o 䯪gSV@sddlZddlmZddlZzddlmZddlmm Z Wn e y,dZdZ Yn wddl m Z mZdZdZdZdZdZejjejjgZejd d d d Zejd d d dZddZddZddZddZddZddZddZ ddZ!dd Z"d!d"Z#d#d$Z$d%d&Z%d'd(Z&d)d*Z'd+d,Z(d-d.Z)d/d0Z*ejj+d1d2d3d4Z,ejj+d5d2d6d7Z-d8d9Z.d:d;Z/dN) timedelta)InMemoryKmsClientverify_file_encryptedzencrypted_table.in_mem.parquets0123456789112345 footer_keys1234567890123450col_keymodule)scopecCs6tjtgdtgdtgdd}|S)N))abc)xyz)paTable from_pydictarray) data_tablera/var/www/html/chatdoc2/venv/lib/python3.10/site-packages/pyarrow/tests/parquet/test_encryption.pyr0s    rcCstjttddgid}|S)Nr r )r column_keys)peEncryptionConfigurationFOOTER_KEY_NAME COL_KEY_NAME)basic_encryption_configrrrr:s rcCs&tj|d}dd}t|}||fS)z Sets up and returns the KMS connection configuration and crypto factory based on provided KMS configuration parameters. custom_kms_confcSt|SNrkms_connection_configurationrrr kms_factoryKz1setup_encryption_environment..kms_factory)rKmsConnectionConfig CryptoFactory)r kms_connection_configr&crypto_factoryrrrsetup_encryption_environmentDs  r,c Cs<||d||di}t|\}} t||||| || fS)zL Writes an encrypted parquet file based on the provided parameters. UTF-8)decoder,write_encrypted_parquet) pathrfooter_key_name col_key_namerrencryption_configr r*r+rrrwrite_encrypted_fileTs  r4cCs||t}tjttddgidtdddd}t||tttt|\}}t |tj tddd}t ||||}| |szIncorrect master key usedmatchN)r?rrrrrr4r@rArr,r.rBpytestraises ValueErrorrC)rErr0r3wrong_kms_connection_configwrong_crypto_factoryrFrrr+test_encrypted_parquet_write_read_wrong_keys4    "rfcCsPt||tjtddt|tWddS1s!wYdS)zmWrite an encrypted parquet, verify it's encrypted, but then try to read it without decryption properties. no decryptionr_N)rHrarbIOErrorrKr[r?r\rErrrr0test_encrypted_parquet_read_no_decryption_configs "rjcCLt||tjtddt|tWddS1swYdS)zwWrite an encrypted parquet, verify it's encrypted, but then try to read its metadata without decryption properties.rgr_N)rHrarbrhrKrVr?rirrr9test_encrypted_parquet_read_metadata_no_decryption_configs "rlcCrk)zuWrite an encrypted parquet, verify it's encrypted, but then try to read its schema without decryption properties.rgr_N)rHrarbrhrKrXr?rirrr7test_encrypted_parquet_read_schema_no_decryption_configs "rmc Cs\|d}tjtd}tjtddt||tttd|WddS1s'wYdS)zMWrite an encrypted parquet, but give only footer key, without column key.z)encrypted_table_no_col_key.in_mem.parquetrz4Either column_keys or uniform_encryption must be setr_N) rrrrarbOSErrorr4rr@)rErr0r3rrr'test_encrypted_parquet_write_no_col_keys "rqcCj|d}|}t}dd}t|}tjtddt|||||WddS1s.wYdS).kms_factoryrr_N)rr(r)rarbKeyErrorr/rErrr0r3r*r&r+rrr&test_encrypted_parquet_write_kms_errors "rwcs|d}|}t}Gdddtjfdd}t|}tjtddt|||||WddS1s9wYdS) rsrtc@(eZdZdZddZddZddZdS) zJtest_encrypted_parquet_write_kms_specific_error..ThrowingKmsClientzVA KmsClient implementation that throws exception in wrap/unwrap calls cSstj|||_dS)z%Create an InMemoryKmsClient instance.N)r KmsClient__init__configselfr{rrrrzs  zStest_encrypted_parquet_write_kms_specific_error..ThrowingKmsClient.__init__cStd)NCannot Wrap Keyrcr} key_bytesmaster_key_identifierrrrwrap_keyr'zStest_encrypted_parquet_write_kms_specific_error..ThrowingKmsClient.wrap_keycSr~)NzCannot Unwrap Keyrr} wrapped_keyrrrr unwrap_keyr'zUtest_encrypted_parquet_write_kms_specific_error..ThrowingKmsClient.unwrap_keyN__name__ __module__ __qualname____doc__rzrrrrrrThrowingKmsClients  rc|Sr"rr$rrrr&"szDtest_encrypted_parquet_write_kms_specific_error..kms_factoryrr_N)rr(ryr)rarbrcr/rvrrr/test_encrypted_parquet_write_kms_specific_error s  "rcCrr)z@Write an encrypted parquet, but raise ValueError in kms_factory.0encrypted_table_kms_factory_error.in_mem.parquetcSr~)NCannot create KmsClientrr$rrrr&6r'zCtest_encrypted_parquet_write_kms_factory_error..kms_factoryrr_N)rr(r)rarbrcr/rvrrr.test_encrypted_parquet_write_kms_factory_error-s "rcsx|d}|}t}Gdddfdd}t|}ttt|||||WddS1s5wYdS)z_Write an encrypted parquet, but use wrong KMS client type that doesn't implement KmsClient.rc@rx) zOtest_encrypted_parquet_write_kms_factory_type_error..WrongTypeKmsClientz4This is not an implementation of KmsClient. cSs |j|_dSr")r master_keys_mapr|rrrrzOs zXtest_encrypted_parquet_write_kms_factory_type_error..WrongTypeKmsClient.__init__cSdSr"rrrrrrRzXtest_encrypted_parquet_write_kms_factory_type_error..WrongTypeKmsClient.wrap_keycSrr"rrrrrrUrzZtest_encrypted_parquet_write_kms_factory_type_error..WrongTypeKmsClient.unwrap_keyNrrrrrWrongTypeKmsClientKs  rcrr"rr$rrrr&Xr'zHtest_encrypted_parquet_write_kms_factory_type_error..kms_factoryN)rr(r)rarb TypeErrorr/rvrrr3test_encrypted_parquet_write_kms_factory_type_errorAs  "rc Csdd}tjttddgidddtdd dd d }||tjtd }tddgi|_d|_d|_d|_tdd |_ d|_ d |_ ||dS) NcSsvt|jksJddg|jtksJd|jksJ|jsJ|jr#Jtdd|jks-J|j r2Jd|j ks9JdS)Nr r AES_GCM_CTR_V1$@r7) rrrrr;plaintext_footerdouble_wrappingrr<internal_key_materialr=)r3rrr!validate_encryption_configurationcs   zZtest_encrypted_parquet_encryption_configuration..validate_encryption_configurationr r rTFrr7r)rrr;rrr<rr=rn) rrrrrrr;rrr<rr=)rr3encryption_config_1rrr/test_encrypted_parquet_encryption_configurationbs.     rcCsRtjtddd}tdd|jksJt}tdd|_tdd|jks'JdS)Nrr7r>)rrBrr<)rFdecryption_config_1rrr/test_encrypted_parquet_decryption_configurations rcCsZdd}tjddddddd }||t}d|_d|_d|_ddd|_||dS) NcSsBd|jksJd|jksJd|jksJddd|jksJdS)N Instance1URL1MyTokenkey_material_1key_material_2key1key2kms_instance_idkms_instance_urlkey_access_tokenr )r*rrrvalidate_kms_connection_configs  zPtest_encrypted_parquet_kms_configuration..validate_kms_connection_configrrrrrrr)rr(rrrr )rr*kms_connection_config_1rrr(test_encrypted_parquet_kms_configurations$ rzNPlaintext footer - reading plaintext column subset reads encrypted columns too)reasoncCsh|t}tjttddgiddd}tjttdttdid}dd }t |}t |||||d S) zWrite an encrypted parquet, with plaintext footer and with single wrapping, verify it's encrypted, and then read plaintext columns.r r TF)rrrrr-rcSr!r"r#r$rrrr&r'zStest_encrypted_parquet_write_read_plain_footer_single_wrapping..kms_factoryN) r?rrrrr(r@r.rAr)r/rErr0r3r*r&r+rrr>test_encrypted_parquet_write_read_plain_footer_single_wrappings$   rz'External key material not supported yetcCsT|t}tjtidd}tjttdid}dd}t|}t|||||dS)zWrite an encrypted parquet, with external key material. Currently it's not implemented, so should throw an exceptionF)rrrr-rcSr!r"r#r$rrrr&r'z:test_encrypted_parquet_write_external..kms_factoryN) r?rrrr(r@r.r)r/rrrr%test_encrypted_parquet_write_externals  rc Cs|t}t||tttt|\}}t|tjt ddd}t dD]"}| ||}|dus/Jt j ||d} | jdd} || sCJq!dS) z`Write an encrypted parquet, verify it's encrypted, and then read it multithreaded in a loop.r6r7r>2NrQTrS)r?r4rrr@rArrrBrrangerUrKr[r\rD) rErrr0r*r+rFirUr^rGrrrtest_encrypted_parquet_loops(    rc Cst|t}t||tttt|\}}t|tjt ddd}| ||}~t j ||d}|j dd} || s8JdS)z^ Test that decryption properties can be used if the crypto factory is no longer alive r6r7r>rQTrSN)r?r4rrr@rArrrBrrUrKr[r\rD) rErrr0r*r+rFrUr^rGrrr%test_read_with_deleted_crypto_factory s$  rc Csz|t}t||tttt|\}}tjtddd}| ||}t j ||d}| |s-Jt j ||d}| |s;JdS)z>Write an encrypted parquet then read it back using read_table.r6r7r>rQN) r?r4rrr@rArrBrrUrK read_tablerD) rErrr0r*r+rFrUrGrrr!test_encrypted_parquet_read_table%s" r)1radatetimerpyarrowrpyarrow.parquetparquetrKpyarrow.parquet.encryption encryptionr ImportError pyarrow.tests.parquet.encryptionrrr?r@rrArmarkparquet_encryption pytestmarkfixturerrr,r4rHr/rCrfrjrlrmrqrwrrrrrrxfailrrrrrrrrrs^        #   $!#   '