mendix
diff --git a/‎Source/AdministrationModule.mpr‎
13.4 MB b/‎Source/AdministrationModule.mpr‎
13.4 MB
diff --git a/‎Source/javasource/mendixsso/actions/DecryptString.java‎
Lines changed: 131 additions & 0 deletions b/‎Source/javasource/mendixsso/actions/DecryptString.java‎
Lines changed: 131 additions & 0 deletions
diff --git a/‎Source/javasource/mendixsso/actions/EncryptString.java‎
Lines changed: 69 additions & 0 deletions b/‎Source/javasource/mendixsso/actions/EncryptString.java‎
Lines changed: 69 additions & 0 deletions
diff --git a/‎Source/javasource/mendixsso/actions/FindOrCreateUserWithUserInfo.java‎
Lines changed: 72 additions & 0 deletions b/‎Source/javasource/mendixsso/actions/FindOrCreateUserWithUserInfo.java‎
Lines changed: 72 additions & 0 deletions
diff --git a/‎Source/javasource/mendixsso/actions/GenerateRandomPassword.java‎
Lines changed: 48 additions & 0 deletions b/‎Source/javasource/mendixsso/actions/GenerateRandomPassword.java‎
Lines changed: 48 additions & 0 deletions
diff --git a/‎Source/javasource/mendixsso/actions/GetTokenEndpointURI.java‎
Lines changed: 49 additions & 0 deletions b/‎Source/javasource/mendixsso/actions/GetTokenEndpointURI.java‎
Lines changed: 49 additions & 0 deletions
@@ -0,0 +1,131 @@
+// This file was generated by Mendix Studio Pro.
+//
+// WARNING: Only the following code will be retained when actions are regenerated:
+// - the import list
+// - the code between BEGIN USER CODE and END USER CODE
+// - the code between BEGIN EXTRA CODE and END EXTRA CODE
+// Other code you write will be lost the next time you deploy the project.
+// Special characters, e.g., é, ö, à, etc. are supported in comments.
+
+package mendixsso.actions;
+
+import com.mendix.systemwideinterfaces.MendixRuntimeException;
+import com.mendix.systemwideinterfaces.core.IContext;
+import com.mendix.webui.CustomJavaAction;
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.spec.GCMParameterSpec;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.security.InvalidAlgorithmParameterException;
+import java.util.Base64;
+
+public class DecryptString extends CustomJavaAction<java.lang.String>
+{
+	private java.lang.String value;
+	private java.lang.String key;
+	private java.lang.String prefix;
+
+	public DecryptString(IContext context, java.lang.String value, java.lang.String key, java.lang.String prefix)
+	{
+		super(context);
+		this.value = value;
+		this.key = key;
+		this.prefix = prefix;
+	}
+
+	@java.lang.Override
+	public java.lang.String executeAction() throws Exception
+	{
+		// BEGIN USER CODE
+        if (this.value == null || !isStartsWithRightPrefix())
+            return null;
+        if (this.prefix == null || this.prefix.isEmpty())
+            throw new MendixRuntimeException("Prefix should not be empty");
+        if (this.key == null || this.key.isEmpty())
+            throw new MendixRuntimeException("Key should not be empty");
+        if (this.key.length() != 16)
+            throw new MendixRuntimeException("Key length should be 16");
+
+        String decryptedText = null;
+
+        if (isEncryptedWithLegacyAlgorithm(this.value)) {
+            decryptedText = decryptUsingLegacyAlgorithm();
+        } else {
+            decryptedText = decryptUsingGcm();
+        }
+
+        return decryptedText;
+		// END USER CODE
+	}
+
+	/**
+	 * Returns a string representation of this action
+	 */
+	@java.lang.Override
+	public java.lang.String toString()
+	{
+		return "DecryptString";
+	}
+
+	// BEGIN EXTRA CODE
+    private final int GCM_TAG_LENGTH = 16; // in bytes
+    private final String LEGACY_PREFIX = "{AES}";
+    private final String WRONG_KEY_ERROR_MESSAGE = "Cannot decrypt the text because it was either NOT encrypted with a key of length 16 or they key is different";
+
+    private String decryptUsingGcm() throws Exception {
+        String[] s = this.value.substring(this.prefix.length()).split(";");
+
+        if (s.length < 2) //Not an encrypted string, just return the original value.
+            return this.value;
+
+        Cipher c = Cipher.getInstance("AES/GCM/PKCS5PADDING");
+        SecretKeySpec k = new SecretKeySpec(this.key.getBytes(), "AES");
+
+        try {
+            GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, Base64.getDecoder().decode(s[0]));
+            c.init(Cipher.DECRYPT_MODE, k, spec);
+            byte[] encryptedData = Base64.getDecoder().decode(s[1]);
+            return new String(c.doFinal(encryptedData));
+        } catch (InvalidAlgorithmParameterException | BadPaddingException ex) {
+            if (isEncryptedWithWrongKey(ex.getMessage()))
+                throw new MendixRuntimeException(WRONG_KEY_ERROR_MESSAGE);
+            else throw ex;
+        }
+    }
+
+    private boolean isEncryptedWithWrongKey(String message) {
+        return
+                message.equals("Wrong IV length: must be 16 bytes long") ||
+                        message.equals("Given final block not properly padded");
+    }
+
+    private String decryptUsingLegacyAlgorithm() throws Exception {
+        String[] s = this.value.substring(LEGACY_PREFIX.length()).split(";");
+
+        if (s.length < 2) //Not an encrypted string, just return the original value.
+            return this.value;
+
+        Cipher c = Cipher.getInstance("AES/CBC/PKCS5PADDING");
+        SecretKeySpec k = new SecretKeySpec(this.key.getBytes(), "AES");
+
+        try {
+            c.init(Cipher.DECRYPT_MODE, k, new IvParameterSpec(Base64.getDecoder().decode(s[0])));
+            byte[] encryptedData = Base64.getDecoder().decode(s[1]);
+            return new String(c.doFinal(encryptedData));
+        } catch (InvalidAlgorithmParameterException | BadPaddingException ex) {
+            if (isEncryptedWithWrongKey(ex.getMessage()))
+                throw new MendixRuntimeException(WRONG_KEY_ERROR_MESSAGE);
+            else throw ex;
+        }
+    }
+
+    private boolean isEncryptedWithLegacyAlgorithm(String text) {
+        return text.startsWith(LEGACY_PREFIX);
+    }
+
+    private boolean isStartsWithRightPrefix() {
+        return this.value.startsWith(this.value) || isEncryptedWithLegacyAlgorithm(this.value);
+    }
+	// END EXTRA CODE
+}
@@ -0,0 +1,69 @@
+// This file was generated by Mendix Studio Pro.
+//
+// WARNING: Only the following code will be retained when actions are regenerated:
+// - the import list
+// - the code between BEGIN USER CODE and END USER CODE
+// - the code between BEGIN EXTRA CODE and END EXTRA CODE
+// Other code you write will be lost the next time you deploy the project.
+// Special characters, e.g., é, ö, à, etc. are supported in comments.
+
+package mendixsso.actions;
+
+import com.mendix.systemwideinterfaces.MendixRuntimeException;
+import com.mendix.systemwideinterfaces.core.IContext;
+import com.mendix.webui.CustomJavaAction;
+import javax.crypto.Cipher;
+import javax.crypto.spec.SecretKeySpec;
+import java.util.Base64;
+
+public class EncryptString extends CustomJavaAction<java.lang.String>
+{
+	private java.lang.String value;
+	private java.lang.String key;
+	private java.lang.String prefix;
+
+	public EncryptString(IContext context, java.lang.String value, java.lang.String key, java.lang.String prefix)
+	{
+		super(context);
+		this.value = value;
+		this.key = key;
+		this.prefix = prefix;
+	}
+
+	@java.lang.Override
+	public java.lang.String executeAction() throws Exception
+	{
+		// BEGIN USER CODE
+        if (this.value == null)
+            return null;
+        if (this.prefix == null || this.prefix.isEmpty())
+            throw new MendixRuntimeException("Prefix should not be empty");
+        if (this.key == null || this.key.isEmpty())
+            throw new MendixRuntimeException("Key should not be empty");
+        if (this.key.length() != 16)
+            throw new MendixRuntimeException("Key length should be 16");
+        Cipher c = Cipher.getInstance("AES/GCM/PKCS5PADDING");
+        SecretKeySpec k = new SecretKeySpec(this.key.getBytes(), "AES");
+        c.init(Cipher.ENCRYPT_MODE, k);
+
+        byte[] encryptedData = c.doFinal(this.value.getBytes());
+        byte[] iv = c.getIV();
+
+        return new StringBuilder(this.prefix +
+                new String(Base64.getEncoder().encode(iv))).append(";").append(
+                new String(Base64.getEncoder().encode(encryptedData))).toString();
+		// END USER CODE
+	}
+
+	/**
+	 * Returns a string representation of this action
+	 */
+	@java.lang.Override
+	public java.lang.String toString()
+	{
+		return "EncryptString";
+	}
+
+	// BEGIN EXTRA CODE
+	// END EXTRA CODE
+}
@@ -0,0 +1,72 @@
+// This file was generated by Mendix Studio Pro.
+//
+// WARNING: Only the following code will be retained when actions are regenerated:
+// - the import list
+// - the code between BEGIN USER CODE and END USER CODE
+// - the code between BEGIN EXTRA CODE and END EXTRA CODE
+// Other code you write will be lost the next time you deploy the project.
+// Special characters, e.g., é, ö, à, etc. are supported in comments.
+
+package mendixsso.actions;
+
+import com.mendix.core.Core;
+import com.mendix.logging.ILogNode;
+import com.mendix.systemwideinterfaces.core.IContext;
+import com.mendix.systemwideinterfaces.core.IMendixObject;
+import com.mendix.webui.CustomJavaAction;
+import mendixsso.implementation.UserManager;
+import mendixsso.implementation.utils.ForeignIdentityUtils;
+import mendixsso.implementation.utils.OpenIDUtils;
+import mendixsso.implementation.utils.UserProfileUtils;
+import mendixsso.proxies.UserProfile;
+import mendixsso.proxies.constants.Constants;
+
+public class FindOrCreateUserWithUserInfo extends CustomJavaAction<IMendixObject>
+{
+	private java.lang.String UserInfoJSON;
+
+	public FindOrCreateUserWithUserInfo(IContext context, java.lang.String UserInfoJSON)
+	{
+		super(context);
+		this.UserInfoJSON = UserInfoJSON;
+	}
+
+	@java.lang.Override
+	public IMendixObject executeAction() throws Exception
+	{
+		// BEGIN USER CODE
+        final ILogNode LOG = Core.getLogger(Constants.getLogNode());
+        final IContext context = Core.createSystemContext();
+        IMendixObject user = null;
+        String uuid = null;
+        try {
+            final UserProfile userProfile = UserProfileUtils.getUserProfile(context, UserInfoJSON);
+
+            // We assume that openId cannot be null since that would imply bigger issues higher up in the SSO stack.
+            uuid = OpenIDUtils.extractUUID(userProfile.getOpenId());
+            ForeignIdentityUtils.lockForeignIdentity(uuid);
+
+            user = UserManager.findOrCreateUser(userProfile).getMendixObject();
+        } catch (Throwable e) {
+            LOG.error("Something went wrong while provisioning the user with the provided user info", e);
+        } finally {
+            if (uuid != null) {
+                ForeignIdentityUtils.unlockForeignIdentity(uuid);
+            }
+        }
+        return user;
+		// END USER CODE
+	}
+
+	/**
+	 * Returns a string representation of this action
+	 */
+	@java.lang.Override
+	public java.lang.String toString()
+	{
+		return "FindOrCreateUserWithUserInfo";
+	}
+
+	// BEGIN EXTRA CODE
+	// END EXTRA CODE
+}
@@ -0,0 +1,48 @@
+// This file was generated by Mendix Studio Pro.
+//
+// WARNING: Only the following code will be retained when actions are regenerated:
+// - the import list
+// - the code between BEGIN USER CODE and END USER CODE
+// - the code between BEGIN EXTRA CODE and END EXTRA CODE
+// Other code you write will be lost the next time you deploy the project.
+// Special characters, e.g., é, ö, à, etc. are supported in comments.
+
+package mendixsso.actions;
+
+import com.mendix.systemwideinterfaces.core.IContext;
+import com.mendix.webui.CustomJavaAction;
+import mendixsso.implementation.utils.OpenIDUtils;
+
+/**
+ * Generate a valid strong random password for Mendix user
+ */
+public class GenerateRandomPassword extends CustomJavaAction<java.lang.String>
+{
+	private java.lang.Long length;
+
+	public GenerateRandomPassword(IContext context, java.lang.Long length)
+	{
+		super(context);
+		this.length = length;
+	}
+
+	@java.lang.Override
+	public java.lang.String executeAction() throws Exception
+	{
+		// BEGIN USER CODE
+        return OpenIDUtils.randomStrongPassword(length.intValue(), length.intValue(), 7, 9, 6);
+		// END USER CODE
+	}
+
+	/**
+	 * Returns a string representation of this action
+	 */
+	@java.lang.Override
+	public java.lang.String toString()
+	{
+		return "GenerateRandomPassword";
+	}
+
+	// BEGIN EXTRA CODE
+	// END EXTRA CODE
+}
@@ -0,0 +1,49 @@
+// This file was generated by Mendix Studio Pro.
+//
+// WARNING: Only the following code will be retained when actions are regenerated:
+// - the import list
+// - the code between BEGIN USER CODE and END USER CODE
+// - the code between BEGIN EXTRA CODE and END EXTRA CODE
+// Other code you write will be lost the next time you deploy the project.
+// Special characters, e.g., é, ö, à, etc. are supported in comments.
+
+package mendixsso.actions;
+
+import com.mendix.core.Core;
+import com.mendix.systemwideinterfaces.core.IContext;
+import com.mendix.webui.CustomJavaAction;
+import mendixsso.implementation.oidp.IdentityProviderMetaDataCache;
+import mendixsso.proxies.constants.Constants;
+
+public class GetTokenEndpointURI extends CustomJavaAction<java.lang.String>
+{
+	public GetTokenEndpointURI(IContext context)
+	{
+		super(context);
+	}
+
+	@java.lang.Override
+	public java.lang.String executeAction() throws Exception
+	{
+		// BEGIN USER CODE
+        try {
+            return IdentityProviderMetaDataCache.getInstance().getIdentityProviderMetaData().getProviderMetadata().getTokenEndpointURI().toString();
+        } catch (Exception e) {
+            Core.getLogger(Constants.getLogNode()).error("Something went wrong while retrieving the token endpoint URI from cache", e);
+            return null;
+        }
+		// END USER CODE
+	}
+
+	/**
+	 * Returns a string representation of this action
+	 */
+	@java.lang.Override
+	public java.lang.String toString()
+	{
+		return "GetTokenEndpointURI";
+	}
+
+	// BEGIN EXTRA CODE
+	// END EXTRA CODE
+}