Skip to content

Commit 26879ef

Browse files
fix(sdk): Lets new API set nano binding type (#455)
- The new API broke selecting between ECDSA and GMAC policy binding options - This adds that feature back and fixes it in the command line tool - Removes the incorrect ctl version number from the command line tool, as it has never returned the correct value. - Exposes a few more missing exports that are still stuck behind the `from '@opentdf/sdk/singlecontainer'` import that integrators are actively using
1 parent 97fe19b commit 26879ef

File tree

3 files changed

+38
-7
lines changed

3 files changed

+38
-7
lines changed

cli/bin/opentdf.bats

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,5 +23,5 @@
2323
run $BATS_TEST_DIRNAME/opentdf.mjs --version
2424
echo "$output"
2525
[[ $output == *"@opentdf/sdk\":\""* ]]
26-
[[ $output == *"@opentdf/ctl\":\""* ]]
26+
[[ $output == *"tdfSpecVersion\":\""* ]]
2727
}

cli/src/cli.ts

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -653,7 +653,6 @@ export const handleArgs = (args: string[]) => {
653653
.version(
654654
'version',
655655
JSON.stringify({
656-
'@opentdf/ctl': process.env.npm_package_version || 'UNRELEASED',
657656
'@opentdf/sdk': version,
658657
tdfSpecVersion,
659658
})

lib/src/opentdf.ts

Lines changed: 37 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,41 @@
11
import { type AuthProvider } from './auth/providers.js';
22
import { ConfigurationError, InvalidFileError } from './errors.js';
3-
import { NanoTDFDatasetClient } from './nanoclients.js';
3+
import { type EncryptOptions as NanoEncryptOptions, NanoTDFDatasetClient } from './nanoclients.js';
44
export { Client as TDF3Client } from '../tdf3/src/client/index.js';
55
import NanoTDF from './nanotdf/NanoTDF.js';
66
import decryptNanoTDF from './nanotdf/decrypt.js';
77
import Client from './nanotdf/Client.js';
88
import Header from './nanotdf/models/Header.js';
99
import { fromSource, sourceToStream, type Source } from './seekable.js';
1010
import { Client as TDF3Client } from '../tdf3/src/client/index.js';
11-
import { AssertionConfig, AssertionVerificationKeys } from '../tdf3/src/assertions.js';
11+
import {
12+
type Assertion,
13+
AssertionConfig,
14+
AssertionVerificationKeys,
15+
} from '../tdf3/src/assertions.js';
1216
import { type KasPublicKeyAlgorithm, OriginAllowList, isPublicKeyAlgorithm } from './access.js';
1317
import { type Manifest } from '../tdf3/src/models/manifest.js';
14-
15-
export { type KasPublicKeyAlgorithm, isPublicKeyAlgorithm };
18+
import { type Payload } from '../tdf3/src/models/payload.js';
19+
import {
20+
type Segment,
21+
type SplitType,
22+
type EncryptionInformation,
23+
} from '../tdf3/src/models/encryption-information.js';
24+
import { type KeyAccessObject } from '../tdf3/src/models/key-access.js';
25+
import { type IntegrityAlgorithm } from '../tdf3/src/tdf.js';
26+
27+
export {
28+
type Assertion,
29+
type EncryptionInformation,
30+
type IntegrityAlgorithm,
31+
type KasPublicKeyAlgorithm,
32+
type KeyAccessObject,
33+
type Manifest,
34+
type Payload,
35+
type Segment,
36+
type SplitType,
37+
isPublicKeyAlgorithm,
38+
};
1639

1740
export type Keys = {
1841
[keyID: string]: CryptoKey | CryptoKeyPair;
@@ -399,6 +422,7 @@ export type NanoTDFCollection = {
399422

400423
class Collection {
401424
client?: NanoTDFDatasetClient;
425+
encryptOptions?: NanoEncryptOptions;
402426

403427
constructor(authProvider: AuthProvider, opts: CreateNanoTDFCollectionOptions) {
404428
if (opts.signers || opts.signingKeyID) {
@@ -410,6 +434,14 @@ class Collection {
410434
if (opts.ecdsaBindingKeyID) {
411435
throw new ConfigurationError('custom binding key not implemented');
412436
}
437+
switch (opts.bindingType) {
438+
case 'ecdsa':
439+
this.encryptOptions = { ecdsaBinding: true };
440+
break;
441+
case 'gmac':
442+
this.encryptOptions = { ecdsaBinding: false };
443+
break;
444+
}
413445

414446
this.client = new NanoTDFDatasetClient({
415447
authProvider,
@@ -423,7 +455,7 @@ class Collection {
423455
throw new ConfigurationError('Collection is closed');
424456
}
425457
const chunker = await fromSource(source);
426-
const cipherChunk = await this.client.encrypt(await chunker());
458+
const cipherChunk = await this.client.encrypt(await chunker(), this.encryptOptions);
427459
const stream: DecoratedStream = new ReadableStream<Uint8Array>({
428460
start(controller) {
429461
controller.enqueue(new Uint8Array(cipherChunk));

0 commit comments

Comments
 (0)