feat(sdk): add CLI and integration tests

.github/workflows/checks.yaml

@@ -30,7 +30,6 @@ jobs:
 
  mavenverify:
  runs-on: ubuntu-latest
- if: always()
  needs:
  - pr
  steps:
@@ -52,8 +51,127 @@ jobs:
  BUF_INPUT_HTTPS_USERNAME: opentdf-bot
  BUF_INPUT_HTTPS_PASSWORD: ${{ secrets.PERSONAL_ACCESS_TOKEN_OPENTDF }}
 
+ platform-integration:
+ runs-on: ubuntu-22.04
+ needs:
+ - pr
+ steps:
+ - name: Checkout Java SDK
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+ - uses: bufbuild/buf-setup-action@382440cdb8ec7bc25a68d7b4711163d95f7cc3aa
+ with:
+ github_token: ${{ secrets.GITHUB_TOKEN }}
+ - name: Set up JDK
+ uses: actions/setup-java@5896cecc08fd8a1fbdfaf517e29b571164b031f7
+ with:
+ java-version: "11"
+ distribution: "adopt"
+ server-id: github
+ - name: Build java SDK
+ run: |
+ mvn --batch-mode clean install -DskipTests
+ env:
+ BUF_INPUT_HTTPS_USERNAME: opentdf-bot
+ BUF_INPUT_HTTPS_PASSWORD: ${{ secrets.PERSONAL_ACCESS_TOKEN_OPENTDF }}
+ - name: Check out platform
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+ with:
+ repository: opentdf/platform
+ ref: main
+ path: platform
+ - name: Set up go
+ uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
+ with:
+ go-version: "1.22.3"
+ check-latest: false
+ cache-dependency-path: |
+ platform/service/go.sum
+ platform/examples/go.sum
+ platform/protocol/go/go.sum
+ platform/sdk/go.sum
+ - run: go mod download
+ working-directory: platform
+ - run: go mod verify
+ working-directory: platform
+ - name: Create keys
+ run: |
+ .github/scripts/init-temp-keys.sh
+ cp opentdf-dev.yaml opentdf.yaml
+ sudo chmod -R 777 ./keys
+ working-directory: platform
+ - name: Trust the locally issued cert
+ run: |
+ keytool \
+ -importcert \
+ -storepass changeit \
+ -noprompt \
+ -file localhost.crt \
+ -keystore $JAVA_HOME/lib/security/cacerts \
+ -alias localhost-for-tests
+ working-directory: platform/keys
+ - name: Bring the services up
+ run: docker compose up -d --wait --wait-timeout 240
+ working-directory: platform
+ - name: Provision keycloak
+ run: go run ./service provision keycloak
+ working-directory: platform
+ - name: Provision fixtures
+ run: go run ./service provision fixtures
+ working-directory: platform
+ - name: Start server in background
+ uses: JarvusInnovations/background-action@2428e7b970a846423095c79d43f759abf979a635
+ with:
+ run: |
+ go run ./service start
+ wait-on: |
+ tcp:localhost:8080
+ log-output-if: true
+ wait-for: 90s
+ working-directory: platform
+ - name: Get grpcurl
+ run: go install github.com/fullstorydev/grpcurl/cmd/grpcurl@v1.8.9
+ - name: Make sure that the platform is up
+ run: |
+ grpcurl -plaintext localhost:8080 list && \
+ grpcurl -plaintext localhost:8080 kas.AccessService/PublicKey
+ - name: Validate the SDK through the command line interface
+ run: |
+ printf 'here is some data to encrypt' > data
+
+ java -jar target/cmdline.jar \
+ --client-id=opentdf-sdk \
+ --client-secret=secret \
+ --platform-endpoint=localhost:8080 \
+ -i \
+ encrypt --kas-url=localhost:8080 -f data -m 'here is some metadata' > test.tdf
+
+ java -jar target/cmdline.jar \
+ --client-id=opentdf-sdk \
+ --client-secret=secret \
+ --platform-endpoint=localhost:8080 \
+ -i \
+ decrypt -f test.tdf > decrypted
+
+ java -jar target/cmdline.jar \
+ --client-id=opentdf-sdk \
+ --client-secret=secret \
+ --platform-endpoint=localhost:8080 \
+ -i \
+ metadata -f test.tdf > metadata
+
+ if ! diff -q data decrypted; then
+ printf 'decrypted data is incorrect [%s]' "$(< decrypted)"
+ exit 1
+ fi
+
+ if [ "$(< metadata)" != 'here is some metadata' ]; then
+ printf 'metadata is incorrect [%s]\n' "$(< metadata)"
+ exit 1
+ fi
+ working-directory: cmdline
  ci:
  needs:
+ - platform-integration
  - mavenverify
  - pr
  runs-on: ubuntu-latest

.gitignore

@@ -1,6 +1,5 @@
 protocol/src/main/protogen
 /.idea/
-/protocol/target/
-/sdk/target/
+target/
 .vscode/
 .DS_Store

cmdline/pom.xml

@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>io.opentdf.platform</groupId>
+ <artifactId>sdk-pom</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ </parent>
+ <artifactId>cmdline</artifactId>
+ <properties>
+ <maven.compiler.source>11</maven.compiler.source>
+ <maven.compiler.target>11</maven.compiler.target>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ </properties>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <version>3.7.1</version>
+ <executions>
+ <execution>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ </execution>
+ </executions>
+ <configuration>
+ <descriptorRefs>
+ <descriptorRef>jar-with-dependencies</descriptorRef>
+ </descriptorRefs>
+ <finalName>cmdline</finalName>
+ <appendAssemblyId>false</appendAssemblyId>
+ <archive>
+ <manifest>
+ <mainClass>io.opentdf.platform.TDF</mainClass>
+ </manifest>
+ </archive>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ <dependencies>
+ <dependency>
+ <groupId>info.picocli</groupId>
+ <artifactId>picocli</artifactId>
+ <version>4.7.6</version>
+ </dependency>
+ <dependency>
+ <groupId>io.opentdf.platform</groupId>
+ <artifactId>sdk</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ </dependency>
+ </dependencies>
+</project>

cmdline/src/main/java/io/opentdf/platform/Command.java

@@ -0,0 +1,101 @@
+package io.opentdf.platform;
+
+import io.opentdf.platform.sdk.Config;
+import io.opentdf.platform.sdk.SDK;
+import io.opentdf.platform.sdk.SDKBuilder;
+import io.opentdf.platform.sdk.TDF;
+import picocli.CommandLine;
+import picocli.CommandLine.Option;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import java.io.BufferedInputStream;
+import java.io.BufferedOutputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.nio.channels.FileChannel;
+import java.nio.file.Path;
+import java.nio.file.StandardOpenOption;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Optional;
+import java.util.function.Consumer;
+
+@CommandLine.Command(name = "tdf")
+class Command {
+
+ @Option(names = {"--client-secret"}, required = true)
+ private String clientSecret;
+
+ @Option(names = {"-i", "--insecure-connection"}, defaultValue = "false")
+ private boolean insecure;
+
+ @Option(names = {"--client-id"}, required = true)
+ private String clientId;
+
+ @Option(names = {"-p", "--platform-endpoint"}, required = true)
+ private String platformEndpoint;
+
+ @CommandLine.Command(name = "encrypt")
+ void encrypt(
+ @Option(names = {"-f", "--file"}, defaultValue = Option.NULL_VALUE) Optional<File> file,
+ @Option(names = {"-k", "--kas-url"}, required = true) List<String> kas,
+ @Option(names = {"-m", "--metadata"}, defaultValue = Option.NULL_VALUE) Optional<String> metadata) throws IOException {
+
+ var sdk = buildSDK();
+ var kasInfos = kas.stream().map(k -> {
+ var ki = new Config.KASInfo();
+ ki.URL = k;
+ return ki;
+ }).toArray(Config.KASInfo[]::new);
+
+ List<Consumer<Config.TDFConfig>> configs = new ArrayList<>();
+ configs.add(Config.withKasInformation(kasInfos));
+ metadata.map(Config::withMetaData).ifPresent(configs::add);
+
+ var tdfConfig = Config.newTDFConfig(configs.toArray(Consumer[]::new));
+ try (var in = file.isEmpty() ? new BufferedInputStream(System.in) : new FileInputStream(file.get())) {
+ try (var out = new BufferedOutputStream(System.out)) {
+ new TDF().createTDF(in, out, tdfConfig, sdk.getServices().kas());
+ }
+ }
+ }
+
+ private SDK buildSDK() {
+ return new SDKBuilder()
+ .platformEndpoint(platformEndpoint)
+ .clientSecret(clientId, clientSecret)
+ .useInsecurePlaintextConnection(insecure)
+ .build();
+ }
+
+ @CommandLine.Command(name = "decrypt")
+ void decrypt(@Option(names = {"-f", "--file"}, required = true) Path tdfPath) throws IOException, InvalidAlgorithmParameterException, NoSuchPaddingException, IllegalBlockSizeException, NoSuchAlgorithmException, BadPaddingException, InvalidKeyException {
+ var sdk = buildSDK();
+ try (var in = FileChannel.open(tdfPath, StandardOpenOption.READ)) {
+ try (var stdout = new BufferedOutputStream(System.out)) {
+ var reader = new TDF().loadTDF(in, sdk.getServices().kas());
+ reader.readPayload(stdout);
+ }
+ }
+ }
+ @CommandLine.Command(name = "metadata")
+ void readMetadata(@Option(names = {"-f", "--file"}, required = true) Path tdfPath) throws IOException, InvalidAlgorithmParameterException, NoSuchPaddingException, IllegalBlockSizeException, NoSuchAlgorithmException, BadPaddingException, InvalidKeyException {
+ var sdk = buildSDK();
+
+ try (var in = FileChannel.open(tdfPath, StandardOpenOption.READ)) {
+ try (var stdout = new PrintWriter(System.out)) {
+ var reader = new TDF().loadTDF(in, sdk.getServices().kas());
+ stdout.write(reader.getMetadata() == null ? "" : reader.getMetadata());
+ }
+ }
+ }
+}

cmdline/src/main/java/io/opentdf/platform/TDF.java

@@ -0,0 +1,10 @@
+package io.opentdf.platform;
+
+import picocli.CommandLine;
+
+public class TDF {
+ public static void main(String[] args) {
+ var result = new CommandLine(new Command()).execute(args);
+ System.exit(result);
+ }
+}

pom.xml

@@ -22,6 +22,7 @@
  <modules>
  <module>protocol</module>
  <module>sdk</module>
+ <module>cmdline</module>
  </modules>
  <dependencyManagement>
  <dependencies>

sdk/pom.xml

@@ -49,7 +49,6 @@
  <dependency>
  <groupId>io.grpc</groupId>
  <artifactId>grpc-netty-shaded</artifactId>
- <scope>runtime</scope>
  </dependency>
  <dependency>
  <groupId>io.grpc</groupId>