Refactor encryption system to support hybrid RSA-AES encryption per file
- Changed file upload logic to: - Generate random AES key per file - Encrypt AES key using user's RSA public key - Store encrypted AES key, IV, and salt in FileMetadata entity - Changed file download logic to: - Decrypt AES key using user's RSA private key (encrypted with password-derived AES) - Use decrypted AES key and IV to decrypt file contents from HDFS - Modified FileMetadata entity: - Changed `encryptedKey` to @Lob byte[] to support large encrypted AES keys - Updated User entity: - Encrypted private RSA key with password-derived AES - Stored associated salt and IV for decryption - Updated AuthenticationService: - Generate RSA keypair during sign-up - Encrypt and store private key with AES (salt, IV) - Create user folder in HDFS upon registration - Updated FileService: - Rewrote upload and download logic to support hybrid encryption - Handled key wrapping and unwrapping securely - Added logging for upload/download events - Fixed FileController upload to remove password from endpoint - Password now only required during download for private key decryption - Updated EncryptionUtil and RSAKeyUtil: - Added RSA OAEP support and helper methods - Added AES key generation, encryption, decryption utilities FILE UPLOAD AND ENCRYPTION WORKS! TESTED USING HEXDUMP.
This commit is contained in:
@@ -38,25 +38,37 @@ public class User implements UserDetails {
|
||||
@Lob
|
||||
private byte[] privateKey;
|
||||
|
||||
@Lob
|
||||
@Column(nullable = false)
|
||||
private byte[] privateKeySalt;
|
||||
|
||||
@Lob
|
||||
@Column(nullable = false)
|
||||
private byte[] privateKeyIv;
|
||||
|
||||
@Builder
|
||||
public User(String email, String password, String username, String fullname, byte[] publicKey, byte[] privateKey) {
|
||||
public User(String email, String password, String username, String fullname,
|
||||
byte[] publicKey, byte[] privateKey,
|
||||
byte[] privateKeySalt, byte[] privateKeyIv) {
|
||||
this.email = email;
|
||||
this.password = password;
|
||||
this.username = username;
|
||||
this.fullname = fullname;
|
||||
this.publicKey = publicKey;
|
||||
this.privateKey = privateKey;
|
||||
this.privateKeySalt = privateKeySalt;
|
||||
this.privateKeyIv = privateKeyIv;
|
||||
}
|
||||
|
||||
// --- UserDetails interface methods ---
|
||||
@Override
|
||||
public Collection<? extends GrantedAuthority> getAuthorities() {
|
||||
return List.of(); // Add roles/authorities if needed
|
||||
return List.of(); // No roles assigned currently
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getUsername() {
|
||||
return username; // or return username if that's your login key
|
||||
return username;
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -65,22 +77,14 @@ public class User implements UserDetails {
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isAccountNonExpired() {
|
||||
return true;
|
||||
}
|
||||
public boolean isAccountNonExpired() { return true; }
|
||||
|
||||
@Override
|
||||
public boolean isAccountNonLocked() {
|
||||
return true;
|
||||
}
|
||||
public boolean isAccountNonLocked() { return true; }
|
||||
|
||||
@Override
|
||||
public boolean isCredentialsNonExpired() {
|
||||
return true;
|
||||
}
|
||||
public boolean isCredentialsNonExpired() { return true; }
|
||||
|
||||
@Override
|
||||
public boolean isEnabled() {
|
||||
return true;
|
||||
}
|
||||
public boolean isEnabled() { return true; }
|
||||
}
|
||||
Reference in New Issue
Block a user