Cherry pick branch 'genexuslabs:removeKeysFromAndroid' into beta

Author: iroqueta

android/src/main/java/com/genexus/internet/HttpContext.java

@@ -11,50 +11,22 @@
 
 import com.artech.base.services.AndroidContext;
 import com.genexus.util.Codecs;
-import com.genexus.util.Encryption;
 
 import org.json.JSONArray;
 import org.json.JSONException;
 import org.json.JSONObject;
 
 public abstract class HttpContext extends HttpAjaxContext implements IHttpContext
 {
-    private static String GX_AJAX_REQUEST_HEADER = "GxAjaxRequest";
-
     protected boolean PortletMode = false;
-    protected boolean AjaxCallMode = false;
-    protected boolean AjaxEventMode = false;
-	 protected boolean FullAjaxMode = false;
 	 public boolean drawingGrid = false;
 
     public void setPortletMode()
     { PortletMode = true; }
 
-    public void setAjaxCallMode()
-    { AjaxCallMode = true; }
-
-	 public void setFullAjaxMode()
-	 { FullAjaxMode = true; }
-
-	 public void setAjaxEventMode()
-    { AjaxEventMode = true; }
-
     public boolean isPortletMode()
     { return PortletMode; }
 
-    public boolean isAjaxCallMode()
-    { return AjaxCallMode; }
-
-    public boolean isAjaxEventMode()
-    { return AjaxEventMode; }
-
-	 public boolean isFullAjaxMode()
-	 { return FullAjaxMode; }
-
-    public boolean isAjaxRequest()
-    { return isAjaxCallMode() || isAjaxEventMode() || isPortletMode() || isFullAjaxMode(); }
-    
-
     public byte wbGlbDoneStart = 0;
 				//nSOAPErr
 	public HttpResponse GX_webresponse;
@@ -385,7 +357,7 @@ public void windowClosed()
 
 		public void pushCurrentUrl()
 		{
-			if (getRequestMethod().equals("GET") && !isAjaxRequest())
+			if (getRequestMethod().equals("GET"))
 			{
 				String sUrl = getRequestNavUrl().trim();
 				String topUrl = getNavigationHelper().peekUrl(sUrl);
@@ -409,106 +381,9 @@ public void printReportAtClient(String reportFile, String printerRule)
         {
             addPrintReportCommand(getResource(reportFile), printerRule);
         }
-
-        public boolean isGxAjaxRequest()
-        {
-            if (this.isMultipartContent())
-            {
-                return true;
-            }
-        //    String gxHeader = getRequest().getHeader(GX_AJAX_REQUEST_HEADER);
-       //     if (gxHeader != null && gxHeader.trim().length() > 0)
-        //    {
-         //       return true;
-        //    }
-            return false;
-        }
-
-        private String getAjaxEncryptionKey()
-        {
-            if(getSessionValue(Encryption.AJAX_ENCRYPTION_KEY) == null)
-            {
-                if (!recoverEncryptionKey())
-                {
-                    webPutSessionValue(Encryption.AJAX_ENCRYPTION_KEY, Encryption.getRijndaelKey());
-                }
-            }
-            return (String)getSessionValue(Encryption.AJAX_ENCRYPTION_KEY);
-        }
-        
-        private boolean recoverEncryptionKey()
-        {
-            if (getSessionValue(Encryption.AJAX_ENCRYPTION_KEY) == null)
-            {
-           //     String clientKey = getRequest().getHeader(Encryption.AJAX_SECURITY_TOKEN);
-          //      if (clientKey != null && clientKey.trim().length() > 0)
-            //    {
-            //        boolean candecrypt[]=new boolean[1];
-            //        clientKey = Encryption.decryptRijndael(clientKey, Encryption.GX_AJAX_PRIVATE_KEY, candecrypt);
-             //       if (candecrypt[0])
-            //        {
-              //      	webPutSessionValue(Encryption.AJAX_ENCRYPTION_KEY, clientKey);
-             //       	return true;
-              //      }else
-              //      {
-              //      	return false;
-              //      }
-              //  }
-            }
-            return false;
-        }
-
-        public String DecryptAjaxCall(String encrypted)
-        {            
-            validEncryptedParm = false;
-			if (isGxAjaxRequest())
-			{
-				String key = getAjaxEncryptionKey();
-				boolean candecrypt[] = new boolean[1];
-				String decrypted = Encryption.decryptRijndael(encrypted, key, candecrypt);
-				validEncryptedParm = candecrypt[0];
-				if (!validEncryptedParm)
-				{
-					sendResponseStatus(403, "Forbidden action");
-					return "";
-				}
-				if (validEncryptedParm && !getRequestMethod().equalsIgnoreCase("post"))
-				{
-					setQueryString(decrypted);
-					decrypted = GetNextPar();
-				}
-				return decrypted;
-			}            
-            return encrypted;
-        }
-
-        public boolean IsValidAjaxCall()
-        {
-            return IsValidAjaxCall(true);
-        }
-
-        public boolean IsValidAjaxCall(boolean insideAjaxCall)
-        {         
-			if (insideAjaxCall && !validEncryptedParm)
-			{
-				sendResponseStatus(403, "Forbidden action");
-				return false;
-			}
-			else if (!insideAjaxCall && isGxAjaxRequest())
-			{
-				sendResponseStatus(440, "Session timeout");
-				return false;
-			}            
-            return true;
-        }
 
         public void sendResponseStatus(int statusCode, String statusDescription)
         {
-            //getResponse().setStatus(statusCode);
-            //try { getResponse().sendError(statusCode, statusDescription); }
-            //catch(Exception e) {}
-            //setAjaxCallMode();
-            //disableOutput();
         }
 
         private void sendReferer()
@@ -578,28 +453,11 @@ public String decrypt64(String value, String key)
             }
             return sRet;
         }
-        
-        public void SendAjaxEncryptionKey()
-        {
-             if(!encryptionKeySended)
-             {
-                 String key = getAjaxEncryptionKey();
-                 ajax_rsp_assign_hidden(Encryption.AJAX_ENCRYPTION_KEY, key);
-                 ajax_rsp_assign_hidden(Encryption.AJAX_ENCRYPTION_IV, Encryption.GX_AJAX_PRIVATE_IV);
-
-                 try
-                 {
-                    ajax_rsp_assign_hidden(Encryption.AJAX_SECURITY_TOKEN, Encryption.encryptRijndael(key, Encryption.GX_AJAX_PRIVATE_KEY));
-                 }
-                 catch(Exception exc) {}
-                 encryptionKeySended = true;
-             }
-        }
 
         public void SendServerCommands()
         {
             try {
-                if (!isAjaxRequest() && commands.getCount() > 0)
+                if (commands.getCount() > 0)
                 {
                     HiddenValues.put("GX_SRV_COMMANDS", commands.getJSONArray());
                 }

common/src/main/java/com/genexus/util/Encryption.java

@@ -3,21 +3,10 @@
 import java.security.InvalidKeyException;
 import com.genexus.CommonUtil;
 import com.genexus.common.interfaces.SpecificImplementation;
-import java.nio.charset.StandardCharsets;
 
 import com.genexus.diagnostics.core.ILogger;
 import com.genexus.diagnostics.core.LogManager;
 import org.apache.commons.codec.binary.Base64;
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.BufferedBlockCipher;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.engines.RijndaelEngine;
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
-import org.bouncycastle.crypto.paddings.ZeroBytePadding;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
 import org.bouncycastle.util.encoders.Hex;
 
 import java.io.UnsupportedEncodingException;
@@ -29,8 +18,6 @@ public class Encryption
     public static String AJAX_ENCRYPTION_KEY = "GX_AJAX_KEY";
 	public static String AJAX_ENCRYPTION_IV = "GX_AJAX_IV";
 	public static String AJAX_SECURITY_TOKEN = "AJAX_SECURITY_TOKEN";
-	public static String GX_AJAX_PRIVATE_KEY = "595D54FF4A612E69FF4F3FFFFF0B01FF";
-	public static String GX_AJAX_PRIVATE_IV = "8722E2EA52FD44F599D35D1534485D8E";
 	private static int[] VALID_KEY_LENGHT_IN_BYTES = new int[]{32, 48, 64};
 
 	static public class InvalidGXKeyException extends RuntimeException
@@ -344,77 +331,4 @@ public void nextBytes2(byte[] out)
 			}
 		}
 	}
-        
-        public static String getRijndaelKey()
-        {
-			SecureRandom rdm = new SecureRandom();
-            byte[] bytes = new byte[16];
-            rdm.nextBytes(bytes);
-            StringBuffer buffer = new StringBuffer(32);
-            for (int i = 0; i < 16; i++)
-            {
-                buffer.append(CommonUtil.padl(Integer.toHexString((int)bytes[i]), 2, "0"));
-            }
-            return buffer.toString().toUpperCase();
-        }
-
-	public static String decryptRijndael(String ivEncrypted, String key, boolean[] candecrypt) {
-
-		try {
-			candecrypt[0] = false;
-			String encrypted = ivEncrypted.length() >= GX_AJAX_PRIVATE_IV.length() ? ivEncrypted.substring(GX_AJAX_PRIVATE_IV.length()) : ivEncrypted;
-			byte[] inputBytes = Hex.decode(encrypted.trim().getBytes());
-			byte[] outputBytes;
-			String decrypted = "";
-			if (inputBytes != null) {
-				try {
-					outputBytes = aesCipher(inputBytes, false, key, GX_AJAX_PRIVATE_IV);
-				} catch (DataLengthException | IllegalStateException | InvalidCipherTextException e) {
-					return ivEncrypted;
-				}
-
-				String result = new String(outputBytes, StandardCharsets.US_ASCII).replaceAll("[\ufffd]", "");
-				if (result != null) {
-					candecrypt[0] = true;
-					decrypted = result.trim();
-				}
-			}
-			return decrypted;
-		}catch(Exception ex){
-			return ivEncrypted;
-		}
-	}
-
-	public static String encryptRijndael(String plainText, String key) {
-		byte[] inputBytes = plainText.trim().getBytes(StandardCharsets.US_ASCII);
-		byte[] outputBytes;
-		try {
-			outputBytes = aesCipher(inputBytes, true, key, GX_AJAX_PRIVATE_IV);
-		} catch (DataLengthException | IllegalStateException | InvalidCipherTextException e) {
-			logger.error("encryptRijndael error", e);
-			return "";
-		}
-		return Hex.toHexString(outputBytes);
-	}
-
-
-	private static byte[] aesCipher(byte[] inputBytes, boolean init, String key, String iv)
-		throws DataLengthException, IllegalStateException, InvalidCipherTextException {
-		byte[] byteKey = Hex.decode(key);
-		byte[] byteIV = Hex.decode(iv);
-		KeyParameter keyParam = new KeyParameter(byteKey);
-		ParametersWithIV keyParamWithIV = new ParametersWithIV(keyParam, byteIV);
-
-		BlockCipher engineWithMode = new CBCBlockCipher(new RijndaelEngine());
-
-		BufferedBlockCipher bbc = new PaddedBufferedBlockCipher(engineWithMode, new ZeroBytePadding());
-		bbc.init(init, keyParamWithIV);
-		byte[] outputBytes = new byte[bbc.getOutputSize(inputBytes.length)];
-		if (inputBytes != null) {
-			int length = bbc.processBytes(inputBytes, 0, inputBytes.length, outputBytes, 0);
-			bbc.doFinal(outputBytes, length);
-
-		}
-		return outputBytes;
-	}
 }