You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by de...@apache.org on 2017/11/09 05:45:47 UTC
svn commit: r1814704 -
/ofbiz/ofbiz-framework/trunk/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityCrypto.java
Author: deepak
Date: Thu Nov 9 05:45:47 2017
New Revision: 1814704
URL: http://svn.apache.org/viewvc?rev=1814704&view=rev
Log:
Reverted: At r#1814155 RuntimeException was added to handle runtime exception as per pattern/best practise, but to maintain backward compatibility we need to handle Exception instead of throwing it.
Reason: When the field is encrypted with the old algorithm (3-DES), the new Shiro code will fail to decrypt it (using AES) and then it will
throw an org.apache.shiro.crypto.CryptoException that is a RuntimeException.
For backward compatibility we want instead to catch the exception and decrypt the code using the old algorithm.
This has been discussed at https://s.apache.org/b520
Modified:
ofbiz/ofbiz-framework/trunk/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityCrypto.java
Modified: ofbiz/ofbiz-framework/trunk/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityCrypto.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityCrypto.java?rev=1814704&r1=1814703&r2=1814704&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityCrypto.java (original)
+++ ofbiz/ofbiz-framework/trunk/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityCrypto.java Thu Nov 9 05:45:47 2017
@@ -124,9 +124,12 @@ public final class EntityCrypto {
public Object decrypt(String keyName, EncryptMethod encryptMethod, String encryptedString) throws EntityCryptoException {
try {
return doDecrypt(keyName, encryptMethod, encryptedString, handlers[0]);
- } catch (RuntimeException e) {
- throw e;
} catch (Exception e) {
+ /*
+ When the field is encrypted with the old algorithm (3-DES), the new Shiro code will fail to decrypt it (using AES) and then it will
+ throw an org.apache.shiro.crypto.CryptoException that is a RuntimeException.
+ For backward compatibility we want instead to catch the exception and decrypt the code using the old algorithm.
+ */
Debug.logInfo("Decrypt with DES key from standard key name hash failed, trying old/funny variety of key name hash", module);
for (int i = 1; i < handlers.length; i++) {
try {