svn commit: r1814704 - /ofbiz/ofbiz-framework/trunk/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityCrypto.java

Wed, 08 Nov 2017 21:46:08 -0800 

Author: deepak
Date: Thu Nov  9 05:45:47 2017
New Revision: 1814704

URL: http://svn.apache.org/viewvc?rev=1814704&view=rev
Log:
Reverted: At r#1814155 RuntimeException was added to handle runtime exception 
as per pattern/best practise, but to maintain backward compatibility we need to 
handle Exception instead of throwing it. 
Reason: When the field is encrypted with the old algorithm (3-DES), the new 
Shiro code will fail to decrypt it (using AES) and then it will
throw an org.apache.shiro.crypto.CryptoException that is a RuntimeException.
For backward compatibility we want instead to catch the exception and decrypt 
the code using the old algorithm.
This has been discussed at https://s.apache.org/b520

Modified:
    
ofbiz/ofbiz-framework/trunk/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityCrypto.java

Modified: 
ofbiz/ofbiz-framework/trunk/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityCrypto.java
URL: 
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityCrypto.java?rev=1814704&r1=1814703&r2=1814704&view=diff
==============================================================================
--- 
ofbiz/ofbiz-framework/trunk/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityCrypto.java
 (original)
+++ 
ofbiz/ofbiz-framework/trunk/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityCrypto.java
 Thu Nov  9 05:45:47 2017
@@ -124,9 +124,12 @@ public final class EntityCrypto {
     public Object decrypt(String keyName, EncryptMethod encryptMethod, String 
encryptedString) throws EntityCryptoException {
         try {
             return doDecrypt(keyName, encryptMethod, encryptedString, 
handlers[0]);
-        } catch (RuntimeException e) {
-            throw e;
         } catch (Exception e) {
+            /*
+            When the field is encrypted with the old algorithm (3-DES), the 
new Shiro code will fail to decrypt it (using AES) and then it will
+            throw an org.apache.shiro.crypto.CryptoException that is a 
RuntimeException.
+            For backward compatibility we want instead to catch the exception 
and decrypt the code using the old algorithm.
+             */
             Debug.logInfo("Decrypt with DES key from standard key name hash 
failed, trying old/funny variety of key name hash", module);
             for (int i = 1; i < handlers.length; i++) {
                 try {

Reply via email to