formatting

Author: coltfred

src/main/java/com/ironcorelabs/tenantsecurity/kms/v1/CachedEncryptor.java

@@ -11,8 +11,7 @@
  * securely zero the DEK.
  *
  * @see TenantSecurityClient#createCachedEncryptor(DocumentMetadata)
- * @see TenantSecurityClient#withCachedEncryptor(DocumentMetadata,
- *      java.util.function.Function)
+ * @see TenantSecurityClient#withCachedEncryptor(DocumentMetadata, java.util.function.Function)
  */
 public interface CachedEncryptor extends DocumentEncryptor, CachedKeyLifecycle {
 }

src/main/java/com/ironcorelabs/tenantsecurity/kms/v1/CachedKey.java

@@ -20,8 +20,8 @@
 
 /**
  * Holds a cached DEK (Document Encryption Key) for repeated encrypt and decrypt operations without
- * making additional TSP wrap/unwrap calls. All documents encrypted with this instance will share the
- * same DEK/EDEK pair. The DEK is securely zeroed when close() is called.
+ * making additional TSP wrap/unwrap calls. All documents encrypted with this instance will share
+ * the same DEK/EDEK pair. The DEK is securely zeroed when close() is called.
  *
  * <p>
  * This class is thread-safe and can be used concurrently for multiple encrypt and decrypt
@@ -48,9 +48,8 @@ public final class CachedKey implements CachedEncryptor, CachedDecryptor {
   // Maximum time the cached key can be used before it expires
   private static final Duration TIMEOUT = Duration.ofMinutes(1);
 
-  private static final String EDEK_MISMATCH_MESSAGE =
-      "EDEK does not match the cached EDEK. "
-          + "This CachedKey can only decrypt documents with matching EDEKs.";
+  private static final String EDEK_MISMATCH_MESSAGE = "EDEK does not match the cached EDEK. "
+      + "This CachedKey can only decrypt documents with matching EDEKs.";
 
   // The cached DEK bytes - zeroed on close()
   private final byte[] dek;
@@ -186,15 +185,13 @@ public int getOperationCount() {
    * @param errorCode The error code to use for closed/expired failures
    */
   private <T> CompletableFuture<T> executeAndIncrement(Supplier<CompletableFuture<T>> operation,
-      ToIntFunction<T> countOps, AtomicInteger counter,
-      TenantSecurityErrorCodes errorCode) {
+      ToIntFunction<T> countOps, AtomicInteger counter, TenantSecurityErrorCodes errorCode) {
     if (closed.get()) {
       return CompletableFuture
           .failedFuture(new TscException(errorCode, "CachedKey has been closed"));
     }
     if (isExpired()) {
-      return CompletableFuture
-          .failedFuture(new TscException(errorCode, "CachedKey has expired"));
+      return CompletableFuture.failedFuture(new TscException(errorCode, "CachedKey has expired"));
     }
     return operation.get().thenApply(result -> {
       counter.addAndGet(countOps.applyAsInt(result));
@@ -217,9 +214,8 @@ public CompletableFuture<EncryptedDocument> encrypt(Map<String, byte[]> document
   public CompletableFuture<StreamingResponse> encryptStream(InputStream input, OutputStream output,
       DocumentMetadata metadata) {
     return executeAndIncrement(
-        () -> CompletableFuture.supplyAsync(
-            () -> CryptoUtils.encryptStreamInternal(dek, metadata, input, output, secureRandom)
-                .join(),
+        () -> CompletableFuture.supplyAsync(() -> CryptoUtils
+            .encryptStreamInternal(dek, metadata, input, output, secureRandom).join(),
             encryptionExecutor).thenApply(v -> new StreamingResponse(edek)),
         result -> 1, encryptCount, TenantSecurityErrorCodes.DOCUMENT_ENCRYPT_FAILED);
   }
@@ -229,9 +225,8 @@ public CompletableFuture<BatchResult<EncryptedDocument>> encryptBatch(
       Map<String, Map<String, byte[]>> plaintextDocuments, DocumentMetadata metadata) {
     return executeAndIncrement(() -> {
       ConcurrentMap<String, CompletableFuture<EncryptedDocument>> ops = new ConcurrentHashMap<>();
-      plaintextDocuments.forEach((id, doc) -> ops.put(id,
-          DocumentCryptoOps.encryptFields(doc, metadata, dek, edek, encryptionExecutor,
-              secureRandom)));
+      plaintextDocuments.forEach((id, doc) -> ops.put(id, DocumentCryptoOps.encryptFields(doc,
+          metadata, dek, edek, encryptionExecutor, secureRandom)));
       return CompletableFuture.supplyAsync(() -> DocumentCryptoOps.cryptoOperationToBatchResult(ops,
           TenantSecurityErrorCodes.DOCUMENT_ENCRYPT_FAILED));
     }, result -> result.getSuccesses().size(), encryptCount,
@@ -243,9 +238,8 @@ public CompletableFuture<BatchResult<EncryptedDocument>> encryptBatch(
   private CompletableFuture<PlaintextDocument> validateEdekAndDecrypt(
       EncryptedDocument encryptedDocument) {
     if (!edek.equals(encryptedDocument.getEdek())) {
-      return CompletableFuture.failedFuture(
-          new TscException(TenantSecurityErrorCodes.DOCUMENT_DECRYPT_FAILED,
-              EDEK_MISMATCH_MESSAGE));
+      return CompletableFuture.failedFuture(new TscException(
+          TenantSecurityErrorCodes.DOCUMENT_DECRYPT_FAILED, EDEK_MISMATCH_MESSAGE));
     }
     return DocumentCryptoOps.decryptFields(encryptedDocument.getEncryptedFields(), dek,
         encryptedDocument.getEdek(), encryptionExecutor);
@@ -263,13 +257,12 @@ public CompletableFuture<Void> decryptStream(String edek, InputStream input, Out
       DocumentMetadata metadata) {
     return executeAndIncrement(() -> {
       if (!this.edek.equals(edek)) {
-        return CompletableFuture
-            .<Void>failedFuture(new TscException(TenantSecurityErrorCodes.DOCUMENT_DECRYPT_FAILED,
-                EDEK_MISMATCH_MESSAGE));
+        return CompletableFuture.<Void>failedFuture(new TscException(
+            TenantSecurityErrorCodes.DOCUMENT_DECRYPT_FAILED, EDEK_MISMATCH_MESSAGE));
       }
-      return CompletableFuture
-          .supplyAsync(() -> CryptoUtils.decryptStreamInternal(this.dek, input, output).join(),
-              encryptionExecutor);
+      return CompletableFuture.supplyAsync(
+          () -> CryptoUtils.decryptStreamInternal(this.dek, input, output).join(),
+          encryptionExecutor);
     }, result -> 1, decryptCount, TenantSecurityErrorCodes.DOCUMENT_DECRYPT_FAILED);
   }
 
@@ -282,9 +275,8 @@ public CompletableFuture<BatchResult<PlaintextDocument>> decryptBatch(
 
       encryptedDocuments.forEach((id, encDoc) -> {
         if (!edek.equals(encDoc.getEdek())) {
-          edekMismatches.put(id,
-              new TscException(TenantSecurityErrorCodes.DOCUMENT_DECRYPT_FAILED,
-                  EDEK_MISMATCH_MESSAGE));
+          edekMismatches.put(id, new TscException(TenantSecurityErrorCodes.DOCUMENT_DECRYPT_FAILED,
+              EDEK_MISMATCH_MESSAGE));
         } else {
           ops.put(id, DocumentCryptoOps.decryptFields(encDoc.getEncryptedFields(), dek,
               encDoc.getEdek(), encryptionExecutor));

src/main/java/com/ironcorelabs/tenantsecurity/kms/v1/TenantSecurityClient.java

@@ -408,10 +408,10 @@ public CompletableFuture<EncryptedDocument> encrypt(Map<String, byte[]> document
    */
   public CompletableFuture<EncryptedDocument> encrypt(PlaintextDocument document,
       DocumentMetadata metadata) {
-    return this.encryptionService.unwrapKey(document.getEdek(), metadata).thenComposeAsync(
-        dek -> DocumentCryptoOps.encryptFields(document.getDecryptedFields(), metadata, dek,
-            document.getEdek(), encryptionExecutor, secureRandom),
-        encryptionExecutor);
+    return this.encryptionService.unwrapKey(document.getEdek(), metadata)
+        .thenComposeAsync(dek -> DocumentCryptoOps.encryptFields(document.getDecryptedFields(),
+            metadata, dek, document.getEdek(), encryptionExecutor, secureRandom),
+            encryptionExecutor);
   }
 
   /**
@@ -482,8 +482,8 @@ public CompletableFuture<BatchResult<EncryptedDocument>> encryptExistingBatch(
   @Override
   public CompletableFuture<PlaintextDocument> decrypt(EncryptedDocument encryptedDocument,
       DocumentMetadata metadata) {
-    return this.encryptionService.unwrapKey(encryptedDocument.getEdek(), metadata).thenComposeAsync(
-        decryptedDocumentAESKey -> DocumentCryptoOps.decryptFields(
+    return this.encryptionService.unwrapKey(encryptedDocument.getEdek(), metadata)
+        .thenComposeAsync(decryptedDocumentAESKey -> DocumentCryptoOps.decryptFields(
             encryptedDocument.getEncryptedFields(), decryptedDocumentAESKey,
             encryptedDocument.getEdek(), encryptionExecutor));
   }
@@ -503,8 +503,8 @@ private CompletableFuture<CachedKey> newCachedKeyFromUnwrap(String edek,
   private CompletableFuture<CachedKey> newCachedKeyFromWrap(DocumentMetadata metadata) {
     return this.encryptionService.wrapKey(metadata).thenApply(wrappedKey -> {
       byte[] dekBytes = wrappedKey.getDekBytes();
-      CachedKey cachedKey = new CachedKey(dekBytes, wrappedKey.getEdek(),
-          this.encryptionExecutor, this.secureRandom, this.encryptionService, metadata);
+      CachedKey cachedKey = new CachedKey(dekBytes, wrappedKey.getEdek(), this.encryptionExecutor,
+          this.secureRandom, this.encryptionService, metadata);
       Arrays.fill(dekBytes, (byte) 0);
       return cachedKey;
     });
@@ -516,8 +516,7 @@ private CompletableFuture<CachedKey> newCachedKeyFromWrap(DocumentMetadata metad
    */
   private <K extends CachedKeyLifecycle, T> CompletableFuture<T> withCachedResource(
       CompletableFuture<K> resource, Function<K, CompletableFuture<T>> operation) {
-    return resource.thenCompose(
-        k -> operation.apply(k).whenComplete((result, error) -> k.close()));
+    return resource.thenCompose(k -> operation.apply(k).whenComplete((result, error) -> k.close()));
   }
 
   // === Cached decryptor factory methods ===
@@ -697,8 +696,8 @@ public CompletableFuture<CachedKey> createCachedKey(EncryptedDocument encryptedD
   }
 
   /**
-   * Execute an operation using a CachedKey with automatic lifecycle management. Wraps a new key
-   * and provides full encrypt + decrypt access.
+   * Execute an operation using a CachedKey with automatic lifecycle management. Wraps a new key and
+   * provides full encrypt + decrypt access.
    *
    * @param <T> The type returned by the operation
    * @param metadata Metadata for the wrap operation
@@ -711,8 +710,8 @@ public <T> CompletableFuture<T> withCachedKey(DocumentMetadata metadata,
   }
 
   /**
-   * Execute an operation using a CachedKey with automatic lifecycle management. Unwraps an
-   * existing EDEK and provides full encrypt + decrypt access.
+   * Execute an operation using a CachedKey with automatic lifecycle management. Unwraps an existing
+   * EDEK and provides full encrypt + decrypt access.
    *
    * @param <T> The type returned by the operation
    * @param edek The encrypted document encryption key to unwrap

src/test/java/com/ironcorelabs/tenantsecurity/kms/v1/CachedKeyOpsRoundTrip.java

@@ -494,8 +494,7 @@ public void cachedDecryptorBatchEdekMismatchPartialFailure() throws Exception {
 
       // mismatch should be in failures
       assertTrue(result.getFailures().containsKey("mismatch"));
-      assertTrue(
-          result.getFailures().get("mismatch").getMessage().contains("EDEK does not match"));
+      assertTrue(result.getFailures().get("mismatch").getMessage().contains("EDEK does not match"));
 
       assertEquals(decryptor.getOperationCount(), 1);
     }

src/test/java/com/ironcorelabs/tenantsecurity/kms/v1/CachedKeyTest.java

@@ -337,8 +337,7 @@ public void decryptBatchEdekMismatchGoesToFailures() {
     assertTrue(result.getSuccesses().containsKey("matching"));
     // The mismatched doc should be in failures
     assertTrue(result.getFailures().containsKey("mismatched"));
-    assertTrue(
-        result.getFailures().get("mismatched").getMessage().contains("EDEK does not match"));
+    assertTrue(result.getFailures().get("mismatched").getMessage().contains("EDEK does not match"));
     // The matching doc should NOT be in failures
     assertFalse(result.getFailures().containsKey("matching"));
 
@@ -349,8 +348,8 @@ public void decryptBatchEdekMismatchGoesToFailures() {
 
   public void constructorCopiesDekToPreventExternalModification() throws Exception {
     byte[] originalDek = createValidDek();
-    CachedKey cachedKey = new CachedKey(originalDek, TEST_EDEK, executor, secureRandom,
-        encryptionService, metadata);
+    CachedKey cachedKey =
+        new CachedKey(originalDek, TEST_EDEK, executor, secureRandom, encryptionService, metadata);
 
     // Modify the original array
     Arrays.fill(originalDek, (byte) 0x00);