Merge branch 'master' into feature/gxobservability-testing-and-docs

Author: iroqueta

common/pom.xml

@@ -33,7 +33,7 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>
-            <version>3.17.0</version>
+            <version>3.18.0</version>
         </dependency>
 		<dependency>
 			<groupId>commons-io</groupId>

common/src/main/java/com/genexus/ApplicationContext.java

@@ -132,7 +132,7 @@ public boolean checkIfResourceExist(String path)
 		if (isSpringBootApp())
 			return new ClassPathResource(path).exists();
 		else
-			return new File(path).exists();
+			return new File(path).exists() || getClass().getClassLoader().getResource(path) != null;
 	}
 
 	public void setEJBEngine(boolean isEJBEngine)

common/src/main/java/com/genexus/CommonUtil.java

@@ -3490,4 +3490,69 @@ public static String Sanitize(String input, HashMap<Character, Character> whiteL
 		}
 		return sanitizedInput.toString();
 	}
+
+
+	public static boolean isKnownContentType(String type)
+	{
+		if (type != null)
+		{
+			for (int i = 0; i < contentTypes.length; i++)
+			{
+				if (contentTypes[i].length >= 2)
+				{
+					if (type.equalsIgnoreCase(contentTypes[i][1]))
+						return true;
+				}
+			}
+		}
+		return false;
+	}
+
+	public static String getContentFromExt( String extension)
+	{
+		if (extension != null)
+		{
+			extension = extension.toLowerCase();
+			for (int i = 0; i < contentTypes.length; i++) {
+				if (contentTypes[i][0].equals(extension.trim()))
+					return contentTypes[i][1];
+			}
+		}
+		return null;
+	}
+
+	private static final String contentTypes[][] = {
+		{"txt"     , "text/plain"},
+		{"rtx"     , "text/richtext"},
+		{"htm"     , "text/html"},
+		{"html" , "text/html"},
+		{"xml"     , "text/xml"},
+		{"aif"    , "audio/x-aiff"},
+		{"au"    , "audio/basic"},
+		{"wav"    , "audio/wav"},
+		{"bmp"    , "image/bmp"},
+		{"gif"    , "image/gif"},
+		{"jpe"    , "image/jpeg"},
+		{"jpeg"    , "image/jpeg"},
+		{"jpg"    , "image/jpeg"},
+		{"jfif"    , "image/pjpeg"},
+		{"tif"    , "image/tiff"},
+		{"tiff"    , "image/tiff"},
+		{"png"    , "image/x-png"},
+		{"3gp"    , "video/3gpp"},
+		{"3g2"    , "video/3gpp2"},
+		{"mpg"    , "video/mpeg"},
+		{"mpeg"    , "video/mpeg"},
+		{"mov"    , "video/quicktime"},
+		{"qt"    , "video/quicktime"},
+		{"avi"    , "video/x-msvideo"},
+		{"exe"    , "application/octet-stream"},
+		{"dll"    , "application/x-msdownload"},
+		{"ps"    , "application/postscript"},
+		{"pdf"    , "application/pdf"},
+		{"svg"    , "image/svg+xml"},
+		{"tgz"    , "application/x-compressed"},
+		{"zip"    , "application/x-zip-compressed"},
+		{"gz"    , "application/x-gzip"}
+	};
 }

common/src/main/java/com/genexus/GXExternalCollection.java

@@ -120,12 +120,14 @@ public <E> ArrayList<E> getExternalInstance() {
 	public void setExternalInstance(ArrayList<?> data)
 	{
 		try {
-			clear();
-			for (Object item : data) {
-				T obj = elementsType.getConstructor(new Class[]{}).newInstance();
-				obj.getClass().getMethod("setExternalInstance", item.getClass()).invoke(obj, item);
-				super.add(obj);
-				vectorExternal.add(item);
+			if (elementsType != null) {
+				clear();
+				for (Object item : data) {
+					T obj = elementsType.getConstructor(new Class[]{}).newInstance();
+					obj.getClass().getMethod("setExternalInstance", item.getClass()).invoke(obj, item);
+					super.add(obj);
+					vectorExternal.add(item);
+				}
 			}
 		}
 		catch(Exception ex)

common/src/main/java/com/genexus/util/GXFileInfo.java

@@ -28,7 +28,7 @@ public GXFileInfo(File file, boolean isDirectory){
 		this.isDirectory = isDirectory;
 	}
 	public String getPath(){
-		if (fileSource.isFile()){
+		if (fileSource.isFile() || !exists()){
 			String absoluteName = getAbsolutePath();
 			if (!absoluteName.equals(""))
 				return new File(absoluteName).getParent();

common/src/main/java/com/genexus/xml/GXXMLSerializable.java

@@ -497,7 +497,7 @@ private void collectionFromJSONArray(JSONArray jsonArray, GXSimpleCollection gxC
         }
 
         // cache of methods for classes, inpruve perfomance, becuase each intance get all methods each time called.
-        private static transient ConcurrentHashMap<String, ConcurrentHashMap<String, Method>> classesCacheMethods = new ConcurrentHashMap<>();
+        public static transient ConcurrentHashMap<String, ConcurrentHashMap<String, Method>> classesCacheMethods = new ConcurrentHashMap<>();
         // cache of methods names, inpruve perfomance.
         private static transient ConcurrentHashMap<String, String> toLowerCacheMethods = new ConcurrentHashMap<>();
 

common/src/main/java/com/genexus/xml/XMLReader.java

@@ -785,7 +785,11 @@ public void open(String url)
 			else
 			{
 				File xmlFile = new File(url);
-				fileInputStream = new FileInputStream(xmlFile);
+				if (xmlFile.exists())
+					fileInputStream = new FileInputStream(xmlFile);
+				else {
+					fileInputStream = getClass().getClassLoader().getResourceAsStream(url);
+				}
 			}
 			inputSource = new XMLInputSource(null, url, null, fileInputStream, null);
 			if (documentEncoding.length() > 0)

gamsaml20/src/main/java/com/genexus/saml20/PostBinding.java

@@ -15,10 +15,10 @@ public class PostBinding extends Binding {
 	private static final Logger logger = LogManager.getLogger(PostBinding.class);
 
 	private Document xmlDoc;
+	private Document verifiedDoc;
 
 	public PostBinding() {
 		logger.trace("PostBinding constructor");
-		xmlDoc = null;
 	}
 	// EXTERNAL OBJECT PUBLIC METHODS  - BEGIN
 
@@ -42,27 +42,34 @@ public static String logout(SamlParms parms, String relayState) {
 	}
 
 	public boolean verifySignatures(SamlParms parms) {
-		return DSig.validateSignatures(this.xmlDoc, parms.getTrustCertPath(), parms.getTrustCertAlias(), parms.getTrustCertPass());
+		String verified = DSig.validateSignatures(this.xmlDoc, parms.getTrustCertPath(), parms.getTrustCertAlias(), parms.getTrustCertPass());
+		if(verified.isEmpty()){
+			return false;
+		}else {
+			this.verifiedDoc = SamlAssertionUtils.loadDocument(verified);
+			logger.debug(MessageFormat.format("verifySignatures - sanitized xmlDoc {0}", Encoding.documentToString(this.xmlDoc)));
+			return true;
+		}
 	}
 
 	public String getLoginAssertions() {
 		logger.trace("getLoginAssertions");
-		return SamlAssertionUtils.getLoginInfo(this.xmlDoc);
+		return SamlAssertionUtils.getLoginInfo(this.verifiedDoc);
 	}
 
 	public String getLogoutAssertions() {
 		logger.trace("getLogoutAssertions");
-		return SamlAssertionUtils.getLogoutInfo(this.xmlDoc);
+		return SamlAssertionUtils.getLogoutInfo(this.verifiedDoc);
 	}
 
 	public String getLoginAttribute(String name) {
 		logger.trace("getLoginAttribute");
-		return SamlAssertionUtils.getLoginAttribute(this.xmlDoc, name).trim();
+		return SamlAssertionUtils.getLoginAttribute(this.verifiedDoc, name).trim();
 	}
 
 	public String getRoles(String name) {
 		logger.debug("getRoles");
-		return SamlAssertionUtils.getRoles(this.xmlDoc, name);
+		return SamlAssertionUtils.getRoles(this.verifiedDoc, name);
 	}
 
 	public boolean isLogout(){

gamsaml20/src/main/java/com/genexus/saml20/utils/DSig.java

@@ -6,6 +6,7 @@
 import org.apache.xml.security.utils.Constants;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
+import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
 import javax.xml.xpath.XPath;
@@ -22,40 +23,44 @@ public class DSig {
 
 	private static final Logger logger = LogManager.getLogger(DSig.class);
 
-	public static boolean validateSignatures(Document xmlDoc, String certPath, String certAlias, String certPassword) {
+	public static String validateSignatures(Document xmlDoc, String certPath, String certAlias, String certPassword) {
 		logger.trace("validateSignatures");
+		List<Element> assertions = new ArrayList<Element>();
 		X509Certificate cert = Keys.loadCertificate(certPath, certAlias, certPassword);
 
 		NodeList nodes = findElementsByPath(xmlDoc, "//*[@ID]");
 
 		NodeList signatures = xmlDoc.getElementsByTagNameNS(Constants.SignatureSpecNS, Constants._TAG_SIGNATURE);
 		//check the message is signed - security measure
 		if(signatures.getLength() == 0){
-			return false;
+			return "";
 		}
 		for (int i = 0; i < signatures.getLength(); i++) {
 			Element signedElement = findNodeById(nodes, getSignatureID((Element) signatures.item(i)));
+			assertions.add(signedElement);
 			if (signedElement == null) {
-				return false;
+				return "";
 			}
 			signedElement.setIdAttribute("ID", true);
 			try {
 				XMLSignature signature = new XMLSignature((Element) signatures.item(i), "");
 				//verifies the signature algorithm is one expected - security meassure
 				if (!verifySignatureAlgorithm((Element) signatures.item(i))) {
-					return false;
+					return "";
 				}
 				if (!signature.checkSignatureValue(cert)) {
-					return false;
+					return "";
 				}
 			} catch (Exception e) {
 				logger.error("validateSignatures", e);
-				return false;
+				return "";
 			}
 		}
-		return true;
+		return SamlAssertionUtils.isLogout(xmlDoc) ? SamlAssertionUtils.buildXmlLogout(assertions) : SamlAssertionUtils.buildXmlLogin(assertions, xmlDoc);
 	}
 
+
+
 	private static boolean verifySignatureAlgorithm(Element elem) {
 		logger.trace("verifySignatureAlgorithm");
 		NodeList signatureMethod = elem.getElementsByTagNameNS(Constants.SignatureSpecNS, Constants._TAG_SIGNATUREMETHOD);

gamsaml20/src/main/java/com/genexus/saml20/utils/Encoding.java

@@ -4,7 +4,9 @@
 import org.apache.logging.log4j.Logger;
 import org.bouncycastle.util.encoders.Base64;
 import org.w3c.dom.Document;
+import org.w3c.dom.Element;
 
+import javax.xml.transform.OutputKeys;
 import javax.xml.transform.Transformer;
 import javax.xml.transform.TransformerFactory;
 import javax.xml.transform.dom.DOMSource;
@@ -74,6 +76,24 @@ public static String documentToString(Document doc) {
 		}
 	}
 
+	public static String elementToString(Element element) {
+		try {
+			TransformerFactory tf = TransformerFactory.newInstance();
+			Transformer transformer = tf.newTransformer();
+
+			transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+			transformer.setOutputProperty(OutputKeys.INDENT, "yes");
+
+			StringWriter writer = new StringWriter();
+			transformer.transform(new DOMSource(element), new StreamResult(writer));
+
+			return writer.toString();
+		} catch (Exception e) {
+			logger.error("elementToString", e);
+			return null;
+		}
+	}
+
 	public static byte[] decodeParameter(String parm) {
 		logger.trace("decodeParameter");
 		try {