ALF-9501 "RINF 38: KeyStore detection sequence, password file and encryption check"

- initial checkin git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@29354 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2011-07-26 13:53:49 +00:00
parent 19145084d9
commit 889ea0e58f
8 changed files with 307 additions and 31 deletions
--- a/source/java/org/alfresco/repo/node/encryption/MetadataEncryptor.java
+++ b/source/java/org/alfresco/repo/node/encryption/MetadataEncryptor.java
@@ -1,6 +1,7 @@
 package org.alfresco.repo.node.encryption;

 import java.io.Serializable;
+import java.security.KeyException;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
@@ -10,6 +11,7 @@ import javax.crypto.SealedObject;

 import org.alfresco.encryption.Encryptor;
 import org.alfresco.encryption.KeyProvider;
+import org.alfresco.error.AlfrescoRuntimeException;
 import org.alfresco.repo.security.authentication.AuthenticationException;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.service.cmr.dictionary.DataTypeDefinition;
@@ -107,9 +109,16 @@ public class MetadataEncryptor
        {
            return inbound;
        }
-        Serializable outbound = encryptor.unsealObject(KeyProvider.ALIAS_METADATA, inbound);
-        // Done
-        return outbound;
+        try
+        {
+	        Serializable outbound = encryptor.unsealObject(KeyProvider.ALIAS_METADATA, inbound);
+	        // Done
+	        return outbound;
+        }
+        catch(KeyException e)
+        {
+        	throw new AlfrescoRuntimeException("Invalid metadata decryption key", e);
+        }
    }
    
    /**
@@ -198,9 +207,16 @@ public class MetadataEncryptor
            // We have already checked for nulls and conversions
            Serializable value = inbound.get(propertyQName);
            // Have to decrypt the value
-            Serializable unencryptedValue = encryptor.unsealObject(KeyProvider.ALIAS_METADATA, value);
-            // Store it back
-            outbound.put(propertyQName, unencryptedValue);
+            try
+            {
+	            Serializable unencryptedValue = encryptor.unsealObject(KeyProvider.ALIAS_METADATA, value);
+	            // Store it back
+	            outbound.put(propertyQName, unencryptedValue);
+            }
+            catch(KeyException e)
+            {
+            	throw new AlfrescoRuntimeException("Invalid metadata decryption key", e);
+            }
        }
        // Done
        return outbound;