m

Author: lucasmcdonald3

examples/src/aws_kms_discovery_keyring_example.py

@@ -155,20 +155,12 @@ def encrypt_and_decrypt_with_keyring(
     # If all calls to KMS fail, the decryption fails.
     plaintext_bytes, dec_header = client.decrypt(
         source=ciphertext,
-        keyring=discovery_keyring
+        keyring=discovery_keyring,
+        # Verify that the encryption context in the result contains the
+        # encryption context supplied to the encryptData method
+        encryption_context=encryption_context,
     )
 
-    # 9. Demonstrate that the encryption context is correct in the decrypted message header
-    # (This is an example for demonstration; you do not need to do this in your own code.)
-    for k, v in encryption_context.items():
-        assert v == dec_header.encryption_context[k], \
-            "Encryption context does not match expected values"
-
-    # 10. Demonstrate that the decrypted plaintext is identical to the original plaintext.
-    # (This is an example for demonstration; you do not need to do this in your own code.)
-    assert plaintext_bytes == EXAMPLE_DATA, \
-        "Decrypted plaintext should be identical to the original plaintext. Invalid decryption"
-
     # 11. Demonstrate that if a discovery keyring (Bob's) doesn't have the correct AWS Account ID's,
     # the decrypt will fail with an error message
     # Note that this assumes Account ID used here ('888888888888') is different than the one used
@@ -192,7 +184,7 @@ def encrypt_and_decrypt_with_keyring(
     try:
         plaintext_bytes, _ = client.decrypt(
             source=ciphertext,
-            keyring=discovery_keyring_bob
+            keyring=discovery_keyring_bob,
         )
 
         raise AssertionError("Decrypt using discovery keyring with wrong AWS Account ID should"

examples/src/aws_kms_discovery_multi_keyring_example.py

@@ -153,16 +153,8 @@ def encrypt_and_decrypt_with_keyring(
     # KMS Discovery Keyrings will attempt to decrypt Multi Region Keys (MRKs) and regular KMS Keys.
     plaintext_bytes, dec_header = client.decrypt(
         source=ciphertext,
-        keyring=discovery_multi_keyring
+        keyring=discovery_multi_keyring,
+        # Verify that the encryption context in the result contains the
+        # encryption context supplied to the encryptData method
+        encryption_context=encryption_context,
     )
-
-    # 9. Demonstrate that the encryption context is correct in the decrypted message header
-    # (This is an example for demonstration; you do not need to do this in your own code.)
-    for k, v in encryption_context.items():
-        assert v == dec_header.encryption_context[k], \
-            "Encryption context does not match expected values"
-
-    # 10. Demonstrate that the decrypted plaintext is identical to the original plaintext.
-    # (This is an example for demonstration; you do not need to do this in your own code.)
-    assert plaintext_bytes == EXAMPLE_DATA, \
-        "Decrypted plaintext should be identical to the original plaintext. Invalid decryption"

examples/src/aws_kms_keyring_example.py

@@ -97,17 +97,14 @@ def encrypt_and_decrypt_with_keyring(
         "Ciphertext and plaintext data are the same. Invalid encryption"
 
     # 7. Decrypt your encrypted data using the same keyring you used on encrypt.
-    plaintext_bytes, dec_header = client.decrypt(
+    plaintext_bytes, _ = client.decrypt(
         source=ciphertext,
-        keyring=kms_keyring
+        keyring=kms_keyring,
+        # Verify that the encryption context in the result contains the
+        # encryption context supplied to the encryptData method
+        encryption_context=encryption_context,
     )
 
-    # 8. Demonstrate that the encryption context is correct in the decrypted message header
-    # (This is an example for demonstration; you do not need to do this in your own code.)
-    for k, v in encryption_context.items():
-        assert v == dec_header.encryption_context[k], \
-            "Encryption context does not match expected values"
-
     # 9. Demonstrate that the decrypted plaintext is identical to the original plaintext.
     # (This is an example for demonstration; you do not need to do this in your own code.)
     assert plaintext_bytes == EXAMPLE_DATA, \

examples/src/aws_kms_mrk_discovery_keyring_example.py

@@ -165,15 +165,12 @@ def encrypt_and_decrypt_with_keyring(
     # 7. Decrypt your encrypted data using the discovery keyring.
     plaintext_bytes, dec_header = client.decrypt(
         source=ciphertext,
-        keyring=decrypt_discovery_keyring
+        keyring=decrypt_discovery_keyring,
+        # Verify that the encryption context in the result contains the
+        # encryption context supplied to the encryptData method
+        encryption_context=encryption_context,
     )
 
-    # 8. Demonstrate that the encryption context is correct in the decrypted message header
-    # (This is an example for demonstration; you do not need to do this in your own code.)
-    for k, v in encryption_context.items():
-        assert v == dec_header.encryption_context[k], \
-            "Encryption context does not match expected values"
-
     # 9. Demonstrate that the decrypted plaintext is identical to the original plaintext.
     # (This is an example for demonstration; you do not need to do this in your own code.)
     assert plaintext_bytes == EXAMPLE_DATA

examples/src/aws_kms_mrk_discovery_multi_keyring_example.py

@@ -174,15 +174,12 @@ def encrypt_and_decrypt_with_keyring(
     # Multi Region Keys (MRKs) and regular KMS Keys.
     plaintext_bytes, dec_header = client.decrypt(
         source=ciphertext,
-        keyring=decrypt_discovery_keyring
+        keyring=decrypt_discovery_keyring,
+        # Verify that the encryption context in the result contains the
+        # encryption context supplied to the encryptData method
+        encryption_context=encryption_context,
     )
 
-    # 8. Demonstrate that the encryption context is correct in the decrypted message header
-    # (This is an example for demonstration; you do not need to do this in your own code.)
-    for k, v in encryption_context.items():
-        assert v == dec_header.encryption_context[k], \
-            "Encryption context does not match expected values"
-
     # 9. Demonstrate that the decrypted plaintext is identical to the original plaintext.
     # (This is an example for demonstration; you do not need to do this in your own code.)
     assert plaintext_bytes == EXAMPLE_DATA

examples/src/aws_kms_mrk_keyring_example.py

@@ -132,17 +132,14 @@ def encrypt_and_decrypt_with_keyring(
     )
 
     # 7. Decrypt your encrypted data using the same keyring you used on encrypt.
-    plaintext_bytes, dec_header = client.decrypt(
+    plaintext_bytes, _ = client.decrypt(
         source=ciphertext,
-        keyring=decrypt_keyring
+        keyring=decrypt_keyring,
+        # Verify that the encryption context in the result contains the
+        # encryption context supplied to the encryptData method
+        encryption_context=encryption_context,
     )
 
-    # 8. Demonstrate that the encryption context is correct in the decrypted message header
-    # (This is an example for demonstration; you do not need to do this in your own code.)
-    for k, v in encryption_context.items():
-        assert v == dec_header.encryption_context[k], \
-            "Encryption context does not match expected values"
-
     # 9. Demonstrate that the decrypted plaintext is identical to the original plaintext.
     # (This is an example for demonstration; you do not need to do this in your own code.)
     assert plaintext_bytes == EXAMPLE_DATA, \

examples/src/aws_kms_mrk_multi_keyring_example.py

@@ -126,15 +126,12 @@ def encrypt_and_decrypt_with_keyring(
     # the first available KMS key on the keyring that is capable of decrypting the data.
     plaintext_bytes, dec_header = client.decrypt(
         source=ciphertext,
-        keyring=kms_mrk_multi_keyring
+        keyring=kms_mrk_multi_keyring,
+        # Verify that the encryption context in the result contains the
+        # encryption context supplied to the encryptData method
+        encryption_context=encryption_context,
     )
 
-    # 7. Demonstrate that the encryption context is correct in the decrypted message header
-    # (This is an example for demonstration; you do not need to do this in your own code.)
-    for k, v in encryption_context.items():
-        assert v == dec_header.encryption_context[k], \
-            "Encryption context does not match expected values"
-
     # 8. Demonstrate that the decrypted plaintext is identical to the original plaintext.
     # (This is an example for demonstration; you do not need to do this in your own code.)
     assert plaintext_bytes == EXAMPLE_DATA, \
@@ -161,15 +158,12 @@ def encrypt_and_decrypt_with_keyring(
     # 10. Decrypt your encrypted data using the second region AwsKmsMrkKeyring
     plaintext_bytes_second_region, dec_header_second_region = client.decrypt(
         source=ciphertext,
-        keyring=second_region_mrk_keyring
+        keyring=second_region_mrk_keyring,
+        # Verify that the encryption context in the result contains the
+        # encryption context supplied to the encryptData method
+        encryption_context=encryption_context,
     )
 
-    # 11. Demonstrate that the encryption context is correct in the decrypted message header
-    # (This is an example for demonstration; you do not need to do this in your own code.)
-    for k, v in encryption_context.items():
-        assert v == dec_header_second_region.encryption_context[k], \
-            "Encryption context does not match expected values"
-
     # 12. Demonstrate that the decrypted plaintext is identical to the original plaintext.
     # (This is an example for demonstration; you do not need to do this in your own code.)
     assert plaintext_bytes_second_region == EXAMPLE_DATA

examples/src/aws_kms_multi_keyring_example.py

@@ -133,7 +133,10 @@ def encrypt_and_decrypt_with_keyring(
     # 6a. Decrypt your encrypted data using the same multi_keyring you used on encrypt.
     plaintext_bytes_multi_keyring, _ = client.decrypt(
         source=ciphertext,
-        keyring=kms_multi_keyring
+        keyring=kms_multi_keyring,
+        # Verify that the encryption context in the result contains the
+        # encryption context supplied to the encryptData method
+        encryption_context=encryption_context,
     )
 
     # 6b. Demonstrate that the decrypted plaintext is identical to the original plaintext.
@@ -164,7 +167,10 @@ def encrypt_and_decrypt_with_keyring(
     # 7c. Decrypt your encrypted data using the default_region_kms_keyring.
     plaintext_bytes_default_region_kms_keyring, _ = client.decrypt(
         source=ciphertext,
-        keyring=default_region_kms_keyring
+        keyring=default_region_kms_keyring,
+        # Verify that the encryption context in the result contains the
+        # encryption context supplied to the encryptData method
+        encryption_context=encryption_context,
     )
 
     # 7d. Demonstrate that the decrypted plaintext is identical to the original plaintext.
@@ -192,7 +198,10 @@ def encrypt_and_decrypt_with_keyring(
     # 8c. Decrypt your encrypted data using the second_region_kms_keyring.
     plaintext_bytes_second_region_kms_keyring, _ = client.decrypt(
         source=ciphertext,
-        keyring=second_region_kms_keyring
+        keyring=second_region_kms_keyring,
+        # Verify that the encryption context in the result contains the
+        # encryption context supplied to the encryptData method
+        encryption_context=encryption_context,
     )
 
     # 8d. Demonstrate that the decrypted plaintext is identical to the original plaintext.

examples/src/aws_kms_rsa_keyring_example.py

@@ -105,15 +105,12 @@ def encrypt_and_decrypt_with_keyring(
     # 7. Decrypt your encrypted data using the same keyring you used on encrypt.
     plaintext_bytes, dec_header = client.decrypt(
         source=ciphertext,
-        keyring=kms_rsa_keyring
+        keyring=kms_rsa_keyring,
+        # Verify that the encryption context in the result contains the
+        # encryption context supplied to the encryptData method
+        encryption_context=encryption_context,
     )
 
-    # 8. Demonstrate that the encryption context is correct in the decrypted message header
-    # (This is an example for demonstration; you do not need to do this in your own code.)
-    for k, v in encryption_context.items():
-        assert v == dec_header.encryption_context[k], \
-            "Encryption context does not match expected values"
-
     # 9. Demonstrate that the decrypted plaintext is identical to the original plaintext.
     # (This is an example for demonstration; you do not need to do this in your own code.)
     assert plaintext_bytes == EXAMPLE_DATA, \

examples/src/default_cryptographic_materials_manager_example.py

@@ -111,15 +111,12 @@ def encrypt_and_decrypt_with_default_cmm(
     # 7. Decrypt your encrypted data using the same cmm you used on encrypt.
     plaintext_bytes, dec_header = client.decrypt(
         source=ciphertext,
-        materials_manager=cmm
+        materials_manager=cmm,
+        # Verify that the encryption context in the result contains the
+        # encryption context supplied to the encryptData method
+        encryption_context=encryption_context,
     )
 
-    # 8. Demonstrate that the encryption context is correct in the decrypted message header
-    # (This is an example for demonstration; you do not need to do this in your own code.)
-    for k, v in encryption_context.items():
-        assert v == dec_header.encryption_context[k], \
-            "Encryption context does not match expected values"
-
     # 9. Demonstrate that the decrypted plaintext is identical to the original plaintext.
     # (This is an example for demonstration; you do not need to do this in your own code.)
     assert plaintext_bytes == EXAMPLE_DATA, \

examples/src/file_streaming_example.py

@@ -134,12 +134,6 @@ def encrypt_and_decrypt_with_keyring(
             for chunk in decryptor:
                 pt_file.write(chunk)
 
-    # 9. Demonstrate that the encryption context is correct in the decrypted message header
-    # (This is an example for demonstration; you do not need to do this in your own code.)
-    for k, v in encryption_context.items():
-        assert v == decryptor.header.encryption_context[k], \
-            "Encryption context does not match expected values"
-
     # 10. Demonstrate that the decrypted plaintext is identical to the original plaintext.
     # (This is an example for demonstration; you do not need to do this in your own code.)
     assert filecmp.cmp(plaintext_filename, decrypted_filename), \

examples/src/hierarchical_keyring_example.py

@@ -200,7 +200,10 @@ def encrypt_and_decrypt_with_keyring(
     try:
         client.decrypt(
             source=ciphertext_a,
-            keyring=hierarchical_keyring_b
+            keyring=hierarchical_keyring_b,
+            # Verify that the encryption context in the result contains the
+            # encryption context supplied to the encryptData method
+            encryption_context=encryption_context_a,
         )
     except AWSEncryptionSDKClientError:
         pass
@@ -210,7 +213,10 @@ def encrypt_and_decrypt_with_keyring(
     try:
         client.decrypt(
             source=ciphertext_b,
-            keyring=hierarchical_keyring_a
+            keyring=hierarchical_keyring_a,
+            # Verify that the encryption context in the result contains the
+            # encryption context supplied to the encryptData method
+            encryption_context=encryption_context_b,
         )
     except AWSEncryptionSDKClientError:
         pass
@@ -219,13 +225,20 @@ def encrypt_and_decrypt_with_keyring(
     #     and that the decrypted data matches the input data.
     plaintext_bytes_a, _ = client.decrypt(
         source=ciphertext_a,
-        keyring=hierarchical_keyring_a
+        keyring=hierarchical_keyring_a,
+        # Verify that the encryption context in the result contains the
+        # encryption context supplied to the encryptData method
+        encryption_context=encryption_context_a,
     )
     assert plaintext_bytes_a == EXAMPLE_DATA, \
         "Decrypted plaintext should be identical to the original plaintext. Invalid decryption"
+
     plaintext_bytes_b, _ = client.decrypt(
         source=ciphertext_b,
-        keyring=hierarchical_keyring_b
+        keyring=hierarchical_keyring_b,
+        # Verify that the encryption context in the result contains the
+        # encryption context supplied to the encryptData method
+        encryption_context=encryption_context_b,
     )
     assert plaintext_bytes_b == EXAMPLE_DATA, \
         "Decrypted plaintext should be identical to the original plaintext. Invalid decryption"

examples/src/migration/migration_set_commitment_policy_example.py

@@ -107,15 +107,12 @@ def encrypt_and_decrypt_with_keyring(
     # 7. Decrypt your encrypted data using the same keyring you used on encrypt.
     plaintext_bytes, dec_header = client.decrypt(
         source=ciphertext,
-        keyring=kms_keyring
+        keyring=kms_keyring,
+        # Verify that the encryption context in the result contains the
+        # encryption context supplied to the encryptData method
+        encryption_context=encryption_context,
     )
 
-    # 8. Demonstrate that the encryption context is correct in the decrypted message header
-    # (This is an example for demonstration; you do not need to do this in your own code.)
-    for k, v in encryption_context.items():
-        assert v == dec_header.encryption_context[k], \
-            "Encryption context does not match expected values"
-
     # 9. Demonstrate that the decrypted plaintext is identical to the original plaintext.
     # (This is an example for demonstration; you do not need to do this in your own code.)
     assert plaintext_bytes == EXAMPLE_DATA, \

examples/src/multi_keyring_example.py

@@ -164,7 +164,10 @@ def encrypt_and_decrypt_with_keyring(
     # 10a. Decrypt your encrypted data using the same multi_keyring you used on encrypt.
     plaintext_bytes_multi_keyring, _ = client.decrypt(
         source=ciphertext,
-        keyring=multi_keyring
+        keyring=multi_keyring,
+        # Verify that the encryption context in the result contains the
+        # encryption context supplied to the encryptData method
+        encryption_context=encryption_context,
     )
 
     # 10b. Demonstrate that the decrypted plaintext is identical to the original plaintext.
@@ -182,7 +185,10 @@ def encrypt_and_decrypt_with_keyring(
     # 11a. Decrypt your encrypted data using the kms_keyring.
     plaintext_bytes_kms_keyring, _ = client.decrypt(
         source=ciphertext,
-        keyring=kms_keyring
+        keyring=kms_keyring,
+        # Verify that the encryption context in the result contains the
+        # encryption context supplied to the encryptData method
+        encryption_context=encryption_context,
     )
 
     # 11b. Demonstrate that the decrypted plaintext is identical to the original plaintext.
@@ -197,7 +203,10 @@ def encrypt_and_decrypt_with_keyring(
     # 12a. Decrypt your encrypted data using the raw_aes_keyring.
     plaintext_bytes_raw_aes_keyring, _ = client.decrypt(
         source=ciphertext,
-        keyring=raw_aes_keyring
+        keyring=raw_aes_keyring,
+        # Verify that the encryption context in the result contains the
+        # encryption context supplied to the encryptData method
+        encryption_context=encryption_context,
     )
 
     # 12b. Demonstrate that the decrypted plaintext is identical to the original plaintext.

examples/src/raw_aes_keyring_example.py

@@ -109,15 +109,12 @@ def encrypt_and_decrypt_with_keyring():
     # 8. Decrypt your encrypted data using the same keyring you used on encrypt.
     plaintext_bytes, dec_header = client.decrypt(
         source=ciphertext,
-        keyring=raw_aes_keyring
+        keyring=raw_aes_keyring,
+        # Verify that the encryption context in the result contains the
+        # encryption context supplied to the encryptData method
+        encryption_context=encryption_context,
     )
 
-    # 9. Demonstrate that the encryption context is correct in the decrypted message header
-    # (This is an example for demonstration; you do not need to do this in your own code.)
-    for k, v in encryption_context.items():
-        assert v == dec_header.encryption_context[k], \
-            "Encryption context does not match expected values"
-
     # 10. Demonstrate that the decrypted plaintext is identical to the original plaintext.
     # (This is an example for demonstration; you do not need to do this in your own code.)
     assert plaintext_bytes == EXAMPLE_DATA, \