Updating wording of some examples

WesleyRosenblum · WesleyRosenblum · commit 0bd25878e68c · 2020-02-07T11:06:06.000-08:00
diff --git a/src/examples/java/com/amazonaws/crypto/examples/BasicEncryptionExample.java b/src/examples/java/com/amazonaws/crypto/examples/BasicEncryptionExample.java
@@ -78,20 +78,15 @@ static void encryptAndDecrypt(final AwsKmsCmkId keyArn) {
                         .keyring(keyring)
                         .ciphertext(ciphertext).build());
 
-        // 6. Before verifying the plaintext, inspect the Keyring Trace to verify that the CMK used
-        //    to decrypt the encrypted data key was the CMK in the encryption keyring.
+        // 6. The Keyring Trace may be inspected to verify which CMK was used for decryption.
         if(!decryptResult.getKeyringTrace().getEntries().get(0).getKeyName().equals(keyArn.toString())) {
             throw new IllegalStateException("Wrong key ID!");
         }
 
-        // 7. Also, verify that the encryption context in the result contains the
-        //    encryption context supplied to the encrypt method. Because the
-        //    SDK can add values to the encryption context, don't require that
-        //    the entire context matches.
-        if (!encryptionContext.entrySet().stream()
-                .allMatch(e -> e.getValue().equals(decryptResult.getEncryptionContext().get(e.getKey())))) {
-            throw new IllegalStateException("Wrong Encryption Context!");
-        }
+        // 7. Verify that the encryption context in the result contains the
+        //    data that we expect. The SDK can add values to the encryption context,
+        //    so there may be additional keys in the result context.
+        assert decryptResult.getEncryptionContext().get("ExampleContextKey").equals("ExampleContextValue");
 
         // 8. Verify that the decrypted plaintext matches the original plaintext
         assert Arrays.equals(decryptResult.getResult(), EXAMPLE_DATA);
diff --git a/src/examples/java/com/amazonaws/crypto/examples/RawAesKeyringExample.java b/src/examples/java/com/amazonaws/crypto/examples/RawAesKeyringExample.java
@@ -76,22 +76,12 @@ static void encryptAndDecrypt() {
                 .keyring(keyring)
                 .ciphertext(ciphertext).build());
 
-        // 7. Before verifying the plaintext, verify that the key that was used in the encryption
-        //    operation was the one used during the decryption operation.
-        if (!decryptResult.getKeyringTrace().getEntries().get(0).getKeyName().equals("ExampleKeyName")) {
-            throw new IllegalStateException("Wrong key ID!");
-        }
+        // 7. Verify that the encryption context in the result contains the
+        // data that we expect. The SDK can add values to the encryption context,
+        // so there may be additional keys in the result context.
+        assert decryptResult.getEncryptionContext().get("ExampleContextKey").equals("ExampleContextValue");
 
-        // 8. Also, verify that the encryption context in the result contains the
-        // encryption context supplied to the encrypt method. Because the
-        // SDK can add values to the encryption context, don't require that
-        // the entire context matches.
-        if (!encryptionContext.entrySet().stream()
-                .allMatch(e -> e.getValue().equals(decryptResult.getEncryptionContext().get(e.getKey())))) {
-            throw new IllegalStateException("Wrong Encryption Context!");
-        }
-
-        // 9. Verify that the decrypted plaintext matches the original plaintext
+        // 8. Verify that the decrypted plaintext matches the original plaintext
         assert Arrays.equals(decryptResult.getResult(), EXAMPLE_DATA);
     }
 
diff --git a/src/examples/java/com/amazonaws/crypto/examples/RawRsaKeyringDecryptExample.java b/src/examples/java/com/amazonaws/crypto/examples/RawRsaKeyringDecryptExample.java
@@ -43,7 +43,12 @@ public static byte[] decrypt(byte[] ciphertext, KeyPair keyPair) {
                 .keyring(keyring)
                 .ciphertext(ciphertext).build());
 
-        // 4. Return the decrypted byte array result
+        // 4. Verify that the encryption context in the result contains the
+        // data that we expect. The SDK can add values to the encryption context,
+        // so there may be additional keys in the result context.
+        assert decryptResult.getEncryptionContext().get("ExampleContextKey").equals("ExampleContextValue");
+
+        // 5. Return the decrypted byte array result
         return decryptResult.getResult();
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,12 @@ public static byte[] decrypt(byte[] ciphertext, KeyPair keyPair) {`
`43`	`43`	`.keyring(keyring)`
`44`	`44`	`.ciphertext(ciphertext).build());`
`45`	`45`
`46`		`- // 4. Return the decrypted byte array result`
	`46`	`+ // 4. Verify that the encryption context in the result contains the`
	`47`	`+ // data that we expect. The SDK can add values to the encryption context,`
	`48`	`+ // so there may be additional keys in the result context.`
	`49`	`+ assert decryptResult.getEncryptionContext().get("ExampleContextKey").equals("ExampleContextValue");`
	`50`	`+`
	`51`	`+ // 5. Return the decrypted byte array result`
`47`	`52`	`return decryptResult.getResult();`
`48`	`53`	`}`
`49`	`54`	`}`