fix(sdk): group splits with empty/missing split IDs together (#217)

mkleene · web-flow · commit 0f477029ce35 · 2025-01-17T13:20:06.000-05:00
Covered by [a new xtest](opentdf/tests#240)
diff --git a/sdk/src/main/java/io/opentdf/platform/sdk/TDF.java b/sdk/src/main/java/io/opentdf/platform/sdk/TDF.java
@@ -37,6 +37,7 @@
  */
 public class TDF {
 
+    private static final String EMPTY_SPLIT_ID = "";
     private static final String TDF_VERSION = "4.3.0";
     private static final String KEY_ACCESS_SECHMA_VERSION = "4.3.0";
     private final long maximumSize;
@@ -607,29 +608,22 @@ public Reader loadTDF(SeekableByteChannel tdf, SDK.KAS kas,
         Set<String> foundSplits = new HashSet<>();
 
         Map<Autoconfigure.KeySplitStep, Exception> skippedSplits = new HashMap<>();
-        boolean mixedSplits = manifest.encryptionInformation.keyAccessObj.size() > 1 &&
-                (manifest.encryptionInformation.keyAccessObj.get(0).sid != null) &&
-                !manifest.encryptionInformation.keyAccessObj.get(0).sid.isEmpty();
-
         MessageDigest digest = MessageDigest.getInstance("SHA-256");
 
         if (manifest.payload.isEncrypted) {
             for (Manifest.KeyAccess keyAccess : manifest.encryptionInformation.keyAccessObj) {
-                Autoconfigure.KeySplitStep ss = new Autoconfigure.KeySplitStep(keyAccess.url, keyAccess.sid);
+                String splitId = keyAccess.sid == null || keyAccess.sid.isEmpty() ? EMPTY_SPLIT_ID : keyAccess.sid;
+                Autoconfigure.KeySplitStep ss = new Autoconfigure.KeySplitStep(keyAccess.url, splitId);
                 byte[] unwrappedKey;
-                if (!mixedSplits) {
+                if (foundSplits.contains(ss.splitID)) {
+                    continue;
+                }
+                knownSplits.add(ss.splitID);
+                try {
                     unwrappedKey = kas.unwrap(keyAccess, manifest.encryptionInformation.policy);
-                } else {
-                    if (foundSplits.contains(ss.splitID)) {
-                        continue;
-                    }
-                    knownSplits.add(ss.splitID);
-                    try {
-                        unwrappedKey = kas.unwrap(keyAccess, manifest.encryptionInformation.policy);
-                    } catch (Exception e) {
-                        skippedSplits.put(ss, e);
-                        continue;
-                    }
+                } catch (Exception e) {
+                    skippedSplits.put(ss, e);
+                    continue;
                 }
 
                 for (int index = 0; index < unwrappedKey.length; index++) {
@@ -656,7 +650,7 @@ public Reader loadTDF(SeekableByteChannel tdf, SDK.KAS kas,
                 }
             }
 
-            if (mixedSplits && knownSplits.size() > foundSplits.size()) {
+            if (knownSplits.size() > foundSplits.size()) {
                 List<Exception> exceptionList = new ArrayList<>(skippedSplits.size() + 1);
                 exceptionList.add(new Exception("splitKey.unable to reconstruct split key: " + skippedSplits));
 
