ó 9(Zc@sdZddlZddlZddlmZmZddlmZddlm Z m Z ddl m Z m Z dd lmZdd lmZmZdd lmZdd lmZdd lmZejeƒZejdeƒdefd„ƒYƒZdS(s&Default crypto material manager class.iÿÿÿÿNi(tDecryptionMaterialstEncryptionMaterials(tCryptoMaterialsManageri(tMasterKeyProviderErrortSerializationError(tSignertVerifier(tgenerate_ecc_signing_key(t ALGORITHMtENCODED_SIGNER_KEY(tto_str(tprepare_data_keys(tMasterKeyProviderthashtDefaultCryptoMaterialsManagercBsVeZdZeZejdejje ƒƒZ d„Z d„Z d„Z d„ZRS(sÕDefault crypto material manager. .. versionadded:: 1.3.0 :param master_key_provider: Master key provider to use :type master_key_provider: aws_encryption_sdk.key_providers.base.MasterKeyProvider t validatorcCs^tjdƒ|jdkr dStd|dtd|ƒƒ}t|jƒƒ|t<|j ƒS(sTGenerates a signing key based on the provided algorithm. :param algorithm: Algorithm for which to generate signing key :type algorithm: aws_encryption_sdk.identifiers.Algorithm :param dict encryption_context: Encryption context from request :returns: Signing key bytes :rtype: bytes or None sGenerating signing keyt algorithmtkeyN( t_LOGGERtdebugtsigning_algorithm_infotNoneRRR tencoded_public_keyR t key_bytes(tselfRtencryption_contexttsigner((sY/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/materials_managers/default.pyt3_generate_signing_key_and_update_encryption_context,s c Csû|jd k r|jn|j}|jjƒ}|j||ƒ}|jjd|d|jd|jƒ\}}|s„t dƒ‚n||krŸt dƒ‚nt d|d|d|d|ƒ\}}t j d |ƒt d|d |d |d|d |ƒS(sCreates encryption materials using underlying master key provider. :param request: encryption materials request :type request: aws_encryption_sdk.materials_managers.EncryptionMaterialsRequest :returns: encryption materials :rtype: aws_ecryption_sdk.materials_managers.EncryptionMaterials :raises MasterKeyProviderError: if no master keys are available from the underlying master key provider :raises MasterKeyProviderError: if the primary master key provided by the underlying master key provider is not included in the full set of master keys provided by that provider Rtplaintext_rostreamtplaintext_lengths1No Master Keys available from Master Key Providers.Primary Master Key not in provided Master Keystprimary_master_keyt master_keysRs#Post-encrypt encryption context: %stdata_encryption_keytencrypted_data_keyst signing_keyN(RRRtcopyRtmaster_key_providertmaster_keys_for_encryptionRRRR RRR( RtrequestRRR"RRR R!((sY/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/materials_managers/default.pytget_encryption_materials@s. !   cCsŒ|jtdƒ}|jdk r<|dkr<tdƒ‚n|jdkrj|dk rftdƒ‚ndStjd|d|ƒ}|jƒS(sÚLoads the verification key from the encryption context if used by algorithm suite. :param algorithm: Algorithm for which to generate signing key :type algorithm: aws_encryption_sdk.identifiers.Algorithm :param dict encryption_context: Encryption context from request :returns: Raw verification key :rtype: bytes :raises SerializationError: if algorithm suite requires message signing and no verification key is found sCNo signature verification key found in header for signed algorithm.sDSignature verification key found in header for non-signed algorithm.Rt encoded_pointN(tgetR RRRRtfrom_encoded_pointR(RRRtencoded_verification_keytverifier((sY/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/materials_managers/default.pyt._load_verification_key_from_encryption_contextks    cCs[|jjd|jd|jd|jƒ}|jd|jd|jƒ}td|d|ƒS(stObtains a plaintext data key from one or more encrypted data keys using underlying master key provider. :param request: decrypt materials request :type request: aws_encryption_sdk.materials_managers.DecryptionMaterialsRequest :returns: decryption materials :rtype: aws_encryption_sdk.materials_managers.DecryptionMaterials R!RRtdata_keytverification_key(R$tdecrypt_data_key_from_listR!RRR-R(RR&R.R/((sY/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/materials_managers/default.pytdecrypt_materials…s       (t__name__t __module__t__doc__RRtattrtibt validatorst instance_ofR R$RR'R-R1(((sY/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/materials_managers/default.pyRs  + (R4tloggingR5tRRtbaseRt exceptionsRRtinternal.crypto.authenticationRRtinternal.crypto.elliptic_curveRtinternal.defaultsRR tinternal.str_opsR tinternal.utilsR tkey_providers.baseR t getLoggerR2RtstFalseR(((sY/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/materials_managers/default.pyt s