Skip to content

feat: add system metadata assertion #270

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mkleene merged 25 commits into from
Jul 24, 2025
Merged

feat: add system metadata assertion #270

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
d6db7c5
feat: add system metadata assertion
strantalis Jun 16, 2025
d874253
fix compilation issues
strantalis Jun 16, 2025
a7b5ec6
more changes
strantalis Jun 16, 2025
e395504
add version.properties
strantalis Jun 16, 2025
c048381
add resources
strantalis Jun 16, 2025
22dae57
add sdk info class
strantalis Jun 16, 2025
8b561ed
fix missing period
strantalis Jun 16, 2025
883fa4f
fix test
strantalis Jun 16, 2025
2d82df3
validate assertion values
strantalis Jun 16, 2025
32e1e39
minor fixes
strantalis Jun 16, 2025
30b3516
simplify sdk version info
strantalis Jun 17, 2025
adebc5e
change assertion id
strantalis Jun 17, 2025
6990a6c
change schema
strantalis Jun 17, 2025
82e7422
fix test
strantalis Jun 17, 2025
8fee07c
fix base assertion string
strantalis Jun 17, 2025
e72fbe3
fix assertion check
strantalis Jun 17, 2025
5492e2f
remove automatically enabling system metadata assertion
strantalis Jun 17, 2025
2a462d1
Merge remote-tracking branch 'origin/main' into dspx-817/add-system-a…
mkleene Jul 22, 2025
174ef3d
see what happens with it enabled
mkleene Jul 22, 2025
8aad1a6
point it at the branch
mkleene Jul 23, 2025
50f6008
see if this will get us the right version
mkleene Jul 23, 2025
32cfab9
Update checks.yaml
mkleene Jul 23, 2025
0498097
Update Version.java
mkleene Jul 24, 2025
1bfb7db
Merge branch 'main' into dspx-817/add-system-assertions
mkleene Jul 24, 2025
3faf37f
recover from bad merge
mkleene Jul 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
78 changes: 49 additions & 29 deletions sdk/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<name>io.opentdf.platform:sdk</name>
<artifactId>sdk</artifactId>
Expand All @@ -11,7 +13,8 @@
<packaging>jar</packaging>
<properties>
<jazzer.version>0.22.1</jazzer.version>
<jazzer.baseurl>https://github.com/CodeIntelligenceTesting/jazzer/releases/download/v${jazzer.version}</jazzer.baseurl>
<jazzer.baseurl>
https://github.com/CodeIntelligenceTesting/jazzer/releases/download/v${jazzer.version}</jazzer.baseurl>
<kotlin.version>2.1.0</kotlin.version>
<connect.version>0.7.2</connect.version>
<okhttp.version>4.12.0</okhttp.version>
Expand Down Expand Up @@ -287,6 +290,12 @@
</dependency>
</dependencies>
<build>
<resources>
<resource>
<directory>src/main/resources</directory>
<filtering>true</filtering>
</resource>
</resources>
<plugins>
<!-- Plugin to create source JAR -->
<plugin>
Expand Down Expand Up @@ -362,17 +371,18 @@
<target>
<!-- Generate OpenTDF Platform Protobuf -->
<exec executable="buf" dir="." failOnError="true">
<arg value="generate"/>
<arg value="https://github.com/opentdf/platform.git#branch=${platform.branch},subdir=service"/>
<arg value="-o"/>
<arg value="target"/>
<arg value="generate" />
<arg
value="https://github.com/opentdf/platform.git#branch=${platform.branch},subdir=service" />
<arg value="-o" />
<arg value="target" />
</exec>
<!-- Generate gRPC Protobuf -->
<exec executable="buf" dir="." failOnError="true">
<arg value="generate"/>
<arg value="buf.build/grpc-ecosystem/grpc-gateway"/>
<arg value="-o"/>
<arg value="target"/>
<arg value="generate" />
<arg value="buf.build/grpc-ecosystem/grpc-gateway" />
<arg value="-o" />
<arg value="target" />
</exec>
</target>
</configuration>
Expand Down Expand Up @@ -475,7 +485,8 @@
</plugin>
</plugins>
</build>
<!--profile to execute fuzz test -->
<!--profile
to execute fuzz test -->
<profiles>
<profile>
<id>fuzz</id>
Expand All @@ -499,18 +510,21 @@
<configuration>
<target>
<condition property="jazzer.os" value="windows">
<os family="windows"/>
<os family="windows" />
</condition>
<condition property="jazzer.os" value="macos">
<os family="mac"/>
<os family="mac" />
</condition>
<condition property="jazzer.os" value="linux">
<os family="unix"/>
<os family="unix" />
</condition>
<echo message="Detected OS: ${jazzer.os}"/>
<mkdir dir="${project.build.directory}/jazzer"/>
<get src="${jazzer.baseurl}/jazzer-${jazzer.os}.tar.gz" dest="${project.build.directory}/jazzer/jazzer.tar.gz"/>
<untar compression="gzip" src="${project.build.directory}/jazzer/jazzer.tar.gz" dest="${project.build.directory}/jazzer"/>
<echo message="Detected OS: ${jazzer.os}" />
<mkdir dir="${project.build.directory}/jazzer" />
<get src="${jazzer.baseurl}/jazzer-${jazzer.os}.tar.gz"
dest="${project.build.directory}/jazzer/jazzer.tar.gz" />
<untar compression="gzip"
src="${project.build.directory}/jazzer/jazzer.tar.gz"
dest="${project.build.directory}/jazzer" />
</target>
</configuration>
<goals>
Expand Down Expand Up @@ -552,22 +566,28 @@
<configuration>
<target>
<path id="project.classpath">
<pathelement location="${project.build.directory}/classes"/>
<pathelement location="${project.build.directory}/test-classes"/>
<fileset dir="${project.build.directory}/dependency-jars">
<include name="**/*.jar"/>
<pathelement
location="${project.build.directory}/classes" />
<pathelement
location="${project.build.directory}/test-classes" />
<fileset
dir="${project.build.directory}/dependency-jars">
<include name="**/*.jar" />
</fileset>
</path>
<pathconvert property="project.classpath.string" pathsep="${path.separator}">
<path refid="project.classpath"/>
<pathconvert property="project.classpath.string"
pathsep="${path.separator}">
<path refid="project.classpath" />
</pathconvert>
<property environment="env"/>
<property environment="env" />

<chmod file="${project.build.directory}/jazzer/jazzer" perm="777"/>
<chmod file="${project.build.directory}/jazzer/jazzer"
perm="777" />

<exec executable="bash">
<arg value="-c"/>
<arg value="if [ -z &quot;${JAVA_HOME}&quot; ]; then JAVA_HOME=$(dirname $(dirname $(which java))); fi; DYLD_LIBRARY_PATH=$(find &quot;${JAVA_HOME}&quot; -type d | grep 'libexec/openjdk.jdk/Contents/Home/lib/server' 2&gt;/dev/null | head -n 1); if [ -z &quot;${DYLD_LIBRARY_PATH}&quot; ]; then DYLD_LIBRARY_PATH=&quot;${JAVA_HOME}/lib/server&quot;; fi; export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}; ${project.build.directory}/jazzer/jazzer --cp='${project.classpath.string}' --target_class='io.opentdf.platform.sdk.Fuzzing' --instrumentation_includes='io.opentdf.platform.sdk.**' ${jazzer.testDir}"/>
<arg value="-c" />
<arg
value="if [ -z &quot;${JAVA_HOME}&quot; ]; then JAVA_HOME=$(dirname $(dirname $(which java))); fi; DYLD_LIBRARY_PATH=$(find &quot;${JAVA_HOME}&quot; -type d | grep 'libexec/openjdk.jdk/Contents/Home/lib/server' 2&gt;/dev/null | head -n 1); if [ -z &quot;${DYLD_LIBRARY_PATH}&quot; ]; then DYLD_LIBRARY_PATH=&quot;${JAVA_HOME}/lib/server&quot;; fi; export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}; ${project.build.directory}/jazzer/jazzer --cp='${project.classpath.string}' --target_class='io.opentdf.platform.sdk.Fuzzing' --instrumentation_includes='io.opentdf.platform.sdk.**' ${jazzer.testDir}" />
</exec>
</target>
</configuration>
Expand All @@ -581,4 +601,4 @@
</build>
</profile>
</profiles>
</project>
</project>
88 changes: 87 additions & 1 deletion sdk/src/main/java/io/opentdf/platform/sdk/AssertionConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,17 @@
package io.opentdf.platform.sdk;

import com.google.gson.Gson;
import com.google.gson.annotations.SerializedName;

import java.net.InetAddress;
import java.net.UnknownHostException;
import java.time.OffsetDateTime;
import java.time.format.DateTimeFormatter;
import java.util.Objects;

/**
* Represents the configuration for assertions, encapsulating various types, scopes, states, keys,
* Represents the configuration for assertions, encapsulating various types,
* scopes, states, keys,
* and statements involved in assertion handling.
*/
public class AssertionConfig {
Expand Down Expand Up @@ -120,4 +127,83 @@ public int hashCode() {
public AppliesToState appliesToState;
public Statement statement;
public AssertionKey signingKey;

/**
* Inner class to hold system metadata for assertion.
* Fields are named to match the JSON output of the original Go function.
*/
static private class SystemMetadata {
@SerializedName("tdf_spec_version")
final String tdfSpecVersion;

@SerializedName("creation_date")
final String creationDate;

@SerializedName("operating_system")
final String operatingSystem;

@SerializedName("sdk_version")
final String sdkVersion;

@SerializedName("java_version") // Corresponds to "go_version" in the Go example
final String javaVersion;

@SerializedName("architecture")
final String architecture;

SystemMetadata(String tdfSpecVersion, String creationDate, String operatingSystem,
String sdkVersion, String javaVersion, String architecture) {
this.tdfSpecVersion = tdfSpecVersion;
this.creationDate = creationDate;
this.operatingSystem = operatingSystem;
this.sdkVersion = sdkVersion;
this.javaVersion = javaVersion;
this.architecture = architecture;
}
}

/**
* Returns a default assertion configuration with predefined system metadata.
* This method mimics the behavior of the Go function
* GetSystemMetadataAssertionConfig.
*
* @param tdfSpecVersionFromSDK The TDF specification version (e.g., "4.3.0").
* @param sdkInternalVersion The internal version of this SDK (e.g.,
* "1.0.0"), which will be prefixed with "Java-".
* @return An {@link AssertionConfig} populated with system metadata.
* @throws SDKException if there's an error marshalling the metadata to JSON.
*/
public static AssertionConfig getSystemMetadataAssertionConfig(String tdfSpecVersionFromSDK,
String sdkInternalVersion) {
String creationDate = OffsetDateTime.now().format(DateTimeFormatter.ISO_OFFSET_DATE_TIME);
String operatingSystem = System.getProperty("os.name");
String sdkVersion = "Java-" + sdkInternalVersion;
String javaVersion = System.getProperty("java.version");
String architecture = System.getProperty("os.arch");

SystemMetadata metadata = new SystemMetadata(tdfSpecVersionFromSDK, creationDate, operatingSystem,
sdkVersion, javaVersion, architecture);

Gson gson = new Gson(); // A new Gson instance is used for simplicity here.
String metadataJSON;
try {
metadataJSON = gson.toJson(metadata);
} catch (com.google.gson.JsonIOException | com.google.gson.JsonSyntaxException e) {
throw new SDKException("Failed to marshal system metadata to JSON", e);
}

AssertionConfig config = new AssertionConfig();
config.id = "default-assertion";
config.type = Type.BaseAssertion;
config.scope = Scope.Payload; // Maps from Go's PayloadScope
config.appliesToState = AppliesToState.Unencrypted;

Statement statement = new Statement();
statement.format = "json";
statement.schema = "metadata";
statement.value = metadataJSON;
config.statement = statement;

return config;
}
}
6 changes: 6 additions & 0 deletions sdk/src/main/java/io/opentdf/platform/sdk/Config.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,7 @@ public static class TDFConfig {
public KeyType wrappingKeyType;
public boolean hexEncodeRootAndSegmentHashes;
public boolean renderVersionInfoInManifest;
public boolean systemMetadataAssertion;

public TDFConfig() {
this.autoconfigure = true;
Expand All @@ -176,6 +177,7 @@ public TDFConfig() {
this.wrappingKeyType = KeyType.RSA2048Key;
this.hexEncodeRootAndSegmentHashes = false;
this.renderVersionInfoInManifest = true;
this.systemMetadataAssertion = false;
}
}

Expand Down Expand Up @@ -297,6 +299,10 @@ public static Consumer<TDFConfig> withMimeType(String mimeType) {
return (TDFConfig config) -> config.mimeType = mimeType;
}

public static Consumer<TDFConfig> withSystemMetadataAssertion() {
return (TDFConfig config) -> config.systemMetadataAssertion = true;
}

public static class NanoTDFConfig {
public ECCMode eccMode;
public NanoTDFType.Cipher cipher;
Expand Down
43 changes: 43 additions & 0 deletions sdk/src/main/java/io/opentdf/platform/sdk/SdkInfo.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
package io.opentdf.platform.sdk;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.io.IOException;
import java.io.InputStream;
import java.util.Properties;

/**
* Provides information about the SDK, such as its version.
* The version is read from a properties file populated during the Maven build
* process.
*/
public final class SdkInfo {
private static final Logger logger = LoggerFactory.getLogger(SdkInfo.class);
private static final String VERSION_PROPERTIES_FILE = "version.properties"; // Relative to this class's package
private static final String SDK_VERSION_PROPERTY = "sdk.version";

public static final String VERSION;

static {
String versionString = "unknown"; // Default if properties can't be read
Properties props = new Properties();
try (InputStream input = SdkInfo.class.getResourceAsStream(VERSION_PROPERTIES_FILE)) {
if (input == null) {
logger.error("Unable to find " + VERSION_PROPERTIES_FILE
+ ". SDK version will be 'unknown'. Ensure it's in src/main/resources/io/opentdf/platform/sdk/");
} else {
props.load(input);
versionString = props.getProperty(SDK_VERSION_PROPERTY, "unknown");
}
} catch (IOException ex) {
logger.error("Error loading " + VERSION_PROPERTIES_FILE + ". SDK version will be 'unknown'.", ex);
}
VERSION = versionString;
logger.info("OpenTDF SDK Version: {}", VERSION);
}

private SdkInfo() {
// Private constructor to prevent instantiation of this utility class
}
}
Loading