Auth only CMP #35
Auth only CMP #35
Conversation
| MaterialDescriptionKeys.ATTRIBUTE_ENCRYPTION_MODE.value | ||
| ] = encryption_mode | ||
| try: | ||
| encryption_materials.encryption_key |
There was a problem hiding this comment.
I think it would be cleaner to do this with a conditional rather than a try/except/else clause, particularly because you aren't actually trying to do anything in the try clause. Start with:
if hasattr(encryption_materials, 'encryption_key'):
There was a problem hiding this comment.
"Asking for forgiveness instead of permission" is a general Python convention.
It's also generally faster, though that's not really going to have any affect here.
| for name, attribute in item.items(): | ||
| if crypto_config.attribute_actions.action(name) is not CryptoAction.ENCRYPT_AND_SIGN: | ||
| encrypted_item[name] = attribute.copy() | ||
| continue |
There was a problem hiding this comment.
if I'm reading this correctly, you can just use else: here one indent level higher instead of continue, which is more natural. I'd also probably switch the order of the two clauses, so that you can do the more natural test of is instead of is not.
There was a problem hiding this comment.
fair enough; updating
| @@ -162,12 +172,22 @@ def decrypt_dynamodb_item(item, crypto_config): | |||
|
|
|||
| decryption_materials = inner_crypto_config.decryption_materials() | |||
|
|
|||
| verify_item_signature(signature_attribute, item, decryption_materials.verification_key, inner_crypto_config) | |||
|
|
|||
| try: | |||
There was a problem hiding this comment.
I might also do this as a hasattr test as above.
… the flow clearer
Enable CMPs that only provide authentication materials and no encryption materials.