minor refactor

mkleene · mkleene · commit a2d8b83457cf · 2025-06-18T08:20:01.000-04:00
diff --git a/sdk/src/main/java/io/opentdf/platform/sdk/Autoconfigure.java b/sdk/src/main/java/io/opentdf/platform/sdk/Autoconfigure.java
@@ -14,6 +14,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 import java.io.UnsupportedEncodingException;
 import java.net.URLDecoder;
@@ -53,11 +54,11 @@ class RuleType {
  * This class includes functionality to create granter instances based on
  * attributes either from a list of attribute values or from a service.
  */
-public class Autoconfigure {
+class Autoconfigure {
 
-    public static Logger logger = LoggerFactory.getLogger(Autoconfigure.class);
+    private static Logger logger = LoggerFactory.getLogger(Autoconfigure.class);
 
-    public static class KeySplitStep {
+    static class KeySplitStep {
         public String kas;
         public String splitID;
 
@@ -93,7 +94,7 @@ public int hashCode() {
     }
 
     // Utility class for an attribute name FQN.
-    public static class AttributeNameFQN {
+    static class AttributeNameFQN {
         private final String url;
         private final String key;
 
@@ -156,7 +157,7 @@ public String name() throws AutoConfigureException {
     }
 
     // Utility class for an attribute value FQN.
-    public static class AttributeValueFQN {
+    static class AttributeValueFQN {
         private final String url;
         private final String key;
 
@@ -203,11 +204,11 @@ public int hashCode() {
             return Objects.hash(key);
         }
 
-        public String getKey() {
+        String getKey() {
             return key;
         }
 
-        public String authority() {
+        String authority() {
             Pattern pattern = Pattern.compile("^(https?://[\\w./-]+)/attr/\\S*/value/\\S*$");
             Matcher matcher = pattern.matcher(url);
             if (!matcher.find()) {
@@ -216,7 +217,7 @@ public String authority() {
             return matcher.group(1);
         }
 
-        public AttributeNameFQN prefix() throws AutoConfigureException {
+        AttributeNameFQN prefix() throws AutoConfigureException {
             Pattern pattern = Pattern.compile("^(https?://[\\w./-]+/attr/\\S*)/value/\\S*$");
             Matcher matcher = pattern.matcher(url);
             if (!matcher.find()) {
@@ -225,7 +226,7 @@ public AttributeNameFQN prefix() throws AutoConfigureException {
             return new AttributeNameFQN(matcher.group(1));
         }
 
-        public String value() {
+        String value() {
             Pattern pattern = Pattern.compile("^https?://[\\w./-]+/attr/\\S*/value/(\\S*)$");
             Matcher matcher = pattern.matcher(url);
             if (!matcher.find()) {
@@ -238,21 +239,21 @@ public String value() {
             }
         }
 
-        public String name() {
+        String name() {
             Pattern pattern = Pattern.compile("^https?://[\\w./-]+/attr/(\\S*)/value/\\S*$");
             Matcher matcher = pattern.matcher(url);
             if (!matcher.find()) {
                 throw new RuntimeException("invalid attributeInstance");
             }
             try {
-                return URLDecoder.decode(matcher.group(1), StandardCharsets.UTF_8.name());
-            } catch (UnsupportedEncodingException | IllegalArgumentException e) {
+                return URLDecoder.decode(matcher.group(1), StandardCharsets.UTF_8);
+            } catch (IllegalArgumentException e) {
                 throw new RuntimeException("invalid attributeInstance", e);
             }
         }
     }
 
-    public static class KeyAccessGrant {
+    static class KeyAccessGrant {
         public Attribute attr;
         public List<String> kases;
 
@@ -295,11 +296,11 @@ public void addAllGrants(AttributeValueFQN fqn, List<KeyAccessServer> gs, Attrib
             }
         }
 
-        public KeyAccessGrant byAttribute(AttributeValueFQN fqn) {
+        KeyAccessGrant byAttribute(AttributeValueFQN fqn) {
             return grants.get(fqn.key);
         }
 
-        public List<KeySplitStep> plan(List<String> defaultKas, Supplier<String> genSplitID)
+        @Nonnull List<KeySplitStep> plan(List<String> defaultKas, Supplier<String> genSplitID)
                 throws AutoConfigureException {
             AttributeBooleanExpression b = constructAttributeBoolean();
             BooleanKeyExpression k = insertKeysForAttribute(b);
@@ -311,17 +312,7 @@ public List<KeySplitStep> plan(List<String> defaultKas, Supplier<String> genSpli
             int l = k.size();
             if (l == 0) {
                 // default behavior: split key across all default KAS
-                if (defaultKas.isEmpty()) {
-                    throw new AutoConfigureException("no default KAS specified; required for grantless plans");
-                } else if (defaultKas.size() == 1) {
-                    return Collections.singletonList(new KeySplitStep(defaultKas.get(0), ""));
-                } else {
-                    List<KeySplitStep> result = new ArrayList<>();
-                    for (String kas : defaultKas) {
-                        result.add(new KeySplitStep(kas, genSplitID.get()));
-                    }
-                    return result;
-                }
+                return generatePlanFromDefaultKases(defaultKas, genSplitID);
             }
 
             List<KeySplitStep> steps = new ArrayList<>();
@@ -334,6 +325,20 @@ public List<KeySplitStep> plan(List<String> defaultKas, Supplier<String> genSpli
             return steps;
         }
 
+        static List<KeySplitStep> generatePlanFromDefaultKases(List<String> defaultKas, Supplier<String> genSplitID) {
+            if (defaultKas.isEmpty()) {
+                throw new AutoConfigureException("no default KAS specified; required for grantless plans");
+            } else if (defaultKas.size() == 1) {
+                return Collections.singletonList(new KeySplitStep(defaultKas.get(0), ""));
+            } else {
+                List<KeySplitStep> result = new ArrayList<>();
+                for (String kas : defaultKas) {
+                    result.add(new KeySplitStep(kas, genSplitID.get()));
+                }
+                return result;
+            }
+        }
+
         BooleanKeyExpression insertKeysForAttribute(AttributeBooleanExpression e) throws AutoConfigureException {
             List<KeyClause> kcs = new ArrayList<>(e.must.size());
 
@@ -348,6 +353,7 @@ BooleanKeyExpression insertKeysForAttribute(AttributeBooleanExpression e) throws
 
                     List<String> kases = grant.kases;
                     if (kases.isEmpty()) {
+                        // TODO: replace this with a reference to the base key
                         kases = List.of(RuleType.EMPTY_TERM);
                     }
 
@@ -368,6 +374,13 @@ BooleanKeyExpression insertKeysForAttribute(AttributeBooleanExpression e) throws
             return new BooleanKeyExpression(kcs);
         }
 
+        /**
+         * Constructs an AttributeBooleanExpression from the policy, splitting each attribute
+         * into its own clause. Each clause contains the attribute definition and a list of
+         * values.
+         * @return
+         * @throws AutoConfigureException
+         */
         AttributeBooleanExpression constructAttributeBoolean() throws AutoConfigureException {
             Map<String, SingleAttributeClause> prefixes = new HashMap<>();
             List<String> sortedPrefixes = new ArrayList<>();
@@ -378,7 +391,7 @@ AttributeBooleanExpression constructAttributeBoolean() throws AutoConfigureExcep
                     clause.values.add(aP);
                 } else if (byAttribute(aP) != null) {
                     var x = new SingleAttributeClause(byAttribute(aP).attr,
-                            new ArrayList<AttributeValueFQN>(Arrays.asList(aP)));
+                            new ArrayList<>(Arrays.asList(aP)));
                     prefixes.put(a.getKey(), x);
                     sortedPrefixes.add(a.getKey());
                 }
@@ -391,39 +404,6 @@ AttributeBooleanExpression constructAttributeBoolean() throws AutoConfigureExcep
             return new AttributeBooleanExpression(must);
         }
 
-        static class AttributeMapping {
-
-            private Map<AttributeNameFQN, Attribute> dict;
-
-            public AttributeMapping() {
-                this.dict = new HashMap<>();
-            }
-
-            public void put(Attribute ad) throws AutoConfigureException {
-                if (this.dict == null) {
-                    this.dict = new HashMap<>();
-                }
-
-                AttributeNameFQN prefix = new AttributeNameFQN(ad.getFqn());
-
-                if (this.dict.containsKey(prefix)) {
-                    throw new AutoConfigureException("Attribute prefix already found: [" + prefix.toString() + "]");
-                }
-
-                this.dict.put(prefix, ad);
-            }
-
-            public Attribute get(AttributeNameFQN prefix) throws AutoConfigureException {
-                Attribute ad = this.dict.get(prefix);
-                if (ad == null) {
-                    throw new AutoConfigureException("Unknown attribute type: [" + prefix.toString() + "], not in ["
-                            + this.dict.keySet().toString() + "]");
-                }
-                return ad;
-            }
-
-        }
-
         static class SingleAttributeClause {
 
             private Attribute def;
@@ -435,9 +415,9 @@ public SingleAttributeClause(Attribute def, List<AttributeValueFQN> values) {
             }
         }
 
-        class AttributeBooleanExpression {
+        static class AttributeBooleanExpression {
 
-            private List<SingleAttributeClause> must;
+            private final List<SingleAttributeClause> must;
 
             public AttributeBooleanExpression(List<SingleAttributeClause> must) {
                 this.must = must;
@@ -478,7 +458,7 @@ public String toString() {
 
         }
 
-        public class PublicKeyInfo {
+        public static class PublicKeyInfo {
             private String kas;
 
             public PublicKeyInfo(String kas) {
@@ -494,9 +474,9 @@ public void setKas(String kas) {
             }
         }
 
-        public class KeyClause {
-            private String operator;
-            private List<PublicKeyInfo> values;
+        public static class KeyClause {
+            private final String operator;
+            private final List<PublicKeyInfo> values;
 
             public KeyClause(String operator, List<PublicKeyInfo> values) {
                 this.operator = operator;
@@ -531,8 +511,8 @@ public String toString() {
             }
         }
 
-        public class BooleanKeyExpression {
-            private List<KeyClause> values;
+        public static class BooleanKeyExpression {
+            private final List<KeyClause> values;
 
             public BooleanKeyExpression(List<KeyClause> values) {
                 this.values = values;
@@ -612,7 +592,7 @@ public Disjunction sortedNoDupes(List<PublicKeyInfo> l) {
 
         }
 
-        class Disjunction extends ArrayList<String> {
+        static class Disjunction extends ArrayList<String> {
 
             public boolean less(Disjunction r) {
                 int m = Math.min(this.size(), r.size());
diff --git a/sdk/src/main/java/io/opentdf/platform/sdk/TDF.java b/sdk/src/main/java/io/opentdf/platform/sdk/TDF.java
@@ -28,6 +28,7 @@
 import java.security.*;
 import java.text.ParseException;
 import java.util.*;
+import java.util.stream.Collectors;
 
 /**
  * The TDF class is responsible for handling operations related to
@@ -151,22 +152,6 @@ private void prepareManifest(Config.TDFConfig tdfConfig, SDK.KAS kas) {
             String base64PolicyObject = encoder
                     .encodeToString(gson.toJson(policyObject).getBytes(StandardCharsets.UTF_8));
             Map<String, Config.KASInfo> latestKASInfo = new HashMap<>();
-            if (tdfConfig.splitPlan == null || tdfConfig.splitPlan.isEmpty()) {
-                // Default split plan: Split keys across all KASes
-                List<Autoconfigure.KeySplitStep> splitPlan = new ArrayList<>(tdfConfig.kasInfoList.size());
-                int i = 0;
-                for (Config.KASInfo kasInfo : tdfConfig.kasInfoList) {
-                    Autoconfigure.KeySplitStep step = new Autoconfigure.KeySplitStep(kasInfo.URL, "");
-                    if (tdfConfig.kasInfoList.size() > 1) {
-                        step.splitID = String.format("s-%d", i++);
-                    }
-                    splitPlan.add(step);
-                    if (kasInfo.PublicKey != null && !kasInfo.PublicKey.isEmpty()) {
-                        latestKASInfo.put(kasInfo.URL, kasInfo);
-                    }
-                }
-                tdfConfig.splitPlan = splitPlan;
-            }
 
             // Seed anything passed in manually
             for (Config.KASInfo kasInfo : tdfConfig.kasInfoList) {
@@ -177,7 +162,6 @@ private void prepareManifest(Config.TDFConfig tdfConfig, SDK.KAS kas) {
 
             // split plan: restructure by conjunctions
             Map<String, List<Config.KASInfo>> conjunction = new HashMap<>();
-            List<String> splitIDs = new ArrayList<>();
 
             for (Autoconfigure.KeySplitStep splitInfo : tdfConfig.splitPlan) {
                 // Public key was passed in with kasInfoList
@@ -192,18 +176,11 @@ private void prepareManifest(Config.TDFConfig tdfConfig, SDK.KAS kas) {
                     latestKASInfo.put(splitInfo.kas, getKI);
                     ki = getKI;
                 }
-                if (conjunction.containsKey(splitInfo.splitID)) {
-                    conjunction.get(splitInfo.splitID).add(ki);
-                } else {
-                    List<Config.KASInfo> newList = new ArrayList<>();
-                    newList.add(ki);
-                    conjunction.put(splitInfo.splitID, newList);
-                    splitIDs.add(splitInfo.splitID);
-                }
+                conjunction.computeIfAbsent(splitInfo.splitID, s -> new ArrayList<>()).add(ki);
             }
 
-            List<byte[]> symKeys = new ArrayList<>(splitIDs.size());
-            for (String splitID : splitIDs) {
+            List<byte[]> symKeys = new ArrayList<>(conjunction.size());
+            for (String splitID : conjunction.keySet()) {
                 // Symmetric key
                 byte[] symKey = new byte[GCM_KEY_SIZE];
                 sRandom.nextBytes(symKey);
@@ -401,6 +378,7 @@ private static byte[] calculateSignature(byte[] data, byte[] secret, Config.Inte
 
     TDFObject createTDF(InputStream payload, OutputStream outputStream, Config.TDFConfig tdfConfig) throws SDKException, IOException {
 
+        List<String> dk = defaultKases(tdfConfig);
         if (tdfConfig.autoconfigure) {
             Autoconfigure.Granter granter = new Autoconfigure.Granter(new ArrayList<>());
             if (tdfConfig.attributeValues != null && !tdfConfig.attributeValues.isEmpty()) {
@@ -413,14 +391,9 @@ TDFObject createTDF(InputStream payload, OutputStream outputStream, Config.TDFCo
             if (granter == null) {
                 throw new AutoConfigureException("Failed to create Granter"); // Replace with appropriate error handling
             }
-
-            List<String> dk = defaultKases(tdfConfig);
             tdfConfig.splitPlan = granter.plan(dk, () -> UUID.randomUUID().toString());
-
-            if (tdfConfig.splitPlan == null) {
-                throw new AutoConfigureException("Failed to generate Split Plan"); // Replace with appropriate error
-                // handling
-            }
+        } else {
+            tdfConfig.splitPlan = Autoconfigure.Granter.generatePlanFromDefaultKases(dk, () -> UUID.randomUUID().toString());
         }
 
         if (tdfConfig.kasInfoList.isEmpty() && (tdfConfig.splitPlan == null || tdfConfig.splitPlan.isEmpty())) {
@@ -572,10 +545,7 @@ static List<String> defaultKases(TDFConfig config) {
                 allk.add(kasInfo.URL);
             }
         }
-        if (defk.isEmpty()) {
-            return allk;
-        }
-        return defk;
+        return defk.isEmpty() ? allk : defk;
     }
 
     Reader loadTDF(SeekableByteChannel tdf, String platformUrl) throws SDKException, IOException {
