fix(sdk): Support kas keys with extended EC methods

[elizabethhealy]

This pull request addresses an issue in the SDK's key wrapping mechanism, specifically for Key Access Server (KAS) keys utilizing extended Elliptic Curve (EC) methods. The changes ensure that the correct elliptic curve type is consistently applied when creating EC wrapped keys, thereby improving the robustness and correctness of cryptographic operations.

Highlights

• EC Key Wrapping Logic Refinement: Modified the createKeyAccess method to explicitly determine the KeyType from the algorithm and pass this specific type to the createECWrappedKey function, ensuring accurate context for EC key operations.
• createECWrappedKey Signature Update: Updated the createECWrappedKey method signature to directly accept the KeyType object, allowing for the correct derivation of the elliptic curve name based on the provided key type.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request updates the SDK version across two core Java files, Command.java and Version.java, setting the new version to 0.13.0. This change likely prepares the codebase for a new release cycle or aligns it with recent development efforts, potentially as part of a larger fix indicated by the PR title.

Highlights

• SDK Version Update: The SDK version constant has been incremented from 0.12.0 to 0.13.0 in both Command.java and Version.java.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• cmdline/src/main/java/io/opentdf/platform/Command.java
  • Updated the SDK version constant from 0.12.0 to 0.13.0.
• sdk/src/main/java/io/opentdf/platform/sdk/Version.java
  • Updated the SDK version constant from 0.12.0 to 0.13.0.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/checks.yaml

Activity

• No specific activity (comments, reviews, or progress updates) has been recorded for this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request updates the hardcoded SDK version in two Java files from 0.12.0 to 0.13.0. However, the version in the pom.xml files remains 0.12.0. This inconsistency can lead to confusion and issues during the build and release process. I've added comments with suggestions to centralize version management using the pom.xml as the single source of truth, which is a standard practice in Maven projects. This will make versioning more robust and less error-prone.

[github-actions]

X-Test Failure Report

❌ java-main

[elizabethhealy]

passing test:
[gw0] [ 40%] PASSED test_abac.py::test_key_mapping_extended_ec_mechanisms[small-java@pull-344-go@main-in_focus0] test_abac.py::test_key_mapping_extended_rsa_mechanisms[small-java@pull-344-go@main-in_focus0]

https://github.com/opentdf/java-sdk/actions/runs/22642027336/job/65624476161 -- successful run

[github-actions]

X-Test Results

✅ go-main
✅ js-v0.13.0
✅ go-v0.13.0
✅ js-main
✅ java-main
✅ java-v0.13.0

[elizabethhealy]

/gemini review

[elizabethhealy]

/gemini summary

[gemini-code-assist]

Code Review

This pull request refactors the EC key wrapping logic to correctly support key algorithms specified by the Key Access Server (KAS). The changes modify the createECWrappedKey method to derive the EC curve from the KeyType provided by the KAS, rather than relying on the default wrappingKeyType from the TDF configuration. This ensures that when a KAS provides a key with a specific EC algorithm, the SDK uses the correct curve for key wrapping. The implementation is correct and effectively addresses the described issue.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[gemini-code-assist]

Summary of Changes

This pull request addresses an issue in the SDK's key wrapping mechanism, specifically for Key Access Server (KAS) keys utilizing extended Elliptic Curve (EC) methods. The changes ensure that the correct elliptic curve type is consistently applied when creating EC wrapped keys, thereby improving the robustness and correctness of cryptographic operations.

Highlights

• EC Key Wrapping Logic Refinement: Modified the createKeyAccess method to explicitly determine the KeyType from the algorithm and pass this specific type to the createECWrappedKey function, ensuring accurate context for EC key operations.
• createECWrappedKey Signature Update: Updated the createECWrappedKey method signature to directly accept the KeyType object, allowing for the correct derivation of the elliptic curve name based on the provided key type.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• sdk/src/main/java/io/opentdf/platform/sdk/TDF.java
  • Refactored createKeyAccess to derive KeyType earlier and pass it to the EC key wrapping function.
  • Adjusted createECWrappedKey to use the provided KeyType for determining the elliptic curve.

Activity

• An initial X-Test run for java-main reported a failure.
• SonarQube Cloud reported that the Quality Gate passed with no new issues or security hotspots.
• The author confirmed a specific test case, test_key_mapping_extended_ec_mechanisms, passed.
• Subsequent X-Test runs across multiple platforms (go, js, java) all passed successfully.
• The author requested a /gemini review and /gemini summary.

[github-actions]

X-Test Results

✅ go-v0.13.0
✅ go-main
✅ js-v0.13.0
✅ js-main
✅ java-v0.13.0
✅ java-main