fix(sdk): Support RSA4096 Kas keys (#343)

This pull request primarily enhances the SDK's cryptographic
capabilities by introducing comprehensive support for RSA4096 keys,
allowing for stronger encryption in Key Access Server (KAS) operations.
It also refines the key retrieval process by incorporating Key IDs (KID)
for better key management.

### Highlights

* **RSA4096 Key Support**: Added `RSA4096Key` to the `KeyType` enum and
updated its mapping methods (`fromAlgorithm`, `fromPublicKeyAlgorithm`)
to correctly recognize and handle 4096-bit RSA keys for KAS operations.
* **Key ID (KID) Inclusion in KASInfo**: Included the Key ID (KID) when
retrieving public keys from a Key Access Server (KAS), improving key
resolution and management.
* **Unit Test Coverage**: Expanded unit tests in `KeyTypeTest` to ensure
proper functionality and mapping for the newly introduced `RSA4096Key`.

Author: elizabethhealy

sdk/src/main/java/io/opentdf/platform/sdk/KeyType.java

@@ -11,6 +11,7 @@
 
 public enum KeyType {
     RSA2048Key("rsa:2048"),
+    RSA4096Key("rsa:4096"),
     EC256Key("ec:secp256r1", SECP256R1),
     EC384Key("ec:secp384r1", SECP384R1),
     EC521Key("ec:secp521r1", SECP521R1);
@@ -56,6 +57,8 @@ public static KeyType fromAlgorithm(Algorithm algorithm) {
         switch (algorithm) {
             case ALGORITHM_RSA_2048:
                 return KeyType.RSA2048Key;
+            case ALGORITHM_RSA_4096:
+                return KeyType.RSA4096Key;
             case ALGORITHM_EC_P256:
                 return KeyType.EC256Key;
             case ALGORITHM_EC_P384:
@@ -74,6 +77,8 @@ public static KeyType fromPublicKeyAlgorithm(KasPublicKeyAlgEnum algorithm) {
         switch (algorithm) {
             case KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048:
                 return KeyType.RSA2048Key;
+            case KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096:
+                return KeyType.RSA4096Key;
             case KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1:
                 return KeyType.EC256Key;
             case KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1:

sdk/src/main/java/io/opentdf/platform/sdk/Planner.java

@@ -163,6 +163,7 @@ Map<String, List<Config.KASInfo>> resolveKeys(List<Autoconfigure.KeySplitTemplat
                 logger.info("no public key provided for KAS at {}, retrieving", splitInfo.kas);
                 var getKI = new Config.KASInfo();
                 getKI.URL = splitInfo.kas;
+                getKI.KID = splitInfo.kid;
                 getKI.Algorithm = splitInfo.keyType == null
                         ? (tdfConfig.wrappingKeyType == null ? null : tdfConfig.wrappingKeyType.toString())
                         : splitInfo.keyType.toString();

sdk/src/main/java/io/opentdf/platform/sdk/Version.java

@@ -1,14 +1,15 @@
 package io.opentdf.platform.sdk;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.annotation.Nonnull;
-import javax.annotation.Nullable;
 import java.util.Objects;
 import java.util.Optional;
 import java.util.regex.Pattern;
 
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 class Version implements Comparable<Version> {
 
     // Version of the SDK, managed by release-please.

sdk/src/test/java/io/opentdf/platform/sdk/KeyTypeTest.java

@@ -6,16 +6,19 @@
 import static io.opentdf.platform.policy.Algorithm.ALGORITHM_EC_P384;
 import static io.opentdf.platform.policy.Algorithm.ALGORITHM_EC_P521;
 import static io.opentdf.platform.policy.Algorithm.ALGORITHM_RSA_2048;
+import static io.opentdf.platform.policy.Algorithm.ALGORITHM_RSA_4096;
 import static io.opentdf.platform.policy.KasPublicKeyAlgEnum.KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1;
 import static io.opentdf.platform.policy.KasPublicKeyAlgEnum.KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1;
 import static io.opentdf.platform.policy.KasPublicKeyAlgEnum.KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1;
 import static io.opentdf.platform.policy.KasPublicKeyAlgEnum.KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048;
+import static io.opentdf.platform.policy.KasPublicKeyAlgEnum.KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096;
 import static org.junit.jupiter.api.Assertions.*;
 
 class KeyTypeTest {
     @Test
     void testFromString() {
         assertEquals(KeyType.RSA2048Key, KeyType.fromString("rsa:2048"));
+        assertEquals(KeyType.RSA4096Key, KeyType.fromString("rsa:4096"));
         assertEquals(KeyType.EC256Key, KeyType.fromString("ec:secp256r1"));
         assertEquals(KeyType.EC384Key, KeyType.fromString("ec:secp384r1"));
         assertEquals(KeyType.EC521Key, KeyType.fromString("ec:secp521r1"));
@@ -29,6 +32,7 @@ void testFromStringInvalid() {
     @Test
     void testFromAlgorithm() {
         assertEquals(KeyType.RSA2048Key, KeyType.fromAlgorithm(ALGORITHM_RSA_2048));
+        assertEquals(KeyType.RSA4096Key, KeyType.fromAlgorithm(ALGORITHM_RSA_4096));
         assertEquals(KeyType.EC256Key, KeyType.fromAlgorithm(ALGORITHM_EC_P256));
         assertEquals(KeyType.EC384Key, KeyType.fromAlgorithm(ALGORITHM_EC_P384));
         assertEquals(KeyType.EC521Key, KeyType.fromAlgorithm(ALGORITHM_EC_P521));
@@ -37,6 +41,7 @@ void testFromAlgorithm() {
     @Test
     void testFromPublicKeyAlgEnum() {
         assertEquals(KeyType.RSA2048Key, KeyType.fromPublicKeyAlgorithm(KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048));
+        assertEquals(KeyType.RSA4096Key, KeyType.fromPublicKeyAlgorithm(KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096));
         assertEquals(KeyType.EC256Key, KeyType.fromPublicKeyAlgorithm(KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1));
         assertEquals(KeyType.EC384Key, KeyType.fromPublicKeyAlgorithm(KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1));
         assertEquals(KeyType.EC521Key, KeyType.fromPublicKeyAlgorithm(KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1));