From b92bbf8f2ab996ab5b84ac3bfef244c11dd5cf05 Mon Sep 17 00:00:00 2001 From: David Mihalcik Date: Tue, 4 Mar 2025 10:48:19 -0500 Subject: [PATCH 1/2] fix(cli): Enable ec-wrapped cfg --- cmdline/src/main/java/io/opentdf/platform/Command.java | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cmdline/src/main/java/io/opentdf/platform/Command.java b/cmdline/src/main/java/io/opentdf/platform/Command.java index 246c19dc..e05b88fa 100644 --- a/cmdline/src/main/java/io/opentdf/platform/Command.java +++ b/cmdline/src/main/java/io/opentdf/platform/Command.java @@ -6,7 +6,9 @@ import io.opentdf.platform.sdk.AssertionConfig; import io.opentdf.platform.sdk.AutoConfigureException; import io.opentdf.platform.sdk.Config; +import io.opentdf.platform.sdk.KeyType; import io.opentdf.platform.sdk.Config.AssertionVerificationKeys; +import io.opentdf.platform.sdk.Config.TDFReaderConfig; import io.opentdf.platform.sdk.NanoTDF; import io.opentdf.platform.sdk.SDK; import io.opentdf.platform.sdk.SDKBuilder; @@ -145,6 +147,7 @@ void encrypt( @Option(names = { "-a", "--attr" }, defaultValue = Option.NULL_VALUE) Optional attributes, @Option(names = { "-c", "--autoconfigure" }, defaultValue = Option.NULL_VALUE) Optional autoconfigure, + @Option(names = { "--encapKeyType" }, defaultValue = Option.NULL_VALUE, description="Preferred key access key wrap algorithm") Optional encapKeyType, @Option(names = { "--mime-type" }, defaultValue = Option.NULL_VALUE) Optional mimeType, @Option(names = { "--with-assertions" }, defaultValue = Option.NULL_VALUE) Optional assertion) @@ -161,6 +164,7 @@ void encrypt( configs.add(Config.withKasInformation(kasInfos)); metadata.map(Config::withMetaData).ifPresent(configs::add); autoconfigure.map(Config::withAutoconfigure).ifPresent(configs::add); + encapKeyType.map(Config::WithWrappingKeyAlg).ifPresent(configs::add); mimeType.map(Config::withMimeType).ifPresent(configs::add); if (assertion.isPresent()) { @@ -226,6 +230,7 @@ private SDK buildSDK() { @CommandLine.Command(name = "decrypt") void decrypt(@Option(names = { "-f", "--file" }, required = true) Path tdfPath, + @Option(names = { "--rewrap-key-type" }, defaultValue = Option.NULL_VALUE, description="Preferred rewrap algorithm") Optional rewrapKeyType, @Option(names = { "--with-assertion-verification-disabled" }, defaultValue = "false") boolean disableAssertionVerification, @Option(names = { "--with-assertion-verification-keys" }, defaultValue = Option.NULL_VALUE) Optional assertionVerification) throws IOException, TDF.FailedToCreateGMAC, JOSEException, ParseException, NoSuchAlgorithmException, DecoderException { @@ -266,6 +271,7 @@ void decrypt(@Option(names = { "-f", "--file" }, required = true) Path tdfPath, if (disableAssertionVerification) { opts.add(Config.withDisableAssertionVerification(true)); } + rewrapKeyType.map(Config::WithSessionKeyType).ifPresent(opts::add); var readerConfig = Config.newTDFReaderConfig(opts.toArray(new Consumer[0])); var reader = new TDF().loadTDF(in, sdk.getServices().kas(), readerConfig); From 3e6552f6e29c87c98dbf16bc871d87925ae29646 Mon Sep 17 00:00:00 2001 From: David Mihalcik Date: Tue, 4 Mar 2025 11:21:43 -0500 Subject: [PATCH 2/2] fix name, improve help --- cmdline/src/main/java/io/opentdf/platform/Command.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cmdline/src/main/java/io/opentdf/platform/Command.java b/cmdline/src/main/java/io/opentdf/platform/Command.java index e05b88fa..a739c600 100644 --- a/cmdline/src/main/java/io/opentdf/platform/Command.java +++ b/cmdline/src/main/java/io/opentdf/platform/Command.java @@ -8,7 +8,6 @@ import io.opentdf.platform.sdk.Config; import io.opentdf.platform.sdk.KeyType; import io.opentdf.platform.sdk.Config.AssertionVerificationKeys; -import io.opentdf.platform.sdk.Config.TDFReaderConfig; import io.opentdf.platform.sdk.NanoTDF; import io.opentdf.platform.sdk.SDK; import io.opentdf.platform.sdk.SDKBuilder; @@ -147,7 +146,8 @@ void encrypt( @Option(names = { "-a", "--attr" }, defaultValue = Option.NULL_VALUE) Optional attributes, @Option(names = { "-c", "--autoconfigure" }, defaultValue = Option.NULL_VALUE) Optional autoconfigure, - @Option(names = { "--encapKeyType" }, defaultValue = Option.NULL_VALUE, description="Preferred key access key wrap algorithm") Optional encapKeyType, + @Option(names = { + "--encap-key-type" }, defaultValue = Option.NULL_VALUE, description = "Preferred key access key wrap algorithm, one of ${COMPLETION-CANDIDATES}") Optional encapKeyType, @Option(names = { "--mime-type" }, defaultValue = Option.NULL_VALUE) Optional mimeType, @Option(names = { "--with-assertions" }, defaultValue = Option.NULL_VALUE) Optional assertion) @@ -230,7 +230,7 @@ private SDK buildSDK() { @CommandLine.Command(name = "decrypt") void decrypt(@Option(names = { "-f", "--file" }, required = true) Path tdfPath, - @Option(names = { "--rewrap-key-type" }, defaultValue = Option.NULL_VALUE, description="Preferred rewrap algorithm") Optional rewrapKeyType, + @Option(names = { "--rewrap-key-type" }, defaultValue = Option.NULL_VALUE, description = "Preferred rewrap algorithm, one of ${COMPLETION-CANDIDATES}") Optional rewrapKeyType, @Option(names = { "--with-assertion-verification-disabled" }, defaultValue = "false") boolean disableAssertionVerification, @Option(names = { "--with-assertion-verification-keys" }, defaultValue = Option.NULL_VALUE) Optional assertionVerification) throws IOException, TDF.FailedToCreateGMAC, JOSEException, ParseException, NoSuchAlgorithmException, DecoderException {