public DataKey decryptDataKey()

in src/main/java/com/amazonaws/encryptionsdk/kms/KmsMasterKey.java [156:198]

• 42 lines of code
• 7 McCabe index (conditional complexity)

  public DataKey<KmsMasterKey> decryptDataKey(
      final CryptoAlgorithm algorithm,
      final Collection<? extends EncryptedDataKey> encryptedDataKeys,
      final Map<String, String> encryptionContext)
      throws UnsupportedProviderException, AwsCryptoException {
    final List<Exception> exceptions = new ArrayList<>();
    for (final EncryptedDataKey edk : encryptedDataKeys) {
      try {
        final String edkKeyId = new String(edk.getProviderInformation(), StandardCharsets.UTF_8);
        if (!edkKeyId.equals(id_)) {
          continue;
        }
        final DecryptResult decryptResult =
            kms_.get()
                .decrypt(
                    updateUserAgent(
                        new DecryptRequest()
                            .withCiphertextBlob(ByteBuffer.wrap(edk.getEncryptedDataKey()))
                            .withEncryptionContext(encryptionContext)
                            .withGrantTokens(grantTokens_)
                            .withKeyId(edkKeyId)));
        if (decryptResult.getKeyId() == null) {
          throw new IllegalStateException("Received an empty keyId from KMS");
        }
        if (decryptResult.getKeyId().equals(id_)) {
          final byte[] rawKey = new byte[algorithm.getDataKeyLength()];
          decryptResult.getPlaintext().get(rawKey);
          if (decryptResult.getPlaintext().remaining() > 0) {
            throw new IllegalStateException("Received an unexpected number of bytes from KMS");
          }
          return new DataKey<>(
              new SecretKeySpec(rawKey, algorithm.getDataKeyAlgo()),
              edk.getEncryptedDataKey(),
              edk.getProviderInformation(),
              this);
        }
      } catch (final AmazonServiceException awsex) {
        exceptions.add(awsex);
      }
    }

    throw buildCannotDecryptDksException(exceptions);
  }