otdf-python 0.4.0__py3-none-any.whl → 0.4.2__py3-none-any.whl

otdf_python/sdk.py

@@ -1,6 +1,4 @@
-"""
-Python port of the main SDK class for OpenTDF platform interaction.
-"""
+"""The main SDK class for OpenTDF platform interaction."""
 
 from contextlib import AbstractContextManager
 from io import BytesIO
@@ -13,13 +11,10 @@ from otdf_python.tdf import TDF, TDFReader, TDFReaderConfig
 
 
 class KAS(AbstractContextManager):
-    """
-    KAS (Key Access Service) interface to define methods related to key access and management.
-    """
+    """KAS (Key Access Service) interface to define methods related to key access and management."""
 
     def get_public_key(self, kas_info: Any) -> Any:
-        """
-        Retrieves the public key from the KAS for RSA operations.
+        """Retrieve the public key from KAS for RSA operations.
         If the public key is cached, returns the cached value.
         Otherwise, makes a request to the KAS.
 
@@ -31,6 +26,7 @@ class KAS(AbstractContextManager):
 
         Raises:
             SDKException: If there's an error retrieving the public key
+
         """
         # Delegate to the underlying KAS client which handles authentication properly
         return self._kas_client.get_public_key(kas_info)
@@ -42,14 +38,14 @@ class KAS(AbstractContextManager):
         sdk_ssl_verify=True,
         use_plaintext=False,
     ):
-        """
-        Initialize the KAS client
+        """Initialize the KAS client.
 
         Args:
             platform_url: URL of the platform
             token_source: Function that returns an authentication token
             sdk_ssl_verify: Whether to verify SSL certificates
             use_plaintext: Whether to use plaintext HTTP connections instead of HTTPS
+
         """
         from .kas_client import KASClient
 
@@ -64,8 +60,7 @@ class KAS(AbstractContextManager):
         self._use_plaintext = use_plaintext
 
     def get_ec_public_key(self, kas_info: Any, curve: Any) -> Any:
-        """
-        Retrieves the EC public key from the KAS.
+        """Retrieve the EC public key from KAS.
 
         Args:
             kas_info: KASInfo object containing the URL
@@ -73,6 +68,7 @@ class KAS(AbstractContextManager):
 
         Returns:
             Updated KASInfo object with KID and PublicKey populated
+
         """
         # Set algorithm to "ec:<curve>"
         from copy import copy
@@ -82,8 +78,7 @@ class KAS(AbstractContextManager):
         return self.get_public_key(kas_info_copy)
 
     def unwrap(self, key_access: Any, policy: str, session_key_type: Any) -> bytes:
-        """
-        Unwraps the key using the KAS.
+        """Unwraps the key using the KAS.
 
         Args:
             key_access: KeyAccess object containing the wrapped key
@@ -92,6 +87,7 @@ class KAS(AbstractContextManager):
 
         Returns:
             Unwrapped key as bytes
+
         """
         return self._kas_client.unwrap(key_access, policy, session_key_type)
 
@@ -104,8 +100,7 @@ class KAS(AbstractContextManager):
         kas_private_key: str | None = None,
         mock: bool = False,
     ) -> bytes:
-        """
-        Unwraps the NanoTDF key using the KAS. If mock=True, performs local unwrap using the private key (for tests).
+        """Unwraps the NanoTDF key using the KAS. If mock=True, performs local unwrap using the private key (for tests).
 
         Args:
             curve: EC curve used
@@ -117,6 +112,7 @@ class KAS(AbstractContextManager):
 
         Returns:
             Unwrapped key as bytes
+
         """
         if mock and wrapped_key and kas_private_key:
             from .asym_crypto import AsymDecryption
@@ -128,33 +124,33 @@ class KAS(AbstractContextManager):
         raise NotImplementedError("KAS unwrap_nanotdf not implemented.")
 
     def get_key_cache(self) -> Any:
-        """
-        Returns the KAS key cache.
+        """Return the KAS key cache.
 
         Returns:
             The KAS key cache object
+
         """
         return self._kas_client.get_key_cache()
 
     def close(self):
-        """Closes resources associated with the KAS interface"""
-        pass
+        """Close resources associated with KAS interface."""
+        if self._kas_client:
+            self._kas_client.close()
 
     def __exit__(self, exc_type, exc_val, exc_tb):
         self.close()
 
 
 class SDK(AbstractContextManager):
+    """SDK for OpenTDF platform interaction."""
+
     def new_tdf_config(
         self,
         attributes: list[str] | None = None,
         kas_info_list: list[KASInfo] | None = None,
         **kwargs,
     ) -> TDFConfig:
-        """
-        Create a TDFConfig with default kas_info_list from the SDK's platform_url.
-        """
-
+        """Create a TDFConfig with default kas_info_list from the SDK's platform_url."""
         if self.platform_url is None:
             raise SDKException("Cannot create TDFConfig: SDK platform_url is not set.")
 
@@ -214,20 +210,16 @@ class SDK(AbstractContextManager):
     """
 
     class Services(AbstractContextManager):
-        """
-        The Services interface provides access to various platform service clients and KAS.
-        """
+        """The Services interface provides access to various platform service clients and KAS."""
 
         def kas(self) -> KAS:
-            """
-            Returns the KAS client for key access operations.
+            """Return the KAS client for key access operations.
             This should be implemented to return an instance of KAS.
             """
             raise NotImplementedError
 
         def close(self):
-            """Closes resources associated with the services"""
-            pass
+            """Close resources associated with the services."""
 
         def __exit__(self, exc_type, exc_val, exc_tb):
             self.close()
@@ -239,14 +231,14 @@ class SDK(AbstractContextManager):
         ssl_verify: bool = True,
         use_plaintext: bool = False,
     ):
-        """
-        Initializes a new SDK instance.
+        """Initialize a new SDK instance.
 
         Args:
             services: The services interface implementation
             platform_url: Optional platform base URL
             ssl_verify: Whether to verify SSL certificates (default: True)
             use_plaintext: Whether to use HTTP instead of HTTPS (default: False)
+
         """
         self.services = services
         self.platform_url = platform_url
@@ -254,20 +246,20 @@ class SDK(AbstractContextManager):
         self._use_plaintext = use_plaintext
 
     def __exit__(self, exc_type, exc_val, exc_tb):
-        """Clean up resources when exiting context manager"""
+        """Clean up resources when exiting context manager."""
         self.close()
 
     def close(self):
-        """Close the SDK and release resources"""
+        """Close the SDK and release resources."""
         if hasattr(self.services, "close"):
             self.services.close()
 
     def get_services(self) -> "SDK.Services":
-        """Returns the services interface"""
+        """Return the services interface."""
         return self.services
 
     def get_platform_url(self) -> str | None:
-        """Returns the platform URL if set"""
+        """Return the platform URL if set."""
         return self.platform_url
 
     def load_tdf(
@@ -275,8 +267,7 @@ class SDK(AbstractContextManager):
         tdf_data: bytes | BinaryIO | BytesIO,
         config: TDFReaderConfig | None = None,
     ) -> TDFReader:
-        """
-        Loads a TDF from the provided data, optionally according to the config.
+        """Load a TDF from the provided data, optionally according to config.
 
         Args:
             tdf_data: The TDF data as bytes, file object, or BytesIO
@@ -287,6 +278,7 @@ class SDK(AbstractContextManager):
 
         Raises:
             SDKException: If there's an error loading the TDF
+
         """
         tdf = TDF(self.services)
         if config is None:
@@ -300,8 +292,7 @@ class SDK(AbstractContextManager):
         config,
         output_stream: BinaryIO | None = None,
     ):
-        """
-        Creates a TDF with the provided payload.
+        """Create a TDF with the provided payload.
 
         Args:
             payload: The payload data as bytes, file object, or BytesIO
@@ -313,6 +304,7 @@ class SDK(AbstractContextManager):
 
         Raises:
             SDKException: If there's an error creating the TDF
+
         """
         tdf = TDF(self.services)
         return tdf.create_tdf(payload, config, output_stream)
@@ -320,8 +312,7 @@ class SDK(AbstractContextManager):
     def create_nano_tdf(
         self, payload: bytes | BytesIO, output_stream: BinaryIO, config: "NanoTDFConfig"
     ) -> int:
-        """
-        Creates a NanoTDF with the provided payload.
+        """Create a NanoTDF with the provided payload.
 
         Args:
             payload: The payload data as bytes or BytesIO
@@ -333,6 +324,7 @@ class SDK(AbstractContextManager):
 
         Raises:
             SDKException: If there's an error creating the NanoTDF
+
         """
         nano_tdf = NanoTDF(self.services)
         return nano_tdf.create_nano_tdf(payload, output_stream, config)
@@ -343,8 +335,7 @@ class SDK(AbstractContextManager):
         output_stream: BinaryIO,
         config: NanoTDFConfig,
     ) -> None:
-        """
-        Reads a NanoTDF and writes the payload to the output stream.
+        """Read a NanoTDF and write the payload to the output stream.
 
         Args:
             nano_tdf_data: The NanoTDF data as bytes or BytesIO
@@ -353,20 +344,21 @@ class SDK(AbstractContextManager):
 
         Raises:
             SDKException: If there's an error reading the NanoTDF
+
         """
         nano_tdf = NanoTDF(self.services)
         nano_tdf.read_nano_tdf(nano_tdf_data, output_stream, config)
 
     @staticmethod
     def is_tdf(data: bytes | BinaryIO) -> bool:
-        """
-        Checks if the provided data is a TDF.
+        """Check if the provided data is a TDF.
 
         Args:
             data: The data to check
 
         Returns:
             bool: True if the data is a TDF, False otherwise
+
         """
         import zipfile
         from io import BytesIO
@@ -383,54 +375,40 @@ class SDK(AbstractContextManager):
 
     # Exception classes - SDK-specific exceptions that can occur during operations
     class SplitKeyException(SDKException):
-        """Thrown when the SDK encounters an error related to split key operations"""
-
-        pass
+        """Throw when SDK encounters error related to split key operations."""
 
     class DataSizeNotSupported(SDKException):
-        """Thrown when the user attempts to create a TDF with a size larger than the maximum size"""
-
-        pass
+        """Throw when user attempts to create TDF larger than maximum size."""
 
     class KasInfoMissing(SDKException):
-        """Thrown during TDF creation when no KAS information is present"""
-
-        pass
+        """Throw during TDF creation when no KAS information is present."""
 
     class KasPublicKeyMissing(SDKException):
-        """Thrown during encryption when the SDK cannot retrieve the public key for a KAS"""
-
-        pass
+        """Throw during encryption when SDK cannot retrieve public key for KAS."""
 
     class TamperException(SDKException):
-        """Base class for exceptions related to signature mismatches"""
+        """Base class for exceptions related to signature mismatches."""
 
         def __init__(self, error_message: str):
+            """Initialize tamper exception."""
             super().__init__(f"[tamper detected] {error_message}")
 
     class RootSignatureValidationException(TamperException):
-        """Thrown when the root signature validation fails"""
-
-        pass
+        """Throw when root signature validation fails."""
 
     class SegmentSignatureMismatch(TamperException):
-        """Thrown when a segment signature does not match the expected value"""
-
-        pass
+        """Throw when segment signature does not match expected value."""
 
     class KasBadRequestException(SDKException):
-        """Thrown when the KAS returns a bad request response"""
-
-        pass
+        """Throw when KAS returns bad request response."""
 
     class KasAllowlistException(SDKException):
-        """Thrown when the KAS allowlist check fails"""
-
-        pass
+        """Throw when KAS allowlist check fails."""
 
     class AssertionException(SDKException):
-        """Thrown when an assertion validation fails"""
+        """Throw when an assertion validation fails."""
 
         def __init__(self, error_message: str, assertion_id: str):
+            """Initialize exception."""
             super().__init__(error_message)
             self.assertion_id = assertion_id

otdf_python/sdk_builder.py

@@ -1,5 +1,5 @@
-"""
-Python port of the SDKBuilder class for OpenTDF platform interaction.
+"""SDKBuilder class for OpenTDF platform interaction.
+
 Provides methods to configure and build SDK instances.
 """
 
@@ -19,6 +19,8 @@ logger = logging.getLogger(__name__)
 
 @dataclass
 class OAuthConfig:
+    """OAuth configuration."""
+
     client_id: str
     client_secret: str
     grant_type: str = "client_credentials"
@@ -28,9 +30,7 @@ class OAuthConfig:
 
 
 class SDKBuilder:
-    """
-    A builder class for creating instances of the SDK class.
-    """
+    """A builder class for creating instances of the SDK class."""
 
     PLATFORM_ISSUER = "platform_issuer"
 
@@ -38,6 +38,7 @@ class SDKBuilder:
     _platform_url = None
 
     def __init__(self):
+        """Initialize SDK builder."""
         self.platform_endpoint: str | None = None
         self.issuer_endpoint: str | None = None
         self.oauth_config: OAuthConfig | None = None
@@ -49,29 +50,33 @@ class SDKBuilder:
 
     @staticmethod
     def new_builder() -> "SDKBuilder":
-        """
-        Creates a new SDKBuilder instance.
+        """Create a new SDKBuilder instance.
+
         Returns:
             SDKBuilder: A new builder instance
+
         """
         return SDKBuilder()
 
     @staticmethod
     def get_platform_url() -> str | None:
-        """
-        Gets the last set platform URL.
+        """Get the last set platform URL.
+
         Returns:
             str | None: The platform URL or None if not set
+
         """
         return SDKBuilder._platform_url
 
     def ssl_context_from_directory(self, certs_dir_path: str) -> "SDKBuilder":
-        """
-        Add SSL Context with trusted certs from certDirPath
+        """Add SSL context with trusted certs from certDirPath.
+
         Args:
             certs_dir_path: Path to a directory containing .pem or .crt trusted certs
+
         Returns:
             self: The builder instance for chaining
+
         """
         self.cert_paths = []
 
@@ -91,13 +96,14 @@ class SDKBuilder:
         return self
 
     def client_secret(self, client_id: str, client_secret: str) -> "SDKBuilder":
-        """
-        Sets client credentials for OAuth 2.0 client_credentials grant.
+        """Set client credentials for OAuth 2.0 client_credentials grant.
+
         Args:
             client_id: The OAuth client ID
             client_secret: The OAuth client secret
         Returns:
             self: The builder instance for chaining
+
         """
         self.oauth_config = OAuthConfig(
             client_id=client_id, client_secret=client_secret
@@ -105,17 +111,16 @@ class SDKBuilder:
         return self
 
     def set_platform_endpoint(self, endpoint: str) -> "SDKBuilder":
-        """
-        Sets the OpenTDF platform endpoint URL.
+        """Set the OpenTDF platform endpoint URL.
+
         Args:
             endpoint: The platform endpoint URL
         Returns:
             self: The builder instance for chaining
+
         """
         # Normalize the endpoint URL
-        if endpoint and not (
-            endpoint.startswith("http://") or endpoint.startswith("https://")
-        ):
+        if endpoint and not (endpoint.startswith(("http://", "https://"))):
             if self.use_plaintext:
                 endpoint = f"http://{endpoint}"
             else:
@@ -127,17 +132,16 @@ class SDKBuilder:
         return self
 
     def set_issuer_endpoint(self, issuer: str) -> "SDKBuilder":
-        """
-        Sets the OpenID Connect issuer endpoint URL.
+        """Set the OpenID Connect issuer endpoint URL.
+
         Args:
             issuer: The issuer endpoint URL
         Returns:
             self: The builder instance for chaining
+
         """
         # Normalize the issuer URL
-        if issuer and not (
-            issuer.startswith("http://") or issuer.startswith("https://")
-        ):
+        if issuer and not (issuer.startswith(("http://", "https://"))):
             issuer = f"https://{issuer}"
 
         self.issuer_endpoint = issuer
@@ -146,12 +150,13 @@ class SDKBuilder:
     def use_insecure_plaintext_connection(
         self, use_plaintext: bool = True
     ) -> "SDKBuilder":
-        """
-        Configures whether to use plain text (HTTP) connection instead of HTTPS.
+        """Configure whether to use plain text (HTTP) instead of HTTPS.
+
         Args:
             use_plaintext: Whether to use plain text connection
         Returns:
             self: The builder instance for chaining
+
         """
         self.use_plaintext = use_plaintext
 
@@ -168,12 +173,13 @@ class SDKBuilder:
         return self
 
     def use_insecure_skip_verify(self, skip_verify: bool = True) -> "SDKBuilder":
-        """
-        Configures whether to skip SSL verification.
+        """Configure whether to skip SSL verification.
+
         Args:
             skip_verify: Whether to skip SSL verification
         Returns:
             self: The builder instance for chaining
+
         """
         self.insecure_skip_verify = skip_verify
 
@@ -184,21 +190,23 @@ class SDKBuilder:
         return self
 
     def bearer_token(self, token: str) -> "SDKBuilder":
-        """
-        Sets a bearer token to use for authorization.
+        """Set a bearer token to use for authorization.
+
         Args:
             token: The bearer token
         Returns:
             self: The builder instance for chaining
+
         """
         self.auth_token = token
         return self
 
     def _discover_token_endpoint_from_platform(self) -> None:
-        """
-        Discover token endpoint using OpenTDF platform configuration.
+        """Discover token endpoint using OpenTDF platform configuration.
+
         Raises:
             AutoConfigureException: If discovery fails
+
         """
         if not self.platform_endpoint or not self.oauth_config:
             return
@@ -232,12 +240,13 @@ class SDKBuilder:
         self._discover_token_endpoint_from_issuer(platform_issuer)
 
     def _discover_token_endpoint_from_issuer(self, issuer_url: str) -> None:
-        """
-        Discover token endpoint using OIDC discovery from issuer.
+        """Discover token endpoint using OIDC discovery from issuer.
+
         Args:
             issuer_url: The issuer URL to use for discovery
         Raises:
             AutoConfigureException: If discovery fails
+
         """
         if not self.oauth_config:
             return
@@ -260,10 +269,11 @@ class SDKBuilder:
             )
 
     def _discover_token_endpoint(self) -> None:
-        """
-        Discover the token endpoint using available configuration.
+        """Discover the token endpoint using available configuration.
+
         Raises:
             AutoConfigureException: If discovery fails
+
         """
         # Try platform endpoint first
         if self.platform_endpoint:
@@ -283,7 +293,7 @@ class SDKBuilder:
                         pass
                 raise AutoConfigureException(
                     f"Error during token endpoint discovery: {e!s}"
-                )
+                ) from e
 
         # Fall back to explicit issuer endpoint
         if self.issuer_endpoint:
@@ -297,12 +307,13 @@ class SDKBuilder:
         )
 
     def _get_token_from_client_credentials(self) -> str:
-        """
-        Obtains an OAuth token using client credentials.
+        """Obtain an OAuth token using client credentials.
+
         Returns:
-            str: The access token
+            str: The OAuth access token
         Raises:
             AutoConfigureException: If token acquisition fails
+
         """
         if not self.oauth_config:
             raise AutoConfigureException("OAuth configuration is not set")
@@ -341,15 +352,18 @@ class SDKBuilder:
                 )
 
         except Exception as e:
-            raise AutoConfigureException(f"Error during token acquisition: {e!s}")
+            raise AutoConfigureException(
+                f"Error during token acquisition: {e!s}"
+            ) from e
 
     def _create_services(self) -> SDK.Services:
-        """
-        Creates service client instances.
+        """Create service client instances.
+
         Returns:
             SDK.Services: The service client instances
         Raises:
             AutoConfigureException: If service creation fails
+
         """
         # For now, return a simple implementation of Services
         # In a real implementation, this would create actual service clients
@@ -364,9 +378,7 @@ class SDKBuilder:
                 self._builder = builder_instance
 
             def kas(self) -> KAS:
-                """
-                Returns the KAS interface with SSL verification settings.
-                """
+                """Return the KAS interface with SSL verification settings."""
                 platform_url = SDKBuilder.get_platform_url()
 
                 # Create a token source function that can refresh tokens
@@ -394,12 +406,13 @@ class SDKBuilder:
         return ServicesImpl(self)
 
     def build(self) -> SDK:
-        """
-        Builds and returns an SDK instance with the configured properties.
+        """Build and return an SDK instance with configured properties.
+
         Returns:
             SDK: The configured SDK instance
         Raises:
             AutoConfigureException: If the build fails
+
         """
         if not self.platform_endpoint:
             raise AutoConfigureException("Platform endpoint is not set")

otdf_python/sdk_exceptions.py

@@ -1,16 +1,26 @@
+"""SDK-specific exception classes."""
+
+
 class SDKException(Exception):
+    """Base SDK exception class."""
+
     def __init__(self, message, reason=None):
+        """Initialize exception."""
         super().__init__(message)
         self.reason = reason
 
 
 class AutoConfigureException(SDKException):
+    """Exception for SDK auto-configuration failures."""
+
     def __init__(self, message, cause=None):
+        """Initialize exception."""
         super().__init__(message, cause)
 
 
 class KASBadRequestException(SDKException):
-    """Thrown when the KAS returns a bad request response or other client request errors."""
+    """Exception for KAS bad request or client errors."""
 
     def __init__(self, message):
+        """Initialize exception."""
         super().__init__(message)