Encryption logic

The application exposes the com.yantra.ycp.japi.util.YCPEncrypter interface to handle encryption logic. All application encryption and decryption is handled by an encrypter class that implements this interface.

This class is specified by configuring the following properties in the <runtime_sandbox>/properties/customer_overrides.properties file:
  • security.encrypter.class
  • security.propertyencrypter.class

Both classes must implement the com.yantra.ycp.japi.util.YCPEncrypter interface.

The com.yantra.ycp.japi.util.YCPEncrypter interface has the following two functions:
  • public java.lang.String encrypt(java.lang.String sData) - sData is the data passed by the application to the implementing class for encryption. The return value is the encrypted string.
  • public java.lang.String decrypt(java.lang.String sData) - sData is the data which is required to be decrypted.

For information on writing your own property encrypter class, see the YCPEncrypter interface in the Javadoc information.

Encryption and decryption functions in this interface are invoked multiple times by the Sterling Order Management System. The application does not distinguish between clear text and encrypted information. Therefore, the encrypt function may be invoked with previously encrypted data. In order to avoid double encryption, it is important for the encrypt function to be able to distinguish between clear text and previously encrypted information. If previously encrypted information is passed to the function, your implementation of this function should return what is passed into it without encrypting it again.

The decrypt function also should be able to distinguish between clear text and previously encrypted text.

Disabling encryption and decryption

To disable encryption (or decryption), implement the encrypt (or decrypt) function to return the same value it is passed as input without any processing.