Merge remote-tracking branch 'origin/main' into dspx-817/add-system-assertions

Author: mkleene

.github/release-please/release-please-manifest.json

@@ -1,3 +1,3 @@
 {
-  ".": "0.8.1"
+  ".": "0.9.0"
 }

CHANGELOG.md

@@ -1,5 +1,17 @@
 # Changelog
 
+## [0.9.0](https://github.com/opentdf/java-sdk/compare/v0.8.1...v0.9.0) (2025-07-14)
+
+
+### Features
+
+* **sdk:** Get the algorithm from the KASInfo and not the config ([#272](https://github.com/opentdf/java-sdk/issues/272)) ([feff0e8](https://github.com/opentdf/java-sdk/commit/feff0e892671c0fb34d6cbdf2bc9ba9e3a743295))
+
+
+### Bug Fixes
+
+* **sdk:** upgrade the platform protocol code ([#275](https://github.com/opentdf/java-sdk/issues/275)) ([90eaba1](https://github.com/opentdf/java-sdk/commit/90eaba11c59e4e096648e1d47570c58558673b85))
+
 ## [0.8.1](https://github.com/opentdf/java-sdk/compare/v0.8.0...v0.8.1) (2025-05-29)
 
 

cmdline/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>io.opentdf.platform</groupId>
         <artifactId>sdk-pom</artifactId>
-        <version>0.8.2-SNAPSHOT</version>
+        <version>0.9.1-SNAPSHOT</version>
     </parent>
     <artifactId>cmdline</artifactId>
     <properties>

cmdline/src/main/java/io/opentdf/platform/Command.java

@@ -48,7 +48,7 @@
  */
 class Versions {
     // Version of the SDK, managed by release-please.
-    public static final String SDK = "0.8.2-SNAPSHOT"; // x-release-please-version
+    public static final String SDK = "0.9.1-SNAPSHOT"; // x-release-please-version
 
     // This sdk aims to support this version of the TDF spec; currently 4.3.0.
     public static final String TDF_SPEC = "4.3.0";

examples/pom.xml

@@ -4,7 +4,7 @@
   <parent>
     <artifactId>sdk-pom</artifactId>
     <groupId>io.opentdf.platform</groupId>
-    <version>0.8.2-SNAPSHOT</version>
+    <version>0.9.1-SNAPSHOT</version>
   </parent>
 
   <groupId>io.opentdf.platform</groupId>

examples/src/main/java/io/opentdf/platform/GetManifestInformation.java

@@ -0,0 +1,28 @@
+package io.opentdf.platform;
+
+import io.opentdf.platform.sdk.Manifest;
+import io.opentdf.platform.sdk.PolicyObject;
+import io.opentdf.platform.sdk.SDK;
+
+import java.io.IOException;
+import java.nio.channels.FileChannel;
+import java.nio.file.Path;
+import java.nio.file.StandardOpenOption;
+
+public class GetManifestInformation {
+    public static void main(String[] args) throws IOException {
+        if (args.length < 1) {
+            System.err.println("TDF file path must be provided as an argument.");
+            return;
+        }
+
+        try (FileChannel tdfStream = FileChannel.open(Path.of(args[0]), StandardOpenOption.READ)) {
+            Manifest manifest = SDK.readManifest(tdfStream);
+            System.out.println("loaded a TDF with key access type: " + manifest.encryptionInformation.keyAccessType);
+
+            PolicyObject policyObject = SDK.decodePolicyObject(manifest);
+            System.out.println("the policy has uuid: " + policyObject.uuid);
+        }
+    }
+}
+

pom.xml

@@ -5,7 +5,7 @@
 
     <groupId>io.opentdf.platform</groupId>
     <artifactId>sdk-pom</artifactId>
-    <version>0.8.2-SNAPSHOT</version>
+    <version>0.9.1-SNAPSHOT</version>
     <name>io.opentdf.platform:sdk-pom</name>
     <description>OpenTDF Java SDK</description>
     <url>https://github.com/opentdf/java-sdk</url>

sdk/pom.xml

@@ -8,7 +8,7 @@
     <parent>
         <artifactId>sdk-pom</artifactId>
         <groupId>io.opentdf.platform</groupId>
-        <version>0.8.2-SNAPSHOT</version>
+        <version>0.9.1-SNAPSHOT</version>
     </parent>
     <packaging>jar</packaging>
     <properties>
@@ -18,7 +18,7 @@
         <kotlin.version>2.1.0</kotlin.version>
         <connect.version>0.7.2</connect.version>
         <okhttp.version>4.12.0</okhttp.version>
-        <platform.branch>protocol/go/v0.3.0</platform.branch>
+        <platform.branch>protocol/go/v0.5.0</platform.branch>
     </properties>
     <dependencies>
         <!-- Logging Dependencies -->

sdk/src/main/java/io/opentdf/platform/sdk/ECCMode.java

@@ -1,5 +1,7 @@
 package io.opentdf.platform.sdk;
 
+import javax.annotation.Nonnull;
+
 public class ECCMode {
     private ECCModeStruct data;
 
@@ -13,7 +15,7 @@ public ECCMode() {
     public ECCMode(byte value) {
         data = new ECCModeStruct();
         int curveMode = value & 0x07; // first 3 bits
-        setEllipticCurve(NanoTDFType.ECCurve.values()[curveMode]);
+        setEllipticCurve(NanoTDFType.ECCurve.fromCurveMode(curveMode));
         int useECDSABinding = (value >> 7) & 0x01; // most significant bit
         data.useECDSABinding = useECDSABinding;
     }
@@ -44,75 +46,24 @@ public void setEllipticCurve(NanoTDFType.ECCurve curve) {
         }
     }
 
-    public NanoTDFType.ECCurve getEllipticCurveType() {
-        return NanoTDFType.ECCurve.values()[data.curveMode];
-    }
-
     public boolean isECDSABindingEnabled() {
         return data.useECDSABinding == 1;
     }
 
-    public String getCurveName() {
-        return getEllipticCurveName(NanoTDFType.ECCurve.values()[data.curveMode]);
-    }
-
     public byte getECCModeAsByte() {
         int value = (data.useECDSABinding << 7) | data.curveMode;
         return (byte) value;
     }
 
-    public static String getEllipticCurveName(NanoTDFType.ECCurve curve) {
-        switch (curve) {
-            case SECP256R1:
-                return "secp256r1";
-            case SECP384R1:
-                return "secp384r1";
-            case SECP521R1:
-                return "secp521r1";
-            case SECP256K1:
-                throw new RuntimeException("SDK doesn't support 'secp256k1' curve");
-            default:
-                throw new RuntimeException("Unsupported ECC algorithm.");
-        }
-    }
-
-    public static int getECKeySize(NanoTDFType.ECCurve curve) {
-        switch (curve) {
-            case SECP256K1:
-                throw new RuntimeException("SDK doesn't support 'secp256k1' curve");
-            case SECP256R1:
-                return 32;
-            case SECP384R1:
-                return 48;
-            case SECP521R1:
-                return 66;
-            default:
-                throw new RuntimeException("Unsupported ECC algorithm.");
-        }
-    }
-
     public static int getECDSASignatureStructSize(NanoTDFType.ECCurve curve) {
-        int keySize = getECKeySize(curve);
+        int keySize = curve.getKeySize();
         return (1 + keySize + 1 + keySize);
     }
 
-    public static int getECKeySize(String curveName) {
-        return ECKeyPair.getECKeySize(curveName);
-    }
 
-    public static int getECCompressedPubKeySize(NanoTDFType.ECCurve curve) {
-        switch (curve) {
-            case SECP256K1:
-                throw new RuntimeException("SDK doesn't support 'secp256k1' curve");
-            case SECP256R1:
-                return 33;
-            case SECP384R1:
-                return 49;
-            case SECP521R1:
-                return 67;
-            default:
-                throw new RuntimeException("Unsupported ECC algorithm.");
-        }
+    @Nonnull
+    public NanoTDFType.ECCurve getCurve() {
+        return NanoTDFType.ECCurve.fromCurveMode(data.curveMode);
     }
 
     private class ECCModeStruct {

sdk/src/main/java/io/opentdf/platform/sdk/ECKeyPair.java

@@ -24,6 +24,7 @@
 import java.io.*;
 import java.security.*;
 import java.security.spec.*;
+import java.util.Objects;
 // https://www.bouncycastle.org/latest_releases.html
 
 public class ECKeyPair {
@@ -32,45 +33,23 @@ public class ECKeyPair {
         Security.addProvider(new BouncyCastleProvider());
     }
 
+    private final NanoTDFType.ECCurve curve;
+
     public enum ECAlgorithm {
         ECDH,
         ECDSA
     }
 
     private static final BouncyCastleProvider BOUNCY_CASTLE_PROVIDER = new BouncyCastleProvider();
 
-    public enum NanoTDFECCurve {
-        SECP256R1("secp256r1", KeyType.EC256Key),
-        PRIME256V1("prime256v1", KeyType.EC256Key),
-        SECP384R1("secp384r1", KeyType.EC384Key),
-        SECP521R1("secp521r1", KeyType.EC521Key);
-
-        private String name;
-        private KeyType keyType;
-
-        NanoTDFECCurve(String curveName, KeyType keyType) {
-            this.name = curveName;
-            this.keyType = keyType;
-        }
-
-        @Override
-        public String toString() {
-            return name;
-        }
-
-        public KeyType getKeyType() {
-            return keyType;
-        }
-    }
-
     private KeyPair keyPair;
-    private String curveName;
 
     public ECKeyPair() {
-        this("secp256r1", ECAlgorithm.ECDH);
+        this(NanoTDFType.ECCurve.SECP256R1, ECAlgorithm.ECDH);
     }
 
-    public ECKeyPair(String curveName, ECAlgorithm algorithm) {
+    public ECKeyPair(NanoTDFType.ECCurve curve, ECAlgorithm algorithm) {
+        this.curve = Objects.requireNonNull(curve);
         KeyPairGenerator generator;
 
         try {
@@ -85,19 +64,13 @@ public ECKeyPair(String curveName, ECAlgorithm algorithm) {
             throw new RuntimeException(e);
         }
 
-        ECGenParameterSpec spec = new ECGenParameterSpec(curveName);
+        ECGenParameterSpec spec = new ECGenParameterSpec(this.curve.getCurveName());
         try {
             generator.initialize(spec);
         } catch (InvalidAlgorithmParameterException e) {
             throw new RuntimeException(e);
         }
         this.keyPair = generator.generateKeyPair();
-        this.curveName = curveName;
-    }
-
-    public ECKeyPair(ECPublicKey publicKey, ECPrivateKey privateKey, String curveName) {
-        this.keyPair = new KeyPair(publicKey, privateKey);
-        this.curveName = curveName;
     }
 
     public ECPublicKey getPublicKey() {
@@ -108,17 +81,8 @@ public ECPrivateKey getPrivateKey() {
         return (ECPrivateKey) this.keyPair.getPrivate();
     }
 
-    public static int getECKeySize(String curveName) {
-        if (curveName.equalsIgnoreCase(NanoTDFECCurve.SECP256R1.toString()) ||
-                curveName.equalsIgnoreCase(NanoTDFECCurve.PRIME256V1.toString())) {
-            return 32;
-        } else if (curveName.equalsIgnoreCase(NanoTDFECCurve.SECP384R1.toString())) {
-            return 48;
-        } else if (curveName.equalsIgnoreCase(NanoTDFECCurve.SECP521R1.toString())) {
-            return 66;
-        } else {
-            throw new IllegalArgumentException("Unsupported ECC algorithm.");
-        }
+    NanoTDFType.ECCurve getCurve() {
+        return this.curve;
     }
 
     public String publicKeyInPEMFormat() {
@@ -155,10 +119,6 @@ public int keySize() {
         return this.keyPair.getPrivate().getEncoded().length * 8;
     }
 
-    public String curveName() {
-        return this.curveName;
-    }
-
     public byte[] compressECPublickey() {
         return ((ECPublicKey) this.keyPair.getPublic()).getQ().getEncoded(true);
     }