IronCoreLabs · giarc3 · Jan 30, 2026 · Jan 27, 2026 · Jan 29, 2026 · Jan 29, 2026
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -47,7 +47,10 @@ jobs:
           gcloud-auth: ${{ secrets.GCLOUD_AUTH }}
           env-file-path: .env.integration
       - name: integration test
-        run: env $(cat .env.integration) ./test-suites/integrationTest.sh
+        run: env $(cat .env.integration) ./test-suites/allTest.sh
+        env:
+          TENANT_ID: INTEGRATION-TEST-GCP
+          NEW_TENANT_ID: INTEGRATION-TEST-AWS
 
   build_examples:
     runs-on: ubuntu-22.04

diff --git a/src/main/java/com/ironcorelabs/tenantsecurity/kms/v1/BatchDocumentKeys.java b/src/main/java/com/ironcorelabs/tenantsecurity/kms/v1/BatchDocumentKeys.java
@@ -1,5 +1,6 @@
 package com.ironcorelabs.tenantsecurity.kms.v1;
 
+import java.util.Collections;
 import java.util.Map;
 
 import com.google.api.client.util.Key;
@@ -16,10 +17,16 @@ public class BatchDocumentKeys<T> {
   private Map<String, ErrorResponse> failures;
 
   public Map<String, T> getKeys() {
+    if (this.keys == null) {
+      return Collections.emptyMap();
+    }
     return this.keys;
   }
 
   public Map<String, ErrorResponse> getFailures() {
+    if (this.failures == null) {
+      return Collections.emptyMap();
+    }
     return this.failures;
   }
 }
diff --git a/src/main/java/com/ironcorelabs/tenantsecurity/kms/v1/DerivedKey.java b/src/main/java/com/ironcorelabs/tenantsecurity/kms/v1/DerivedKey.java
@@ -24,7 +24,7 @@ public DerivedKey() {}
   byte[] getDerivedKeyBytes() {
     try {
       return Base64.getDecoder().decode(this.derivedKey);
-    } catch (IllegalArgumentException e) {
+    } catch (Exception e) {
       throw new IllegalArgumentException(
           "Derive keys response from the Tenant Security Proxy was not valid base64.");
     }

diff --git a/src/main/java/com/ironcorelabs/tenantsecurity/kms/v1/DeterministicCryptoUtils.java b/src/main/java/com/ironcorelabs/tenantsecurity/kms/v1/DeterministicCryptoUtils.java
@@ -106,7 +106,7 @@ static CompletableFuture<DeterministicPlaintextField> decryptField(
           return key;
         }).thenCompose(key -> decryptBytes(parts.getEncryptedBytes(), key.getDerivedKeyBytes())))
         .thenApply(decrypted -> new DeterministicPlaintextField(decrypted,
-            encryptedField.getDerivationPath(), encryptedField.getSecretPath()));
+            encryptedField.getSecretPath(), encryptedField.getDerivationPath()));
   }
 
 

diff --git a/src/main/java/com/ironcorelabs/tenantsecurity/kms/v1/TenantSecurityClient.java b/src/main/java/com/ironcorelabs/tenantsecurity/kms/v1/TenantSecurityClient.java
@@ -189,7 +189,7 @@ public Builder allowInsecureHttp(boolean allow) {
     }
 
     /**
-     * Construct the TenantSecurityClient fron the builder.
+     * Construct the TenantSecurityClient from the builder.
      *
      * @return The newly constructed TenantSecurityClient.
      * @throws Exception If the tsp url isn't valid or if HTTPS is required and not provided.

diff --git a/src/main/java/com/ironcorelabs/tenantsecurity/kms/v1/UnwrappedDocumentKey.java b/src/main/java/com/ironcorelabs/tenantsecurity/kms/v1/UnwrappedDocumentKey.java
@@ -14,7 +14,7 @@ public class UnwrappedDocumentKey {
   public byte[] getDekBytes() {
     try {
       return Base64.getDecoder().decode(this.dek);
-    } catch (IllegalArgumentException e) {
+    } catch (Exception e) {
       throw new IllegalArgumentException(
           "Unwrap DEK response from the Tenant Security Proxy was not valid base64.");
     }

diff --git a/src/main/java/com/ironcorelabs/tenantsecurity/kms/v1/WrappedDocumentKey.java b/src/main/java/com/ironcorelabs/tenantsecurity/kms/v1/WrappedDocumentKey.java
@@ -17,7 +17,7 @@ public class WrappedDocumentKey {
   public byte[] getDekBytes() {
     try {
       return Base64.getDecoder().decode(this.dek);
-    } catch (IllegalArgumentException e) {
+    } catch (Exception e) {
       throw new IllegalArgumentException(
           "Wrapped document key response from the Tenant Security Proxy was not valid base64.");
     }

diff --git a/src/test/java/com/ironcorelabs/tenantsecurity/kms/v1/LocalBatch.java b/src/test/java/com/ironcorelabs/tenantsecurity/kms/v1/LocalBatch.java
@@ -60,7 +60,7 @@ public void batchRoundtrip() throws Exception {
 
     TenantSecurityClient client =
         new TenantSecurityClient.Builder(TestSettings.TSP_ADDRESS + TestSettings.TSP_PORT,
-            this.API_KEY).build();
+            this.API_KEY).allowInsecureHttp(true).build();
 
     int batchSize = 25;
     int batchRepetitions = 50;

diff --git a/src/test/java/com/ironcorelabs/tenantsecurity/kms/v1/LocalDeterministic.java b/src/test/java/com/ironcorelabs/tenantsecurity/kms/v1/LocalDeterministic.java
@@ -22,8 +22,8 @@ private void assertEqualBytes(byte[] one, byte[] two) throws Exception {
   }
 
   private DeterministicPlaintextField getRoundtripDataToEncrypt() {
-    return new DeterministicPlaintextField("Encrypt these bytes!".getBytes(), "deriv_path",
-        "secret_path");
+    return new DeterministicPlaintextField("Encrypt these bytes!".getBytes(), "secret_path",
+        "deriv_path");
   }
 
   private CompletableFuture<DeterministicTenantSecurityClient> createClient() {

diff --git a/src/test/java/com/ironcorelabs/tenantsecurity/kms/v1/LocalRoundTrip.java b/src/test/java/com/ironcorelabs/tenantsecurity/kms/v1/LocalRoundTrip.java
@@ -12,7 +12,6 @@
 import com.ironcorelabs.tenantsecurity.kms.v1.exception.TenantSecurityException;
 import com.ironcorelabs.tenantsecurity.logdriver.v1.EventMetadata;
 import com.ironcorelabs.tenantsecurity.logdriver.v1.UserEvent;
-import com.ironcorelabs.tenantsecurity.utils.CompletableFutures;
 import org.testng.annotations.Test;
 
 @Test(groups = {"local-integration"})

diff --git a/src/test/java/com/ironcorelabs/tenantsecurity/kms/v1/NotPrimaryAndDisabledConfigs.java b/src/test/java/com/ironcorelabs/tenantsecurity/kms/v1/NotPrimaryAndDisabledConfigs.java
@@ -9,7 +9,6 @@
 import java.util.concurrent.ExecutionException;
 import com.ironcorelabs.tenantsecurity.TestUtils;
 import com.ironcorelabs.tenantsecurity.kms.v1.exception.TenantSecurityException;
-import com.ironcorelabs.tenantsecurity.utils.CompletableFutures;
 import org.testng.annotations.Test;
 
 @Test(groups = {"dev-integration"})

diff --git a/src/test/java/com/ironcorelabs/tenantsecurity/kms/v1/RekeyRoundTrip.java b/src/test/java/com/ironcorelabs/tenantsecurity/kms/v1/RekeyRoundTrip.java
@@ -4,7 +4,6 @@
 import java.util.HashMap;
 import java.util.Map;
 import java.util.concurrent.CompletableFuture;
-import java.util.concurrent.CompletionException;
 import java.util.concurrent.ExecutionException;
 import com.ironcorelabs.tenantsecurity.kms.v1.exception.TenantSecurityException;
 import org.testng.annotations.Test;
@@ -50,24 +49,21 @@ public void roundtripTest() throws Exception {
         new DocumentMetadata(tenant_id, "integrationTest", "sample", customFields, "customRayID");
     Map<String, byte[]> documentMap = getRoundtripDataToEncrypt();
 
-    CompletableFuture<PlaintextDocument> roundtrip =
-        TenantSecurityClient.create(tsp_address + tsp_port, api_key).thenCompose(client -> {
-          try {
-            return client.encrypt(documentMap, metadata).thenCompose(encryptedDocument -> {
-              return client.rekeyEdek(encryptedDocument.getEdek(), metadata, new_tenant_id)
-                  .thenCompose(rekeyedEdek -> {
-                    DocumentMetadata newMetadata = new DocumentMetadata(new_tenant_id,
-                        "integrationTest", "sample", customFields, "customRayID");
-                    EncryptedDocument newDocument =
-                        new EncryptedDocument(encryptedDocument.getEncryptedFields(), rekeyedEdek);
-                    return client.decrypt(newDocument, newMetadata);
-                  });
-            });
-          } catch (Exception e) {
-            throw new CompletionException(e);
-          }
-        });
     try {
+      TenantSecurityClient client =
+          new TenantSecurityClient.Builder(tsp_address + tsp_port, api_key).allowInsecureHttp(true)
+              .build();
+      CompletableFuture<PlaintextDocument> roundtrip =
+          client.encrypt(documentMap, metadata).thenCompose(encryptedDocument -> {
+            return client.rekeyEdek(encryptedDocument.getEdek(), metadata, new_tenant_id)
+                .thenCompose(rekeyedEdek -> {
+                  DocumentMetadata newMetadata = new DocumentMetadata(new_tenant_id,
+                      "integrationTest", "sample", customFields, "customRayID");
+                  EncryptedDocument newDocument =
+                      new EncryptedDocument(encryptedDocument.getEncryptedFields(), rekeyedEdek);
+                  return client.decrypt(newDocument, newMetadata);
+                });
+          });
       Map<String, byte[]> decryptedValuesMap = roundtrip.get().getDecryptedFields();
       assertEqualBytes(decryptedValuesMap.get("doc1"), documentMap.get("doc1"));
       assertEqualBytes(decryptedValuesMap.get("doc2"), documentMap.get("doc2"));

diff --git a/test-suites/allTest.sh b/test-suites/allTest.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+# Be sure to set API_KEY, TENANT_ID, and NEW_TENANT_ID env vars
+cd "${0%/*/*}" # set the current directory to the one above this script
+mvn -Dsuite=test-suites/test-all test
diff --git a/test-suites/test-all.xml b/test-suites/test-all.xml
@@ -0,0 +1,18 @@
+<!DOCTYPE suite SYSTEM "http://testng.org/testng-1.0.dtd">
+
+<suite name="allTests">
+  <test name="allTests">
+    <groups>
+      <run>
+        <include name="unit" />
+        <include name="local-integration" />
+        <include name="dev-integration" />
+        <include name="local-batch-integration" />
+        <include name="local-deterministic" />
+      </run>
+    </groups>
+    <packages>
+      <package name=".*" />
+    </packages>
+  </test>
+</suite>