Package org.saidone.service.crypto

Class JcaCryptoServiceImpl

java.lang.Object

org.saidone.component.BaseComponent

org.saidone.service.crypto.AbstractCryptoService

org.saidone.service.crypto.JcaCryptoServiceImpl

All Implemented Interfaces:

CryptoService, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware

@Service
@ConfigurationProperties(prefix="application.service.vault.encryption.jca")
@ConditionalOnExpression("${application.service.vault.encryption.enabled}.equals(true) and \'${application.service.vault.encryption.impl}\'.equals(\'jca\')")
public class JcaCryptoServiceImpl
extends AbstractCryptoService
implements CryptoService

CryptoService implementation based on the JCA provider. It encrypts and decrypts data using AES in GCM mode. The bean is active when both application.service.vault.encryption.enabled is set to true and application.service.vault.encryption.impl is set to jca. Random salt and IV values are produced for every operation and the secret key is derived using the configured KDF implementation.

Nested Class Summary

Nested classes/interfaces inherited from class org.saidone.service.crypto.AbstractCryptoService

AbstractCryptoService.Kdf

Field Summary

Fields inherited from class org.saidone.service.crypto.AbstractCryptoService

kdf

Constructor Summary

Constructors

Constructor	Description
JcaCryptoServiceImpl()

Method Summary

Modifier and Type	Method	Description
void	configure(EncryptionConfig properties)	Injects encryption configuration properties.
InputStream	decrypt(InputStream inputStream)	Decrypts an AES-GCM encrypted stream.
InputStream	encrypt(InputStream inputStream, Secret secret)	Encrypts a data stream using AES-GCM authenticated encryption.

Methods inherited from class org.saidone.service.crypto.AbstractCryptoService

decryptText, deriveSecretKey, encryptText

Methods inherited from class org.saidone.component.BaseComponent

init, setApplicationContext, shutDown, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.saidone.service.crypto.CryptoService

decryptText, encryptText

Constructor Details

JcaCryptoServiceImpl

public JcaCryptoServiceImpl()

Method Details

configure

@Autowired
public void configure(EncryptionConfig properties)

Injects encryption configuration properties.

Parameters:

properties - resolved encryption configuration

encrypt

public InputStream encrypt(InputStream inputStream,
 Secret secret)

Encrypts a data stream using AES-GCM authenticated encryption.

The encryption process follows these steps: 1. Generates random salt and IV 2. Derives encryption key from salt using configured KDF 3. Initializes AES-GCM cipher 4. Prepends key version+salt+IV to encrypted stream

The output stream format is: [key version][salt][IV][encrypted data]

Specified by:

encrypt in interface CryptoService

Parameters:

inputStream - The plaintext input data to be encrypted

secret - secret material used to derive the encryption key

Returns:

An InputStream containing concatenated salt, IV and encrypted data

Throws:

RuntimeException - if any error occurs during the encryption process

decrypt

public InputStream decrypt(InputStream inputStream)

Decrypts an AES-GCM encrypted stream.

The decryption process follows these steps: 1. Reads key version, salt and IV from stream header 2. Derives decryption key from salt 3. Initializes cipher for decryption 4. Returns decrypting stream for remaining data

Expected input format: [key version][salt][IV][encrypted data] where: - key version length = 4 bytes - salt length = saltLength bytes - IV length = ivLength bytes

Specified by:

decrypt in interface CryptoService

Parameters:

inputStream - InputStream containing encrypted data with prepended salt and IV

Returns:

An InputStream yielding the decrypted data

Throws:

RuntimeException - if any error occurs during the decryption process