fix(sdk): allow SDK to handle protocols in addresses (#70)

TDFs contain embedded URLs, some of which contain protocols. In order
for them to
work with GRPC we need to strip off the protocol.

The logic for ports is to use one if it is specified, otherwise we use
80 if the protocol is `http`,
otherwise use `443`.

Author: mkleene

sdk/src/main/java/io/opentdf/platform/sdk/KASClient.java

@@ -17,18 +17,19 @@
 import io.opentdf.platform.sdk.nanotdf.NanoTDFType;
 import org.bouncycastle.jce.interfaces.ECPublicKey;
 
-import java.io.IOException;
-import java.security.InvalidAlgorithmParameterException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
+import java.net.MalformedURLException;
+import java.net.URL;
 import java.time.Duration;
 import java.time.Instant;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.function.Function;
 
+import static java.lang.String.format;
+
 public class KASClient implements SDK.KAS, AutoCloseable {
 
     private final Function<String, ManagedChannel> channelFactory;
@@ -67,6 +68,33 @@ public String getPublicKey(Config.KASInfo kasInfo) {
                 .getPublicKey();
     }
 
+    private String normalizeAddress(String urlString) {
+        URL url;
+        try {
+            url = new URL(urlString);
+        } catch (MalformedURLException e) {
+            // if there is no protocol then they either gave us
+            // a correct address or one we don't know how to fix
+            return urlString;
+        }
+
+        // otherwise we take the specified port or default
+        // based on whether the URL uses a scheme that
+        // implies TLS
+        int port;
+        if (url.getPort() == -1) {
+            if ("http".equals(url.getProtocol())) {
+                port = 80;
+            } else {
+                port = 443;
+            }
+        } else {
+            port = url.getPort();
+        }
+
+        return format("%s:%d", url.getHost(), port);
+    }
+
     @Override
     public synchronized void close() {
         var entries = new ArrayList<>(stubs.values());
@@ -188,21 +216,22 @@ public byte[] unwrapNanoTDF(NanoTDFType.ECCurve curve, String header, String kas
     private static class CacheEntry {
         final ManagedChannel channel;
         final AccessServiceGrpc.AccessServiceBlockingStub stub;
-
         private CacheEntry(ManagedChannel channel, AccessServiceGrpc.AccessServiceBlockingStub stub) {
             this.channel = channel;
             this.stub = stub;
         }
     }
 
-    private synchronized AccessServiceGrpc.AccessServiceBlockingStub getStub(String url) {
-        if (!stubs.containsKey(url)) {
-            var channel = channelFactory.apply(url);
+    // make this protected so we can test the address normalization logic
+    synchronized AccessServiceGrpc.AccessServiceBlockingStub getStub(String url) {
+        var realAddress = normalizeAddress(url);
+        if (!stubs.containsKey(realAddress)) {
+            var channel = channelFactory.apply(realAddress);
             var stub = AccessServiceGrpc.newBlockingStub(channel);
-            stubs.put(url, new CacheEntry(channel, stub));
+            stubs.put(realAddress, new CacheEntry(channel, stub));
         }
 
-        return stubs.get(url).stub;
+        return stubs.get(realAddress).stub;
     }
 }
 

sdk/src/test/java/io/opentdf/platform/sdk/KASClientTest.java

@@ -24,6 +24,7 @@
 import java.text.ParseException;
 import java.util.Base64;
 import java.util.Random;
+import java.util.concurrent.atomic.AtomicReference;
 import java.util.function.Function;
 
 import static io.opentdf.platform.sdk.SDKBuilderTest.getRandomPort;
@@ -136,6 +137,29 @@ public void rewrap(RewrapRequest request, StreamObserver<RewrapResponse> respons
         }
     }
 
+    @Test
+    public void testAddressNormalization() {
+        var lastAddress = new AtomicReference<String>();
+        var dpopKeypair = CryptoUtils.generateRSAKeypair();
+        var dpopKey = new RSAKey.Builder((RSAPublicKey)dpopKeypair.getPublic()).privateKey(dpopKeypair.getPrivate()).build();
+        var kasClient = new KASClient(addr -> {
+            lastAddress.set(addr);
+            return ManagedChannelBuilder.forTarget(addr).build();
+        }, dpopKey);
+
+        var stub = kasClient.getStub("http://localhost:8080");
+        assertThat(lastAddress.get()).isEqualTo("localhost:8080");
+        var otherStub = kasClient.getStub("https://localhost:8080");
+        assertThat(lastAddress.get()).isEqualTo("localhost:8080");
+        assertThat(stub).isSameAs(otherStub);
+
+        kasClient.getStub("https://example.org");
+        assertThat(lastAddress.get()).isEqualTo("example.org:443");
+
+        kasClient.getStub("http://example.org");
+        assertThat(lastAddress.get()).isEqualTo("example.org:80");
+    }
+
     private static Server startServer(AccessServiceGrpc.AccessServiceImplBase accessService) throws IOException {
         return ServerBuilder
                 .forPort(getRandomPort())