feat: implement JCE crypto adapter and harden registration infrastructure#19
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 14a0ea3d0b
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b46f881e7c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Treszyk
force-pushed
the
feat/registration-infra
branch
from
dce0469 to
d1f87e7
Compare
|
Codex Review: Didn't find any major issues. 👍 ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
Treszyk
force-pushed
the
feat/registration-infra
branch
from
d1f87e7 to
a643e91
Compare
1 participant
Summary
Implements the infrastructure-layer cryptographic adapter for the Java-based Vaulton port, ensuring strict parity with the legacy .NET backend. This PR externalizes security configuration (PBKDF2 iterations and peppers) and implements robust JCE-based memory management to fulfill the "Fortress" architectural standard.
Key Changes
JceCryptoAdapterimplementation for theCryptoServiceport, utilizing standard JCA for PBKDF2-HMAC-SHA256 and deterministic fake salt generation.UserCreationServiceImplto utilize constructor-injected security parameters, removing hardcoded constants and moving security policy control to the application layer.try-finallyblocks and explicit zeroization of ephemeral byte/char arrays,PBEKeySpec, andMacstates.Verification
JceCryptoAdapterTestto verify secure random generation, hashing consistency, and deterministic salt binding.UserCreationServiceTestpasses with the new configurable infrastructure parameters.