Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-6071

Issue in decrypting entity fields where encrypt="true" is used in tenant

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: Trunk, 16.11.01
    • Fix Version/s: 14.12.01, 16.11.01
    • Component/s: framework
    • Labels:
      None

      Description

      Error while adding a credit card from order manager when logged in with tenant account.

      The error is as following:

      ERROR rendering error page [/error/error.jsp], but here is the error text: org.ofbiz.widget.renderer.ScreenRenderException: Error rendering screen component://party/widget/partymgr/PaymentMethodScreens.xml#editcreditcard: org.ofbiz.widget.renderer.ScreenRenderException: Error rendering screen component://party/widget/partymgr/PaymentMethodScreens.xml#PaymentMethodDecorator: org.ofbiz.entity.transaction.GenericTransactionException: The current transaction is marked for rollback, not beginning a new transaction and aborting current operation; the rollbackOnly was caused by: Failure in findByCondition operation for entity [CreditCard]: org.ofbiz.entity.GenericEntityException: Error creating GenericValue (org.ofbiz.base.util.GeneralException: javax.crypto.BadPaddingException: Given final block not properly padded (Given final block not properly padded) (javax.crypto.BadPaddingException: Given final block not properly padded (Given final block not properly padded))). Rolling back transaction.org.ofbiz.entity.GenericEntityException: Error creating GenericValue (org.ofbiz.base.util.GeneralException: javax.crypto.BadPaddingException: Given final block not properly padded (Given final block not properly padded) (javax.crypto.BadPaddingException: Given final block not properly padded (Given final block not properly padded)))

      It seems there is some issue with encryption-decryption mechanism for the fields of an entity for which encrypt="true" is set. From the exception it seemed that incorrect key is being used for decryption i.e. the key is not appropriate with respect to the one which was used for encryption.

      After tracing the process flow we suspect that in SqlJdbcUtil.java while calling 'decryptFieldValue' the delegator which is being used is baseDelegator instead of tenant's delegator, but at the time of encryption using 'encryptFieldValue' the delegator was tenant's delegator. May be this is the reason why it is generating "javax.crypto.BadPaddingException".

      Steps to regenerate:
      1. Create a tenant and login to tenant's admin account.
      2. Navigate to ORDER > Order Entry > Sales Order
      3. Use Demo Customer as Customer and continue.
      4. Add some item to order and proceed for Quick Finalize Order.
      5. Try to add new credit card.
      6. On saving credit card information it will generate the above error.

        Attachments

        1. OFBIZ-6071.patch
          1.0 kB
          Rohit Koushal

          Activity

            People

            • Assignee:
              jacopoc Jacopo Cappellato
              Reporter:
              diveshdut Divesh Dutta
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: