in src/aws_encryption_sdk/key_providers/base.py [0:0]
def decrypt_data_key_from_list(self, encrypted_data_keys, algorithm, encryption_context):
"""Receives a list of encrypted data keys and returns the first one which this provider is able to decrypt.
:param encrypted_data_keys: List of encrypted data keys
:type encrypted_data_keys: list of :class:`aws_encryption_sdk.structures.EncryptedDataKey`
:param algorithm: Algorithm object which directs how this Master Key will encrypt the data key
:type algorithm: aws_encryption_sdk.identifiers.Algorithm
:param dict encryption_context: Encryption context to use in encryption
:returns: Decrypted data key
:rtype: aws_encryption_sdk.structures.DataKey
:raises DecryptKeyError: if unable to decrypt any of the supplied encrypted data keys
"""
data_key = None
for encrypted_data_key in encrypted_data_keys:
try:
data_key = self.decrypt_data_key(encrypted_data_key, algorithm, encryption_context)
# MasterKeyProvider.decrypt_data_key throws DecryptKeyError
# but MasterKey.decrypt_data_key throws IncorrectMasterKeyError and InvalidDataKeyError
except (DecryptKeyError, IncorrectMasterKeyError, InvalidDataKeyError):
continue
else:
break
if not data_key:
raise DecryptKeyError("Unable to decrypt any data key")
return data_key