chore: warn against use of Encryption Context for non-kms keyrings. (#173)

* chore: warn against use of Encryption Context.

* add javadoc comment

Author: imabhichow

src/main/java/software/amazon/encryption/s3/materials/AesKeyring.java

@@ -98,6 +98,13 @@ public EncryptionMaterials generateDataKey(EncryptionMaterials materials) {
             return defaultGenerateDataKey(materials);
         }
 
+        @Override
+        public EncryptionMaterials modifyMaterials(EncryptionMaterials materials) {
+            warnIfEncryptionContextIsPresent(materials);
+
+            return materials;
+        }
+
         @Override
         public byte[] encryptDataKey(SecureRandom secureRandom,
                 EncryptionMaterials materials)

src/main/java/software/amazon/encryption/s3/materials/RsaKeyring.java

@@ -102,6 +102,13 @@ public EncryptionMaterials generateDataKey(EncryptionMaterials materials) {
             return defaultGenerateDataKey(materials);
         }
 
+        @Override
+        public EncryptionMaterials modifyMaterials(EncryptionMaterials materials) {
+            warnIfEncryptionContextIsPresent(materials);
+
+            return materials;
+        }
+
         @Override
         public byte[] encryptDataKey(SecureRandom secureRandom,
                                      EncryptionMaterials materials) throws GeneralSecurityException {

src/main/java/software/amazon/encryption/s3/materials/S3Keyring.java

@@ -3,6 +3,7 @@
 package software.amazon.encryption.s3.materials;
 
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+import software.amazon.encryption.s3.S3EncryptionClient;
 import software.amazon.encryption.s3.S3EncryptionClientException;
 
 import java.nio.charset.StandardCharsets;
@@ -13,6 +14,8 @@
 import java.util.Map;
 import javax.crypto.SecretKey;
 
+import org.apache.commons.logging.LogFactory;
+
 /**
  * This serves as the base class for all the keyrings in the S3 encryption client.
  * Shared functionality is all performed here.
@@ -124,6 +127,24 @@ public DecryptionMaterials onDecrypt(final DecryptionMaterials materials, List<E
 
     abstract protected Map<String, DecryptDataKeyStrategy> decryptDataKeyStrategies();
 
+    /**
+     * Checks if an encryption context is present in the EncryptionMaterials and issues a warning
+     * if an encryption context is found.
+     * <p>
+     * Encryption context is not recommended for use with
+     * non-KMS keyrings as it may not provide additional security benefits.
+     *
+     * @param materials EncryptionMaterials
+     */
+    public void warnIfEncryptionContextIsPresent(EncryptionMaterials materials) {
+        materials.s3Request().overrideConfiguration()
+                .flatMap(overrideConfiguration ->
+                                 overrideConfiguration.executionAttributes()
+                                         .getOptionalAttribute(S3EncryptionClient.ENCRYPTION_CONTEXT))
+                .ifPresent(ctx -> LogFactory.getLog(getClass()).warn("Usage of Encryption Context provides no security benefit in " + getClass().getSimpleName()));
+
+    }
+
     abstract public static class Builder<KeyringT extends S3Keyring, BuilderT extends Builder<KeyringT, BuilderT>> {
         private boolean _enableLegacyWrappingAlgorithms = false;
         private SecureRandom _secureRandom;