sonarcloud

Author: mkleene

sdk/src/main/java/io/opentdf/platform/sdk/Autoconfigure.java

@@ -24,7 +24,6 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
-import java.util.Comparator;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
@@ -61,6 +60,10 @@ class Autoconfigure {
 
     private static Logger logger = LoggerFactory.getLogger(Autoconfigure.class);
 
+    private Autoconfigure() {
+        // Prevent instantiation, this class is a utility class that is only used statically
+    }
+
     static class KeySplitStep {
         final String kas;
         final String splitID;
@@ -288,7 +291,7 @@ List<AttributeValueFQN> getPolicy() {
             return policy;
         }
 
-        boolean addAllGrants(AttributeValueFQN fqn, List<KeyAccessServer> granted, List<SimpleKasKey> mapped, Attribute attr, KASKeyCache keyCache) {
+        boolean addAllGrants(AttributeValueFQN fqn, List<KeyAccessServer> granted, List<SimpleKasKey> mapped, Attribute attr) {
             boolean foundMappedKey = false;
             for (var mappedKey: mapped) {
                 foundMappedKey = true;
@@ -312,10 +315,11 @@ boolean addAllGrants(AttributeValueFQN fqn, List<KeyAccessServer> granted, List<
                     continue;
                 }
                 var cachedGrantKeys = grantedKey.getPublicKey().getCached().getKeysList();
-                if (cachedGrantKeys.isEmpty()) {
-                    logger.debug("no keys cached in policy service");
-                    continue;
+
+                if (logger.isDebugEnabled()) {
+                    logger.debug("found {} keys cached in policy service", cachedGrantKeys.size());
                 }
+
                 for (var cachedGrantKey: cachedGrantKeys) {
                     var mappedKey = new Config.KASInfo();
                     mappedKey.URL = grantedKey.getUri();
@@ -444,7 +448,6 @@ BooleanKeyExpression insertKeysForAttribute(AttributeBooleanExpression e) throws
 
                     List<String> kases = grant.kases;
                     if (kases.isEmpty()) {
-                        // TODO: replace this with a reference to the base key
                         kases = List.of(RuleType.EMPTY_TERM);
                     }
 
@@ -469,13 +472,13 @@ BooleanKeyExpression assignKeysTo(AttributeBooleanExpression e) {
             for (var clause : e.must) {
                 ArrayList<PublicKeyInfo> keys = new ArrayList<>();
                 if (clause.values.isEmpty()) {
-                    logger.warn("No values found for attribute: " + clause.def.getFqn());
+                    logger.warn("No values found for attribute {}", clause.def.getFqn());
                     continue;
                 }
                 for (var value : clause.values) {
                     var mapped = mappedKeys.get(value.key);
                     if (mapped == null) {
-                        logger.warn("No keys found for attribute value {} ", value);
+                        logger.warn("No keys found for attribute value {}", value);
                         continue;
                     }
                     for (var kasInfo : mapped) {
@@ -874,16 +877,16 @@ private static Granter getGranter(KASKeyCache keyCache, List<GetAttributeValuesB
             var attribute = attributeAndValue.getAttribute();
             var namespace = attribute.getNamespace();
 
-            if (grants.addAllGrants(fqn, value.getGrantsList(), value.getKasKeysList(), attribute, keyCache)) {
+            if (grants.addAllGrants(fqn, value.getGrantsList(), value.getKasKeysList(), attribute)) {
                 storeKeysToCache(value.getGrantsList(), value.getKasKeysList(), keyCache);
                 continue;
             }
-            if (grants.addAllGrants(fqn, attribute.getGrantsList(), attribute.getKasKeysList(), attribute, keyCache)) {
+            if (grants.addAllGrants(fqn, attribute.getGrantsList(), attribute.getKasKeysList(), attribute)) {
                 storeKeysToCache(attribute.getGrantsList(), attribute.getKasKeysList(), keyCache);
                 continue;
             }
             storeKeysToCache(namespace.getGrantsList(), namespace.getKasKeysList(), keyCache);
-            grants.addAllGrants(fqn, namespace.getGrantsList(), namespace.getKasKeysList(), attribute, keyCache);
+            grants.addAllGrants(fqn, namespace.getGrantsList(), namespace.getKasKeysList(), attribute);
         }
 
         return grants;

sdk/src/main/java/io/opentdf/platform/sdk/Planner.java

@@ -88,7 +88,6 @@ static Optional<SimpleKasKey> fetchBaseKey(WellKnownServiceClientInterface wellk
         try {
             response = RequestHelper.getOrThrow(responseMessage);
         } catch (ConnectException e) {
-            logger.error("unable to retrieve configuration from well known endpoint", e);
             throw new SDKException("unable to retrieve base key from well known endpoint", e);
         }
 

sdk/src/main/java/io/opentdf/platform/sdk/TDF.java

@@ -150,7 +150,9 @@ private void prepareManifest(Config.TDFConfig tdfConfig, Map<String, List<KASInf
 
 
             List<byte[]> symKeys = new ArrayList<>(splits.size());
-            for (String splitID : splits.keySet()) {
+            for (var split : splits.entrySet()) {
+                String splitID = split.getKey();
+
                 // Symmetric key
                 byte[] symKey = new byte[GCM_KEY_SIZE];
                 sRandom.nextBytes(symKey);
@@ -177,7 +179,8 @@ private void prepareManifest(Config.TDFConfig tdfConfig, Map<String, List<KASInf
                     encryptedMetadata = encoder.encodeToString(metadata.getBytes(StandardCharsets.UTF_8));
                 }
 
-                for (Config.KASInfo kasInfo : splits.get(splitID)) {
+                List<KASInfo> kasInfos = split.getValue();
+                for (Config.KASInfo kasInfo : kasInfos) {
                     if (kasInfo.PublicKey == null || kasInfo.PublicKey.isEmpty()) {
                         throw new SDK.KasPublicKeyMissing("Kas public key is missing in kas information list");
                     }

sdk/src/test/java/io/opentdf/platform/sdk/AutoconfigureTest.java

@@ -1,16 +1,5 @@
 package io.opentdf.platform.sdk;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertNotNull;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.never;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
-
 import com.connectrpc.ResponseMessage;
 import com.connectrpc.UnaryBlockingCall;
 import io.opentdf.platform.policy.Algorithm;
@@ -29,11 +18,10 @@
 import io.opentdf.platform.policy.attributes.GetAttributeValuesByFqnsRequest;
 import io.opentdf.platform.policy.attributes.GetAttributeValuesByFqnsResponse;
 import io.opentdf.platform.sdk.Autoconfigure.AttributeValueFQN;
+import io.opentdf.platform.sdk.Autoconfigure.Granter;
 import io.opentdf.platform.sdk.Autoconfigure.Granter.AttributeBooleanExpression;
 import io.opentdf.platform.sdk.Autoconfigure.Granter.BooleanKeyExpression;
 import io.opentdf.platform.sdk.Autoconfigure.KeySplitStep;
-import io.opentdf.platform.sdk.Autoconfigure.Granter;
-
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
 import org.mockito.Mockito;
@@ -48,9 +36,20 @@
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.function.BiFunction;
 import java.util.function.Supplier;
-import java.util.stream.Collectors;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
+import java.util.stream.Collectors;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 
 public class AutoconfigureTest {
 
@@ -514,7 +513,7 @@ public void testReasonerConstructAttributeBoolean() {
             var wrapper = new Object() {
                 int i = 0;
             };
-            List<KeySplitStep> plan = reasoner.getSplits(tc.getDefaults(), () -> String.valueOf(wrapper.i++ + 1), () -> Optional.empty());
+            List<KeySplitStep> plan = reasoner.getSplits(tc.getDefaults(), () -> String.valueOf(wrapper.i++ + 1), Optional::empty);
             assertThat(plan)
                     .as(tc.name)
                     .isEqualTo(tc.getPlan());
@@ -525,7 +524,7 @@ public void testReasonerConstructAttributeBoolean() {
     void testUsingAttributeMappedAtNamespace() {
         Granter granter = Autoconfigure.newGranterFromAttributes(new KASKeyCache(), mockValueFor(mp2uns2uns));
         var counter = new AtomicInteger(0);
-        var splitPlan = granter.getSplits(Collections.emptyList(), () -> Integer.toString(counter.getAndIncrement()), () -> Optional.empty());
+        var splitPlan = granter.getSplits(Collections.emptyList(), () -> Integer.toString(counter.getAndIncrement()), Optional::empty);
         assertThat(splitPlan).isEqualTo(List.of(new KeySplitStep("https://mapped.example.com", "", NAMESPACE_KAS_KEY.getPublicKey().getKid())));
     }
 
@@ -534,7 +533,7 @@ void testUsingAttributeMappedAtMultiplePlaces() {
         var attributes = new Value[]{mockValueFor(mp2uns2uns), mockValueFor(mp2uns2mp)};
         Granter granter = Autoconfigure.newGranterFromAttributes(new KASKeyCache(), attributes);
         var counter = new AtomicInteger(0);
-        var splitPlan = granter.getSplits(Collections.emptyList(), () -> Integer.toString(counter.getAndIncrement()), () -> Optional.empty());
+        var splitPlan = granter.getSplits(Collections.emptyList(), () -> Integer.toString(counter.getAndIncrement()), Optional::empty);
         assertThat(splitPlan).isEqualTo(List.of(
                 new KeySplitStep(NAMESPACE_KAS_KEY.getKasUri(), "0", NAMESPACE_KAS_KEY.getPublicKey().getKid()),
                 new KeySplitStep(VALUE_KEY.getKasUri(), "0", VALUE_KEY.getPublicKey().getKid())
@@ -1075,27 +1074,18 @@ void createsGranterFromService() {
 
         // Mock the attribute service to return a response with the expected values
         when(attributesServiceClient.getAttributeValuesByFqnsBlocking(any(), any())).thenAnswer(invocation -> {
-            return new UnaryBlockingCall<GetAttributeValuesByFqnsResponse>() {
-                @Override
-                public ResponseMessage<GetAttributeValuesByFqnsResponse> execute() {
-                    GetAttributeValuesByFqnsResponse.Builder builder = GetAttributeValuesByFqnsResponse.newBuilder();
-                    for (AttributeValueFQN fqn : policy) {
-                        Value value = Value.newBuilder()
-                                .setId(fqn.toString())
-                                .setFqn(fqn.toString())
-                                .build();
-                        builder.putFqnAttributeValues(fqn.toString(),
-                                GetAttributeValuesByFqnsResponse.AttributeAndValue.newBuilder()
-                                        .setValue(value)
-                                        .build());
-                    }
-                    return new ResponseMessage.Success<>(builder.build(), Collections.emptyMap(), Collections.emptyMap());
-                }
-
-                @Override
-                public void cancel() {
-                }
-            };
+            GetAttributeValuesByFqnsResponse.Builder builder = GetAttributeValuesByFqnsResponse.newBuilder();
+            for (AttributeValueFQN fqn : policy) {
+                Value value = Value.newBuilder()
+                        .setId(fqn.toString())
+                        .setFqn(fqn.toString())
+                        .build();
+                builder.putFqnAttributeValues(fqn.toString(),
+                        GetAttributeValuesByFqnsResponse.AttributeAndValue.newBuilder()
+                                .setValue(value)
+                                .build());
+            }
+            return TestUtil.successfulUnaryCall(builder.build());
         });
 
         // Act

sdk/src/test/java/io/opentdf/platform/sdk/FakeServices.java

@@ -1,16 +1,10 @@
 package io.opentdf.platform.sdk;
 
-import io.opentdf.platform.authorization.AuthorizationServiceClient;
 import io.opentdf.platform.authorization.AuthorizationServiceClientInterface;
-import io.opentdf.platform.policy.attributes.AttributesServiceClient;
 import io.opentdf.platform.policy.attributes.AttributesServiceClientInterface;
-import io.opentdf.platform.policy.kasregistry.KeyAccessServerRegistryServiceClient;
 import io.opentdf.platform.policy.kasregistry.KeyAccessServerRegistryServiceClientInterface;
-import io.opentdf.platform.policy.namespaces.NamespaceServiceClient;
 import io.opentdf.platform.policy.namespaces.NamespaceServiceClientInterface;
-import io.opentdf.platform.policy.resourcemapping.ResourceMappingServiceClient;
 import io.opentdf.platform.policy.resourcemapping.ResourceMappingServiceClientInterface;
-import io.opentdf.platform.policy.subjectmapping.SubjectMappingServiceClient;
 import io.opentdf.platform.policy.subjectmapping.SubjectMappingServiceClientInterface;
 import io.opentdf.platform.wellknownconfiguration.WellKnownServiceClientInterface;