fix: ztdf support both base and handling assertions (#128)

sdk/src/main/java/io/opentdf/platform/sdk/TDF.java

@@ -488,10 +488,6 @@ public TDFObject createTDF(InputStream payload,
 
         List<Manifest.Assertion> signedAssertions = new ArrayList<>();;
         for (var assertionConfig: tdfConfig.assertionConfigList) {
-            if (!Objects.equals(assertionConfig.type, AssertionConfig.Type.BaseAssertion)) {
-                continue;
-            }
-
             var assertion = new Manifest.Assertion();
             assertion.id = assertionConfig.id;
             assertion.type = assertionConfig.type.toString();
@@ -506,8 +502,8 @@ public TDFObject createTDF(InputStream payload,
             var encodedHash = Base64.getEncoder().encodeToString(completeHashBuilder.toString().getBytes());
 
             var assertionSigningKey = new AssertionConfig.AssertionKey(AssertionConfig.AssertionKeyAlg.HS256,
-                    new MACSigner(tdfObject.aesGcm.getKey()));
-            if (assertionConfig.assertionKey.isDefined()) {
+                    tdfObject.aesGcm.getKey());
+            if (assertionConfig.assertionKey != null && assertionConfig.assertionKey.isDefined()) {
                 assertionSigningKey = assertionConfig.assertionKey;
             }
 
@@ -671,13 +667,8 @@ public Reader loadTDF(SeekableByteChannel tdf, SDK.KAS kas, Config.AssertionVeri
 
         // Validate assertions
         for (var assertion: manifest.assertions) {
-            if (!Objects.equals(assertion.type, AssertionConfig.Type.BaseAssertion.toString())) {
-                continue;
-            }
-
             // Set default to HS256
-            var assertionKey = new AssertionConfig.AssertionKey(AssertionConfig.AssertionKeyAlg.HS256,
-                    new MACSigner(payloadKey));
+            var assertionKey = new AssertionConfig.AssertionKey(AssertionConfig.AssertionKeyAlg.HS256, payloadKey);
             if (assertionVerificationKeys != null && assertionVerificationKeys.length > 0) {
                 var keyForAssertion = assertionVerificationKeys[0].getKey(assertion.id);
                 if (keyForAssertion != null) {

sdk/src/test/java/io/opentdf/platform/sdk/TDFTest.java

@@ -207,18 +207,29 @@ void testSimpleTDFWithAssertionWithHS256() throws Exception {
         String assertion1Id = "assertion1";
         var assertionConfig1 = new AssertionConfig();
         assertionConfig1.id = assertion1Id;
-        assertionConfig1.type = AssertionConfig.Type.HandlingAssertion;
+        assertionConfig1.type = AssertionConfig.Type.BaseAssertion;
         assertionConfig1.scope = AssertionConfig.Scope.TrustedDataObj;
         assertionConfig1.appliesToState = AssertionConfig.AppliesToState.Unencrypted;
         assertionConfig1.statement = new AssertionConfig.Statement();
         assertionConfig1.statement.format = "base64binary";
         assertionConfig1.statement.schema = "text";
         assertionConfig1.statement.value = "ICAgIDxlZGoOkVkaD4=";
 
+        String assertion2Id = "assertion2";
+        var assertionConfig2 = new AssertionConfig();
+        assertionConfig2.id = assertion2Id;
+        assertionConfig2.type = AssertionConfig.Type.HandlingAssertion;
+        assertionConfig2.scope = AssertionConfig.Scope.TrustedDataObj;
+        assertionConfig2.appliesToState = AssertionConfig.AppliesToState.Unencrypted;
+        assertionConfig2.statement = new AssertionConfig.Statement();
+        assertionConfig2.statement.format = "json";
+        assertionConfig2.statement.schema = "urn:nato:stanag:5636:A:1:elements:json";
+        assertionConfig2.statement.value = "{\"uuid\":\"f74efb60-4a9a-11ef-a6f1-8ee1a61c148a\",\"body\":{\"dataAttributes\":null,\"dissem\":null}}";
+
         Config.TDFConfig config = Config.newTDFConfig(
                 Config.withAutoconfigure(false),
                 Config.withKasInformation(getKASInfos()),
-                Config.withAssertionConfig(assertionConfig1)
+                Config.withAssertionConfig(assertionConfig1, assertionConfig2)
         );
 
         String plainText = "this is extremely sensitive stuff!!!";
@@ -235,6 +246,25 @@ void testSimpleTDFWithAssertionWithHS256() throws Exception {
         assertThat(unwrappedData.toString(StandardCharsets.UTF_8))
                 .withFailMessage("extracted data does not match")
                 .isEqualTo(plainText);
+
+        var manifest = reader.getManifest();
+        var assertions = manifest.assertions;
+        assertThat(assertions.size()).isEqualTo(2);
+        for (var assertion : assertions) {
+            if (assertion.id.equals(assertion1Id)) {
+                assertThat(assertion.statement.format).isEqualTo("base64binary");
+                assertThat(assertion.statement.schema).isEqualTo("text");
+                assertThat(assertion.statement.value).isEqualTo("ICAgIDxlZGoOkVkaD4=");
+                assertThat(assertion.type).isEqualTo(AssertionConfig.Type.BaseAssertion.toString());
+            } else if (assertion.id.equals(assertion2Id)) {
+                assertThat(assertion.statement.format).isEqualTo("json");
+                assertThat(assertion.statement.schema).isEqualTo("urn:nato:stanag:5636:A:1:elements:json");
+                assertThat(assertion.statement.value).isEqualTo("{\"uuid\":\"f74efb60-4a9a-11ef-a6f1-8ee1a61c148a\",\"body\":{\"dataAttributes\":null,\"dissem\":null}}");
+                assertThat(assertion.type).isEqualTo(AssertionConfig.Type.HandlingAssertion.toString());
+            } else {
+                throw new RuntimeException("unexpected assertion id: " + assertion.id);
+            }
+        }
     }
 
     @Test