chore(kas): remove unused code (#1019)

Just some basic house keeping trying to clean up more left overs from
backend-go.

service/kas/access/accessPdp.go

@@ -32,16 +32,6 @@ func canAccess(ctx context.Context, token *authorization.Token, policy Policy, s
 	return true, nil
 }
 
-func checkDissems(dissems []string, ent *authorization.Entity) (bool, error) {
-	if ent.GetEmailAddress() == "" {
-		return false, ErrPolicyDissemInvalid
-	}
-	if len(dissems) == 0 || contains(dissems, ent.GetEmailAddress()) {
-		return true, nil
-	}
-	return false, nil
-}
-
 func checkAttributes(ctx context.Context, dataAttrs []Attribute, ent *authorization.Token, sdk *otdf.SDK, logger logger.Logger) (bool, error) {
 	ras := []*authorization.ResourceAttribute{{
 		AttributeValueFqns: make([]string, 0),
@@ -74,12 +64,3 @@ func checkAttributes(ctx context.Context, dataAttrs []Attribute, ent *authorizat
 	}
 	return false, nil
 }
-
-func contains(s []string, e string) bool {
-	for _, a := range s {
-		if a == e {
-			return true
-		}
-	}
-	return false
-}

service/kas/tdf3/keyaccess.go → service/kas/access/keyaccess.go

@@ -1,4 +1,4 @@
-package tdf3
+package access
 
 type KeyAccess struct {
 	EncryptedMetadata string `json:"encryptedMetadata,omitempty"`

service/kas/access/rewrap.go

@@ -31,7 +31,6 @@ import (
 	"github.com/opentdf/platform/service/internal/logger"
 	"github.com/opentdf/platform/service/internal/logger/audit"
 	"github.com/opentdf/platform/service/internal/security"
-	"github.com/opentdf/platform/service/kas/tdf3"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/status"
@@ -42,13 +41,13 @@ type SignedRequestBody struct {
 }
 
 type RequestBody struct {
-	AuthToken       string         `json:"authToken"`
-	KeyAccess       tdf3.KeyAccess `json:"keyAccess"`
-	Policy          string         `json:"policy,omitempty"`
-	Algorithm       string         `json:"algorithm,omitempty"`
-	ClientPublicKey string         `json:"clientPublicKey"`
-	PublicKey       interface{}    `json:"-"`
-	SchemaVersion   string         `json:"schemaVersion,omitempty"`
+	AuthToken       string      `json:"authToken"`
+	KeyAccess       KeyAccess   `json:"keyAccess"`
+	Policy          string      `json:"policy,omitempty"`
+	Algorithm       string      `json:"algorithm,omitempty"`
+	ClientPublicKey string      `json:"clientPublicKey"`
+	PublicKey       interface{} `json:"-"`
+	SchemaVersion   string      `json:"schemaVersion,omitempty"`
 }
 
 type entityInfo struct {

service/kas/access/rewrap_test.go

@@ -15,14 +15,14 @@ import (
 	"github.com/lestrrat-go/jwx/v2/jwk"
 	"github.com/lestrrat-go/jwx/v2/jws"
 	"github.com/lestrrat-go/jwx/v2/jwt"
+	"github.com/opentdf/platform/lib/ocrypto"
 	"github.com/opentdf/platform/service/internal/auth"
 	"github.com/opentdf/platform/service/internal/logger"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
 	"github.com/google/uuid"
 	kaspb "github.com/opentdf/platform/protocol/go/kas"
-	"github.com/opentdf/platform/service/kas/tdf3"
 	"google.golang.org/grpc/metadata"
 )
 
@@ -203,10 +203,11 @@ func createTestLogger(t *testing.T) logger.Logger {
 	return *l
 }
 
-func keyAccessWrappedRaw(t *testing.T) tdf3.KeyAccess {
+func keyAccessWrappedRaw(t *testing.T) KeyAccess {
 	policyBytes := fauxPolicyBytes(t)
-
-	wrappedKey, err := tdf3.EncryptWithPublicKey([]byte(plainKey), entityPublicKey(t))
+	asym, err := ocrypto.NewAsymEncryption(rsaPublicAlt)
+	require.NoError(t, err, "rewrap: NewAsymEncryption failed")
+	wrappedKey, err := asym.Encrypt([]byte(plainKey))
 	require.NoError(t, err, "rewrap: encryptWithPublicKey failed")
 
 	logger := createTestLogger(t)
@@ -219,7 +220,7 @@ func keyAccessWrappedRaw(t *testing.T) tdf3.KeyAccess {
 	policyBinding := base64.StdEncoding.EncodeToString(dst)
 	slog.Debug("Generated binding", "binding", bindingBytes, "encodedBinding", policyBinding)
 
-	return tdf3.KeyAccess{
+	return KeyAccess{
 		Type:          "wrapped",
 		URL:           "http://127.0.0.1:4000",
 		Protocol:      "kas",