Apply suggestions from code review

Co-authored-by: José Corella <[email protected]>

Author: seebees

modules/branch-keystore-node/src/branch_keystore_helpers.ts

@@ -11,7 +11,6 @@ import {
 import { unmarshall } from '@aws-sdk/util-dynamodb'
 import { BranchKeyItem, BranchKeyRecord } from './branch_keystore_structures'
 import { EncryptedHierarchicalKey, BranchKeyEncryptionContext } from './types'
-// import { IBranchKeyStoreNode } from './branch_keystore'
 import { DecryptCommand } from '@aws-sdk/client-kms'
 import { KmsKeyConfig } from './kms_config'
 import {
@@ -71,7 +70,7 @@ export async function getBranchKeyItem(
   // error out if there is not Item field (record not found)
   needs(
     responseItem,
-    `A branch key record with ${PARTITION_KEY}=${partitionValue} and ${SORT_KEY}=${sortValue} was not found in DynamoDB`
+    `A branch key record with ${PARTITION_KEY}=${partitionValue} and ${SORT_KEY}=${sortValue} was not found in the DynamoDB table ${ddbTableName}.`
   )
   // at this point, we got back a record so convert the DDB response item into
   // a more JS-friendly object

modules/branch-keystore-node/src/dynamodb_key_storage.ts

@@ -58,9 +58,9 @@ export class DynamoDBKeyStorage implements IBranchKeyStorage {
 
     needs(
       typeof logicalKeyStoreName === 'string',
-      'DDB table name must be a string'
+      'Logical Key Store name must be a string'
     )
-
+needs(logicalKeyStoreName, 'Logical Key Store name required')
     /* Precondition: DDB client must be a DynamoDBClient */
     needs(
       ddbClient instanceof DynamoDBClient,
@@ -154,7 +154,10 @@ export class DynamoDBKeyStorage implements IBranchKeyStorage {
 
     //= aws-encryption-sdk-specification/framework/key-store/dynamodb-key-storage.md#getencryptedbranchkeyversion
     //# The returned EncryptedHierarchicalKey MUST have the same identifier as the input.
-    needs(encrypted.branchKeyId == branchKeyId, 'Unexpected branch key id.')
+    needs(
+       encrypted.branchKeyId == branchKeyId,
+       'Unexpected branch key id. Expected ${branchKeyId}, found ${encrypted.branchKeyId}'
+   )
 
     //= aws-encryption-sdk-specification/framework/key-store/dynamodb-key-storage.md#getencryptedbranchkeyversion
     //# The returned EncryptedHierarchicalKey MUST have the same version as the input.

modules/branch-keystore-node/test/branch_keystore_helpers.test.ts

@@ -42,9 +42,6 @@ import {
 import { DynamoDBKeyStorage } from '../src/dynamodb_key_storage'
 import {
   EncryptedHierarchicalKey,
-  // ActiveKeyEncryptionContext,
-  // VersionKeyEncryptionContext,
-  // BranchKeyVersionType,
 } from '../src/types'
 
 const VALID_CUSTOM_ENCRYPTION_CONTEXT_KV_PAIRS = {

modules/example-node/hkr-demo/hkr.ts

@@ -18,7 +18,7 @@ const { encrypt, decrypt } = buildClient(
 const MAX_INPUT_LENGTH = 20
 const MIN_INPUT_LENGTH = 15
 const PURPLE_LOG = '\x1b[35m%s\x1b[0m'
-const YELLO_LOG = '\x1b[33m%s\x1b[0m'
+const YELLOW_LOG = '\x1b[33m%s\x1b[0m'
 const GREEN_LOG = '\x1b[32m%s\x1b[0m'
 const RED_LOG = '\x1b[31m%s\x1b[0m'
 

modules/kms-keyring-node/src/kms_hkeyring_node_helpers.ts

@@ -19,13 +19,10 @@ import {
   createHash,
   randomBytes,
 } from 'crypto'
-// import { uInt32BE } from '@aws-crypto/serialize'
 import { CryptographicMaterialsCache } from '@aws-crypto/cache-material'
 import { kdfCounterMode } from '@aws-crypto/kdf-ctr-mode-node'
 import {
-  // ACTIVE_AS_BYTES,
   CACHE_ENTRY_ID_DIGEST_ALGORITHM,
-  // CACHE_ENTRY_ID_LENGTH,
   CIPHERTEXT_STRUCTURE,
   DECRYPT_FLAGS,
   DERIVED_BRANCH_KEY_LENGTH,
@@ -50,8 +47,6 @@ export const { uuidv4ToCompressedBytes, decompressBytesToUuidv4 } =
   uuidv4Factory(stringToHexBytes, hexBytesToString)
 export const { serializeEncryptionContext } =
   serializeFactory(stringToUtf8Bytes)
-// const stringToAsciiBytes = (input: string): Buffer =>
-//   Buffer.from(input, 'ascii')
 
 export function getBranchKeyId(
   { branchKeyId, branchKeyIdSupplier }: IKmsHierarchicalKeyRingNode,
@@ -185,33 +180,8 @@ export function getCacheEntryId(
     ])
   }
 
-  // const entryInfo = versionAsBytes
-  //   ? Buffer.concat([
-  //       RESOURCE_ID,
-  //       NULL_BYTE,
-  //       DECRYPTION_SCOPE,
-  //       NULL_BYTE,
-  //       partitionId,
-  //       NULL_BYTE,
-  //       logicalKeyStoreName,
-  //       NULL_BYTE,
-  //       branchKeyIdAsBytes,
-  //       NULL_BYTE,
-  //       versionAsBytes,
-  //     ])
-  //   : Buffer.concat([
-  //       RESOURCE_ID,
-  //       NULL_BYTE,
-  //       ENCRYPTION_SCOPE,
-  //       NULL_BYTE,
-  //       partitionId,
-  //       NULL_BYTE,
-  //       logicalKeyStoreName,
-  //       NULL_BYTE,
-  //       branchKeyIdAsBytes,
-  //     ])
-
-  // encrypt the branch key id buffer with sha512
+
+  // hash the branch key id buffer with sha512
   return createHash(CACHE_ENTRY_ID_DIGEST_ALGORITHM)
     .update(entryInfo)
     .digest()