notkshitij/SkycrateBackend
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: notkshitij/SkycrateBackend:v0.0.2
Branches Tags
notkshitij/SkycrateBackend:main notkshitij/SkycrateBackend:hardening notkshitij/SkycrateBackend:sonali notkshitij/SkycrateBackend:vedang notkshitij/SkycrateBackend:olderWorking notkshitij/SkycrateBackend:oldMain
notkshitij/SkycrateBackend:v0.0.3 notkshitij/SkycrateBackend:v0.0.2
..
compare: notkshitij/SkycrateBackend:vedang
Branches Tags
notkshitij/SkycrateBackend:main notkshitij/SkycrateBackend:hardening notkshitij/SkycrateBackend:sonali notkshitij/SkycrateBackend:vedang notkshitij/SkycrateBackend:olderWorking notkshitij/SkycrateBackend:oldMain
notkshitij/SkycrateBackend:v0.0.3 notkshitij/SkycrateBackend:v0.0.2

1 Commits
v0.0.2 .. vedang

Author SHA1 Message Date
vedang29 8be15dcac5 IMPLEMENTED ENCRYPTION & DECRYPTION 2025-04-18 00:28:22 +05:30
43 changed files with 904 additions and 1606 deletions
Expand all files Collapse all files
.gitignore
-3
View File
@@ -31,6 +31,3 @@ build/
### VS Code ### ### VS Code ###
.vscode/ .vscode/
### apach-maven binary ###
apache-maven-3.9.6
Dockerfile
-34
View File
@@ -1,34 +0,0 @@
## BACKEND ##
# Base image
FROM debian:12-slim
# Metadata
LABEL maintainer="kshitijka"
LABEL version=1.0
LABEL description="Skycrate is a web based file management system that uses Hadoop as filesystem."
# Update & upgrade & install & rm
RUN apt-get update && apt-get upgrade -y && \
apt-get install -y openjdk-17-jdk && \
rm -rf /var/lib/apt/lists/*
# Create non-root user
RUN useradd -s /bin/bash skycrateBack
# Create work dir
RUN mkdir /app
RUN chown -R skycrateBack:skycrateBack /app
COPY ./target/ /app
WORKDIR /app
# Create temp download directory
RUN mkdir -p /Skycrate/downloaded/
RUN chown -R skycrateBack:skycrateBack /Skycrate /Skycrate/downloaded/
# Switch user
USER skycrateBack
EXPOSE 8081
CMD ["java", "-jar", "/app/skycrateBackend-0.0.1-SNAPSHOT.jar"]
mvnw
Vendored Executable → Regular
View File
pom.xml
+165 -138
View File
@@ -1,153 +1,180 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion>
<modelVersion>4.0.0</modelVersion> <parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.4.4</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.skycrate.backend</groupId>
<artifactId>skycrateBackend</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>skycrateBackend</name>
<description>Cloud Storage App using HDFS</description>
<url/>
<licenses>
<license/>
</licenses>
<developers>
<developer/>
</developers>
<scm>
<connection/>
<developerConnection/>
<tag/>
<url/>
</scm>
<properties>
<java.version>17</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<parent> <dependency>
<groupId>org.springframework.boot</groupId> <groupId>org.projectlombok</groupId>
<artifactId>spring-boot-starter-parent</artifactId> <artifactId>lombok</artifactId>
<version>3.4.4</version> <optional>true</optional>
<relativePath/> </dependency>
</parent> <dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<groupId>com.skycrate.backend</groupId>
<artifactId>skycrateBackend</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>skycrateBackend</name>
<description>Cloud Storage App using HDFS</description>
<properties> <!-- NEWLY ADDED DEPENDECIES-->
<java.version>17</java.version> <!-- Spring Boot Web -->
</properties> <dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>3.2.4</version>
</dependency>
<dependencies> <!-- Spring Boot Security -->
<!-- Spring Boot Starters --> <dependency>
<dependency> <groupId>org.springframework.boot</groupId>
<groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId>
<artifactId>spring-boot-starter</artifactId> <version>3.2.4</version>
</dependency> </dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>
<!-- MySQL JDBC --> <!-- Spring Boot Data JPA -->
<dependency> <dependency>
<groupId>com.mysql</groupId> <groupId>org.springframework.boot</groupId>
<artifactId>mysql-connector-j</artifactId> <artifactId>spring-boot-starter-data-jpa</artifactId>
<version>8.3.0</version> <version>3.2.4</version>
</dependency> </dependency>
<!-- JWT --> <!-- MySQL Driver -->
<dependency> <dependency>
<groupId>io.jsonwebtoken</groupId> <groupId>com.mysql</groupId>
<artifactId>jjwt-api</artifactId> <artifactId>mysql-connector-j</artifactId>
<version>0.11.5</version> <version>8.3.0</version>
</dependency> </dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
<version>0.11.5</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>0.11.5</version>
<scope>runtime</scope>
</dependency>
<!-- Hadoop HDFS --> <!-- Spring Boot Validation -->
<dependency> <dependency>
<groupId>org.apache.hadoop</groupId> <groupId>org.springframework.boot</groupId>
<artifactId>hadoop-common</artifactId> <artifactId>spring-boot-starter-validation</artifactId>
<version>3.4.1</version> <version>3.2.4</version>
<exclusions> </dependency>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-hdfs</artifactId>
<version>3.4.1</version>
</dependency>
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-client</artifactId>
<version>3.4.1</version>
</dependency>
<!-- Commons IO --> <!-- JSON Web Token (JWT) -->
<dependency> <dependency>
<groupId>commons-io</groupId> <groupId>io.jsonwebtoken</groupId>
<artifactId>commons-io</artifactId> <artifactId>jjwt-api</artifactId>
<version>2.11.0</version> <version>0.11.5</version>
</dependency> </dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
<version>0.11.5</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>0.11.5</version>
</dependency>
<!-- Caffeine Cache --> <!-- Hadoop Dependencies -->
<dependency> <dependency>
<groupId>com.github.ben-manes.caffeine</groupId> <groupId>org.apache.hadoop</groupId>
<artifactId>caffeine</artifactId> <artifactId>hadoop-common</artifactId>
<version>3.1.8</version> <version>3.4.1</version>
</dependency> <exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- Lombok --> <dependency>
<dependency> <groupId>org.apache.hadoop</groupId>
<groupId>org.projectlombok</groupId> <artifactId>hadoop-hdfs</artifactId>
<artifactId>lombok</artifactId> <version>3.4.1</version>
<version>1.18.30</version> </dependency>
<scope>provided</scope>
</dependency>
<!-- Testing --> <dependency>
<dependency> <groupId>org.apache.hadoop</groupId>
<groupId>org.springframework.boot</groupId> <artifactId>hadoop-client</artifactId>
<artifactId>spring-boot-starter-test</artifactId> <version>3.4.1</version>
<scope>test</scope> </dependency>
</dependency>
</dependencies>
<build> <!-- Logging (SLF4J + Logback) -->
<plugins> <!-- <dependency>-->
<!-- Compiler Plugin --> <!-- <groupId>org.slf4j</groupId>-->
<plugin> <!-- <artifactId>slf4j-api</artifactId>-->
<groupId>org.apache.maven.plugins</groupId> <!-- <version>1.7.36</version>-->
<artifactId>maven-compiler-plugin</artifactId> <!-- </dependency>-->
<version>3.11.0</version>
<configuration> <!-- <dependency>-->
<source>${java.version}</source> <!-- <groupId>ch.qos.logback</groupId>-->
<target>${java.version}</target> <!-- <artifactId>logback-classic</artifactId>-->
<annotationProcessorPaths> <!-- <version>1.2.11</version>-->
<path> <!-- </dependency>-->
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId> <!-- Apache Commons IO (for file operations) -->
<version>1.18.30</version> <dependency>
</path> <groupId>commons-io</groupId>
</annotationProcessorPaths> <artifactId>commons-io</artifactId>
</configuration> <version>2.11.0</version>
</plugin> </dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<annotationProcessorPaths>
<path>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</path>
</annotationProcessorPaths>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<excludes>
<exclude>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</exclude>
</excludes>
</configuration>
</plugin>
</plugins>
</build>
<!-- Spring Boot Plugin -->
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project> </project>
src/main/java/com/skycrate/backend/skycrateBackend/config/ApplicationConfiguration.java
+20 -28
View File
@@ -1,5 +1,7 @@
package com.skycrate.backend.skycrateBackend.config; package com.skycrate.backend.skycrateBackend.config;
import java.security.AuthProvider;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
@@ -8,48 +10,38 @@ import org.springframework.security.authentication.dao.DaoAuthenticationProvider
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCrypt;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import com.skycrate.backend.skycrateBackend.repository.UserRepository; import com.skycrate.backend.skycrateBackend.repository.UserRepository;
// Application-wide security configuration.
// Configures user authentication, password encoding, and authentication provider.
@Configuration @Configuration
public class ApplicationConfiguration { public class ApplicationConfiguration {
private final UserRepository userRepository; private final UserRepository userRepository;
public ApplicationConfiguration(UserRepository userRepository){
this.userRepository=userRepository;
public ApplicationConfiguration(UserRepository userRepository) {
this.userRepository = userRepository;
} }
// Custom UserDetailsService to fetch user details by email.
@Bean @Bean
public UserDetailsService userDetailsService() { UserDetailsService userDetailsService() {
return username -> userRepository.findByEmail(username) return username -> userRepository.findByEmail(username)
.orElseThrow(() -> new UsernameNotFoundException("User not found with email: " + username)); .orElseThrow(() -> new UsernameNotFoundException("User not found"));
}
@Bean
BCryptPasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
} }
// BCrypt password encoder with a higher strength for better security.
// Cost factor 12 is considered a good balance for production use.
@Bean @Bean
public PasswordEncoder passwordEncoder() { public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception{
return new BCryptPasswordEncoder(12);
}
// AuthenticationProvider using DAO with custom user service and password encoder.
@Bean
public AuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
authProvider.setUserDetailsService(userDetailsService());
authProvider.setPasswordEncoder(passwordEncoder());
return authProvider;
}
// Provides the AuthenticationManager for authenticating credentials.
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception {
return config.getAuthenticationManager(); return config.getAuthenticationManager();
} }
@Bean
AuthenticationProvider authenticationProvider(){
DaoAuthenticationProvider authprovider=new DaoAuthenticationProvider();
authprovider.setUserDetailsService(userDetailsService());
authprovider.setPasswordEncoder(passwordEncoder());
return authprovider;
}
} }
src/main/java/com/skycrate/backend/skycrateBackend/config/HDFSConfig.java
+6 -25
View File
@@ -1,6 +1,6 @@
package com.skycrate.backend.skycrateBackend.config; package com.skycrate.backend.skycrateBackend.config;
import org.apache.hadoop.conf.Configuration; // Hadoop Configuration import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem; import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
@@ -8,32 +8,13 @@ import org.springframework.context.annotation.Bean;
import java.net.URI; import java.net.URI;
import java.security.PrivilegedExceptionAction; import java.security.PrivilegedExceptionAction;
@org.springframework.context.annotation.Configuration
public class HDFSConfig { public class HDFSConfig {
private static final String HDFS_URI = System.getenv("HDFS_URI"); // e.g., hdfs://namenode:9000
private static final String HDFS_USER = System.getenv("HDFS_USER"); // e.g., hdfsuser
@Bean
public FileSystem fileSystem() throws Exception {
return getHDFS();
}
public static FileSystem getHDFS() throws Exception { public static FileSystem getHDFS() throws Exception {
if (HDFS_URI == null || HDFS_URI.isBlank()) {
throw new IllegalStateException("HDFS_URI environment variable not set.");
}
Configuration conf = new Configuration(); Configuration conf = new Configuration();
conf.set("fs.defaultFS", HDFS_URI); conf.set("fs.defaultFS", "hdfs://192.168.29.56:9000");
return FileSystem.get(new URI("hdfs://192.168.29.56:9000"), conf);
if (HDFS_USER != null && !HDFS_USER.isBlank()) {
return UserGroupInformation.createRemoteUser(HDFS_USER)
.doAs((PrivilegedExceptionAction<FileSystem>) () ->
FileSystem.get(new URI(HDFS_URI), conf)
);
} else {
return FileSystem.get(new URI(HDFS_URI), conf);
}
} }
} }
src/main/java/com/skycrate/backend/skycrateBackend/config/HttpToHttpsRedirectConfig.java
-23
View File
@@ -1,23 +0,0 @@
package com.skycrate.backend.skycrateBackend.config;
import org.apache.catalina.connector.Connector;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class HttpToHttpsRedirectConfig {
@Bean
public WebServerFactoryCustomizer<TomcatServletWebServerFactory> containerCustomizer() {
return factory -> {
Connector connector = new Connector(TomcatServletWebServerFactory.DEFAULT_PROTOCOL);
connector.setScheme("http");
connector.setPort(8085); // HTTP port
connector.setSecure(false);
connector.setRedirectPort(8443); // HTTPS port
factory.addAdditionalTomcatConnectors(connector);
};
}
}
src/main/java/com/skycrate/backend/skycrateBackend/config/JwtAuthenticationFilter.java
+77
View File
@@ -0,0 +1,77 @@
package com.skycrate.backend.skycrateBackend.config;
import java.io.IOException;
import org.springframework.lang.NonNull;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.servlet.HandlerExceptionResolver;
import com.skycrate.backend.skycrateBackend.services.JwtService;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
@Component
public class JwtAuthenticationFilter extends OncePerRequestFilter {
private final HandlerExceptionResolver handlerExceptionResolver;
private JwtService jwtService;
private UserDetailsService userDetailsService;
public JwtAuthenticationFilter(JwtService jwtService,UserDetailsService userDetailsService,HandlerExceptionResolver handlerExceptionResolver){
this.handlerExceptionResolver=handlerExceptionResolver;
this.jwtService=jwtService;
this.userDetailsService=userDetailsService;
}
@Override
protected void doFilterInternal(
@NonNull HttpServletRequest request,
@NonNull HttpServletResponse response,
@NonNull FilterChain filterChain) throws ServletException, IOException {
final String authHeader=request.getHeader("Authorization");
if (authHeader==null || !authHeader.startsWith("Bearer")){
filterChain.doFilter(request, response);
return;
}
try {
final String userjwt=authHeader.substring(7);
final String userEmail=jwtService.extractUsername(userjwt);
Authentication authentication=SecurityContextHolder.getContext().getAuthentication();
if(userEmail!=null && authentication==null){
UserDetails userDetails=this.userDetailsService.loadUserByUsername(userEmail);
if (jwtService.isTokenValid(userjwt, userDetails)) {
UsernamePasswordAuthenticationToken authenticationToken=new UsernamePasswordAuthenticationToken(
userDetails, null, userDetails.getAuthorities()
);
authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
}
}
filterChain.doFilter(request, response);
}
catch (Exception err) {
handlerExceptionResolver.resolveException(request, response, null, err);
}
}
}
src/main/java/com/skycrate/backend/skycrateBackend/config/SecurityConfig.java
+18 -47
View File
@@ -1,52 +1,23 @@
package com.skycrate.backend.skycrateBackend.config; // package com.skycrate.backend.skycrateBackend.config;
import com.skycrate.backend.skycrateBackend.security.JwtAuthenticationFilter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@Configuration // import org.springframework.context.annotation.Bean;
public class SecurityConfig { // import org.springframework.context.annotation.Configuration;
// import org.springframework.security.config.annotation.web.builders.HttpSecurity;
// import org.springframework.security.web.SecurityFilterChain;
private final AuthenticationProvider authenticationProvider; // @Configuration
private final JwtAuthenticationFilter jwtAuthenticationFilter; // public class SecurityConfig {
public SecurityConfig(AuthenticationProvider authenticationProvider, // @Bean
JwtAuthenticationFilter jwtAuthenticationFilter) { // public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
this.authenticationProvider = authenticationProvider; // http
this.jwtAuthenticationFilter = jwtAuthenticationFilter; // .csrf(csrf -> csrf.disable()) // Disable CSRF for testing APIs
} // .authorizeHttpRequests(auth -> auth
// .requestMatchers("/api/hdfs/**").permitAll() // Allow HDFS endpoints
// .anyRequest().authenticated() // Everything else needs auth
// );
@Bean // return http.build();
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { // }
http // }
.csrf(csrf -> csrf.disable())
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authenticationProvider(authenticationProvider)
.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/auth/login", "/api/auth/register", "/actuator/**").permitAll()
.requestMatchers(HttpMethod.GET, "/public/**").permitAll()
.anyRequest().authenticated()
)
.requiresChannel(channel -> channel
.anyRequest().requiresSecure()
)
.headers(headers -> headers
.httpStrictTransportSecurity(hsts -> hsts
.includeSubDomains(true)
.maxAgeInSeconds(31536000)
)
// Spring Security 6+ no longer supports xss.block(true), so we just enable or disable it.
.xssProtection(xss -> xss.disable())
.frameOptions(frame -> frame.deny())
)
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
}
}
src/main/java/com/skycrate/backend/skycrateBackend/config/SecurityConfiguration.java
+105
View File
@@ -0,0 +1,105 @@
package com.skycrate.backend.skycrateBackend.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import java.util.List;
@Configuration
@EnableWebSecurity
public class SecurityConfiguration {
private final AuthenticationProvider authenticationProvider;
private final JwtAuthenticationFilter jwtAuthenticationFilter;
public SecurityConfiguration(
JwtAuthenticationFilter jwtAuthenticationFilter,
AuthenticationProvider authenticationProvider
) {
this.authenticationProvider = authenticationProvider;
this.jwtAuthenticationFilter = jwtAuthenticationFilter;
}
// @Bean
// public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
// http.csrf()
// .disable()
// .authorizeHttpRequests()
// .requestMatchers("/api/hdfs/**") // Specific API endpoints that don't require authentication
// .permitAll()
// .requestMatchers("/api/**") // Other endpoints that should be open
// .permitAll()
// .anyRequest()
// .authenticated() // All other requests require authentication
// .and()
// .sessionManagement()
// .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
// .and()
// .authenticationProvider(authenticationProvider)
// .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
//
// return http.build();
// }
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http
.securityMatcher("/**")
.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/hdfs/**", "/api/**").permitAll()
.anyRequest().authenticated()
)
.sessionManagement(session -> session
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
)
.authenticationProvider(authenticationProvider)
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
.csrf(csrf -> csrf.disable())
.cors(cors -> {}) // 🔥 This line enables CORS and connects to your CorsConfigurationSource bean
.build();
}
// @Bean
// CorsConfigurationSource corsConfigurationSource() {
// CorsConfiguration configuration = new CorsConfiguration();
//
// configuration.setAllowedOrigins(List.of("*"));
// configuration.setAllowedMethods(List.of("GET", "PUT", "DELETE", "POST"));
// configuration.setAllowedHeaders(List.of("Authorization", "Content-Type"));
//
// UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
//
// source.registerCorsConfiguration("/**", configuration);
//
// return source;
// }
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
// 🔥 Allow all origins (wildcard) safely with credentials
configuration.setAllowedOriginPatterns(List.of("*"));
configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS"));
configuration.setAllowedHeaders(List.of("*"));
configuration.setExposedHeaders(List.of("Authorization"));
configuration.setAllowCredentials(true); // Needed for cookies / Authorization headers
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
}
src/main/java/com/skycrate/backend/skycrateBackend/controller/AuthController.java
+31 -93
View File
@@ -1,120 +1,58 @@
package com.skycrate.backend.skycrateBackend.controller; package com.skycrate.backend.skycrateBackend.controller;
import com.skycrate.backend.skycrateBackend.dto.LoginRequest; import org.springframework.web.bind.annotation.RestController;
import com.skycrate.backend.skycrateBackend.dto.LoginResponse;
import com.skycrate.backend.skycrateBackend.dto.LoginUserDto;
import com.skycrate.backend.skycrateBackend.dto.RegisterUserDto; import com.skycrate.backend.skycrateBackend.dto.RegisterUserDto;
import com.skycrate.backend.skycrateBackend.dto.TokenRefreshRequest; import com.skycrate.backend.skycrateBackend.models.User;
import com.skycrate.backend.skycrateBackend.dto.TokenRefreshResponse; import com.skycrate.backend.skycrateBackend.responses.LoginResponse;
import com.skycrate.backend.skycrateBackend.entity.RefreshToken;
import com.skycrate.backend.skycrateBackend.entity.User;
import com.skycrate.backend.skycrateBackend.repository.UserRepository;
import com.skycrate.backend.skycrateBackend.security.TokenBlacklistService;
import com.skycrate.backend.skycrateBackend.services.AuthenticationService; import com.skycrate.backend.skycrateBackend.services.AuthenticationService;
import com.skycrate.backend.skycrateBackend.services.JwtService; import com.skycrate.backend.skycrateBackend.services.JwtService;
import com.skycrate.backend.skycrateBackend.services.RateLimiterService;
import com.skycrate.backend.skycrateBackend.services.RefreshTokenService;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.web.bind.annotation.*;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
@RequestMapping("/api")
@RestController @RestController
@RequestMapping("/api/auth")
public class AuthController { public class AuthController {
private final AuthenticationManager authManager;
private final JwtService jwtService; private final JwtService jwtService;
private final UserRepository userRepository; private AuthenticationService authenticationService;
private final RefreshTokenService refreshTokenService;
private final TokenBlacklistService tokenBlacklistService;
private final RateLimiterService rateLimiterService;
private final AuthenticationService authenticationService;
public AuthController( public AuthController(JwtService jwtService,AuthenticationService authenticationService){
AuthenticationManager authManager, this.jwtService=jwtService;
JwtService jwtService, this.authenticationService=authenticationService;
UserRepository userRepository,
RefreshTokenService refreshTokenService,
TokenBlacklistService tokenBlacklistService,
RateLimiterService rateLimiterService,
AuthenticationService authenticationService
) {
this.authManager = authManager;
this.jwtService = jwtService;
this.userRepository = userRepository;
this.refreshTokenService = refreshTokenService;
this.tokenBlacklistService = tokenBlacklistService;
this.rateLimiterService = rateLimiterService;
this.authenticationService = authenticationService;
} }
// New Register Endpoint @GetMapping("/test")
@PostMapping("/register") public String teString(@RequestParam String param) {
public ResponseEntity<?> register(@RequestBody RegisterUserDto request) { return new String();
User user = authenticationService.signUp(request);
return ResponseEntity.ok("User registered successfully with username: " + user.getUsername());
} }
@PostMapping("/login") @PostMapping("/login")
public ResponseEntity<?> login(@RequestBody LoginRequest request, HttpServletRequest servletRequest) { public ResponseEntity<LoginResponse> LoginController(@RequestBody LoginUserDto entity) {
String ip = servletRequest.getRemoteAddr();
if (rateLimiterService.isBlocked(ip)) { User authenticatedUser=authenticationService.authenticate(entity);
return ResponseEntity.status(429).body("Too many login attempts. Please try again later."); String jwtToken=jwtService.generateToken(authenticatedUser);
}
try { LoginResponse loginResponse=new LoginResponse().setToken(jwtToken).setExpiresIn(jwtService.getExpirtationTime());
authManager.authenticate( return ResponseEntity.ok(loginResponse);
new UsernamePasswordAuthenticationToken(request.getEmail(), request.getPassword())
);
} catch (Exception ex) {
rateLimiterService.recordFailedAttempt(ip);
return ResponseEntity.status(401).body("Invalid credentials.");
}
User user = userRepository.findByEmail(request.getEmail())
.orElseThrow(() -> new RuntimeException("User not found"));
rateLimiterService.resetAttempts(ip);
String accessToken = jwtService.generateToken(user);
RefreshToken refreshToken = refreshTokenService.createRefreshToken(user);
return ResponseEntity.ok(new LoginResponse(accessToken, refreshToken.getToken()));
} }
@PostMapping("/logout") @PostMapping("/signup")
public ResponseEntity<?> logout(HttpServletRequest request) { public ResponseEntity<User> register(@RequestBody RegisterUserDto entity) {
String authHeader = request.getHeader("Authorization"); User registeredUser=authenticationService.signUp(entity);
if (authHeader == null || !authHeader.startsWith("Bearer ")) {
return ResponseEntity.badRequest().body("Missing or invalid Authorization header");
}
String token = authHeader.substring(7);
tokenBlacklistService.blacklistToken(token); return ResponseEntity.ok(registeredUser);
String email = jwtService.extractUsername(token);
userRepository.findByEmail(email).ifPresent(refreshTokenService::deleteByUser);
return ResponseEntity.ok("Logged out successfully");
} }
@PostMapping("/refresh")
public ResponseEntity<?> refresh(@RequestBody TokenRefreshRequest request) {
String requestToken = request.getRefreshToken();
return refreshTokenService.findByToken(requestToken)
.map(token -> {
if (refreshTokenService.isExpired(token)) {
return ResponseEntity.status(403).body("Refresh token expired");
}
User user = token.getUser();
String newAccessToken = jwtService.generateToken(user);
return ResponseEntity.ok(new TokenRefreshResponse(newAccessToken, requestToken));
})
.orElseGet(() -> ResponseEntity.status(403).body("Invalid refresh token"));
}
} }
src/main/java/com/skycrate/backend/skycrateBackend/controller/FileController.java
-72
View File
@@ -1,72 +0,0 @@
package com.skycrate.backend.skycrateBackend.controller;
import com.skycrate.backend.skycrateBackend.services.FileService;
import com.skycrate.backend.skycrateBackend.services.JwtService;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
@RestController
@RequestMapping("/api/files")
public class FileController {
private final FileService fileService;
private final JwtService jwtService;
public FileController(FileService fileService, JwtService jwtService) {
this.fileService = fileService;
this.jwtService = jwtService;
}
@PostMapping("/upload")
public ResponseEntity<?> uploadFile(
@RequestParam("file") MultipartFile file,
HttpServletRequest request) {
try {
String token = extractToken(request);
String username = jwtService.extractUsername(token);
fileService.uploadEncryptedFile(username, file.getBytes(), file.getOriginalFilename());
return ResponseEntity.ok("File uploaded and encrypted successfully.");
} catch (Exception e) {
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
.body("Upload failed: " + e.getMessage());
}
}
@GetMapping("/download/{filename}")
public ResponseEntity<?> downloadFile(
@PathVariable String filename,
@RequestParam("password") String password,
HttpServletRequest request
) {
try {
String token = extractToken(request);
String username = jwtService.extractUsername(token);
byte[] decryptedData = fileService.downloadDecryptedFile(username, password, filename);
return ResponseEntity.ok()
.header(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=\"" + filename + "\"")
.contentLength(decryptedData.length)
.contentType(MediaType.APPLICATION_OCTET_STREAM)
.body(decryptedData);
} catch (Exception e) {
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
.body("File download failed: " + e.getMessage());
}
}
private String extractToken(HttpServletRequest request) {
String authHeader = request.getHeader("Authorization");
if (authHeader == null || !authHeader.startsWith("Bearer ")) {
throw new RuntimeException("Missing or invalid Authorization header");
}
return authHeader.substring(7);
}
}
src/main/java/com/skycrate/backend/skycrateBackend/controller/HDFScontroller.java
+14 -30
View File
@@ -2,8 +2,9 @@ package com.skycrate.backend.skycrateBackend.controller;
import com.skycrate.backend.skycrateBackend.config.HDFSConfig; import com.skycrate.backend.skycrateBackend.config.HDFSConfig;
import com.skycrate.backend.skycrateBackend.dto.ResponseDTO; import com.skycrate.backend.skycrateBackend.dto.ResponseDTO;
import com.skycrate.backend.skycrateBackend.entity.User; import com.skycrate.backend.skycrateBackend.models.User;
import com.skycrate.backend.skycrateBackend.repository.UserRepository; import com.skycrate.backend.skycrateBackend.repository.UserRepository;
import com.skycrate.backend.skycrateBackend.services.EncryptionUtil;
import com.skycrate.backend.skycrateBackend.services.HDFSOperations; import com.skycrate.backend.skycrateBackend.services.HDFSOperations;
import com.skycrate.backend.skycrateBackend.utils.KeyUtil; import com.skycrate.backend.skycrateBackend.utils.KeyUtil;
import com.skycrate.backend.skycrateBackend.utils.RSAKeyUtil; import com.skycrate.backend.skycrateBackend.utils.RSAKeyUtil;
@@ -35,6 +36,9 @@ import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec; import javax.crypto.spec.SecretKeySpec;
import java.io.File; // For java.io.File import java.io.File; // For java.io.File
import static com.skycrate.backend.skycrateBackend.utils.KeyUtil.getPrivateKeyForUser;
import static com.skycrate.backend.skycrateBackend.utils.KeyUtil.getPublicKeyForUser;
@RestController @RestController
@RequestMapping("/api/hdfs") @RequestMapping("/api/hdfs")
public class HDFScontroller { public class HDFScontroller {
@@ -69,29 +73,30 @@ public class HDFScontroller {
@RequestParam String uploadedFileName, @RequestParam String uploadedFileName,
@RequestParam String username) { @RequestParam String username) {
try { try {
// Retrieve the user from the database using the username // Step 1: Retrieve the user and their RSA public key
User user = userRepository.findByUsername(username).orElseThrow(() -> new RuntimeException("User not found")); User user = userRepository.findByUsername(username)
.orElseThrow(() -> new RuntimeException("User not found"));
// Get the public key from the user entity
byte[] publicKeyBytes = user.getPublicKey(); byte[] publicKeyBytes = user.getPublicKey();
PublicKey publicKey = RSAKeyUtil.getPublicKeyFromBytes(publicKeyBytes); PublicKey publicKey = RSAKeyUtil.getPublicKeyFromBytes(publicKeyBytes);
// Encrypt the file content using the public key // Step 2: Encrypt the file content using hybrid encryption (AES + RSA)
byte[] encryptedData = encryptFile(file, publicKey); byte[] fileBytes = file.getBytes();
byte[] encryptedData = EncryptionUtil.encrypt(fileBytes, publicKey);
// Upload the encrypted file to HDFS // Step 3: Upload encrypted data to HDFS
hdfsOperations.uploadFile(encryptedData, hdfsPath, uploadedFileName, username); hdfsOperations.uploadFile(encryptedData, hdfsPath, uploadedFileName, username);
return new ResponseDTO("File uploaded successfully", true); return new ResponseDTO("File uploaded successfully", true);
} catch (IOException e) { } catch (IOException e) {
e.printStackTrace(); e.printStackTrace();
return new ResponseDTO("Failed to upload file locally: " + e.getMessage(), false); return new ResponseDTO("Failed to read file: " + e.getMessage(), false);
} catch (Exception e) { } catch (Exception e) {
e.printStackTrace(); e.printStackTrace();
return new ResponseDTO("Failed to upload file to HDFS: " + e.getMessage(), false); return new ResponseDTO("Failed to upload file to HDFS: " + e.getMessage(), false);
} }
} }
// Helper method to encrypt the file content using RSA encryption // Helper method to encrypt the file content using RSA encryption
private byte[] encryptFile(MultipartFile file, PublicKey publicKey) throws Exception { private byte[] encryptFile(MultipartFile file, PublicKey publicKey) throws Exception {
// Step 1: Generate a random AES key // Step 1: Generate a random AES key
@@ -275,25 +280,4 @@ public class HDFScontroller {
.body("Failed to list files: " + e.getMessage()); .body("Failed to list files: " + e.getMessage());
} }
} }
@GetMapping("/getUsernameByEmail")
public ResponseEntity<?> getUsernameByEmail(@RequestParam String email) {
try {
// Fetch user from the database using the provided email
User user = userRepository.findByEmail(email)
.orElseThrow(() -> new RuntimeException("User not found with email: " + email));
// // Log the retrieved user object to verify the username
// System.out.println("Retrieved user: " + user.getFullname());
// Return the username as the response
return ResponseEntity.ok(user.getFullname()); // Return the username
} catch (Exception e) {
// Handle error if user is not found or other exceptions occur
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
.body("Failed to fetch username: " + e.getMessage());
}
}
} }
src/main/java/com/skycrate/backend/skycrateBackend/dto/LoginRequest.java
-13
View File
@@ -1,13 +0,0 @@
package com.skycrate.backend.skycrateBackend.dto;
public class LoginRequest {
private String email;
private String password;
// Getters and setters
public String getEmail() { return email; }
public void setEmail(String email) { this.email = email; }
public String getPassword() { return password; }
public void setPassword(String password) { this.password = password; }
}
src/main/java/com/skycrate/backend/skycrateBackend/dto/LoginResponse.java
-17
View File
@@ -1,17 +0,0 @@
package com.skycrate.backend.skycrateBackend.dto;
public class LoginResponse {
private String accessToken;
private String refreshToken;
private String tokenType = "Bearer";
public LoginResponse(String accessToken, String refreshToken) {
this.accessToken = accessToken;
this.refreshToken = refreshToken;
}
// Getters
public String getAccessToken() { return accessToken; }
public String getRefreshToken() { return refreshToken; }
public String getTokenType() { return tokenType; }
}
src/main/java/com/skycrate/backend/skycrateBackend/dto/RegisterUserDto.java
+35 -35
View File
@@ -1,46 +1,46 @@
package com.skycrate.backend.skycrateBackend.dto; package com.skycrate.backend.skycrateBackend.dto;
import jakarta.validation.constraints.Email;
import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.Pattern;
import jakarta.validation.constraints.Size;
public class RegisterUserDto { public class RegisterUserDto {
@NotBlank(message = "Email is required")
@Email(message = "Email should be valid")
private String email; private String email;
@NotBlank(message = "Password is required")
@Size(min = 8, message = "Password must be at least 8 characters")
private String password; private String password;
@NotBlank(message = "Username is required")
@Pattern(regexp = "^[a-zA-Z0-9]+$", message = "Username must be alphanumeric")
private String username;
@NotBlank(message = "Full name is required")
private String fullname;
@NotBlank(message = "First name is required")
private String firstname; private String firstname;
@NotBlank(message = "Last name is required")
private String lastname; private String lastname;
// Getters public String getEmail() {
public String getEmail() { return email; } return email;
public String getPassword() { return password; } }
public String getUsername() { return username; }
public String getFullname() { return fullname; }
public String getFirstname() { return firstname; }
public String getLastname() { return lastname; }
// Setters public RegisterUserDto setEmail(String email) {
public void setEmail(String email) { this.email = email; } this.email = email;
public void setPassword(String password) { this.password = password; } return this;
public void setUsername(String username) { this.username = username; } }
public void setFullname(String fullname) { this.fullname = fullname; }
public void setFirstname(String firstname) { this.firstname = firstname; } public String getPassword() {
public void setLastname(String lastname) { this.lastname = lastname; } return password;
}
public RegisterUserDto setPassword(String password) {
this.password = password;
return this;
}
public String getFirstname() {
return firstname;
}
public RegisterUserDto setFirstname(String firstname) {
this.firstname = firstname;
return this;
}
public String getLastname() {
return lastname;
}
public RegisterUserDto setLastname(String lastname) {
this.lastname = lastname;
return this;
}
} }
src/main/java/com/skycrate/backend/skycrateBackend/dto/SignupRequest.java
-33
View File
@@ -1,33 +0,0 @@
package com.skycrate.backend.skycrateBackend.dto;
public class SignupRequest {
private String username;
private String email;
private String password;
// Getters
public String getUsername() {
return username;
}
public String getEmail() {
return email;
}
public String getPassword() {
return password;
}
// Setters
public void setUsername(String username) {
this.username = username;
}
public void setEmail(String email) {
this.email = email;
}
public void setPassword(String password) {
this.password = password;
}
}
src/main/java/com/skycrate/backend/skycrateBackend/dto/TokenRefreshRequest.java
-13
View File
@@ -1,13 +0,0 @@
package com.skycrate.backend.skycrateBackend.dto;
public class TokenRefreshRequest {
private String refreshToken;
public String getRefreshToken() {
return refreshToken;
}
public void setRefreshToken(String refreshToken) {
this.refreshToken = refreshToken;
}
}
src/main/java/com/skycrate/backend/skycrateBackend/dto/TokenRefreshResponse.java
-17
View File
@@ -1,17 +0,0 @@
package com.skycrate.backend.skycrateBackend.dto;
public class TokenRefreshResponse {
private String accessToken;
private String refreshToken;
private String tokenType = "Bearer";
public TokenRefreshResponse(String accessToken, String refreshToken) {
this.accessToken = accessToken;
this.refreshToken = refreshToken;
}
// Getters
public String getAccessToken() { return accessToken; }
public String getRefreshToken() { return refreshToken; }
public String getTokenType() { return tokenType; }
}
src/main/java/com/skycrate/backend/skycrateBackend/dto/User.java
+23
View File
@@ -0,0 +1,23 @@
package com.skycrate.backend.skycrateBackend.dto;
import com.skycrate.backend.skycrateBackend.services.EncryptionUtil;
import java.security.KeyPair;
public class User {
private String username;
private KeyPair keyPair;
public User(String username) throws Exception {
this.username = username;
this.keyPair = EncryptionUtil.generateKeyPair();
}
public String getUsername() {
return username;
}
public KeyPair getKeyPair() {
return keyPair;
}
}
src/main/java/com/skycrate/backend/skycrateBackend/entity/FileMetadata.java
-39
View File
@@ -1,39 +0,0 @@
package com.skycrate.backend.skycrateBackend.entity;
import jakarta.persistence.*;
import lombok.*;
@Entity
@Table(name = "file_metadata")
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@Builder
public class FileMetadata {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
@Column(nullable = false)
private String filePath;
@Column(nullable = false)
private String username;
@Lob
@Column(nullable = false)
private byte[] salt;
@Lob
@Column(nullable = false)
private byte[] iv;
@Lob
@Column(nullable = false, name = "encrypted_key", columnDefinition = "LONGBLOB")
private byte[] encryptedKey;
@Column(nullable = false)
private long uploadedAt;
}
src/main/java/com/skycrate/backend/skycrateBackend/entity/RefreshToken.java
-33
View File
@@ -1,33 +0,0 @@
package com.skycrate.backend.skycrateBackend.entity;
import jakarta.persistence.*;
import java.time.Instant;
@Entity
public class RefreshToken {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
@Column(nullable = false, unique = true)
private String token;
@OneToOne
@JoinColumn(name = "user_id", referencedColumnName = "id")
private User user;
private Instant expiryDate;
// Getters and setters
public Long getId() { return id; }
public String getToken() { return token; }
public void setToken(String token) { this.token = token; }
public User getUser() { return user; }
public void setUser(User user) { this.user = user; }
public Instant getExpiryDate() { return expiryDate; }
public void setExpiryDate(Instant expiryDate) { this.expiryDate = expiryDate; }
}
src/main/java/com/skycrate/backend/skycrateBackend/entity/User.java
-90
View File
@@ -1,90 +0,0 @@
package com.skycrate.backend.skycrateBackend.entity;
import jakarta.persistence.*;
import lombok.*;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import java.util.Collection;
import java.util.List;
@Entity
@Table(name = "users")
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
public class User implements UserDetails {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
@Column(nullable = false, unique = true)
private String email;
@Column(nullable = false)
private String password;
@Column(nullable = false, unique = true)
private String username;
@Column(nullable = false)
private String fullname;
@Lob
private byte[] publicKey;
@Lob
private byte[] privateKey;
@Lob
@Column(nullable = false)
private byte[] privateKeySalt;
@Lob
@Column(nullable = false)
private byte[] privateKeyIv;
@Builder
public User(String email, String password, String username, String fullname,
byte[] publicKey, byte[] privateKey,
byte[] privateKeySalt, byte[] privateKeyIv) {
this.email = email;
this.password = password;
this.username = username;
this.fullname = fullname;
this.publicKey = publicKey;
this.privateKey = privateKey;
this.privateKeySalt = privateKeySalt;
this.privateKeyIv = privateKeyIv;
}
// --- UserDetails interface methods ---
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return List.of(); // No roles assigned currently
}
@Override
public String getUsername() {
return username;
}
@Override
public String getPassword() {
return this.password;
}
@Override
public boolean isAccountNonExpired() { return true; }
@Override
public boolean isAccountNonLocked() { return true; }
@Override
public boolean isCredentialsNonExpired() { return true; }
@Override
public boolean isEnabled() { return true; }
}
src/main/java/com/skycrate/backend/skycrateBackend/models/User.java
+139
View File
@@ -0,0 +1,139 @@
package com.skycrate.backend.skycrateBackend.models;
import java.time.LocalDateTime;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import org.hibernate.annotations.CreationTimestamp;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import jakarta.persistence.*;
@Table(name = "users")
@Entity
public class User implements UserDetails {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(nullable = false)
private Integer id;
@Column(nullable = false)
private String username;
@Column(unique = true, nullable = false)
private String email;
@Column(nullable = false)
private String password;
// ✅ Add RSA key fields
@Lob
@Column(name = "public_key", columnDefinition = "BLOB")
private byte[] publicKey;
@Lob
@Column(name = "private_key", columnDefinition = "BLOB")
private byte[] privateKey;
@CreationTimestamp
@Column(updatable = false, name = "created_at")
private Date createdAt;
public User() {}
public User(String firstname, String lastname, String email, String password) {
this.username = firstname + lastname;
this.email = email;
this.password = password;
}
// ⬇️ Required by Spring Security
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return List.of();
}
@Override
public String getUsername() {
return email;
}
@Override
public String getPassword() {
return password;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
// ⬇️ Getters and Setters
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public void setFullname(String firstname, String lastname) {
this.username = firstname + lastname;
}
public String getFullname() {
return this.username;
}
public void setEmail(String email) {
this.email = email;
}
public void setPassword(String password) {
this.password = password;
}
public Date getCreatedAt() {
return createdAt;
}
public void setCreatedAt(Date createdAt) {
this.createdAt = createdAt;
}
// ✅ Getters and setters for RSA keys
public byte[] getPublicKey() {
return publicKey;
}
public void setPublicKey(byte[] publicKey) {
this.publicKey = publicKey;
}
public byte[] getPrivateKey() {
return privateKey;
}
public void setPrivateKey(byte[] privateKey) {
this.privateKey = privateKey;
}
}
src/main/java/com/skycrate/backend/skycrateBackend/repository/FileMetadataRepository.java
-10
View File
@@ -1,10 +0,0 @@
package com.skycrate.backend.skycrateBackend.repository;
import com.skycrate.backend.skycrateBackend.entity.FileMetadata;
import org.springframework.data.jpa.repository.JpaRepository;
import java.util.Optional;
public interface FileMetadataRepository extends JpaRepository<FileMetadata, Long> {
Optional<FileMetadata> findByUsernameAndFilePath(String username, String filePath);
}
src/main/java/com/skycrate/backend/skycrateBackend/repository/RefreshTokenRepository.java
-18
View File
@@ -1,18 +0,0 @@
package com.skycrate.backend.skycrateBackend.repository;
import com.skycrate.backend.skycrateBackend.entity.RefreshToken;
import com.skycrate.backend.skycrateBackend.entity.User;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Modifying;
import org.springframework.data.jpa.repository.Query;
import org.springframework.transaction.annotation.Transactional;
import java.util.Optional;
public interface RefreshTokenRepository extends JpaRepository<RefreshToken, Long> {
Optional<RefreshToken> findByToken(String token);
@Transactional
@Modifying
@Query("DELETE FROM RefreshToken t WHERE t.user = :user")
void deleteByUser(User user);
}
src/main/java/com/skycrate/backend/skycrateBackend/repository/UserManager.java
+25
View File
@@ -0,0 +1,25 @@
package com.skycrate.backend.skycrateBackend.repository;
import com.skycrate.backend.skycrateBackend.dto.User;
import org.springframework.stereotype.Service;
import java.util.HashMap;
import java.util.Map;
@Service
public class UserManager {
private Map<String, User> users = new HashMap<>();
public User getUser(String username) throws Exception {
if (!users.containsKey(username)) {
users.put(username, new User(username));
}
return users.get(username);
}
public boolean authenticate(String username, String password) {
// Implement your authentication logic here
return "admin".equals(username) && "password123".equals(password);
}
}
src/main/java/com/skycrate/backend/skycrateBackend/repository/UserRepository.java
+1 -1
View File
@@ -2,7 +2,7 @@ package com.skycrate.backend.skycrateBackend.repository;
import java.util.Optional; import java.util.Optional;
import org.springframework.data.repository.CrudRepository; import org.springframework.data.repository.CrudRepository;
import com.skycrate.backend.skycrateBackend.entity.User; import com.skycrate.backend.skycrateBackend.models.User;
public interface UserRepository extends CrudRepository<User,Integer> { public interface UserRepository extends CrudRepository<User,Integer> {
Optional<User> findByEmail(String email); Optional<User> findByEmail(String email);
// Custom query method to find user by username // Custom query method to find user by username
src/main/java/com/skycrate/backend/skycrateBackend/security/EncryptionService.java
-42
View File
@@ -1,42 +0,0 @@
package com.skycrate.backend.skycrateBackend.security;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.*;
import java.security.SecureRandom;
import java.util.Base64;
public class EncryptionService {
private static final int KEY_LENGTH = 256;
private static final int ITERATIONS = 65536;
private static final int SALT_LENGTH = 16;
private static final int IV_LENGTH = 12;
public static byte[] generateSalt() {
byte[] salt = new byte[SALT_LENGTH];
new SecureRandom().nextBytes(salt);
return salt;
}
public static SecretKey deriveKey(String password, byte[] salt) throws Exception {
PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, ITERATIONS, KEY_LENGTH);
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
return new SecretKeySpec(factory.generateSecret(spec).getEncoded(), "AES");
}
public static byte[] encrypt(byte[] plaintext, SecretKey key, byte[] iv) throws Exception {
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
GCMParameterSpec spec = new GCMParameterSpec(128, iv);
cipher.init(Cipher.ENCRYPT_MODE, key, spec);
return cipher.doFinal(plaintext);
}
public static byte[] decrypt(byte[] ciphertext, SecretKey key, byte[] iv) throws Exception {
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
GCMParameterSpec spec = new GCMParameterSpec(128, iv);
cipher.init(Cipher.DECRYPT_MODE, key, spec);
return cipher.doFinal(ciphertext);
}
}
src/main/java/com/skycrate/backend/skycrateBackend/security/JwtAuthenticationFilter.java
-90
View File
@@ -1,90 +0,0 @@
package com.skycrate.backend.skycrateBackend.security;
import com.skycrate.backend.skycrateBackend.repository.UserRepository;
import com.skycrate.backend.skycrateBackend.entity.User;
import com.skycrate.backend.skycrateBackend.services.JwtService;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;
import java.io.IOException;
@Component
public class JwtAuthenticationFilter extends OncePerRequestFilter {
private final JwtService jwtService;
private final UserRepository userRepository;
private final TokenBlacklistService tokenBlacklistService;
public JwtAuthenticationFilter(JwtService jwtService,
UserRepository userRepository,
TokenBlacklistService tokenBlacklistService) {
this.jwtService = jwtService;
this.userRepository = userRepository;
this.tokenBlacklistService = tokenBlacklistService;
}
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response,
FilterChain filterChain)
throws ServletException, IOException {
String path = request.getRequestURI();
if (path.startsWith("/api/auth") || path.startsWith("/actuator")) {
filterChain.doFilter(request, response);
return;
}
final String authHeader = request.getHeader("Authorization");
final String jwt;
final String username;
if (!StringUtils.hasText(authHeader) || !authHeader.startsWith("Bearer ")) {
filterChain.doFilter(request, response);
return;
}
jwt = authHeader.substring(7);
// Check if token is blacklisted
if (tokenBlacklistService.isTokenBlacklisted(jwt)) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.getWriter().write("Token has been blacklisted");
return;
}
try {
username = jwtService.extractUsername(jwt); // This is actually the `username`, not email
} catch (Exception e) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.getWriter().write("Invalid JWT token");
return;
}
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
// ❗ Use username to find the user
User user = userRepository.findByUsername(username).orElse(null);
if (user != null && jwtService.isTokenValid(jwt, user)) {
UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(
user, null, user.getAuthorities());
authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authToken);
} else {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.getWriter().write("Expired or invalid JWT");
return;
}
}
filterChain.doFilter(request, response);
}
}
src/main/java/com/skycrate/backend/skycrateBackend/security/TokenBlacklistService.java
-27
View File
@@ -1,27 +0,0 @@
package com.skycrate.backend.skycrateBackend.security;
import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import org.springframework.stereotype.Service;
import java.util.concurrent.TimeUnit;
@Service
public class TokenBlacklistService {
private final Cache<String, Boolean> blacklistCache;
public TokenBlacklistService() {
this.blacklistCache = Caffeine.newBuilder()
.expireAfterWrite(1, TimeUnit.HOURS)
.build();
}
public void blacklistToken(String token) {
blacklistCache.put(token, true);
}
public boolean isTokenBlacklisted(String token) {
return blacklistCache.getIfPresent(token) != null;
}
}
src/main/java/com/skycrate/backend/skycrateBackend/services/AuthenticationService.java
+18 -54
View File
@@ -1,20 +1,16 @@
package com.skycrate.backend.skycrateBackend.services; package com.skycrate.backend.skycrateBackend.services;
import com.skycrate.backend.skycrateBackend.config.HDFSConfig;
import com.skycrate.backend.skycrateBackend.dto.LoginUserDto;
import com.skycrate.backend.skycrateBackend.dto.RegisterUserDto;
import com.skycrate.backend.skycrateBackend.entity.User;
import com.skycrate.backend.skycrateBackend.repository.UserRepository;
import com.skycrate.backend.skycrateBackend.utils.EncryptionUtil;
import com.skycrate.backend.skycrateBackend.utils.RSAKeyUtil;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import javax.crypto.SecretKey; import com.skycrate.backend.skycrateBackend.dto.LoginUserDto;
import com.skycrate.backend.skycrateBackend.dto.RegisterUserDto;
import com.skycrate.backend.skycrateBackend.models.User;
import com.skycrate.backend.skycrateBackend.repository.UserRepository;
import com.skycrate.backend.skycrateBackend.utils.RSAKeyUtil;
import java.security.KeyPair; import java.security.KeyPair;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
@@ -25,61 +21,29 @@ public class AuthenticationService {
private final PasswordEncoder passwordEncoder; private final PasswordEncoder passwordEncoder;
private final AuthenticationManager authenticationManager; private final AuthenticationManager authenticationManager;
public AuthenticationService(UserRepository userRepository, public AuthenticationService(UserRepository userRepository, AuthenticationManager authenticationManager, PasswordEncoder passwordEncoder) {
AuthenticationManager authenticationManager,
PasswordEncoder passwordEncoder) {
this.userRepository = userRepository; this.userRepository = userRepository;
this.passwordEncoder = passwordEncoder; this.passwordEncoder = passwordEncoder;
this.authenticationManager = authenticationManager; this.authenticationManager = authenticationManager;
} }
public User signUp(RegisterUserDto inputUser) { public User signUp(RegisterUserDto inputUser) {
// Generate RSA key pair User user = new User(
KeyPair keyPair; inputUser.getFirstname(),
inputUser.getLastname(),
inputUser.getEmail(),
passwordEncoder.encode(inputUser.getPassword())
);
try { try {
keyPair = RSAKeyUtil.generateKeyPair(); KeyPair keyPair = RSAKeyUtil.generateKeyPair();
user.setPublicKey(keyPair.getPublic().getEncoded());
user.setPrivateKey(keyPair.getPrivate().getEncoded());
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException e) {
throw new RuntimeException("Failed to generate RSA key pair", e); throw new RuntimeException("Failed to generate RSA key pair", e);
} }
// Encrypt private key using password-derived AES key return userRepository.save(user);
byte[] salt = EncryptionUtil.generateSalt();
byte[] iv = EncryptionUtil.generateIv();
byte[] encryptedPrivateKey;
try {
SecretKey aesKey = EncryptionUtil.deriveKey(inputUser.getPassword().toCharArray(), salt);
encryptedPrivateKey = EncryptionUtil.encrypt(keyPair.getPrivate().getEncoded(), aesKey, iv);
} catch (Exception e) {
throw new RuntimeException("Failed to encrypt private key", e);
}
// Create user entity with encrypted private key, salt, and iv
User user = User.builder()
.fullname(inputUser.getFirstname() + " " + inputUser.getLastname())
.username(inputUser.getUsername())
.email(inputUser.getEmail())
.password(passwordEncoder.encode(inputUser.getPassword()))
.publicKey(keyPair.getPublic().getEncoded())
.privateKey(encryptedPrivateKey)
.privateKeySalt(salt)
.privateKeyIv(iv)
.build();
// Save user
User savedUser = userRepository.save(user);
// Create HDFS directory in root with username
try {
FileSystem fs = HDFSConfig.getHDFS();
Path userDir = new Path("/" + savedUser.getUsername());
if (!fs.exists(userDir)) {
fs.mkdirs(userDir);
}
} catch (Exception e) {
throw new RuntimeException("Failed to create HDFS directory for user: " + savedUser.getUsername(), e);
}
return savedUser;
} }
public User authenticate(LoginUserDto inputUser) { public User authenticate(LoginUserDto inputUser) {
src/main/java/com/skycrate/backend/skycrateBackend/services/EncryptionUtil.java
+65 -57
View File
@@ -1,79 +1,87 @@
package com.skycrate.backend.skycrateBackend.services; package com.skycrate.backend.skycrateBackend.services;
import javax.crypto.*; import javax.crypto.*;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec; import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.*; import java.security.*;
import java.security.spec.InvalidKeySpecException; import java.util.Arrays;
import java.security.spec.KeySpec;
import java.util.Base64;
public class EncryptionUtil { public class EncryptionUtil {
private static final String RSA_ALGORITHM = "RSA";
private static final String AES_ALGORITHM = "AES";
private static final int RSA_KEY_SIZE = 2048;
private static final int AES_KEY_SIZE = 256;
private static final int SALT_LENGTH = 16; // in bytes // Generate RSA Key Pair (Public & Private)
private static final int IV_LENGTH = 16; // for AES CBC public static KeyPair generateKeyPair() throws NoSuchAlgorithmException {
private static final int ITERATIONS = 65536; KeyPairGenerator keyGen = KeyPairGenerator.getInstance(RSA_ALGORITHM);
private static final int KEY_LENGTH = 256; // bits keyGen.initialize(RSA_KEY_SIZE);
return keyGen.generateKeyPair();
// --- AES key derivation using PBKDF2 ---
public static SecretKey deriveAESKey(char[] password, byte[] salt)
throws NoSuchAlgorithmException, InvalidKeySpecException {
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
KeySpec spec = new PBEKeySpec(password, salt, ITERATIONS, KEY_LENGTH);
byte[] keyBytes = factory.generateSecret(spec).getEncoded();
return new SecretKeySpec(keyBytes, "AES");
} }
// --- Encrypt data using AES-CBC --- // Encrypt data using AES (AES Key is encrypted using RSA)
public static byte[] encrypt(byte[] data, SecretKey key, byte[] iv) public static byte[] encrypt(byte[] data, PublicKey publicKey) throws Exception {
throws GeneralSecurityException { // Step 1: Generate AES Key
SecretKey aesKey = generateAESKey();
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); // Encrypt data using AES
Cipher aesCipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
aesCipher.init(Cipher.ENCRYPT_MODE, aesKey);
byte[] encryptedData = aesCipher.doFinal(data);
IvParameterSpec ivSpec = new IvParameterSpec(iv); // Encrypt the AES key with RSA
cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); Cipher rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
rsaCipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] encryptedAesKey = rsaCipher.doFinal(aesKey.getEncoded());
return cipher.doFinal(data); // Step 4: Combine encrypted AES key and encrypted data into one array
byte[] combined = new byte[4 + encryptedAesKey.length + encryptedData.length];
// First 4 bytes indicate the length of the AES encrypted key
combined[0] = (byte) (encryptedAesKey.length >> 24);
combined[1] = (byte) (encryptedAesKey.length >> 16);
combined[2] = (byte) (encryptedAesKey.length >> 8);
combined[3] = (byte) encryptedAesKey.length;
// Copy AES Key and Encrypted Data into the combined array
System.arraycopy(encryptedAesKey, 0, combined, 4, encryptedAesKey.length);
System.arraycopy(encryptedData, 0, combined, 4 + encryptedAesKey.length, encryptedData.length);
return combined;
} }
// --- Decrypt data using AES-CBC --- // Decrypt data using RSA (AES Key is decrypted using RSA, then used for AES decryption)
public static byte[] decrypt(byte[] encryptedData, SecretKey key, byte[] iv) public static byte[] decrypt(byte[] encryptedCombined, PrivateKey privateKey) throws Exception {
throws GeneralSecurityException { // Step 1: Extract AES Key length from the combined data
int aesKeyLength = ((encryptedCombined[0] & 0xFF) << 24) |
((encryptedCombined[1] & 0xFF) << 16) |
((encryptedCombined[2] & 0xFF) << 8) |
(encryptedCombined[3] & 0xFF);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); // Step 2: Extract the encrypted AES key and encrypted data
byte[] encryptedAesKey = new byte[aesKeyLength];
byte[] encryptedData = new byte[encryptedCombined.length - 4 - aesKeyLength];
IvParameterSpec ivSpec = new IvParameterSpec(iv); System.arraycopy(encryptedCombined, 4, encryptedAesKey, 0, aesKeyLength);
cipher.init(Cipher.DECRYPT_MODE, key, ivSpec); System.arraycopy(encryptedCombined, 4 + aesKeyLength, encryptedData, 0, encryptedData.length);
return cipher.doFinal(encryptedData); // Step 3: Decrypt the AES key using RSA
Cipher rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
rsaCipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] aesKeyBytes = rsaCipher.doFinal(encryptedAesKey);
// Create AES key
SecretKey aesKey = new SecretKeySpec(aesKeyBytes, "AES");
// Decrypt the data using AES
Cipher aesCipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
aesCipher.init(Cipher.DECRYPT_MODE, aesKey);
return aesCipher.doFinal(encryptedData);
} }
// --- Generate random salt --- // Generate a random AES key
public static byte[] generateSalt() { private static SecretKey generateAESKey() throws NoSuchAlgorithmException {
byte[] salt = new byte[SALT_LENGTH]; KeyGenerator keyGen = KeyGenerator.getInstance(AES_ALGORITHM);
new SecureRandom().nextBytes(salt); keyGen.init(AES_KEY_SIZE);
return salt; return keyGen.generateKey();
}
// --- Generate random IV ---
public static byte[] generateIV() {
byte[] iv = new byte[IV_LENGTH];
new SecureRandom().nextBytes(iv);
return iv;
}
// --- Optional: Utility to base64 encode data ---
public static String encodeBase64(byte[] data) {
return Base64.getEncoder().encodeToString(data);
}
public static byte[] decodeBase64(String base64) {
return Base64.getDecoder().decode(base64);
} }
} }
src/main/java/com/skycrate/backend/skycrateBackend/services/FileService.java
-114
View File
@@ -1,114 +0,0 @@
package com.skycrate.backend.skycrateBackend.services;
import com.skycrate.backend.skycrateBackend.config.HDFSConfig;
import com.skycrate.backend.skycrateBackend.entity.FileMetadata;
import com.skycrate.backend.skycrateBackend.entity.User;
import com.skycrate.backend.skycrateBackend.repository.FileMetadataRepository;
import com.skycrate.backend.skycrateBackend.repository.UserRepository;
import com.skycrate.backend.skycrateBackend.utils.EncryptionUtil;
import com.skycrate.backend.skycrateBackend.utils.RSAKeyUtil;
import org.apache.hadoop.fs.FSDataInputStream;
import org.apache.hadoop.fs.FSDataOutputStream;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
import javax.crypto.SecretKey;
import java.io.ByteArrayInputStream;
import java.security.PrivateKey;
import java.security.PublicKey;
@Service
public class FileService {
private static final Logger log = LoggerFactory.getLogger(FileService.class);
private final FileMetadataRepository fileMetadataRepository;
private final UserRepository userRepository;
public FileService(FileMetadataRepository fileMetadataRepository, UserRepository userRepository) {
this.fileMetadataRepository = fileMetadataRepository;
this.userRepository = userRepository;
}
public void uploadEncryptedFile(String username, byte[] fileContent, String filename) throws Exception {
log.info("Starting upload for user={}, file={}", username, filename);
try {
User user = userRepository.findByUsername(username)
.orElseThrow(() -> new RuntimeException("User not found: " + username));
SecretKey aesKey = EncryptionUtil.generateAESKey();
byte[] salt = EncryptionUtil.generateSalt(); // reserved for future use
byte[] iv = EncryptionUtil.generateIv();
byte[] encryptedData = EncryptionUtil.encrypt(fileContent, aesKey, iv);
PublicKey publicKey = RSAKeyUtil.decodePublicKey(user.getPublicKey());
byte[] encryptedAesKey = EncryptionUtil.encryptRSA(aesKey.getEncoded(), publicKey);
Path userDir = new Path("/" + username);
Path filePath = new Path(userDir, filename);
FileSystem fs = HDFSConfig.getHDFS();
if (!fs.exists(userDir)) {
log.info("Creating directory in HDFS: {}", userDir);
fs.mkdirs(userDir);
}
log.info("Writing encrypted file to HDFS: {}", filePath);
try (FSDataOutputStream out = fs.create(filePath, true);
ByteArrayInputStream in = new ByteArrayInputStream(encryptedData)) {
in.transferTo(out);
}
FileMetadata metadata = FileMetadata.builder()
.username(username)
.filePath(filePath.toString())
.salt(salt)
.iv(iv)
.encryptedKey(encryptedAesKey)
.uploadedAt(System.currentTimeMillis())
.build();
fileMetadataRepository.save(metadata);
log.info("Upload complete: file={} for user={}", filename, username);
} catch (Exception e) {
log.error("Error during file upload for user={}, file={}: {}", username, filename, e.getMessage(), e);
throw e;
}
}
public byte[] downloadDecryptedFile(String username, String password, String filename) throws Exception {
log.info("Download request: user={}, file={}", username, filename);
try {
User user = userRepository.findByUsername(username)
.orElseThrow(() -> new RuntimeException("User not found: " + username));
Path filePath = new Path("/" + username + "/" + filename);
FileMetadata metadata = fileMetadataRepository.findByUsernameAndFilePath(username, filePath.toString())
.orElseThrow(() -> new RuntimeException("File metadata not found for: " + filePath));
SecretKey derivedKey = EncryptionUtil.deriveKey(password.toCharArray(), user.getPrivateKeySalt());
byte[] decryptedPrivateKeyBytes = EncryptionUtil.decrypt(user.getPrivateKey(), derivedKey, user.getPrivateKeyIv());
PrivateKey privateKey = RSAKeyUtil.decodePrivateKey(decryptedPrivateKeyBytes);
byte[] aesKeyBytes = EncryptionUtil.decryptRSA(metadata.getEncryptedKey(), privateKey);
SecretKey aesKey = EncryptionUtil.rebuildAESKey(aesKeyBytes);
FileSystem fs = HDFSConfig.getHDFS();
byte[] encryptedData;
try (FSDataInputStream in = fs.open(filePath)) {
encryptedData = in.readAllBytes();
}
return EncryptionUtil.decrypt(encryptedData, aesKey, metadata.getIv());
} catch (Exception e) {
log.error("Download failed for user={}, file={}: {}", username, filename, e.getMessage(), e);
throw e;
}
}
}
src/main/java/com/skycrate/backend/skycrateBackend/services/HDFSOperations.java
+55 -91
View File
@@ -1,7 +1,7 @@
package com.skycrate.backend.skycrateBackend.services; package com.skycrate.backend.skycrateBackend.services;
import com.skycrate.backend.skycrateBackend.config.HDFSConfig; import com.skycrate.backend.skycrateBackend.config.HDFSConfig;
import com.skycrate.backend.skycrateBackend.entity.User; import com.skycrate.backend.skycrateBackend.models.User;
import com.skycrate.backend.skycrateBackend.repository.UserRepository; import com.skycrate.backend.skycrateBackend.repository.UserRepository;
import com.skycrate.backend.skycrateBackend.utils.RSAKeyUtil; import com.skycrate.backend.skycrateBackend.utils.RSAKeyUtil;
import org.apache.hadoop.fs.FSDataOutputStream; import org.apache.hadoop.fs.FSDataOutputStream;
@@ -39,118 +39,82 @@ public class HDFSOperations {
this.userRepository = userRepository; this.userRepository = userRepository;
} }
// public void uploadFile(byte[] fileData, String hdfsPath, String uploadedFileName, String username) {
// try {
// FileSystem fs = HDFSConfig.getHDFS();
//
// // Create an InputStream from the byte array
// ByteArrayInputStream inputStream = new ByteArrayInputStream(fileData);
//
// // Prepare the path for HDFS
// String finalHdfsPath = hdfsPath.endsWith("/") ? hdfsPath + uploadedFileName : hdfsPath + "/" + uploadedFileName;
//
// // Upload the file directly to HDFS from the InputStream
// Path hdfsFilePath = new Path(finalHdfsPath);
// FSDataOutputStream outputStream = fs.create(hdfsFilePath);
// IOUtils.copyBytes(inputStream, outputStream, 4096, true);
//
// } catch (IOException e) {
// // Handle I/O exception and log the error
// throw new RuntimeException("Failed to upload file to HDFS: " + e.getMessage(), e);
// } catch (Exception e) {
// // Catch any other exceptions
// throw new RuntimeException("Failed to upload file to HDFS: " + e.getMessage(), e);
// }
// }
//
// public void downloadFile(String hdfsEncPath, String localPathWithoutExt, String username) {
// try {
// FileSystem fs = HDFSConfig.getHDFS();
//
// // Extract file name and extension
// String encFileName = new File(hdfsEncPath).getName();
// String originalFileName = encFileName.replace(".enc", "");
// String fileExtension = originalFileName.substring(originalFileName.lastIndexOf(".") + 1);
//
// String fullDecryptedPath = localPathWithoutExt + "/" + originalFileName;
// String encFilePath = fullDecryptedPath + ".enc";
// String keyFilePath = fullDecryptedPath + ".key";
//
// // Download encrypted file and AES key from HDFS
// fs.copyToLocalFile(new Path(hdfsEncPath), new Path(encFilePath));
// fs.copyToLocalFile(new Path(hdfsEncPath.replace(".enc", ".key")), new Path(keyFilePath));
//
// // Read the encrypted AES key
// byte[] encryptedAesKey = Files.readAllBytes(Paths.get(keyFilePath));
// System.out.println("Length of encrypted AES key: " + encryptedAesKey.length);
//
// // Retrieve the RSA private key for the user
// User user = userRepository.findByUsername(username)
// .orElseThrow(() -> new RuntimeException("User not found"));
// PrivateKey privateKey = RSAKeyUtil.getPrivateKeyFromBytes(user.getPrivateKey());
//
// Cipher rsaCipher = Cipher.getInstance("RSA");
// rsaCipher.init(Cipher.DECRYPT_MODE, privateKey);
// byte[] aesKeyBytes = rsaCipher.doFinal(encryptedAesKey);
//
// // Ensure valid AES key length
// if (aesKeyBytes.length != 16 && aesKeyBytes.length != 24 && aesKeyBytes.length != 32) {
// throw new RuntimeException("Invalid AES key length: " + aesKeyBytes.length + " bytes");
// }
//
// SecretKey aesKey = new SecretKeySpec(aesKeyBytes, 0, aesKeyBytes.length, "AES");
//
// // Read the encrypted file content
// byte[] encryptedFileContent = Files.readAllBytes(Paths.get(encFilePath));
//
// // Decrypt the file content using AES
// Cipher aesCipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); // Specify padding
// aesCipher.init(Cipher.DECRYPT_MODE, aesKey);
// byte[] decryptedFileContent = aesCipher.doFinal(encryptedFileContent);
//
// // Write the decrypted content to the original file
// Files.write(Paths.get(fullDecryptedPath + "." + fileExtension), decryptedFileContent);
//
// // Cleanup temporary files
// Files.deleteIfExists(Paths.get(encFilePath));
// Files.deleteIfExists(Paths.get(keyFilePath));
//
// } catch (Exception e) {
// throw new RuntimeException("Failed to download or decrypt file: " + e.getMessage(), e);
// }
// }
public void uploadFile(byte[] fileData, String hdfsPath, String uploadedFileName, String username) { public void uploadFile(byte[] fileData, String hdfsPath, String uploadedFileName, String username) {
try { try {
FileSystem fs = HDFSConfig.getHDFS(); FileSystem fs = HDFSConfig.getHDFS();
// Create an InputStream from the byte array
ByteArrayInputStream inputStream = new ByteArrayInputStream(fileData); ByteArrayInputStream inputStream = new ByteArrayInputStream(fileData);
// Prepare the path for HDFS
String finalHdfsPath = hdfsPath.endsWith("/") ? hdfsPath + uploadedFileName : hdfsPath + "/" + uploadedFileName; String finalHdfsPath = hdfsPath.endsWith("/") ? hdfsPath + uploadedFileName : hdfsPath + "/" + uploadedFileName;
// Upload the file directly to HDFS from the InputStream
Path hdfsFilePath = new Path(finalHdfsPath); Path hdfsFilePath = new Path(finalHdfsPath);
try (FSDataOutputStream outputStream = fs.create(hdfsFilePath)) { FSDataOutputStream outputStream = fs.create(hdfsFilePath);
IOUtils.copyBytes(inputStream, outputStream, 4096, true); IOUtils.copyBytes(inputStream, outputStream, 4096, true);
}
} catch (IOException e) { } catch (IOException e) {
// Handle I/O exception and log the error
throw new RuntimeException("Failed to upload file to HDFS: " + e.getMessage(), e); throw new RuntimeException("Failed to upload file to HDFS: " + e.getMessage(), e);
} catch (Exception e) { } catch (Exception e) {
throw new RuntimeException(e); // Catch any other exceptions
throw new RuntimeException("Failed to upload file to HDFS: " + e.getMessage(), e);
} }
} }
public void downloadFile(String hdfsEncPath, String localPathWithoutExt, String username) { public void downloadFile(String hdfsEncPath, String localPathWithoutExt, String username) {
try { try {
FileSystem fs = HDFSConfig.getHDFS(); FileSystem fs = HDFSConfig.getHDFS();
String encFilePath = localPathWithoutExt + ".enc";
fs.copyToLocalFile(new Path(hdfsEncPath), new Path(encFilePath));
// Extract file name and extension
String encFileName = new File(hdfsEncPath).getName();
String originalFileName = encFileName.replace(".enc", "");
String fileExtension = originalFileName.substring(originalFileName.lastIndexOf(".") + 1);
String fullDecryptedPath = localPathWithoutExt + "/" + originalFileName;
String encFilePath = fullDecryptedPath + ".enc";
String keyFilePath = fullDecryptedPath + ".key";
// Download encrypted file and AES key from HDFS
fs.copyToLocalFile(new Path(hdfsEncPath), new Path(encFilePath));
fs.copyToLocalFile(new Path(hdfsEncPath.replace(".enc", ".key")), new Path(keyFilePath));
// Read the encrypted AES key
byte[] encryptedAesKey = Files.readAllBytes(Paths.get(keyFilePath));
System.out.println("Length of encrypted AES key: " + encryptedAesKey.length);
// Retrieve the RSA private key for the user
User user = userRepository.findByUsername(username) User user = userRepository.findByUsername(username)
.orElseThrow(() -> new RuntimeException("User not found")); .orElseThrow(() -> new RuntimeException("User not found"));
PrivateKey privateKey = RSAKeyUtil.getPrivateKeyFromBytes(user.getPrivateKey()); PrivateKey privateKey = RSAKeyUtil.getPrivateKeyFromBytes(user.getPrivateKey());
byte[] encryptedFileContent = Files.readAllBytes(Paths.get(encFilePath)); Cipher rsaCipher = Cipher.getInstance("RSA");
byte[] decryptedFileContent = RSAKeyUtil.decrypt(encryptedFileContent, privateKey); rsaCipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] aesKeyBytes = rsaCipher.doFinal(encryptedAesKey);
Files.write(Paths.get(localPathWithoutExt), decryptedFileContent); // Ensure valid AES key length
if (aesKeyBytes.length != 16 && aesKeyBytes.length != 24 && aesKeyBytes.length != 32) {
throw new RuntimeException("Invalid AES key length: " + aesKeyBytes.length + " bytes");
}
SecretKey aesKey = new SecretKeySpec(aesKeyBytes, 0, aesKeyBytes.length, "AES");
// Read the encrypted file content
byte[] encryptedFileContent = Files.readAllBytes(Paths.get(encFilePath));
// Decrypt the file content using AES
Cipher aesCipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); // Specify padding
aesCipher.init(Cipher.DECRYPT_MODE, aesKey);
byte[] decryptedFileContent = aesCipher.doFinal(encryptedFileContent);
// Write the decrypted content to the original file
Files.write(Paths.get(fullDecryptedPath + "." + fileExtension), decryptedFileContent);
// Cleanup temporary files
Files.deleteIfExists(Paths.get(encFilePath)); Files.deleteIfExists(Paths.get(encFilePath));
Files.deleteIfExists(Paths.get(keyFilePath));
} catch (Exception e) { } catch (Exception e) {
throw new RuntimeException("Failed to download or decrypt file: " + e.getMessage(), e); throw new RuntimeException("Failed to download or decrypt file: " + e.getMessage(), e);
} }
src/main/java/com/skycrate/backend/skycrateBackend/services/JwtService.java
+53 -39
View File
@@ -1,69 +1,83 @@
package com.skycrate.backend.skycrateBackend.services; package com.skycrate.backend.skycrateBackend.services;
import com.skycrate.backend.skycrateBackend.entity.User; import java.security.Key;
import io.jsonwebtoken.*; import java.util.Date;
import io.jsonwebtoken.io.Decoders; import java.util.HashMap;
import io.jsonwebtoken.security.Keys; import java.util.Map;
import java.util.function.Function;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import java.security.Key; import io.jsonwebtoken.Claims;
import java.util.Date; import io.jsonwebtoken.Jwts;
import java.util.function.Function; import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys;
@Service @Service
public class JwtService { public class JwtService {
@Value("${security.jwt.secret-key}") @Value("${security.jwt.secret-key}")
private String secretKey; private String secretKey;
@Value("${security.jwt.expiration-time}") @Value("${security.jwt.expiration-time}")
private long expirationTime; private long jwtExpiration;
private static final String SECRET_KEY = "PPp27xSTfBwOpRn4/AV6gPzQSnQg+Oi80KdWfCcuAHs="; public String extractUsername(String token){
return extractClaim(token,Claims::getSubject);
private Key getSigningKey() {
byte[] keyBytes = Decoders.BASE64.decode(SECRET_KEY);
return Keys.hmacShaKeyFor(keyBytes);
} }
public String extractUsername(String token) { public <T> T extractClaim(String token,Function<Claims,T> claimsResolver){
return extractClaim(token, Claims::getSubject); final Claims claims=extractAllClaims(token);
}
public Date extractExpiration(String token) {
return extractClaim(token, Claims::getExpiration);
}
public <T> T extractClaim(String token, Function<Claims, T> claimsResolver) {
Claims claims = Jwts.parserBuilder()
.setSigningKey(getSigningKey())
.build()
.parseClaimsJws(token)
.getBody();
return claimsResolver.apply(claims); return claimsResolver.apply(claims);
}
public String generateToken(UserDetails userDetails) {
return generateToken(new HashMap<>(), userDetails);
}
public String generateToken(Map<String, Object> extraClaims, UserDetails userDetails) {
return buildToken(extraClaims, userDetails, jwtExpiration);
}
public long getExpirtationTime(){
return jwtExpiration;
}
private String buildToken(Map<String,Object> extraClaims,UserDetails userDetails,long expiration){
return Jwts.builder().setClaims(extraClaims).setSubject(userDetails.getUsername())
.setIssuedAt(new Date(System.currentTimeMillis()))
.setExpiration(new Date(System.currentTimeMillis() + expiration))
.signWith(getSignInKey(), SignatureAlgorithm.HS256)
.compact();
} }
public boolean isTokenValid(String token, UserDetails userDetails) { public boolean isTokenValid(String token, UserDetails userDetails) {
final String username = extractUsername(token); final String username = extractUsername(token);
return (username.equals(userDetails.getUsername()) && !isTokenExpired(token)); return (username.equals(userDetails.getUsername())) && !isTokenExpired(token);
} }
public boolean isTokenExpired(String token) { private boolean isTokenExpired(String token) {
return extractExpiration(token).before(new Date()); return extractExpiration(token).before(new Date());
} }
public String generateToken(UserDetails userDetails) { private Date extractExpiration(String token) {
return Jwts.builder() return extractClaim(token, Claims::getExpiration);
.setSubject(userDetails.getUsername())
.setIssuedAt(new Date())
.setExpiration(new Date(System.currentTimeMillis() + expirationTime))
.signWith(getSigningKey(), SignatureAlgorithm.HS256)
.compact();
} }
public String generateToken(User user) { private Claims extractAllClaims(String token) {
return generateToken((UserDetails) user); return Jwts
.parserBuilder()
.setSigningKey(getSignInKey())
.build()
.parseClaimsJws(token)
.getBody();
}
private Key getSignInKey() {
byte[] keyBytes = Decoders.BASE64.decode(secretKey);
return Keys.hmacShaKeyFor(keyBytes);
} }
} }
src/main/java/com/skycrate/backend/skycrateBackend/services/RateLimiterService.java
-23
View File
@@ -1,23 +0,0 @@
// NEED TO IMPLEMENT SAHI SE
package com.skycrate.backend.skycrateBackend.services;
import org.springframework.stereotype.Service;
import java.util.concurrent.ConcurrentHashMap;
@Service
public class RateLimiterService {
private final ConcurrentHashMap<String, Integer> attempts = new ConcurrentHashMap<>();
public boolean isBlocked(String ip) {
return attempts.getOrDefault(ip, 0) >= 5;
}
public void recordFailedAttempt(String ip) {
attempts.put(ip, attempts.getOrDefault(ip, 0) + 1);
}
public void resetAttempts(String ip) {
attempts.remove(ip);
}
}
src/main/java/com/skycrate/backend/skycrateBackend/services/RefreshTokenService.java
-50
View File
@@ -1,50 +0,0 @@
package com.skycrate.backend.skycrateBackend.services;
import com.skycrate.backend.skycrateBackend.entity.RefreshToken;
import com.skycrate.backend.skycrateBackend.entity.User;
import com.skycrate.backend.skycrateBackend.repository.RefreshTokenRepository;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.time.Instant;
import java.util.Optional;
import java.util.UUID;
@Service
public class RefreshTokenService {
private final RefreshTokenRepository refreshTokenRepo;
@Value("${security.jwt.refresh-expiry-ms:604800000}") // 7 days default
private Long refreshTokenDurationMs;
public RefreshTokenService(RefreshTokenRepository refreshTokenRepo) {
this.refreshTokenRepo = refreshTokenRepo;
}
@Transactional
public RefreshToken createRefreshToken(User user) {
refreshTokenRepo.deleteByUser(user);
refreshTokenRepo.flush();
RefreshToken token = new RefreshToken();
token.setUser(user);
token.setExpiryDate(Instant.now().plusMillis(refreshTokenDurationMs));
token.setToken(UUID.randomUUID().toString());
return refreshTokenRepo.save(token);
}
public Optional<RefreshToken> findByToken(String token) {
return refreshTokenRepo.findByToken(token);
}
public boolean isExpired(RefreshToken token) {
return token.getExpiryDate().isBefore(Instant.now());
}
@Transactional
public void deleteByUser(User user) {
refreshTokenRepo.deleteByUser(user);
}
}
src/main/java/com/skycrate/backend/skycrateBackend/services/UserService.java
-52
View File
@@ -1,52 +0,0 @@
package com.skycrate.backend.skycrateBackend.services;
import com.skycrate.backend.skycrateBackend.dto.SignupRequest;
import com.skycrate.backend.skycrateBackend.entity.User;
import com.skycrate.backend.skycrateBackend.repository.UserRepository;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.web.client.RestTemplate;
import java.math.BigInteger;
import java.security.MessageDigest;
@Service
public class UserService {
private final UserRepository userRepository;
private final PasswordEncoder passwordEncoder;
public UserService(UserRepository userRepository, PasswordEncoder passwordEncoder) {
this.userRepository = userRepository;
this.passwordEncoder = passwordEncoder;
}
public void registerUser(SignupRequest request) {
if (isPasswordPwned(request.getPassword())) {
throw new IllegalArgumentException("Password has been compromised in data breaches.");
}
User user = new User();
user.setUsername(request.getUsername());
user.setEmail(request.getEmail());
user.setPassword(passwordEncoder.encode(request.getPassword()));
userRepository.save(user);
}
private boolean isPasswordPwned(String password) {
try {
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] hash = md.digest(password.getBytes());
String fullHash = String.format("%040x", new BigInteger(1, hash)).toUpperCase();
String prefix = fullHash.substring(0, 5);
String suffix = fullHash.substring(5);
RestTemplate restTemplate = new RestTemplate();
String response = restTemplate.getForObject("https://api.pwnedpasswords.com/range/" + prefix, String.class);
return response != null && response.contains(suffix);
} catch (Exception e) {
return false; // If API fails, allow but log in production
}
}
}
src/main/java/com/skycrate/backend/skycrateBackend/utils/EncryptionUtil.java
-94
View File
@@ -1,94 +0,0 @@
package com.skycrate.backend.skycrateBackend.utils;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.*;
import java.security.*;
import javax.crypto.spec.PBEKeySpec;
import java.util.Arrays;
public class EncryptionUtil {
private static final int SALT_LENGTH = 16;
private static final int IV_LENGTH = 16;
private static final int ITERATIONS = 65536;
private static final int KEY_LENGTH = 256;
private static final String PBKDF2_ALGORITHM = "PBKDF2WithHmacSHA1";
private static final String AES_CIPHER = "AES/CBC/PKCS5Padding";
private static final String RSA_CIPHER = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
private static final SecureRandom secureRandom = new SecureRandom();
// ------------------------ AES ------------------------
public static byte[] generateSalt() {
byte[] salt = new byte[SALT_LENGTH];
secureRandom.nextBytes(salt);
return salt;
}
public static byte[] generateIv() {
byte[] iv = new byte[IV_LENGTH];
secureRandom.nextBytes(iv);
return iv;
}
public static SecretKey deriveKey(char[] password, byte[] salt) throws Exception {
SecretKeyFactory factory = SecretKeyFactory.getInstance(PBKDF2_ALGORITHM);
PBEKeySpec spec = new PBEKeySpec(password, salt, ITERATIONS, KEY_LENGTH);
SecretKey tmp = factory.generateSecret(spec);
return new SecretKeySpec(tmp.getEncoded(), "AES");
}
public static SecretKey generateAESKey() throws Exception {
byte[] keyBytes = new byte[KEY_LENGTH / 8]; // 256 bits
secureRandom.nextBytes(keyBytes);
return new SecretKeySpec(keyBytes, "AES");
}
public static SecretKey rebuildAESKey(byte[] keyBytes) {
return new SecretKeySpec(keyBytes, "AES");
}
public static byte[] encrypt(byte[] plaintext, SecretKey key, byte[] iv) throws Exception {
Cipher cipher = Cipher.getInstance(AES_CIPHER);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec);
return cipher.doFinal(plaintext);
}
public static byte[] decrypt(byte[] ciphertext, SecretKey key, byte[] iv) throws Exception {
Cipher cipher = Cipher.getInstance(AES_CIPHER);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
cipher.init(Cipher.DECRYPT_MODE, key, ivSpec);
return cipher.doFinal(ciphertext);
}
// ------------------------ RSA ------------------------
public static byte[] encryptRSA(byte[] data, PublicKey publicKey) throws Exception {
Cipher cipher = Cipher.getInstance(RSA_CIPHER);
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
return cipher.doFinal(data);
}
public static byte[] decryptRSA(byte[] data, PrivateKey privateKey) throws Exception {
Cipher cipher = Cipher.getInstance(RSA_CIPHER);
cipher.init(Cipher.DECRYPT_MODE, privateKey);
return cipher.doFinal(data);
}
// --------- Encrypt/decrypt RSA private key using AES derived from password ---------
public static byte[] encryptPrivateKey(PrivateKey privateKey, String password, byte[] salt, byte[] iv) throws Exception {
SecretKey aesKey = deriveKey(password.toCharArray(), salt);
return encrypt(privateKey.getEncoded(), aesKey, iv);
}
public static byte[] decryptPrivateKey(byte[] encryptedPrivateKey, String password, byte[] salt, byte[] iv) throws Exception {
SecretKey aesKey = deriveKey(password.toCharArray(), salt);
return decrypt(encryptedPrivateKey, aesKey, iv);
}
}
src/main/java/com/skycrate/backend/skycrateBackend/utils/RSAKeyUtil.java
+13 -16
View File
@@ -29,45 +29,42 @@ public class RSAKeyUtil {
return keyFactory.generatePrivate(spec); return keyFactory.generatePrivate(spec);
} }
// Shorthand decode aliases
public static PublicKey decodePublicKey(byte[] publicKeyBytes) throws Exception {
return getPublicKeyFromBytes(publicKeyBytes);
}
public static PrivateKey decodePrivateKey(byte[] privateKeyBytes) throws Exception {
return getPrivateKeyFromBytes(privateKeyBytes);
}
// Encrypt data using RSA (with padding) // Encrypt data using RSA (with padding)
public static byte[] encrypt(byte[] data, PublicKey publicKey) throws Exception { public static byte[] encrypt(byte[] data, PublicKey publicKey) throws Exception {
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); // Specify padding
cipher.init(Cipher.ENCRYPT_MODE, publicKey); cipher.init(Cipher.ENCRYPT_MODE, publicKey);
return cipher.doFinal(data); return cipher.doFinal(data);
} }
// Decrypt data using RSA (with padding) // Decrypt data using RSA (with padding)
public static byte[] decrypt(byte[] encryptedData, PrivateKey privateKey) throws Exception { public static byte[] decrypt(byte[] encryptedData, PrivateKey privateKey) throws Exception {
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); // Specify padding
cipher.init(Cipher.DECRYPT_MODE, privateKey); cipher.init(Cipher.DECRYPT_MODE, privateKey);
return cipher.doFinal(encryptedData); return cipher.doFinal(encryptedData);
} }
// AES key generation // Generate AES Key (128, 192, or 256 bits)
public static SecretKey generateAESKey(int keySize) throws NoSuchAlgorithmException { public static SecretKey generateAESKey(int keySize) throws NoSuchAlgorithmException {
if (keySize != 128 && keySize != 192 && keySize != 256) { if (keySize != 128 && keySize != 192 && keySize != 256) {
throw new IllegalArgumentException("Invalid AES key size. Must be 128, 192, or 256 bits."); throw new IllegalArgumentException("Invalid AES key size. Must be 128, 192, or 256 bits.");
} }
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES"); KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
keyGenerator.init(keySize); keyGenerator.init(keySize); // Specify the key size
return keyGenerator.generateKey(); return keyGenerator.generateKey();
} }
// Encrypt AES Key using RSA
public static byte[] encryptAESKey(SecretKey aesKey, PublicKey publicKey) throws Exception { public static byte[] encryptAESKey(SecretKey aesKey, PublicKey publicKey) throws Exception {
return encrypt(aesKey.getEncoded(), publicKey); return encrypt(aesKey.getEncoded(), publicKey); // Encrypt the AES key using RSA
} }
// Decrypt AES Key using RSA
public static SecretKey decryptAESKey(byte[] encryptedAESKey, PrivateKey privateKey, int keySize) throws Exception { public static SecretKey decryptAESKey(byte[] encryptedAESKey, PrivateKey privateKey, int keySize) throws Exception {
byte[] decryptedKey = decrypt(encryptedAESKey, privateKey); byte[] decryptedKey = decrypt(encryptedAESKey, privateKey); // Decrypt with RSA
return new SecretKeySpec(decryptedKey, 0, decryptedKey.length, "AES"); // Ensure that the decrypted key length matches the expected AES key size
if (decryptedKey.length != keySize / 8) {
throw new IllegalArgumentException("Decrypted key size does not match expected AES key size.");
}
return new SecretKeySpec(decryptedKey, 0, decryptedKey.length, "AES"); // Convert to AES Key
} }
} }
src/main/resources/application-prod.yml
-9
View File
@@ -1,9 +0,0 @@
server:
port: 8443
ssl:
enabled: true
key-store: classpath:keystore.p12
key-store-password: changeit
key-store-type: PKCS12
key-alias: tomcat
src/main/resources/application.properties
+22 -17
View File
@@ -5,13 +5,13 @@ spring.servlet.multipart.max-request-size=1000MB
spring.servlet.multipart.enabled=true spring.servlet.multipart.enabled=true
security.jwt.secret-key=PPp27xSTfBwOpRn4/AV6gPzQSnQg+Oi80KdWfCcuAHs= security.jwt.secret-key=3cfa76ef14937c1c0ea519f8fc057a80fcd04a7420f8e8bcd0a7567c272e007b
security.jwt.expiration-time=3600000 security.jwt.expiration-time=3600000
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQLDialect spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQLDialect
spring.datasource.username=skycrateDB spring.datasource.username=kshitij
spring.datasource.password=loa_dngLLA8729 spring.datasource.password=loa_dngLLA8729
spring.datasource.url=jdbc:mysql://192.168.29.36:3306/skycrate spring.datasource.url=jdbc:mysql://192.168.29.55:3306/skycrate
spring.jpa.hibernate.ddl-auto=update spring.jpa.hibernate.ddl-auto=update
spring.jpa.show-sql=true spring.jpa.show-sql=true
@@ -21,19 +21,24 @@ logging.level.org.springframework.security.config.annotation.authentication.conf
server.port=8080 server.port=8080
server.ssl.enabled=true
server.ssl.key-store=classpath:keystore.p12
server.ssl.key-store-password=changeit
server.ssl.key-store-type=PKCS12
server.ssl.key-alias=mykey
management.endpoints.web.exposure.include=*
management.endpoint.health.show-details=always
management.endpoints.enabled-by-default=true
# Allow unauthenticated access
#management.server.port=8080 # spring.application.name=skycrateBackend
#management.server.ssl.enabled=false
#management.endpoints.web.base-path=/actuator # spring.servlet.multipart.max-file-size=1000MB
#management.endpoints.web.exposure.include=* # spring.servlet.multipart.max-request-size=1000MB
# security.jwt.secret-key=3cfa76ef14937c1c0ea519f8fc057a80fcd04a7420f8e8bcd0a7567c272e007b
# security.jwt.expiration-time=3600000
# spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQLDialect
# spring.datasource.username=root
# spring.datasource.password=sqlsys
# spring.datasource.url=jdbc:mysql://localhost:3306/skycrate
# spring.jpa.hibernate.ddl-auto=update
# spring.jpa.show-sql=true
# spring.jpa.properties.hibernate.format_sql=true
# server.port=8081