add is_complete properties to EncryptionMaterials and DecryptionMaterials

mattsb42-aws · mattsb42-aws · commit 73027752fcd1 · 2019-07-02T18:44:00.000-07:00
diff --git a/src/aws_encryption_sdk/materials_managers/__init__.py b/src/aws_encryption_sdk/materials_managers/__init__.py
@@ -223,6 +223,9 @@ def __init__(
         if data_encryption_key is None and encrypted_data_keys is not None:
             raise TypeError("encrypted_data_keys cannot be provided without data_encryption_key")
 
+        if encrypted_data_keys is None:
+            encrypted_data_keys = []
+
         super(EncryptionMaterials, self).__init__(
             algorithm=algorithm,
             encryption_context=encryption_context,
@@ -242,6 +245,24 @@ def encrypted_data_keys(self):
         """
         return frozenset(self._encrypted_data_keys)
 
+    @property
+    def is_complete(self):
+        # type: () -> bool
+        """Determine whether these materials are sufficiently complete for use as decryption materials.
+
+        :rtype: bool
+        """
+        if self.data_encryption_key is None:
+            return False
+
+        if not self.encrypted_data_keys:
+            return False
+
+        if self.algorithm.signing_algorithm_info is not None and self.signing_key is None:
+            return False
+
+        return True
+
     def add_data_encryption_key(self, data_encryption_key, keyring_trace):
         # type: (Union[DataKey, RawDataKey], KeyringTrace) -> None
         """Add a plaintext data encryption key.
@@ -380,6 +401,24 @@ def __init__(
         self._setattr("verification_key", verification_key)
         attr.validate(self)
 
+    @property
+    def is_complete(self):
+        # type: () -> bool
+        """Determine whether these materials are sufficiently complete for use as decryption materials.
+
+        :rtype: bool
+        """
+        if None in (self.algorithm, self.encryption_context):
+            return False
+
+        if self.data_encryption_key is None:
+            return False
+
+        if self.algorithm.signing_algorithm_info is not None and self.verification_key is None:
+            return False
+
+        return True
+
     @property
     def data_key(self):
         # type: () -> RawDataKey
diff --git a/test/unit/test_material_managers.py b/test/unit/test_material_managers.py
@@ -215,13 +215,32 @@ def test_immutable_keyring_trace(material_class):
         materials.keyring_trace.append(42)
 
 
+@pytest.mark.parametrize("material_class", (CryptographicMaterials, EncryptionMaterials, DecryptionMaterials))
+def test_empty_keyring_trace(material_class):
+    materials = material_class(**_copy_and_update_kwargs(material_class.__name__, dict(keyring_trace=_REMOVE)))
+
+    trace = materials.keyring_trace
+
+    assert isinstance(trace, tuple)
+    assert not trace
+
+
 def test_immutable_encrypted_data_keys():
     materials = EncryptionMaterials(**_VALID_KWARGS["EncryptionMaterials"])
 
     with pytest.raises(AttributeError):
         materials.encrypted_data_keys.add(42)
 
 
+def test_empty_encrypted_data_keys():
+    materials = EncryptionMaterials(**_copy_and_update_kwargs("EncryptionMaterials", dict(encrypted_data_keys=_REMOVE)))
+
+    edks = materials.encrypted_data_keys
+
+    assert isinstance(edks, frozenset)
+    assert not edks
+
+
 @pytest.mark.parametrize(
     "material_class, flag",
     (
@@ -415,3 +434,46 @@ def test_add_verification_key_fail(mod_kwargs, verification_key, exception_type,
         materials.add_verification_key(verification_key=verification_key)
 
     excinfo.match(exception_message)
+
+
+def test_decryption_materials_is_complete():
+    materials = DecryptionMaterials(**_copy_and_update_kwargs("DecryptionMaterials", {}))
+
+    assert materials.is_complete
+
+
+@pytest.mark.parametrize(
+    "mod_kwargs",
+    (
+        dict(algorithm=_REMOVE),
+        dict(encryption_context=_REMOVE),
+        dict(data_encryption_key=_REMOVE, data_key=_REMOVE),
+        dict(verification_key=_REMOVE),
+    ),
+)
+def test_decryption_materials_is_not_complete(mod_kwargs):
+    kwargs = _copy_and_update_kwargs("DecryptionMaterials", mod_kwargs)
+    materials = DecryptionMaterials(**kwargs)
+
+    assert not materials.is_complete
+
+
+def test_encryption_materials_is_complete():
+    materials = EncryptionMaterials(**_copy_and_update_kwargs("EncryptionMaterials", {}))
+
+    assert materials.is_complete
+
+
+@pytest.mark.parametrize(
+    "mod_kwargs",
+    (
+        dict(data_encryption_key=_REMOVE, encrypted_data_keys=_REMOVE),
+        dict(encrypted_data_keys=_REMOVE),
+        dict(signing_key=_REMOVE),
+    ),
+)
+def test_encryption_materials_is_not_complete(mod_kwargs):
+    kwargs = _copy_and_update_kwargs("EncryptionMaterials", mod_kwargs)
+    materials = EncryptionMaterials(**kwargs)
+
+    assert not materials.is_complete
