ó 9(Zc@sdZddlZddlZddlZddlZddlmZddlmZddl m Z ddl m Z m Z mZdd lmZdd lmZdd lmZmZdd lmZdd lmZejeƒZejdeƒdefd„ƒYƒZdS(s Caching crypto material manager.iÿÿÿÿNi(tEncryptionMaterialsRequest(tCryptoMaterialsManager(tDefaultCryptoMaterialsManageri(t$build_decryption_materials_cache_keyt$build_encryption_materials_cache_keytCryptoMaterialsCacheEntryHints(tCryptoMaterialsCache(t CacheKeyError(tMAX_BYTES_PER_KEYtMAX_MESSAGES_PER_KEY(tto_bytes(tMasterKeyProviderthashtCachingCryptoMaterialsManagerc BsveZdZejdejjeƒƒZejdejje ƒƒZ ejde dejje j ƒƒZejdedejje j ƒƒZejdd dedejjejjeƒƒƒZejdd dejjejjeƒƒƒZejdd dejjejjeƒƒƒZd„Zd„Zd„Zd„Zd„Zd „Zd „Z d „Z!RS( sÌCrypto material manager which caches results from an underlying material manager. .. versionadded:: 1.3.0 >>> import aws_encryption_sdk >>> kms_key_provider = aws_encryption_sdk.KMSMasterKeyProvider(key_ids=[ ... 'arn:aws:kms:us-east-1:2222222222222:key/22222222-2222-2222-2222-222222222222', ... 'arn:aws:kms:us-east-1:3333333333333:key/33333333-3333-3333-3333-333333333333' ... ]) >>> local_cache = aws_encryption_sdk.LocalCryptoMaterialsCache(capacity=100) >>> caching_materials_manager = aws_encryption_sdk.CachingCryptoMaterialsManager( ... master_key_provider=kms_key_provider, ... cache=local_cache, ... max_age=600.0, ... max_messages_encrypted=10 ... ) .. note:: The partition name is used to enable a single cache instance to be used by multiple material manager instances by partitioning the entries in that cache based on this value. If no partition name is provided, a random UUID will be used. .. note:: Either `backing_materials_manager` or `master_key_provider` must be provided. `backing_materials_manager` will always be used if present. :param cache: Crypto cache to use with material manager :type cache: aws_encryption_sdk.caches.base.CryptoMaterialsCache :param backing_materials_manager: Crypto material manager to back this caching material manager (either `backing_materials_manager` or `master_key_provider` required) :type backing_materials_manager: aws_encryption_sdk.materials_managers.base.CryptoMaterialsManager :param master_key_provider: Master key provider to use (either `backing_materials_manager` or `master_key_provider` required) :type master_key_provider: aws_encryption_sdk.key_providers.base.MasterKeyProvider :param float max_age: Maximum time in seconds that a cache entry may be kept in the cache :param int max_messages_encrypted: Maximum number of messages that may be encrypted under a cache entry (optional) :param int max_bytes_encrypted: Maximum number of bytes that a cache entry may be used to process (optional) :param bytes partition_name: Partition name to use for this instance (optional) t validatortdefaulttconvertcCsý|jdkrtdƒ‚n|jdkr<tdƒ‚n|jtkrctdjtƒƒ‚n|jtkrŠtdjtƒƒ‚n|jdkrÌ|jdkr·t dƒ‚nt |jƒ|_n|j dkrùt t tjƒƒƒ|_ ndS( s9Applies post-processing which cannot be handled by attrs.is,max_messages_encrypted cannot be less than 1is)max_bytes_encrypted cannot be less than 0s'max_messages_encrypted cannot exceed {}s$max_bytes_encrypted cannot exceed {}sGEither backing_materials_manager or master_key_provider must be definedN(tmax_messages_encryptedt ValueErrortmax_bytes_encryptedR tformatRtbacking_materials_managertNonetmaster_key_providert TypeErrorRtpartition_nameR tstrtuuidtuuid4(tself((sY/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/materials_managers/caching.pyt__attrs_post_init__hscCs|j|jkS(sÐDetermines if a cache entry has exceeded the max allowed bytes encrypted. :param entry: Entry to evaluate :type entry: aws_encryption_sdk.caches.CryptoCacheEntry :rtype: bool (tbytes_encryptedR(Rtentry((sY/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/materials_managers/caching.pyt)_cache_entry_has_encrypted_too_many_bytes~scCs|j|jkS(sÓDetermines if a cache entry has exceeded the max allowed messages encrypted. :param entry: Entry to evaluate :type entry: aws_encryption_sdk.caches.CryptoCacheEntry :rtype: bool (tmessages_encryptedR(RR ((sY/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/materials_managers/caching.pyt,_cache_entry_has_encrypted_too_many_messages‡scCs|j|jkS(sÄDetermines if a cache entry has exceeded the max allowed age. :param entry: Entry to evaluate :type entry: aws_encryption_sdk.caches.CryptoCacheEntry :rtype: bool (tagetmax_age(RR ((sY/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/materials_managers/caching.pyt_cache_entry_is_too_oldscCs+|j|ƒp*|j|ƒp*|j|ƒS(sÄDetermines if a cache entry has exceeded any security limits. :param entry: Entry to evaluate :type entry: aws_encryption_sdk.caches.CryptoCacheEntry :rtype: bool (R&R#R!(RR ((sY/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/materials_managers/caching.pyt _cache_entry_has_exceeded_limits™scCsT|jdkr tjdƒtS|jdk rP|jjƒ rPtjdƒtStS(sñDetermines whether the encryption materials request should be cached. :param request: Encryption materials request :type request: aws_encryption_sdk.materials_managers.EncryptionMaterialsRequest :rtype: bool sKEncryption materials request not cached because plaintext length is unknownsTEncryption materials request not cached because algorithm suite is not safe to cacheN(tplaintext_lengthRt_LOGGERtdebugtFalset algorithmt safe_to_cachetTrue(Rtrequest((sY/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/materials_managers/caching.pyt _should_cache_encryption_request¦s  c Cs,|j|ƒs|jj|ƒStd|jd|jd|jƒ}td|jd|ƒ}y"|j jd|d|j ƒ}Wnt k rn*X|j |ƒr³|j j |ƒn|jS|jj|ƒ}|jjƒ sî|j |jkrò|S|j jd|d|d|j d td |jƒƒ}|S( sAProvides encryption materials appropriate for the request. :param request: Encryption materials request :type request: aws_encryption_sdk.materials_managers.EncryptionMaterialsRequest :returns: encryption materials :rtype: aws_ecryption_sdk.materials_managers.EncryptionMaterials tencryption_contextt frame_lengthR,t partitionR/t cache_keyR(tencryption_materialst entry_hintstlifetime(R0Rtget_encryption_materialsRR1R2R,RRtcacheR(RR'tremovetvalueR-Rtput_encryption_materialsRR%(RR/t inner_requestR4t cache_entryt new_result((sY/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/materials_managers/caching.pyR8·s2     "  cCsštd|jd|ƒ}y|jj|ƒ}Wntk rAn*X|j|ƒrd|jj|ƒn|jS|jj |ƒ}|jj d|d|ƒ|S(s?Provides decryption materials appropriate for the request. :param request: decrypt materials request :type request: aws_encryption_sdk.materials_managers.DecryptionMaterialsRequest :returns: decryption materials :rtype: aws_encryption_sdk.materials_managers.DecryptionMaterials R3R/R4tdecryption_materials( RRR9tget_decryption_materialsRR&R:R;Rtdecrypt_materialstput_decryption_materials(RR/R4R>R?((sY/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/materials_managers/caching.pyRBés  N("t__name__t __module__t__doc__tattrtibt validatorst instance_ofRR9tfloatR%R tsixt integer_typesRRRRR toptionaltbytesRR RRRRR!R#R&R'R0R8RB(((sY/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/materials_managers/caching.pyR $s6*   ! ! !   2( RFtloggingRRGRLtRtbaseRRRtcachesRRRt caches.baseRt exceptionsRtinternal.defaultsRR tinternal.str_opsR tkey_providers.baseR t getLoggerRDR)tsR+R (((sY/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/materials_managers/caching.pyt s