From f7e05caafbc883e29e88b6daba96343c0d9597a1 Mon Sep 17 00:00:00 2001 From: David Mihalcik Date: Fri, 1 Aug 2025 13:35:04 -0400 Subject: [PATCH 1/2] chore(cmdline): Adds nano plaintext to cmdline --- .../main/java/io/opentdf/platform/Command.java | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/cmdline/src/main/java/io/opentdf/platform/Command.java b/cmdline/src/main/java/io/opentdf/platform/Command.java index 4879ac9e..ae11679a 100644 --- a/cmdline/src/main/java/io/opentdf/platform/Command.java +++ b/cmdline/src/main/java/io/opentdf/platform/Command.java @@ -8,6 +8,7 @@ import io.opentdf.platform.sdk.Config; import io.opentdf.platform.sdk.KeyType; import io.opentdf.platform.sdk.Config.AssertionVerificationKeys; +import io.opentdf.platform.sdk.NanoTDFType; import io.opentdf.platform.sdk.SDK; import io.opentdf.platform.sdk.SDKBuilder; import nl.altindag.ssl.SSLFactory; @@ -328,6 +329,7 @@ void createNanoTDF( @Option(names = { "-f", "--file" }, defaultValue = Option.NULL_VALUE) Optional file, @Option(names = { "-k", "--kas-url" }, required = true) List kas, @Option(names = { "-m", "--metadata" }, defaultValue = Option.NULL_VALUE) Optional metadata, + @Option(names = { "--policy-type" }, defaultValue = Option.NULL_VALUE, description = "how to embed the policy, either plaintext or encrypted") Optional policyType, @Option(names = { "-a", "--attr" }, defaultValue = Option.NULL_VALUE) Optional attributes) throws Exception { @@ -343,6 +345,19 @@ void createNanoTDF( attributes.ifPresent(attr -> { configs.add(Config.witDataAttributes(attr.split(","))); }); + policyType.ifPresent(mode -> { + switch (mode) { + case "": + case "encrypted": + configs.add(Config.withPolicyType(NanoTDFType.PolicyType.EMBEDDED_POLICY_ENCRYPTED)); + break; + case "plaintext": + configs.add(Config.withPolicyType(NanoTDFType.PolicyType.EMBEDDED_POLICY_PLAIN_TEXT)); + break; + default: + throw new IllegalArgumentException("Unknown policy type: " + mode); + } + }); var nanoTDFConfig = Config.newNanoTDFConfig(configs.toArray(Consumer[]::new)); try (var in = file.isEmpty() ? new BufferedInputStream(System.in) : new FileInputStream(file.get())) { From 470f2d25435db7c53ae6181e84e31b4b74956667 Mon Sep 17 00:00:00 2001 From: David Mihalcik Date: Fri, 8 Aug 2025 11:46:11 -0400 Subject: [PATCH 2/2] Update checks.yaml --- .github/workflows/checks.yaml | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index eb0e56a4..c468b18b 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -167,7 +167,7 @@ jobs: --client-secret=secret \ --platform-endpoint=http://localhost:8080 \ -h\ - encryptnano --kas-url=http://localhost:8080 --attr https://example.com/attr/attr1/value/value1 -f data -m 'here is some metadata' > nano.ntdf + encryptnano --kas-url=http://localhost:8080 --attr https://example.com/attr/attr1/value/value1 --policy-type encrypted -f data -m 'here is some metadata' > nano.ntdf java -jar target/cmdline.jar \ --client-id=opentdf-sdk \ @@ -182,6 +182,30 @@ jobs: fi working-directory: cmdline + - name: Encrypt/Decrypt NanoTDF with plain text policy type + run: | + echo 'here is some data to encrypt' > data + + java -jar target/cmdline.jar \ + --client-id=opentdf-sdk \ + --client-secret=secret \ + --platform-endpoint=http://localhost:8080 \ + -h\ + encryptnano --kas-url=http://localhost:8080 --attr https://example.com/attr/attr1/value/value1 --policy-type plaintext -f data -m 'here is some metadata' > nanopt.ntdf + + java -jar target/cmdline.jar \ + --client-id=opentdf-sdk \ + --client-secret=secret \ + --platform-endpoint=http://localhost:8080 \ + -h\ + decryptnano -f nanopt.ntdf > decrypted + + if ! diff -q data decrypted; then + printf 'decrypted data is incorrect [%s]' "$(< decrypted)" + exit 1 + fi + working-directory: cmdline + - name: Encrypt/Decrypt Assertions run: | echo "basic assertions"