfaces.SpecificImplementation;
import java.nio.charset.StandardCharsets;

import com.genexus.diagnostics.core.ILogger;
import com.genexus.diagnostics.core.LogManager;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.BufferedBlockCipher;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.engines.RijndaelEngine;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import org.bouncycastle.crypto.paddings.ZeroBytePadding;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.util.encoders.Hex;

import java.io.UnsupportedEncodingException;
Expand All @@ -29,8 +18,6 @@ public class Encryption
public static String AJAX_ENCRYPTION_KEY = "GX_AJAX_KEY";
public static String AJAX_ENCRYPTION_IV = "GX_AJAX_IV";
public static String AJAX_SECURITY_TOKEN = "AJAX_SECURITY_TOKEN";
public static String GX_AJAX_PRIVATE_KEY = "595D54FF4A612E69FF4F3FFFFF0B01FF";
public static String GX_AJAX_PRIVATE_IV = "8722E2EA52FD44F599D35D1534485D8E";
private static int[] VALID_KEY_LENGHT_IN_BYTES = new int[]{32, 48, 64};

static public class InvalidGXKeyException extends RuntimeException
Expand Down Expand Up @@ -344,77 +331,4 @@ public void nextBytes2(byte[] out)
}
}
}

public static String getRijndaelKey()
{
SecureRandom rdm = new SecureRandom();
byte[] bytes = new byte[16];
rdm.nextBytes(bytes);
StringBuffer buffer = new StringBuffer(32);
for (int i = 0; i < 16; i++)
{
buffer.append(CommonUtil.padl(Integer.toHexString((int)bytes[i]), 2, "0"));
}
return buffer.toString().toUpperCase();
}

public static String decryptRijndael(String ivEncrypted, String key, boolean[] candecrypt) {

try {
candecrypt[0] = false;
String encrypted = ivEncrypted.length() >= GX_AJAX_PRIVATE_IV.length() ? ivEncrypted.substring(GX_AJAX_PRIVATE_IV.length()) : ivEncrypted;
byte[] inputBytes = Hex.decode(encrypted.trim().getBytes());
byte[] outputBytes;
String decrypted = "";
if (inputBytes != null) {
try {
outputBytes = aesCipher(inputBytes, false, key, GX_AJAX_PRIVATE_IV);
} catch (DataLengthException | IllegalStateException | InvalidCipherTextException e) {
return ivEncrypted;
}

String result = new String(outputBytes, StandardCharsets.US_ASCII).replaceAll("[\ufffd]", "");
if (result != null) {
candecrypt[0] = true;
decrypted = result.trim();
}
}
return decrypted;
}catch(Exception ex){
return ivEncrypted;
}
}

public static String encryptRijndael(String plainText, String key) {
byte[] inputBytes = plainText.trim().getBytes(StandardCharsets.US_ASCII);
byte[] outputBytes;
try {
outputBytes = aesCipher(inputBytes, true, key, GX_AJAX_PRIVATE_IV);
} catch (DataLengthException | IllegalStateException | InvalidCipherTextException e) {
logger.error("encryptRijndael error", e);
return "";
}
return Hex.toHexString(outputBytes);
}


private static byte[] aesCipher(byte[] inputBytes, boolean init, String key, String iv)
throws DataLengthException, IllegalStateException, InvalidCipherTextException {
byte[] byteKey = Hex.decode(key);
byte[] byteIV = Hex.decode(iv);
KeyParameter keyParam = new KeyParameter(byteKey);
ParametersWithIV keyParamWithIV = new ParametersWithIV(keyParam, byteIV);

BlockCipher engineWithMode = new CBCBlockCipher(new RijndaelEngine());

BufferedBlockCipher bbc = new PaddedBufferedBlockCipher(engineWithMode, new ZeroBytePadding());
bbc.init(init, keyParamWithIV);
byte[] outputBytes = new byte[bbc.getOutputSize(inputBytes.length)];
if (inputBytes != null) {
int length = bbc.processBytes(inputBytes, 0, inputBytes.length, outputBytes, 0);
bbc.doFinal(outputBytes, length);

}
return outputBytes;
}
}
Loading
Loading