in src/aws_encryption_sdk/key_providers/base.py [0:0]
def master_keys_for_encryption(self, encryption_context, plaintext_rostream, plaintext_length=None):
"""Returns a set containing all Master Keys added to this Provider, or any member Providers,
which should be used to encrypt data keys for the specified data.
.. note::
This does not necessarily include all Master Keys accessible from this Provider.
.. note::
The Primary Master Key is the first Master Key added to this Master Key Provider
and is the Master Key which will be used to generate the data key.
.. warning::
If plaintext_rostream seek position is modified, it must be returned before leaving method.
:param dict encryption_context: Encryption context passed to client
:param plaintext_rostream: Source plaintext read-only stream
:type plaintext_rostream: aws_encryption_sdk.internal.utils.streams.ROStream
:param int plaintext_length: Length of source plaintext (optional)
:returns: Tuple containing Primary Master Key and List of all Master Keys added to
this Provider and any member Providers
:rtype: tuple containing :class:`aws_encryption_sdk.key_providers.base.MasterKey`
and list of :class:`aws_encryption_sdk.key_providers.base.MasterKey`
"""
primary = None
master_keys = []
for member_provider in self._members:
_primary, _master_keys = member_provider.master_keys_for_encryption(
encryption_context, plaintext_rostream, plaintext_length
)
if primary is None:
primary = _primary
master_keys.extend(_master_keys)
if not master_keys:
raise MasterKeyProviderError("No Master Keys available from Master Key Provider")
return primary, master_keys