ó 9(Zc@s+dZddlZddlZddlZddlZddlZddlmZddlm Z ddl Z ddl Z ddl mZmZmZmZddlmZmZejeƒZejdeƒdefd „ƒYƒZd efd „ƒYZejejƒd efd „ƒYƒZdS(s'Resources required for Raw Master Keys.iÿÿÿÿN(tEncryptionType(t WrappingKey(t MasterKeytMasterKeyConfigtMasterKeyProvidertMasterKeyProviderConfig(tDataKeyt RawDataKeythashtRawMasterKeyConfigcBsneZdZejdedejjej e fƒde j j jƒZejdedejjeƒƒZRS(s0Configuration object for RawMasterKey objects. :param bytes key_id: Key ID for Master Key :param str provider_id: String defining provider ID :param wrapping_key: Encryption key with which to wrap plaintext_data_key :type wrapping_key: aws_encryption_sdk.internal.crypto.WrappingKey Rt validatortconvert(t__name__t __module__t__doc__tattrtibtTruet validatorst instance_oftsixt string_typestbytestaws_encryption_sdktinternaltstr_opstto_strt provider_idRt wrapping_key(((sP/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/key_providers/raw.pyR !s  t RawMasterKeycBsGeZdZdZeZd„Zd„Zd„Z d„Z d„Z RS(s®Raw Master Key. :param config: Configuration object (config or individual parameters required) :type config: aws_encryption_sdk.key_providers.raw.RawMasterKeyConfig :param bytes key_id: Key ID for Master Key :param str provider_id: String defining provider ID :param wrapping_key: Encryption key with which to wrap plaintext_data_key :type wrapping_key: aws_encryption_sdk.internal.crypto.WrappingKey cKs=tt|ƒj||}tjjjjd|ƒ|_|S(sÌInject registration of the new Raw Master Key Provider into the creation of each instance. .. note:: Overloaded here to allow definition of _key_info_prefix on instantiation. traw_master_key( tsuperRt__new__RRt formattingt serializetserialize_raw_master_key_prefixt_key_info_prefix(tclstkwargstinstance((sP/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/key_providers/raw.pyR As cCsãd}|jjjjtjkr7|j|jkr7tS|jjjjtjkrÀt |j ƒ|jjjj j }|jj |j krÀt |jjƒ|krÀ|jjj|j ƒrÀtSntjd||j ||j ƒtS(sˆDetermines if data_key object is owned by this RawMasterKey. :param data_key: Data key to evaluate :type data_key: :class:`aws_encryption_sdk.structures.DataKey`, :class:`aws_encryption_sdk.structures.RawDataKey`, or :class:`aws_encryption_sdk.structures.EncryptedDataKey` :returns: Boolean statement of ownership :rtype: bool iÿÿÿÿsvRawMasterKey does not own data_key: %s Expected provider_id: %s Expected key_info len: %s Expected key_info prefix: %s(tconfigRtwrapping_algorithmtencryption_typeRt ASYMMETRICt key_providerRt SYMMETRICtlenR$t algorithmtiv_lenRtkey_infot startswitht_LOGGERtdebugtFalse(tselftdata_keytexpected_key_info_len((sP/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/key_providers/raw.pyt owns_data_keyMs" " cCsatj|jƒ}|jdtd|jd|ƒd|d|ƒ}td|jd|d|jƒS(sƒGenerates data key and returns :class:`aws_encryption_sdk.structures.DataKey`. :param algorithm: Algorithm on which to base data key :type algorithm: aws_encryption_sdk.identifiers.Algorithm :param dict encryption_context: Encryption context to use in encryption :returns: Generated data key :rtype: aws_encryption_sdk.structures.DataKey R7R,R/tencryption_contexttencrypted_data_key(tosturandomt kdf_input_lent_encrypt_data_keyRR,RR;(R6R/R:tplaintext_data_keyR;((sP/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/key_providers/raw.pyt_generate_data_keyus      c Cs[|jjjd|jd|ƒ}tjjjjd|j d|jjj d|j d|ƒS(s Performs the provider-specific key encryption actions. :param data_key: Unencrypted data key :type data_key: :class:`aws_encryption_sdk.structures.RawDataKey` or :class:`aws_encryption_sdk.structures.DataKey` :param algorithm: Algorithm object which directs how this Master Key will encrypt the data key :type algorithm: aws_encryption_sdk.identifiers.Algorithm :param dict encryption_context: Encryption context to use in encryption :returns: Decrypted data key :rtype: aws_encryption_sdk.structures.EncryptedDataKey :raises EncryptKeyError: if Master Key is unable to encrypt data key R@R:R,R)twrapping_key_idtencrypted_wrapped_key( R(RtencryptR7RRR!R"tserialize_wrapped_keyR,R)tkey_id(R6R7R/R:RC((sP/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/key_providers/raw.pyR?s    cCsptjjjjd|jjjd|jd|ƒ}|jjj d|d|ƒ}t d|j d|d|j ƒS( skDecrypts an encrypted data key and returns the plaintext. :param data_key: Encrypted data key :type data_key: aws_encryption_sdk.structures.EncryptedDataKey :param algorithm: Algorithm object which directs how this Master Key will encrypt the data key :type algorithm: aws_encryption_sdk.identifiers.Algorithm :param dict encryption_context: Encryption context to use in decryption :returns: Data key containing decrypted data key :rtype: aws_encryption_sdk.structures.DataKey :raises DecryptKeyError: if Master Key is unable to decrypt data key R)RBtwrapped_encrypted_keytencrypted_wrapped_data_keyR:R,R7R;( RRR!t deserializetdeserialize_wrapped_keyR(RR)RFtdecryptRR,R;(R6R;R/R:RCR@((sP/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/key_providers/raw.pyt_decrypt_data_key§s     N( R R RtNoneRR t _config_classR R9RAR?RL(((sP/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/key_providers/raw.pyR3s  (  tRawMasterKeyProvidercBs;eZdZeZeZeZe j d„ƒZ d„Z RS(s¡Raw Master Key Provider. :param config: Configuration object (optional) :type config: aws_encryption_sdk.key_providers.base.MasterKeyProviderConfig cCsdS(s¸Retrieves a raw key from some source. :param bytes key_id: Key ID to use :returns: Wrapping Key :rtype: aws_encryption_sdk.internal.crypto.WrappingKey N((R6RF((sP/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/key_providers/raw.pyt _get_raw_keyÕsc CsGtjd|ƒ|j|ƒ}|jdtd|d|jd|ƒƒS(sRetrieves a wrapping key and builds a RawMasterKey using that wrapping key. :param bytes key_id: Key ID to use :returns: RawMasterKey based on retrieved wrapping key :rtype: aws_encryption_sdk.key_providers.raw.RawMasterKey s#Retrieving wrapping key with id: %sR(RFRR(R3R4RPt_master_key_classR R(R6RFR((sP/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/key_providers/raw.pyt_new_master_keyÞs  ( R R RRRQRRNR5tvend_masterkey_on_decrypttabctabstractmethodRPRR(((sP/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/key_providers/raw.pyROÆs  (RRTtloggingR<RRtaws_encryption_sdk.identifiersRt0aws_encryption_sdk.internal.crypto.wrapping_keysRt2aws_encryption_sdk.internal.formatting.deserializeRt0aws_encryption_sdk.internal.formatting.serializet%aws_encryption_sdk.key_providers.baseRRRRtaws_encryption_sdk.structuresRRt getLoggerR R3tsRR Rt add_metaclasstABCMetaRO(((sP/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/key_providers/raw.pyt s"       "“