Skip to content

Commit 601889a

Browse files
committed
bug: Removes the internal added prefix from custom encryption context before creating the branch key material node object
1 parent e35a0fb commit 601889a

File tree

2 files changed

+16
-3
lines changed

2 files changed

+16
-3
lines changed

modules/branch-keystore-node/src/branch_keystore_helpers.ts

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -351,7 +351,9 @@ function constructCustomEncryptionContext(
351351
//# for the constructed key.
352352
for (const [key, value] of Object.entries(authenticatedEncryptionContext)) {
353353
if (key.startsWith(CUSTOM_ENCRYPTION_CONTEXT_FIELD_PREFIX)) {
354-
customEncryptionContext[key] = value
354+
customEncryptionContext[
355+
key.slice(CUSTOM_ENCRYPTION_CONTEXT_FIELD_PREFIX.length)
356+
] = value
355357
}
356358
}
357359

modules/branch-keystore-node/test/branch_keystore_helpers.test.ts

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@ import {
3737
TYPE_FIELD,
3838
PARTITION_KEY,
3939
SORT_KEY,
40+
CUSTOM_ENCRYPTION_CONTEXT_FIELD_PREFIX,
4041
} from '../src/constants'
4142
import { DynamoDBKeyStorage } from '../src/dynamodb_key_storage'
4243
import { EncryptedHierarchicalKey } from '../src/types'
@@ -53,6 +54,16 @@ const VALID_CUSTOM_ENCRYPTION_CONTEXT = Object.fromEntries(
5354
)
5455
)
5556

57+
// Expected output after stripping the `aws-crypto-ec:` prefix
58+
const EXPECTED_CUSTOM_ENCRYPTION_CONTEXT = Object.fromEntries(
59+
Object.entries({ ...VALID_CUSTOM_ENCRYPTION_CONTEXT_KV_PAIRS }).map(
60+
([key, value]) => [
61+
key.slice(CUSTOM_ENCRYPTION_CONTEXT_FIELD_PREFIX.length),
62+
value.toString(),
63+
]
64+
)
65+
)
66+
5667
const INVALID_CUSTOM_ENCRYPTION_CONTEXT_KV_PAIRS = {
5768
'awz-crypto-ec:key1': 'value 1',
5869
key2: 'value 2',
@@ -650,7 +661,7 @@ describe('Test keystore helpers', () => {
650661
Buffer.from(ENCRYPTED_ACTIVE_BRANCH_KEY.type.version, 'utf-8')
651662
)
652663
expect(activeBranchKeyMaterials.encryptionContext).deep.equals(
653-
VALID_CUSTOM_ENCRYPTION_CONTEXT
664+
EXPECTED_CUSTOM_ENCRYPTION_CONTEXT
654665
)
655666

656667
const versionedBranchKeyMaterials = constructBranchKeyMaterials(
@@ -671,7 +682,7 @@ describe('Test keystore helpers', () => {
671682
Buffer.from(ENCRYPTED_VERSION_BRANCH_KEY.type.version, 'utf-8')
672683
)
673684
expect(versionedBranchKeyMaterials.encryptionContext).deep.equals(
674-
VALID_CUSTOM_ENCRYPTION_CONTEXT
685+
EXPECTED_CUSTOM_ENCRYPTION_CONTEXT
675686
)
676687
})
677688
})

0 commit comments

Comments
 (0)