add more tests

Author: mkleene

sdk/src/main/java/io/opentdf/platform/sdk/Autoconfigure.java

@@ -824,7 +824,7 @@ public static String ruleToOperator(AttributeRuleTypeEnum e) {
     // Given a policy (list of data attributes or tags),
     // get a set of grants from attribute values to KASes.
     // Unlike `NewGranterFromService`, this works offline.
-    public static Granter newGranterFromAttributes(KASKeyCache keyCache, Value... attrValues) throws AutoConfigureException {
+    static Granter newGranterFromAttributes(KASKeyCache keyCache, Value... attrValues) throws AutoConfigureException {
         var attrsAndValues = Arrays.stream(attrValues).map(v -> {
             if (!v.hasAttribute()) {
                 throw new AutoConfigureException("tried to use an attribute that is not initialized");
@@ -839,7 +839,7 @@ public static Granter newGranterFromAttributes(KASKeyCache keyCache, Value... at
     }
 
     // Gets a list of directory of KAS grants for a list of attribute FQNs
-    public static Granter newGranterFromService(AttributesServiceClientInterface as, KASKeyCache keyCache, AttributeValueFQN... fqns) throws AutoConfigureException {
+    static Granter newGranterFromService(AttributesServiceClientInterface as, KASKeyCache keyCache, AttributeValueFQN... fqns) throws AutoConfigureException {
         GetAttributeValuesByFqnsRequest request = GetAttributeValuesByFqnsRequest.newBuilder()
                 .addAllFqns(Arrays.stream(fqns).map(AttributeValueFQN::toString).collect(Collectors.toList()))
                 .setWithValue(AttributeValueSelector.newBuilder().setWithKeyAccessGrants(true).build())
@@ -852,6 +852,18 @@ public static Granter newGranterFromService(AttributesServiceClientInterface as,
         return getGranter(keyCache, new ArrayList<>(av.getFqnAttributeValuesMap().values()));
     }
 
+
+    static Autoconfigure.Granter createGranter(SDK.Services services, Config.TDFConfig tdfConfig) {
+        Autoconfigure.Granter granter = new Autoconfigure.Granter(new ArrayList<>());
+        if (tdfConfig.attributeValues != null && !tdfConfig.attributeValues.isEmpty()) {
+            granter = Autoconfigure.newGranterFromAttributes(services.kas().getKeyCache(), tdfConfig.attributeValues.toArray(new Value[0]));
+        } else if (tdfConfig.attributes != null && !tdfConfig.attributes.isEmpty()) {
+            granter = Autoconfigure.newGranterFromService(services.attributes(), services.kas().getKeyCache(),
+                    tdfConfig.attributes.toArray(new Autoconfigure.AttributeValueFQN[0]));
+        }
+        return granter;
+    }
+
     private static Granter getGranter(KASKeyCache keyCache, List<GetAttributeValuesByFqnsResponse.AttributeAndValue> values) {
         Granter grants = new Granter(values.stream().map(GetAttributeValuesByFqnsResponse.AttributeAndValue::getValue).map(Value::getFqn).map(AttributeValueFQN::new).collect(Collectors.toList()));
         for (var attributeAndValue: values) {
@@ -862,7 +874,6 @@ private static Granter getGranter(KASKeyCache keyCache, List<GetAttributeValuesB
             var attribute = attributeAndValue.getAttribute();
             var namespace = attribute.getNamespace();
 
-
             if (grants.addAllGrants(fqn, value.getGrantsList(), value.getKasKeysList(), attribute, keyCache)) {
                 storeKeysToCache(value.getGrantsList(), value.getKasKeysList(), keyCache);
                 continue;

sdk/src/main/java/io/opentdf/platform/sdk/Planner.java

@@ -7,9 +7,9 @@
 import io.opentdf.platform.policy.Algorithm;
 import io.opentdf.platform.policy.SimpleKasKey;
 import io.opentdf.platform.policy.SimpleKasPublicKey;
-import io.opentdf.platform.policy.Value;
 import io.opentdf.platform.wellknownconfiguration.GetWellKnownConfigurationRequest;
 import io.opentdf.platform.wellknownconfiguration.GetWellKnownConfigurationResponse;
+import io.opentdf.platform.wellknownconfiguration.WellKnownServiceClientInterface;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -21,6 +21,8 @@
 import java.util.Objects;
 import java.util.Optional;
 import java.util.UUID;
+import java.util.function.BiFunction;
+
 
 public class Planner {
     private static final String BASE_KEY = "base_key";
@@ -30,7 +32,7 @@ public class Planner {
 
     private static final Logger logger = LoggerFactory.getLogger(Planner.class);
 
-    public Planner(Config.TDFConfig config, SDK.Services services) {
+    public Planner(Config.TDFConfig config, SDK.Services services, BiFunction<SDK.Services, Config.TDFConfig, Autoconfigure.Granter> granterFactory) {
         this.tdfConfig = Objects.requireNonNull(config);
         this.services = Objects.requireNonNull(services);
     }
@@ -45,7 +47,7 @@ Map<String, List<Config.KASInfo>> getSplits(Config.TDFConfig tdfConfig) {
             if (tdfConfig.splitPlan != null && !tdfConfig.splitPlan.isEmpty()) {
                 throw new IllegalArgumentException("cannot use autoconfigure with a split plan provided in the TDFConfig");
             }
-            splitPlan = getAutoconfigurePlan(tdfConfig);
+            splitPlan = getAutoconfigurePlan(services, tdfConfig);
         } else if (tdfConfig.splitPlan == null || tdfConfig.splitPlan.isEmpty()) {
             splitPlan = generatePlanFromProvidedKases(tdfConfig.kasInfoList);
         } else {
@@ -58,17 +60,12 @@ Map<String, List<Config.KASInfo>> getSplits(Config.TDFConfig tdfConfig) {
         return resolveKeys(splitPlan);
     }
 
-    private List<Autoconfigure.KeySplitStep> getAutoconfigurePlan(Config.TDFConfig tdfConfig) {
-        Autoconfigure.Granter granter = new Autoconfigure.Granter(new ArrayList<>());
-        if (tdfConfig.attributeValues != null && !tdfConfig.attributeValues.isEmpty()) {
-            granter = Autoconfigure.newGranterFromAttributes(services.kas().getKeyCache(), tdfConfig.attributeValues.toArray(new Value[0]));
-        } else if (tdfConfig.attributes != null && !tdfConfig.attributes.isEmpty()) {
-            granter = Autoconfigure.newGranterFromService(services.attributes(), services.kas().getKeyCache(),
-                    tdfConfig.attributes.toArray(new Autoconfigure.AttributeValueFQN[0]));
-        }
-        return granter.getSplits(defaultKases(tdfConfig), Planner::getUUID, this::fetchBaseKey);
+    private static List<Autoconfigure.KeySplitStep> getAutoconfigurePlan(SDK.Services services, Config.TDFConfig tdfConfig) {
+        Autoconfigure.Granter granter = Autoconfigure.createGranter(services, tdfConfig);
+        return granter.getSplits(defaultKases(tdfConfig), Planner::getUUID, () -> Planner.fetchBaseKey(services.wellknown()));
     }
 
+
     List<Autoconfigure.KeySplitStep> generatePlanFromProvidedKases(List<Config.KASInfo> kases) {
         if (kases.size() == 1) {
             var kasInfo = kases.get(0);
@@ -81,8 +78,8 @@ List<Autoconfigure.KeySplitStep> generatePlanFromProvidedKases(List<Config.KASIn
         return splitPlan;
     }
 
-    Optional<SimpleKasKey> fetchBaseKey() {
-        var responseMessage = services.wellknown()
+    static Optional<SimpleKasKey> fetchBaseKey(WellKnownServiceClientInterface wellknown) {
+        var responseMessage = wellknown
                 .getWellKnownConfigurationBlocking(GetWellKnownConfigurationRequest.getDefaultInstance(), Collections.emptyMap())
                 .execute();
         GetWellKnownConfigurationResponse response;
@@ -143,7 +140,6 @@ private static class Key {
         }
     }
 
-
     Map<String, List<Config.KASInfo>> resolveKeys(List<Autoconfigure.KeySplitStep> splitPlan) {
         Map<String, List<Config.KASInfo>> conjunction = new HashMap<>();
         var latestKASInfo = new HashMap<String, Config.KASInfo>();

sdk/src/main/java/io/opentdf/platform/sdk/TDF.java

@@ -345,7 +345,7 @@ private static byte[] calculateSignature(byte[] data, byte[] secret, Config.Inte
     }
 
     TDFObject createTDF(InputStream payload, OutputStream outputStream, Config.TDFConfig tdfConfig) throws SDKException, IOException {
-        Planner planner = new Planner(tdfConfig, services);
+        Planner planner = new Planner(tdfConfig, services, Autoconfigure::createGranter);
         Map<String, List<KASInfo>> splits = planner.getSplits(tdfConfig);
 
         TDFObject tdfObject = new TDFObject();

sdk/src/test/java/io/opentdf/platform/sdk/AutoconfigureTest.java

@@ -38,6 +38,7 @@
 import org.assertj.core.api.AtomicIntegerArrayAssert;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
+import org.junit.platform.commons.JUnitException;
 import org.mockito.Mockito;
 
 import java.util.ArrayList;
@@ -532,7 +533,7 @@ void testUsingAttributeMappedAtNamespace() {
 
     @Test
     void testUsingAttributeMappedAtMultiplePlaces() {
-        var attributes = new Value[] { mockValueFor(mp2uns2uns), mockValueFor(mp2uns2mp) };
+        var attributes = new Value[]{mockValueFor(mp2uns2uns), mockValueFor(mp2uns2mp)};
         Granter granter = Autoconfigure.newGranterFromAttributes(new KASKeyCache(), attributes);
         var counter = new AtomicInteger(0);
         var splitPlan = granter.getSplits(Collections.emptyList(), () -> Integer.toString(counter.getAndIncrement()), () -> Optional.empty());
@@ -756,7 +757,7 @@ private static class ReasonerTestCase {
         private final List<KeySplitStep> plan;
 
         ReasonerTestCase(String name, List<AttributeValueFQN> policy, List<String> defaults, String ats, String keyed,
-                String reduced, List<KeySplitStep> plan) {
+                         String reduced, List<KeySplitStep> plan) {
             this.name = name;
             this.policy = policy;
             this.defaults = defaults;
@@ -809,8 +810,8 @@ public List<KeySplitStep> getPlan() {
     void testStoreKeysToCache_NoKeys() {
         KASKeyCache keyCache = Mockito.mock(KASKeyCache.class);
         KeyAccessServer kas1 = KeyAccessServer.newBuilder().setPublicKey(
-                PublicKey.newBuilder().setCached(
-                        KasPublicKeySet.newBuilder()))
+                        PublicKey.newBuilder().setCached(
+                                KasPublicKeySet.newBuilder()))
                 .build();
 
         Autoconfigure.storeKeysToCache(List.of(kas1), Collections.emptyList(), keyCache);
@@ -906,7 +907,7 @@ void testStoreKeysToCache_MultipleKasEntries() {
     }
 
     GetAttributeValuesByFqnsResponse getResponseWithGrants(GetAttributeValuesByFqnsRequest req,
-            List<KeyAccessServer> grants) {
+                                                           List<KeyAccessServer> grants) {
         GetAttributeValuesByFqnsResponse.Builder builder = GetAttributeValuesByFqnsResponse.newBuilder();
 
         for (String v : req.getFqnsList()) {
@@ -958,13 +959,15 @@ void testKeyCacheFromGrants() {
 
         AttributesServiceClient attributesServiceClient = mock(AttributesServiceClient.class);
         when(attributesServiceClient.getAttributeValuesByFqnsBlocking(any(), any())).thenAnswer(invocation -> {
-            var request = (GetAttributeValuesByFqnsRequest)invocation.getArgument(0);
-            return new UnaryBlockingCall<GetAttributeValuesByFqnsResponse>(){
+            var request = (GetAttributeValuesByFqnsRequest) invocation.getArgument(0);
+            return new UnaryBlockingCall<GetAttributeValuesByFqnsResponse>() {
                 @Override
                 public ResponseMessage<GetAttributeValuesByFqnsResponse> execute() {
                     return new ResponseMessage.Success<>(getResponseWithGrants(request, List.of(kas1)), Collections.emptyMap(), Collections.emptyMap());
                 }
-                @Override public void cancel() {
+
+                @Override
+                public void cancel() {
                     // not really calling anything
                 }
             };
@@ -996,17 +999,19 @@ public ResponseMessage<GetAttributeValuesByFqnsResponse> execute() {
     void testUsingBaseKeyWhenNoMappedKeysOrGrants() {
         Autoconfigure.Granter granter = Autoconfigure.newGranterFromAttributes(null);
         SimpleKasKey key = SimpleKasKey.newBuilder()
-                        .setKasUri("https://example.com/kas")
-                        .setPublicKey(
-                                SimpleKasPublicKey.newBuilder()
-                                        .setKid("thenewkid")
-                                        .setPem("anotherpem")
-                                        .setAlgorithm(Algorithm.ALGORITHM_EC_P521)
-                        ).build();
+                .setKasUri("https://example.com/kas")
+                .setPublicKey(
+                        SimpleKasPublicKey.newBuilder()
+                                .setKid("thenewkid")
+                                .setPem("anotherpem")
+                                .setAlgorithm(Algorithm.ALGORITHM_EC_P521)
+                ).build();
 
         var splits = granter.getSplits(
                 List.of("https://example.org/kas2"),
-                () -> { throw new IllegalStateException("the plan should have a single element"); },
+                () -> {
+                    throw new IllegalStateException("the plan should have a single element");
+                },
                 () -> Optional.of(key));
         assertThat(splits).hasSize(1);
         assertThat(splits.get(0)).isEqualTo(new KeySplitStep("https://example.com/kas", "", "thenewkid"));
@@ -1029,4 +1034,85 @@ void testUsingDefaultKasesWhenNothingElseProvided() {
                         new KeySplitStep("https://example.org/kas2", "1", null)
                 );
     }
+
+    @Test
+    void createsGranterFromAttributeValues() {
+        // Arrange
+        Config.TDFConfig config = new Config.TDFConfig();
+        config.attributeValues = List.of(mockValueFor(spk2spk), mockValueFor(rel2gbr));
+
+        SDK.Services services = mock(SDK.Services.class);
+        SDK.KAS kas = mock(SDK.KAS.class);
+        when(services.kas()).thenReturn(kas);
+        when(services.attributes()).thenThrow(new IllegalStateException("should never use the attribute service when attributes are provided"));
+        when(kas.getKeyCache()).thenReturn(null); // No cache needed for this test
+
+        // Act
+        Autoconfigure.Granter granter = Autoconfigure.createGranter(services, config);
+
+        // Assert
+        assertThat(granter).isNotNull();
+        assertThat(granter.getPolicy()).hasSize(2);
+        assertThat(granter.getPolicy()).containsExactlyInAnyOrder(
+                new AttributeValueFQN("https://other.com/attr/specified/value/specked"),
+                new AttributeValueFQN("https://virtru.com/attr/Releasable%20To/value/GBR")
+        );
+    }
+
+    @Test
+    void createsGranterFromService() {
+        // Arrange
+        SDK.Services services = mock(SDK.Services.class);
+        SDK.KAS kas = mock(SDK.KAS.class);
+        AttributesServiceClient attributesServiceClient = mock(AttributesServiceClient.class);
+
+        // Prepare a request and a mocked response
+        List<AttributeValueFQN> policy = List.of(
+                new AttributeValueFQN("https://other.com/attr/specified/value/specked"),
+                new AttributeValueFQN("https://virtru.com/attr/Releasable%20To/value/GBR")
+        );
+//        GetAttributeValuesByFqnsRequest request = GetAttributeValuesByFqnsRequest.newBuilder()
+//                .addAllFqns(policy.stream().map(AttributeValueFQN::toString).collect(Collectors.toList()))
+//                .build();
+
+        when(services.kas()).thenReturn(kas);
+        when(services.attributes()).thenReturn(attributesServiceClient);
+
+        // Mock the attribute service to return a response with the expected values
+        when(attributesServiceClient.getAttributeValuesByFqnsBlocking(any(), any())).thenAnswer(invocation -> {
+            return new UnaryBlockingCall<GetAttributeValuesByFqnsResponse>() {
+                @Override
+                public ResponseMessage<GetAttributeValuesByFqnsResponse> execute() {
+                    GetAttributeValuesByFqnsResponse.Builder builder = GetAttributeValuesByFqnsResponse.newBuilder();
+                    for (AttributeValueFQN fqn : policy) {
+                        Value value = Value.newBuilder()
+                                .setId(fqn.toString())
+                                .setFqn(fqn.toString())
+                                .build();
+                        builder.putFqnAttributeValues(fqn.toString(),
+                                GetAttributeValuesByFqnsResponse.AttributeAndValue.newBuilder()
+                                        .setValue(value)
+                                        .build());
+                    }
+                    return new ResponseMessage.Success<>(builder.build(), Collections.emptyMap(), Collections.emptyMap());
+                }
+
+                @Override
+                public void cancel() {
+                }
+            };
+        });
+
+        // Act
+        Autoconfigure.Granter granter = Autoconfigure.createGranter(services, new Config.TDFConfig() {{
+            attributeValues = null; // force use of service
+            attributes = policy;
+        }});
+
+        // Assert
+        assertThat(granter).isNotNull();
+        // The policy should be empty because attributeValues is null, but the test ensures the service is called
+        // If you want to check the service call, verify it:
+        verify(services).attributes();
+    }
 }