using links, successfully tested with pgsql ms server

Author: bgrieder

.vscode/launch.json

@@ -0,0 +1,21 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "type": "java",
+            "name": "Launch Current File",
+            "request": "launch",
+            "mainClass": "${file}"
+        },
+        {
+            "type": "java",
+            "name": "Launch BinaryHeap",
+            "request": "launch",
+            "mainClass": "com.cosmian.rest.abe.policy.BinaryHeap",
+            "projectName": "cosmian_java_lib"
+        }
+    ]
+}

src/main/java/com/cosmian/RestClient.java

@@ -11,6 +11,7 @@
 import java.nio.charset.StandardCharsets;
 import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
+import java.util.Optional;
 import java.util.logging.Logger;
 
 import javax.net.ssl.HttpsURLConnection;
@@ -24,7 +25,7 @@ public class RestClient {
     public static final int DEFAULT_READ_TIMEOUT = 45000;
 
     private final String server_url;
-    private final String api_key;
+    private final Optional<String> api_key;
     private final int connection_timeout;
     private final int read_timeout;
     // cache the socket factory for kee-alive
@@ -44,7 +45,7 @@ public class RestClient {
      *                           milliseconds.
      * @param api_key            The API Key to use to authenticate
      */
-    public RestClient(String server_url, String api_key, int connection_timeout, int read_timeout) {
+    public RestClient(String server_url, Optional<String> api_key, int connection_timeout, int read_timeout) {
         if (server_url.endsWith("/")) {
             this.server_url = server_url.substring(0, server_url.length() - 1);
         } else {
@@ -74,20 +75,22 @@ public RestClient(String server_url, String api_key, int connection_timeout, int
      * DEFAULT_READ_TIMEOUT
      *
      * @param server_url the REST Server URL e.g. http://localhost:9000
-     * @param api_key    API Key to use to authenticate
+     * @param api_key    he optional API Key to use to authenticate
      */
-    public RestClient(String server_url, String api_key) {
+    public RestClient(String server_url, Optional<String> api_key) {
         this(server_url, api_key, DEFAULT_CONNECT_TIMEOUT, DEFAULT_READ_TIMEOUT);
     }
 
     private HttpURLConnection get_connection(String path) throws MalformedURLException, IOException {
         HttpURLConnection cnx = (HttpURLConnection) new URL(this.server_url + path).openConnection();
         if (cnx instanceof HttpsURLConnection) {
-            ((HttpsURLConnection)cnx).setSSLSocketFactory(this.ssl_socket_factory);
+            ((HttpsURLConnection) cnx).setSSLSocketFactory(this.ssl_socket_factory);
         }
         cnx.setConnectTimeout(this.connection_timeout);
         cnx.setReadTimeout(this.read_timeout);
-        cnx.setRequestProperty("Authorization", this.api_key);
+        if (this.api_key.isPresent()) {
+            cnx.setRequestProperty("Authorization", "Bearer " + this.api_key.get());
+        }
         return cnx;
     }
 
@@ -156,13 +159,19 @@ private static RestException handle_throwable(String method, Throwable t, HttpUR
             // see
             // https://docs.oracle.com/javase/8/docs/technotes/guides/net/http-keepalive.html
             int code = cnx.getResponseCode();
-            byte[] bytes;
+            byte[] bytes = null;
             try (InputStream es = cnx.getErrorStream()) {
-                bytes = read_all_bytes(es);
+                if (es != null) {
+                    bytes = read_all_bytes(es);
+                }
             }
             String body;
             try {
-                body = new String(bytes, StandardCharsets.UTF_8);
+                if (bytes == null) {
+                    body = "";
+                } else {
+                    body = new String(bytes, StandardCharsets.UTF_8);
+                }
             } catch (Exception _e) {
                 body = "N/A";
             }

src/main/java/com/cosmian/rest/Cosmian.java

@@ -1,5 +1,6 @@
 package com.cosmian.rest;
 
+import java.util.Optional;
 import java.util.logging.Logger;
 
 import com.cosmian.CosmianException;
@@ -20,29 +21,32 @@ public class Cosmian {
      * Instantiate a new Cosmian Server REST Client
      *
      * @param server_url
-     *            the REST Server URL e.g. http://localhost:9000
+     *                           the REST Server URL e.g. http://localhost:9000
      * @param api_key
-     *            the Cosmian API KEY
+     *                           the Cosmian API KEY
      * @param connection_timeout
-     *            Sets a specified timeout value, in milliseconds, to be used when opening a communications link to the
-     *            resource referenced by this URLConnection.
+     *                           Sets a specified timeout value, in milliseconds, to
+     *                           be used when opening a communications link to the
+     *                           resource referenced by this URLConnection.
      * @param read_timeout
-     *            Sets the read timeout to a specified timeout, in milliseconds.
+     *                           Sets the read timeout to a specified timeout, in
+     *                           milliseconds.
      */
-    Cosmian(String server_url, String api_key, int connection_timeout, int read_timeout) {
+    Cosmian(String server_url, Optional<String> api_key, int connection_timeout, int read_timeout) {
         this.rest_client = new RestClient(server_url, api_key, connection_timeout, read_timeout);
     }
 
     /**
-     * Instantiate a new Cosmian Server REST Client with DEFAULT_CONNECT_TIMEOUT and DEFAULT_READ_TIMEOUT
+     * Instantiate a new Cosmian Server REST Client with DEFAULT_CONNECT_TIMEOUT and
+     * DEFAULT_READ_TIMEOUT
      *
      * @param server_url
-     *            the REST Server URL e.g. http://localhost:9000
+     *                   the REST Server URL e.g. http://localhost:9000
      * @param api_key
-     *            the Cosmian API KEY
+     *                   the Cosmian API KEY
      * @see RestClient
      */
-    public Cosmian(String server_url, String api_key) {
+    public Cosmian(String server_url, Optional<String> api_key) {
         this.rest_client = new RestClient(server_url, api_key);
     }
 
@@ -77,7 +81,7 @@ public Abe abe() {
      * Hex Encode an array of bytes
      *
      * @param bytes
-     *            the bytes to encode
+     *              the bytes to encode
      * @return the hex encoded String
      */
     public static String hex_encode(byte[] bytes) {
@@ -88,10 +92,10 @@ public static String hex_encode(byte[] bytes) {
      * Decode an hex encoded String to bytes
      *
      * @param hex_encoded_string
-     *            the hex encoded String
+     *                           the hex encoded String
      * @return the decoded bytes
      * @throws CosmianException
-     *             if the hex String is invalid
+     *                          if the hex String is invalid
      */
     public static byte[] hex_decode(String hex_encoded_string) throws CosmianException {
         try {
@@ -107,9 +111,9 @@ public static byte[] hex_decode(String hex_encoded_string) throws CosmianExcepti
      * Concat 2 byte-arrays
      *
      * @param a
-     *            first byte array
+     *          first byte array
      * @param b
-     *            second byte array
+     *          second byte array
      * @return the merged byte array
      */
     public static byte[] concat(byte[] a, byte[] b) {

src/main/java/com/cosmian/rest/abe/Abe.java

@@ -1,6 +1,5 @@
 package com.cosmian.rest.abe;
 
-import java.nio.charset.StandardCharsets;
 import java.util.Optional;
 import java.util.logging.Logger;
 
@@ -32,6 +31,9 @@
 import com.cosmian.rest.kmip.types.Attributes;
 import com.cosmian.rest.kmip.types.CryptographicAlgorithm;
 import com.cosmian.rest.kmip.types.KeyFormatType;
+import com.cosmian.rest.kmip.types.Link;
+import com.cosmian.rest.kmip.types.LinkType;
+import com.cosmian.rest.kmip.types.LinkedObjectIdentifier;
 import com.cosmian.rest.kmip.types.ObjectType;
 import com.cosmian.rest.kmip.types.RevocationReason;
 import com.cosmian.rest.kmip.types.VendorAttribute;
@@ -214,10 +216,11 @@ public String createUserDecryptionKey(AccessPolicy accessPolicy, String privateM
             // convert the Access Policy to attributes and attach it to the common
             // attributes
             VendorAttribute accessPolicyAttribute = accessPolicy.toVendorAttribute();
-            VendorAttribute masterPrivateKeyId = new VendorAttribute("cosmian", "abe_master_private_key_id",
-                    privateMasterKeyUniqueIdentifier.getBytes(StandardCharsets.UTF_8));
             commonAttributes.setVendorAttributes(
-                    Optional.of(new VendorAttribute[] { accessPolicyAttribute, masterPrivateKeyId }));
+                    Optional.of(new VendorAttribute[] { accessPolicyAttribute }));
+            // link to the master private key
+            commonAttributes.setLink(new Link[] {
+                    new Link(LinkType.Parent_Link, new LinkedObjectIdentifier(privateMasterKeyUniqueIdentifier)) });
 
             Create request = new Create(ObjectType.Private_Key, commonAttributes, Optional.empty());
             CreateResponse response = this.kmip.create(request);

src/main/java/com/cosmian/rest/kmip/types/VendorAttribute.java

@@ -27,9 +27,8 @@ public class VendorAttribute implements KmipStruct {
     public static final String VENDOR_ATTR_ABE_ATTR = "abe_attributes";
     public static final String VENDOR_ATTR_ABE_POLICY = "abe_policy";
     public static final String VENDOR_ATTR_ABE_ACCESS_POLICY = "abe_access_policy";
+    @Deprecated
     public static final String VENDOR_ATTR_ABE_HEADER_UID = "abe_header_uid";
-    public static final String VENDOR_ATTR_ABE_MASTER_PRIV_KEY_ID = "abe_master_private_key_id";
-    public static final String VENDOR_ATTR_ABE_MASTER_PUB_KEY_ID = "abe_master_public_key_id";
 
     /**
      * Text String (with usage limited to alphanumeric, underscore and period – i.e.

src/main/resources/linux-x86-64/libabe_gpsw.so

@@ -1,5 +1,6 @@
 package com.cosmian;
 
+import java.util.Optional;
 import java.util.logging.ConsoleHandler;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -26,11 +27,11 @@ public static String kmsServerUrl() {
         return v;
     }
 
-    public static String apiKey() {
+    public static Optional<String> apiKey() {
         String v = System.getenv("COSMIAN_API_KEY");
         if (v == null) {
-            return "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IlRWdk5xTEtoUHhUSGdhYUNGRGRoSSJ9.eyJnaXZlbl9uYW1lIjoiTGFldGl0aWEiLCJmYW1pbHlfbmFtZSI6Ikxhbmdsb2lzIiwibmlja25hbWUiOiJsYWV0aXRpYS5sYW5nbG9pcyIsIm5hbWUiOiJMYWV0aXRpYSBMYW5nbG9pcyIsInBpY3R1cmUiOiJodHRwczovL2xoMy5nb29nbGV1c2VyY29udGVudC5jb20vYS9BQVRYQUp5UEJsSnpqRzNuMWZLLXNyS0ptdUVkYklUX29QRmhVbTd2T2dVWD1zOTYtYyIsImxvY2FsZSI6ImZyIiwidXBkYXRlZF9hdCI6IjIwMjEtMTItMjFUMDk6MjE6NDkuMDgxWiIsImVtYWlsIjoibGFldGl0aWEubGFuZ2xvaXNAY29zbWlhbi5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiaXNzIjoiaHR0cHM6Ly9kZXYtMW1ic2JtaW4udXMuYXV0aDAuY29tLyIsInN1YiI6Imdvb2dsZS1vYXV0aDJ8MTA4NTgwMDU3NDAwMjkxNDc5ODQyIiwiYXVkIjoiYUZqSzJvTnkwR1RnNWphV3JNYkJBZzV0bjRIV3VJN1ciLCJpYXQiOjE2NDAwNzg1MTQsImV4cCI6MTY0MDExNDUxNCwibm9uY2UiOiJha0poV2xoMlRsTm1lRTVtVFc0NFJHSk5VVEl5WW14aVJUTnVRblV1VEVwa2RrTnFVa2R5WkdoWFdnPT0ifQ.Q4tCzvJTNxmDhIYOJbjsqupdQkWg29Ny0B8njEfSrLVXNaRMFE99eSXedCBaXSMBnZ9GuCV2Z1MAZL8ZjTxqPP_VYCnc2QufG1k1XZg--6Q48pPdpUBXu2Ny1eatwiDrRvgQfUHkiM8thUAOb4bXxGLrtQKlO_ePOehDbEOjfd11aVm3pwyVqj1v6Ki1D5QJsOHtkkpLMinmmyGDtmdHH2YXseZNHGUY7PWZ6DelpJaxI48W5FNDY4b0sJlzaJqdIcoOX7EeP1pfFoHVeZAo5mWyuDev2OaPYKeqpga4PjqHcFT0m1rQoWQHmfGr3EkA3w8NXmKnZmEbQcLLgcCATw";
+            return Optional.empty();
         }
-        return v;
+        return Optional.of(v);
     }
 }