Advanced Encryption Standard (AES)

Posted on by
Reply

The Advanced Encryption Standard (AES), also known as Rijndael (its original name), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.

Encryption

AES is based on the Rijndael cipher developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, who submitted a proposal to NIST during the AES selection process.Rijndael is a family of ciphers with different key and block sizes.

public class SymmetricAlgorithmAES {

    public static final String sTAG = "SymmetricAlgorithmAES";

    public static SecretKeySpec setUpSecrectKey() {
        // Set up secret key spec for 128-bit AES encryption and decryption
        SecretKeySpec secretKeySpec = null;
        try {
            SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
            sr.setSeed("any data used as random seed".getBytes());
            KeyGenerator kg = KeyGenerator.getInstance("AES");
            kg.init(128, sr);
            secretKeySpec = new SecretKeySpec((kg.generateKey()).getEncoded(), "AES");
        } catch (Exception e) {
            Log.e(sTAG, String.valueOf(R.string.symmetric_algorithm_aes_secret_key_error));
        }
        return secretKeySpec;
    }

    public static byte[] encryption(SecretKeySpec secretKeySpec, String  theTestText) {
        // Encode the original data with AES
        byte[] encodedBytes = null;
        try {
            Cipher c = Cipher.getInstance("AES");
            c.init(Cipher.ENCRYPT_MODE, secretKeySpec);
            encodedBytes = c.doFinal(theTestText.getBytes());
        } catch (Exception e) {
            Log.e(sTAG, String.valueOf(R.string.symmetric_algorithm_aes_encryption));
        }

        return encodedBytes;
    }

    public static byte[] decryption(SecretKeySpec secretKeySpec, byte[]  encodedBytes) {
        // Decode the encoded data with AES
        byte[] decodedBytes = null;
        try {
            Cipher c = Cipher.getInstance("AES");
            c.init(Cipher.DECRYPT_MODE, secretKeySpec);
            decodedBytes = c.doFinal(encodedBytes);
        } catch (Exception e) {
            Log.e(sTAG, String.valueOf(R.string.symmetric_algorithm_aes_decryption));
        }

        return decodedBytes;
    }
}

Example in GitHub

And now in our activity:

import android.content.Context;
import android.os.Bundle;
import android.support.v7.app.AppCompatActivity;
import android.support.v7.widget.Toolbar;
import android.util.Base64;
import android.view.View;
import android.view.inputmethod.InputMethodManager;
import android.widget.Button;
import android.widget.EditText;
import android.widget.TextView;

import com.thedeveloperworldisyous.encryptionfile.utils.SymmetricAlgorithmAES;
import com.thedeveloperworldisyous.encryptionfile.utils.Utils;

import javax.crypto.spec.SecretKeySpec;

public class AESActivity extends AppCompatActivity {

    public TextView mInPutTextView, mEncodedTextView, mDecoded;
    public EditText mEditText;

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_aes);
        Toolbar toolbar = (Toolbar) findViewById(R.id.toolbar);

        mEditText = (EditText) findViewById(R.id.activity_aes_edit_text);
        mInPutTextView = (TextView)findViewById(R.id.activity_aes_text_view);
        mEncodedTextView  = (TextView)findViewById(R.id.activity_aes_encode_text_view);
        mDecoded = (TextView)findViewById(R.id.activity_aes_decode_text_view);

        setSupportActionBar(toolbar);
    }

    public void encodeAndDecodeAES(View view) {
        Utils.hideKeyboard(this);
        String stringText = mEditText.getText().toString();
        mEditText.setText("");
        mInPutTextView.setText(stringText);
        SecretKeySpec secretKeySpec = SymmetricAlgorithmAES.setUpSecrectKey();

        byte[] encodedBytes = SymmetricAlgorithmAES.encryption(secretKeySpec, stringText);
        mEncodedTextView.setText(Base64.encodeToString(encodedBytes, Base64.DEFAULT));

        byte[] decodedBytes = SymmetricAlgorithmAES.decryption(secretKeySpec, encodedBytes);
        mDecoded.setText(new String(decodedBytes));
    }
}

Example in GitHub

Write XML in Android

Posted on by
2

When we write a XML in android, you can choose difference ways, in this case we recommend XMLSerializer, which is an efficient and maintainable way to parse XML on Android.

Implements an XML serializer supporting both DOM and SAX pretty serializing.

We put this simple line:

            xmlSerializer.setOutput(writer);
            xmlSerializer.startDocument("UTF-8", true);
            xmlSerializer.startTag(null, "doc");

            xmlSerializer.startTag(ns, country);
            xmlSerializer.text(filmObject.getCountry());
            xmlSerializer.endTag(ns, country);

            xmlSerializer.endTag(ns, "doc");
            xmlSerializer.endDocument();
            xmlSerializer.flush();

We made a example with films:

<?xml version='1.0' encoding='UTF-8' standalone='yes' ?>
<doc>
    <film title="Scarface">
        <runningTime>163 min.</runningTime>
        <country>USA</country>
        <director>Brian De Palma</director>
        <cast><name>Al</name>
            <surname>Pacino</surname><name> Steven</name>
            <surname>Bauer</surname><name>Michelle</name><surname>Pfeiffer</surname>
            <name>Mary Elizabeth</name>
            <surname>Mastrantonio</surname>
        </cast>
    </film>
    <film title="Hitman">
        <runningTime>96 min.</runningTime>
        <country>USA</country>
        <director>Aleksander Bach</director>
        <cast><name>Rupert</name>
            <surname>Friend</surname>
            <name>Zachary</name>
            <surname>Quinto</surname>
            <name>Hannah</name>
            <surname>Ware</surname>
            <name>Ciarán</name>
            <surname>Hinds</surname>
        </cast>
    </film>
    <film title="Out of Africa">
        <runningTime>160 min.</runningTime>
        <country>USA</country>
        <director>Sydney Pollack</director>
        <cast>
            <name>Robert</name>
            <surname>Redford</surname>
            <name>Meryl</name>
            <surname>Streep</surname>
            <name>Klaus Maria</name>
            <surname>Brandauer</surname>
            <name>Michael</name>
            <surname>Kitchen</surname>
        </cast>
    </film>
</doc>

In your activity you can put this lines with this films:

public void writeXml(List<Film> films) {


        try {
            FileOutputStream fileOutputStream = new FileOutputStream(mFileOutPut);
            XmlSerializer xmlSerializer = Xml.newSerializer();
            StringWriter writer = new StringWriter();

            xmlSerializer.setOutput(writer);
            xmlSerializer.startDocument("UTF-8", true);
            xmlSerializer.startTag(null, "doc");

            insertFilms(xmlSerializer, films);

            xmlSerializer.endTag(ns, "doc");
            xmlSerializer.endDocument();
            xmlSerializer.flush();
            String dataWrite = writer.toString();
            fileOutputStream.write(dataWrite.getBytes());
            fileOutputStream.close();

        } catch (FileNotFoundException e) {
            e.printStackTrace();

        } catch (IllegalArgumentException e) {
            e.printStackTrace();

        } catch (IllegalStateException e) {
            e.printStackTrace();

        } catch (IOException e) {
            e.printStackTrace();

        }


    }

    public void insertFilms(XmlSerializer xmlSerializer, List<Film> films) throws IOException {
        final String film = "film";
        String title = "title";
        String runningTime = "runningTime";
        String country = "country";
        String director = "director";
        String cast = "cast";
        Film filmObject;
        for (int i=0; i<films.size(); i++) {
            filmObject = films.get(i);
            xmlSerializer.startTag(ns, film);
            xmlSerializer.attribute(ns, title, filmObject.getTitle());

            xmlSerializer.startTag(ns, runningTime);
            xmlSerializer.text(filmObject.getRunningTime());
            xmlSerializer.endTag(ns, runningTime);

            xmlSerializer.startTag(ns, country);
            xmlSerializer.text(filmObject.getCountry());
            xmlSerializer.endTag(ns, country);

            xmlSerializer.startTag(ns, director);
            xmlSerializer.text(filmObject.getDirector());
            xmlSerializer.endTag(ns, director);

            xmlSerializer.startTag(ns, cast);
            insertCast(xmlSerializer, filmObject.getCast());
            xmlSerializer.endTag(ns, cast);

            xmlSerializer.endTag(null, film);
        }

    }

    public void insertCast (XmlSerializer xmlSerializer, List<Actor> cast) throws IOException {
        String name = "name";
        String surname = "surname";
        Actor actor;
        for (int i=0; i<cast.size(); i++) {
            actor = cast.get(i);
            xmlSerializer.startTag(null, name);
            xmlSerializer.text(actor.getName());
            xmlSerializer.endTag(null, name);

            xmlSerializer.startTag(null, surname);
            xmlSerializer.text(actor.getSurname());
            xmlSerializer.endTag(null, surname);
        }

    }

Example in GitHub

Read XML in Android

Posted on by
Reply

Extensible Markup Language (XML) is a set of rules for encoding documents in machine-readable form. XML is a popular format for sharing data on the internet. Websites that frequently update their content, such as news sites or blogs, often provide an XML feed so that external programs can keep abreast of content changes. Uploading and parsing XML data is a common task for network-connected apps. This lesson explains how to parse XML documents and use their data.

Choose Parser

We recommend XmlPullParser, which is an efficient and maintainable way to parse XML on Android. Historically Android has had two implementations of this interface:

Either choice is fine. The example in this section usesExpatPullParser, via Xml.newPullParser().

Analyze

The first step in parsing a film

<?xml version='1.0' encoding='UTF-8' standalone='yes' ?>
<doc>
	<film title="Scarface">
		<runningTime>163 min.</runningTime>
		<country>USA</country>
		<director>Brian De Palma</director>
		<cast><name>Al</name>
			<surname>Pacino</surname><name> Steven</name>
			<surname>Bauer</surname><name>Michelle</name><surname>Pfeiffer</surname>
			<name>Mary Elizabeth</name>
			<surname>Mastrantonio</surname>
		</cast>
	</film>
	<film title="Hitman">
		<runningTime>96 min.</runningTime>
		<country>USA</country>
		<director>Aleksander Bach</director>
		<cast><name>Rupert</name>
			<surname>Friend</surname>
			<name>Zachary</name>
			<surname>Quinto</surname>
			<name>Hannah</name>
			<surname>Ware</surname>
			<name>Ciarán</name>
			<surname>Hinds</surname>
		</cast>
	</film>
	<film title="Out of Africa">
		<runningTime>160 min.</runningTime>
		<country>USA</country>
		<director>Sydney Pollack</director>
		<cast>
			<name>Robert</name>
			<surname>Redford</surname>
			<name>Meryl</name>
			<surname>Streep</surname>
			<name>Klaus Maria</name>
			<surname>Brandauer</surname>
			<name>Michael</name>
			<surname>Kitchen</surname>
		</cast>
	</film>
</doc>

The readFilm() method does the actual work of processing the feed. It looks for elements tagged “entry” as a starting point for recursively processing the feed. If a tag isn’t an entry tag, it skips it. Once the whole feed has been recursively processed, readFilm() returns a List containing the entries (including nested data members) it extracted from the feed. This List is then returned by the parser.

public void readFilm() {
        try {

            InputStream inputStream = new FileInputStream(mFileOutPut);
            XmlPullParser parser = Xml.newPullParser();
            parser.setFeature(XmlPullParser.FEATURE_PROCESS_NAMESPACES, false);
            parser.setInput(inputStream, null);
            parser.nextTag();
            List<Film> filmsList =  readDoc(parser);

            ListAdapter adapter = new ListAdapter(filmsList, this);
            mListView.setAdapter(adapter);

            inputStream.close();
        } catch (FileNotFoundException e) {
            e.printStackTrace();
        } catch (XmlPullParserException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    public List<Film> readDoc(XmlPullParser parser) throws XmlPullParserException, IOException {

        List<Film> list = new ArrayList<Film>();
        parser.require(XmlPullParser.START_TAG, ns, "doc");

        while (parser.next() != XmlPullParser.END_TAG) {
            list.add(readFilms(parser));
        }
        return list;
    }

    // Parses the contents of an film. If it encounters a title, runningTime, country, or director, hands them off
// to their respective "read" methods for processing. Otherwise, skips the tag.
    private Film readFilms(XmlPullParser parser) throws XmlPullParserException, IOException {
        parser.require(XmlPullParser.START_TAG, ns, "film");
        String title = null;

        for(int x=0; x<parser.getAttributeCount(); x++) {
            if (parser.getAttributeName(x).equals("title")) {
                title = parser.getAttributeValue(x);
            }
        }

        String runningTime = null;
        String country = null;
        String director = null;
        List<Actor> cast = new ArrayList<Actor>();

        while (parser.next() != XmlPullParser.END_TAG) {
            if (parser.getEventType() != XmlPullParser.START_TAG) {
                continue;
            }
            String name = parser.getName();
            if (name.equals("runningTime")) {
                runningTime = readRunningTime(parser);
            } else if (name.equals("country")) {
                country = readCountry(parser);
            } else if (name.equals("director")) {
                director = readDirector(parser);
            } else if (name.equals("cast")) {
                cast = readCast(parser);
            } else {
                skip(parser);
            }
        }
        return new Film( title, runningTime, country, director, cast);
    }

    private String readRunningTime(XmlPullParser parser) throws IOException, XmlPullParserException {
        parser.require(XmlPullParser.START_TAG, ns, "runningTime");
        String runningTime = readText(parser);
        parser.require(XmlPullParser.END_TAG, ns, "runningTime");
        return runningTime;
    }

    private String readCountry(XmlPullParser parser) throws IOException, XmlPullParserException {
        parser.require(XmlPullParser.START_TAG, ns, "country");
        String country = readText(parser);
        parser.require(XmlPullParser.END_TAG, ns, "country");
        return country;
    }

    private String readDirector(XmlPullParser parser) throws IOException, XmlPullParserException {
        parser.require(XmlPullParser.START_TAG, ns, "director");
        String director = readText(parser);
        parser.require(XmlPullParser.END_TAG, ns, "director");
        return director;
    }

    private List<Actor> readCast(XmlPullParser parser) throws IOException, XmlPullParserException {
        List<Actor> listActor= new ArrayList<Actor>();
        parser.require(XmlPullParser.START_TAG, ns, "cast");

        String nameActor = null;
        String surnameActor = null;

        while (parser.next() != XmlPullParser.END_TAG) {
            if (parser.getEventType() != XmlPullParser.START_TAG) {
                continue;
            }
            String nameParser = parser.getName();
            if (nameParser.equals("name")) {
                nameActor = readNameActor(parser);
            } else if(nameParser.equals("surname")) {
                surnameActor = readSurnameActor(parser);
                listActor.add(new Actor(nameActor, surnameActor));
            } else {
                skip(parser);
            }

        }
        return listActor;
    }

    private String readNameActor(XmlPullParser parser) throws IOException, XmlPullParserException {
        parser.require(XmlPullParser.START_TAG, ns, "name");
        String nameActor = readText(parser);
        parser.require(XmlPullParser.END_TAG, ns, "name");
        return nameActor;
    }

    private String readSurnameActor(XmlPullParser parser) throws IOException, XmlPullParserException {
        parser.require(XmlPullParser.START_TAG, ns, "surname");
        String surnameActor = readText(parser);
        parser.require(XmlPullParser.END_TAG, ns, "surname");
        return  surnameActor;
    }

    // For the tags title and runningTime, country, director their text values.
    private String readText(XmlPullParser parser) throws IOException, XmlPullParserException {
        String result = "";
        if (parser.next() == XmlPullParser.TEXT) {
            result = parser.getText();
            parser.nextTag();
        }
        return result;
    }
    private void skip(XmlPullParser parser) throws XmlPullParserException, IOException {
        if (parser.getEventType() != XmlPullParser.START_TAG) {
            throw new IllegalStateException();
        }
        int depth = 1;
        while (depth != 0) {
            switch (parser.next()) {
                case XmlPullParser.END_TAG:
                    depth--;
                    break;
                case XmlPullParser.START_TAG:
                    depth++;
                    break;
            }
        }
    }

Example in GitHub

TabLayout with Android Design Support Library

Posted on by
Reply

TabLayout with Android Design Support Library

Switching between different views in your app via tabs is not a new concept to material design and they are equally at home as a top level navigation pattern or for organizing different groupings of content within your app.

The Design library’s TabLayout implements both fixed tabs, where the view’s width is divided equally between all of the tabs, as well as scrollable tabs, where the tabs are not a uniform size and can scroll horizontally. Tabs can be added programmatically:

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);

        getSupportActionBar().setElevation(0);

        TabLayout tabLayout = (TabLayout) findViewById(R.id.tab_layout);
        ViewPager viewPager = (ViewPager) findViewById(R.id.pager);


        viewPager.setAdapter(new TabsAdapter(getSupportFragmentManager(), this));
        tabLayout.setupWithViewPager(viewPager);
    }

We have to put our Adapter

public class TabsAdapter extends FragmentPagerAdapter {

    public static final int TOTAL_TABS = 3;
    public Context mContext;

    public TabsAdapter(FragmentManager fm, Context context) {
        super(fm);
        mContext = context;
    }

    @Override
    public Fragment getItem(int position) {
        switch (position) {
            case 0:
                return new FirstFragment().newInstance();
            case 1:
                return new SecondFragment().newInstance();
            case 2:
            default:
                return new ThirdFragment().newInstance();
        }
    }

    @Override
    public int getCount() {
        return TOTAL_TABS;
    }

    @Override
    public CharSequence getPageTitle(int position) {
        switch (position) {
            case 0:
                return mContext.getString(R.string.fragment_first_title);
            case 1:
                return mContext.getString(R.string.fragment_second_title);
            case 2:
            default:
                return mContext.getString(R.string.fragment_third_title);
        }
    }

}

However, if you are using a ViewPager for horizontal paging between tabs, you can create tabs directly from yourPagerAdapter’s getPageTitle() and then connect the two together using setupWithViewPager(). This ensures that tab selection events update the ViewPager and page changes update the selected tab.

Also we can see the xml:

<?xml version="1.0" encoding="utf-8"?>
<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
    xmlns:tools="http://schemas.android.com/tools"
    xmlns:app="http://schemas.android.com/apk/res-auto"
    android:id="@+id/activity_main"
    android:layout_width="match_parent"
    android:layout_height="match_parent"
    android:orientation="vertical"
    tools:context="com.thedeveloperworldisyours.tabbarr.MainActivity">

    <android.support.design.widget.TabLayout
        android:id="@+id/tab_layout"
        android:layout_width="match_parent"
        android:layout_height="wrap_content"
        android:background="?attr/colorPrimary"
        app:layout_scrollFlags="scroll"
        app:tabSelectedTextColor="@android:color/white"/>

    <android.support.v4.view.ViewPager
        android:id="@+id/pager"
        android:layout_width="match_parent"
        android:layout_height="match_parent" />

</LinearLayout>

We can see the code in GitHub

Evil Magento extensions

Posted on by
1

Evil Magento Extensions I: Email marketing

magentoMagento Commerce is a really good source of extensions, some of them are excellent, some of them are cheap or even free, some of them are not great… and some of them are what we call “Evil Magento Extensions”!

First of all we would like to apologise if anyone gets offended, is not the purpose of this post, but to contribute to Magento ecosystem by sharing our experiences and always aiming to improve Magento community.

We always want the best Magento Extensions for our store and we want to spend as less money as possible, but depending on your specific shop needs you might want to think twice before installing one of those Evil Magento Extensions.

There are way too many extensions out there and we obviously haven’t tried them all, but from our experience usually the ones provided by email marketing platforms are the more interesting ones. It is very common to use a third party service to send the transactional emails, and they mostly tend to provide a free (and evil) Magento Extension which is pretty much “plug & play” into your store, so that you don’t have to worry about anything…. or maybe should you?

The usual case scenario is that when a user places an order, or creates a new account, an email is sent, and we’ve found out that most of this extensions relay on Magento Observers (ie. customer_register_success, sales_order_place_after), or even rewrite the Mage_Core_Model_Email_Template class in order to push the data to their servers. That’s fine until here, if it wasn’t because almost all of them do it synchronously, ie. on the same request made by your customer. This means that for instance, when your user is placing a new order, she has to wait until your server communicates with your email platform: sending the data of the order, and waiting for a response. This is a “standard” process that usually doesn’t take longer than a few milliseconds/seconds which is fine… hang on, are you sure?

The astonishing truth is that this process can (and will) hinder your customers experience in many different ways, but you probably already know about them if you are reading this post. A request from your store to an external server can take any time from few milliseconds to several seconds, minutes, or even hours! and many things can go wrong while that’s happening, often leading to an error displayed to your customer, or just to another abandoned cart, tired of waiting.

Ok, I might be exaggerating a bit, there would surely be a timeout error somewhere between this process that would prevent a request to take hours, but sadly, we have seen MANY cases where a request would hang for several minutes. Of course, it’s not the usual case, but it will happen sooner than later. It happens to Amazon, to Facebook, even to Google, it happens to the best of us, it might be due networks issues, power failures, too many concurrent users, or whatever reason.

The point is that your store, your customers, will be affected and if they have a bad experience they will not come back. Bear in mind that it’s not necessary a delay of minutes to impact your sales, just a few extra seconds can prevent your customers from having a successful check out experience.

The reason behind it is that when a new order is placed, Magento has to do quite a few database operations (decrease the stock of all products, insert all order items, save all customer data, etc. and finally create the order in sales_flat_order table) and in order to preserve data integrity, it wraps them all within a DDL transaction in the database. In other words, Magento will execute all these operations all at once, so that if an error occurs, the whole transaction will be rolled back and no changes will be done in the database.

So, what happens if there is an observer in the middle of this complex process that performs a request to the external server of your email provider? Yes, it will delay the process a few seconds. You might thing that it’s not a big deal, but did you know that while this is happening, some tables of your database are being locked by this transaction, which is effectively preventing new orders from being placed until that transaction has finished?

In other words, if two customers are placing an order at almost the same time, the second one will be blocked by the first one. Internally, the queries in the database will be queued up and executed as soon as the first transaction finished, but queued queries will wait for a limited time (typically 50 seconds) and if the lock hasn’t been released by then, an error/exception will be thrown and therefore the order will not be placed. It might seem an unlikely event, but unfortunately, It happens more often than we wish, and the more concurrent customers you have, the more probabilities for this to happen.

From our experience, we’ve seen it happening in shops with low traffic during sale periods, usually when there are around 100+ concurrent users it can happen a few times day, and with 300+ concurrent users it can happen almost every hour.

If you see something like this in your exceptions.log you might well be suffering from one of those Evil Magento Exceptions:

exception 'PDOException' with message 'SQLSTATE[40001]: Serialization failure: 1213 Deadlock found when trying to get lock; try restarting transaction' in .../lib/Zend/Db/Statement/Pdo.php:228

.../app/code/core/Mage/Sales/Model/Resource/Order/Abstract.php(425): Mage_Core_Model_Resource_Db_Abstract->save(Object(Mage_Sales_Model_Order))

We’ve seen this issue with many popular Magento Extensions and well known email marketing platforms such as Dotmailer, ExactTarget or Sailthru, so next time you are in about to install a new Magento Extension, make sure it’s reviewed first by a Magento Expert to avoid awkward surprises.

If you stumble upon with this issue, do not hesitate to get in touch, and we will be able to assist you.