o ZhO@sfddlZddlmZddlZzddlmZddlmm Z Wn e y,dZdZ Yn wddl m Z mZdZdZdZdZdZejjejjgZejd d d d Zejd d d dZddZddZddZddZddZddZddZ ddZ!dd Z"d!d"Z#d#d$Z$d%d&Z%d'd(Z&d)d*Z'd+d,Z(ejj)d-d.d/d0Z*ejj)d1d.d2d3Z+d4d5Z,dS)6N) timedelta)InMemoryKmsClientverify_file_encryptedzencrypted_table.in_mem.parquets0123456789112345 footer_keys1234567890123450Zcol_keymodule)scopecCs6tjtgdtgdtgdd}|S)N))abc)xyz)paTableZ from_pydictarray) data_tabler\/var/www/html/lang_env/lib/python3.10/site-packages/pyarrow/tests/parquet/test_encryption.pyr0s    rcCstjttddgid}|S)Nr r )r column_keys)peEncryptionConfigurationFOOTER_KEY_NAME COL_KEY_NAME)basic_encryption_configrrrr:s rc Cs|t}tjttddgidtdddd}tjttdtt did }d d }t |}t |||||t |tj tddd }t||||}||sQJd S)zDWrite an encrypted parquet, verify it's encrypted, and then read it.r r AES_GCM_V1@minutesrrencryption_algorithmcache_lifetimedata_key_length_bitsUTF-8custom_kms_confcSt|SNrZkms_connection_configurationrrr kms_factory[z6test_encrypted_parquet_write_read..kms_factoryr$N) PARQUET_NAMErrrrrKmsConnectionConfig FOOTER_KEYdecodeCOL_KEY CryptoFactorywrite_encrypted_parquetrDecryptionConfigurationread_encrypted_parquetequals) tempdirrpathencryption_configkms_connection_configr-crypto_factorydecryption_config result_tablerrr!test_encrypted_parquet_write_readDs6   rAcCsZ|||}|dus Jtj||j|d}||WddS1s&wYdS)N)Zencryption_properties)file_encryption_propertiespqZ ParquetWriterschemaZ write_table)r;tabler<r=r>rBwriterrrrr6ls  "r6cCsn|||}|dus Jtj||d}|jdksJtj||d}t|jdks*Jtj||d}|jddS)NZdecryption_propertiesr TZ use_threads) file_decryption_propertiesrC read_metadataZ num_columns read_schemalennames ParquetFileread)r;r?r=r>rImetarDresultrrrr8ws   r8c Cs|t}tjttddgidtdddd}tjttdtt did }d d }t |}t |||||t |tjtt dttdid }tj tddd }tjtd dt||||WddS1smwYdS)zYWrite an encrypted parquet, verify it's encrypted, and then read it using wrong keys.r r rrrr!r"r&r'cSr)r*r+r,rrrr-r.z@test_encrypted_parquet_write_read_wrong_key..kms_factoryr/zIncorrect master key usedmatchN)r0rrrrrr1r2r3r4r5r6rr7pytestraises ValueErrorr8) r:rr;r<r=r-r>Zwrong_kms_connection_configr?rrr+test_encrypted_parquet_write_read_wrong_keysD     "rWcCsPt||tjtddt|tWddS1s!wYdS)zmWrite an encrypted parquet, verify it's encrypted, but then try to read it without decryption properties. no decryptionrRN)rArTrUIOErrorrCrNr0rOr:rrrr0test_encrypted_parquet_read_no_decryption_configs "r[cCLt||tjtddt|tWddS1swYdS)zwWrite an encrypted parquet, verify it's encrypted, but then try to read its metadata without decryption properties.rXrRN)rArTrUrYrCrJr0rZrrr9test_encrypted_parquet_read_metadata_no_decryption_configs "r]cCr\)zuWrite an encrypted parquet, verify it's encrypted, but then try to read its schema without decryption properties.rXrRN)rArTrUrYrCrKr0rZrrr7test_encrypted_parquet_read_schema_no_decryption_configs "r^cCs|d}tjtd}tjttdttdid}dd}t|}t j t ddt |||||Wd d S1s>wYd S) zMWrite an encrypted parquet, but give only footer key, without column key.z)encrypted_table_no_col_key.in_mem.parquetrr&r'cSr)r*r+r,rrrr-r.z.kms_factoryz4Either column_keys or uniform_encryption must be setrRN) rrrr1r2r3rr4r5rTrUOSErrorr6r:rr;r<r=r-r>rrr'test_encrypted_parquet_write_no_col_keys$   "rbcCj|d}|}t}dd}t|}tjtddt|||||WddS1s.wYdS).kms_factoryrrRN)rr1r5rTrUKeyErrorr6r:rrr;r<r=r-r>rrr&test_encrypted_parquet_write_kms_errors "rhcs|d}|}t}Gdddtjfdd}t|}tjtddt|||||WddS1s9wYdS) rdrec@(eZdZdZddZddZddZdS) zJtest_encrypted_parquet_write_kms_specific_error..ThrowingKmsClientzVA KmsClient implementation that throws exception in wrap/unwrap calls cSstj|||_dS)z%Create an InMemoryKmsClient instance.N)r KmsClient__init__configselfrlrrrrks  zStest_encrypted_parquet_write_kms_specific_error..ThrowingKmsClient.__init__cStd)NCannot Wrap KeyrVrn key_bytesmaster_key_identifierrrrwrap_keyr.zStest_encrypted_parquet_write_kms_specific_error..ThrowingKmsClient.wrap_keycSro)NzCannot Unwrap KeyrqrnZ wrapped_keyrtrrr unwrap_keyr.zUtest_encrypted_parquet_write_kms_specific_error..ThrowingKmsClient.unwrap_keyN__name__ __module__ __qualname____doc__rkrurwrrrrThrowingKmsClients  r}c|Sr*rr,r}rrr-szDtest_encrypted_parquet_write_kms_specific_error..kms_factoryrprRN)rr1rjr5rTrUrVr6rgrrr/test_encrypted_parquet_write_kms_specific_errors  "rcCrc)z@Write an encrypted parquet, but raise ValueError in kms_factory.0encrypted_table_kms_factory_error.in_mem.parquetcSro)NCannot create KmsClientrqr,rrrr-3r.zCtest_encrypted_parquet_write_kms_factory_error..kms_factoryrrRN)rr1r5rTrUrVr6rgrrr.test_encrypted_parquet_write_kms_factory_error*s "rcsx|d}|}t}Gdddfdd}t|}ttt|||||WddS1s5wYdS)z_Write an encrypted parquet, but use wrong KMS client type that doesn't implement KmsClient.rc@ri) zOtest_encrypted_parquet_write_kms_factory_type_error..WrongTypeKmsClientz4This is not an implementation of KmsClient. cSs |j|_dSr*)r(Zmaster_keys_maprmrrrrkLs zXtest_encrypted_parquet_write_kms_factory_type_error..WrongTypeKmsClient.__init__cSdSr*rrrrrrruOzXtest_encrypted_parquet_write_kms_factory_type_error..WrongTypeKmsClient.wrap_keycSrr*rrvrrrrwRrzZtest_encrypted_parquet_write_kms_factory_type_error..WrongTypeKmsClient.unwrap_keyNrxrrrrWrongTypeKmsClientHs  rcr~r*rr,rrrr-Ur.zHtest_encrypted_parquet_write_kms_factory_type_error..kms_factoryN)rr1r5rTrU TypeErrorr6rgrrr3test_encrypted_parquet_write_kms_factory_type_error>s  "rc Csdd}tjttddgidddtdd dd d }||tjtd }tddgi|_d|_d|_d|_tdd |_ d|_ d |_ ||dS) NcSsvt|jksJddg|jtksJd|jksJ|jsJ|jr#Jtdd|jks-J|j r2Jd|j ks9JdS)Nr r AES_GCM_CTR_V1$@r) rrrrr#plaintext_footerdouble_wrappingrr$internal_key_materialr%)r<rrr!validate_encryption_configuration`s   zZtest_encrypted_parquet_encryption_configuration..validate_encryption_configurationr r rTFrrr)rrr#rrr$rr%r_) rrrrrrr#rrr$rr%)rr<Zencryption_config_1rrr/test_encrypted_parquet_encryption_configuration_s.     rcCsRtjtddd}tdd|jksJt}tdd|_tdd|jks'JdS)Nrrr/)rr7rr$)r?Zdecryption_config_1rrr/test_encrypted_parquet_decryption_configurations rcCsZdd}tjddddddd }||t}d|_d|_d|_ddd|_||dS) NcSsBd|jksJd|jksJd|jksJddd|jksJdS)N Instance1URL1MyTokenkey_material_1key_material_2key1key2kms_instance_idkms_instance_urlkey_access_tokenr()r=rrrvalidate_kms_connection_configs  zPtest_encrypted_parquet_kms_configuration..validate_kms_connection_configrrrrrrr)rr1rrrr()rr=Zkms_connection_config_1rrr(test_encrypted_parquet_kms_configurations$ rzNPlaintext footer - reading plaintext column subset reads encrypted columns too)reasoncCsh|t}tjttddgiddd}tjttdttdid}dd }t |}t |||||d S) zWrite an encrypted parquet, with plaintext footer and with single wrapping, verify it's encrypted, and then read plaintext columns.r r TF)rrrrr&r'cSr)r*r+r,rrrr-r.zStest_encrypted_parquet_write_read_plain_footer_single_wrapping..kms_factoryN) r0rrrrr1r2r3r4r5r6rarrr>test_encrypted_parquet_write_read_plain_footer_single_wrappings$   rz'External key material not supported yetcCsT|t}tjtidd}tjttdid}dd}t|}t|||||dS)zWrite an encrypted parquet, with external key material. Currently it's not implemented, so should throw an exceptionF)rrrr&r'cSr)r*r+r,rrrr-r.z:test_encrypted_parquet_write_external..kms_factoryN) r0rrrr1r2r3r5r6rarrr%test_encrypted_parquet_write_externals  rc Cs|t}|}tjttdttdid}dd}t|}t |||||t |tj t ddd}t dD]"} |||} | d usFJtj|| d } | jd d } || sZJq8d S) z`Write an encrypted parquet, verify it's encrypted, and then read it multithreaded in a loop.r&r'cSr)r*r+r,rrrr-r.z0test_encrypted_parquet_loop..kms_factoryrrr/2NrGTrH)r0rr1rr2r3rr4r5r6rr7rrangerIrCrNrOr9) r:rrr;r<r=r-r>r?irIrQr@rrrtest_encrypted_parquet_loops6      r)-rTdatetimerZpyarrowrZpyarrow.parquetZparquetrCZpyarrow.parquet.encryptionZ encryptionr ImportErrorZ pyarrow.tests.parquet.encryptionrrr0r2rr4rmarkZparquet_encryptionZ pytestmarkZfixturerrrAr6r8rWr[r]r^rbrhrrrrrrZxfailrrrrrrrsV       ( 1   $!#   '