public Map decryptRecord()

in DynamoDbEncryption/runtimes/java/src/main/sdkv1/com/amazonaws/services/dynamodbv2/datamodeling/encryption/DynamoDBEncryptor.java [289:370]

• 72 lines of code
• 7 McCabe index (conditional complexity)

  public Map<String, AttributeValue> decryptRecord(
    Map<String, AttributeValue> itemAttributes,
    Map<String, Set<EncryptionFlags>> attributeActionsOnEncrypt,
    EncryptionContext context
  ) throws GeneralSecurityException {
    if (
      !itemContainsFieldsToDecryptOrSign(
        itemAttributes.keySet(),
        attributeActionsOnEncrypt
      )
    ) {
      return itemAttributes;
    }
    // Copy to avoid changing anyone elses objects
    itemAttributes = new HashMap<String, AttributeValue>(itemAttributes);

    Map<String, String> materialDescription = Collections.emptyMap();
    DecryptionMaterials materials;
    SecretKey decryptionKey;

    DynamoDBSigner signer = DynamoDBSigner.getInstance(
      DEFAULT_SIGNATURE_ALGORITHM,
      Utils.getRng()
    );

    if (itemAttributes.containsKey(materialDescriptionFieldName)) {
      materialDescription =
        unmarshallDescription(itemAttributes.get(materialDescriptionFieldName));
    }
    // Copy the material description and attribute values into the context
    context =
      new EncryptionContext.Builder(context)
        .withMaterialDescription(materialDescription)
        .withAttributeValues(itemAttributes)
        .build();

    Function<
      EncryptionContext,
      EncryptionContext
    > encryptionContextOverrideOperator =
      getEncryptionContextOverrideOperator();
    if (encryptionContextOverrideOperator != null) {
      context = encryptionContextOverrideOperator.apply(context);
    }

    materials = encryptionMaterialsProvider.getDecryptionMaterials(context);
    decryptionKey = materials.getDecryptionKey();
    if (materialDescription.containsKey(signingAlgorithmHeader)) {
      String signingAlg = materialDescription.get(signingAlgorithmHeader);
      signer = DynamoDBSigner.getInstance(signingAlg, Utils.getRng());
    }

    ByteBuffer signature;
    if (
      !itemAttributes.containsKey(signatureFieldName) ||
      itemAttributes.get(signatureFieldName).getB() == null
    ) {
      signature = ByteBuffer.allocate(0);
    } else {
      signature =
        itemAttributes.get(signatureFieldName).getB().asReadOnlyBuffer();
    }
    itemAttributes.remove(signatureFieldName);

    String associatedData = "TABLE>" + context.getTableName() + "<TABLE";
    signer.verifySignature(
      itemAttributes,
      attributeActionsOnEncrypt,
      associatedData.getBytes(UTF8),
      materials.getVerificationKey(),
      signature
    );
    itemAttributes.remove(materialDescriptionFieldName);

    actualDecryption(
      itemAttributes,
      attributeActionsOnEncrypt,
      decryptionKey,
      materialDescription
    );
    return itemAttributes;
  }