An example of the JSM HashService

The documentation for some of the functionality in Lansa is sparse, at best. The HashService in Lansa Integrator is one such area (documentation currently here), so here is an example I have that works:

It is important to read up on cryptography first and a short and good guide can be found here.

Define Field(#JSMXHDLE1) Type(*CHAR) Length(4)
Define Field(#JSMXSTS) Type(*CHAR) Length(20)
Define Field(#JSMXMSG) Type(*CHAR) Length(512)
Define Field(#JSMXCMD) Type(*CHAR) Length(512)
* WVALUE is the value to be hashed
Define Field(#WVALUE) Type(*CHAR) Length(255)
* WHASH is the hash returned
Define Field(#WHASH) Type(*CHAR) Length(64)
* WSALT is the salt for the hashing
Define Field(#WSALT) Type(*CHAR) Length(64)
* WINPUT is the value sent to the hashing function = WVALUE + WSALT
Define Field(#WINPUT) Type(*CHAR) Length(319)
* Open service
Use Builtin(JSMX_OPEN) To_Get(#JSMXSTS #JSMXMSG #JSMXHDLE1)
Execute Subroutine(CHECK) With_Parms(#JSMXSTS #JSMXMSG)
* Load service
#JSMXCMD := 'SERVICE_LOAD SERVICE(HashService) TRACE(*YES)'
Use Builtin(JSMX_COMMAND) With_Args(#JSMXHDLE1 #JSMXCMD) To_Get(#JSMXSTS #JSMXMSG)
Execute Subroutine(CHECK) With_Parms(#JSMXSTS #JSMXMSG)
* Set
* * WVALUE
* * WSALT
* See https://crackstation.net/hashing-security.htm
* WSALT should be unique for each WVALUE
* WSALT should be at least as long as the result value
* - for SHA-256 that is 256 bits
#WINPUT := #WVALUE + #WSALT
#JSMXCMD := 'HASH FIELD(WINPUT) DIGEST(SHA256) SERVICE_EXCHANGE(*FIELD)'
Use Builtin(JSMX_COMMAND) With_Args(#JSMXHDLE1 #JSMXCMD) To_Get(#JSMXSTS #JSMXMSG)
Execute Subroutine(CHECK) With_Parms(#JSMXSTS #JSMXMSG)
#WHASH := #JSMXMSG
* Unload service
Use Builtin(JSMX_COMMAND) With_Args(#JSMXHDLE1 'SERVICE_UNLOAD') To_Get(#JSMXSTS #JSMXMSG)
Execute Subroutine(CHECK) With_Parms(#JSMXSTS #JSMXMSG)
* Close service
Use Builtin(JSMX_CLOSE) With_Args(#JSMXHDLE1) To_Get(#JSMXSTS #JSMXMSG)
Execute Subroutine(CHECK) With_Parms(#JSMXSTS #JSMXMSG)
* Check routine
Subroutine Name(CHECK) Parms((#JSMXSTS *RECEIVED) (#JSMXMSG *RECEIVED))
If Cond('#JSMXSTS *NE OK')
Use Builtin(JSMX_CLOSE) With_Args(#JSMXHDLE1) To_Get(#JSMXSTS #JSMXMSG)
Menu Msgtxt('Java service error has occured')
Endif
Endroutine

In this example I have chosen SHA256 which I believe is OK. Avoid MD2 and MD5 if possible, as collisions has already been found, and as SHA1 has a theoretically attack described I would avoid that one as well, even if it is default for the HashService. SHA384 appears to also be supported and could be used.

The HMAC algorithms would be even better but there I ran into a problem. I am running on Lansa v. 14, I think that the documentation is for v. 14 SP1, and there is no HMAC parameter in the HashService on my machine. Also in the documentation, there are the CONVERT and CREATE commands, the last of which should give me a good random unique salt, but the are not present on my machine.

Anyway, the code above works.

Advertisements

Old application and new(-ish) browser

Back in a web application built using Visual Lansa v. 12.5 and using the technology service PPC_XHTML, I got the task of getting it to work on a new unit. It was – unsurprisingly – a PDA application and the new “PDA” would be a modern, fast and capable android unit.

The application was built for an Internet Explorer for the handheld units and on an Android it is logical to look at Chrome.

To my surprise very little had to be done to get it to look nice. CSS media queries and a tiny bit at that and I was practically done.

However, one of the WAMs had an auto-submit when the user made a change to the selection in a radio and in Chrome 54 for Android, that resulted in a request with the old value being sent. The radio button was updated but as the request contained the old value, the response was “wrong”. The problem was that the request body was being constructed, on the click event, before the radio button change had taken effect.

The fix was rather simple – I inserted a bit of javascript using jQuery:

$("input#RADIOBUTTON1").mousedown(function() {
   $("input[name=RADIOGROUP]").val($(this).val());
});
$("input#RADIOBUTTON2").mousedown(function() {
   $("input[name=RADIOGROUP]").val($(this).val());
});

This way, as the mousedown event fires before the click event (remember, a click event is combination of a mousedown and a mouseup on the same element), the radio button was updated before the request body was constructed.

Unfortunately the final unit turns out to run a browser built on Chromium 52. And there is a bit difference for the web application.

I have not solved it yet – we might be able to get the units with a newer browser – but I needed to test it on my own machine. And getting an old Chrome/Chromium does take some steps.

First of all, you can’t really get an old Chrome. But Chromium should be good enough.

I found the guide on the Chromium website but I will repeat it here, just it case:

And then I could confirm that the issue exists in Chromium 52. Now I could just find the cause in the change logs.

Update: I think I managed to “fix” my problem. The browser was built using the system component WebView on Android. WebView, which uses Chromium and will be using Chrome on Android 7, can be updated using the Google Play Store and after doing that, it now runs on Chromium 55 and our web application works as intended.