otdf-python 0.3.3__py3-none-any.whl → 0.3.4__py3-none-any.whl

otdf_python/auth_headers.py

@@ -10,7 +10,7 @@ class AuthHeaders:
     """
 
     auth_header: str
-    dpop_header: str
+    dpop_header: str = ""
 
     def get_auth_header(self) -> str:
         """Returns the authorization header."""
@@ -19,3 +19,15 @@ class AuthHeaders:
     def get_dpop_header(self) -> str:
         """Returns the DPoP header."""
         return self.dpop_header
+
+    def to_dict(self) -> dict[str, str]:
+        """
+        Convert authentication headers to a dictionary for use with HTTP clients.
+
+        Returns:
+            Dictionary with 'Authorization' header and optionally 'DPoP' header
+        """
+        headers = {"Authorization": self.auth_header}
+        if self.dpop_header:
+            headers["DPoP"] = self.dpop_header
+        return headers

otdf_python/cli.py

@@ -88,7 +88,7 @@ def load_client_credentials(creds_file_path: str) -> tuple[str, str]:
                 "CRITICAL", f"Credentials file does not exist: {creds_file_path}"
             )
 
-        with open(creds_path) as f:
+        with creds_path.open() as f:
             creds = json.load(f)
 
         client_id = creds.get("clientId")
@@ -223,13 +223,13 @@ def cmd_encrypt(args):
 
     try:
         # Read input file
-        with open(input_path, "rb") as input_file:
+        with input_path.open("rb") as input_file:
             payload = input_file.read()
 
         # Determine output
         if args.output:
             output_path = Path(args.output)
-            with open(output_path, "wb") as output_file:
+            with output_path.open("wb") as output_file:
                 try:
                     # Create appropriate config based on container type
                     container_type = getattr(args, "container_type", "tdf")
@@ -247,7 +247,7 @@ def cmd_encrypt(args):
                         logger.debug("Creating TDF")
                         config = create_tdf_config(sdk, args)
                         output_stream = BytesIO()
-                        manifest, size, _ = sdk.create_tdf(
+                        _manifest, size, _ = sdk.create_tdf(
                             BytesIO(payload), config, output_stream
                         )
                         output_file.write(output_stream.getvalue())
@@ -274,7 +274,7 @@ def cmd_encrypt(args):
                 logger.debug("Creating TDF")
                 config = create_tdf_config(sdk, args)
                 output_stream = BytesIO()
-                manifest, size, _ = sdk.create_tdf(
+                _manifest, size, _ = sdk.create_tdf(
                     BytesIO(payload), config, output_stream
                 )
                 output_file.write(output_stream.getvalue())
@@ -296,13 +296,13 @@ def cmd_decrypt(args):
 
     try:
         # Read encrypted file
-        with open(input_path, "rb") as input_file:
+        with input_path.open("rb") as input_file:
             encrypted_data = input_file.read()
 
         # Determine output
         if args.output:
             output_path = Path(args.output)
-            with open(output_path, "wb") as output_file:
+            with output_path.open("wb") as output_file:
                 try:
                     # Try to determine if it's a NanoTDF or regular TDF
                     # NanoTDFs have a specific header format, regular TDFs are ZIP files
@@ -359,7 +359,7 @@ def cmd_inspect(args):
 
         try:
             # Read encrypted file
-            with open(input_path, "rb") as input_file:
+            with input_path.open("rb") as input_file:
                 encrypted_data = input_file.read()
 
             if encrypted_data.startswith(b"PK"):
@@ -400,7 +400,7 @@ def cmd_inspect(args):
     except Exception as e:
         # If we can't inspect due to auth issues, show what we can
         logger.warning(f"Limited inspection due to: {e}")
-        with open(input_path, "rb") as input_file:
+        with input_path.open("rb") as input_file:
             encrypted_data = input_file.read()
 
         file_type = "TDF" if encrypted_data.startswith(b"PK") else "NanoTDF"

otdf_python/header.py

@@ -51,7 +51,7 @@ class Header:
         # MAGIC_NUMBER_AND_VERSION (3 bytes)
         offset += 3
         # ResourceLocator
-        kas_locator, kas_size = ResourceLocator.from_bytes_with_size(buffer[offset:])
+        _kas_locator, kas_size = ResourceLocator.from_bytes_with_size(buffer[offset:])
         offset += kas_size
         # ECC mode (1 byte)
         ecc_mode = ECCMode(buffer[offset])
@@ -59,7 +59,7 @@ class Header:
         # Payload config (1 byte)
         offset += 1
         # PolicyInfo
-        policy_info, policy_size = PolicyInfo.from_bytes_with_size(
+        _policy_info, policy_size = PolicyInfo.from_bytes_with_size(
             buffer[offset:], ecc_mode
         )
         offset += policy_size

otdf_python/kas_connect_rpc_client.py

@@ -9,6 +9,8 @@ import urllib3
 from otdf_python_proto.kas import kas_pb2
 from otdf_python_proto.kas.kas_pb2_connect import AccessServiceClient
 
+from otdf_python.auth_headers import AuthHeaders
+
 from .sdk_exceptions import SDKException
 
 
@@ -69,7 +71,11 @@ class KASConnectRPCClient:
             Dictionary with authentication headers or None
         """
         if access_token:
-            return {"Authorization": f"Bearer {access_token}"}
+            auth_headers = AuthHeaders(
+                auth_header=f"Bearer {access_token}",
+                dpop_header="",  # Empty for now, ready for future DPoP support
+            )
+            return auth_headers.to_dict()
         return None
 
     def get_public_key(self, normalized_kas_url, kas_info, access_token=None):

otdf_python/nanotdf.py

@@ -300,7 +300,7 @@ class NanoTDF:
         iv, ciphertext = self._encrypt_payload(payload, key)
 
         # Wrap key if needed
-        wrapped_key, kas_public_key = self._wrap_key_if_needed(key, config)
+        wrapped_key, _kas_public_key = self._wrap_key_if_needed(key, config)
 
         # Compose the complete NanoTDF: [IV][CIPHERTEXT][WRAPPED_KEY][WRAPPED_KEY_LEN]
         if wrapped_key:

otdf_python/sdk.py

@@ -6,42 +6,12 @@ from contextlib import AbstractContextManager
 from io import BytesIO
 from typing import Any, BinaryIO
 
-from otdf_python.config import NanoTDFConfig, TDFConfig
+from otdf_python.config import KASInfo, NanoTDFConfig, TDFConfig
 from otdf_python.nanotdf import NanoTDF
 from otdf_python.sdk_exceptions import SDKException
 from otdf_python.tdf import TDF, TDFReader, TDFReaderConfig
 
 
-# Stubs for service client interfaces (to be implemented)
-class AttributesServiceClientInterface: ...
-
-
-class NamespaceServiceClientInterface: ...
-
-
-class SubjectMappingServiceClientInterface: ...
-
-
-class ResourceMappingServiceClientInterface: ...
-
-
-class AuthorizationServiceClientInterface: ...
-
-
-class KeyAccessServerRegistryServiceClientInterface: ...
-
-
-# Placeholder for ProtocolClient and Interceptor
-class ProtocolClient: ...
-
-
-class Interceptor: ...  # Can be dict in Python implementation
-
-
-# Placeholder for TrustManager
-class TrustManager: ...
-
-
 class KAS(AbstractContextManager):
     """
     KAS (Key Access Service) interface to define methods related to key access and management.
@@ -71,7 +41,6 @@ class KAS(AbstractContextManager):
         token_source=None,
         sdk_ssl_verify=True,
         use_plaintext=False,
-        auth_headers: dict | None = None,
     ):
         """
         Initialize the KAS client
@@ -81,7 +50,6 @@ class KAS(AbstractContextManager):
             token_source: Function that returns an authentication token
             sdk_ssl_verify: Whether to verify SSL certificates
             use_plaintext: Whether to use plaintext HTTP connections instead of HTTPS
-            auth_headers: Dictionary of authentication headers to include in requests
         """
         from .kas_client import KASClient
 
@@ -94,7 +62,6 @@ class KAS(AbstractContextManager):
         # Store the parameters for potential use
         self._sdk_ssl_verify = sdk_ssl_verify
         self._use_plaintext = use_plaintext
-        self._auth_headers = auth_headers
 
     def get_ec_public_key(self, kas_info: Any, curve: Any) -> Any:
         """
@@ -179,12 +146,14 @@ class KAS(AbstractContextManager):
 
 class SDK(AbstractContextManager):
     def new_tdf_config(
-        self, attributes: list[str] | None = None, **kwargs
+        self,
+        attributes: list[str] | None = None,
+        kas_info_list: list[KASInfo] | None = None,
+        **kwargs,
     ) -> TDFConfig:
         """
         Create a TDFConfig with default kas_info_list from the SDK's platform_url.
         """
-        from otdf_python.config import KASInfo
 
         if self.platform_url is None:
             raise SDKException("Cannot create TDFConfig: SDK platform_url is not set.")
@@ -232,10 +201,8 @@ class SDK(AbstractContextManager):
             # Use existing port with the determined scheme
             kas_url = f"{scheme}://{parsed_url.hostname}:{parsed_url.port}{parsed_url.path.rstrip('/')}/kas"
 
-        kas_info = KASInfo(url=kas_url, default=True)
-        # Accept user override for kas_info_list if provided
-        kas_info_list = kwargs.pop("kas_info_list", None)
         if kas_info_list is None:
+            kas_info = KASInfo(url=kas_url, default=True)
             kas_info_list = [kas_info]
         return TDFConfig(
             kas_info_list=kas_info_list, attributes=attributes or [], **kwargs
@@ -251,30 +218,6 @@ class SDK(AbstractContextManager):
         The Services interface provides access to various platform service clients and KAS.
         """
 
-        def attributes(self) -> AttributesServiceClientInterface:
-            """Returns the attributes service client"""
-            raise NotImplementedError
-
-        def namespaces(self) -> NamespaceServiceClientInterface:
-            """Returns the namespaces service client"""
-            raise NotImplementedError
-
-        def subject_mappings(self) -> SubjectMappingServiceClientInterface:
-            """Returns the subject mappings service client"""
-            raise NotImplementedError
-
-        def resource_mappings(self) -> ResourceMappingServiceClientInterface:
-            """Returns the resource mappings service client"""
-            raise NotImplementedError
-
-        def authorization(self) -> AuthorizationServiceClientInterface:
-            """Returns the authorization service client"""
-            raise NotImplementedError
-
-        def kas_registry(self) -> KeyAccessServerRegistryServiceClientInterface:
-            """Returns the KAS registry service client"""
-            raise NotImplementedError
-
         def kas(self) -> KAS:
             """
             Returns the KAS client for key access operations.
@@ -292,9 +235,6 @@ class SDK(AbstractContextManager):
     def __init__(
         self,
         services: "SDK.Services",
-        trust_manager: TrustManager | None = None,
-        auth_interceptor: Interceptor | dict[str, str] | None = None,
-        platform_services_client: ProtocolClient | None = None,
         platform_url: str | None = None,
         ssl_verify: bool = True,
         use_plaintext: bool = False,
@@ -304,17 +244,11 @@ class SDK(AbstractContextManager):
 
         Args:
             services: The services interface implementation
-            trust_manager: Optional trust manager for SSL validation
-            auth_interceptor: Optional auth interceptor for API requests
-            platform_services_client: Optional client for platform services
             platform_url: Optional platform base URL
             ssl_verify: Whether to verify SSL certificates (default: True)
             use_plaintext: Whether to use HTTP instead of HTTPS (default: False)
         """
         self.services = services
-        self.trust_manager = trust_manager
-        self.auth_interceptor = auth_interceptor
-        self.platform_services_client = platform_services_client
         self.platform_url = platform_url
         self.ssl_verify = ssl_verify
         self._use_plaintext = use_plaintext
@@ -332,18 +266,6 @@ class SDK(AbstractContextManager):
         """Returns the services interface"""
         return self.services
 
-    def get_trust_manager(self) -> TrustManager | None:
-        """Returns the trust manager if set"""
-        return self.trust_manager
-
-    def get_auth_interceptor(self) -> Interceptor | dict[str, str] | None:
-        """Returns the auth interceptor if set"""
-        return self.auth_interceptor
-
-    def get_platform_services_client(self) -> ProtocolClient | None:
-        """Returns the platform services client if set"""
-        return self.platform_services_client
-
     def get_platform_url(self) -> str | None:
         """Returns the platform URL if set"""
         return self.platform_url

otdf_python/sdk_builder.py

@@ -4,10 +4,9 @@ Provides methods to configure and build SDK instances.
 """
 
 import logging
-import os
 import ssl
 from dataclasses import dataclass
-from typing import Any
+from pathlib import Path
 
 import httpx
 
@@ -77,9 +76,10 @@ class SDKBuilder:
         self.cert_paths = []
 
         # Find all .pem and .crt files in the directory
-        for filename in os.listdir(certs_dir_path):
-            if filename.endswith(".pem") or filename.endswith(".crt"):
-                self.cert_paths.append(os.path.join(certs_dir_path, filename))
+        certs_path = Path(certs_dir_path)
+        for cert_file in certs_path.iterdir():
+            if cert_file.suffix in (".pem", ".crt"):
+                self.cert_paths.append(str(cert_file))
 
         # Create SSL context with these certificates
         if self.cert_paths:
@@ -343,32 +343,6 @@ class SDKBuilder:
         except Exception as e:
             raise AutoConfigureException(f"Error during token acquisition: {e!s}")
 
-    def _create_auth_interceptor(self) -> Any:
-        """
-        Creates an authentication interceptor for API requests (httpx).
-        Returns:
-            Any: An auth interceptor object
-        Raises:
-            AutoConfigureException: If auth configuration fails
-        """
-        # For now, this is just a placeholder returning a dict with auth headers
-        # In a real implementation, this would create a proper interceptor object
-        # that injects auth headers into httpx requests
-
-        token = None
-
-        if self.auth_token:
-            # Use provided token
-            token = self.auth_token
-        elif self.oauth_config:
-            # Get token from OAuth
-            token = self._get_token_from_client_credentials()
-
-        if token:
-            return {"Authorization": f"Bearer {token}"}
-
-        return None
-
     def _create_services(self) -> SDK.Services:
         """
         Creates service client instances.
@@ -382,13 +356,11 @@ class SDKBuilder:
         # connecting to the platform endpoints
 
         ssl_verify = not self.insecure_skip_verify
-        auth_interceptor = self._create_auth_interceptor()
 
         class ServicesImpl(SDK.Services):
             def __init__(self, builder_instance):
                 self.closed = False
                 self._ssl_verify = ssl_verify
-                self._auth_headers = auth_interceptor if auth_interceptor else {}
                 self._builder = builder_instance
 
             def kas(self) -> KAS:
@@ -432,16 +404,12 @@ class SDKBuilder:
         if not self.platform_endpoint:
             raise AutoConfigureException("Platform endpoint is not set")
 
-        # Create the auth interceptor
-        auth_interceptor = self._create_auth_interceptor()
-
         # Create services
         services = self._create_services()
 
         # Return the SDK instance, platform_url is set for new_tdf_config
         return SDK(
             services=services,
-            auth_interceptor=auth_interceptor,
             platform_url=self.platform_endpoint,
             ssl_verify=not self.insecure_skip_verify,
             use_plaintext=getattr(self, "use_plaintext", False),

{otdf_python-0.3.3.dist-info → otdf_python-0.3.4.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: otdf-python
-Version: 0.3.3
+Version: 0.3.4
 Summary: Unofficial OpenTDF SDK for Python
 Author-email: b-long <b-long@users.noreply.github.com>
 License-File: LICENSE
@@ -114,8 +114,6 @@ decrypted_data = tdf_reader.payload
 with open("decrypted.txt", "wb") as f:
     f.write(decrypted_data)
 
-# Don't forget to close the SDK when done
-sdk.close()
 ```
 
 ## Project Structure

{otdf_python-0.3.3.dist-info → otdf_python-0.3.4.dist-info}/RECORD

@@ -6,9 +6,9 @@ otdf_python/assertion_config.py,sha256=P2Pc1OxMk9Ln6bvp1ZI8j66Q7uoZoYB7oMB6WLG38
 otdf_python/asym_crypto.py,sha256=GzijIWYhWeazEwXYw-s8fRHVS7JLxDqHVcl7oRSOx_A,3008
 otdf_python/asym_decryption.py,sha256=eVfgfzFHMK4ni3g-u8fBe3sdF02eo_msZouo19UBlh4,1981
 otdf_python/asym_encryption.py,sha256=ex-S_PvBnWKSSvbocTjJ_p5VQjjeiThcc9bMRZqvifw,2932
-otdf_python/auth_headers.py,sha256=LFjfWiobNo9DNaPgcm-aJANzHZh7_u9oHTxnEzEq-Ro,562
+otdf_python/auth_headers.py,sha256=a0TQD36QKXO1G4swume2wx3Sk9zQsSWEAQJnST2DlH0,966
 otdf_python/autoconfigure_utils.py,sha256=NiNtbapBoIO-6kM59HRvX3Kj_Z0IRMrTkFlXjwuNfPc,3236
-otdf_python/cli.py,sha256=oRPn002DB7Xvc0y4oPzIFt97OmvMOYHwR6pZXrdwvAo,19463
+otdf_python/cli.py,sha256=XotWLHHEhxwIB9vnwkR2leEV0Q_hhcdceSvcWXyAMrE,19460
 otdf_python/collection_store.py,sha256=MH1RxlevRVFj5lBS_6DN3zz5ZgOhBjD0P7AYBLBqS0o,1004
 otdf_python/collection_store_impl.py,sha256=g3YeSwMeXr1BNmwmFr75fv9ptPjieC36Bhct-Jf1trw,613
 otdf_python/config.py,sha256=uGYVByTWl7pWcKRER41ef-ay5VevIbOyUAEd6BIArVg,2185
@@ -18,16 +18,16 @@ otdf_python/crypto_utils.py,sha256=KsNss9EC-wHs1nCiKivDnxJSMv0uxGlWLDcCowadcV8,2
 otdf_python/dpop.py,sha256=ssKXTGydJS--rBTCqX9Y8qy-c5Um4pIZPG3DZcj0rWU,2301
 otdf_python/ecc_mode.py,sha256=PUJJ6n0jk0IKKNVZ1_tWGPPujGR4fny4m5JBkUhPimo,1085
 otdf_python/eckeypair.py,sha256=4uZfdJaqSxW605FhU58Gko06mixSNoDOGBgVpP5VlSQ,2324
-otdf_python/header.py,sha256=YMmsBdiHM8rxLCtezIf_Cnrg2idoGpvq--WMxYqZ-no,5377
+otdf_python/header.py,sha256=QGxqo5yfuJIFrEntLGoETYC8ihc9tszXc2IjtETCVmg,5379
 otdf_python/invalid_zip_exception.py,sha256=YEU20hM5_yE-RWJncPZobcqj4a90RAuahB54VjAS2SU,213
 otdf_python/kas_client.py,sha256=vjOP3o7ip2cWqfE4FB1sHWqXWWY-aXPI-PnaKsPPEF4,22464
-otdf_python/kas_connect_rpc_client.py,sha256=asxKKSQokUa9kgtU3s3yhKrx3Nug9bK696YFsNjz_vE,7645
+otdf_python/kas_connect_rpc_client.py,sha256=LRhdFF6d8qz_BDFN4WMu0Kn-ZynvKMEWmuHYPj09A6Q,7862
 otdf_python/kas_info.py,sha256=STnyPo-Vu_rzVQRdQl8mUGPK8eZE2vY4oPkI-PqrZJM,687
 otdf_python/kas_key_cache.py,sha256=Ems2NyKC_3yh_xs8k4_n2gA3Jb-9nCeRRjIdz1LRC9I,1472
 otdf_python/key_type.py,sha256=cwhlh6DOFG5C8JlCxFqXYi0SJDlOLUkxceg7L8arFNk,816
 otdf_python/key_type_constants.py,sha256=ghridYdhFMLKDa_9Q5cplrl8DqdEgApd--20bJ-MBtA,1001
 otdf_python/manifest.py,sha256=Uv-Hvo9hOPLrSPTeKQpDvNeHzq7qSmJ5HYtkgGwVppE,6419
-otdf_python/nanotdf.py,sha256=s7kE5HhHOq1CEZW1gbkKMwMHh6eCNqd2Ln3SZGkfRTA,20213
+otdf_python/nanotdf.py,sha256=zklLXXEbX5uHO11ebnI4pgo_bVp94I2deXKjN0tjExs,20214
 otdf_python/nanotdf_ecdsa_struct.py,sha256=nRScIJLeNcbxBBE9DlG15I7EXGTkH0ITib1ra-C1-uQ,4100
 otdf_python/nanotdf_type.py,sha256=40PyDd62iDwcfmS7rhUeQE2B0W6FYIeCpi5cDmMO7d4,819
 otdf_python/policy_binding_serializer.py,sha256=8d9MizhLTdy14ghdAvhXRBA8KzKt6Nf9kmmU9hoWhrQ,1169
@@ -35,8 +35,8 @@ otdf_python/policy_info.py,sha256=n9hgdQrTRqPO7O1R90EUtIyoWNlaABAF7mRfbjIzaX8,28
 otdf_python/policy_object.py,sha256=zzwHk6jhZwpiX2BWxTJ1kDl3cgFijQfQrKJP3OqI35Q,380
 otdf_python/policy_stub.py,sha256=BQn06Ye5MwCu9feJZFPmO_UTfhugtiQa539iBkSQwhQ,117
 otdf_python/resource_locator.py,sha256=zYN5yd9cGwN9SRQO2tUD1UXj2zkPl2apd-X4E1MrnDg,1879
-otdf_python/sdk.py,sha256=-JNrbk7Nr3IKsTX9BZp2OxPlCilaSbA8FmP7Zn_GWsU,17082
-otdf_python/sdk_builder.py,sha256=QEu9y5I8xLPBuR8O2AG7AWInqO7g4Q5-WGW0sIVsOmQ,15803
+otdf_python/sdk.py,sha256=rihHwRwMzS1xu6eiJZ79Y2biDwPEZvqiQoFw97ma9-Q,14211
+otdf_python/sdk_builder.py,sha256=jgswTxnAfKXDGqEOIQwEiE3S0Jh0w5HMtPxHwUFIu-U,14655
 otdf_python/sdk_exceptions.py,sha256=L_bYkkyF-hnEBFXfjT5C41i5lM-t8OJB5mU_1zYvfP8,479
 otdf_python/symmetric_and_payload_config.py,sha256=D_LArhk1gA5-tpUiaUZTTM90ZKdc3DCq1a6X8etCir8,992
 otdf_python/tdf.py,sha256=T4Wr7cc-QcQ607F4RfqWieTpQdaeOndGnLqx4Di9B_M,19648
@@ -131,7 +131,7 @@ otdf_python_proto/wellknownconfiguration/__init__.py,sha256=X3GeZJ1mG_N1MViryjkq
 otdf_python_proto/wellknownconfiguration/wellknown_configuration_pb2.py,sha256=g9xSm9TxX0IPMqiFCaridJvI2TrL8PrXVFPgu8tX9VM,3863
 otdf_python_proto/wellknownconfiguration/wellknown_configuration_pb2.pyi,sha256=Zw4vROvTgomnFqsalJrYda632ojXH0FVXSzTXxerybw,1490
 otdf_python_proto/wellknownconfiguration/wellknown_configuration_pb2_connect.py,sha256=i9rGG2mgQZfk6xGCp1ywu4QqKWSiwpuLoNKGUwl43t8,5346
-otdf_python-0.3.3.dist-info/METADATA,sha256=8NI8cmpOqLFh4QjizWUXIHiCCiWN5D1k11MhekFzAKQ,4279
-otdf_python-0.3.3.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-otdf_python-0.3.3.dist-info/licenses/LICENSE,sha256=DPrPHdI6tfZcqk9kzQ37vh1Ftk7LJYdMrUtwKl7L3Pw,1074
-otdf_python-0.3.3.dist-info/RECORD,,
+otdf_python-0.3.4.dist-info/METADATA,sha256=3mt22hjKkKrXHv1GFyqQUO1JQTKdvDe4CsazN6x5pYY,4225
+otdf_python-0.3.4.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+otdf_python-0.3.4.dist-info/licenses/LICENSE,sha256=DPrPHdI6tfZcqk9kzQ37vh1Ftk7LJYdMrUtwKl7L3Pw,1074
+otdf_python-0.3.4.dist-info/RECORD,,