chore(cmdline): Adds nano plaintext to cmdline (#284)

Author: dmihalcik-virtru

.github/workflows/checks.yaml

@@ -167,7 +167,7 @@ jobs:
             --client-secret=secret \
             --platform-endpoint=http://localhost:8080 \
             -h\
-            encryptnano --kas-url=http://localhost:8080 --attr https://example.com/attr/attr1/value/value1 -f data -m 'here is some metadata' > nano.ntdf
+            encryptnano --kas-url=http://localhost:8080 --attr https://example.com/attr/attr1/value/value1 --policy-type encrypted -f data -m 'here is some metadata' > nano.ntdf
 
           java -jar target/cmdline.jar \
             --client-id=opentdf-sdk \
@@ -182,6 +182,30 @@ jobs:
           fi
         working-directory: cmdline
 
+      - name: Encrypt/Decrypt NanoTDF with plain text policy type
+        run: |
+          echo 'here is some data to encrypt' > data
+
+          java -jar target/cmdline.jar \
+            --client-id=opentdf-sdk \
+            --client-secret=secret \
+            --platform-endpoint=http://localhost:8080 \
+            -h\
+            encryptnano --kas-url=http://localhost:8080 --attr https://example.com/attr/attr1/value/value1 --policy-type plaintext -f data -m 'here is some metadata' > nanopt.ntdf
+
+          java -jar target/cmdline.jar \
+            --client-id=opentdf-sdk \
+            --client-secret=secret \
+            --platform-endpoint=http://localhost:8080 \
+            -h\
+            decryptnano -f nanopt.ntdf > decrypted
+          
+          if ! diff -q data decrypted; then
+            printf 'decrypted data is incorrect [%s]' "$(< decrypted)"
+            exit 1
+          fi
+        working-directory: cmdline
+
       - name: Encrypt/Decrypt Assertions
         run: |
           echo "basic assertions"

cmdline/src/main/java/io/opentdf/platform/Command.java

@@ -8,6 +8,7 @@
 import io.opentdf.platform.sdk.Config;
 import io.opentdf.platform.sdk.KeyType;
 import io.opentdf.platform.sdk.Config.AssertionVerificationKeys;
+import io.opentdf.platform.sdk.NanoTDFType;
 import io.opentdf.platform.sdk.SDK;
 import io.opentdf.platform.sdk.SDKBuilder;
 import nl.altindag.ssl.SSLFactory;
@@ -328,6 +329,7 @@ void createNanoTDF(
             @Option(names = { "-f", "--file" }, defaultValue = Option.NULL_VALUE) Optional<File> file,
             @Option(names = { "-k", "--kas-url" }, required = true) List<String> kas,
             @Option(names = { "-m", "--metadata" }, defaultValue = Option.NULL_VALUE) Optional<String> metadata,
+            @Option(names = { "--policy-type" }, defaultValue = Option.NULL_VALUE, description = "how to embed the policy, either plaintext or encrypted") Optional<String> policyType,
             @Option(names = { "-a", "--attr" }, defaultValue = Option.NULL_VALUE) Optional<String> attributes)
             throws Exception {
 
@@ -343,6 +345,19 @@ void createNanoTDF(
         attributes.ifPresent(attr -> {
             configs.add(Config.witDataAttributes(attr.split(",")));
         });
+        policyType.ifPresent(mode -> {
+            switch (mode) {
+                case "":
+                case "encrypted":
+                    configs.add(Config.withPolicyType(NanoTDFType.PolicyType.EMBEDDED_POLICY_ENCRYPTED));
+                    break;
+                case "plaintext":
+                    configs.add(Config.withPolicyType(NanoTDFType.PolicyType.EMBEDDED_POLICY_PLAIN_TEXT));
+                    break;
+                default:
+                    throw new IllegalArgumentException("Unknown policy type: " + mode);
+            }
+        });
 
         var nanoTDFConfig = Config.newNanoTDFConfig(configs.toArray(Consumer[]::new));
         try (var in = file.isEmpty() ? new BufferedInputStream(System.in) : new FileInputStream(file.get())) {