in src/dynamodb_encryption_sdk/internal/crypto/authentication.py [0:0]
def _string_to_sign(item, table_name, attribute_actions):
# type: (dynamodb_types.ITEM, Text, AttributeActions) -> bytes
"""Generate the string to sign from an encrypted item and configuration.
:param dict item: Encrypted DynamoDB item
:param str table_name: Table name to use when generating the string to sign
:param AttributeActions attribute_actions: Actions to take for item
"""
hasher = hashes.Hash(hashes.SHA256(), backend=default_backend())
data_to_sign = bytearray()
data_to_sign.extend(_hash_data(hasher=hasher, data="TABLE>{}<TABLE".format(table_name).encode(TEXT_ENCODING)))
for key in sorted(item.keys()):
action = attribute_actions.action(key)
if action is CryptoAction.DO_NOTHING:
continue
data_to_sign.extend(_hash_data(hasher=hasher, data=key.encode(TEXT_ENCODING)))
# for some reason pylint can't follow the Enum member attributes
if action is CryptoAction.SIGN_ONLY:
data_to_sign.extend(SignatureValues.PLAINTEXT.sha256) # pylint: disable=no-member
else:
data_to_sign.extend(SignatureValues.ENCRYPTED.sha256) # pylint: disable=no-member
data_to_sign.extend(_hash_data(hasher=hasher, data=serialize_attribute(item[key])))
return bytes(data_to_sign)