in TestVectors/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/encryptionsdk/wrapped/TestESDK.java [42:159]
public Result<DecryptOutput, Error> Decrypt(DecryptInput dafnyInput) {
try {
software.amazon.cryptography.encryptionsdk.model.DecryptInput nativeInput =
ToNative.DecryptInput(dafnyInput);
MasterKeyProvider<?> provider = null;
// Convert will handle supported keyrings directly
// Returns null for unsupported MKP to allow encryption/decryption with keyrings instead
if (_prefer_mkp_over_keyring) {
if (dafnyInput.dtor_keyring().is_Some()) {
provider =
createMasterKeyProvider(dafnyInput.dtor_keyring().dtor_value());
} else if (dafnyInput.dtor_materialsManager().is_Some()) {
provider =
createMasterKeyProvider(
dafnyInput.dtor_materialsManager().dtor_value()
);
}
}
final CryptoResult<byte[], ?> decryptResult;
if (_prefer_mkp_over_keyring && provider != null) {
decryptResult =
this._impl.decryptData(provider, nativeInput.ciphertext().array());
if (!Objects.isNull(nativeInput.encryptionContext())) {
// For ESDK Java V2, We do not support to verify encryption context during decrypt call.
// We have to explicitly verify for EC outside of decrypt. For V3, MKPs were deprecated.
// TODO: Error message SHOULD include expected key-value and actual value
// TODO: If key is missing, error message should detail which key is missing.
if (
!nativeInput
.encryptionContext()
.entrySet()
.stream()
.allMatch(e ->
e
.getValue()
.equals(decryptResult.getEncryptionContext().get(e.getKey()))
)
) {
throw new IllegalStateException(
String.format(
"Encryption Context mismatch - Expected: %s, Actual: %s",
nativeInput.encryptionContext(),
decryptResult.getEncryptionContext()
)
);
}
}
} else {
if (Objects.isNull(nativeInput.materialsManager())) {
// Call decrypt with keyring
if (Objects.isNull(nativeInput.encryptionContext())) {
decryptResult =
this._impl.decryptData(
nativeInput.keyring(),
nativeInput.ciphertext().array()
);
} else {
decryptResult =
this._impl.decryptData(
nativeInput.keyring(),
nativeInput.ciphertext().array(),
nativeInput.encryptionContext()
);
}
} else {
if (Objects.isNull(nativeInput.encryptionContext())) {
decryptResult =
this._impl.decryptData(
nativeInput.materialsManager(),
nativeInput.ciphertext().array()
);
} else {
decryptResult =
this._impl.decryptData(
nativeInput.materialsManager(),
nativeInput.ciphertext().array(),
nativeInput.encryptionContext()
);
}
}
}
// Convert Legacy ESDK-Java CryptoResult to Dafny-Java-Native ESDK DecryptOutput
DafnySequence<? extends Byte> plaintext = Simple.ByteSequence(
decryptResult.getResult()
);
DafnyMap<
? extends DafnySequence<? extends Byte>,
? extends DafnySequence<? extends Byte>
> encryptionContext =
software.amazon.cryptography.materialproviders.ToDafny.EncryptionContext(
decryptResult.getEncryptionContext()
);
ESDKAlgorithmSuiteId algorithmSuiteId =
software.amazon.cryptography.materialproviders.ToDafny.ESDKAlgorithmSuiteId(
decryptResult.getCryptoAlgorithm().getAlgorithmSuiteId().ESDK()
);
DecryptOutput dafnyOutput = new DecryptOutput(
plaintext,
encryptionContext,
algorithmSuiteId
);
return Result.create_Success(
DecryptOutput._typeDescriptor(),
Error._typeDescriptor(),
dafnyOutput
);
} catch (RuntimeException ex) {
return Result.create_Failure(
DecryptOutput._typeDescriptor(),
Error._typeDescriptor(),
ToDafny.Error(ex)
);
}
}