facing problems in EntityCrypto.decrypt() method

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

facing problems in EntityCrypto.decrypt() method

Rajib Khan
Hi,

We are using OFBiz (revision *4955*) since 2005 and recently upgraded to the
branch *0904*. We have some encrypted data in the DB.
In most of the cases OFBiz is successfully decrypting the values (as
EntityCrypto.decrypt() catches the exception and then uses
"useOldFunnyKeyHash" attribute as "true" to get the SecretKey).

But in some of the cases it is not returning any value. We observed that new
hash method (see code fragment below) doesn't throw exception and consequent
call to "UtilObject.getObject()" encounters exception, prints error messages
and returns "null". As a result EntityCrypto.decrypt() method to return null
instead of trying the old hash algoritm.

code snippet:
==========

SecretKey decryptKey = this.getKey(keyName, false);
byte[] decryptedBytes = DesCrypt.decrypt(decryptKey, encryptedBytes);
decryptedObj = UtilObject.getObject(decryptedBytes);

log from console.log
===============

2009-07-16 11:16:59,893 (default-invoker-Thread-6) [
UtilObject.java:127:ERROR]
---- exception report ----------------------------------------------------------
Exception: java.io.StreamCorruptedException
Message: invalid stream header: E4F9F18A
---- stack trace ---------------------------------------------------------------
java.io.StreamCorruptedException: invalid stream header: E4F9F18A
java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:783)
java.io.ObjectInputStream.<init>(ObjectInputStream.java:280)
org.ofbiz.base.util.ObjectInputStream.<init>(ObjectInputStream.java:35)
org.ofbiz.base.util.UtilObject.getObject(UtilObject.java:122)
org.ofbiz.entity.util.EntityCrypto.decrypt(EntityCrypto.java:90)
org.ofbiz.entity.GenericDelegator.decryptFields(GenericDelegator.java:3325)


We have tested for this scenario by calling  old hash technique which
returns the decrypted value. I'm adding the code that I used to get my
result.


Modied test code "EntityCrypto.decrypt()" that returns expected value
====================================================
/** Decrypts a hex encoded String into an Object */
    public Object decrypt(String keyName, String encryptedString) throws
EntityCryptoException {
        Object decryptedObj = null;
        byte[] encryptedBytes = StringUtil.fromHexString(encryptedString);
        try {
            SecretKey decryptKey = this.getKey(keyName, false);
            byte[] decryptedBytes = DesCrypt.decrypt(decryptKey,
encryptedBytes);
            decryptedObj = UtilObject.getObject(decryptedBytes);

             ////////// added following block to get result /////////////
            if (null != encryptedString && null == decryptedObj) {
                String errStr = "returned null or had error in decryptedObj.
trying oldHash method.";
                Debug.logError(errStr, module);
                throw new GeneralException(errStr);
            }

//////////////////////////////////////////////////////////////////////////////

        } catch (GeneralException e) {
            try {
                // try using the old/bad hex encoding approach; this is
another path the code may take, ie if there is an exception thrown in
decrypt
                Debug.logVerbose("Decrypt with DES key from standard key
name hash failed, trying old/funny variety of key name hash", module);
                SecretKey decryptKey = this.getKey(keyName, true);
                byte[] decryptedBytes = DesCrypt.decrypt(decryptKey,
encryptedBytes);
                decryptedObj = UtilObject.getObject(decryptedBytes);
                //Debug.logInfo("Old/funny variety succeeded: Decrypted
value [" + encryptedString + "]", module);
            } catch (GeneralException e1) {
                // NOTE: this throws the original exception back, not the
new one if it fails using the other approach
                throw new EntityCryptoException(e);
            }
        }

        // NOTE: this is definitely for debugging purposes only, do not
uncomment in production server for security reasons:
Debug.logInfo("Decrypted value [" + encryptedString + "] to result: " +
decryptedObj, module);
        return decryptedObj;
    }


So, please let me know if this scenario has been taken care of already.


Regards,
Rajib
Reply | Threaded
Open this post in threaded view
|

Re: facing problems in EntityCrypto.decrypt() method

Prateek Jain-6
Hi  Rajib

Can u please provide some more details like the value of the encrypted
bytes and the entity column on which are you are working as per my view
whenever there is a decryption if key or encrypted value is not match it
gives result null.There are different approach of encryption in ofbiz
for example entity engine uses EntittyCrypto class for encrption and
decryption which uses a different approach rather than hashCrypt which
uses SHA algoritham for encryption.

Regards
Prateek Jain





Rajib Khan wrote:

> Hi,
>
> We are using OFBiz (revision *4955*) since 2005 and recently upgraded to the
> branch *0904*. We have some encrypted data in the DB.
> In most of the cases OFBiz is successfully decrypting the values (as
> EntityCrypto.decrypt() catches the exception and then uses
> "useOldFunnyKeyHash" attribute as "true" to get the SecretKey).
>
> But in some of the cases it is not returning any value. We observed that new
> hash method (see code fragment below) doesn't throw exception and consequent
> call to "UtilObject.getObject()" encounters exception, prints error messages
> and returns "null". As a result EntityCrypto.decrypt() method to return null
> instead of trying the old hash algoritm.
>
> code snippet:
> ==========
>
> SecretKey decryptKey = this.getKey(keyName, false);
> byte[] decryptedBytes = DesCrypt.decrypt(decryptKey, encryptedBytes);
> decryptedObj = UtilObject.getObject(decryptedBytes);
>
> log from console.log
> ===============
>
> 2009-07-16 11:16:59,893 (default-invoker-Thread-6) [
> UtilObject.java:127:ERROR]
> ---- exception report ----------------------------------------------------------
> Exception: java.io.StreamCorruptedException
> Message: invalid stream header: E4F9F18A
> ---- stack trace ---------------------------------------------------------------
> java.io.StreamCorruptedException: invalid stream header: E4F9F18A
> java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:783)
> java.io.ObjectInputStream.<init>(ObjectInputStream.java:280)
> org.ofbiz.base.util.ObjectInputStream.<init>(ObjectInputStream.java:35)
> org.ofbiz.base.util.UtilObject.getObject(UtilObject.java:122)
> org.ofbiz.entity.util.EntityCrypto.decrypt(EntityCrypto.java:90)
> org.ofbiz.entity.GenericDelegator.decryptFields(GenericDelegator.java:3325)
>
>
> We have tested for this scenario by calling  old hash technique which
> returns the decrypted value. I'm adding the code that I used to get my
> result.
>
>
> Modied test code "EntityCrypto.decrypt()" that returns expected value
> ====================================================
> /** Decrypts a hex encoded String into an Object */
>     public Object decrypt(String keyName, String encryptedString) throws
> EntityCryptoException {
>         Object decryptedObj = null;
>         byte[] encryptedBytes = StringUtil.fromHexString(encryptedString);
>         try {
>             SecretKey decryptKey = this.getKey(keyName, false);
>             byte[] decryptedBytes = DesCrypt.decrypt(decryptKey,
> encryptedBytes);
>             decryptedObj = UtilObject.getObject(decryptedBytes);
>
>              ////////// added following block to get result /////////////
>             if (null != encryptedString && null == decryptedObj) {
>                 String errStr = "returned null or had error in decryptedObj.
> trying oldHash method.";
>                 Debug.logError(errStr, module);
>                 throw new GeneralException(errStr);
>             }
>
> //////////////////////////////////////////////////////////////////////////////
>
>         } catch (GeneralException e) {
>             try {
>                 // try using the old/bad hex encoding approach; this is
> another path the code may take, ie if there is an exception thrown in
> decrypt
>                 Debug.logVerbose("Decrypt with DES key from standard key
> name hash failed, trying old/funny variety of key name hash", module);
>                 SecretKey decryptKey = this.getKey(keyName, true);
>                 byte[] decryptedBytes = DesCrypt.decrypt(decryptKey,
> encryptedBytes);
>                 decryptedObj = UtilObject.getObject(decryptedBytes);
>                 //Debug.logInfo("Old/funny variety succeeded: Decrypted
> value [" + encryptedString + "]", module);
>             } catch (GeneralException e1) {
>                 // NOTE: this throws the original exception back, not the
> new one if it fails using the other approach
>                 throw new EntityCryptoException(e);
>             }
>         }
>
>         // NOTE: this is definitely for debugging purposes only, do not
> uncomment in production server for security reasons:
> Debug.logInfo("Decrypted value [" + encryptedString + "] to result: " +
> decryptedObj, module);
>         return decryptedObj;
>     }
>
>
> So, please let me know if this scenario has been taken care of already.
>
>
> Regards,
> Rajib
>
>  

Reply | Threaded
Open this post in threaded view
|

Re: facing problems in EntityCrypto.decrypt() method

Rajib Khan
Hi Prateek,

This is happening for a customized field in "PartyGroup" entity (see below).

<!-- ========================================================= -->
    <!-- Extend: org.ofbiz.party.party.PartyGroup -->
    <!-- ========================================================= -->
    <extend-entity entity-name="PartyGroup">
        <field name="federalTaxId" type="long-varchar"
encrypt="true"></field>
    </extend-entity>

As we have old data (created with revision 4955) and new data (created with
0904) we have multiple entries (keys) in *entity_key_store.


Data:
1. Key
Key_name: {SHA}77f2961ed55dc323fd4c46bf20b97df73fa6cb37
****
2. encrypted value:
federalTaxId: ec44b729c7898094df6d4c4da2fcfd0c5295fc7acd4e22a5


I'm also quoting some part of the console log which shows it is returning
null and then tries with the test code (to force using old hash method if
null is returned) which returns the decrypted value.

///////////////////// console.log ///////////////////////
2009-08-21 09:47:59,703 (TP-Processor3) [       EntityCrypto.java:128:INFO ]
*** useOldFunnyKeyHash (false) originalKeyName / hashedKeyName = PartyGroup
/ {SHA}77f2961ed55dc323fd4c46bf20b97df73fa6cb37
2009-08-21 09:47:59,755 (TP-Processor3) [       EntityCrypto.java:89 :INFO ]
* encryptedString = ec44b729c7898094df6d4c4da2fcfd0c5295fc7acd4e22a5
2009-08-21 09:47:59,787 (TP-Processor3) [         UtilObject.java:127:ERROR]

---- exception report
----------------------------------------------------------
Exception: java.io.StreamCorruptedException
Message: invalid stream header: 7C2B1CA2
---- stack trace
---------------------------------------------------------------
java.io.StreamCorruptedException: invalid stream header: 7C2B1CA2
java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:783)
java.io.ObjectInputStream.<init>(ObjectInputStream.java:280)
org.ofbiz.base.util.ObjectInputStream.<init>(ObjectInputStream.java:35)
org.ofbiz.base.util.UtilObject.getObject(UtilObject.java:122)
org.ofbiz.entity.util.EntityCrypto.decrypt(EntityCrypto.java:90)
org.ofbiz.entity.GenericDelegator.decryptFields(GenericDelegator.java:3325)
org.ofbiz.entity.GenericDelegator.findOne(GenericDelegator.java:1618)
org.ofbiz.entity.GenericDelegator.findByPrimaryKey(GenericDelegator.java:1687)
org.ofbiz.party.party.PartyWorker.getPartyOtherValues(PartyWorker.java:76)
au.com.arl.party.party.ArlPartyWorker.getPartyOtherValues(ArlPartyWorker.java:47)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
bsh.Reflect.invokeMethod(Unknown Source)
bsh.Reflect.invokeStaticMethod(Unknown Source)
bsh.Name.invokeMethod(Unknown Source)
bsh.BSHMethodInvocation.eval(Unknown Source)
bsh.BSHPrimaryExpression.eval(Unknown Source)
bsh.BSHPrimaryExpression.eval(Unknown Source)
bsh.BSHAssignment.eval(Unknown Source)
bsh.BSHBlock.evalBlock(Unknown Source)
bsh.BSHBlock.eval(Unknown Source)
bsh.BSHBlock.eval(Unknown Source)
bsh.BSHIfStatement.eval(Unknown Source)
bsh.BSHBlock.evalBlock(Unknown Source)
bsh.BSHBlock.eval(Unknown Source)
bsh.BSHBlock.eval(Unknown Source)
bsh.BSHIfStatement.eval(Unknown Source)
bsh.Interpreter.evalParsedScript(Unknown Source)
bsh.Interpreter.evalParsedScript(Unknown Source)
org.ofbiz.base.util.BshUtil.runBshAtLocation(BshUtil.java:157)
org.ofbiz.widget.screen.ModelScreenAction$Script.runAction(ModelScreenAction.java:402)
org.ofbiz.widget.screen.ModelScreenAction.runSubActions(ModelScreenAction.java:118)
org.ofbiz.widget.screen.ModelScreenWidget$Section.renderWidgetString(ModelScreenWidget.java:220)
org.ofbiz.widget.screen.ModelScreen.renderScreenString(ModelScreen.java:393)
org.ofbiz.widget.screen.ScreenRenderer.render(ScreenRenderer.java:129)
org.ofbiz.widget.screen.ScreenRenderer.render(ScreenRenderer.java:92)
org.ofbiz.widget.screen.ScreenWidgetViewHandler.render(ScreenWidgetViewHandler.java:98)
org.ofbiz.webapp.control.RequestHandler.renderView(RequestHandler.java:781)
org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:533)
org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:201)
javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:259)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
org.jasig.cas.client.util.HttpServletRequestWrapperFilter.doFilter(HttpServletRequestWrapperFilter.java:50)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:167)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:99)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:767)
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:697)
org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:889)
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
java.lang.Thread.run(Thread.java:619)
--------------------------------------------------------------------------------

2009-08-21 09:47:59,787 (TP-Processor3) [       EntityCrypto.java:93 :ERROR]
returned null or had error in decryptedObj. trying oldHash method.
2009-08-21 09:47:59,788 (TP-Processor3) [       EntityCrypto.java:128:INFO ]
*** useOldFunnyKeyHash (true) originalKeyName / hashedKeyName = PartyGroup /
778de91eaa5dbc23824c46c020c67d883fd9b437

/////////////////////////////////////////////////////////////////


Regards,
Rajib
*


On Thu, Aug 20, 2009 at 9:01 PM, Prateek Jain <[hidden email]>wrote:

> Hi  Rajib
>
> Can u please provide some more details like the value of the encrypted
> bytes and the entity column on which are you are working as per my view
> whenever there is a decryption if key or encrypted value is not match it
> gives result null.There are different approach of encryption in ofbiz for
> example entity engine uses EntittyCrypto class for encrption and decryption
> which uses a different approach rather than hashCrypt which uses SHA
> algoritham for encryption.
>
> Regards
> Prateek Jain
>
>
>
>
>
>
> Rajib Khan wrote:
>
>> Hi,
>>
>> We are using OFBiz (revision *4955*) since 2005 and recently upgraded to
>> the
>> branch *0904*. We have some encrypted data in the DB.
>> In most of the cases OFBiz is successfully decrypting the values (as
>> EntityCrypto.decrypt() catches the exception and then uses
>> "useOldFunnyKeyHash" attribute as "true" to get the SecretKey).
>>
>> But in some of the cases it is not returning any value. We observed that
>> new
>> hash method (see code fragment below) doesn't throw exception and
>> consequent
>> call to "UtilObject.getObject()" encounters exception, prints error
>> messages
>> and returns "null". As a result EntityCrypto.decrypt() method to return
>> null
>> instead of trying the old hash algoritm.
>>
>> code snippet:
>> ==========
>>
>> SecretKey decryptKey = this.getKey(keyName, false);
>> byte[] decryptedBytes = DesCrypt.decrypt(decryptKey, encryptedBytes);
>> decryptedObj = UtilObject.getObject(decryptedBytes);
>>
>> log from console.log
>> ===============
>>
>> 2009-07-16 11:16:59,893 (default-invoker-Thread-6) [
>> UtilObject.java:127:ERROR]
>> ---- exception report
>> ----------------------------------------------------------
>> Exception: java.io.StreamCorruptedException
>> Message: invalid stream header: E4F9F18A
>> ---- stack trace
>> ---------------------------------------------------------------
>> java.io.StreamCorruptedException: invalid stream header: E4F9F18A
>> java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:783)
>> java.io.ObjectInputStream.<init>(ObjectInputStream.java:280)
>> org.ofbiz.base.util.ObjectInputStream.<init>(ObjectInputStream.java:35)
>> org.ofbiz.base.util.UtilObject.getObject(UtilObject.java:122)
>> org.ofbiz.entity.util.EntityCrypto.decrypt(EntityCrypto.java:90)
>>
>> org.ofbiz.entity.GenericDelegator.decryptFields(GenericDelegator.java:3325)
>>
>>
>> We have tested for this scenario by calling  old hash technique which
>> returns the decrypted value. I'm adding the code that I used to get my
>> result.
>>
>>
>> Modied test code "EntityCrypto.decrypt()" that returns expected value
>> ====================================================
>> /** Decrypts a hex encoded String into an Object */
>>    public Object decrypt(String keyName, String encryptedString) throws
>> EntityCryptoException {
>>        Object decryptedObj = null;
>>        byte[] encryptedBytes = StringUtil.fromHexString(encryptedString);
>>        try {
>>            SecretKey decryptKey = this.getKey(keyName, false);
>>            byte[] decryptedBytes = DesCrypt.decrypt(decryptKey,
>> encryptedBytes);
>>            decryptedObj = UtilObject.getObject(decryptedBytes);
>>
>>             ////////// added following block to get result /////////////
>>            if (null != encryptedString && null == decryptedObj) {
>>                String errStr = "returned null or had error in
>> decryptedObj.
>> trying oldHash method.";
>>                Debug.logError(errStr, module);
>>                throw new GeneralException(errStr);
>>            }
>>
>>
>> //////////////////////////////////////////////////////////////////////////////
>>
>>        } catch (GeneralException e) {
>>            try {
>>                // try using the old/bad hex encoding approach; this is
>> another path the code may take, ie if there is an exception thrown in
>> decrypt
>>                Debug.logVerbose("Decrypt with DES key from standard key
>> name hash failed, trying old/funny variety of key name hash", module);
>>                SecretKey decryptKey = this.getKey(keyName, true);
>>                byte[] decryptedBytes = DesCrypt.decrypt(decryptKey,
>> encryptedBytes);
>>                decryptedObj = UtilObject.getObject(decryptedBytes);
>>                //Debug.logInfo("Old/funny variety succeeded: Decrypted
>> value [" + encryptedString + "]", module);
>>            } catch (GeneralException e1) {
>>                // NOTE: this throws the original exception back, not the
>> new one if it fails using the other approach
>>                throw new EntityCryptoException(e);
>>            }
>>        }
>>
>>        // NOTE: this is definitely for debugging purposes only, do not
>> uncomment in production server for security reasons:
>> Debug.logInfo("Decrypted value [" + encryptedString + "] to result: " +
>> decryptedObj, module);
>>        return decryptedObj;
>>    }
>>
>>
>> So, please let me know if this scenario has been taken care of already.
>>
>>
>> Regards,
>> Rajib
>>
>>
>>
>
>