cleanup

mkleene · mkleene · commit 931a64fc151a · 2025-04-22T12:17:54.000-04:00
diff --git a/keys/kas-cert.pem b/keys/kas-cert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/TCCAeWgAwIBAgIUUCu5Zu5b8PIRhAFJ5VpaZFP35HQwDQYJKoZIhvcNAQEL
+BQAwDjEMMAoGA1UEAwwDa2FzMB4XDTI0MDgxNTExMzYxN1oXDTI1MDgxNTExMzYx
+N1owDjEMMAoGA1UEAwwDa2FzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAx4PgRz+H/U4X5hf3Uj2JgqqyG7fX0QDSoxI3Ziu1Q+gbxElVppOqJQMA88Yd
+8uug2Px/vtmkFwGXGi5DzKq6bLcpCJEXc1TOtJH5o+2Wcu1Ahfp9MxkOXpbJvoH8
+JRkjOp6ZPIiIM/IOQDq3eHpLVAB6ihDFDwzhJsqBMVMejmkDRNj8qx5AkZSrE4zi
+AL7hV/TWWyCiq8rLiWVnZOFXNHyRtPmTgmerRg5Ad1lP9muMrLJ/1ziq1lILk7fB
+a31yOmS3g25MGYYwX+7PCNMWkhX0eCLAyosYfIp/K0SOJ3WO9G4eiq9keb4xRSbB
+jFKmadNBITEWIhPzCAzT8nDlFwIDAQABo1MwUTAdBgNVHQ4EFgQUFc94TI8PUU+u
+uASVIyQgQm4tHRswHwYDVR0jBBgwFoAUFc94TI8PUU+uuASVIyQgQm4tHRswDwYD
+VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAjvzUeU9otYOM0UpwhZ/j
+nBxNcP0J7fAODokL1as8zXnv7t8mk327b8HSORkfGdbCsf5be10W9xGK1DoRhscA
+3wkASiWOk2wsIq9l12tR247EJXk7VMcDXQfGuVhzMhN1gp25bxX2FsmKvxnOFuN2
+Qv4BY61dQSHjoDQDRhYb9naYTqsppiHjj11nayfEY6nVivs9Hu9jXqakcE4wSksX
+DRRgxAs2KBcbQ0/rfOZs7yPs8jlqpmPk09M+yV7Tn1943EaAnWyiuavW7g5Zn/dM
+szuJrlIzmgRdUyHTD4tS6ebTqGo+hziYNdfHUdjQF8JDMiRFwx/xoqC5/1jP18kX
+MQ==
+-----END CERTIFICATE-----
diff --git a/sdk/src/main/java/io/opentdf/platform/sdk/AddressNormalizer.java b/sdk/src/main/java/io/opentdf/platform/sdk/AddressNormalizer.java
@@ -0,0 +1,52 @@
+package io.opentdf.platform.sdk;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.URL;
+
+class AddressNormalizer {
+    private static final Logger logger = LoggerFactory.getLogger(AddressNormalizer.class);
+
+    static String normalizeAddress(String urlString, boolean usePlaintext) {
+        URL url;
+        try {
+            url = new URL(urlString);
+        } catch (MalformedURLException e) {
+            url = tryParseHostAndPort(urlString);
+        }
+        final int port;
+        if (url.getPort() == -1) {
+            port = "http".equals(url.getProtocol()) ? 80 : 443;
+        } else {
+            port = url.getPort();
+        }
+        final String protocol = usePlaintext && "http".equals(url.getProtocol()) ? "http" : "https";
+
+        try {
+            var returnUrl = new URL(protocol, url.getHost(), port, "").toString();
+            logger.debug("normalized url [{}] to [{}]", urlString, returnUrl);
+            return returnUrl;
+        } catch (MalformedURLException e) {
+            throw new SDKException("error creating KAS address", e);
+        }
+    }
+
+    private static URL tryParseHostAndPort(String urlString) {
+        URI uri;
+        try {
+            uri = new URI(null, urlString, null, null, null).parseServerAuthority();
+        } catch (URISyntaxException e) {
+            throw new SDKException("error trying to parse host and port", e);
+        }
+
+        try {
+            return new URL(uri.getPort() == 443 ? "https" : "http", uri.getHost(), uri.getPort(), "");
+        } catch (MalformedURLException e) {
+            throw new SDKException("error trying to create URL from host and port", e);
+        }
+    }
+}
diff --git a/sdk/src/main/java/io/opentdf/platform/sdk/SDKBuilder.java b/sdk/src/main/java/io/opentdf/platform/sdk/SDKBuilder.java
@@ -239,7 +239,7 @@ ServicesAndInternals buildServices() {
         this.platformEndpoint = AddressNormalizer.normalizeAddress(this.platformEndpoint, this.usePlainText);
         var authInterceptor = getAuthInterceptor(dpopKey);
         var kasClient = getKASClient(dpopKey, authInterceptor);
-        var protocolClient = getUnauthenticatedProtocolClient(platformEndpoint, authInterceptor);
+        var protocolClient = getProtocolClient(platformEndpoint, authInterceptor);
 
         return new ServicesAndInternals(
                 authInterceptor,
@@ -249,7 +249,7 @@ ServicesAndInternals buildServices() {
 
     @Nonnull
     private KASClient getKASClient(RSAKey dpopKey, Interceptor interceptor) {
-        return new KASClient((String endpoint) -> new AccessServiceClient(getUnauthenticatedProtocolClient(endpoint, interceptor)), dpopKey, usePlainText);
+        return new KASClient((String endpoint) -> new AccessServiceClient(getProtocolClient(endpoint, interceptor)), dpopKey, usePlainText);
     }
 
     public SDK build() {
diff --git a/sdk/src/test/java/io/opentdf/platform/sdk/AddressNormalizerTest.java b/sdk/src/test/java/io/opentdf/platform/sdk/AddressNormalizerTest.java
@@ -0,0 +1,25 @@
+package io.opentdf.platform.sdk;
+
+
+import org.junit.jupiter.api.Test;
+
+import static io.opentdf.platform.sdk.AddressNormalizer.normalizeAddress;
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+
+class AddressNormalizerTest {
+
+    @Test
+    public void testAddressNormalizationWithHTTPSClient() {
+        assertThat(normalizeAddress("http://example.org", false)).isEqualTo("https://example.org:80");
+        // default to https if no scheme is provided
+        assertThat(normalizeAddress("example.org:1234", false)).isEqualTo("https://example.org:1234");
+    }
+
+    @Test
+    public void testAddressNormaliationWithInsecureHTTPClient() {
+        assertThat(normalizeAddress("http://localhost:8080", true)).isEqualTo("http://localhost:8080");
+        assertThat(normalizeAddress("https://example.org", true)).isEqualTo("https://example.org:443");
+        // default to http if no scheme is provided
+        assertThat(normalizeAddress("example.org:1234", true)).isEqualTo("http://example.org:1234");
+    }
+}
