Author: deepak Date: Thu Nov 9 05:45:47 2017 New Revision: 1814704 URL: http://svn.apache.org/viewvc?rev=1814704&view=rev Log: Reverted: At r#1814155 RuntimeException was added to handle runtime exception as per pattern/best practise, but to maintain backward compatibility we need to handle Exception instead of throwing it. Reason: When the field is encrypted with the old algorithm (3-DES), the new Shiro code will fail to decrypt it (using AES) and then it will throw an org.apache.shiro.crypto.CryptoException that is a RuntimeException. For backward compatibility we want instead to catch the exception and decrypt the code using the old algorithm. This has been discussed at https://s.apache.org/b520
Modified: ofbiz/ofbiz-framework/trunk/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityCrypto.java Modified: ofbiz/ofbiz-framework/trunk/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityCrypto.java URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityCrypto.java?rev=1814704&r1=1814703&r2=1814704&view=diff ============================================================================== --- ofbiz/ofbiz-framework/trunk/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityCrypto.java (original) +++ ofbiz/ofbiz-framework/trunk/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityCrypto.java Thu Nov 9 05:45:47 2017 @@ -124,9 +124,12 @@ public final class EntityCrypto { public Object decrypt(String keyName, EncryptMethod encryptMethod, String encryptedString) throws EntityCryptoException { try { return doDecrypt(keyName, encryptMethod, encryptedString, handlers[0]); - } catch (RuntimeException e) { - throw e; } catch (Exception e) { + /* + When the field is encrypted with the old algorithm (3-DES), the new Shiro code will fail to decrypt it (using AES) and then it will + throw an org.apache.shiro.crypto.CryptoException that is a RuntimeException. + For backward compatibility we want instead to catch the exception and decrypt the code using the old algorithm. + */ Debug.logInfo("Decrypt with DES key from standard key name hash failed, trying old/funny variety of key name hash", module); for (int i = 1; i < handlers.length; i++) { try {