Skip to content

feat: support key id in ztdf key access object #84

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mustyantsev merged 1 commit into from
Jun 27, 2024
Merged

feat: support key id in ztdf key access object #84

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions sdk/src/main/java/io/opentdf/platform/sdk/Config.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ public enum IntegrityAlgorithm {
public static class KASInfo {
public String URL;
public String PublicKey;
public String KID;
}

public static class TDFConfig {
Expand Down
7 changes: 7 additions & 0 deletions sdk/src/main/java/io/opentdf/platform/sdk/KASClient.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,13 @@ public String getPublicKey(Config.KASInfo kasInfo) {
.getPublicKey();
}

@Override
public String getKid(Config.KASInfo kasInfo) {
return getStub(kasInfo.URL)
.publicKey(PublicKeyRequest.getDefaultInstance())
.getKid();
}

private String normalizeAddress(String urlString) {
URL url;
try {
Expand Down
1 change: 1 addition & 0 deletions sdk/src/main/java/io/opentdf/platform/sdk/Manifest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ static public class KeyAccess {
public String wrappedKey;
public String policyBinding;
public String encryptedMetadata;
public String kid;
}

static public class Method {
Expand Down
1 change: 1 addition & 0 deletions sdk/src/main/java/io/opentdf/platform/sdk/SDK.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ public void close() throws Exception {

public interface KAS extends AutoCloseable {
String getPublicKey(Config.KASInfo kasInfo);
String getKid(Config.KASInfo kasInfo);
String getECPublicKey(Config.KASInfo kasInfo, NanoTDFType.ECCurve curve);
byte[] unwrap(Manifest.KeyAccess keyAccess, String policy);
byte[] unwrapNanoTDF(NanoTDFType.ECCurve curve, String header, String kasURL);
Expand Down
2 changes: 2 additions & 0 deletions sdk/src/main/java/io/opentdf/platform/sdk/TDF.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -170,6 +170,7 @@ private void prepareManifest(Config.TDFConfig tdfConfig) {
Manifest.KeyAccess keyAccess = new Manifest.KeyAccess();
keyAccess.keyType = kWrapped;
keyAccess.url = kasInfo.URL;
keyAccess.kid = kasInfo.KID;
keyAccess.protocol = kKasProtocol;

// Add policyBinding
Expand Down Expand Up @@ -369,6 +370,7 @@ private void fillInPublicKeyInfo(List<Config.KASInfo> kasInfoList, SDK.KAS kas)
}
logger.info("no public key provided for KAS at {}, retrieving", kasInfo.URL);
kasInfo.PublicKey = kas.getPublicKey(kasInfo);
kasInfo.KID = kas.getKid(kasInfo);
}
}

Expand Down
1 change: 1 addition & 0 deletions sdk/src/test/java/io/opentdf/platform/sdk/ConfigTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ void withKasInformation_shouldAddKasInfo() {
Config.KASInfo kasInfo = new Config.KASInfo();
kasInfo.URL = "http://example.com";
kasInfo.PublicKey = "publicKey";
kasInfo.KID = "r1";
Config.TDFConfig config = Config.newTDFConfig(Config.withKasInformation(kasInfo));
assertEquals(1, config.kasInfoList.size());
assertEquals(kasInfo, config.kasInfoList.get(0));
Expand Down
33 changes: 33 additions & 0 deletions sdk/src/test/java/io/opentdf/platform/sdk/KASClientTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,39 @@ public void publicKey(PublicKeyRequest request, StreamObserver<PublicKeyResponse
}
}

@Test
void testGettingKid() throws IOException {
AccessServiceGrpc.AccessServiceImplBase accessService = new AccessServiceGrpc.AccessServiceImplBase() {
@Override
public void publicKey(PublicKeyRequest request, StreamObserver<PublicKeyResponse> responseObserver) {
var response = PublicKeyResponse.newBuilder().setKid("r1").build();
responseObserver.onNext(response);
responseObserver.onCompleted();
}
};

Server server = null;
try {
server = startServer(accessService);
Function<String, ManagedChannel> channelFactory = (String url) -> ManagedChannelBuilder
.forTarget(url)
.usePlaintext()
.build();

var keypair = CryptoUtils.generateRSAKeypair();
var dpopKey = new RSAKey.Builder((RSAPublicKey) keypair.getPublic()).privateKey(keypair.getPrivate()).build();
try (var kas = new KASClient(channelFactory, dpopKey)) {
Config.KASInfo kasInfo = new Config.KASInfo();
kasInfo.URL = "localhost:" + server.getPort();
assertThat(kas.getKid(kasInfo)).isEqualTo("r1");
}
} finally {
if (server != null) {
server.shutdownNow();
}
}
}

@Test
void testCallingRewrap() throws IOException {
var dpopKeypair = CryptoUtils.generateRSAKeypair();
Expand Down
5 changes: 5 additions & 0 deletions sdk/src/test/java/io/opentdf/platform/sdk/NanoTDFTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,11 @@ public String getPublicKey(Config.KASInfo kasInfo) {
return kasPublicKey;
}

@Override
public String getKid(Config.KASInfo kasInfo) {
return "r1";
}

@Override
public String getECPublicKey(Config.KASInfo kasInfo, NanoTDFType.ECCurve curve) {
return kasPublicKey;
Expand Down
5 changes: 5 additions & 0 deletions sdk/src/test/java/io/opentdf/platform/sdk/TDFTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,11 @@ public String getPublicKey(Config.KASInfo kasInfo) {
return CryptoUtils.getRSAPublicKeyPEM(keypairs.get(index).getPublic());
}

@Override
public String getKid(Config.KASInfo kasInfo) {
return "r1";
}

@Override
public byte[] unwrap(Manifest.KeyAccess keyAccess, String policy) {
int index = Integer.parseInt(keyAccess.url);
Expand Down