public EncryptionMaterials getMaterialsForEncrypt()

in src/main/java/com/amazonaws/encryptionsdk/DefaultCryptoMaterialsManager.java [47:113]

• 53 lines of code
• 11 McCabe index (conditional complexity)

  public EncryptionMaterials getMaterialsForEncrypt(EncryptionMaterialsRequest request) {
    Map<String, String> context = request.getContext();

    CryptoAlgorithm algo = request.getRequestedAlgorithm();
    CommitmentPolicy commitmentPolicy = request.getCommitmentPolicy();
    // Set default according to commitment policy
    if (algo == null && commitmentPolicy == CommitmentPolicy.ForbidEncryptAllowDecrypt) {
      algo = CryptoAlgorithm.ALG_AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384;
    } else if (algo == null) {
      algo = CryptoAlgorithm.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384;
    }

    KeyPair trailingKeys = null;
    if (algo.getTrailingSignatureLength() > 0) {
      try {
        trailingKeys = generateTrailingSigKeyPair(algo);
        if (context.containsKey(Constants.EC_PUBLIC_KEY_FIELD)) {
          throw new IllegalArgumentException(
              "EncryptionContext contains reserved field " + Constants.EC_PUBLIC_KEY_FIELD);
        }
        // make mutable
        context = new HashMap<>(context);
        context.put(Constants.EC_PUBLIC_KEY_FIELD, serializeTrailingKeyForEc(algo, trailingKeys));
      } catch (final GeneralSecurityException ex) {
        throw new AwsCryptoException(ex);
      }
    }

    final MasterKeyRequest.Builder mkRequestBuilder = MasterKeyRequest.newBuilder();
    mkRequestBuilder.setEncryptionContext(context);

    mkRequestBuilder.setStreaming(request.getPlaintextSize() == -1);
    if (request.getPlaintext() != null) {
      mkRequestBuilder.setPlaintext(request.getPlaintext());
    } else {
      mkRequestBuilder.setSize(request.getPlaintextSize());
    }

    @SuppressWarnings("unchecked")
    final List<MasterKey> mks =
        (List<MasterKey>)
            assertNonNull(mkp, "provider").getMasterKeysForEncryption(mkRequestBuilder.build());

    if (mks.isEmpty()) {
      throw new IllegalArgumentException("No master keys provided");
    }

    DataKey<?> dataKey = mks.get(0).generateDataKey(algo, context);

    List<KeyBlob> keyBlobs = new ArrayList<>(mks.size());
    keyBlobs.add(new KeyBlob(dataKey));

    for (int i = 1; i < mks.size(); i++) {
      //noinspection unchecked
      keyBlobs.add(new KeyBlob(mks.get(i).encryptDataKey(algo, context, dataKey)));
    }

    //noinspection unchecked
    return EncryptionMaterials.newBuilder()
        .setAlgorithm(algo)
        .setCleartextDataKey(dataKey.getKey())
        .setEncryptedDataKeys(keyBlobs)
        .setEncryptionContext(context)
        .setTrailingSignatureKey(trailingKeys == null ? null : trailingKeys.getPrivate())
        .setMasterKeys(mks)
        .build();
  }