notkshitij/SkycrateBackend
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

merge into: notkshitij/SkycrateBackend:main
Branches Tags
notkshitij/SkycrateBackend:main notkshitij/SkycrateBackend:hardening notkshitij/SkycrateBackend:sonali notkshitij/SkycrateBackend:vedang notkshitij/SkycrateBackend:olderWorking notkshitij/SkycrateBackend:oldMain
notkshitij/SkycrateBackend:v0.0.3 notkshitij/SkycrateBackend:v0.0.2
..
pull from: notkshitij/SkycrateBackend:vedang
Branches Tags
notkshitij/SkycrateBackend:main notkshitij/SkycrateBackend:hardening notkshitij/SkycrateBackend:sonali notkshitij/SkycrateBackend:vedang notkshitij/SkycrateBackend:olderWorking notkshitij/SkycrateBackend:oldMain
notkshitij/SkycrateBackend:v0.0.3 notkshitij/SkycrateBackend:v0.0.2

1 Commits
main .. vedang

Author SHA1 Message Date
vedang29 8be15dcac5 IMPLEMENTED ENCRYPTION & DECRYPTION 2025-04-18 00:28:22 +05:30
49 changed files with 1128 additions and 1985 deletions
Expand all files Collapse all files
.gitignore
-5
View File
@@ -1,5 +1,3 @@
src/main/resources/application.properties.bak
wiki/
HELP.md HELP.md
target/ target/
!.mvn/wrapper/maven-wrapper.jar !.mvn/wrapper/maven-wrapper.jar
@@ -33,6 +31,3 @@ build/
### VS Code ### ### VS Code ###
.vscode/ .vscode/
### apach-maven binary ###
apache-maven-3.9.6
Dockerfile
-31
View File
@@ -1,31 +0,0 @@
## BACKEND ##
# Base image
FROM debian:12-slim
# Metadata
LABEL maintainer="kshitijka"
LABEL version=1.5
LABEL description="Skycrate is a web based file management system that uses Hadoop as filesystem."
# Update & upgrade & install & rm
RUN apt-get update && apt-get upgrade -y && \
apt-get install -y openjdk-17-jdk && \
rm -rf /var/lib/apt/lists/*
# Create non-root user
RUN useradd -s /bin/bash skycrateBack
# Create work dir
RUN mkdir /app
RUN chown -R skycrateBack:skycrateBack /app
COPY ./target/skycrateBackend-0.0.2.jar /app
WORKDIR /app
# Switch user
USER skycrateBack
# Expose port for backend
EXPOSE 8080
CMD ["java", "-jar", "skycrateBackend-0.0.2.jar"]
README.md
-7
View File
@@ -1,7 +0,0 @@
# Skycrate-Backend
---
This repository holds code for [Skycrate](https://git.kska.io/notkshitij/Skycrate) backend.
---
mvnw
Vendored Executable → Regular
View File
pom.xml
+164 -148
View File
@@ -1,164 +1,180 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion>
<modelVersion>4.0.0</modelVersion> <parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.4.4</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.skycrate.backend</groupId>
<artifactId>skycrateBackend</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>skycrateBackend</name>
<description>Cloud Storage App using HDFS</description>
<url/>
<licenses>
<license/>
</licenses>
<developers>
<developer/>
</developers>
<scm>
<connection/>
<developerConnection/>
<tag/>
<url/>
</scm>
<properties>
<java.version>17</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<parent> <dependency>
<groupId>org.springframework.boot</groupId> <groupId>org.projectlombok</groupId>
<artifactId>spring-boot-starter-parent</artifactId> <artifactId>lombok</artifactId>
<version>3.4.4</version> <optional>true</optional>
<relativePath/> </dependency>
</parent> <dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<groupId>com.skycrate.backend</groupId>
<artifactId>skycrateBackend</artifactId>
<version>0.0.2</version>
<name>skycrateBackend</name>
<description>Cloud Storage App using HDFS</description>
<properties> <!-- NEWLY ADDED DEPENDECIES-->
<java.version>17</java.version> <!-- Spring Boot Web -->
</properties> <dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>3.2.4</version>
</dependency>
<dependencies> <!-- Spring Boot Security -->
<!-- Spring Boot Starters --> <dependency>
<dependency> <groupId>org.springframework.boot</groupId>
<groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId>
<artifactId>spring-boot-starter</artifactId> <version>3.2.4</version>
</dependency> </dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>
<!-- MySQL JDBC --> <!-- Spring Boot Data JPA -->
<dependency> <dependency>
<groupId>com.mysql</groupId> <groupId>org.springframework.boot</groupId>
<artifactId>mysql-connector-j</artifactId> <artifactId>spring-boot-starter-data-jpa</artifactId>
<version>8.3.0</version> <version>3.2.4</version>
</dependency> </dependency>
<!-- JWT --> <!-- MySQL Driver -->
<dependency> <dependency>
<groupId>io.jsonwebtoken</groupId> <groupId>com.mysql</groupId>
<artifactId>jjwt-api</artifactId> <artifactId>mysql-connector-j</artifactId>
<version>0.11.5</version> <version>8.3.0</version>
</dependency> </dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
<version>0.11.5</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>0.11.5</version>
<scope>runtime</scope>
</dependency>
<!-- Hadoop HDFS --> <!-- Spring Boot Validation -->
<dependency> <dependency>
<groupId>org.apache.hadoop</groupId> <groupId>org.springframework.boot</groupId>
<artifactId>hadoop-common</artifactId> <artifactId>spring-boot-starter-validation</artifactId>
<version>3.4.1</version> <version>3.2.4</version>
<exclusions> </dependency>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-hdfs</artifactId>
<version>3.4.1</version>
</dependency>
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-client</artifactId>
<version>3.4.1</version>
</dependency>
<!-- Commons IO --> <!-- JSON Web Token (JWT) -->
<dependency> <dependency>
<groupId>commons-io</groupId> <groupId>io.jsonwebtoken</groupId>
<artifactId>commons-io</artifactId> <artifactId>jjwt-api</artifactId>
<version>2.11.0</version> <version>0.11.5</version>
</dependency> </dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
<version>0.11.5</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>0.11.5</version>
</dependency>
<!-- Caffeine Cache --> <!-- Hadoop Dependencies -->
<dependency> <dependency>
<groupId>com.github.ben-manes.caffeine</groupId> <groupId>org.apache.hadoop</groupId>
<artifactId>caffeine</artifactId> <artifactId>hadoop-common</artifactId>
<version>3.1.8</version> <version>3.4.1</version>
</dependency> <exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- Lombok --> <dependency>
<dependency> <groupId>org.apache.hadoop</groupId>
<groupId>org.projectlombok</groupId> <artifactId>hadoop-hdfs</artifactId>
<artifactId>lombok</artifactId> <version>3.4.1</version>
<version>1.18.30</version> </dependency>
<scope>provided</scope>
</dependency>
<!-- Testing --> <dependency>
<dependency> <groupId>org.apache.hadoop</groupId>
<groupId>org.springframework.boot</groupId> <artifactId>hadoop-client</artifactId>
<artifactId>spring-boot-starter-test</artifactId> <version>3.4.1</version>
<scope>test</scope> </dependency>
</dependency>
<!-- Caching --> <!-- Logging (SLF4J + Logback) -->
<dependency> <!-- <dependency>-->
<groupId>com.github.ben-manes.caffeine</groupId> <!-- <groupId>org.slf4j</groupId>-->
<artifactId>caffeine</artifactId> <!-- <artifactId>slf4j-api</artifactId>-->
<version>3.0.5</version> <!-- <version>1.7.36</version>-->
</dependency> <!-- </dependency>-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-cache</artifactId>
</dependency>
</dependencies>
<build> <!-- <dependency>-->
<plugins> <!-- <groupId>ch.qos.logback</groupId>-->
<!-- Compiler Plugin --> <!-- <artifactId>logback-classic</artifactId>-->
<plugin> <!-- <version>1.2.11</version>-->
<groupId>org.apache.maven.plugins</groupId> <!-- </dependency>-->
<artifactId>maven-compiler-plugin</artifactId>
<version>3.11.0</version> <!-- Apache Commons IO (for file operations) -->
<configuration> <dependency>
<source>${java.version}</source> <groupId>commons-io</groupId>
<target>${java.version}</target> <artifactId>commons-io</artifactId>
<annotationProcessorPaths> <version>2.11.0</version>
<path> </dependency>
<groupId>org.projectlombok</groupId> </dependencies>
<artifactId>lombok</artifactId>
<version>1.18.30</version> <build>
</path> <plugins>
</annotationProcessorPaths> <plugin>
</configuration> <groupId>org.apache.maven.plugins</groupId>
</plugin> <artifactId>maven-compiler-plugin</artifactId>
<configuration>
<annotationProcessorPaths>
<path>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</path>
</annotationProcessorPaths>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<excludes>
<exclude>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</exclude>
</excludes>
</configuration>
</plugin>
</plugins>
</build>
<!-- Spring Boot Plugin -->
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project> </project>
src/main/java/com/skycrate/backend/skycrateBackend/config/ApplicationConfiguration.java
+22 -30
View File
@@ -1,5 +1,7 @@
package com.skycrate.backend.skycrateBackend.config; package com.skycrate.backend.skycrateBackend.config;
import java.security.AuthProvider;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
@@ -8,48 +10,38 @@ import org.springframework.security.authentication.dao.DaoAuthenticationProvider
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCrypt;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import com.skycrate.backend.skycrateBackend.repository.UserRepository; import com.skycrate.backend.skycrateBackend.repository.UserRepository;
// Application-wide security configuration.
// Configures user authentication, password encoding, and authentication provider.
@Configuration @Configuration
public class ApplicationConfiguration { public class ApplicationConfiguration {
private final UserRepository userRepository; private final UserRepository userRepository;
public ApplicationConfiguration(UserRepository userRepository){
this.userRepository=userRepository;
public ApplicationConfiguration(UserRepository userRepository) { }
this.userRepository = userRepository;
}
// Custom UserDetailsService to fetch user details by email.
@Bean @Bean
public UserDetailsService userDetailsService() { UserDetailsService userDetailsService() {
return username -> userRepository.findByEmail(username) return username -> userRepository.findByEmail(username)
.orElseThrow(() -> new UsernameNotFoundException("User not found with email: " + username)); .orElseThrow(() -> new UsernameNotFoundException("User not found"));
}
@Bean
BCryptPasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
} }
// BCrypt password encoder with a higher strength for better security.
// Cost factor 12 is considered a good balance for production use.
@Bean @Bean
public PasswordEncoder passwordEncoder() { public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception{
return new BCryptPasswordEncoder(12);
}
// AuthenticationProvider using DAO with custom user service and password encoder.
@Bean
public AuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
authProvider.setUserDetailsService(userDetailsService());
authProvider.setPasswordEncoder(passwordEncoder());
return authProvider;
}
// Provides the AuthenticationManager for authenticating credentials.
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception {
return config.getAuthenticationManager(); return config.getAuthenticationManager();
} }
}
@Bean
AuthenticationProvider authenticationProvider(){
DaoAuthenticationProvider authprovider=new DaoAuthenticationProvider();
authprovider.setUserDetailsService(userDetailsService());
authprovider.setPasswordEncoder(passwordEncoder());
return authprovider;
}
}
src/main/java/com/skycrate/backend/skycrateBackend/config/CacheConfig.java
-24
View File
@@ -1,24 +0,0 @@
package com.skycrate.backend.skycrateBackend.config;
import org.springframework.cache.annotation.EnableCaching;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import com.github.benmanes.caffeine.cache.Caffeine;
import org.springframework.cache.caffeine.CaffeineCacheManager;
import java.util.concurrent.TimeUnit;
@Configuration
@EnableCaching
public class CacheConfig {
@Bean
public CaffeineCacheManager cacheManager() {
CaffeineCacheManager cacheManager = new CaffeineCacheManager();
cacheManager.setCaffeine(Caffeine.newBuilder()
.expireAfterWrite(30, TimeUnit.MINUTES) // Cache expiry time
.maximumSize(100)); // Maximum cache size
return cacheManager;
}
}
src/main/java/com/skycrate/backend/skycrateBackend/config/HDFSConfig.java
+7 -26
View File
@@ -1,6 +1,6 @@
package com.skycrate.backend.skycrateBackend.config; package com.skycrate.backend.skycrateBackend.config;
import org.apache.hadoop.conf.Configuration; // Hadoop Configuration import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem; import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
@@ -8,32 +8,13 @@ import org.springframework.context.annotation.Bean;
import java.net.URI; import java.net.URI;
import java.security.PrivilegedExceptionAction; import java.security.PrivilegedExceptionAction;
@org.springframework.context.annotation.Configuration
public class HDFSConfig { public class HDFSConfig {
private static final String HDFS_URI = System.getenv("HDFS_URI"); // e.g., hdfs://namenode:9000
private static final String HDFS_USER = System.getenv("HDFS_USER"); // e.g., hdfsuser
@Bean
public FileSystem fileSystem() throws Exception {
return getHDFS();
}
public static FileSystem getHDFS() throws Exception { public static FileSystem getHDFS() throws Exception {
if (HDFS_URI == null || HDFS_URI.isBlank()) {
throw new IllegalStateException("HDFS_URI environment variable not set.");
}
Configuration conf = new Configuration(); Configuration conf = new Configuration();
conf.set("fs.defaultFS", HDFS_URI); conf.set("fs.defaultFS", "hdfs://192.168.29.56:9000");
return FileSystem.get(new URI("hdfs://192.168.29.56:9000"), conf);
if (HDFS_USER != null && !HDFS_USER.isBlank()) {
return UserGroupInformation.createRemoteUser(HDFS_USER)
.doAs((PrivilegedExceptionAction<FileSystem>) () ->
FileSystem.get(new URI(HDFS_URI), conf)
);
} else {
return FileSystem.get(new URI(HDFS_URI), conf);
}
} }
}
}
src/main/java/com/skycrate/backend/skycrateBackend/config/HttpToHttpsRedirectConfig.java
-23
View File
@@ -1,23 +0,0 @@
package com.skycrate.backend.skycrateBackend.config;
import org.apache.catalina.connector.Connector;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class HttpToHttpsRedirectConfig {
@Bean
public WebServerFactoryCustomizer<TomcatServletWebServerFactory> containerCustomizer() {
return factory -> {
Connector connector = new Connector(TomcatServletWebServerFactory.DEFAULT_PROTOCOL);
connector.setScheme("http");
connector.setPort(8085); // HTTP port
connector.setSecure(false);
connector.setRedirectPort(8443); // HTTPS port
factory.addAdditionalTomcatConnectors(connector);
};
}
}
src/main/java/com/skycrate/backend/skycrateBackend/config/JwtAuthenticationFilter.java
+77
View File
@@ -0,0 +1,77 @@
package com.skycrate.backend.skycrateBackend.config;
import java.io.IOException;
import org.springframework.lang.NonNull;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.servlet.HandlerExceptionResolver;
import com.skycrate.backend.skycrateBackend.services.JwtService;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
@Component
public class JwtAuthenticationFilter extends OncePerRequestFilter {
private final HandlerExceptionResolver handlerExceptionResolver;
private JwtService jwtService;
private UserDetailsService userDetailsService;
public JwtAuthenticationFilter(JwtService jwtService,UserDetailsService userDetailsService,HandlerExceptionResolver handlerExceptionResolver){
this.handlerExceptionResolver=handlerExceptionResolver;
this.jwtService=jwtService;
this.userDetailsService=userDetailsService;
}
@Override
protected void doFilterInternal(
@NonNull HttpServletRequest request,
@NonNull HttpServletResponse response,
@NonNull FilterChain filterChain) throws ServletException, IOException {
final String authHeader=request.getHeader("Authorization");
if (authHeader==null || !authHeader.startsWith("Bearer")){
filterChain.doFilter(request, response);
return;
}
try {
final String userjwt=authHeader.substring(7);
final String userEmail=jwtService.extractUsername(userjwt);
Authentication authentication=SecurityContextHolder.getContext().getAuthentication();
if(userEmail!=null && authentication==null){
UserDetails userDetails=this.userDetailsService.loadUserByUsername(userEmail);
if (jwtService.isTokenValid(userjwt, userDetails)) {
UsernamePasswordAuthenticationToken authenticationToken=new UsernamePasswordAuthenticationToken(
userDetails, null, userDetails.getAuthorities()
);
authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
}
}
filterChain.doFilter(request, response);
}
catch (Exception err) {
handlerExceptionResolver.resolveException(request, response, null, err);
}
}
}
src/main/java/com/skycrate/backend/skycrateBackend/config/SecurityConfig.java
+18 -47
View File
@@ -1,52 +1,23 @@
package com.skycrate.backend.skycrateBackend.config; // package com.skycrate.backend.skycrateBackend.config;
import com.skycrate.backend.skycrateBackend.security.JwtAuthenticationFilter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@Configuration // import org.springframework.context.annotation.Bean;
public class SecurityConfig { // import org.springframework.context.annotation.Configuration;
// import org.springframework.security.config.annotation.web.builders.HttpSecurity;
// import org.springframework.security.web.SecurityFilterChain;
private final AuthenticationProvider authenticationProvider; // @Configuration
private final JwtAuthenticationFilter jwtAuthenticationFilter; // public class SecurityConfig {
public SecurityConfig(AuthenticationProvider authenticationProvider, // @Bean
JwtAuthenticationFilter jwtAuthenticationFilter) { // public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
this.authenticationProvider = authenticationProvider; // http
this.jwtAuthenticationFilter = jwtAuthenticationFilter; // .csrf(csrf -> csrf.disable()) // Disable CSRF for testing APIs
} // .authorizeHttpRequests(auth -> auth
// .requestMatchers("/api/hdfs/**").permitAll() // Allow HDFS endpoints
// .anyRequest().authenticated() // Everything else needs auth
// );
@Bean // return http.build();
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { // }
http // }
.csrf(csrf -> csrf.disable())
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authenticationProvider(authenticationProvider)
.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/auth/logout","/api/auth/login", "/api/auth/register", "/actuator/**").permitAll()
.requestMatchers(HttpMethod.GET, "/public/**").permitAll()
.anyRequest().authenticated()
)
.requiresChannel(channel -> channel
.anyRequest().requiresSecure()
)
.headers(headers -> headers
.httpStrictTransportSecurity(hsts -> hsts
.includeSubDomains(true)
.maxAgeInSeconds(31536000)
)
// Spring Security 6+ no longer supports xss.block(true), so we just enable or disable it.
.xssProtection(xss -> xss.disable())
.frameOptions(frame -> frame.deny())
)
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
}
}
src/main/java/com/skycrate/backend/skycrateBackend/config/SecurityConfiguration.java
+105
View File
@@ -0,0 +1,105 @@
package com.skycrate.backend.skycrateBackend.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import java.util.List;
@Configuration
@EnableWebSecurity
public class SecurityConfiguration {
private final AuthenticationProvider authenticationProvider;
private final JwtAuthenticationFilter jwtAuthenticationFilter;
public SecurityConfiguration(
JwtAuthenticationFilter jwtAuthenticationFilter,
AuthenticationProvider authenticationProvider
) {
this.authenticationProvider = authenticationProvider;
this.jwtAuthenticationFilter = jwtAuthenticationFilter;
}
// @Bean
// public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
// http.csrf()
// .disable()
// .authorizeHttpRequests()
// .requestMatchers("/api/hdfs/**") // Specific API endpoints that don't require authentication
// .permitAll()
// .requestMatchers("/api/**") // Other endpoints that should be open
// .permitAll()
// .anyRequest()
// .authenticated() // All other requests require authentication
// .and()
// .sessionManagement()
// .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
// .and()
// .authenticationProvider(authenticationProvider)
// .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
//
// return http.build();
// }
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http
.securityMatcher("/**")
.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/hdfs/**", "/api/**").permitAll()
.anyRequest().authenticated()
)
.sessionManagement(session -> session
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
)
.authenticationProvider(authenticationProvider)
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
.csrf(csrf -> csrf.disable())
.cors(cors -> {}) // 🔥 This line enables CORS and connects to your CorsConfigurationSource bean
.build();
}
// @Bean
// CorsConfigurationSource corsConfigurationSource() {
// CorsConfiguration configuration = new CorsConfiguration();
//
// configuration.setAllowedOrigins(List.of("*"));
// configuration.setAllowedMethods(List.of("GET", "PUT", "DELETE", "POST"));
// configuration.setAllowedHeaders(List.of("Authorization", "Content-Type"));
//
// UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
//
// source.registerCorsConfiguration("/**", configuration);
//
// return source;
// }
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
// 🔥 Allow all origins (wildcard) safely with credentials
configuration.setAllowedOriginPatterns(List.of("*"));
configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS"));
configuration.setAllowedHeaders(List.of("*"));
configuration.setExposedHeaders(List.of("Authorization"));
configuration.setAllowCredentials(true); // Needed for cookies / Authorization headers
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
}
src/main/java/com/skycrate/backend/skycrateBackend/controller/AuthController.java
+40 -116
View File
@@ -1,134 +1,58 @@
package com.skycrate.backend.skycrateBackend.controller; package com.skycrate.backend.skycrateBackend.controller;
import com.skycrate.backend.skycrateBackend.dto.LoginRequest; import org.springframework.web.bind.annotation.RestController;
import com.skycrate.backend.skycrateBackend.dto.LoginResponse;
import com.skycrate.backend.skycrateBackend.dto.LoginUserDto;
import com.skycrate.backend.skycrateBackend.dto.RegisterUserDto; import com.skycrate.backend.skycrateBackend.dto.RegisterUserDto;
import com.skycrate.backend.skycrateBackend.dto.TokenRefreshRequest; import com.skycrate.backend.skycrateBackend.models.User;
import com.skycrate.backend.skycrateBackend.dto.TokenRefreshResponse; import com.skycrate.backend.skycrateBackend.responses.LoginResponse;
import com.skycrate.backend.skycrateBackend.entity.RefreshToken; import com.skycrate.backend.skycrateBackend.services.AuthenticationService;
import com.skycrate.backend.skycrateBackend.entity.User; import com.skycrate.backend.skycrateBackend.services.JwtService;
import com.skycrate.backend.skycrateBackend.repository.UserRepository;
import com.skycrate.backend.skycrateBackend.security.TokenBlacklistService; import org.springframework.beans.factory.annotation.Autowired;
import com.skycrate.backend.skycrateBackend.services.*;
import jakarta.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
@RequestMapping("/api")
@RestController @RestController
@RequestMapping("/api/auth")
public class AuthController { public class AuthController {
private static final Logger log = LoggerFactory.getLogger(FileService.class);
private final AuthenticationManager authManager;
private final JwtService jwtService; private final JwtService jwtService;
private final UserRepository userRepository; private AuthenticationService authenticationService;
private final RefreshTokenService refreshTokenService;
private final TokenBlacklistService tokenBlacklistService;
private final RateLimiterService rateLimiterService;
private final AuthenticationService authenticationService;
public AuthController( public AuthController(JwtService jwtService,AuthenticationService authenticationService){
AuthenticationManager authManager, this.jwtService=jwtService;
JwtService jwtService, this.authenticationService=authenticationService;
UserRepository userRepository,
RefreshTokenService refreshTokenService,
TokenBlacklistService tokenBlacklistService,
RateLimiterService rateLimiterService,
AuthenticationService authenticationService
) {
this.authManager = authManager;
this.jwtService = jwtService;
this.userRepository = userRepository;
this.refreshTokenService = refreshTokenService;
this.tokenBlacklistService = tokenBlacklistService;
this.rateLimiterService = rateLimiterService;
this.authenticationService = authenticationService;
} }
// New Register Endpoint @GetMapping("/test")
@PostMapping("/register") public String teString(@RequestParam String param) {
public ResponseEntity<?> register(@RequestBody RegisterUserDto request) { return new String();
User user = authenticationService.signUp(request);
return ResponseEntity.ok("User registered successfully with username: " + user.getUsername());
} }
@PostMapping("/login") @PostMapping("/login")
public ResponseEntity<?> login(@RequestBody LoginRequest request, HttpServletRequest servletRequest) { public ResponseEntity<LoginResponse> LoginController(@RequestBody LoginUserDto entity) {
String ip = servletRequest.getRemoteAddr();
if (rateLimiterService.isBlocked(ip)) { User authenticatedUser=authenticationService.authenticate(entity);
return ResponseEntity.status(429).body("Too many login attempts. Please try again later."); String jwtToken=jwtService.generateToken(authenticatedUser);
}
LoginResponse loginResponse=new LoginResponse().setToken(jwtToken).setExpiresIn(jwtService.getExpirtationTime());
try { return ResponseEntity.ok(loginResponse);
authManager.authenticate(
new UsernamePasswordAuthenticationToken(request.getEmail(), request.getPassword())
);
} catch (Exception ex) {
rateLimiterService.recordFailedAttempt(ip);
return ResponseEntity.status(401).body("Invalid credentials.");
}
User user = userRepository.findByEmail(request.getEmail())
.orElseThrow(() -> new RuntimeException("User not found"));
rateLimiterService.resetAttempts(ip);
String accessToken = jwtService.generateToken(user);
RefreshToken refreshToken = refreshTokenService.createRefreshToken(user);
return ResponseEntity.ok(new LoginResponse(accessToken, refreshToken.getToken()));
} }
@PostMapping("/signup")
public ResponseEntity<User> register(@RequestBody RegisterUserDto entity) {
User registeredUser=authenticationService.signUp(entity);
@PostMapping("/logout")
public ResponseEntity<?> logout(HttpServletRequest request) { return ResponseEntity.ok(registeredUser);
String authHeader = request.getHeader("Authorization");
if (authHeader == null || !authHeader.startsWith("Bearer ")) {
return ResponseEntity.badRequest().body("Missing or invalid Authorization header");
}
String token = authHeader.substring(7);
String username = jwtService.extractUsername(token);
userRepository.findByUsername(username).ifPresent(user -> {
// Clear the cached decrypted private key for the user
authenticationService.clearDecryptedPrivateKeyCache(user.getId().toString());
// Delete the refresh token associated with the user
refreshTokenService.logout(user); // This should delete the token
});
tokenBlacklistService.blacklistToken(token);
return ResponseEntity.ok("Logged out successfully");
} }
@PostMapping("/refresh")
public ResponseEntity<?> refresh(@RequestBody TokenRefreshRequest request) { }
String requestToken = request.getRefreshToken();
log.error("Received refresh token: " + requestToken);
return refreshTokenService.findByToken(requestToken)
.map(token -> {
if (refreshTokenService.isExpired(token)) {
log.error("Refresh token expired for user: " + token.getUser().getUsername());
// Clear the cached key on token expiry
authenticationService.clearDecryptedPrivateKeyCache(token.getUser().getId().toString());
return ResponseEntity.status(403).body("Refresh token expired");
}
User user = token.getUser();
String newAccessToken = jwtService.generateToken(user);
log.info("Generated new access token for user: " + user.getUsername());
return ResponseEntity.ok(new TokenRefreshResponse(newAccessToken, requestToken));
})
.orElseGet(() -> {
log.error("Invalid refresh token: " + requestToken);
return ResponseEntity.status(403).body("Invalid refresh token");
});
}
}
src/main/java/com/skycrate/backend/skycrateBackend/controller/FileController.java
-73
View File
@@ -1,73 +0,0 @@
package com.skycrate.backend.skycrateBackend.controller;
import com.skycrate.backend.skycrateBackend.dto.FileDownloadRequest;
import com.skycrate.backend.skycrateBackend.services.FileService;
import com.skycrate.backend.skycrateBackend.services.JwtService;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
@RestController
@RequestMapping("/api/files")
public class FileController {
private final FileService fileService;
private final JwtService jwtService;
public FileController(FileService fileService, JwtService jwtService) {
this.fileService = fileService;
this.jwtService = jwtService;
}
@PostMapping("/upload")
public ResponseEntity<?> uploadFile(
@RequestParam("file") MultipartFile file,
HttpServletRequest request) {
try {
String token = extractToken(request);
String username = jwtService.extractUsername(token);
fileService.uploadEncryptedFile(username, file.getBytes(), file.getOriginalFilename());
return ResponseEntity.ok("File uploaded and encrypted successfully.");
} catch (Exception e) {
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
.body("Upload failed: " + e.getMessage());
}
}
@GetMapping("/download")
public ResponseEntity<?> downloadFile(
@RequestBody FileDownloadRequest fileDownloadRequest,
HttpServletRequest request
) {
try {
String token = extractToken(request);
String username = jwtService.extractUsername(token);
// Use the password and filename from the FileDownloadRequest DTO
byte[] decryptedData = fileService.downloadDecryptedFile(username, fileDownloadRequest.getPassword(), fileDownloadRequest.getFilename());
return ResponseEntity.ok()
.header(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=\"" + fileDownloadRequest.getFilename() + "\"")
.contentLength(decryptedData.length)
.contentType(MediaType.APPLICATION_OCTET_STREAM)
.body(decryptedData);
} catch (Exception e) {
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
.body("File download failed: " + e.getMessage());
}
}
private String extractToken(HttpServletRequest request) {
String authHeader = request.getHeader("Authorization");
if (authHeader == null || !authHeader.startsWith("Bearer ")) {
throw new RuntimeException("Missing or invalid Authorization header");
}
return authHeader.substring(7);
}
}
src/main/java/com/skycrate/backend/skycrateBackend/controller/HDFScontroller.java
+171 -187
View File
@@ -2,8 +2,9 @@ package com.skycrate.backend.skycrateBackend.controller;
import com.skycrate.backend.skycrateBackend.config.HDFSConfig; import com.skycrate.backend.skycrateBackend.config.HDFSConfig;
import com.skycrate.backend.skycrateBackend.dto.ResponseDTO; import com.skycrate.backend.skycrateBackend.dto.ResponseDTO;
import com.skycrate.backend.skycrateBackend.entity.User; import com.skycrate.backend.skycrateBackend.models.User;
import com.skycrate.backend.skycrateBackend.repository.UserRepository; import com.skycrate.backend.skycrateBackend.repository.UserRepository;
import com.skycrate.backend.skycrateBackend.services.EncryptionUtil;
import com.skycrate.backend.skycrateBackend.services.HDFSOperations; import com.skycrate.backend.skycrateBackend.services.HDFSOperations;
import com.skycrate.backend.skycrateBackend.utils.KeyUtil; import com.skycrate.backend.skycrateBackend.utils.KeyUtil;
import com.skycrate.backend.skycrateBackend.utils.RSAKeyUtil; import com.skycrate.backend.skycrateBackend.utils.RSAKeyUtil;
@@ -35,6 +36,9 @@ import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec; import javax.crypto.spec.SecretKeySpec;
import java.io.File; // For java.io.File import java.io.File; // For java.io.File
import static com.skycrate.backend.skycrateBackend.utils.KeyUtil.getPrivateKeyForUser;
import static com.skycrate.backend.skycrateBackend.utils.KeyUtil.getPublicKeyForUser;
@RestController @RestController
@RequestMapping("/api/hdfs") @RequestMapping("/api/hdfs")
public class HDFScontroller { public class HDFScontroller {
@@ -62,71 +66,72 @@ public class HDFScontroller {
} }
} }
// @PostMapping("/uploadFile") @PostMapping("/uploadFile")
// public ResponseDTO uploadFile( public ResponseDTO uploadFile(
// @RequestParam("file") MultipartFile file, @RequestParam("file") MultipartFile file,
// @RequestParam String hdfsPath, @RequestParam String hdfsPath,
// @RequestParam String uploadedFileName, @RequestParam String uploadedFileName,
// @RequestParam String username) { @RequestParam String username) {
// try { try {
// // Retrieve the user from the database using the username // Step 1: Retrieve the user and their RSA public key
// User user = userRepository.findByUsername(username).orElseThrow(() -> new RuntimeException("User not found")); User user = userRepository.findByUsername(username)
// .orElseThrow(() -> new RuntimeException("User not found"));
// // Get the public key from the user entity byte[] publicKeyBytes = user.getPublicKey();
// byte[] publicKeyBytes = user.getPublicKey(); PublicKey publicKey = RSAKeyUtil.getPublicKeyFromBytes(publicKeyBytes);
// PublicKey publicKey = RSAKeyUtil.getPublicKeyFromBytes(publicKeyBytes);
//
// // Encrypt the file content using the public key
// byte[] encryptedData = encryptFile(file, publicKey);
//
// // Upload the encrypted file to HDFS
// hdfsOperations.uploadFile(encryptedData, hdfsPath, uploadedFileName, username);
//
// return new ResponseDTO("File uploaded successfully", true);
// } catch (IOException e) {
// e.printStackTrace();
// return new ResponseDTO("Failed to upload file locally: " + e.getMessage(), false);
// } catch (Exception e) {
// e.printStackTrace();
// return new ResponseDTO("Failed to upload file to HDFS: " + e.getMessage(), false);
// }
// }
//
// // Helper method to encrypt the file content using RSA encryption
// private byte[] encryptFile(MultipartFile file, PublicKey publicKey) throws Exception {
// // Step 1: Generate a random AES key
// SecretKey aesKey = generateAESKey();
//
// // Step 2: Encrypt the file data using AES
// Cipher aesCipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
// aesCipher.init(Cipher.ENCRYPT_MODE, aesKey);
// byte[] fileData = file.getBytes();
// byte[] encryptedData = aesCipher.doFinal(fileData);
//
// // Step 3: Encrypt the AES key with RSA
// Cipher rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
// rsaCipher.init(Cipher.ENCRYPT_MODE, publicKey);
// byte[] encryptedAesKey = rsaCipher.doFinal(aesKey.getEncoded());
//
// // Step 4: Combine the encrypted AES key and the encrypted data
// byte[] combined = new byte[4 + encryptedAesKey.length + encryptedData.length];
// combined[0] = (byte) (encryptedAesKey.length >> 24);
// combined[1] = (byte) (encryptedAesKey.length >> 16);
// combined[2] = (byte) (encryptedAesKey.length >> 8);
// combined[3] = (byte) encryptedAesKey.length;
//
// System.arraycopy(encryptedAesKey, 0, combined, 4, encryptedAesKey.length);
// System.arraycopy(encryptedData, 0, combined, 4 + encryptedAesKey.length, encryptedData.length);
//
// return combined;
// }
// // Generate a random AES key // Step 2: Encrypt the file content using hybrid encryption (AES + RSA)
// private SecretKey generateAESKey() throws NoSuchAlgorithmException { byte[] fileBytes = file.getBytes();
// KeyGenerator keyGen = KeyGenerator.getInstance("AES"); byte[] encryptedData = EncryptionUtil.encrypt(fileBytes, publicKey);
// keyGen.init(256); // Use 256 bits for AES
// return keyGen.generateKey(); // Step 3: Upload encrypted data to HDFS
// } hdfsOperations.uploadFile(encryptedData, hdfsPath, uploadedFileName, username);
return new ResponseDTO("File uploaded successfully", true);
} catch (IOException e) {
e.printStackTrace();
return new ResponseDTO("Failed to read file: " + e.getMessage(), false);
} catch (Exception e) {
e.printStackTrace();
return new ResponseDTO("Failed to upload file to HDFS: " + e.getMessage(), false);
}
}
// Helper method to encrypt the file content using RSA encryption
private byte[] encryptFile(MultipartFile file, PublicKey publicKey) throws Exception {
// Step 1: Generate a random AES key
SecretKey aesKey = generateAESKey();
// Step 2: Encrypt the file data using AES
Cipher aesCipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
aesCipher.init(Cipher.ENCRYPT_MODE, aesKey);
byte[] fileData = file.getBytes();
byte[] encryptedData = aesCipher.doFinal(fileData);
// Step 3: Encrypt the AES key with RSA
Cipher rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
rsaCipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] encryptedAesKey = rsaCipher.doFinal(aesKey.getEncoded());
// Step 4: Combine the encrypted AES key and the encrypted data
byte[] combined = new byte[4 + encryptedAesKey.length + encryptedData.length];
combined[0] = (byte) (encryptedAesKey.length >> 24);
combined[1] = (byte) (encryptedAesKey.length >> 16);
combined[2] = (byte) (encryptedAesKey.length >> 8);
combined[3] = (byte) encryptedAesKey.length;
System.arraycopy(encryptedAesKey, 0, combined, 4, encryptedAesKey.length);
System.arraycopy(encryptedData, 0, combined, 4 + encryptedAesKey.length, encryptedData.length);
return combined;
}
// Generate a random AES key
private SecretKey generateAESKey() throws NoSuchAlgorithmException {
KeyGenerator keyGen = KeyGenerator.getInstance("AES");
keyGen.init(256); // Use 256 bits for AES
return keyGen.generateKey();
}
private String saveFileLocally(MultipartFile file) throws IOException { private String saveFileLocally(MultipartFile file) throws IOException {
// Create a temporary directory if it doesn't exist // Create a temporary directory if it doesn't exist
@@ -143,107 +148,107 @@ public class HDFScontroller {
return path.toString(); // Return the local path for further processing return path.toString(); // Return the local path for further processing
} }
// @PostMapping("/downloadFile") @PostMapping("/downloadFile")
// public ResponseEntity<Resource> downloadFile( public ResponseEntity<Resource> downloadFile(
// @RequestParam String hdfsEncPath, @RequestParam String hdfsEncPath,
// @RequestParam String username) { @RequestParam String username) {
// try { try {
// // Extract the file name and extension // Extract the file name and extension
// String encFileName = new File(hdfsEncPath).getName(); String encFileName = new File(hdfsEncPath).getName();
// String originalFileName = encFileName.replace(".enc", ""); String originalFileName = encFileName.replace(".enc", "");
// String fileExtension = originalFileName.substring(originalFileName.lastIndexOf(".") + 1); String fileExtension = originalFileName.substring(originalFileName.lastIndexOf(".") + 1);
//
// // Define local decrypted file path // Define local decrypted file path
// String localDecryptedPath = "/SkyCrate/downloaded/" + originalFileName; String localDecryptedPath = "/SkyCrate/downloaded/" + originalFileName;
//
// // Define HDFS paths for encrypted file // Define HDFS paths for encrypted file
// String encFilePath = "/SkyCrate/downloaded/" + encFileName; String encFilePath = "/SkyCrate/downloaded/" + encFileName;
//
// FileSystem fs = HDFSConfig.getHDFS(); FileSystem fs = HDFSConfig.getHDFS();
//
// // Download encrypted file from HDFS // Download encrypted file from HDFS
// fs.copyToLocalFile(new org.apache.hadoop.fs.Path(hdfsEncPath), new org.apache.hadoop.fs.Path(encFilePath)); fs.copyToLocalFile(new org.apache.hadoop.fs.Path(hdfsEncPath), new org.apache.hadoop.fs.Path(encFilePath));
//
// // Retrieve the RSA private key for the user // Retrieve the RSA private key for the user
// User user = userRepository.findByUsername(username) User user = userRepository.findByUsername(username)
// .orElseThrow(() -> new RuntimeException("User not found")); .orElseThrow(() -> new RuntimeException("User not found"));
// PrivateKey privateKey = RSAKeyUtil.getPrivateKeyFromBytes(user.getPrivateKey()); PrivateKey privateKey = RSAKeyUtil.getPrivateKeyFromBytes(user.getPrivateKey());
//
// // Read the encrypted file content // Read the encrypted file content
// byte[] encryptedFileContent = Files.readAllBytes(Paths.get(encFilePath)); byte[] encryptedFileContent = Files.readAllBytes(Paths.get(encFilePath));
//
// // Step 1: Extract the AES key length from the combined data // Step 1: Extract the AES key length from the combined data
// int aesKeyLength = ((encryptedFileContent[0] & 0xFF) << 24) | int aesKeyLength = ((encryptedFileContent[0] & 0xFF) << 24) |
// ((encryptedFileContent[1] & 0xFF) << 16) | ((encryptedFileContent[1] & 0xFF) << 16) |
// ((encryptedFileContent[2] & 0xFF) << 8) | ((encryptedFileContent[2] & 0xFF) << 8) |
// (encryptedFileContent[3] & 0xFF); (encryptedFileContent[3] & 0xFF);
//
// // Step 2: Extract the encrypted AES key and encrypted data // Step 2: Extract the encrypted AES key and encrypted data
// byte[] encryptedAesKey = new byte[aesKeyLength]; byte[] encryptedAesKey = new byte[aesKeyLength];
// byte[] encryptedData = new byte[encryptedFileContent.length - 4 - aesKeyLength]; byte[] encryptedData = new byte[encryptedFileContent.length - 4 - aesKeyLength];
//
// System.arraycopy(encryptedFileContent, 4, encryptedAesKey, 0, aesKeyLength); System.arraycopy(encryptedFileContent, 4, encryptedAesKey, 0, aesKeyLength);
// System.arraycopy(encryptedFileContent, 4 + aesKeyLength, encryptedData, 0, encryptedData.length); System.arraycopy(encryptedFileContent, 4 + aesKeyLength, encryptedData, 0, encryptedData.length);
//
// // Step 3: Decrypt the AES key using RSA // Step 3: Decrypt the AES key using RSA
// Cipher rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); Cipher rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
// rsaCipher.init(Cipher.DECRYPT_MODE, privateKey); rsaCipher.init(Cipher.DECRYPT_MODE, privateKey);
// byte[] aesKeyBytes = rsaCipher.doFinal(encryptedAesKey); byte[] aesKeyBytes = rsaCipher.doFinal(encryptedAesKey);
//
// // Create the AES key // Create the AES key
// SecretKey aesKey = new SecretKeySpec(aesKeyBytes, "AES"); SecretKey aesKey = new SecretKeySpec(aesKeyBytes, "AES");
//
// // Step 4: Decrypt the data using AES // Step 4: Decrypt the data using AES
// Cipher aesCipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); Cipher aesCipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
// aesCipher.init(Cipher.DECRYPT_MODE, aesKey); aesCipher.init(Cipher.DECRYPT_MODE, aesKey);
//
// // Decrypt the file content using the provided decrypt method // Decrypt the file content using the provided decrypt method
//// byte[] decryptedFileContent = RSAKeyUtil.decrypt(encryptedFileContent, privateKey); // byte[] decryptedFileContent = RSAKeyUtil.decrypt(encryptedFileContent, privateKey);
// byte[] decryptedFileContent = aesCipher.doFinal(encryptedData); byte[] decryptedFileContent = aesCipher.doFinal(encryptedData);
//
// // Write the decrypted content to the original file // Write the decrypted content to the original file
// Files.write(Paths.get(localDecryptedPath + "." + fileExtension), decryptedFileContent); Files.write(Paths.get(localDecryptedPath + "." + fileExtension), decryptedFileContent);
//
//
// // Log the file creation // Log the file creation
// if (Files.exists(Paths.get(localDecryptedPath + "." + fileExtension))) { if (Files.exists(Paths.get(localDecryptedPath + "." + fileExtension))) {
// System.out.println("File created successfully at: " + localDecryptedPath + "." + fileExtension); System.out.println("File created successfully at: " + localDecryptedPath + "." + fileExtension);
// } else { } else {
// System.out.println("Failed to create file at: " + localDecryptedPath + "." + fileExtension); System.out.println("Failed to create file at: " + localDecryptedPath + "." + fileExtension);
// } }
//
// // Create the decrypted file resource // Create the decrypted file resource
// File decryptedFile = new File(localDecryptedPath + "." + fileExtension); File decryptedFile = new File(localDecryptedPath + "." + fileExtension);
// Resource resource = new FileSystemResource(decryptedFile); Resource resource = new FileSystemResource(decryptedFile);
//
// // Return the file as a response // Return the file as a response
// return ResponseEntity.ok() return ResponseEntity.ok()
// .contentLength(decryptedFile.length()) .contentLength(decryptedFile.length())
// .contentType(MediaType.APPLICATION_OCTET_STREAM) .contentType(MediaType.APPLICATION_OCTET_STREAM)
// .header(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=\"" + decryptedFile.getName() + "\"") .header(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=\"" + decryptedFile.getName() + "\"")
// .body(resource); .body(resource);
//
// } catch (Exception e) { } catch (Exception e) {
// e.printStackTrace(); e.printStackTrace();
// return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR) return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
// .body(null); .body(null);
// } }
// } }
//
//
// public void initializeKeysForUser(String username) { public void initializeKeysForUser(String username) {
// try { try {
// // Check if the public key file exists // Check if the public key file exists
// Path publicKeyPath = Paths.get("C:\\Users\\sonal\\OneDrive\\Desktop\\SkyCrate\\Skycrate\\keys", username + "_public.key"); Path publicKeyPath = Paths.get("C:\\Users\\sonal\\OneDrive\\Desktop\\SkyCrate\\Skycrate\\keys", username + "_public.key");
// if (!Files.exists(publicKeyPath)) { if (!Files.exists(publicKeyPath)) {
// // Generate and store keys if they do not exist // Generate and store keys if they do not exist
// KeyUtil.generateAndStoreKeyPair(username); KeyUtil.generateAndStoreKeyPair(username);
// } }
// } catch (Exception e) { } catch (Exception e) {
// e.printStackTrace(); e.printStackTrace();
// } }
// } }
//
@DeleteMapping("/deleteFile") @DeleteMapping("/deleteFile")
public ResponseDTO deleteFile(@RequestParam String hdfsPath) { public ResponseDTO deleteFile(@RequestParam String hdfsPath) {
@@ -275,25 +280,4 @@ public class HDFScontroller {
.body("Failed to list files: " + e.getMessage()); .body("Failed to list files: " + e.getMessage());
} }
} }
@GetMapping("/getUsernameByEmail")
public ResponseEntity<?> getUsernameByEmail(@RequestParam String email) {
try {
// Fetch user from the database using the provided email
User user = userRepository.findByEmail(email)
.orElseThrow(() -> new RuntimeException("User not found with email: " + email));
// // Log the retrieved user object to verify the username
// System.out.println("Retrieved user: " + user.getFullname());
// Return the username as the response
return ResponseEntity.ok(user.getFullname()); // Return the username
} catch (Exception e) {
// Handle error if user is not found or other exceptions occur
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
.body("Failed to fetch username: " + e.getMessage());
}
}
} }
src/main/java/com/skycrate/backend/skycrateBackend/dto/FileDownloadRequest.java
-23
View File
@@ -1,23 +0,0 @@
package com.skycrate.backend.skycrateBackend.dto;
public class FileDownloadRequest {
private String filename;
private String password;
// Getters and Setters
public String getFilename() {
return filename;
}
public void setFilename(String filename) {
this.filename = filename;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
src/main/java/com/skycrate/backend/skycrateBackend/dto/LoginRequest.java
-13
View File
@@ -1,13 +0,0 @@
package com.skycrate.backend.skycrateBackend.dto;
public class LoginRequest {
private String email;
private String password;
// Getters and setters
public String getEmail() { return email; }
public void setEmail(String email) { this.email = email; }
public String getPassword() { return password; }
public void setPassword(String password) { this.password = password; }
}
src/main/java/com/skycrate/backend/skycrateBackend/dto/LoginResponse.java
-17
View File
@@ -1,17 +0,0 @@
package com.skycrate.backend.skycrateBackend.dto;
public class LoginResponse {
private String accessToken;
private String refreshToken;
private String tokenType = "Bearer";
public LoginResponse(String accessToken, String refreshToken) {
this.accessToken = accessToken;
this.refreshToken = refreshToken;
}
// Getters
public String getAccessToken() { return accessToken; }
public String getRefreshToken() { return refreshToken; }
public String getTokenType() { return tokenType; }
}
src/main/java/com/skycrate/backend/skycrateBackend/dto/RegisterUserDto.java
+37 -37
View File
@@ -1,46 +1,46 @@
package com.skycrate.backend.skycrateBackend.dto; package com.skycrate.backend.skycrateBackend.dto;
import jakarta.validation.constraints.Email;
import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.Pattern;
import jakarta.validation.constraints.Size;
public class RegisterUserDto { public class RegisterUserDto {
@NotBlank(message = "Email is required")
@Email(message = "Email should be valid")
private String email; private String email;
@NotBlank(message = "Password is required")
@Size(min = 8, message = "Password must be at least 8 characters")
private String password; private String password;
@NotBlank(message = "Username is required")
@Pattern(regexp = "^[a-zA-Z0-9]+$", message = "Username must be alphanumeric")
private String username;
@NotBlank(message = "Full name is required")
private String fullname;
@NotBlank(message = "First name is required")
private String firstname; private String firstname;
@NotBlank(message = "Last name is required")
private String lastname; private String lastname;
// Getters public String getEmail() {
public String getEmail() { return email; } return email;
public String getPassword() { return password; } }
public String getUsername() { return username; }
public String getFullname() { return fullname; }
public String getFirstname() { return firstname; }
public String getLastname() { return lastname; }
// Setters public RegisterUserDto setEmail(String email) {
public void setEmail(String email) { this.email = email; } this.email = email;
public void setPassword(String password) { this.password = password; } return this;
public void setUsername(String username) { this.username = username; } }
public void setFullname(String fullname) { this.fullname = fullname; }
public void setFirstname(String firstname) { this.firstname = firstname; } public String getPassword() {
public void setLastname(String lastname) { this.lastname = lastname; } return password;
} }
public RegisterUserDto setPassword(String password) {
this.password = password;
return this;
}
public String getFirstname() {
return firstname;
}
public RegisterUserDto setFirstname(String firstname) {
this.firstname = firstname;
return this;
}
public String getLastname() {
return lastname;
}
public RegisterUserDto setLastname(String lastname) {
this.lastname = lastname;
return this;
}
}
src/main/java/com/skycrate/backend/skycrateBackend/dto/SignupRequest.java
-33
View File
@@ -1,33 +0,0 @@
package com.skycrate.backend.skycrateBackend.dto;
public class SignupRequest {
private String username;
private String email;
private String password;
// Getters
public String getUsername() {
return username;
}
public String getEmail() {
return email;
}
public String getPassword() {
return password;
}
// Setters
public void setUsername(String username) {
this.username = username;
}
public void setEmail(String email) {
this.email = email;
}
public void setPassword(String password) {
this.password = password;
}
}
src/main/java/com/skycrate/backend/skycrateBackend/dto/TokenRefreshRequest.java
-13
View File
@@ -1,13 +0,0 @@
package com.skycrate.backend.skycrateBackend.dto;
public class TokenRefreshRequest {
private String refreshToken;
public String getRefreshToken() {
return refreshToken;
}
public void setRefreshToken(String refreshToken) {
this.refreshToken = refreshToken;
}
}
src/main/java/com/skycrate/backend/skycrateBackend/dto/TokenRefreshResponse.java
-17
View File
@@ -1,17 +0,0 @@
package com.skycrate.backend.skycrateBackend.dto;
public class TokenRefreshResponse {
private String accessToken;
private String refreshToken;
private String tokenType = "Bearer";
public TokenRefreshResponse(String accessToken, String refreshToken) {
this.accessToken = accessToken;
this.refreshToken = refreshToken;
}
// Getters
public String getAccessToken() { return accessToken; }
public String getRefreshToken() { return refreshToken; }
public String getTokenType() { return tokenType; }
}
src/main/java/com/skycrate/backend/skycrateBackend/dto/User.java
+23
View File
@@ -0,0 +1,23 @@
package com.skycrate.backend.skycrateBackend.dto;
import com.skycrate.backend.skycrateBackend.services.EncryptionUtil;
import java.security.KeyPair;
public class User {
private String username;
private KeyPair keyPair;
public User(String username) throws Exception {
this.username = username;
this.keyPair = EncryptionUtil.generateKeyPair();
}
public String getUsername() {
return username;
}
public KeyPair getKeyPair() {
return keyPair;
}
}
src/main/java/com/skycrate/backend/skycrateBackend/entity/FileMetadata.java
-39
View File
@@ -1,39 +0,0 @@
package com.skycrate.backend.skycrateBackend.entity;
import jakarta.persistence.*;
import lombok.*;
@Entity
@Table(name = "file_metadata")
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@Builder
public class FileMetadata {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
@Column(nullable = false)
private String filePath;
@Column(nullable = false)
private String username;
@Lob
@Column(nullable = false)
private byte[] salt;
@Lob
@Column(nullable = false)
private byte[] iv;
@Lob
@Column(nullable = false, name = "encrypted_key", columnDefinition = "LONGBLOB")
private byte[] encryptedKey;
@Column(nullable = false)
private long uploadedAt;
}
src/main/java/com/skycrate/backend/skycrateBackend/entity/RefreshToken.java
-33
View File
@@ -1,33 +0,0 @@
package com.skycrate.backend.skycrateBackend.entity;
import jakarta.persistence.*;
import java.time.Instant;
@Entity
public class RefreshToken {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
@Column(nullable = false, unique = true)
private String token;
@OneToOne
@JoinColumn(name = "user_id", referencedColumnName = "id")
private User user;
private Instant expiryDate;
// Getters and setters
public Long getId() { return id; }
public String getToken() { return token; }
public void setToken(String token) { this.token = token; }
public User getUser() { return user; }
public void setUser(User user) { this.user = user; }
public Instant getExpiryDate() { return expiryDate; }
public void setExpiryDate(Instant expiryDate) { this.expiryDate = expiryDate; }
}
src/main/java/com/skycrate/backend/skycrateBackend/entity/User.java
-90
View File
@@ -1,90 +0,0 @@
package com.skycrate.backend.skycrateBackend.entity;
import jakarta.persistence.*;
import lombok.*;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import java.util.Collection;
import java.util.List;
@Entity
@Table(name = "users")
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
public class User implements UserDetails {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
@Column(nullable = false, unique = true)
private String email;
@Column(nullable = false)
private String password;
@Column(nullable = false, unique = true)
private String username;
@Column(nullable = false)
private String fullname;
@Lob
private byte[] publicKey;
@Lob
private byte[] privateKey;
@Lob
@Column(nullable = false)
private byte[] privateKeySalt;
@Lob
@Column(nullable = false)
private byte[] privateKeyIv;
@Builder
public User(String email, String password, String username, String fullname,
byte[] publicKey, byte[] privateKey,
byte[] privateKeySalt, byte[] privateKeyIv) {
this.email = email;
this.password = password;
this.username = username;
this.fullname = fullname;
this.publicKey = publicKey;
this.privateKey = privateKey;
this.privateKeySalt = privateKeySalt;
this.privateKeyIv = privateKeyIv;
}
// --- UserDetails interface methods ---
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return List.of(); // No roles assigned currently
}
@Override
public String getUsername() {
return username;
}
@Override
public String getPassword() {
return this.password;
}
@Override
public boolean isAccountNonExpired() { return true; }
@Override
public boolean isAccountNonLocked() { return true; }
@Override
public boolean isCredentialsNonExpired() { return true; }
@Override
public boolean isEnabled() { return true; }
}
src/main/java/com/skycrate/backend/skycrateBackend/models/User.java
+139
View File
@@ -0,0 +1,139 @@
package com.skycrate.backend.skycrateBackend.models;
import java.time.LocalDateTime;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import org.hibernate.annotations.CreationTimestamp;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import jakarta.persistence.*;
@Table(name = "users")
@Entity
public class User implements UserDetails {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(nullable = false)
private Integer id;
@Column(nullable = false)
private String username;
@Column(unique = true, nullable = false)
private String email;
@Column(nullable = false)
private String password;
// Add RSA key fields
@Lob
@Column(name = "public_key", columnDefinition = "BLOB")
private byte[] publicKey;
@Lob
@Column(name = "private_key", columnDefinition = "BLOB")
private byte[] privateKey;
@CreationTimestamp
@Column(updatable = false, name = "created_at")
private Date createdAt;
public User() {}
public User(String firstname, String lastname, String email, String password) {
this.username = firstname + lastname;
this.email = email;
this.password = password;
}
// Required by Spring Security
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return List.of();
}
@Override
public String getUsername() {
return email;
}
@Override
public String getPassword() {
return password;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
// Getters and Setters
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public void setFullname(String firstname, String lastname) {
this.username = firstname + lastname;
}
public String getFullname() {
return this.username;
}
public void setEmail(String email) {
this.email = email;
}
public void setPassword(String password) {
this.password = password;
}
public Date getCreatedAt() {
return createdAt;
}
public void setCreatedAt(Date createdAt) {
this.createdAt = createdAt;
}
// Getters and setters for RSA keys
public byte[] getPublicKey() {
return publicKey;
}
public void setPublicKey(byte[] publicKey) {
this.publicKey = publicKey;
}
public byte[] getPrivateKey() {
return privateKey;
}
public void setPrivateKey(byte[] privateKey) {
this.privateKey = privateKey;
}
}
src/main/java/com/skycrate/backend/skycrateBackend/repository/FileMetadataRepository.java
-10
View File
@@ -1,10 +0,0 @@
package com.skycrate.backend.skycrateBackend.repository;
import com.skycrate.backend.skycrateBackend.entity.FileMetadata;
import org.springframework.data.jpa.repository.JpaRepository;
import java.util.Optional;
public interface FileMetadataRepository extends JpaRepository<FileMetadata, Long> {
Optional<FileMetadata> findByUsernameAndFilePath(String username, String filePath);
}
src/main/java/com/skycrate/backend/skycrateBackend/repository/RefreshTokenRepository.java
-19
View File
@@ -1,19 +0,0 @@
package com.skycrate.backend.skycrateBackend.repository;
import com.skycrate.backend.skycrateBackend.entity.RefreshToken;
import com.skycrate.backend.skycrateBackend.entity.User;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Modifying;
import org.springframework.data.jpa.repository.Query;
import org.springframework.transaction.annotation.Transactional;
import java.util.Optional;
public interface RefreshTokenRepository extends JpaRepository<RefreshToken, Long> {
Optional<RefreshToken> findByToken(String token);
@Transactional
@Modifying
@Query("DELETE FROM RefreshToken t WHERE t.user = :user")
void deleteByUser(User user);
}
src/main/java/com/skycrate/backend/skycrateBackend/repository/UserManager.java
+25
View File
@@ -0,0 +1,25 @@
package com.skycrate.backend.skycrateBackend.repository;
import com.skycrate.backend.skycrateBackend.dto.User;
import org.springframework.stereotype.Service;
import java.util.HashMap;
import java.util.Map;
@Service
public class UserManager {
private Map<String, User> users = new HashMap<>();
public User getUser(String username) throws Exception {
if (!users.containsKey(username)) {
users.put(username, new User(username));
}
return users.get(username);
}
public boolean authenticate(String username, String password) {
// Implement your authentication logic here
return "admin".equals(username) && "password123".equals(password);
}
}
src/main/java/com/skycrate/backend/skycrateBackend/repository/UserRepository.java
+1 -1
View File
@@ -2,7 +2,7 @@ package com.skycrate.backend.skycrateBackend.repository;
import java.util.Optional; import java.util.Optional;
import org.springframework.data.repository.CrudRepository; import org.springframework.data.repository.CrudRepository;
import com.skycrate.backend.skycrateBackend.entity.User; import com.skycrate.backend.skycrateBackend.models.User;
public interface UserRepository extends CrudRepository<User,Integer> { public interface UserRepository extends CrudRepository<User,Integer> {
Optional<User> findByEmail(String email); Optional<User> findByEmail(String email);
// Custom query method to find user by username // Custom query method to find user by username
src/main/java/com/skycrate/backend/skycrateBackend/security/EncryptionService.java
-42
View File
@@ -1,42 +0,0 @@
package com.skycrate.backend.skycrateBackend.security;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.*;
import java.security.SecureRandom;
import java.util.Base64;
public class EncryptionService {
private static final int KEY_LENGTH = 256;
private static final int ITERATIONS = 65536;
private static final int SALT_LENGTH = 16;
private static final int IV_LENGTH = 12;
public static byte[] generateSalt() {
byte[] salt = new byte[SALT_LENGTH];
new SecureRandom().nextBytes(salt);
return salt;
}
public static SecretKey deriveKey(String password, byte[] salt) throws Exception {
PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, ITERATIONS, KEY_LENGTH);
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
return new SecretKeySpec(factory.generateSecret(spec).getEncoded(), "AES");
}
public static byte[] encrypt(byte[] plaintext, SecretKey key, byte[] iv) throws Exception {
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
GCMParameterSpec spec = new GCMParameterSpec(128, iv);
cipher.init(Cipher.ENCRYPT_MODE, key, spec);
return cipher.doFinal(plaintext);
}
public static byte[] decrypt(byte[] ciphertext, SecretKey key, byte[] iv) throws Exception {
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
GCMParameterSpec spec = new GCMParameterSpec(128, iv);
cipher.init(Cipher.DECRYPT_MODE, key, spec);
return cipher.doFinal(ciphertext);
}
}
src/main/java/com/skycrate/backend/skycrateBackend/security/JwtAuthenticationFilter.java
-90
View File
@@ -1,90 +0,0 @@
package com.skycrate.backend.skycrateBackend.security;
import com.skycrate.backend.skycrateBackend.repository.UserRepository;
import com.skycrate.backend.skycrateBackend.entity.User;
import com.skycrate.backend.skycrateBackend.services.JwtService;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;
import java.io.IOException;
@Component
public class JwtAuthenticationFilter extends OncePerRequestFilter {
private final JwtService jwtService;
private final UserRepository userRepository;
private final TokenBlacklistService tokenBlacklistService;
public JwtAuthenticationFilter(JwtService jwtService,
UserRepository userRepository,
TokenBlacklistService tokenBlacklistService) {
this.jwtService = jwtService;
this.userRepository = userRepository;
this.tokenBlacklistService = tokenBlacklistService;
}
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response,
FilterChain filterChain)
throws ServletException, IOException {
String path = request.getRequestURI();
if (path.startsWith("/api/auth") || path.startsWith("/actuator")) {
filterChain.doFilter(request, response);
return;
}
final String authHeader = request.getHeader("Authorization");
final String jwt;
final String username;
if (!StringUtils.hasText(authHeader) || !authHeader.startsWith("Bearer ")) {
filterChain.doFilter(request, response);
return;
}
jwt = authHeader.substring(7);
// Check if token is blacklisted
if (tokenBlacklistService.isTokenBlacklisted(jwt)) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.getWriter().write("Token has been blacklisted");
return;
}
try {
username = jwtService.extractUsername(jwt); // This is actually the `username`, not email
} catch (Exception e) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.getWriter().write("Invalid JWT token");
return;
}
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
// Use username to find the user
User user = userRepository.findByUsername(username).orElse(null);
if (user != null && jwtService.isTokenValid(jwt, user)) {
UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(
user, null, user.getAuthorities());
authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authToken);
} else {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.getWriter().write("Expired or invalid JWT");
return;
}
}
filterChain.doFilter(request, response);
}
}
src/main/java/com/skycrate/backend/skycrateBackend/security/TokenBlacklistService.java
-27
View File
@@ -1,27 +0,0 @@
package com.skycrate.backend.skycrateBackend.security;
import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import org.springframework.stereotype.Service;
import java.util.concurrent.TimeUnit;
@Service
public class TokenBlacklistService {
private final Cache<String, Boolean> blacklistCache;
public TokenBlacklistService() {
this.blacklistCache = Caffeine.newBuilder()
.expireAfterWrite(1, TimeUnit.HOURS)
.build();
}
public void blacklistToken(String token) {
blacklistCache.put(token, true);
}
public boolean isTokenBlacklisted(String token) {
return blacklistCache.getIfPresent(token) != null;
}
}
src/main/java/com/skycrate/backend/skycrateBackend/services/AuthenticationService.java
+18 -82
View File
@@ -1,26 +1,18 @@
package com.skycrate.backend.skycrateBackend.services; package com.skycrate.backend.skycrateBackend.services;
import com.skycrate.backend.skycrateBackend.config.HDFSConfig;
import com.skycrate.backend.skycrateBackend.dto.LoginUserDto;
import com.skycrate.backend.skycrateBackend.dto.RegisterUserDto;
import com.skycrate.backend.skycrateBackend.entity.User;
import com.skycrate.backend.skycrateBackend.repository.UserRepository;
import com.skycrate.backend.skycrateBackend.utils.EncryptionUtil;
import com.skycrate.backend.skycrateBackend.utils.RSAKeyUtil;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.springframework.cache.annotation.CacheEvict;
import org.springframework.cache.annotation.Cacheable;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import javax.crypto.SecretKey; import com.skycrate.backend.skycrateBackend.dto.LoginUserDto;
import com.skycrate.backend.skycrateBackend.dto.RegisterUserDto;
import com.skycrate.backend.skycrateBackend.models.User;
import com.skycrate.backend.skycrateBackend.repository.UserRepository;
import com.skycrate.backend.skycrateBackend.utils.RSAKeyUtil;
import java.security.KeyPair; import java.security.KeyPair;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@Service @Service
public class AuthenticationService { public class AuthenticationService {
@@ -28,67 +20,30 @@ public class AuthenticationService {
private final UserRepository userRepository; private final UserRepository userRepository;
private final PasswordEncoder passwordEncoder; private final PasswordEncoder passwordEncoder;
private final AuthenticationManager authenticationManager; private final AuthenticationManager authenticationManager;
private final KeyCacheService keyCacheService;
private static final Logger log = LoggerFactory.getLogger(AuthenticationService.class); public AuthenticationService(UserRepository userRepository, AuthenticationManager authenticationManager, PasswordEncoder passwordEncoder) {
public AuthenticationService(UserRepository userRepository,
AuthenticationManager authenticationManager,
PasswordEncoder passwordEncoder,
KeyCacheService keyCacheService) {
this.userRepository = userRepository; this.userRepository = userRepository;
this.passwordEncoder = passwordEncoder; this.passwordEncoder = passwordEncoder;
this.authenticationManager = authenticationManager; this.authenticationManager = authenticationManager;
this.keyCacheService = keyCacheService;
} }
public User signUp(RegisterUserDto inputUser) { public User signUp(RegisterUserDto inputUser) {
// Generate RSA key pair User user = new User(
KeyPair keyPair; inputUser.getFirstname(),
inputUser.getLastname(),
inputUser.getEmail(),
passwordEncoder.encode(inputUser.getPassword())
);
try { try {
keyPair = RSAKeyUtil.generateKeyPair(); KeyPair keyPair = RSAKeyUtil.generateKeyPair();
user.setPublicKey(keyPair.getPublic().getEncoded());
user.setPrivateKey(keyPair.getPrivate().getEncoded());
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException e) {
throw new RuntimeException("Failed to generate RSA key pair", e); throw new RuntimeException("Failed to generate RSA key pair", e);
} }
// Encrypt private key using password-derived AES key return userRepository.save(user);
byte[] salt = EncryptionUtil.generateSalt();
byte[] iv = EncryptionUtil.generateIv();
byte[] encryptedPrivateKey;
try {
SecretKey aesKey = EncryptionUtil.deriveKey(inputUser.getPassword().toCharArray(), salt);
encryptedPrivateKey = EncryptionUtil.encrypt(keyPair.getPrivate().getEncoded(), aesKey, iv);
} catch (Exception e) {
throw new RuntimeException("Failed to encrypt private key", e);
}
// Create user entity with encrypted private key, salt, and iv
User user = User.builder()
.fullname(inputUser.getFirstname() + " " + inputUser.getLastname())
.username(inputUser.getUsername())
.email(inputUser.getEmail())
.password(passwordEncoder.encode(inputUser.getPassword()))
.publicKey(keyPair.getPublic().getEncoded())
.privateKey(encryptedPrivateKey)
.privateKeySalt(salt)
.privateKeyIv(iv)
.build();
// Save user
User savedUser = userRepository.save(user);
// Create HDFS directory in root with username
try {
FileSystem fs = HDFSConfig.getHDFS();
Path userDir = new Path("/" + savedUser.getUsername());
if (!fs.exists(userDir)) {
fs.mkdirs(userDir);
}
} catch (Exception e) {
throw new RuntimeException("Failed to create HDFS directory for user: " + savedUser.getUsername(), e);
}
return savedUser;
} }
public User authenticate(LoginUserDto inputUser) { public User authenticate(LoginUserDto inputUser) {
@@ -99,23 +54,4 @@ public class AuthenticationService {
return userRepository.findByEmail(inputUser.getEmail()) return userRepository.findByEmail(inputUser.getEmail())
.orElseThrow(() -> new RuntimeException("User not found")); .orElseThrow(() -> new RuntimeException("User not found"));
} }
@Cacheable(value = "decryptedPrivateKeys", key = "#userId")
public byte[] getDecryptedPrivateKey(String userId, String password) throws Exception {
User user = userRepository.findById(Integer.valueOf(userId))
.orElseThrow(() -> new RuntimeException("User not found: " + userId));
log.info("Caching decrypted private key for userId: {}", userId);
SecretKey derivedKey = EncryptionUtil.deriveKey(password.toCharArray(), user.getPrivateKeySalt());
byte[] decryptedPrivateKeyBytes = EncryptionUtil.decrypt(user.getPrivateKey(), derivedKey, user.getPrivateKeyIv());
return decryptedPrivateKeyBytes;
}
@CacheEvict(value = "decryptedPrivateKeys", key = "#userId")
public void clearDecryptedPrivateKeyCache(String userId) {
// This method will clear the cached decrypted private key for the given userId
log.info("Clearing Caching decrypted private key for userId: {}", userId);
keyCacheService.clearKey(Long.valueOf(userId));
}
} }
src/main/java/com/skycrate/backend/skycrateBackend/services/EncryptionUtil.java
+65 -57
View File
@@ -1,79 +1,87 @@
package com.skycrate.backend.skycrateBackend.services; package com.skycrate.backend.skycrateBackend.services;
import javax.crypto.*; import javax.crypto.*;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec; import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.*; import java.security.*;
import java.security.spec.InvalidKeySpecException; import java.util.Arrays;
import java.security.spec.KeySpec;
import java.util.Base64;
public class EncryptionUtil { public class EncryptionUtil {
private static final String RSA_ALGORITHM = "RSA";
private static final String AES_ALGORITHM = "AES";
private static final int RSA_KEY_SIZE = 2048;
private static final int AES_KEY_SIZE = 256;
private static final int SALT_LENGTH = 16; // in bytes // Generate RSA Key Pair (Public & Private)
private static final int IV_LENGTH = 16; // for AES CBC public static KeyPair generateKeyPair() throws NoSuchAlgorithmException {
private static final int ITERATIONS = 65536; KeyPairGenerator keyGen = KeyPairGenerator.getInstance(RSA_ALGORITHM);
private static final int KEY_LENGTH = 256; // bits keyGen.initialize(RSA_KEY_SIZE);
return keyGen.generateKeyPair();
// --- AES key derivation using PBKDF2 ---
public static SecretKey deriveAESKey(char[] password, byte[] salt)
throws NoSuchAlgorithmException, InvalidKeySpecException {
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
KeySpec spec = new PBEKeySpec(password, salt, ITERATIONS, KEY_LENGTH);
byte[] keyBytes = factory.generateSecret(spec).getEncoded();
return new SecretKeySpec(keyBytes, "AES");
} }
// --- Encrypt data using AES-CBC --- // Encrypt data using AES (AES Key is encrypted using RSA)
public static byte[] encrypt(byte[] data, SecretKey key, byte[] iv) public static byte[] encrypt(byte[] data, PublicKey publicKey) throws Exception {
throws GeneralSecurityException { // Step 1: Generate AES Key
SecretKey aesKey = generateAESKey();
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); // Encrypt data using AES
Cipher aesCipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
aesCipher.init(Cipher.ENCRYPT_MODE, aesKey);
byte[] encryptedData = aesCipher.doFinal(data);
IvParameterSpec ivSpec = new IvParameterSpec(iv); // Encrypt the AES key with RSA
cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); Cipher rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
rsaCipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] encryptedAesKey = rsaCipher.doFinal(aesKey.getEncoded());
return cipher.doFinal(data); // Step 4: Combine encrypted AES key and encrypted data into one array
byte[] combined = new byte[4 + encryptedAesKey.length + encryptedData.length];
// First 4 bytes indicate the length of the AES encrypted key
combined[0] = (byte) (encryptedAesKey.length >> 24);
combined[1] = (byte) (encryptedAesKey.length >> 16);
combined[2] = (byte) (encryptedAesKey.length >> 8);
combined[3] = (byte) encryptedAesKey.length;
// Copy AES Key and Encrypted Data into the combined array
System.arraycopy(encryptedAesKey, 0, combined, 4, encryptedAesKey.length);
System.arraycopy(encryptedData, 0, combined, 4 + encryptedAesKey.length, encryptedData.length);
return combined;
} }
// --- Decrypt data using AES-CBC --- // Decrypt data using RSA (AES Key is decrypted using RSA, then used for AES decryption)
public static byte[] decrypt(byte[] encryptedData, SecretKey key, byte[] iv) public static byte[] decrypt(byte[] encryptedCombined, PrivateKey privateKey) throws Exception {
throws GeneralSecurityException { // Step 1: Extract AES Key length from the combined data
int aesKeyLength = ((encryptedCombined[0] & 0xFF) << 24) |
((encryptedCombined[1] & 0xFF) << 16) |
((encryptedCombined[2] & 0xFF) << 8) |
(encryptedCombined[3] & 0xFF);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); // Step 2: Extract the encrypted AES key and encrypted data
byte[] encryptedAesKey = new byte[aesKeyLength];
byte[] encryptedData = new byte[encryptedCombined.length - 4 - aesKeyLength];
IvParameterSpec ivSpec = new IvParameterSpec(iv); System.arraycopy(encryptedCombined, 4, encryptedAesKey, 0, aesKeyLength);
cipher.init(Cipher.DECRYPT_MODE, key, ivSpec); System.arraycopy(encryptedCombined, 4 + aesKeyLength, encryptedData, 0, encryptedData.length);
return cipher.doFinal(encryptedData); // Step 3: Decrypt the AES key using RSA
Cipher rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
rsaCipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] aesKeyBytes = rsaCipher.doFinal(encryptedAesKey);
// Create AES key
SecretKey aesKey = new SecretKeySpec(aesKeyBytes, "AES");
// Decrypt the data using AES
Cipher aesCipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
aesCipher.init(Cipher.DECRYPT_MODE, aesKey);
return aesCipher.doFinal(encryptedData);
} }
// --- Generate random salt --- // Generate a random AES key
public static byte[] generateSalt() { private static SecretKey generateAESKey() throws NoSuchAlgorithmException {
byte[] salt = new byte[SALT_LENGTH]; KeyGenerator keyGen = KeyGenerator.getInstance(AES_ALGORITHM);
new SecureRandom().nextBytes(salt); keyGen.init(AES_KEY_SIZE);
return salt; return keyGen.generateKey();
}
// --- Generate random IV ---
public static byte[] generateIV() {
byte[] iv = new byte[IV_LENGTH];
new SecureRandom().nextBytes(iv);
return iv;
}
// --- Optional: Utility to base64 encode data ---
public static String encodeBase64(byte[] data) {
return Base64.getEncoder().encodeToString(data);
}
public static byte[] decodeBase64(String base64) {
return Base64.getDecoder().decode(base64);
} }
} }
src/main/java/com/skycrate/backend/skycrateBackend/services/FileService.java
-119
View File
@@ -1,119 +0,0 @@
package com.skycrate.backend.skycrateBackend.services;
import com.skycrate.backend.skycrateBackend.config.HDFSConfig;
import com.skycrate.backend.skycrateBackend.entity.FileMetadata;
import com.skycrate.backend.skycrateBackend.entity.User;
import com.skycrate.backend.skycrateBackend.repository.FileMetadataRepository;
import com.skycrate.backend.skycrateBackend.repository.UserRepository;
import com.skycrate.backend.skycrateBackend.utils.EncryptionUtil;
import com.skycrate.backend.skycrateBackend.utils.RSAKeyUtil;
import org.apache.hadoop.fs.FSDataInputStream;
import org.apache.hadoop.fs.FSDataOutputStream;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import javax.crypto.SecretKey;
import java.io.ByteArrayInputStream;
import java.security.PrivateKey;
import java.security.PublicKey;
@Service
public class FileService {
private static final Logger log = LoggerFactory.getLogger(FileService.class);
private final AuthenticationService authenticationService;
private final FileMetadataRepository fileMetadataRepository;
private final UserRepository userRepository;
@Autowired
public FileService(FileMetadataRepository fileMetadataRepository, UserRepository userRepository, AuthenticationService authenticationService) {
this.fileMetadataRepository = fileMetadataRepository;
this.userRepository = userRepository;
this.authenticationService = authenticationService;
}
@Transactional
public void uploadEncryptedFile(String username, byte[] fileContent, String filename) throws Exception {
log.info("Starting upload for user={}, file={}", username, filename);
try {
User user = userRepository.findByUsername(username)
.orElseThrow(() -> new RuntimeException("User not found: " + username));
SecretKey aesKey = EncryptionUtil.generateAESKey();
byte[] salt = EncryptionUtil.generateSalt(); // reserved for future use
byte[] iv = EncryptionUtil.generateIv();
byte[] encryptedData = EncryptionUtil.encrypt(fileContent, aesKey, iv);
PublicKey publicKey = RSAKeyUtil.decodePublicKey(user.getPublicKey());
byte[] encryptedAesKey = EncryptionUtil.encryptRSA(aesKey.getEncoded(), publicKey);
Path userDir = new Path("/" + username);
Path filePath = new Path(userDir, filename);
FileSystem fs = HDFSConfig.getHDFS();
if (!fs.exists(userDir)) {
log.info("Creating directory in HDFS: {}", userDir);
fs.mkdirs(userDir);
}
log.info("Writing encrypted file to HDFS: {}", filePath);
try (FSDataOutputStream out = fs.create(filePath, true);
ByteArrayInputStream in = new ByteArrayInputStream(encryptedData)) {
in.transferTo(out);
}
FileMetadata metadata = FileMetadata.builder()
.username(username)
.filePath(filePath.toString())
.salt(salt)
.iv(iv)
.encryptedKey(encryptedAesKey)
.uploadedAt(System.currentTimeMillis())
.build();
fileMetadataRepository.save(metadata);
log.info("Upload complete: file={} for user={}", filename, username);
} catch (Exception e) {
log.error("Error during file upload for user={}, file={}: {}", username, filename, e.getMessage(), e);
throw e;
}
}
public byte[] downloadDecryptedFile(String username, String password, String filename) throws Exception {
log.info("Download request: user={}, file={}", username, filename);
try {
User user = userRepository.findByUsername(username)
.orElseThrow(() -> new RuntimeException("User not found: " + username));
Path filePath = new Path("/" + username + "/" + filename);
FileMetadata metadata = fileMetadataRepository.findByUsernameAndFilePath(username, filePath.toString())
.orElseThrow(() -> new RuntimeException("File metadata not found for: " + filePath));
// Use the cached decrypted private key
byte[] decryptedPrivateKeyBytes = authenticationService.getDecryptedPrivateKey(String.valueOf(user.getId()), password);
PrivateKey privateKey = RSAKeyUtil.decodePrivateKey(decryptedPrivateKeyBytes);
byte[] aesKeyBytes = EncryptionUtil.decryptRSA(metadata.getEncryptedKey(), privateKey);
SecretKey aesKey = EncryptionUtil.rebuildAESKey(aesKeyBytes);
FileSystem fs = HDFSConfig.getHDFS();
byte[] encryptedData;
try (FSDataInputStream in = fs.open(filePath)) {
encryptedData = in.readAllBytes();
}
return EncryptionUtil.decrypt(encryptedData, aesKey, metadata.getIv());
} catch (Exception e) {
log.error("Download failed for user={}, file={}: {}", username, filename, e.getMessage(), e);
throw e;
}
}
}
src/main/java/com/skycrate/backend/skycrateBackend/services/HDFSOperations.java
+80 -116
View File
@@ -1,7 +1,7 @@
package com.skycrate.backend.skycrateBackend.services; package com.skycrate.backend.skycrateBackend.services;
import com.skycrate.backend.skycrateBackend.config.HDFSConfig; import com.skycrate.backend.skycrateBackend.config.HDFSConfig;
import com.skycrate.backend.skycrateBackend.entity.User; import com.skycrate.backend.skycrateBackend.models.User;
import com.skycrate.backend.skycrateBackend.repository.UserRepository; import com.skycrate.backend.skycrateBackend.repository.UserRepository;
import com.skycrate.backend.skycrateBackend.utils.RSAKeyUtil; import com.skycrate.backend.skycrateBackend.utils.RSAKeyUtil;
import org.apache.hadoop.fs.FSDataOutputStream; import org.apache.hadoop.fs.FSDataOutputStream;
@@ -39,122 +39,86 @@ public class HDFSOperations {
this.userRepository = userRepository; this.userRepository = userRepository;
} }
// public void uploadFile(byte[] fileData, String hdfsPath, String uploadedFileName, String username) { public void uploadFile(byte[] fileData, String hdfsPath, String uploadedFileName, String username) {
// try { try {
// FileSystem fs = HDFSConfig.getHDFS(); FileSystem fs = HDFSConfig.getHDFS();
//
// // Create an InputStream from the byte array
// ByteArrayInputStream inputStream = new ByteArrayInputStream(fileData);
//
// // Prepare the path for HDFS
// String finalHdfsPath = hdfsPath.endsWith("/") ? hdfsPath + uploadedFileName : hdfsPath + "/" + uploadedFileName;
//
// // Upload the file directly to HDFS from the InputStream
// Path hdfsFilePath = new Path(finalHdfsPath);
// FSDataOutputStream outputStream = fs.create(hdfsFilePath);
// IOUtils.copyBytes(inputStream, outputStream, 4096, true);
//
// } catch (IOException e) {
// // Handle I/O exception and log the error
// throw new RuntimeException("Failed to upload file to HDFS: " + e.getMessage(), e);
// } catch (Exception e) {
// // Catch any other exceptions
// throw new RuntimeException("Failed to upload file to HDFS: " + e.getMessage(), e);
// }
// }
//
// public void downloadFile(String hdfsEncPath, String localPathWithoutExt, String username) {
// try {
// FileSystem fs = HDFSConfig.getHDFS();
//
// // Extract file name and extension
// String encFileName = new File(hdfsEncPath).getName();
// String originalFileName = encFileName.replace(".enc", "");
// String fileExtension = originalFileName.substring(originalFileName.lastIndexOf(".") + 1);
//
// String fullDecryptedPath = localPathWithoutExt + "/" + originalFileName;
// String encFilePath = fullDecryptedPath + ".enc";
// String keyFilePath = fullDecryptedPath + ".key";
//
// // Download encrypted file and AES key from HDFS
// fs.copyToLocalFile(new Path(hdfsEncPath), new Path(encFilePath));
// fs.copyToLocalFile(new Path(hdfsEncPath.replace(".enc", ".key")), new Path(keyFilePath));
//
// // Read the encrypted AES key
// byte[] encryptedAesKey = Files.readAllBytes(Paths.get(keyFilePath));
// System.out.println("Length of encrypted AES key: " + encryptedAesKey.length);
//
// // Retrieve the RSA private key for the user
// User user = userRepository.findByUsername(username)
// .orElseThrow(() -> new RuntimeException("User not found"));
// PrivateKey privateKey = RSAKeyUtil.getPrivateKeyFromBytes(user.getPrivateKey());
//
// Cipher rsaCipher = Cipher.getInstance("RSA");
// rsaCipher.init(Cipher.DECRYPT_MODE, privateKey);
// byte[] aesKeyBytes = rsaCipher.doFinal(encryptedAesKey);
//
// // Ensure valid AES key length
// if (aesKeyBytes.length != 16 && aesKeyBytes.length != 24 && aesKeyBytes.length != 32) {
// throw new RuntimeException("Invalid AES key length: " + aesKeyBytes.length + " bytes");
// }
//
// SecretKey aesKey = new SecretKeySpec(aesKeyBytes, 0, aesKeyBytes.length, "AES");
//
// // Read the encrypted file content
// byte[] encryptedFileContent = Files.readAllBytes(Paths.get(encFilePath));
//
// // Decrypt the file content using AES
// Cipher aesCipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); // Specify padding
// aesCipher.init(Cipher.DECRYPT_MODE, aesKey);
// byte[] decryptedFileContent = aesCipher.doFinal(encryptedFileContent);
//
// // Write the decrypted content to the original file
// Files.write(Paths.get(fullDecryptedPath + "." + fileExtension), decryptedFileContent);
//
// // Cleanup temporary files
// Files.deleteIfExists(Paths.get(encFilePath));
// Files.deleteIfExists(Paths.get(keyFilePath));
//
// } catch (Exception e) {
// throw new RuntimeException("Failed to download or decrypt file: " + e.getMessage(), e);
// }
// }
// public void uploadFile(byte[] fileData, String hdfsPath, String uploadedFileName, String username) { // Create an InputStream from the byte array
// try { ByteArrayInputStream inputStream = new ByteArrayInputStream(fileData);
// FileSystem fs = HDFSConfig.getHDFS();
// ByteArrayInputStream inputStream = new ByteArrayInputStream(fileData); // Prepare the path for HDFS
// String finalHdfsPath = hdfsPath.endsWith("/") ? hdfsPath + uploadedFileName : hdfsPath + "/" + uploadedFileName; String finalHdfsPath = hdfsPath.endsWith("/") ? hdfsPath + uploadedFileName : hdfsPath + "/" + uploadedFileName;
// Path hdfsFilePath = new Path(finalHdfsPath);
// try (FSDataOutputStream outputStream = fs.create(hdfsFilePath)) { // Upload the file directly to HDFS from the InputStream
// IOUtils.copyBytes(inputStream, outputStream, 4096, true); Path hdfsFilePath = new Path(finalHdfsPath);
// } FSDataOutputStream outputStream = fs.create(hdfsFilePath);
// } catch (IOException e) { IOUtils.copyBytes(inputStream, outputStream, 4096, true);
// throw new RuntimeException("Failed to upload file to HDFS: " + e.getMessage(), e);
// } catch (Exception e) { } catch (IOException e) {
// throw new RuntimeException(e); // Handle I/O exception and log the error
// } throw new RuntimeException("Failed to upload file to HDFS: " + e.getMessage(), e);
// } } catch (Exception e) {
// // Catch any other exceptions
// public void downloadFile(String hdfsEncPath, String localPathWithoutExt, String username) { throw new RuntimeException("Failed to upload file to HDFS: " + e.getMessage(), e);
// try { }
// FileSystem fs = HDFSConfig.getHDFS(); }
// String encFilePath = localPathWithoutExt + ".enc";
// fs.copyToLocalFile(new Path(hdfsEncPath), new Path(encFilePath)); public void downloadFile(String hdfsEncPath, String localPathWithoutExt, String username) {
// try {
// User user = userRepository.findByUsername(username) FileSystem fs = HDFSConfig.getHDFS();
// .orElseThrow(() -> new RuntimeException("User not found"));
// PrivateKey privateKey = RSAKeyUtil.getPrivateKeyFromBytes(user.getPrivateKey()); // Extract file name and extension
// String encFileName = new File(hdfsEncPath).getName();
// byte[] encryptedFileContent = Files.readAllBytes(Paths.get(encFilePath)); String originalFileName = encFileName.replace(".enc", "");
// byte[] decryptedFileContent = RSAKeyUtil.decrypt(encryptedFileContent, privateKey); String fileExtension = originalFileName.substring(originalFileName.lastIndexOf(".") + 1);
//
// Files.write(Paths.get(localPathWithoutExt), decryptedFileContent); String fullDecryptedPath = localPathWithoutExt + "/" + originalFileName;
// Files.deleteIfExists(Paths.get(encFilePath)); String encFilePath = fullDecryptedPath + ".enc";
// } catch (Exception e) { String keyFilePath = fullDecryptedPath + ".key";
// throw new RuntimeException("Failed to download or decrypt file: " + e.getMessage(), e);
// } // Download encrypted file and AES key from HDFS
// } fs.copyToLocalFile(new Path(hdfsEncPath), new Path(encFilePath));
fs.copyToLocalFile(new Path(hdfsEncPath.replace(".enc", ".key")), new Path(keyFilePath));
// Read the encrypted AES key
byte[] encryptedAesKey = Files.readAllBytes(Paths.get(keyFilePath));
System.out.println("Length of encrypted AES key: " + encryptedAesKey.length);
// Retrieve the RSA private key for the user
User user = userRepository.findByUsername(username)
.orElseThrow(() -> new RuntimeException("User not found"));
PrivateKey privateKey = RSAKeyUtil.getPrivateKeyFromBytes(user.getPrivateKey());
Cipher rsaCipher = Cipher.getInstance("RSA");
rsaCipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] aesKeyBytes = rsaCipher.doFinal(encryptedAesKey);
// Ensure valid AES key length
if (aesKeyBytes.length != 16 && aesKeyBytes.length != 24 && aesKeyBytes.length != 32) {
throw new RuntimeException("Invalid AES key length: " + aesKeyBytes.length + " bytes");
}
SecretKey aesKey = new SecretKeySpec(aesKeyBytes, 0, aesKeyBytes.length, "AES");
// Read the encrypted file content
byte[] encryptedFileContent = Files.readAllBytes(Paths.get(encFilePath));
// Decrypt the file content using AES
Cipher aesCipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); // Specify padding
aesCipher.init(Cipher.DECRYPT_MODE, aesKey);
byte[] decryptedFileContent = aesCipher.doFinal(encryptedFileContent);
// Write the decrypted content to the original file
Files.write(Paths.get(fullDecryptedPath + "." + fileExtension), decryptedFileContent);
// Cleanup temporary files
Files.deleteIfExists(Paths.get(encFilePath));
Files.deleteIfExists(Paths.get(keyFilePath));
} catch (Exception e) {
throw new RuntimeException("Failed to download or decrypt file: " + e.getMessage(), e);
}
}
public void createFolder(String hdfsPath) { public void createFolder(String hdfsPath) {
try { try {
src/main/java/com/skycrate/backend/skycrateBackend/services/JwtService.java
+60 -46
View File
@@ -1,69 +1,83 @@
package com.skycrate.backend.skycrateBackend.services; package com.skycrate.backend.skycrateBackend.services;
import com.skycrate.backend.skycrateBackend.entity.User; import java.security.Key;
import io.jsonwebtoken.*; import java.util.Date;
import io.jsonwebtoken.io.Decoders; import java.util.HashMap;
import io.jsonwebtoken.security.Keys; import java.util.Map;
import java.util.function.Function;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import java.security.Key; import io.jsonwebtoken.Claims;
import java.util.Date; import io.jsonwebtoken.Jwts;
import java.util.function.Function; import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys;
@Service @Service
public class JwtService { public class JwtService {
@Value("${security.jwt.secret-key}") @Value("${security.jwt.secret-key}")
private String secretKey; private String secretKey;
@Value("${security.jwt.expiration-time}") @Value("${security.jwt.expiration-time}")
private long expirationTime; private long jwtExpiration;
private static final String SECRET_KEY = "PPp27xSTfBwOpRn4/AV6gPzQSnQg+Oi80KdWfCcuAHs="; public String extractUsername(String token){
return extractClaim(token,Claims::getSubject);
private Key getSigningKey() {
byte[] keyBytes = Decoders.BASE64.decode(SECRET_KEY);
return Keys.hmacShaKeyFor(keyBytes);
} }
public String extractUsername(String token) { public <T> T extractClaim(String token,Function<Claims,T> claimsResolver){
return extractClaim(token, Claims::getSubject); final Claims claims=extractAllClaims(token);
}
public Date extractExpiration(String token) {
return extractClaim(token, Claims::getExpiration);
}
public <T> T extractClaim(String token, Function<Claims, T> claimsResolver) {
Claims claims = Jwts.parserBuilder()
.setSigningKey(getSigningKey())
.build()
.parseClaimsJws(token)
.getBody();
return claimsResolver.apply(claims); return claimsResolver.apply(claims);
}
public boolean isTokenValid(String token, UserDetails userDetails) {
final String username = extractUsername(token);
return (username.equals(userDetails.getUsername()) && !isTokenExpired(token));
}
public boolean isTokenExpired(String token) {
return extractExpiration(token).before(new Date());
} }
public String generateToken(UserDetails userDetails) { public String generateToken(UserDetails userDetails) {
return Jwts.builder() return generateToken(new HashMap<>(), userDetails);
.setSubject(userDetails.getUsername())
.setIssuedAt(new Date())
.setExpiration(new Date(System.currentTimeMillis() + expirationTime))
.signWith(getSigningKey(), SignatureAlgorithm.HS256)
.compact();
} }
public String generateToken(User user) { public String generateToken(Map<String, Object> extraClaims, UserDetails userDetails) {
return generateToken((UserDetails) user); return buildToken(extraClaims, userDetails, jwtExpiration);
} }
}
public long getExpirtationTime(){
return jwtExpiration;
}
private String buildToken(Map<String,Object> extraClaims,UserDetails userDetails,long expiration){
return Jwts.builder().setClaims(extraClaims).setSubject(userDetails.getUsername())
.setIssuedAt(new Date(System.currentTimeMillis()))
.setExpiration(new Date(System.currentTimeMillis() + expiration))
.signWith(getSignInKey(), SignatureAlgorithm.HS256)
.compact();
}
public boolean isTokenValid(String token, UserDetails userDetails) {
final String username = extractUsername(token);
return (username.equals(userDetails.getUsername())) && !isTokenExpired(token);
}
private boolean isTokenExpired(String token) {
return extractExpiration(token).before(new Date());
}
private Date extractExpiration(String token) {
return extractClaim(token, Claims::getExpiration);
}
private Claims extractAllClaims(String token) {
return Jwts
.parserBuilder()
.setSigningKey(getSignInKey())
.build()
.parseClaimsJws(token)
.getBody();
}
private Key getSignInKey() {
byte[] keyBytes = Decoders.BASE64.decode(secretKey);
return Keys.hmacShaKeyFor(keyBytes);
}
}
src/main/java/com/skycrate/backend/skycrateBackend/services/KeyCacheService.java
-28
View File
@@ -1,28 +0,0 @@
package com.skycrate.backend.skycrateBackend.services;
import org.springframework.stereotype.Service;
import java.util.concurrent.ConcurrentHashMap;
@Service
public class KeyCacheService {
private final ConcurrentHashMap<Long, String> keyCache = new ConcurrentHashMap<>();
public void cacheKey(Long userId, String decryptedKey) {
keyCache.put(userId, decryptedKey);
}
public String getKey(Long userId) {
return keyCache.get(userId);
}
public void clearKey(Long userId) {
keyCache.remove(userId);
}
public void clearAllKeys() {
keyCache.clear();
}
}
src/main/java/com/skycrate/backend/skycrateBackend/services/RateLimiterService.java
-23
View File
@@ -1,23 +0,0 @@
// NEED TO IMPLEMENT SAHI SE
package com.skycrate.backend.skycrateBackend.services;
import org.springframework.stereotype.Service;
import java.util.concurrent.ConcurrentHashMap;
@Service
public class RateLimiterService {
private final ConcurrentHashMap<String, Integer> attempts = new ConcurrentHashMap<>();
public boolean isBlocked(String ip) {
return attempts.getOrDefault(ip, 0) >= 5;
}
public void recordFailedAttempt(String ip) {
attempts.put(ip, attempts.getOrDefault(ip, 0) + 1);
}
public void resetAttempts(String ip) {
attempts.remove(ip);
}
}
src/main/java/com/skycrate/backend/skycrateBackend/services/RefreshTokenService.java
-65
View File
@@ -1,65 +0,0 @@
package com.skycrate.backend.skycrateBackend.services;
import com.skycrate.backend.skycrateBackend.entity.RefreshToken;
import com.skycrate.backend.skycrateBackend.entity.User;
import com.skycrate.backend.skycrateBackend.repository.RefreshTokenRepository;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.time.Instant;
import java.util.Optional;
import java.util.UUID;
@Service
public class RefreshTokenService {
private final RefreshTokenRepository refreshTokenRepo;
@Value("${security.jwt.refresh-expiry-ms:86400000}") //1 day in milliseconds
private Long refreshTokenDurationMs;
public RefreshTokenService(RefreshTokenRepository refreshTokenRepo) {
this.refreshTokenRepo = refreshTokenRepo;
}
@Transactional
public RefreshToken createRefreshToken(User user) {
refreshTokenRepo.deleteByUser(user);
refreshTokenRepo.flush();
RefreshToken token = new RefreshToken();
token.setUser(user);
token.setExpiryDate(Instant.now().plusMillis(refreshTokenDurationMs));
token.setToken(UUID.randomUUID().toString());
return refreshTokenRepo.save(token);
}
public Optional<RefreshToken> findByToken(String token) {
return refreshTokenRepo.findByToken(token);
}
public boolean isExpired(RefreshToken token) {
return token.getExpiryDate().isBefore(Instant.now());
}
@Transactional
public void deleteByUser(User user) {
try {
refreshTokenRepo.deleteByUser(user);
System.out.println("Successfully deleted refresh tokens for user: " + user.getId());
} catch (Exception e) {
System.err.println("Error deleting refresh tokens for user: " + user.getId() + " - " + e.getMessage());
}
}
@Transactional
public void logout(User user) {
deleteByUser(user); // This should call the repository method to delete the token
}
public Optional<RefreshToken> refreshAccessToken(String refreshToken) {
return findByToken(refreshToken).filter(token -> !isExpired(token));
}
}
src/main/java/com/skycrate/backend/skycrateBackend/services/UserService.java
-52
View File
@@ -1,52 +0,0 @@
package com.skycrate.backend.skycrateBackend.services;
import com.skycrate.backend.skycrateBackend.dto.SignupRequest;
import com.skycrate.backend.skycrateBackend.entity.User;
import com.skycrate.backend.skycrateBackend.repository.UserRepository;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.web.client.RestTemplate;
import java.math.BigInteger;
import java.security.MessageDigest;
@Service
public class UserService {
private final UserRepository userRepository;
private final PasswordEncoder passwordEncoder;
public UserService(UserRepository userRepository, PasswordEncoder passwordEncoder) {
this.userRepository = userRepository;
this.passwordEncoder = passwordEncoder;
}
public void registerUser(SignupRequest request) {
if (isPasswordPwned(request.getPassword())) {
throw new IllegalArgumentException("Password has been compromised in data breaches.");
}
User user = new User();
user.setUsername(request.getUsername());
user.setEmail(request.getEmail());
user.setPassword(passwordEncoder.encode(request.getPassword()));
userRepository.save(user);
}
private boolean isPasswordPwned(String password) {
try {
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] hash = md.digest(password.getBytes());
String fullHash = String.format("%040x", new BigInteger(1, hash)).toUpperCase();
String prefix = fullHash.substring(0, 5);
String suffix = fullHash.substring(5);
RestTemplate restTemplate = new RestTemplate();
String response = restTemplate.getForObject("https://api.pwnedpasswords.com/range/" + prefix, String.class);
return response != null && response.contains(suffix);
} catch (Exception e) {
return false; // If API fails, allow but log in production
}
}
}
src/main/java/com/skycrate/backend/skycrateBackend/utils/EncryptionUtil.java
-94
View File
@@ -1,94 +0,0 @@
package com.skycrate.backend.skycrateBackend.utils;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.*;
import java.security.*;
import javax.crypto.spec.PBEKeySpec;
import java.util.Arrays;
public class EncryptionUtil {
private static final int SALT_LENGTH = 16;
private static final int IV_LENGTH = 16;
private static final int ITERATIONS = 65536;
private static final int KEY_LENGTH = 256;
private static final String PBKDF2_ALGORITHM = "PBKDF2WithHmacSHA1";
private static final String AES_CIPHER = "AES/CBC/PKCS5Padding";
private static final String RSA_CIPHER = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
private static final SecureRandom secureRandom = new SecureRandom();
// ------------------------ AES ------------------------
public static byte[] generateSalt() {
byte[] salt = new byte[SALT_LENGTH];
secureRandom.nextBytes(salt);
return salt;
}
public static byte[] generateIv() {
byte[] iv = new byte[IV_LENGTH];
secureRandom.nextBytes(iv);
return iv;
}
public static SecretKey deriveKey(char[] password, byte[] salt) throws Exception {
SecretKeyFactory factory = SecretKeyFactory.getInstance(PBKDF2_ALGORITHM);
PBEKeySpec spec = new PBEKeySpec(password, salt, ITERATIONS, KEY_LENGTH);
SecretKey tmp = factory.generateSecret(spec);
return new SecretKeySpec(tmp.getEncoded(), "AES");
}
public static SecretKey generateAESKey() throws Exception {
byte[] keyBytes = new byte[KEY_LENGTH / 8]; // 256 bits
secureRandom.nextBytes(keyBytes);
return new SecretKeySpec(keyBytes, "AES");
}
public static SecretKey rebuildAESKey(byte[] keyBytes) {
return new SecretKeySpec(keyBytes, "AES");
}
public static byte[] encrypt(byte[] plaintext, SecretKey key, byte[] iv) throws Exception {
Cipher cipher = Cipher.getInstance(AES_CIPHER);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec);
return cipher.doFinal(plaintext);
}
public static byte[] decrypt(byte[] ciphertext, SecretKey key, byte[] iv) throws Exception {
Cipher cipher = Cipher.getInstance(AES_CIPHER);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
cipher.init(Cipher.DECRYPT_MODE, key, ivSpec);
return cipher.doFinal(ciphertext);
}
// ------------------------ RSA ------------------------
public static byte[] encryptRSA(byte[] data, PublicKey publicKey) throws Exception {
Cipher cipher = Cipher.getInstance(RSA_CIPHER);
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
return cipher.doFinal(data);
}
public static byte[] decryptRSA(byte[] data, PrivateKey privateKey) throws Exception {
Cipher cipher = Cipher.getInstance(RSA_CIPHER);
cipher.init(Cipher.DECRYPT_MODE, privateKey);
return cipher.doFinal(data);
}
// // --------- Encrypt/decrypt RSA private key using AES derived from password ---------
//
// public static byte[] encryptPrivateKey(PrivateKey privateKey, String password, byte[] salt, byte[] iv) throws Exception {
// SecretKey aesKey = deriveKey(password.toCharArray(), salt);
// return encrypt(privateKey.getEncoded(), aesKey, iv);
// }
//
// public static byte[] decryptPrivateKey(byte[] encryptedPrivateKey, String password, byte[] salt, byte[] iv) throws Exception {
// SecretKey aesKey = deriveKey(password.toCharArray(), salt);
// return decrypt(encryptedPrivateKey, aesKey, iv);
// }
}
src/main/java/com/skycrate/backend/skycrateBackend/utils/KeyUtil.java
+27 -27
View File
@@ -9,31 +9,31 @@ import java.security.spec.X509EncodedKeySpec;
public class KeyUtil { public class KeyUtil {
// public static void generateAndStoreKeyPair(String username) throws Exception { public static void generateAndStoreKeyPair(String username) throws Exception {
// KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
// keyPairGenerator.initialize(2048); // Key size keyPairGenerator.initialize(2048); // Key size
// KeyPair keyPair = keyPairGenerator.generateKeyPair(); KeyPair keyPair = keyPairGenerator.generateKeyPair();
//
// // Store the public key // Store the public key
// Path publicKeyPath = Paths.get("C:\\Users\\sonal\\OneDrive\\Desktop\\SkyCrate\\Skycrate\\keys", username + "_public.key"); Path publicKeyPath = Paths.get("C:\\Users\\sonal\\OneDrive\\Desktop\\SkyCrate\\Skycrate\\keys", username + "_public.key");
// Files.write(publicKeyPath, keyPair.getPublic().getEncoded()); Files.write(publicKeyPath, keyPair.getPublic().getEncoded());
//
// // Store the private key // Store the private key
// Path privateKeyPath = Paths.get("C:\\Users\\sonal\\OneDrive\\Desktop\\SkyCrate\\Skycrate\\keys", username + "_private.key"); Path privateKeyPath = Paths.get("C:\\Users\\sonal\\OneDrive\\Desktop\\SkyCrate\\Skycrate\\keys", username + "_private.key");
// Files.write(privateKeyPath, keyPair.getPrivate().getEncoded()); Files.write(privateKeyPath, keyPair.getPrivate().getEncoded());
// } }
//
// public static PublicKey getPublicKeyForUser(String username) throws Exception { public static PublicKey getPublicKeyForUser(String username) throws Exception {
// Path path = Paths.get("C:\\Users\\sonal\\OneDrive\\Desktop\\SkyCrate\\Skycrate\\keys", username + "_public.key"); Path path = Paths.get("C:\\Users\\sonal\\OneDrive\\Desktop\\SkyCrate\\Skycrate\\keys", username + "_public.key");
// byte[] bytes = Files.readAllBytes(path); byte[] bytes = Files.readAllBytes(path);
// X509EncodedKeySpec keySpec = new X509EncodedKeySpec(bytes); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(bytes);
// return KeyFactory.getInstance("RSA").generatePublic(keySpec); return KeyFactory.getInstance("RSA").generatePublic(keySpec);
// } }
//
// public static PrivateKey getPrivateKeyForUser(String username) throws Exception { public static PrivateKey getPrivateKeyForUser(String username) throws Exception {
// Path path = Paths.get("C:\\Users\\sonal\\OneDrive\\Desktop\\SkyCrate\\Skycrate\\keys", username + "_private.key"); Path path = Paths.get("C:\\Users\\sonal\\OneDrive\\Desktop\\SkyCrate\\Skycrate\\keys", username + "_private.key");
// byte[] bytes = Files.readAllBytes(path); byte[] bytes = Files.readAllBytes(path);
// PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(bytes); PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(bytes);
// return KeyFactory.getInstance("RSA").generatePrivate(keySpec); return KeyFactory.getInstance("RSA").generatePrivate(keySpec);
// } }
} }
src/main/java/com/skycrate/backend/skycrateBackend/utils/RSAKeyUtil.java
+26 -29
View File
@@ -29,45 +29,42 @@ public class RSAKeyUtil {
return keyFactory.generatePrivate(spec); return keyFactory.generatePrivate(spec);
} }
// Shorthand decode aliases
public static PublicKey decodePublicKey(byte[] publicKeyBytes) throws Exception {
return getPublicKeyFromBytes(publicKeyBytes);
}
public static PrivateKey decodePrivateKey(byte[] privateKeyBytes) throws Exception {
return getPrivateKeyFromBytes(privateKeyBytes);
}
// Encrypt data using RSA (with padding) // Encrypt data using RSA (with padding)
public static byte[] encrypt(byte[] data, PublicKey publicKey) throws Exception { public static byte[] encrypt(byte[] data, PublicKey publicKey) throws Exception {
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); // Specify padding
cipher.init(Cipher.ENCRYPT_MODE, publicKey); cipher.init(Cipher.ENCRYPT_MODE, publicKey);
return cipher.doFinal(data); return cipher.doFinal(data);
} }
// Decrypt data using RSA (with padding) // Decrypt data using RSA (with padding)
public static byte[] decrypt(byte[] encryptedData, PrivateKey privateKey) throws Exception { public static byte[] decrypt(byte[] encryptedData, PrivateKey privateKey) throws Exception {
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); // Specify padding
cipher.init(Cipher.DECRYPT_MODE, privateKey); cipher.init(Cipher.DECRYPT_MODE, privateKey);
return cipher.doFinal(encryptedData); return cipher.doFinal(encryptedData);
} }
// // AES key generation // Generate AES Key (128, 192, or 256 bits)
// public static SecretKey generateAESKey(int keySize) throws NoSuchAlgorithmException { public static SecretKey generateAESKey(int keySize) throws NoSuchAlgorithmException {
// if (keySize != 128 && keySize != 192 && keySize != 256) { if (keySize != 128 && keySize != 192 && keySize != 256) {
// throw new IllegalArgumentException("Invalid AES key size. Must be 128, 192, or 256 bits."); throw new IllegalArgumentException("Invalid AES key size. Must be 128, 192, or 256 bits.");
// } }
// KeyGenerator keyGenerator = KeyGenerator.getInstance("AES"); KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
// keyGenerator.init(keySize); keyGenerator.init(keySize); // Specify the key size
// return keyGenerator.generateKey(); return keyGenerator.generateKey();
// } }
//
// public static byte[] encryptAESKey(SecretKey aesKey, PublicKey publicKey) throws Exception { // Encrypt AES Key using RSA
// return encrypt(aesKey.getEncoded(), publicKey); public static byte[] encryptAESKey(SecretKey aesKey, PublicKey publicKey) throws Exception {
// } return encrypt(aesKey.getEncoded(), publicKey); // Encrypt the AES key using RSA
// }
// public static SecretKey decryptAESKey(byte[] encryptedAESKey, PrivateKey privateKey, int keySize) throws Exception {
// byte[] decryptedKey = decrypt(encryptedAESKey, privateKey); // Decrypt AES Key using RSA
// return new SecretKeySpec(decryptedKey, 0, decryptedKey.length, "AES"); public static SecretKey decryptAESKey(byte[] encryptedAESKey, PrivateKey privateKey, int keySize) throws Exception {
// } byte[] decryptedKey = decrypt(encryptedAESKey, privateKey); // Decrypt with RSA
// Ensure that the decrypted key length matches the expected AES key size
if (decryptedKey.length != keySize / 8) {
throw new IllegalArgumentException("Decrypted key size does not match expected AES key size.");
}
return new SecretKeySpec(decryptedKey, 0, decryptedKey.length, "AES"); // Convert to AES Key
}
} }
src/main/resources/application-prod.yml
-8
View File
@@ -1,8 +0,0 @@
server:
port: 8443
ssl:
enabled: true
key-store: classpath:keystore.p12
key-store-password: changeit
key-store-type: PKCS12
key-alias: tomcat
src/main/resources/application.properties
+23 -17
View File
@@ -5,13 +5,13 @@ spring.servlet.multipart.max-request-size=1000MB
spring.servlet.multipart.enabled=true spring.servlet.multipart.enabled=true
security.jwt.secret-key=${JWT_SECRET} security.jwt.secret-key=3cfa76ef14937c1c0ea519f8fc057a80fcd04a7420f8e8bcd0a7567c272e007b
security.jwt.expiration-time=3600000 security.jwt.expiration-time=3600000
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQLDialect spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQLDialect
spring.datasource.username=${DB_USERNAME} spring.datasource.username=kshitij
spring.datasource.password=${DB_PASSWORD} spring.datasource.password=loa_dngLLA8729
spring.datasource.url=jdbc:mysql://${DB_URI}/${DB_NAME} spring.datasource.url=jdbc:mysql://192.168.29.55:3306/skycrate
spring.jpa.hibernate.ddl-auto=update spring.jpa.hibernate.ddl-auto=update
spring.jpa.show-sql=true spring.jpa.show-sql=true
@@ -21,18 +21,24 @@ logging.level.org.springframework.security.config.annotation.authentication.conf
server.port=8080 server.port=8080
server.ssl.enabled=true
server.ssl.key-store=classpath:keystore.p12
server.ssl.key-store-password=${SSL_PASSWORD}
server.ssl.key-store-type=PKCS12
server.ssl.key-alias=skycrateSSL
management.endpoints.web.exposure.include=*
management.endpoint.health.show-details=always
management.endpoints.enabled-by-default=true
# Allow unauthenticated access
#management.server.port=8080 # spring.application.name=skycrateBackend
#management.server.ssl.enabled=false
#management.endpoints.web.base-path=/actuator # spring.servlet.multipart.max-file-size=1000MB
#management.endpoints.web.exposure.include=* # spring.servlet.multipart.max-request-size=1000MB
# security.jwt.secret-key=3cfa76ef14937c1c0ea519f8fc057a80fcd04a7420f8e8bcd0a7567c272e007b
# security.jwt.expiration-time=3600000
# spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQLDialect
# spring.datasource.username=root
# spring.datasource.password=sqlsys
# spring.datasource.url=jdbc:mysql://localhost:3306/skycrate
# spring.jpa.hibernate.ddl-auto=update
# spring.jpa.show-sql=true
# spring.jpa.properties.hibernate.format_sql=true
# server.port=8081
src/main/resources/keystore.p12
-1
View File
@@ -1 +0,0 @@
GENERATE USING: keytool -genkeypair -alias skycrateSSL -keyalg RSA -keysize 4096 -keystore keystore.p12 -storetype PKCS12 -validity 3650 -dname "CN=localhost, OU=Skycrate, O=Skycrate, C=India"