Divesh Dutta created OFBIZ-6071:
-----------------------------------
Summary: Issue in decrypting entity fields where encrypt="true" is
used in tenant
Key: OFBIZ-6071
URL: https://issues.apache.org/jira/browse/OFBIZ-6071
Project: OFBiz
Issue Type: Bug
Components: framework
Affects Versions: Trunk, Upcoming Branch
Reporter: Divesh Dutta
Error while adding a credit card from order manager when logged in with tenant
account.
The error is as following:
ERROR rendering error page [/error/error.jsp], but here is the error text:
org.ofbiz.widget.renderer.ScreenRenderException: Error rendering screen
[component://party/widget/partymgr/PaymentMethodScreens.xml#editcreditcard]:
org.ofbiz.widget.renderer.ScreenRenderException: Error rendering screen
[component://party/widget/partymgr/PaymentMethodScreens.xml#PaymentMethodDecorator]:
org.ofbiz.entity.transaction.GenericTransactionException: The current
transaction is marked for rollback, not beginning a new transaction and
aborting current operation; the rollbackOnly was caused by: Failure in
findByCondition operation for entity [CreditCard]:
org.ofbiz.entity.GenericEntityException: Error creating GenericValue
(org.ofbiz.base.util.GeneralException: javax.crypto.BadPaddingException: Given
final block not properly padded (Given final block not properly padded)
(javax.crypto.BadPaddingException: Given final block not properly padded (Given
final block not properly padded))). Rolling back
transaction.org.ofbiz.entity.GenericEntityException: Error creating
GenericValue (org.ofbiz.base.util.GeneralException:
javax.crypto.BadPaddingException: Given final block not properly padded (Given
final block not properly padded) (javax.crypto.BadPaddingException: Given final
block not properly padded (Given final block not properly padded)))
It seems there is some issue with encryption-decryption mechanism for the
fields of an entity for which encrypt="true" is set. From the exception it
seemed that incorrect key is being used for decryption i.e. the key is not
appropriate with respect to the one which was used for encryption.
After tracing the process flow we suspect that in SqlJdbcUtil.java while
calling 'decryptFieldValue' the delegator which is being used is baseDelegator
instead of tenant's delegator, but at the time of encryption using
'encryptFieldValue' the delegator was tenant's delegator. May be this is the
reason why it is generating "javax.crypto.BadPaddingException".
Steps to regenerate:
1. Create a tenant and login to tenant's admin account.
2. Navigate to ORDER > Order Entry > Sales Order
3. Use Demo Customer as Customer and continue.
4. Add some item to order and proceed for Quick Finalize Order.
5. Try to add new credit card.
6. On saving credit card information it will generate the above error.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
