You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by Rajib Khan <ra...@arlnet.com> on 2009/08/20 10:01:55 UTC
facing problems in EntityCrypto.decrypt() method
Hi,
We are using OFBiz (revision *4955*) since 2005 and recently upgraded to the
branch *0904*. We have some encrypted data in the DB.
In most of the cases OFBiz is successfully decrypting the values (as
EntityCrypto.decrypt() catches the exception and then uses
"useOldFunnyKeyHash" attribute as "true" to get the SecretKey).
But in some of the cases it is not returning any value. We observed that new
hash method (see code fragment below) doesn't throw exception and consequent
call to "UtilObject.getObject()" encounters exception, prints error messages
and returns "null". As a result EntityCrypto.decrypt() method to return null
instead of trying the old hash algoritm.
code snippet:
==========
SecretKey decryptKey = this.getKey(keyName, false);
byte[] decryptedBytes = DesCrypt.decrypt(decryptKey, encryptedBytes);
decryptedObj = UtilObject.getObject(decryptedBytes);
log from console.log
===============
2009-07-16 11:16:59,893 (default-invoker-Thread-6) [
UtilObject.java:127:ERROR]
---- exception report ----------------------------------------------------------
Exception: java.io.StreamCorruptedException
Message: invalid stream header: E4F9F18A
---- stack trace ---------------------------------------------------------------
java.io.StreamCorruptedException: invalid stream header: E4F9F18A
java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:783)
java.io.ObjectInputStream.<init>(ObjectInputStream.java:280)
org.ofbiz.base.util.ObjectInputStream.<init>(ObjectInputStream.java:35)
org.ofbiz.base.util.UtilObject.getObject(UtilObject.java:122)
org.ofbiz.entity.util.EntityCrypto.decrypt(EntityCrypto.java:90)
org.ofbiz.entity.GenericDelegator.decryptFields(GenericDelegator.java:3325)
We have tested for this scenario by calling old hash technique which
returns the decrypted value. I'm adding the code that I used to get my
result.
Modied test code "EntityCrypto.decrypt()" that returns expected value
====================================================
/** Decrypts a hex encoded String into an Object */
public Object decrypt(String keyName, String encryptedString) throws
EntityCryptoException {
Object decryptedObj = null;
byte[] encryptedBytes = StringUtil.fromHexString(encryptedString);
try {
SecretKey decryptKey = this.getKey(keyName, false);
byte[] decryptedBytes = DesCrypt.decrypt(decryptKey,
encryptedBytes);
decryptedObj = UtilObject.getObject(decryptedBytes);
////////// added following block to get result /////////////
if (null != encryptedString && null == decryptedObj) {
String errStr = "returned null or had error in decryptedObj.
trying oldHash method.";
Debug.logError(errStr, module);
throw new GeneralException(errStr);
}
//////////////////////////////////////////////////////////////////////////////
} catch (GeneralException e) {
try {
// try using the old/bad hex encoding approach; this is
another path the code may take, ie if there is an exception thrown in
decrypt
Debug.logVerbose("Decrypt with DES key from standard key
name hash failed, trying old/funny variety of key name hash", module);
SecretKey decryptKey = this.getKey(keyName, true);
byte[] decryptedBytes = DesCrypt.decrypt(decryptKey,
encryptedBytes);
decryptedObj = UtilObject.getObject(decryptedBytes);
//Debug.logInfo("Old/funny variety succeeded: Decrypted
value [" + encryptedString + "]", module);
} catch (GeneralException e1) {
// NOTE: this throws the original exception back, not the
new one if it fails using the other approach
throw new EntityCryptoException(e);
}
}
// NOTE: this is definitely for debugging purposes only, do not
uncomment in production server for security reasons:
Debug.logInfo("Decrypted value [" + encryptedString + "] to result: " +
decryptedObj, module);
return decryptedObj;
}
So, please let me know if this scenario has been taken care of already.
Regards,
Rajib
Re: facing problems in EntityCrypto.decrypt() method
Posted by Rajib Khan <ra...@arlnet.com>.
Hi Prateek,
This is happening for a customized field in "PartyGroup" entity (see below).
<!-- ========================================================= -->
<!-- Extend: org.ofbiz.party.party.PartyGroup -->
<!-- ========================================================= -->
<extend-entity entity-name="PartyGroup">
<field name="federalTaxId" type="long-varchar"
encrypt="true"></field>
</extend-entity>
As we have old data (created with revision 4955) and new data (created with
0904) we have multiple entries (keys) in *entity_key_store.
Data:
1. Key
Key_name: {SHA}77f2961ed55dc323fd4c46bf20b97df73fa6cb37
****
2. encrypted value:
federalTaxId: ec44b729c7898094df6d4c4da2fcfd0c5295fc7acd4e22a5
I'm also quoting some part of the console log which shows it is returning
null and then tries with the test code (to force using old hash method if
null is returned) which returns the decrypted value.
///////////////////// console.log ///////////////////////
2009-08-21 09:47:59,703 (TP-Processor3) [ EntityCrypto.java:128:INFO ]
*** useOldFunnyKeyHash (false) originalKeyName / hashedKeyName = PartyGroup
/ {SHA}77f2961ed55dc323fd4c46bf20b97df73fa6cb37
2009-08-21 09:47:59,755 (TP-Processor3) [ EntityCrypto.java:89 :INFO ]
* encryptedString = ec44b729c7898094df6d4c4da2fcfd0c5295fc7acd4e22a5
2009-08-21 09:47:59,787 (TP-Processor3) [ UtilObject.java:127:ERROR]
---- exception report
----------------------------------------------------------
Exception: java.io.StreamCorruptedException
Message: invalid stream header: 7C2B1CA2
---- stack trace
---------------------------------------------------------------
java.io.StreamCorruptedException: invalid stream header: 7C2B1CA2
java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:783)
java.io.ObjectInputStream.<init>(ObjectInputStream.java:280)
org.ofbiz.base.util.ObjectInputStream.<init>(ObjectInputStream.java:35)
org.ofbiz.base.util.UtilObject.getObject(UtilObject.java:122)
org.ofbiz.entity.util.EntityCrypto.decrypt(EntityCrypto.java:90)
org.ofbiz.entity.GenericDelegator.decryptFields(GenericDelegator.java:3325)
org.ofbiz.entity.GenericDelegator.findOne(GenericDelegator.java:1618)
org.ofbiz.entity.GenericDelegator.findByPrimaryKey(GenericDelegator.java:1687)
org.ofbiz.party.party.PartyWorker.getPartyOtherValues(PartyWorker.java:76)
au.com.arl.party.party.ArlPartyWorker.getPartyOtherValues(ArlPartyWorker.java:47)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
bsh.Reflect.invokeMethod(Unknown Source)
bsh.Reflect.invokeStaticMethod(Unknown Source)
bsh.Name.invokeMethod(Unknown Source)
bsh.BSHMethodInvocation.eval(Unknown Source)
bsh.BSHPrimaryExpression.eval(Unknown Source)
bsh.BSHPrimaryExpression.eval(Unknown Source)
bsh.BSHAssignment.eval(Unknown Source)
bsh.BSHBlock.evalBlock(Unknown Source)
bsh.BSHBlock.eval(Unknown Source)
bsh.BSHBlock.eval(Unknown Source)
bsh.BSHIfStatement.eval(Unknown Source)
bsh.BSHBlock.evalBlock(Unknown Source)
bsh.BSHBlock.eval(Unknown Source)
bsh.BSHBlock.eval(Unknown Source)
bsh.BSHIfStatement.eval(Unknown Source)
bsh.Interpreter.evalParsedScript(Unknown Source)
bsh.Interpreter.evalParsedScript(Unknown Source)
org.ofbiz.base.util.BshUtil.runBshAtLocation(BshUtil.java:157)
org.ofbiz.widget.screen.ModelScreenAction$Script.runAction(ModelScreenAction.java:402)
org.ofbiz.widget.screen.ModelScreenAction.runSubActions(ModelScreenAction.java:118)
org.ofbiz.widget.screen.ModelScreenWidget$Section.renderWidgetString(ModelScreenWidget.java:220)
org.ofbiz.widget.screen.ModelScreen.renderScreenString(ModelScreen.java:393)
org.ofbiz.widget.screen.ScreenRenderer.render(ScreenRenderer.java:129)
org.ofbiz.widget.screen.ScreenRenderer.render(ScreenRenderer.java:92)
org.ofbiz.widget.screen.ScreenWidgetViewHandler.render(ScreenWidgetViewHandler.java:98)
org.ofbiz.webapp.control.RequestHandler.renderView(RequestHandler.java:781)
org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:533)
org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:201)
javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:259)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
org.jasig.cas.client.util.HttpServletRequestWrapperFilter.doFilter(HttpServletRequestWrapperFilter.java:50)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:167)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:99)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:767)
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:697)
org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:889)
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
java.lang.Thread.run(Thread.java:619)
--------------------------------------------------------------------------------
2009-08-21 09:47:59,787 (TP-Processor3) [ EntityCrypto.java:93 :ERROR]
returned null or had error in decryptedObj. trying oldHash method.
2009-08-21 09:47:59,788 (TP-Processor3) [ EntityCrypto.java:128:INFO ]
*** useOldFunnyKeyHash (true) originalKeyName / hashedKeyName = PartyGroup /
778de91eaa5dbc23824c46c020c67d883fd9b437
/////////////////////////////////////////////////////////////////
Regards,
Rajib
*
On Thu, Aug 20, 2009 at 9:01 PM, Prateek Jain <pr...@hotwaxmedia.com>wrote:
> Hi Rajib
>
> Can u please provide some more details like the value of the encrypted
> bytes and the entity column on which are you are working as per my view
> whenever there is a decryption if key or encrypted value is not match it
> gives result null.There are different approach of encryption in ofbiz for
> example entity engine uses EntittyCrypto class for encrption and decryption
> which uses a different approach rather than hashCrypt which uses SHA
> algoritham for encryption.
>
> Regards
> Prateek Jain
>
>
>
>
>
>
> Rajib Khan wrote:
>
>> Hi,
>>
>> We are using OFBiz (revision *4955*) since 2005 and recently upgraded to
>> the
>> branch *0904*. We have some encrypted data in the DB.
>> In most of the cases OFBiz is successfully decrypting the values (as
>> EntityCrypto.decrypt() catches the exception and then uses
>> "useOldFunnyKeyHash" attribute as "true" to get the SecretKey).
>>
>> But in some of the cases it is not returning any value. We observed that
>> new
>> hash method (see code fragment below) doesn't throw exception and
>> consequent
>> call to "UtilObject.getObject()" encounters exception, prints error
>> messages
>> and returns "null". As a result EntityCrypto.decrypt() method to return
>> null
>> instead of trying the old hash algoritm.
>>
>> code snippet:
>> ==========
>>
>> SecretKey decryptKey = this.getKey(keyName, false);
>> byte[] decryptedBytes = DesCrypt.decrypt(decryptKey, encryptedBytes);
>> decryptedObj = UtilObject.getObject(decryptedBytes);
>>
>> log from console.log
>> ===============
>>
>> 2009-07-16 11:16:59,893 (default-invoker-Thread-6) [
>> UtilObject.java:127:ERROR]
>> ---- exception report
>> ----------------------------------------------------------
>> Exception: java.io.StreamCorruptedException
>> Message: invalid stream header: E4F9F18A
>> ---- stack trace
>> ---------------------------------------------------------------
>> java.io.StreamCorruptedException: invalid stream header: E4F9F18A
>> java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:783)
>> java.io.ObjectInputStream.<init>(ObjectInputStream.java:280)
>> org.ofbiz.base.util.ObjectInputStream.<init>(ObjectInputStream.java:35)
>> org.ofbiz.base.util.UtilObject.getObject(UtilObject.java:122)
>> org.ofbiz.entity.util.EntityCrypto.decrypt(EntityCrypto.java:90)
>>
>> org.ofbiz.entity.GenericDelegator.decryptFields(GenericDelegator.java:3325)
>>
>>
>> We have tested for this scenario by calling old hash technique which
>> returns the decrypted value. I'm adding the code that I used to get my
>> result.
>>
>>
>> Modied test code "EntityCrypto.decrypt()" that returns expected value
>> ====================================================
>> /** Decrypts a hex encoded String into an Object */
>> public Object decrypt(String keyName, String encryptedString) throws
>> EntityCryptoException {
>> Object decryptedObj = null;
>> byte[] encryptedBytes = StringUtil.fromHexString(encryptedString);
>> try {
>> SecretKey decryptKey = this.getKey(keyName, false);
>> byte[] decryptedBytes = DesCrypt.decrypt(decryptKey,
>> encryptedBytes);
>> decryptedObj = UtilObject.getObject(decryptedBytes);
>>
>> ////////// added following block to get result /////////////
>> if (null != encryptedString && null == decryptedObj) {
>> String errStr = "returned null or had error in
>> decryptedObj.
>> trying oldHash method.";
>> Debug.logError(errStr, module);
>> throw new GeneralException(errStr);
>> }
>>
>>
>> //////////////////////////////////////////////////////////////////////////////
>>
>> } catch (GeneralException e) {
>> try {
>> // try using the old/bad hex encoding approach; this is
>> another path the code may take, ie if there is an exception thrown in
>> decrypt
>> Debug.logVerbose("Decrypt with DES key from standard key
>> name hash failed, trying old/funny variety of key name hash", module);
>> SecretKey decryptKey = this.getKey(keyName, true);
>> byte[] decryptedBytes = DesCrypt.decrypt(decryptKey,
>> encryptedBytes);
>> decryptedObj = UtilObject.getObject(decryptedBytes);
>> //Debug.logInfo("Old/funny variety succeeded: Decrypted
>> value [" + encryptedString + "]", module);
>> } catch (GeneralException e1) {
>> // NOTE: this throws the original exception back, not the
>> new one if it fails using the other approach
>> throw new EntityCryptoException(e);
>> }
>> }
>>
>> // NOTE: this is definitely for debugging purposes only, do not
>> uncomment in production server for security reasons:
>> Debug.logInfo("Decrypted value [" + encryptedString + "] to result: " +
>> decryptedObj, module);
>> return decryptedObj;
>> }
>>
>>
>> So, please let me know if this scenario has been taken care of already.
>>
>>
>> Regards,
>> Rajib
>>
>>
>>
>
>
Re: facing problems in EntityCrypto.decrypt() method
Posted by Prateek Jain <pr...@hotwaxmedia.com>.
Hi Rajib
Can u please provide some more details like the value of the encrypted
bytes and the entity column on which are you are working as per my view
whenever there is a decryption if key or encrypted value is not match it
gives result null.There are different approach of encryption in ofbiz
for example entity engine uses EntittyCrypto class for encrption and
decryption which uses a different approach rather than hashCrypt which
uses SHA algoritham for encryption.
Regards
Prateek Jain
Rajib Khan wrote:
> Hi,
>
> We are using OFBiz (revision *4955*) since 2005 and recently upgraded to the
> branch *0904*. We have some encrypted data in the DB.
> In most of the cases OFBiz is successfully decrypting the values (as
> EntityCrypto.decrypt() catches the exception and then uses
> "useOldFunnyKeyHash" attribute as "true" to get the SecretKey).
>
> But in some of the cases it is not returning any value. We observed that new
> hash method (see code fragment below) doesn't throw exception and consequent
> call to "UtilObject.getObject()" encounters exception, prints error messages
> and returns "null". As a result EntityCrypto.decrypt() method to return null
> instead of trying the old hash algoritm.
>
> code snippet:
> ==========
>
> SecretKey decryptKey = this.getKey(keyName, false);
> byte[] decryptedBytes = DesCrypt.decrypt(decryptKey, encryptedBytes);
> decryptedObj = UtilObject.getObject(decryptedBytes);
>
> log from console.log
> ===============
>
> 2009-07-16 11:16:59,893 (default-invoker-Thread-6) [
> UtilObject.java:127:ERROR]
> ---- exception report ----------------------------------------------------------
> Exception: java.io.StreamCorruptedException
> Message: invalid stream header: E4F9F18A
> ---- stack trace ---------------------------------------------------------------
> java.io.StreamCorruptedException: invalid stream header: E4F9F18A
> java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:783)
> java.io.ObjectInputStream.<init>(ObjectInputStream.java:280)
> org.ofbiz.base.util.ObjectInputStream.<init>(ObjectInputStream.java:35)
> org.ofbiz.base.util.UtilObject.getObject(UtilObject.java:122)
> org.ofbiz.entity.util.EntityCrypto.decrypt(EntityCrypto.java:90)
> org.ofbiz.entity.GenericDelegator.decryptFields(GenericDelegator.java:3325)
>
>
> We have tested for this scenario by calling old hash technique which
> returns the decrypted value. I'm adding the code that I used to get my
> result.
>
>
> Modied test code "EntityCrypto.decrypt()" that returns expected value
> ====================================================
> /** Decrypts a hex encoded String into an Object */
> public Object decrypt(String keyName, String encryptedString) throws
> EntityCryptoException {
> Object decryptedObj = null;
> byte[] encryptedBytes = StringUtil.fromHexString(encryptedString);
> try {
> SecretKey decryptKey = this.getKey(keyName, false);
> byte[] decryptedBytes = DesCrypt.decrypt(decryptKey,
> encryptedBytes);
> decryptedObj = UtilObject.getObject(decryptedBytes);
>
> ////////// added following block to get result /////////////
> if (null != encryptedString && null == decryptedObj) {
> String errStr = "returned null or had error in decryptedObj.
> trying oldHash method.";
> Debug.logError(errStr, module);
> throw new GeneralException(errStr);
> }
>
> //////////////////////////////////////////////////////////////////////////////
>
> } catch (GeneralException e) {
> try {
> // try using the old/bad hex encoding approach; this is
> another path the code may take, ie if there is an exception thrown in
> decrypt
> Debug.logVerbose("Decrypt with DES key from standard key
> name hash failed, trying old/funny variety of key name hash", module);
> SecretKey decryptKey = this.getKey(keyName, true);
> byte[] decryptedBytes = DesCrypt.decrypt(decryptKey,
> encryptedBytes);
> decryptedObj = UtilObject.getObject(decryptedBytes);
> //Debug.logInfo("Old/funny variety succeeded: Decrypted
> value [" + encryptedString + "]", module);
> } catch (GeneralException e1) {
> // NOTE: this throws the original exception back, not the
> new one if it fails using the other approach
> throw new EntityCryptoException(e);
> }
> }
>
> // NOTE: this is definitely for debugging purposes only, do not
> uncomment in production server for security reasons:
> Debug.logInfo("Decrypted value [" + encryptedString + "] to result: " +
> decryptedObj, module);
> return decryptedObj;
> }
>
>
> So, please let me know if this scenario has been taken care of already.
>
>
> Regards,
> Rajib
>
>