fix:target mode encryption

.github/workflows/platform-integration-test.yaml

@@ -163,8 +163,8 @@ jobs:
           OIDC_TOKEN_ENDPOINT: "http://localhost:8888/auth/realms/opentdf/protocol/openid-connect/token"
           OPENTDF_KAS_URL: "http://localhost:8080/kas"
           INSECURE_SKIP_VERIFY: "TRUE"
-          TEST_OPENTDF_ATTRIBUTE_1: "https://example.com/attr/attr1/value/value1"
-          TEST_OPENTDF_ATTRIBUTE_2: "https://example.com/attr/attr1/value/value2"
+          TEST_OPENTDF_ATTRIBUTE_1: "https://example.net/attr/attr1/value/value1"
+          TEST_OPENTDF_ATTRIBUTE_2: "https://example.com/attr/attr1/value/value1"
         run: |
           uv sync
           # Skip the tests marked "integration"
@@ -180,8 +180,8 @@ jobs:
           OIDC_OP_TOKEN_ENDPOINT: "http://localhost:8888/auth/realms/opentdf/protocol/openid-connect/token"
           OPENTDF_KAS_URL: "http://localhost:8080/kas"
           INSECURE_SKIP_VERIFY: "TRUE"
-          TEST_OPENTDF_ATTRIBUTE_1: "https://example.com/attr/attr1/value/value1"
-          TEST_OPENTDF_ATTRIBUTE_2: "https://example.com/attr/attr1/value/value2"
+          TEST_OPENTDF_ATTRIBUTE_1: "https://example.net/attr/attr1/value/value1"
+          TEST_OPENTDF_ATTRIBUTE_2: "https://example.com/attr/attr1/value/value1"
         run: |
           # Run check_entitlements.sh
           ./.github/check_entitlements.sh

.pre-commit-config.yaml

@@ -32,7 +32,7 @@ repos:
       rev: v0.12.12
       hooks:
         # Run the linter.
-        - id: ruff
+        - id: ruff-check
         # Run the formatter.
         - id: ruff-format
     - repo: https://github.com/compilerla/conventional-pre-commit

conftest.py

@@ -6,6 +6,7 @@
 """
 
 import pytest
+
 from tests.server_logs import log_server_logs_on_failure
 
 
@@ -43,7 +44,6 @@ def pytest_runtest_makereport(item, call):
                 log_server_logs_on_failure(test_name)
 
 
-# Optional: Add a fixture to manually collect logs
 @pytest.fixture
 def collect_server_logs():
     """

pyproject.toml

@@ -68,6 +68,8 @@ lint.select = [
     "C4",
     # McCabe complexity
     "C90",
+    # isort
+    "I",
     # Performance-related rules
     "PERF",      # Ruff's performance rules
     # Additional useful rules

src/otdf_python/__init__.py

@@ -5,10 +5,10 @@
 Provides both programmatic APIs and command-line interface for encryption and decryption.
 """
 
+from .cli import main as cli_main
+from .config import KASInfo, NanoTDFConfig, TDFConfig
 from .sdk import SDK
 from .sdk_builder import SDKBuilder
-from .config import TDFConfig, NanoTDFConfig, KASInfo
-from .cli import main as cli_main
 
 __all__ = [
     "SDK",

src/otdf_python/aesgcm.py

@@ -1,6 +1,7 @@
-from cryptography.hazmat.primitives.ciphers.aead import AESGCM
 import os
 
+from cryptography.hazmat.primitives.ciphers.aead import AESGCM
+
 
 class AesGcm:
     GCM_NONCE_LENGTH = 12

src/otdf_python/asym_crypto.py

@@ -2,10 +2,9 @@
 Asymmetric encryption and decryption utilities for RSA keys in PEM format.
 """
 
-from cryptography.hazmat.primitives import serialization
-from cryptography.hazmat.primitives.asymmetric import rsa, padding
-from cryptography.hazmat.primitives import hashes
 from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives.asymmetric import padding, rsa
 from cryptography.x509 import load_pem_x509_certificate
 
 from .sdk_exceptions import SDKException

src/otdf_python/asym_decryption.py

@@ -1,9 +1,9 @@
-from cryptography.hazmat.primitives import serialization
-from cryptography.hazmat.primitives.asymmetric import padding
-from cryptography.hazmat.primitives import hashes
-from cryptography.hazmat.backends import default_backend
 import base64
 
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives.asymmetric import padding
+
 from .sdk_exceptions import SDKException
 
 

src/otdf_python/asym_encryption.py

@@ -1,11 +1,11 @@
-from cryptography.hazmat.primitives import serialization
-from cryptography.hazmat.primitives.asymmetric import padding
-from cryptography.hazmat.primitives import hashes
-from cryptography.x509 import load_pem_x509_certificate
-from cryptography.hazmat.backends import default_backend
 import base64
 import re
 
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives.asymmetric import padding
+from cryptography.x509 import load_pem_x509_certificate
+
 from .sdk_exceptions import SDKException
 
 

src/otdf_python/cli.py

@@ -11,9 +11,9 @@
 import json
 import logging
 import sys
+from dataclasses import asdict
 from io import BytesIO
 from pathlib import Path
-from dataclasses import asdict
 
 from otdf_python.config import KASInfo, NanoTDFConfig, TDFConfig
 from otdf_python.sdk import SDK

src/otdf_python/config.py

@@ -1,7 +1,7 @@
 from dataclasses import dataclass, field
 from enum import Enum
-from urllib.parse import urlparse, urlunparse
 from typing import Any
+from urllib.parse import urlparse, urlunparse
 
 
 class TDFFormat(Enum):

src/otdf_python/crypto_utils.py

@@ -1,8 +1,9 @@
-import hmac
 import hashlib
-from cryptography.hazmat.primitives.asymmetric import rsa, ec
-from cryptography.hazmat.primitives import serialization
+import hmac
+
 from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.asymmetric import ec, rsa
 
 
 class CryptoUtils:

src/otdf_python/dpop.py

@@ -2,9 +2,10 @@
 DPoP (Demonstration of Proof-of-Possession) token generation utilities.
 """
 
-import time
-import hashlib
 import base64
+import hashlib
+import time
+
 import jwt
 
 from .crypto_utils import CryptoUtils

src/otdf_python/eckeypair.py

@@ -1,14 +1,14 @@
+from cryptography.exceptions import InvalidSignature
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import ec
-from cryptography.hazmat.primitives import serialization, hashes
 from cryptography.hazmat.primitives.kdf.hkdf import HKDF
 from cryptography.hazmat.primitives.serialization import (
     Encoding,
-    PublicFormat,
-    PrivateFormat,
     NoEncryption,
+    PrivateFormat,
+    PublicFormat,
 )
-from cryptography.hazmat.backends import default_backend
-from cryptography.exceptions import InvalidSignature
 
 
 class ECKeyPair:

src/otdf_python/header.py

@@ -1,8 +1,8 @@
-from otdf_python.resource_locator import ResourceLocator
+from otdf_python.constants import MAGIC_NUMBER_AND_VERSION
 from otdf_python.ecc_mode import ECCMode
-from otdf_python.symmetric_and_payload_config import SymmetricAndPayloadConfig
 from otdf_python.policy_info import PolicyInfo
-from otdf_python.constants import MAGIC_NUMBER_AND_VERSION
+from otdf_python.resource_locator import ResourceLocator
+from otdf_python.symmetric_and_payload_config import SymmetricAndPayloadConfig
 
 
 class Header:

src/otdf_python/kas_client.py

@@ -2,21 +2,22 @@
 KASClient: Handles communication with the Key Access Service (KAS).
 """
 
-import time
-import logging
+import base64
 import hashlib
+import logging
 import secrets
-import base64
+import time
 from base64 import b64decode
 from dataclasses import dataclass
+
 import jwt
 
-from .kas_key_cache import KASKeyCache
-from .sdk_exceptions import SDKException
-from .crypto_utils import CryptoUtils
 from .asym_decryption import AsymDecryption
-from .key_type_constants import RSA_KEY_TYPE, EC_KEY_TYPE
+from .crypto_utils import CryptoUtils
 from .kas_connect_rpc_client import KASConnectRPCClient
+from .kas_key_cache import KASKeyCache
+from .key_type_constants import EC_KEY_TYPE, RSA_KEY_TYPE
+from .sdk_exceptions import SDKException
 
 
 @dataclass

src/otdf_python/kas_connect_rpc_client.py

@@ -4,12 +4,13 @@
 """
 
 import logging
-import urllib3
-from .sdk_exceptions import SDKException
 
+import urllib3
 from otdf_python_proto.kas import kas_pb2
 from otdf_python_proto.kas.kas_pb2_connect import AccessServiceClient
 
+from .sdk_exceptions import SDKException
+
 
 class KASConnectRPCClient:
     """

src/otdf_python/manifest.py

@@ -1,6 +1,6 @@
-from dataclasses import dataclass, field, asdict
-from typing import Any
 import json
+from dataclasses import asdict, dataclass, field
+from typing import Any
 
 
 @dataclass

src/otdf_python/nanotdf.py

@@ -1,20 +1,22 @@
-from cryptography.hazmat.primitives.ciphers.aead import AESGCM
-from otdf_python.asym_crypto import AsymDecryption
+import hashlib
+import json
 import secrets
-from typing import BinaryIO
 from io import BytesIO
+from typing import BinaryIO
+
+from cryptography.hazmat.primitives.ciphers.aead import AESGCM
+
+from otdf_python.asym_crypto import AsymDecryption
 from otdf_python.collection_store import CollectionStore, NoOpCollectionStore
-from otdf_python.policy_stub import NULL_POLICY_UUID
-from otdf_python.sdk_exceptions import SDKException
+from otdf_python.config import KASInfo, NanoTDFConfig
 from otdf_python.constants import MAGIC_NUMBER_AND_VERSION
-from otdf_python.resource_locator import ResourceLocator
-from otdf_python.policy_object import PolicyObject, PolicyBody, AttributeObject
-from otdf_python.symmetric_and_payload_config import SymmetricAndPayloadConfig
 from otdf_python.ecc_mode import ECCMode
-import json
-import hashlib
 from otdf_python.policy_info import PolicyInfo
-from otdf_python.config import NanoTDFConfig, KASInfo
+from otdf_python.policy_object import AttributeObject, PolicyBody, PolicyObject
+from otdf_python.policy_stub import NULL_POLICY_UUID
+from otdf_python.resource_locator import ResourceLocator
+from otdf_python.sdk_exceptions import SDKException
+from otdf_python.symmetric_and_payload_config import SymmetricAndPayloadConfig
 
 
 class NanoTDFException(SDKException):
@@ -54,7 +56,7 @@ def _create_policy_object(self, attributes: list[str]) -> PolicyObject:
 
     def _serialize_policy_object(self, obj):
         """Custom NanoTDF serializer to convert to compatible JSON format."""
-        from otdf_python.policy_object import PolicyBody, AttributeObject
+        from otdf_python.policy_object import AttributeObject, PolicyBody
 
         if isinstance(obj, PolicyBody):
             # Convert data_attributes to dataAttributes and use null instead of empty array
@@ -224,10 +226,9 @@ def _wrap_key_if_needed(
                     break
 
         if kas_public_key:
-            from cryptography.hazmat.primitives import serialization
-            from cryptography.hazmat.primitives.asymmetric import padding
-            from cryptography.hazmat.primitives import hashes
             from cryptography.hazmat.backends import default_backend
+            from cryptography.hazmat.primitives import hashes, serialization
+            from cryptography.hazmat.primitives.asymmetric import padding
 
             public_key = serialization.load_pem_public_key(
                 kas_public_key.encode(), backend=default_backend()

src/otdf_python/sdk.py

@@ -2,14 +2,14 @@
 Python port of the main SDK class for OpenTDF platform interaction.
 """
 
-from typing import Any, BinaryIO
-from io import BytesIO
 from contextlib import AbstractContextManager
+from io import BytesIO
+from typing import Any, BinaryIO
 
-from otdf_python.tdf import TDF, TDFReaderConfig, TDFReader
+from otdf_python.config import NanoTDFConfig, TDFConfig
 from otdf_python.nanotdf import NanoTDF
 from otdf_python.sdk_exceptions import SDKException
-from otdf_python.config import NanoTDFConfig, TDFConfig
+from otdf_python.tdf import TDF, TDFReader, TDFReaderConfig
 
 
 # Stubs for service client interfaces (to be implemented)

src/otdf_python/sdk_builder.py

@@ -3,14 +3,15 @@
 Provides methods to configure and build SDK instances.
 """
 
-from typing import Any
-import os
 import logging
+import os
 import ssl
-import httpx
 from dataclasses import dataclass
+from typing import Any
+
+import httpx
 
-from otdf_python.sdk import SDK, KAS
+from otdf_python.sdk import KAS, SDK
 from otdf_python.sdk_exceptions import AutoConfigureException
 
 # Configure logging