Merge branch 'master' into fix/bump-google-cloud-storage

Author: sgrampone

gxcloudstorage-awss3-v2/src/main/java/com/genexus/db/driver/ExternalProviderS3V2.java

@@ -119,7 +119,7 @@ private void initialize() throws Exception {
 			this.folder = folder;
 
 			this.client = buildS3Client(accessKey, secretKey, endpointValue, clientRegion);
-			this.presigner = buildS3Presinger(accessKey, secretKey, clientRegion);
+			this.presigner = buildS3Presigner(accessKey, secretKey, clientRegion);
 			bucketExists();
 		}
 	}
@@ -129,21 +129,20 @@ private S3Client buildS3Client(String accessKey, String secretKey, String endpoi
 
 		boolean bUseIAM = !getPropertyValue(USE_IAM, "", "").isEmpty() || (accessKey.equals("") && secretKey.equals(""));
 
-		S3ClientBuilder builder = bUseIAM ?
-			S3Client.builder() :
-			S3Client.builder().credentialsProvider(
-				StaticCredentialsProvider.create(
-					AwsBasicCredentials.create(accessKey, secretKey)
-				)
-			);
+		S3ClientBuilder builder = bUseIAM
+			? S3Client.builder().credentialsProvider(DefaultCredentialsProvider.create())
+			: S3Client.builder().credentialsProvider(
+			StaticCredentialsProvider.create(
+				AwsBasicCredentials.create(accessKey, secretKey)
+			)
+		);
 
 		if (bUseIAM) {
 			logger.debug("Using IAM Credentials");
 		}
 
 		if (!endpoint.isEmpty() && !endpoint.contains(".amazonaws.com")) {
 			pathStyleUrls = true;
-
 			s3Client = builder
 				.endpointOverride(URI.create(endpoint))
 				.region(Region.of(region))
@@ -179,11 +178,22 @@ private S3Client buildS3Client(String accessKey, String secretKey, String endpoi
 		return s3Client;
 	}
 
-	private S3Presigner buildS3Presinger(String accessKey, String secretKey, String region) {
-		return S3Presigner.builder()
+	private S3Presigner buildS3Presigner(String accessKey, String secretKey, String region) {
+		boolean bUseIAM = !getPropertyValue(USE_IAM, "", "").isEmpty() || (accessKey.equals("") && secretKey.equals(""));
+
+		S3Presigner.Builder builder = S3Presigner.builder()
 			.region(Region.of(region))
-			.credentialsProvider(StaticCredentialsProvider.create(AwsBasicCredentials.create(accessKey, secretKey)))
-			.build();
+			.credentialsProvider(
+				bUseIAM
+					? DefaultCredentialsProvider.create()
+					: StaticCredentialsProvider.create(AwsBasicCredentials.create(accessKey, secretKey))
+			);
+
+		if (bUseIAM) {
+			logger.debug("Using IAM Credentials for presigner");
+		}
+
+		return builder.build();
 	}
 
 	private void bucketExists() {

gxspringboot/src/main/java/com/genexus/springboot/GXConfig.java

@@ -46,6 +46,9 @@ public void addResourceHandlers(ResourceHandlerRegistry registry) {
 			registry.addResourceHandler(webImageDir + "**")
 				.addResourceLocations("classpath:" + webImageDir);
 
+			registry.addResourceHandler("/_ng/**")
+				.addResourceLocations("classpath:/ng/");
+
 			registry.addResourceHandler("/" + blobPath + "/**")
 				.addResourceLocations("file:./" + blobPath + "/");
 		}
@@ -71,6 +74,7 @@ public FilterRegistrationBean<UrlRewriteFilter> urlRewriteFilter() {
 		if (new ClassPathResource(REWRITE_FILE).exists()) {
 			registrationBean.addInitParameter("modRewriteConf", "true");
 			registrationBean.addInitParameter("confPath", REWRITE_FILE);
+			registrationBean.setOrder(org.springframework.core.Ordered.HIGHEST_PRECEDENCE);
 		}
 		else {
 			registrationBean.setEnabled(false);

pom.xml

@@ -28,7 +28,7 @@
 		<software.azure.cosmos.version>4.42.0</software.azure.cosmos.version>
 		<log4j.version>2.21.1</log4j.version>
         <io.opentelemetry.version>1.28.0</io.opentelemetry.version>
-        <org.bouncycastle.version>1.78.1</org.bouncycastle.version>
+        <org.bouncycastle.version>1.82</org.bouncycastle.version>
         <commons-io.version>2.15.1</commons-io.version>
         <commons-codec.version>1.15</commons-codec.version>
         <xmlsec.version>3.0.3</xmlsec.version>

wrappercommon/pom.xml

@@ -29,11 +29,28 @@
             <artifactId>log4j-core</artifactId>
             <version>${log4j.version}</version>
         </dependency>
-		<dependency>
-			<groupId>org.apache.ws.security</groupId>
-			<artifactId>wss4j</artifactId>
-			<version>1.6.19</version>			
-		</dependency>
+        <dependency>
+            <groupId>org.apache.wss4j</groupId>
+            <artifactId>wss4j-ws-security-common</artifactId>
+            <version>2.4.3</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.apache.geronimo.javamail</groupId>
+                    <artifactId>geronimo-javamail_1.4_mail</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.wss4j</groupId>
+            <artifactId>wss4j-ws-security-dom</artifactId>
+            <version>2.4.3</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.apache.geronimo.javamail</groupId>
+                    <artifactId>geronimo-javamail_1.4_mail</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-layout-template-json</artifactId>

wrapperjakarta/src/main/java/com/genexus/ws/GXHandlerConsumerChain.java

@@ -3,6 +3,8 @@
 import java.util.Set;
 import java.util.HashSet;
 import java.util.Properties;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
 import javax.xml.namespace.QName;
 import javax.xml.transform.*;
 import javax.xml.transform.dom.DOMResult;
@@ -12,12 +14,14 @@
 import jakarta.xml.ws.handler.soap.SOAPMessageContext;
 import jakarta.xml.soap.*;
 import javax.xml.parsers.DocumentBuilderFactory;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
-import org.apache.ws.security.message.WSSecEncrypt;
-import org.apache.ws.security.message.WSSecHeader;
-import org.apache.ws.security.message.WSSecSignature;
-import org.apache.ws.security.message.WSSecTimestamp;
+
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.dom.message.WSSecEncrypt;
+import org.apache.wss4j.dom.message.WSSecHeader;
+import org.apache.wss4j.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecTimestamp;
+
 import org.w3c.dom.*;
 import java.io.InputStream;
 import java.io.ByteArrayInputStream;
@@ -26,6 +30,8 @@
 import com.genexus.diagnostics.core.LogManager;
 import com.genexus.common.interfaces.*;
 
+import static org.apache.wss4j.common.util.KeyUtils.getKeyGenerator;
+
 public class GXHandlerConsumerChain implements SOAPHandler<SOAPMessageContext>
 {
 	public static final ILogger logger = LogManager.getLogger(GXHandlerConsumerChain.class);
@@ -156,8 +162,8 @@ public boolean handleMessage(SOAPMessageContext messageContext)
 				Document doc = messageToDocument(messageContext.getMessage());
 
 				//Security header
-				WSSecHeader secHeader = new WSSecHeader();
-				secHeader.insertSecurityHeader(doc);
+				WSSecHeader secHeader = new WSSecHeader(doc);
+				secHeader.insertSecurityHeader();
 				Document signedDoc = null;
 
 				//Signature
@@ -168,7 +174,7 @@ public boolean handleMessage(SOAPMessageContext messageContext)
 					signatureProperties.put("org.apache.ws.security.crypto.merlin.keystore.password", wsSignature.getKeystore().getPassword());
 					signatureProperties.put("org.apache.ws.security.crypto.merlin.file", wsSignature.getKeystore().getSource());
 					Crypto signatureCrypto = CryptoFactory.getInstance(signatureProperties);
-					WSSecSignature sign = new WSSecSignature();
+					WSSecSignature sign = new WSSecSignature(doc);
 					sign.setKeyIdentifierType(wsSignature.getKeyIdentifierType());
 					sign.setUserInfo(wsSignature.getAlias(), wsSignature.getKeystore().getPassword());
 					if (wsSignature.getCanonicalizationalgorithm() != null)
@@ -177,13 +183,13 @@ public boolean handleMessage(SOAPMessageContext messageContext)
 						sign.setDigestAlgo(wsSignature.getDigest());
 					if (wsSignature.getSignaturealgorithm() != null)
 						sign.setSignatureAlgorithm(wsSignature.getSignaturealgorithm());
-					signedDoc = sign.build(doc, signatureCrypto, secHeader);
+					signedDoc = sign.build( signatureCrypto);
 
 					if (expirationTimeout > 0)
 					{
-						WSSecTimestamp timestamp = new WSSecTimestamp();
+						WSSecTimestamp timestamp = new WSSecTimestamp(secHeader);
 						timestamp.setTimeToLive(expirationTimeout);
-						signedDoc = timestamp.build(signedDoc, secHeader);
+						signedDoc = timestamp.build();
 					}
 				}
 
@@ -195,14 +201,19 @@ public boolean handleMessage(SOAPMessageContext messageContext)
 					encryptionProperties.put("org.apache.ws.security.crypto.merlin.keystore.password", wsEncryption.getKeystore().getPassword());
 					encryptionProperties.put("org.apache.ws.security.crypto.merlin.file", wsEncryption.getKeystore().getSource());
 					Crypto encryptionCrypto = CryptoFactory.getInstance(encryptionProperties);
-					WSSecEncrypt builder = new WSSecEncrypt();
-					builder.setUserInfo(wsEncryption.getAlias(), wsEncryption.getKeystore().getPassword());
-					builder.setKeyIdentifierType(wsEncryption.getKeyIdentifierType());
 					if (signedDoc == null)
 					{
 						signedDoc = doc;
 					}
-					builder.build(signedDoc, encryptionCrypto, secHeader);
+					WSSecEncrypt builder = new WSSecEncrypt(signedDoc);
+					builder.setUserInfo(wsEncryption.getAlias(), wsEncryption.getKeystore().getPassword());
+					builder.setKeyIdentifierType(wsEncryption.getKeyIdentifierType());
+					//using wss4j default encryption algorithm AES128-CBC
+					KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
+					keyGenerator.init(128);
+					SecretKey key = keyGenerator.generateKey();
+
+					builder.build(encryptionCrypto, key);
 				}
 
 				Document securityDoc = doc;

wrapperjakarta/src/main/java/com/genexus/ws/rs/core/Response.java

@@ -36,6 +36,10 @@ public static Response.ResponseBuilder unauthorized() {
 		return new Response.ResponseBuilder(jakarta.ws.rs.core.Response.status(Status.UNAUTHORIZED));
 	}
 
+	public static Response.ResponseBuilder badrequest() {
+		return new Response.ResponseBuilder(jakarta.ws.rs.core.Response.status(Status.BAD_REQUEST));
+	}
+
 	public static Response.ResponseBuilder noContentWrapped() {
 		return new Response.ResponseBuilder(jakarta.ws.rs.core.Response.noContent());
 	}

wrapperjavax/src/main/java/com/genexus/ws/GXHandlerConsumerChain.java

@@ -3,6 +3,8 @@
 import java.util.Set;
 import java.util.HashSet;
 import java.util.Properties;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
 import javax.xml.namespace.QName;
 import javax.xml.transform.*;
 import javax.xml.transform.dom.DOMResult;
@@ -12,12 +14,14 @@
 import javax.xml.ws.handler.soap.SOAPMessageContext;
 import javax.xml.soap.*;
 import javax.xml.parsers.DocumentBuilderFactory;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
-import org.apache.ws.security.message.WSSecEncrypt;
-import org.apache.ws.security.message.WSSecHeader;
-import org.apache.ws.security.message.WSSecSignature;
-import org.apache.ws.security.message.WSSecTimestamp;
+
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.dom.message.WSSecEncrypt;
+import org.apache.wss4j.dom.message.WSSecHeader;
+import org.apache.wss4j.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.message.WSSecTimestamp;
+
 import org.w3c.dom.*;
 import java.io.InputStream;
 import java.io.ByteArrayInputStream;
@@ -156,8 +160,8 @@ public boolean handleMessage(SOAPMessageContext messageContext)
 				Document doc = messageToDocument(messageContext.getMessage());
 
 				//Security header
-				WSSecHeader secHeader = new WSSecHeader();
-				secHeader.insertSecurityHeader(doc);
+				WSSecHeader secHeader = new WSSecHeader(doc);
+				secHeader.insertSecurityHeader();
 				Document signedDoc = null;
 
 				//Signature
@@ -168,7 +172,7 @@ public boolean handleMessage(SOAPMessageContext messageContext)
 					signatureProperties.put("org.apache.ws.security.crypto.merlin.keystore.password", wsSignature.getKeystore().getPassword());
 					signatureProperties.put("org.apache.ws.security.crypto.merlin.file", wsSignature.getKeystore().getSource());
 					Crypto signatureCrypto = CryptoFactory.getInstance(signatureProperties);
-					WSSecSignature sign = new WSSecSignature();
+					WSSecSignature sign = new WSSecSignature(doc);
 					sign.setKeyIdentifierType(wsSignature.getKeyIdentifierType());
 					sign.setUserInfo(wsSignature.getAlias(), wsSignature.getKeystore().getPassword());
 					if (wsSignature.getCanonicalizationalgorithm() != null)
@@ -177,13 +181,13 @@ public boolean handleMessage(SOAPMessageContext messageContext)
 						sign.setDigestAlgo(wsSignature.getDigest());
 					if (wsSignature.getSignaturealgorithm() != null)
 						sign.setSignatureAlgorithm(wsSignature.getSignaturealgorithm());
-					signedDoc = sign.build(doc, signatureCrypto, secHeader);
+					signedDoc = sign.build( signatureCrypto);
 
 					if (expirationTimeout > 0)
 					{
-						WSSecTimestamp timestamp = new WSSecTimestamp();
+						WSSecTimestamp timestamp = new WSSecTimestamp(secHeader);
 						timestamp.setTimeToLive(expirationTimeout);
-						signedDoc = timestamp.build(signedDoc, secHeader);
+						signedDoc = timestamp.build();
 					}
 				}
 
@@ -195,14 +199,19 @@ public boolean handleMessage(SOAPMessageContext messageContext)
 					encryptionProperties.put("org.apache.ws.security.crypto.merlin.keystore.password", wsEncryption.getKeystore().getPassword());
 					encryptionProperties.put("org.apache.ws.security.crypto.merlin.file", wsEncryption.getKeystore().getSource());
 					Crypto encryptionCrypto = CryptoFactory.getInstance(encryptionProperties);
-					WSSecEncrypt builder = new WSSecEncrypt();
-					builder.setUserInfo(wsEncryption.getAlias(), wsEncryption.getKeystore().getPassword());
-					builder.setKeyIdentifierType(wsEncryption.getKeyIdentifierType());
 					if (signedDoc == null)
 					{
 						signedDoc = doc;
 					}
-					builder.build(signedDoc, encryptionCrypto, secHeader);
+					WSSecEncrypt builder = new WSSecEncrypt(signedDoc);
+					builder.setUserInfo(wsEncryption.getAlias(), wsEncryption.getKeystore().getPassword());
+					builder.setKeyIdentifierType(wsEncryption.getKeyIdentifierType());
+					//using wss4j default encryption algorithm AES128-CBC
+					KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
+					keyGenerator.init(128);
+					SecretKey key = keyGenerator.generateKey();
+
+					builder.build(encryptionCrypto, key);
 				}
 
 				Document securityDoc = doc;

wrapperjavax/src/main/java/com/genexus/ws/rs/core/Response.java

@@ -36,6 +36,10 @@ public static Response.ResponseBuilder unauthorized() {
 		return new Response.ResponseBuilder(javax.ws.rs.core.Response.status(Status.UNAUTHORIZED));
 	}
 
+	public static Response.ResponseBuilder badrequest() {
+		return new Response.ResponseBuilder(javax.ws.rs.core.Response.status(Status.BAD_REQUEST));
+	}
+
 	public static Response.ResponseBuilder noContentWrapped() {
 		return new Response.ResponseBuilder(javax.ws.rs.core.Response.noContent());
 	}