You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ofbiz.apache.org by de...@apache.org on 2017/11/09 05:45:47 UTC

svn commit: r1814704 - /ofbiz/ofbiz-framework/trunk/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityCrypto.java

Author: deepak
Date: Thu Nov  9 05:45:47 2017
New Revision: 1814704

URL: http://svn.apache.org/viewvc?rev=1814704&view=rev
Log:
Reverted: At r#1814155 RuntimeException was added to handle runtime exception as per pattern/best practise, but to maintain backward compatibility we need to handle Exception instead of throwing it. 
Reason: When the field is encrypted with the old algorithm (3-DES), the new Shiro code will fail to decrypt it (using AES) and then it will
throw an org.apache.shiro.crypto.CryptoException that is a RuntimeException.
For backward compatibility we want instead to catch the exception and decrypt the code using the old algorithm.
This has been discussed at https://s.apache.org/b520

Modified:
    ofbiz/ofbiz-framework/trunk/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityCrypto.java

Modified: ofbiz/ofbiz-framework/trunk/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityCrypto.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityCrypto.java?rev=1814704&r1=1814703&r2=1814704&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityCrypto.java (original)
+++ ofbiz/ofbiz-framework/trunk/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityCrypto.java Thu Nov  9 05:45:47 2017
@@ -124,9 +124,12 @@ public final class EntityCrypto {
     public Object decrypt(String keyName, EncryptMethod encryptMethod, String encryptedString) throws EntityCryptoException {
         try {
             return doDecrypt(keyName, encryptMethod, encryptedString, handlers[0]);
-        } catch (RuntimeException e) {
-            throw e;
         } catch (Exception e) {
+            /*
+            When the field is encrypted with the old algorithm (3-DES), the new Shiro code will fail to decrypt it (using AES) and then it will
+            throw an org.apache.shiro.crypto.CryptoException that is a RuntimeException.
+            For backward compatibility we want instead to catch the exception and decrypt the code using the old algorithm.
+             */
             Debug.logInfo("Decrypt with DES key from standard key name hash failed, trying old/funny variety of key name hash", module);
             for (int i = 1; i < handlers.length; i++) {
                 try {