You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by do...@apache.org on 2012/05/04 23:58:17 UTC
svn commit: r1334212 -
/ofbiz/trunk/framework/entity/src/org/ofbiz/entity/util/EntityCrypto.java
Author: doogie
Date: Fri May 4 21:58:17 2012
New Revision: 1334212
URL: http://svn.apache.org/viewvc?rev=1334212&view=rev
Log:
OPTIMIZE/FIX: Split the creation and searching of keys in the database
into two separate methods; a find for an old-style hashed key will no
longer create the old-style key. This commit does not fix the existing
issue when multiplle threads try to encrypt a value with a key that
hasn't been created or loaded from the database yet; that is still to
come.
Modified:
ofbiz/trunk/framework/entity/src/org/ofbiz/entity/util/EntityCrypto.java
Modified: ofbiz/trunk/framework/entity/src/org/ofbiz/entity/util/EntityCrypto.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/entity/src/org/ofbiz/entity/util/EntityCrypto.java?rev=1334212&r1=1334211&r2=1334212&view=diff
==============================================================================
--- ofbiz/trunk/framework/entity/src/org/ofbiz/entity/util/EntityCrypto.java (original)
+++ ofbiz/trunk/framework/entity/src/org/ofbiz/entity/util/EntityCrypto.java Fri May 4 21:58:17 2012
@@ -60,7 +60,7 @@ public class EntityCrypto {
if (size == 0) {
for (int i = 0; i < 20; i++) {
String randomName = this.getRandomString();
- this.getKeyFromStore(randomName, false);
+ this.createKey(randomName);
}
}
} catch (GenericEntityException e) {
@@ -72,7 +72,11 @@ public class EntityCrypto {
/** Encrypts an Object into an encrypted hex encoded String */
public String encrypt(String keyName, Object obj) throws EntityCryptoException {
try {
- byte[] encryptedBytes = DesCrypt.encrypt(this.getKey(keyName, false), UtilObject.getBytes(obj));
+ SecretKey key = this.findKey(keyName, false);
+ if (key == null) {
+ key = this.createKey(keyName);
+ }
+ byte[] encryptedBytes = DesCrypt.encrypt(key, UtilObject.getBytes(obj));
String hexString = StringUtil.toHexString(encryptedBytes);
return hexString;
} catch (GeneralException e) {
@@ -85,7 +89,7 @@ public class EntityCrypto {
Object decryptedObj = null;
byte[] encryptedBytes = StringUtil.fromHexString(encryptedString);
try {
- SecretKey decryptKey = this.getKey(keyName, false);
+ SecretKey decryptKey = this.findKey(keyName, false);
byte[] decryptedBytes = DesCrypt.decrypt(decryptKey, encryptedBytes);
decryptedObj = UtilObject.getObject(decryptedBytes);
@@ -93,7 +97,7 @@ public class EntityCrypto {
try {
// try using the old/bad hex encoding approach; this is another path the code may take, ie if there is an exception thrown in decrypt
Debug.logInfo("Decrypt with DES key from standard key name hash failed, trying old/funny variety of key name hash", module);
- SecretKey decryptKey = this.getKey(keyName, true);
+ SecretKey decryptKey = this.findKey(keyName, true);
byte[] decryptedBytes = DesCrypt.decrypt(decryptKey, encryptedBytes);
decryptedObj = UtilObject.getObject(decryptedBytes);
//Debug.logInfo("Old/funny variety succeeded: Decrypted value [" + encryptedString + "]", module);
@@ -107,19 +111,17 @@ public class EntityCrypto {
return decryptedObj;
}
- protected SecretKey getKey(String name, boolean useOldFunnyKeyHash) throws EntityCryptoException {
- String keyMapName = name + useOldFunnyKeyHash;
- SecretKey key = keyMap.get(keyMapName);
- if (key == null) {
- synchronized(this) {
- key = this.getKeyFromStore(name, useOldFunnyKeyHash);
- keyMap.put(keyMapName, key);
+ protected SecretKey findKey(String originalKeyName, boolean useOldFunnyKeyHash) throws EntityCryptoException {
+ String keyMapName = originalKeyName + useOldFunnyKeyHash;
+ synchronized (keyMap) {
+ if (keyMap.containsKey(keyMapName)) {
+ return keyMap.get(keyMapName);
}
}
- return key;
- }
-
- protected SecretKey getKeyFromStore(String originalKeyName, boolean useOldFunnyKeyHash) throws EntityCryptoException {
+ // it's ok to run the bulk of this method unlocked or
+ // unprotected; since the same result will occur even if
+ // multiple threads request the same key, there is no
+ // need to protected this block of code.
String hashedKeyName = useOldFunnyKeyHash? HashCrypt.digestHashOldFunnyHex(null, originalKeyName) : HashCrypt.digestHash("SHA", null, originalKeyName);
GenericValue keyValue = null;
@@ -129,35 +131,47 @@ public class EntityCrypto {
throw new EntityCryptoException(e);
}
if (keyValue == null || keyValue.get("keyText") == null) {
- SecretKey key = null;
- try {
- key = DesCrypt.generateKey();
- } catch (NoSuchAlgorithmException e) {
- throw new EntityCryptoException(e);
- }
- final GenericValue newValue = delegator.makeValue("EntityKeyStore");
- newValue.set("keyText", StringUtil.toHexString(key.getEncoded()));
- newValue.set("keyName", hashedKeyName);
-
- try {
- TransactionUtil.doNewTransaction(new Callable<Void>() {
- public Void call() throws Exception {
- delegator.create(newValue);
- return null;
- }
- }, "storing encrypted key", 0, true);
- } catch (GenericEntityException e) {
- throw new EntityCryptoException(e);
- }
- return key;
- } else {
+ return null;
+ }
+ try {
byte[] keyBytes = StringUtil.fromHexString(keyValue.getString("keyText"));
- try {
- return DesCrypt.getDesKey(keyBytes);
- } catch (GeneralException e) {
- throw new EntityCryptoException(e);
+ SecretKey key = DesCrypt.getDesKey(keyBytes);
+ synchronized (keyMap) {
+ keyMap.put(keyMapName, key);
}
+ return key;
+ } catch (GeneralException e) {
+ throw new EntityCryptoException(e);
+ }
+ }
+
+ protected SecretKey createKey(String originalKeyName) throws EntityCryptoException {
+ String hashedKeyName = HashCrypt.getDigestHash(originalKeyName);
+ SecretKey key = null;
+ try {
+ key = DesCrypt.generateKey();
+ } catch (NoSuchAlgorithmException e) {
+ throw new EntityCryptoException(e);
}
+ final GenericValue newValue = delegator.makeValue("EntityKeyStore");
+ newValue.set("keyText", StringUtil.toHexString(key.getEncoded()));
+ newValue.set("keyName", hashedKeyName);
+
+ try {
+ TransactionUtil.doNewTransaction(new Callable<Void>() {
+ public Void call() throws Exception {
+ delegator.create(newValue);
+ return null;
+ }
+ }, "storing encrypted key", 0, true);
+ } catch (GenericEntityException e) {
+ throw new EntityCryptoException(e);
+ }
+ String keyMapName = originalKeyName + false;
+ synchronized (keyMap) {
+ keyMap.put(keyMapName, key);
+ }
+ return key;
}
protected String getRandomString() {