cleanup

Author: mkleene

sdk/src/main/java/io/opentdf/platform/sdk/KASClient.java

@@ -152,7 +152,7 @@ static class NanoTDFRewrapRequestBody {
     @Override
     public byte[] unwrap(Manifest.KeyAccess keyAccess, String policy,  KeyType sessionKeyType) {
         ECKeyPair ecKeyPair = null;
-        
+
         if (sessionKeyType.isEc()) {
             var curveName = sessionKeyType.getCurveName();
             ecKeyPair = new ECKeyPair(curveName, ECKeyPair.ECAlgorithm.ECDH);
@@ -191,40 +191,37 @@ public byte[] unwrap(Manifest.KeyAccess keyAccess, String policy,  KeyType sessi
                 .setSignedRequestToken(jwt.serialize())
                 .build();
         RewrapResponse response;
+        var req = getStub(keyAccess.url).rewrapBlocking(request, Collections.emptyMap()).execute();
         try {
-            var req = getStub(keyAccess.url).rewrapBlocking(request, Collections.emptyMap()).execute();
-            try {
-                response = getOrThrow(req);
-            } catch (Exception e) {
-                throw new SDKException("error unwrapping key", e);
-            }
-            var wrappedKey = response.getEntityWrappedKey().toByteArray();
-            if (sessionKeyType != KeyType.RSA2048Key) {
-
-                if (ecKeyPair == null) {
-                    throw new SDKException("ECKeyPair is null. Unable to proceed with the unwrap operation.");
-                }
-
-                var kasEphemeralPublicKey = response.getSessionPublicKey();
-                var publicKey = ECKeyPair.publicKeyFromPem(kasEphemeralPublicKey);
-                byte[] symKey = ECKeyPair.computeECDHKey(publicKey, ecKeyPair.getPrivateKey());
-
-                var sessionKey = ECKeyPair.calculateHKDF(GLOBAL_KEY_SALT, symKey);
-
-                AesGcm gcm = new AesGcm(sessionKey);
-                AesGcm.Encrypted encrypted = new AesGcm.Encrypted(wrappedKey);
-                return gcm.decrypt(encrypted);
-            } else {
-                return decryptor.decrypt(wrappedKey);
-            }
+            response = getOrThrow(req);
         } catch (StatusRuntimeException e) {
             if (e.getStatus().getCode() == Status.Code.INVALID_ARGUMENT) {
                 // 400 Bad Request
-                throw new KasBadRequestException("rewrap request 400: " + e.toString());
+                throw new KasBadRequestException("rewrap request 400: " + e);
             }
             throw e;
+        } catch (Exception e) {
+            throw new SDKException("error unwrapping key", e);
+        }
+        var wrappedKey = response.getEntityWrappedKey().toByteArray();
+        if (sessionKeyType != KeyType.RSA2048Key) {
+
+            if (ecKeyPair == null) {
+                throw new SDKException("ECKeyPair is null. Unable to proceed with the unwrap operation.");
+            }
+
+            var kasEphemeralPublicKey = response.getSessionPublicKey();
+            var publicKey = ECKeyPair.publicKeyFromPem(kasEphemeralPublicKey);
+            byte[] symKey = ECKeyPair.computeECDHKey(publicKey, ecKeyPair.getPrivateKey());
+
+            var sessionKey = ECKeyPair.calculateHKDF(GLOBAL_KEY_SALT, symKey);
+
+            AesGcm gcm = new AesGcm(sessionKey);
+            AesGcm.Encrypted encrypted = new AesGcm.Encrypted(wrappedKey);
+            return gcm.decrypt(encrypted);
+        } else {
+            return decryptor.decrypt(wrappedKey);
         }
-        
     }
 
     public byte[] unwrapNanoTDF(NanoTDFType.ECCurve curve, String header, String kasURL) {

sdk/src/main/java/io/opentdf/platform/sdk/SDKBuilder.java

@@ -279,7 +279,7 @@ private ProtocolClient getUnauthenticatedProtocolClient(String endpoint, Interce
                 NetworkProtocol.GRPC,
                 null,
                 GETConfiguration.Enabled.INSTANCE,
-                authInterceptor == null ? Collections.emptyList() : List.of((_config) -> authInterceptor)
+                authInterceptor == null ? Collections.emptyList() : List.of(_config -> authInterceptor)
         );
 
         return new ProtocolClient(new ConnectOkHttpClient(httpClient.build()), protocolClientConfig);

sdk/src/main/java/io/opentdf/platform/sdk/TDF.java

@@ -27,7 +27,6 @@
 import java.security.*;
 import java.text.ParseException;
 import java.util.*;
-import java.util.concurrent.ExecutionException;
 
 /**
  * The TDF class is responsible for handling operations related to
@@ -476,7 +475,7 @@ private static byte[] calculateSignature(byte[] data, byte[] secret, Config.Inte
     public TDFObject createTDF(InputStream payload,
                                OutputStream outputStream,
                                Config.TDFConfig tdfConfig, SDK.KAS kas, AttributesServiceClient attributesServiceClient)
-            throws IOException, JOSEException, AutoConfigureException, InterruptedException, ExecutionException, DecoderException {
+            throws IOException, JOSEException, AutoConfigureException, DecoderException {
 
         if (tdfConfig.autoconfigure) {
             Autoconfigure.Granter granter = new Autoconfigure.Granter(new ArrayList<>());

sdk/src/main/java/io/opentdf/platform/sdk/TokenSource.java

@@ -82,9 +82,9 @@ public AuthHeaders getAuthHeaders(URL url, String method) {
             SignedJWT proof = dpopFactory.createDPoPJWT(method, url.toURI(), t);
             dpopProof = proof.serialize();
         } catch (URISyntaxException e) {
-            throw new RuntimeException("Invalid URI syntax for DPoP proof creation", e);
+            throw new SDKException("Invalid URI syntax for DPoP proof creation", e);
         } catch (JOSEException e) {
-            throw new RuntimeException("Error creating DPoP proof", e);
+            throw new SDKException("Error creating DPoP proof", e);
         }
 
         return new AuthHeaders(
@@ -127,7 +127,6 @@ private synchronized AccessToken getToken() {
                     throw new RuntimeException("Token request failed: " + error);
                 }
 
-
                 var tokens = tokenResponse.toSuccessResponse().getTokens();
                 if (tokens.getDPoPAccessToken() != null) {
                     logger.trace("retrieved a new DPoP access token");