System Architecture and Secure Data Processing
Client Library Integration​
The system provides a dedicated Java library for client integration.
Integration Details​
- Library Location: https://mvnrepository.com/artifact/io.bitdive
- Type: Java Library
- Purpose: Client-side integration for secure file processing
Maven Integration​
<dependency>
<groupId>io.bitdive</groupId>
<artifactId>bitdive-producer-spring-3</artifactId>
<version>0.0.15</version>
</dependency>
Usage​
- Add the dependency to your Java application
- Initialize the client with appropriate configuration
- Use the provided methods for secure file processing
System Architecture Overview​
The system consists of multiple microservices designed to handle secure file processing, storage, and data management.
Architecture Diagram​
Key Components​
Core Services​
- Frontend: User interface service
- File Acceptor: Handles file reception and signature verification
- Flink Load: Processes files and manages database operations
- Monitoring API: Handles UI data processing and monitoring
Infrastructure Services​
- Vault: Manages secrets and SSL certificates
- PostgreSQL: Primary database for structured data
- MinIO: Object storage for files
- Keycloak: Identity and access management
Security Features​
- Automated SSL certificate generation on container startup
- Vault-based SSL certificate management
- Secure service-to-service communication
File Transfer Process​
This section describes the secure process of transferring files from client to server.
Process Diagram​
Process Steps​
-
Initial File Preparation
- Java application prepares and archives files
- Files are prepared for secure transfer
-
Key Management
- Public key retrieval for signature verification (24-hour rotation)
- Encryption and signing key management
- Local key storage for high-volume processing
-
Security Measures
- AES/GCM/NoPadding encryption
- SHA256withECDSA file signatures
- SSL-secured transfer
-
File Storage
- Signature verification on receipt
- Encrypted storage in MinIO
File Processing and Database Integration​
Details the process of processing files and integrating data into the database.
Process Diagram​
Process Flow​
-
File Retrieval
- Secure retrieval from MinIO storage
- Encrypted file handling
-
Processing
- Secure key retrieval from Vault
- File decryption
- Data processing and grouping
-
Database Integration
- SSL certificate management (24-hour rotation)
- AES CBC mode encryption
- Secure PostgreSQL integration
Frontend Operations​
Describes the frontend interaction with backend services.
Process Diagram​
Security Considerations​
-
SSL Implementation
- SSL connection support
- Company-wide certificate distribution required
- Browser trust management
-
Data Flow
- Secure communication with Monitoring API
- SSL-protected database queries
- Encrypted data handling
Important Notes​
- SSL certificates must be properly distributed to prevent browser trust issues
- All production data access requires SSL encryption
- Regular certificate rotation ensures security
- Browser security warnings will appear without proper certificate setup
Security Best Practices​
- Regular certificate rotation (24-hour cycle)
- Encrypted data storage
- Secure key management
- SSL implementation throughout
- Regular security audits
- Proper certificate distribution
System Requirements​
- Docker and Docker Compose
- Java Runtime Environment
- SSL Certificate Infrastructure
- Adequate Storage for MinIO
- PostgreSQL Database System
- Network Security Infrastructure
Troubleshooting​
-
Browser Trust Issues
- Verify SSL certificate distribution
- Check certificate validity
- Ensure proper certificate installation
-
File Transfer Issues
- Verify key availability
- Check SSL certificate status
- Confirm proper encryption
-
Database Connection Issues
- Verify SSL configuration
- Check certificate rotation
- Confirm security protocol compliance