@@ -82,16 +82,15 @@ def encrypt_dynamodb_item(item, crypto_config):
8282
8383 encrypted_item = {}
8484 for name , attribute in item .items ():
85- if crypto_config .attribute_actions .action (name ) is not CryptoAction .ENCRYPT_AND_SIGN :
85+ if crypto_config .attribute_actions .action (name ) is CryptoAction .ENCRYPT_AND_SIGN :
86+ encrypted_item [name ] = encrypt_attribute (
87+ attribute_name = name ,
88+ attribute = attribute ,
89+ encryption_key = encryption_materials .encryption_key ,
90+ algorithm = algorithm_descriptor
91+ )
92+ else :
8693 encrypted_item [name ] = attribute .copy ()
87- continue
88-
89- encrypted_item [name ] = encrypt_attribute (
90- attribute_name = name ,
91- attribute = attribute ,
92- encryption_key = encryption_materials .encryption_key ,
93- algorithm = algorithm_descriptor
94- )
9594
9695 signature_attribute = sign_item (encrypted_item , encryption_materials .signing_key , crypto_config )
9796 encrypted_item [ReservedAttributes .SIGNATURE .value ] = signature_attribute
@@ -192,16 +191,16 @@ def decrypt_dynamodb_item(item, crypto_config):
192191 # Once the signature has been verified, actually decrypt the item attributes.
193192 decrypted_item = {}
194193 for name , attribute in item .items ():
195- if inner_crypto_config .attribute_actions .action (name ) is not CryptoAction .ENCRYPT_AND_SIGN :
194+ if inner_crypto_config .attribute_actions .action (name ) is CryptoAction .ENCRYPT_AND_SIGN :
195+ decrypted_item [name ] = decrypt_attribute (
196+ attribute_name = name ,
197+ attribute = attribute ,
198+ decryption_key = decryption_key ,
199+ algorithm = algorithm_descriptor
200+ )
201+ else :
196202 decrypted_item [name ] = attribute .copy ()
197- continue
198-
199- decrypted_item [name ] = decrypt_attribute (
200- attribute_name = name ,
201- attribute = attribute ,
202- decryption_key = decryption_key ,
203- algorithm = algorithm_descriptor
204- )
203+
205204 return decrypted_item
206205
207206
0 commit comments