otdf-python 0.4.0__py3-none-any.whl → 0.4.2__py3-none-any.whl

otdf_python/__init__.py

@@ -1,5 +1,4 @@
-"""
-OpenTDF Python SDK
+"""OpenTDF Python SDK.
 
 A Python implementation of the OpenTDF SDK for working with Trusted Data Format (TDF) files.
 Provides both programmatic APIs and command-line interface for encryption and decryption.

otdf_python/__main__.py

@@ -1,6 +1,5 @@
 #!/usr/bin/env python3
-"""
-Main entry point for running otdf_python as a module.
+"""Main entry point for running otdf_python as a module.
 
 This allows the package to be run with `python -m otdf_python` and properly
 handles the CLI interface without import conflicts.

otdf_python/address_normalizer.py

@@ -1,6 +1,4 @@
-"""
-Address normalization utilities for OpenTDF.
-"""
+"""Address normalization utilities for OpenTDF."""
 
 import logging
 import re
@@ -12,8 +10,7 @@ logger = logging.getLogger(__name__)
 
 
 def normalize_address(url_string: str, use_plaintext: bool) -> str:
-    """
-    Normalize a URL address to ensure it has the correct scheme and port.
+    """Normalize a URL address to ensure it has the correct scheme and port.
 
     Args:
         url_string: The URL string to normalize
@@ -24,6 +21,7 @@ def normalize_address(url_string: str, use_plaintext: bool) -> str:
 
     Raises:
         SDKException: If there's an error parsing or creating the URL
+
     """
     scheme = "http" if use_plaintext else "https"
 
@@ -34,8 +32,8 @@ def normalize_address(url_string: str, use_plaintext: bool) -> str:
         port_str = host_port_pattern.group(2)
         try:
             port = int(port_str)
-        except ValueError:
-            raise SDKException(f"Invalid port in URL [{url_string}]")
+        except ValueError as err:
+            raise SDKException(f"Invalid port in URL [{url_string}]") from err
 
         normalized_url = f"{scheme}://{host}:{port}"
         logger.debug(f"normalized url [{url_string}] to [{normalized_url}]")
@@ -66,8 +64,8 @@ def normalize_address(url_string: str, use_plaintext: bool) -> str:
             _, port_str = parsed_url.netloc.split(":", 1)
             try:
                 port = int(port_str)
-            except ValueError:
-                raise SDKException(f"Invalid port in URL [{url_string}]")
+            except ValueError as err:
+                raise SDKException(f"Invalid port in URL [{url_string}]") from err
 
         # If no port was found or extracted, use the default
         if port is None:
@@ -81,4 +79,4 @@ def normalize_address(url_string: str, use_plaintext: bool) -> str:
     except Exception as e:
         if isinstance(e, SDKException):
             raise e
-        raise SDKException(f"Error normalizing URL [{url_string}]", e)
+        raise SDKException(f"Error normalizing URL [{url_string}]: {e}") from e

otdf_python/aesgcm.py

@@ -1,13 +1,18 @@
+"""AES-GCM encryption and decryption functionality."""
+
 import os
 
 from cryptography.hazmat.primitives.ciphers.aead import AESGCM
 
 
 class AesGcm:
+    """AES-GCM encryption and decryption operations."""
+
     GCM_NONCE_LENGTH = 12
     GCM_TAG_LENGTH = 16
 
     def __init__(self, key: bytes):
+        """Initialize AES-GCM cipher with key."""
         if not key or len(key) not in (16, 24, 32):
             raise ValueError("Invalid key size for GCM encryption")
         self.key = key
@@ -17,7 +22,10 @@ class AesGcm:
         return self.key
 
     class Encrypted:
+        """Encrypted data with initialization vector and ciphertext."""
+
         def __init__(self, iv: bytes, ciphertext: bytes):
+            """Initialize encrypted data."""
             self.iv = iv
             self.ciphertext = ciphertext
 

otdf_python/assertion_config.py

@@ -1,8 +1,12 @@
+"""Assertion configuration for TDF."""
+
 from enum import Enum, auto
 from typing import Any
 
 
 class Type(Enum):
+    """Assertion type enumeration."""
+
     HANDLING_ASSERTION = "handling"
     BASE_ASSERTION = "base"
 
@@ -11,6 +15,8 @@ class Type(Enum):
 
 
 class Scope(Enum):
+    """Assertion scope enumeration."""
+
     TRUSTED_DATA_OBJ = "tdo"
     PAYLOAD = "payload"
 
@@ -19,12 +25,16 @@ class Scope(Enum):
 
 
 class AssertionKeyAlg(Enum):
+    """Assertion key algorithm enumeration."""
+
     RS256 = auto()
     HS256 = auto()
     NOT_DEFINED = auto()
 
 
 class AppliesToState(Enum):
+    """Assertion applies-to state enumeration."""
+
     ENCRYPTED = "encrypted"
     UNENCRYPTED = "unencrypted"
 
@@ -33,6 +43,8 @@ class AppliesToState(Enum):
 
 
 class BindingMethod(Enum):
+    """Assertion binding method enumeration."""
+
     JWS = "jws"
 
     def __str__(self):
@@ -40,7 +52,10 @@ class BindingMethod(Enum):
 
 
 class AssertionKey:
+    """Assertion signing key configuration."""
+
     def __init__(self, alg: AssertionKeyAlg, key: Any):
+        """Initialize assertion key."""
         self.alg = alg
         self.key = key
 
@@ -49,7 +64,10 @@ class AssertionKey:
 
 
 class Statement:
+    """Assertion statement with format, schema, and value."""
+
     def __init__(self, format: str, schema: str, value: str):
+        """Initialize assertion statement."""
         self.format = format
         self.schema = schema
         self.value = value
@@ -67,6 +85,8 @@ class Statement:
 
 
 class AssertionConfig:
+    """TDF assertion configuration."""
+
     def __init__(
         self,
         id: str,
@@ -76,6 +96,7 @@ class AssertionConfig:
         statement: Statement,
         signing_key: AssertionKey | None = None,
     ):
+        """Initialize assertion configuration."""
         self.id = id
         self.type = type
         self.scope = scope

otdf_python/asym_crypto.py

@@ -1,6 +1,4 @@
-"""
-Asymmetric encryption and decryption utilities for RSA keys in PEM format.
-"""
+"""Asymmetric encryption and decryption utilities for RSA keys in PEM format."""
 
 import base64
 import re
@@ -14,8 +12,7 @@ from .sdk_exceptions import SDKException
 
 
 class AsymDecryption:
-    """
-    Provides functionality for asymmetric decryption using an RSA private key.
+    """Provides functionality for asymmetric decryption using an RSA private key.
 
     Supports both PEM string and key object initialization for flexibility.
     """
@@ -25,8 +22,7 @@ class AsymDecryption:
     PRIVATE_KEY_FOOTER = "-----END PRIVATE KEY-----"
 
     def __init__(self, private_key_pem: str | None = None, private_key_obj=None):
-        """
-        Initialize with either a PEM string or a key object.
+        """Initialize with either a PEM string or a key object.
 
         Args:
             private_key_pem: Private key in PEM format (with or without headers)
@@ -34,6 +30,7 @@ class AsymDecryption:
 
         Raises:
             SDKException: If key loading fails
+
         """
         if private_key_obj is not None:
             self.private_key = private_key_obj
@@ -60,13 +57,12 @@ class AsymDecryption:
                         decoded, password=None, backend=default_backend()
                     )
             except Exception as e:
-                raise SDKException(f"Failed to load private key: {e}")
+                raise SDKException(f"Failed to load private key: {e}") from e
         else:
             self.private_key = None
 
     def decrypt(self, data: bytes) -> bytes:
-        """
-        Decrypt data using RSA OAEP with SHA-1.
+        """Decrypt data using RSA OAEP with SHA-1.
 
         Args:
             data: Encrypted bytes to decrypt
@@ -76,6 +72,7 @@ class AsymDecryption:
 
         Raises:
             SDKException: If decryption fails or key is not set
+
         """
         if self.private_key is None:
             raise SDKException("Failed to decrypt, private key is empty")
@@ -89,12 +86,11 @@ class AsymDecryption:
                 ),
             )
         except Exception as e:
-            raise SDKException(f"Error performing decryption: {e}")
+            raise SDKException(f"Error performing decryption: {e}") from e
 
 
 class AsymEncryption:
-    """
-    Provides functionality for asymmetric encryption using an RSA public key or certificate in PEM format.
+    """Provides functionality for asymmetric encryption using an RSA public key or certificate in PEM format.
 
     Supports PEM public keys, X.509 certificates, and pre-loaded key objects.
     Also handles base64-encoded keys without PEM headers.
@@ -105,8 +101,7 @@ class AsymEncryption:
     CIPHER_TRANSFORM = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding"
 
     def __init__(self, public_key_pem: str | None = None, public_key_obj=None):
-        """
-        Initialize with either a PEM string or a key object.
+        """Initialize with either a PEM string or a key object.
 
         Args:
             public_key_pem: Public key in PEM format, X.509 certificate, or base64 string
@@ -114,6 +109,7 @@ class AsymEncryption:
 
         Raises:
             SDKException: If key loading fails or key is not RSA
+
         """
         if public_key_obj is not None:
             self.public_key = public_key_obj
@@ -141,7 +137,7 @@ class AsymEncryption:
                             decoded, backend=default_backend()
                         )
             except Exception as e:
-                raise SDKException(f"Failed to load public key: {e}")
+                raise SDKException(f"Failed to load public key: {e}") from e
         else:
             self.public_key = None
 
@@ -152,8 +148,7 @@ class AsymEncryption:
             raise SDKException("Not an RSA PEM formatted public key")
 
     def encrypt(self, data: bytes) -> bytes:
-        """
-        Encrypt data using RSA OAEP with SHA-1.
+        """Encrypt data using RSA OAEP with SHA-1.
 
         Args:
             data: Plaintext bytes to encrypt
@@ -163,6 +158,7 @@ class AsymEncryption:
 
         Raises:
             SDKException: If encryption fails or key is not set
+
         """
         if self.public_key is None:
             raise SDKException("Failed to encrypt, public key is empty")
@@ -176,17 +172,17 @@ class AsymEncryption:
                 ),
             )
         except Exception as e:
-            raise SDKException(f"Error performing encryption: {e}")
+            raise SDKException(f"Error performing encryption: {e}") from e
 
     def public_key_in_pem_format(self) -> str:
-        """
-        Export the public key to PEM format.
+        """Export the public key to PEM format.
 
         Returns:
             Public key as PEM-encoded string
 
         Raises:
             SDKException: If export fails
+
         """
         try:
             pem = self.public_key.public_bytes(
@@ -195,4 +191,4 @@ class AsymEncryption:
             )
             return pem.decode()
         except Exception as e:
-            raise SDKException(f"Error exporting public key to PEM: {e}")
+            raise SDKException(f"Error exporting public key to PEM: {e}") from e

otdf_python/auth_headers.py

@@ -1,10 +1,11 @@
+"""Authentication header management."""
+
 from dataclasses import dataclass
 
 
 @dataclass
 class AuthHeaders:
-    """
-    Represents authentication headers used in token-based authorization.
+    """Represents authentication headers used in token-based authorization.
     This class holds authorization and DPoP (Demonstrating Proof of Possession) headers
     that are used in token-based API requests.
     """
@@ -13,19 +14,19 @@ class AuthHeaders:
     dpop_header: str = ""
 
     def get_auth_header(self) -> str:
-        """Returns the authorization header."""
+        """Get the authorization header."""
         return self.auth_header
 
     def get_dpop_header(self) -> str:
-        """Returns the DPoP header."""
+        """Get the DPoP header."""
         return self.dpop_header
 
     def to_dict(self) -> dict[str, str]:
-        """
-        Convert authentication headers to a dictionary for use with HTTP clients.
+        """Convert authentication headers to a dictionary for use with HTTP clients.
 
         Returns:
             Dictionary with 'Authorization' header and optionally 'DPoP' header
+
         """
         headers = {"Authorization": self.auth_header}
         if self.dpop_header:

otdf_python/autoconfigure_utils.py

@@ -1,3 +1,5 @@
+"""Utilities for automatic SDK configuration."""
+
 import re
 import urllib.parse
 from dataclasses import dataclass
@@ -6,6 +8,8 @@ from typing import Any
 
 # RuleType constants
 class RuleType:
+    """Rule type constants for attribute hierarchy."""
+
     HIERARCHY = "hierarchy"
     ALL_OF = "allOf"
     ANY_OF = "anyOf"
@@ -15,6 +19,8 @@ class RuleType:
 
 @dataclass(frozen=True)
 class KeySplitStep:
+    """Key split step information."""
+
     kas: str
     splitID: str
 
@@ -31,21 +37,24 @@ class KeySplitStep:
 
 
 class AutoConfigureException(Exception):
-    pass
+    """Exception for auto-configuration errors."""
 
 
 class AttributeNameFQN:
+    """Fully qualified attribute name."""
+
     def __init__(self, url: str):
+        """Initialize attribute name from URL."""
         pattern = re.compile(r"^(https?://[\w./-]+)/attr/([^/\s]*)$")
         matcher = pattern.match(url)
         if not matcher or not matcher.group(1) or not matcher.group(2):
             raise AutoConfigureException("invalid type: attribute regex fail")
         try:
             urllib.parse.unquote(matcher.group(2))
-        except Exception:
+        except Exception as err:
             raise AutoConfigureException(
                 f"invalid type: error in attribute name [{matcher.group(2)}]"
-            )
+            ) from err
         self.url = url
         self.key = url.lower()
 
@@ -76,12 +85,15 @@ class AttributeNameFQN:
             raise AutoConfigureException("invalid attribute")
         try:
             return urllib.parse.unquote(matcher.group(1))
-        except Exception:
-            raise AutoConfigureException("invalid type")
+        except Exception as err:
+            raise AutoConfigureException("invalid type") from err
 
 
 class AttributeValueFQN:
+    """Fully qualified attribute value."""
+
     def __init__(self, url: str):
+        """Initialize attribute value from URL."""
         pattern = re.compile(r"^(https?://[\w./-]+)/attr/(\S*)/value/(\S*)$")
         matcher = pattern.match(url)
         if (
@@ -96,8 +108,10 @@ class AttributeValueFQN:
         try:
             urllib.parse.unquote(matcher.group(2))
             urllib.parse.unquote(matcher.group(3))
-        except Exception:
-            raise AutoConfigureException("invalid type: error in attribute or value")
+        except Exception as err:
+            raise AutoConfigureException(
+                "invalid type: error in attribute or value"
+            ) from err
         self.url = url
         self.key = url.lower()
 

otdf_python/cli.py

@@ -1,6 +1,5 @@
 #!/usr/bin/env python3
-"""
-OpenTDF Python CLI
+"""OpenTDF Python CLI.
 
 A command-line interface for encrypting and decrypting files using OpenTDF.
 Provides encrypt, decrypt, and inspect commands similar to the otdfctl CLI.
@@ -36,6 +35,7 @@ class CLIError(Exception):
     """Custom exception for CLI errors."""
 
     def __init__(self, level: str, message: str, cause: Exception | None = None):
+        """Initialize CLI error."""
         self.level = level
         self.message = message
         self.cause = cause
@@ -105,11 +105,11 @@ def load_client_credentials(creds_file_path: str) -> tuple[str, str]:
     except json.JSONDecodeError as e:
         raise CLIError(
             "CRITICAL", f"Invalid JSON in credentials file {creds_file_path}: {e}"
-        )
+        ) from e
     except Exception as e:
         raise CLIError(
             "CRITICAL", f"Error reading credentials file {creds_file_path}: {e}"
-        )
+        ) from e
 
 
 def build_sdk(args) -> SDK:
@@ -525,7 +525,7 @@ Where creds.json contains:
 
 
 def main():
-    """Main CLI entry point."""
+    """Execute the CLI entry point."""
     parser = create_parser()
     args = parser.parse_args()
 

otdf_python/collection_store.py

@@ -1,12 +1,19 @@
+"""Collection store interface for managing collections."""
+
 from collections import OrderedDict
 
 
 class CollectionKey:
+    """Collection key wrapper for store operations."""
+
     def __init__(self, key: bytes | None):
+        """Initialize collection key."""
         self.key = key
 
 
 class CollectionStore:
+    """Abstract collection store interface for key management."""
+
     NO_PRIVATE_KEY = CollectionKey(None)
 
     def store(self, header, key: CollectionKey):
@@ -17,17 +24,22 @@ class CollectionStore:
 
 
 class NoOpCollectionStore(CollectionStore):
+    """No-op collection store that discards all keys."""
+
     def store(self, header, key: CollectionKey):
-        pass
+        """Discard key operation (no-op)."""
 
     def get_key(self, header) -> CollectionKey:
         return self.NO_PRIVATE_KEY
 
 
 class CollectionStoreImpl(OrderedDict, CollectionStore):
+    """Collection store implementation with ordered dictionary."""
+
     MAX_SIZE_STORE = 500
 
     def __init__(self):
+        """Initialize collection store."""
         super().__init__()
 
     def store(self, header, key: CollectionKey):

otdf_python/collection_store_impl.py

@@ -1,3 +1,5 @@
+"""Collection store implementation."""
+
 from collections import OrderedDict
 from threading import RLock
 
@@ -5,7 +7,10 @@ MAX_SIZE_STORE = 500
 
 
 class CollectionStoreImpl(OrderedDict):
+    """Thread-safe collection store for caching TDF keys."""
+
     def __init__(self):
+        """Initialize collection store."""
         super().__init__()
         self._lock = RLock()
 

otdf_python/config.py

@@ -1,3 +1,5 @@
+"""Configuration classes for TDF and NanoTDF operations."""
+
 from dataclasses import dataclass, field
 from enum import Enum
 from typing import Any
@@ -5,17 +7,23 @@ from urllib.parse import urlparse, urlunparse
 
 
 class TDFFormat(Enum):
+    """TDF format enumeration."""
+
     JSONFormat = "JSONFormat"
     XMLFormat = "XMLFormat"
 
 
 class IntegrityAlgorithm(Enum):
+    """Integrity algorithm enumeration."""
+
     HS256 = "HS256"
     GMAC = "GMAC"
 
 
 @dataclass
 class KASInfo:
+    """Key Access Service information."""
+
     url: str
     public_key: str | None = None
     kid: str | None = None
@@ -28,6 +36,8 @@ class KASInfo:
 
 @dataclass
 class TDFConfig:
+    """TDF encryption configuration."""
+
     autoconfigure: bool = True
     default_segment_size: int = 2 * 1024 * 1024
     enable_encryption: bool = True
@@ -49,6 +59,8 @@ class TDFConfig:
 
 @dataclass
 class NanoTDFConfig:
+    """NanoTDF encryption configuration."""
+
     ecc_mode: str | None = None
     cipher: str | None = None
     config: str | None = None
@@ -60,6 +72,7 @@ class NanoTDFConfig:
 
 # Utility function to normalize KAS URLs (Python equivalent)
 def get_kas_address(kas_url: str) -> str:
+    """Normalize KAS URL by adding https:// if no scheme present."""
     if "://" not in kas_url:
         kas_url = "https://" + kas_url
     parsed = urlparse(kas_url)

otdf_python/connect_client.py

@@ -0,0 +1 @@
+"""Connect RPC client for KAS operations."""

otdf_python/constants.py

@@ -1 +1,3 @@
+"""Application constants and default values."""
+
 MAGIC_NUMBER_AND_VERSION = bytes([0x4C, 0x31, 0x4C])

otdf_python/crypto_utils.py

@@ -1,3 +1,5 @@
+"""Cryptographic utility functions."""
+
 import hashlib
 import hmac
 
@@ -7,6 +9,8 @@ from cryptography.hazmat.primitives.asymmetric import ec, rsa
 
 
 class CryptoUtils:
+    """Cryptographic utility functions and helpers."""
+
     KEYPAIR_SIZE = 2048
 
     @staticmethod

otdf_python/dpop.py

@@ -1,6 +1,4 @@
-"""
-DPoP (Demonstration of Proof-of-Possession) token generation utilities.
-"""
+"""DPoP (Demonstration of Proof-of-Possession) token generation utilities."""
 
 import base64
 import hashlib
@@ -18,8 +16,7 @@ def create_dpop_token(
     method: str = "POST",
     access_token: str | None = None,
 ) -> str:
-    """
-    Create a DPoP (Demonstration of Proof-of-Possession) token.
+    """Create a DPoP (Demonstration of Proof-of-Possession) token.
 
     Args:
         private_key_pem: RSA private key in PEM format for signing
@@ -30,6 +27,7 @@ def create_dpop_token(
 
     Returns:
         DPoP token as a string
+
     """
     # Parse the RSA public key to extract modulus and exponent
     public_key_obj = CryptoUtils.get_rsa_public_key_from_pem(public_key_pem)