aws · caitlin-tibbetts · Jun 21, 2019 · Jun 21, 2019 · Jun 21, 2019 · Jun 27, 2019
@@ -105,6 +105,7 @@ install:
   - "SET PATH=%PYTHON%;%PYTHON%\\Scripts;%PATH%"
   # Check the Python version to verify the correct version was installed
   - "python --version"
+  - "python -m pip install --upgrade pip"
   - "python -m pip install wheel tox"
 
 build: off

@@ -156,7 +156,7 @@ basepython = python3
 deps =
     flake8
     flake8-docstrings
-    pydocstyle<4.0.0
+    pydocstyle < 4.0.0
     # https://github.com/JBKahn/flake8-print/pull/30
     flake8-print>=3.1.0
 commands =

@@ -1,4 +1,4 @@
 boto3>=1.4.4
 cryptography>=1.8.1
-attrs>=17.4.0
+attrs>=19.1.0
 wrapt>=1.10.11
@@ -53,6 +53,13 @@ class InvalidDataKeyError(AWSEncryptionSDKClientError):
     """Exception class for Invalid Data Keys."""
 
 
+class InvalidKeyringTraceError(AWSEncryptionSDKClientError):
+    """Exception class for invalid Keyring Traces.
+
+    .. versionadded:: 1.5.0
+    """
+
+
 class InvalidProviderIdError(AWSEncryptionSDKClientError):
     """Exception class for Invalid Provider IDs."""
 
@@ -73,6 +80,13 @@ class DecryptKeyError(AWSEncryptionSDKClientError):
     """Exception class for errors encountered when MasterKeys try to decrypt data keys."""
 
 
+class SignatureKeyError(AWSEncryptionSDKClientError):
+    """Exception class for errors encountered with signing or verification keys.
+
+    .. versionadded:: 1.5.0
+    """
+
+
 class ActionNotAllowedError(AWSEncryptionSDKClientError):
     """Exception class for errors encountered when attempting to perform unallowed actions."""
 

@@ -328,3 +328,13 @@ class ContentAADString(Enum):
     FRAME_STRING_ID = b"AWSKMSEncryptionClient Frame"
     FINAL_FRAME_STRING_ID = b"AWSKMSEncryptionClient Final Frame"
     NON_FRAMED_STRING_ID = b"AWSKMSEncryptionClient Single Block"
+
+
+class KeyringTraceFlag(Enum):
+    """KeyRing Trace actions."""
+
+    WRAPPING_KEY_GENERATED_DATA_KEY = 1
+    WRAPPING_KEY_ENCRYPTED_DATA_KEY = 1 << 1
+    WRAPPING_KEY_DECRYPTED_DATA_KEY = 1 << 2
+    WRAPPING_KEY_SIGNED_ENC_CTX = 1 << 3
+    WRAPPING_KEY_VERIFIED_ENC_CTX = 1 << 4
@@ -0,0 +1,54 @@
+# Copyright 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+"""Base class interface for Keyrings."""
+from aws_encryption_sdk.materials_managers import DecryptionMaterials, EncryptionMaterials
+from aws_encryption_sdk.structures import EncryptedDataKey
+
+try:  # Python 3.5.0 and 3.5.1 have incompatible typing modules
+    from typing import Iterable  # noqa pylint: disable=unused-import
+except ImportError:  # pragma: no cover
+    # We only actually need these imports when running the mypy checks
+    pass
+
+
+class Keyring(object):
+    """Parent interface for Keyring classes.
+
+    .. versionadded:: 1.5.0
+    """
+
+    def on_encrypt(self, encryption_materials):
+        # type: (EncryptionMaterials) -> EncryptionMaterials
+        """Generate a data key if not present and encrypt it using any available wrapping key.
+
+        :param encryption_materials: Encryption materials for the keyring to modify.
+        :type encryption_materials: aws_encryption_sdk.materials_managers.EncryptionMaterials
+        :returns: Optionally modified encryption materials.
+        :rtype: aws_encryption_sdk.materials_managers.EncryptionMaterials
+        :raises NotImplementedError: if method is not implemented
+        """
+        raise NotImplementedError("Keyring does not implement on_encrypt function")
+
+    def on_decrypt(self, decryption_materials, encrypted_data_keys):
+        # type: (DecryptionMaterials, Iterable[EncryptedDataKey]) -> DecryptionMaterials
+        """Attempt to decrypt the encrypted data keys.
+
+        :param decryption_materials: Decryption materials for the keyring to modify.
+        :type decryption_materials: aws_encryption_sdk.materials_managers.DecryptionMaterials
+        :param encrypted_data_keys: List of encrypted data keys.
+        :type: Iterable of :class:`aws_encryption_sdk.structures.EncryptedDataKey`
+        :returns: Optionally modified decryption materials.
+        :rtype: aws_encryption_sdk.materials_managers.DecryptionMaterials
+        :raises NotImplementedError: if method is not implemented
+        """
+        raise NotImplementedError("Keyring does not implement on_decrypt function")