Skip to content

fix: ztdf support both base and handling assertions #128

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sujankota merged 2 commits into from
Aug 23, 2024
Merged

fix: ztdf support both base and handling assertions #128

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f2ef21f
fix(sdk) - ztdf support both base and handling assertions
sujankota Aug 23, 2024
193e84c
update unit test
sujankota Aug 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 3 additions & 12 deletions sdk/src/main/java/io/opentdf/platform/sdk/TDF.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -488,10 +488,6 @@ public TDFObject createTDF(InputStream payload,

List<Manifest.Assertion> signedAssertions = new ArrayList<>();;
for (var assertionConfig: tdfConfig.assertionConfigList) {
if (!Objects.equals(assertionConfig.type, AssertionConfig.Type.BaseAssertion)) {
continue;
}

var assertion = new Manifest.Assertion();
assertion.id = assertionConfig.id;
assertion.type = assertionConfig.type.toString();
Expand All @@ -506,8 +502,8 @@ public TDFObject createTDF(InputStream payload,
var encodedHash = Base64.getEncoder().encodeToString(completeHashBuilder.toString().getBytes());

var assertionSigningKey = new AssertionConfig.AssertionKey(AssertionConfig.AssertionKeyAlg.HS256,
new MACSigner(tdfObject.aesGcm.getKey()));
if (assertionConfig.assertionKey.isDefined()) {
tdfObject.aesGcm.getKey());
if (assertionConfig.assertionKey != null && assertionConfig.assertionKey.isDefined()) {
assertionSigningKey = assertionConfig.assertionKey;
}

Expand Down Expand Up @@ -671,13 +667,8 @@ public Reader loadTDF(SeekableByteChannel tdf, SDK.KAS kas, Config.AssertionVeri

// Validate assertions
for (var assertion: manifest.assertions) {
if (!Objects.equals(assertion.type, AssertionConfig.Type.BaseAssertion.toString())) {
continue;
}

// Set default to HS256
var assertionKey = new AssertionConfig.AssertionKey(AssertionConfig.AssertionKeyAlg.HS256,
new MACSigner(payloadKey));
var assertionKey = new AssertionConfig.AssertionKey(AssertionConfig.AssertionKeyAlg.HS256, payloadKey);
if (assertionVerificationKeys != null && assertionVerificationKeys.length > 0) {
var keyForAssertion = assertionVerificationKeys[0].getKey(assertion.id);
if (keyForAssertion != null) {
Expand Down
34 changes: 32 additions & 2 deletions sdk/src/test/java/io/opentdf/platform/sdk/TDFTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -207,18 +207,29 @@ void testSimpleTDFWithAssertionWithHS256() throws Exception {
String assertion1Id = "assertion1";
var assertionConfig1 = new AssertionConfig();
assertionConfig1.id = assertion1Id;
assertionConfig1.type = AssertionConfig.Type.HandlingAssertion;
assertionConfig1.type = AssertionConfig.Type.BaseAssertion;
assertionConfig1.scope = AssertionConfig.Scope.TrustedDataObj;
assertionConfig1.appliesToState = AssertionConfig.AppliesToState.Unencrypted;
assertionConfig1.statement = new AssertionConfig.Statement();
assertionConfig1.statement.format = "base64binary";
assertionConfig1.statement.schema = "text";
assertionConfig1.statement.value = "ICAgIDxlZGoOkVkaD4=";

String assertion2Id = "assertion2";
var assertionConfig2 = new AssertionConfig();
assertionConfig2.id = assertion2Id;
assertionConfig2.type = AssertionConfig.Type.HandlingAssertion;
assertionConfig2.scope = AssertionConfig.Scope.TrustedDataObj;
assertionConfig2.appliesToState = AssertionConfig.AppliesToState.Unencrypted;
assertionConfig2.statement = new AssertionConfig.Statement();
assertionConfig2.statement.format = "json";
assertionConfig2.statement.schema = "urn:nato:stanag:5636:A:1:elements:json";
assertionConfig2.statement.value = "{\"uuid\":\"f74efb60-4a9a-11ef-a6f1-8ee1a61c148a\",\"body\":{\"dataAttributes\":null,\"dissem\":null}}";

Config.TDFConfig config = Config.newTDFConfig(
Config.withAutoconfigure(false),
Config.withKasInformation(getKASInfos()),
Config.withAssertionConfig(assertionConfig1)
Config.withAssertionConfig(assertionConfig1, assertionConfig2)
);

String plainText = "this is extremely sensitive stuff!!!";
Expand All @@ -235,6 +246,25 @@ void testSimpleTDFWithAssertionWithHS256() throws Exception {
assertThat(unwrappedData.toString(StandardCharsets.UTF_8))
.withFailMessage("extracted data does not match")
.isEqualTo(plainText);

var manifest = reader.getManifest();
var assertions = manifest.assertions;
assertThat(assertions.size()).isEqualTo(2);
for (var assertion : assertions) {
if (assertion.id.equals(assertion1Id)) {
assertThat(assertion.statement.format).isEqualTo("base64binary");
assertThat(assertion.statement.schema).isEqualTo("text");
assertThat(assertion.statement.value).isEqualTo("ICAgIDxlZGoOkVkaD4=");
assertThat(assertion.type).isEqualTo(AssertionConfig.Type.BaseAssertion.toString());
} else if (assertion.id.equals(assertion2Id)) {
assertThat(assertion.statement.format).isEqualTo("json");
assertThat(assertion.statement.schema).isEqualTo("urn:nato:stanag:5636:A:1:elements:json");
assertThat(assertion.statement.value).isEqualTo("{\"uuid\":\"f74efb60-4a9a-11ef-a6f1-8ee1a61c148a\",\"body\":{\"dataAttributes\":null,\"dissem\":null}}");
assertThat(assertion.type).isEqualTo(AssertionConfig.Type.HandlingAssertion.toString());
} else {
throw new RuntimeException("unexpected assertion id: " + assertion.id);
}
}
}

@Test
Expand Down