feat(sdk)!: remove bouncycastle and implement things in terms of standard Java APIs

[mkleene]

Summary by CodeRabbit

• Refactor

  • Migrated cryptographic operations from external library to native Java implementation, improving performance and reducing external dependencies.

• Breaking Changes

  • Removed several public utility methods related to cryptographic key conversion and handling. Applications using these methods will require updates.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d4e207da-dd9f-46ce-823b-3c7144e2edec

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR migrates the Java SDK from BouncyCastle-backed cryptography to JDK/JCE native implementations. BouncyCastle dependencies are restricted to test scope. Core ECKeyPair methods now use KeyPairGenerator, KeyAgreement, HmacSHA256, and Signature. Production services are updated to decode EC keys via KeyFactory. Tests use a new PemUtils utility for BouncyCastle compatibility in test code.

Changes

BouncyCastle Removal & JDK Native Crypto Migration

Layer / File(s)	Summary
Dependency Scope Management sdk/pom.xml	BouncyCastle dependencies bcpkix-jdk18on and bcprov-jdk18on are changed from compile to test scope, removing them from production classpath.
Core Crypto Refactoring: ECKeyPair sdk/src/main/java/io/opentdf/platform/sdk/ECKeyPair.java	ECKeyPair is refactored to use JDK-native crypto: key generation via KeyPairGenerator with ECGenParameterSpec, ECDH via KeyAgreement.getInstance("ECDH"), HKDF via HmacSHA256 with RFC5869 logic, ECDSA signing/verification via Signature.getInstance("SHA256withECDSA"). Public static key-conversion helpers are removed. Internal helpers added for PEM formatting and EC public-key compression from affine coordinates.
Production Service Updates: KASClient & TDF sdk/src/main/java/io/opentdf/platform/sdk/KASClient.java, sdk/src/main/java/io/opentdf/platform/sdk/TDF.java	KASClient and TDF are updated to use simplified ECKeyPair constructor (curve only) and decode EC public keys via KeyFactory + X509EncodedKeySpec with explicit exception handling for NoSuchAlgorithmException and InvalidKeySpecException, rethrowing as SDKException.
Test Utilities: PemUtils Helpers sdk/src/test/java/io/opentdf/platform/sdk/PemUtils.java	New test-only PemUtils utility class provides BouncyCastle-backed helpers to parse PEM-encoded EC keys and X.509 certificates into standard JCA types (ECPublicKey, ECPrivateKey), and perform EC point compression/reconstruction for test validation.
Test Updates: ECKeyPairTest & TDFTest sdk/src/test/java/io/opentdf/platform/sdk/ECKeyPairTest.java, sdk/src/test/java/io/opentdf/platform/sdk/TDFTest.java	ECKeyPairTest and TDFTest switch from removed ECKeyPair static methods to PemUtils utilities. Tests update imports from BouncyCastle to JDK key interfaces. ECDH test validates compressed public key encoding and derives keys from compressed points. ECDSA test filters curves by support status.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

🐰 With JDK's native crypto might,
BouncyCastle fades from sight,
ECDH, HKDF, signatures true,
Pure Java standards shine right through! 🔐

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 3.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: removing BouncyCastle dependencies and refactoring the SDK to use standard Java cryptographic APIs instead.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch remove-bouncycastle

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request removes BouncyCastle as a compile-time dependency, replacing its functionality with standard Java Cryptography Architecture (JCA) APIs. The ECKeyPair class was refactored to use the standard 'EC' KeyPairGenerator, and manual implementations for PEM encoding, EC point compression, and HKDF were introduced. Review feedback suggests simplifying the ECKeyPair constructor by removing the redundant ECAlgorithm parameter and centralizing the PEM parsing logic to eliminate code duplication between KASClient and TDF.

[gemini-code-assist]

Code Review

This pull request refactors the SDK to remove BouncyCastle as a runtime dependency, replacing its cryptographic and PEM handling functionality with standard Java Security APIs. While the transition reduces external dependencies, the review highlights several critical issues: a missing utility class (PemUtils) will cause compilation failures, and the keySize calculation incorrectly uses DER-encoded lengths instead of the curve's field size. Additionally, the reviewer noted significant code duplication in PEM parsing across KASClient and TDF, a typo in a method name, and misleading parameter naming in the signature verification methods.

[gemini-code-assist]

The keySize() method incorrectly calculates the key size by using the length of the DER-encoded private key (PKCS#8), which includes significant overhead from headers and metadata. For Elliptic Curve keys, the key size should be the field size of the curve in bits (e.g., 256 for P-256).

Suggested change

	public int keySize() {
	return this.keyPair.getPrivate().getEncoded().length * 8;
	}
	public int keySize() {
	return getPublicKey().getParams().getCurve().getField().getFieldSize();
	}

[mkleene]

this seems legit but I'm not sure how many breaking-ish changes we want in this pull

[gemini-code-assist]

There is a typo in the method name verifyECDSAig (missing 's'). It should be verifyECDSASig. Additionally, the parameter name digest should be renamed to data for consistency with the fact that SHA256withECDSA performs hashing on the input.

Suggested change

	public static Boolean verifyECDSAig(byte[] digest, byte[] signature, ECPublicKey publicKey) {
	public static Boolean verifyECDSASig(byte[] data, byte[] signature, ECPublicKey publicKey) {

[gemini-code-assist]

This PEM parsing logic is duplicated here and in KASClient.java. Consider centralizing this logic in ECKeyPair.java or a dedicated utility class to adhere to DRY principles.

[github-actions]

X-Test Failure Report

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

sdk/src/test/java/io/opentdf/platform/sdk/ECKeyPairTest.java (1)

57-78: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Critical blocker: PemUtils class required for EC key conversion is missing.

ECKeyPairTest.java and TDFTest.java call PemUtils methods (publicKeyFromPem, privateKeyFromPem, compressECPublickey, publicKeyFromECPoint, getPEMPublicKeyFromX509Cert) that do not exist. Compilation fails with "cannot find symbol" at 17 call sites in ECKeyPairTest.java alone (lines 57, 58, 64, 67, 77, 78, 97, 100, 101, 104, 115, 141, 142, 144, 145, 158, 162).

Note: SDKBuilderTest.java imports the external library nl.altindag.ssl.pem.util.PemUtils for certificate operations, but test code needs a separate PemUtils utility in test scope for EC key serialization.

Required API:

• ECPublicKey publicKeyFromPem(String pem)
• ECPrivateKey privateKeyFromPem(String pem)
• byte[] compressECPublickey(String pem)
• String publicKeyFromECPoint(byte[] compressed, String curveName)
• String getPEMPublicKeyFromX509Cert(String certPem)

Create sdk/src/test/java/io/opentdf/platform/sdk/PemUtils.java with these static methods to unblock the build.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@sdk/src/test/java/io/opentdf/platform/sdk/ECKeyPairTest.java` around lines 57
- 78, Tests fail because a test-scoped PemUtils class is missing; add
sdk/src/test/java/io/opentdf/platform/sdk/PemUtils.java implementing the
required static methods: ECPublicKey publicKeyFromPem(String pem), ECPrivateKey
privateKeyFromPem(String pem), byte[] compressECPublickey(String pem), String
publicKeyFromECPoint(byte[] compressed, String curveName), and String
getPEMPublicKeyFromX509Cert(String certPem). Implement each to parse PEM strings
into JCA EC keys (ECPublicKey/ECPrivateKey), convert EC public keys to/from
compressed point bytes using the named curve (SECP256R1), produce PEM-formatted
public key strings from an EC point, and extract a PEM public key from an X.509
certificate; ensure methods use java.security / BouncyCastle utilities and match
the signatures used by ECKeyPairTest and TDFTest so compilation succeeds.

🧹 Nitpick comments (3)

sdk/src/main/java/io/opentdf/platform/sdk/KASClient.java (2)

185-194: ⚡ Quick win

Recommended: extract this PEM → ECPublicKey block into a small shared helper.

The exact same six‑line decode (strip PEM markers, drop whitespace, Base64‑decode, build X509EncodedKeySpec, ask KeyFactory("EC") for an ECPublicKey) was added in two places: here and TDF.java (lines 250–259). Since PemUtils is being introduced for the tests anyway, consider promoting it to sdk/src/main/... and routing both call sites through it. That also gives you one place to add input validation and unit‑test it.

♻️ Sketch

// in io.opentdf.platform.sdk.PemUtils (main scope)
public static ECPublicKey ecPublicKeyFromPem(String pem) {
    try {
        byte[] der = Base64.getDecoder().decode(
            pem.replaceAll("-----[^-]+-----", "").replaceAll("\\s+", ""));
        return (ECPublicKey) KeyFactory.getInstance("EC")
            .generatePublic(new X509EncodedKeySpec(der));
    } catch (NoSuchAlgorithmException | InvalidKeySpecException | IllegalArgumentException e) {
        throw new SDKException("error decoding EC public key", e);
    }
}

Then both KASClient.unwrap and TDF.createECWrappedKey become a one‑liner.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@sdk/src/main/java/io/opentdf/platform/sdk/KASClient.java` around lines 185 -
194, The PEM→ECPublicKey decoding block duplicated in KASClient.unwrap and
TDF.createECWrappedKey should be extracted into a new sdk main class (e.g.,
io.opentdf.platform.sdk.PemUtils) as a method like ecPublicKeyFromPem(String
pem) that strips PEM markers/whitespace, Base64-decodes and returns an
ECPublicKey, throwing SDKException on failure; replace the inline code in
KASClient.unwrap and TDF.createECWrappedKey with calls to
PemUtils.ecPublicKeyFromPem, add basic input validation inside the helper
(null/empty and valid Base64) and move the existing test helpers into
sdk/src/test to unit-test the new method.

---

187-189: 💤 Low value

Minor: the new parsing is more lenient than ECKeyPair.publicKeyFromPem was.

replaceAll("-----[^-]+-----", "") silently matches nothing when the input has no PEM markers, so a raw Base64 blob (or a totally malformed string) will reach KeyFactory and surface a confusing InvalidKeySpecException instead of a clear "not a PEM" error. The KAS response should always be PEM today, so this is low risk, but a quick guard would make failures more debuggable.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@sdk/src/main/java/io/opentdf/platform/sdk/KASClient.java` around lines 187 -
189, The current decoding in KASClient (where kasEphemeralPublicKey is processed
before Base64 decoding) is too permissive and can let raw or malformed strings
reach KeyFactory; add an explicit guard that checks for PEM markers (e.g.,
"-----BEGIN" and "-----END") on kasEphemeralPublicKey before calling
replaceAll/decoding and, if absent, throw a clear IllegalArgumentException (or a
domain-specific exception) stating the KAS response was not PEM-formatted; this
change should be applied at the decode site in KASClient.java so callers get a
deterministic "not a PEM" error instead of an InvalidKeySpecException from
KeyFactory.

sdk/src/main/java/io/opentdf/platform/sdk/ECKeyPair.java (1)

91-110: 💤 Low value

HKDF implementation is correct for the fixed 32‑byte output, but the limitation is now hard‑coded.

The single‑block Expand (hmac.update((byte) 0x01); return hmac.doFinal();) only works because L = HashLen = 32 and info is empty. The current callers (createECWrappedKey, unwrap) all rely on a 32‑byte session key, so this is functionally fine.

Consider tightening the Javadoc so future callers don't assume a general HKDF — and so a reader can match the code to RFC 5869 §2.3 with T(1) = HMAC(PRK, 0x01).

📝 Optional doc tweak

     /**
-     * Returns a HKDF key derived from the provided salt and secret
-     * that is 32 bytes (256 bits) long.
+     * Returns a 32-byte (256-bit) HKDF-SHA256 key derived from {`@code` secret} using {`@code` salt}.
+     *
+     * <p>This is a fixed-output specialization of RFC 5869: Extract with the given salt
+     * (zero-filled HashLen bytes if {`@code` salt} is null/empty), followed by a single
+     * Expand block with empty {`@code` info} and counter {`@code` 0x01}. It is not a
+     * general HKDF and will not produce more than 32 bytes of output.
+     */

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@sdk/src/main/java/io/opentdf/platform/sdk/ECKeyPair.java` around lines 91 -
110, The Javadoc for calculateHKDF should explicitly state this is a constrained
HKDF-Expand that returns a single 32-byte HMAC-SHA256 block (T(1) = HMAC(PRK,
0x01)) with empty info per RFC 5869 §2.3, not a general HKDF capable of
arbitrary-length output; update the comment on the calculateHKDF method to
document the salt substitution behavior, the fixed 32-byte output, the
single-block expand formula (T(1)=HMAC(PRK, 0x01)), and the RFC reference so
future callers (e.g., createECWrappedKey, unwrap) don’t assume general HKDF
behavior.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@sdk/src/test/java/io/opentdf/platform/sdk/ECKeyPairTest.java`:
- Around line 57-78: Tests fail because a test-scoped PemUtils class is missing;
add sdk/src/test/java/io/opentdf/platform/sdk/PemUtils.java implementing the
required static methods: ECPublicKey publicKeyFromPem(String pem), ECPrivateKey
privateKeyFromPem(String pem), byte[] compressECPublickey(String pem), String
publicKeyFromECPoint(byte[] compressed, String curveName), and String
getPEMPublicKeyFromX509Cert(String certPem). Implement each to parse PEM strings
into JCA EC keys (ECPublicKey/ECPrivateKey), convert EC public keys to/from
compressed point bytes using the named curve (SECP256R1), produce PEM-formatted
public key strings from an EC point, and extract a PEM public key from an X.509
certificate; ensure methods use java.security / BouncyCastle utilities and match
the signatures used by ECKeyPairTest and TDFTest so compilation succeeds.

---

Nitpick comments:
In `@sdk/src/main/java/io/opentdf/platform/sdk/ECKeyPair.java`:
- Around line 91-110: The Javadoc for calculateHKDF should explicitly state this
is a constrained HKDF-Expand that returns a single 32-byte HMAC-SHA256 block
(T(1) = HMAC(PRK, 0x01)) with empty info per RFC 5869 §2.3, not a general HKDF
capable of arbitrary-length output; update the comment on the calculateHKDF
method to document the salt substitution behavior, the fixed 32-byte output, the
single-block expand formula (T(1)=HMAC(PRK, 0x01)), and the RFC reference so
future callers (e.g., createECWrappedKey, unwrap) don’t assume general HKDF
behavior.

In `@sdk/src/main/java/io/opentdf/platform/sdk/KASClient.java`:
- Around line 185-194: The PEM→ECPublicKey decoding block duplicated in
KASClient.unwrap and TDF.createECWrappedKey should be extracted into a new sdk
main class (e.g., io.opentdf.platform.sdk.PemUtils) as a method like
ecPublicKeyFromPem(String pem) that strips PEM markers/whitespace,
Base64-decodes and returns an ECPublicKey, throwing SDKException on failure;
replace the inline code in KASClient.unwrap and TDF.createECWrappedKey with
calls to PemUtils.ecPublicKeyFromPem, add basic input validation inside the
helper (null/empty and valid Base64) and move the existing test helpers into
sdk/src/test to unit-test the new method.
- Around line 187-189: The current decoding in KASClient (where
kasEphemeralPublicKey is processed before Base64 decoding) is too permissive and
can let raw or malformed strings reach KeyFactory; add an explicit guard that
checks for PEM markers (e.g., "-----BEGIN" and "-----END") on
kasEphemeralPublicKey before calling replaceAll/decoding and, if absent, throw a
clear IllegalArgumentException (or a domain-specific exception) stating the KAS
response was not PEM-formatted; this change should be applied at the decode site
in KASClient.java so callers get a deterministic "not a PEM" error instead of an
InvalidKeySpecException from KeyFactory.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fa646f66-b51a-48ad-9304-553551f35479

📥 Commits

Reviewing files that changed from the base of the PR and between 9991b07 and baf0b02.

📒 Files selected for processing (6)

• sdk/pom.xml
• sdk/src/main/java/io/opentdf/platform/sdk/ECKeyPair.java
• sdk/src/main/java/io/opentdf/platform/sdk/KASClient.java
• sdk/src/main/java/io/opentdf/platform/sdk/TDF.java
• sdk/src/test/java/io/opentdf/platform/sdk/ECKeyPairTest.java
• sdk/src/test/java/io/opentdf/platform/sdk/TDFTest.java

[github-actions]

X-Test Failure Report

[github-actions]

X-Test Failure Report

[github-actions]

X-Test Failure Report

[github-actions]

X-Test Results

✅ java-v0.15.0
✅ java-main
✅ js-main
✅ go-v0.15.0
✅ go-main
✅ js-v0.15.0

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
73.3% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

sdk/src/test/java/io/opentdf/platform/sdk/PemUtils.java (1)

38-42: ⚡ Quick win

Drop the JVM-wide provider registration from this test helper.

Every crypto call in this class already passes PROVIDER explicitly, so Security.addProvider(PROVIDER) is redundant and mutates global JVM state for the whole test run. That makes unrelated tests more order-dependent than they need to be.

Suggested cleanup

-import java.security.Security;
@@
-    static {
-        Security.addProvider(PROVIDER);
-    }
-
     private PemUtils() {
     }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@sdk/src/test/java/io/opentdf/platform/sdk/PemUtils.java` around lines 38 -
42, The static block in PemUtils that calls Security.addProvider(PROVIDER)
mutates JVM-global state and should be removed; leave the private static final
BouncyCastleProvider PROVIDER field in place and ensure all crypto calls (those
already passing PROVIDER) continue to use that constant explicitly, removing the
Security.addProvider(PROVIDER) static initializer so the test helper no longer
registers the provider JVM-wide.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@sdk/src/main/java/io/opentdf/platform/sdk/ECKeyPair.java`:
- Around line 122-139: Rename the method verifyECDSAig to verifyECDSASig and
rename its parameter from digest to message (since both computeECDSASig and
verifyECDSASig call Signature.getInstance("SHA256withECDSA") which hashes
internally), update any internal references/tests to use the new name/parameter,
and add Javadoc to both computeECDSASig(byte[] data, ECPrivateKey privateKey)
and verifyECDSASig(byte[] message, ECPublicKey publicKey) clarifying they accept
the raw message bytes (not a precomputed digest) and that the SHA-256 hashing is
performed internally by the signature algorithm.
- Around line 54-58: The method publicKeyFromPem currently lets
IllegalArgumentException from Base64.getDecoder().decode(pemData) escape,
violating its declared throws; wrap the Base64 decoding in a try/catch that
catches IllegalArgumentException and rethrows a new InvalidKeySpecException
(including the original exception as the cause and a clear message), then
continue with KeyFactory.generatePublic as before so callers that catch
InvalidKeySpecException get the wrapped error.

---

Nitpick comments:
In `@sdk/src/test/java/io/opentdf/platform/sdk/PemUtils.java`:
- Around line 38-42: The static block in PemUtils that calls
Security.addProvider(PROVIDER) mutates JVM-global state and should be removed;
leave the private static final BouncyCastleProvider PROVIDER field in place and
ensure all crypto calls (those already passing PROVIDER) continue to use that
constant explicitly, removing the Security.addProvider(PROVIDER) static
initializer so the test helper no longer registers the provider JVM-wide.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 7e8edc45-a2fb-4168-a8f9-b2542363a8ae

📥 Commits

Reviewing files that changed from the base of the PR and between baf0b02 and 5b74337.

📒 Files selected for processing (5)

• sdk/src/main/java/io/opentdf/platform/sdk/ECKeyPair.java
• sdk/src/main/java/io/opentdf/platform/sdk/KASClient.java
• sdk/src/main/java/io/opentdf/platform/sdk/TDF.java
• sdk/src/test/java/io/opentdf/platform/sdk/ECKeyPairTest.java
• sdk/src/test/java/io/opentdf/platform/sdk/PemUtils.java

🚧 Files skipped from review as they are similar to previous changes (2)

• sdk/src/main/java/io/opentdf/platform/sdk/KASClient.java
• sdk/src/test/java/io/opentdf/platform/sdk/ECKeyPairTest.java

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

# First, find and read the ECKeyPair.java file around the mentioned lines
fd -t f "ECKeyPair.java" sdk/src/main

Repository: opentdf/java-sdk

Length of output: 117

---

🏁 Script executed:

# Get the full content of ECKeyPair.java to understand the context
wc -l sdk/src/main/java/io/opentdf/platform/sdk/ECKeyPair.java

Repository: opentdf/java-sdk

Length of output: 121

---

🏁 Script executed:

# Read the file with context around lines 54-58
cat -n sdk/src/main/java/io/opentdf/platform/sdk/ECKeyPair.java | head -80 | tail -50

Repository: opentdf/java-sdk

Length of output: 1988

---

🏁 Script executed:

# Search for all calls to publicKeyFromPem to see how exceptions are handled
rg "publicKeyFromPem" -A 5 -B 2

Repository: opentdf/java-sdk

Length of output: 8132

---

Wrap Base64.getDecoder().decode() to align exception contract with callers.

Base64.getDecoder().decode(pemData) throws IllegalArgumentException when the Base64 input is malformed. Since this method declares only throws InvalidKeySpecException, NoSuchAlgorithmException, the unchecked exception escapes to call sites in TDF.java and KASClient.java that only catch the declared exceptions. This breaks the exception contract and allows unexpected runtime exceptions to leak instead of being wrapped in SDKException.

Catch IllegalArgumentException and convert it to InvalidKeySpecException to match the method's declared exception contract.

Suggested fix

     static ECPublicKey publicKeyFromPem(String pem) throws InvalidKeySpecException, NoSuchAlgorithmException {
-        String pemData = pem.replaceAll("-----(BEGIN|END) [A-Z ]+-----", "").replaceAll("\\s", "");
-        byte[] der = Base64.getDecoder().decode(pemData);
-        KeyFactory keyFactory = KeyFactory.getInstance("EC");
-        return (ECPublicKey) keyFactory.generatePublic(new X509EncodedKeySpec(der));
+        try {
+            String pemData = pem.replaceAll("-----(BEGIN|END) [A-Z ]+-----", "").replaceAll("\\s", "");
+            byte[] der = Base64.getDecoder().decode(pemData);
+            KeyFactory keyFactory = KeyFactory.getInstance("EC");
+            return (ECPublicKey) keyFactory.generatePublic(new X509EncodedKeySpec(der));
+        } catch (IllegalArgumentException e) {
+            throw new InvalidKeySpecException("invalid EC public key PEM", e);
+        }
     }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@sdk/src/main/java/io/opentdf/platform/sdk/ECKeyPair.java` around lines 54 -
58, The method publicKeyFromPem currently lets IllegalArgumentException from
Base64.getDecoder().decode(pemData) escape, violating its declared throws; wrap
the Base64 decoding in a try/catch that catches IllegalArgumentException and
rethrows a new InvalidKeySpecException (including the original exception as the
cause and a clear message), then continue with KeyFactory.generatePublic as
before so callers that catch InvalidKeySpecException get the wrapped error.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Inspect whether callers pass raw payloads or precomputed digests into the ECKeyPair ECDSA helpers.
rg -n --type=java -C3 '\b(computeECDSASig|verifyECDSAig)\s*\('
rg -n --type=java -C3 'MessageDigest|getInstance\("SHA-256"|digest\s*\('

Repository: opentdf/java-sdk

Length of output: 8366

---

🏁 Script executed:

# Search for all usages across the codebase
rg -n --type=java '\b(computeECDSASig|verifyECDSAig)\b' -A2 -B2

# Check for Javadoc or comments near the method definitions
grep -n -B5 "public static.*computeECDSASig\|public static.*verifyECDSAig" sdk/src/main/java/io/opentdf/platform/sdk/ECKeyPair.java

# Search for any references in Manifest or TDF that might interact
rg -n --type=java 'ECKeyPair\.' sdk/src/main/java/io/opentdf/platform/sdk/

Repository: opentdf/java-sdk

Length of output: 3138

---

🏁 Script executed:

sed -n '115,145p' sdk/src/main/java/io/opentdf/platform/sdk/ECKeyPair.java

Repository: opentdf/java-sdk

Length of output: 1298

---

Fix parameter naming and method name typo before finalizing public SDK API contract.

verifyECDSAig() has a misleading parameter name (digest) but receives raw messages—both methods use SHA256withECDSA, which hashes internally, so the parameter should be named message to match the actual behavior. Additionally, the method name itself has a typo: verifyECDSAig should be verifyECDSASig. Since these are new SDK methods with no external callers yet (only test usage with raw message bytes), correct the naming and add Javadoc clarifying the message-based contract now to prevent API stability issues later.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@sdk/src/main/java/io/opentdf/platform/sdk/ECKeyPair.java` around lines 122 -
139, Rename the method verifyECDSAig to verifyECDSASig and rename its parameter
from digest to message (since both computeECDSASig and verifyECDSASig call
Signature.getInstance("SHA256withECDSA") which hashes internally), update any
internal references/tests to use the new name/parameter, and add Javadoc to both
computeECDSASig(byte[] data, ECPrivateKey privateKey) and verifyECDSASig(byte[]
message, ECPublicKey publicKey) clarifying they accept the raw message bytes
(not a precomputed digest) and that the SHA-256 hashing is performed internally
by the signature algorithm.

[github-actions]

X-Test Results

✅ java-v0.15.0
✅ java-main
✅ js-main
✅ js-v0.15.0
✅ go-v0.15.0
✅ go-main

[github-actions]

X-Test Results

✅ java-main
✅ java-v0.15.0
✅ go-main
✅ js-v0.15.0
✅ js-main
✅ go-v0.15.0

[github-actions]

X-Test Failure Report

✅ java-main
✅ java-v0.15.0
✅ js-v0.15.0
✅ js-main
✅ go-main