o Gh]@sddlZddlmZddlZzddlmZddlmm Z Wn e y,dZdZ Yn wddl m Z mZdZdZdZdZdZejjejjgZejd d d d Zejd d d dZddZddZddZddZddZddZddZ ddZ!dd Z"d!d"Z#d#d$Z$d%d&Z%d'd(Z&d)d*Z'd+d,Z(d-d.Z)d/d0Z*d1d2Z+d3d4Z,ejj-d5d6d7d8Z.ejj-d9d6d:d;Z/dd?Z1d@dAZ2dS)BN) timedelta)InMemoryKmsClientverify_file_encryptedzencrypted_table.in_mem.parquets0123456789112345 footer_keys1234567890123450col_keymodule)scopecCs6tjtgdtgdtgdd}|S)N))abc)xyz)paTable from_pydictarray) data_tablerf/var/www/html/Persson_Maskin/env/lib/python3.10/site-packages/pyarrow/tests/parquet/test_encryption.pyr0s    rcCstjttddgid}|S)Nr r )r column_keys)peEncryptionConfigurationFOOTER_KEY_NAME COL_KEY_NAME)basic_encryption_configrrrr:s rcCs&tj|d}dd}t|}||fS)z Sets up and returns the KMS connection configuration and crypto factory based on provided KMS configuration parameters. custom_kms_confcSt|SNrkms_connection_configurationrrr kms_factoryKz1setup_encryption_environment..kms_factory)rKmsConnectionConfig CryptoFactory)r kms_connection_configr&crypto_factoryrrrsetup_encryption_environmentDs  r,c Cs<||d||di}t|\}} t||||| || fS)zL Writes an encrypted parquet file based on the provided parameters. UTF-8)decoder,write_encrypted_parquet) pathrfooter_key_name col_key_namerrencryption_configr r*r+rrrwrite_encrypted_fileTs  r4cCs|t}tjttddgidtdddd}|jdusJt||tttt |\}}t |tj tddd }t ||||}| |sCJd S) DWrite an encrypted parquet, verify it's encrypted, and then read it.r r AES_GCM_V1@minutesrrencryption_algorithmcache_lifetimedata_key_length_bitsFr=N) PARQUET_NAMErrrrruniform_encryptionr4 FOOTER_KEYCOL_KEYrDecryptionConfigurationread_encrypted_parquetequalstempdirrr0r3r*r+decryption_config result_tablerrr!test_encrypted_parquet_write_readjs, rKcCs|t}tjtddtdddd}|jdusJt||tttd|\}}t |tj tddd}t ||||}| |s?Jd S) r5Tr6r7r8r:)rrAr<r=r>r?N) r@rrrrrAr4rrBrrDrErFrGrrr)test_uniform_encrypted_parquet_write_reads* rMcCsZ|||}|dus Jtj||j|d}||WddS1s&wYdS)N)encryption_properties)file_encryption_propertiespq ParquetWriterschema write_table)r0tabler3r*r+rOwriterrrrr/s  "r/cCsn|||}|dus Jtj||d}|jdksJtj||d}t|jdks*Jtj||d}|jddS)Ndecryption_propertiesr T use_threads) file_decryption_propertiesrP read_metadata num_columns read_schemalennames ParquetFileread)r0rIr*r+rZmetarRresultrrrrEs   rEcCs|t}tjttddgidtdddd}t||tttt|t |t tt dtt di\}}tj tddd }t jtd d t||||Wd d S1sVwYd S) zYWrite an encrypted parquet, verify it's encrypted, and then read it using wrong keys.r r r6r7r8r:r;r-r?zIncorrect master key usedmatchN)r@rrrrrr4rBrCrr,r.rDpytestraises ValueErrorrE)rHrr0r3wrong_kms_connection_configwrong_crypto_factoryrIrrr+test_encrypted_parquet_write_read_wrong_keys4    "rkcCsPt||tjtddt|tWddS1s!wYdS)zmWrite an encrypted parquet, verify it's encrypted, but then try to read it without decryption properties. no decryptionrdN)rKrfrgIOErrorrPr`r@rarHrrrr0test_encrypted_parquet_read_no_decryption_configs "rocCLt||tjtddt|tWddS1swYdS)zwWrite an encrypted parquet, verify it's encrypted, but then try to read its metadata without decryption properties.rlrdN)rKrfrgrmrPr[r@rnrrr9test_encrypted_parquet_read_metadata_no_decryption_configs "rqcCrp)zuWrite an encrypted parquet, verify it's encrypted, but then try to read its schema without decryption properties.rlrdN)rKrfrgrmrPr]r@rnrrr7test_encrypted_parquet_read_schema_no_decryption_configs "rrc Cs\|d}tjtd}tjtddt||tttd|WddS1s'wYdS)MWrite an encrypted parquet, but give only footer key, without column key.z)encrypted_table_no_col_key.in_mem.parquetrz4Either column_keys or uniform_encryption must be setrdrLN) rrrrfrgOSErrorr4rrBrHrr0r3rrr'test_encrypted_parquet_write_no_col_keys "rwc Csh|d}tjttddgidd}tjtddt||tttd|Wd d S1s-wYd S) rsz=encrypted_table_col_key_and_uniform_encryption.in_mem.parquetr r T)rrrAz2Cannot set both column_keys and uniform_encryptionrdrLN) rrrrrfrgrur4rBrvrrr;test_encrypted_parquet_write_col_key_and_uniform_encryptions "rxcCj|d}|}t}dd}t|}tjtddt|||||WddS1s.wYdS).kms_factoryrrdN)rr(r)rfrgKeyErrorr/rHrrr0r3r*r&r+rrr&test_encrypted_parquet_write_kms_error$s "r~cs|d}|}t}Gdddtjfdd}t|}tjtddt|||||WddS1s9wYdS) rzr{c@(eZdZdZddZddZddZdS) zJtest_encrypted_parquet_write_kms_specific_error..ThrowingKmsClientzVA KmsClient implementation that throws exception in wrap/unwrap calls cSstj|||_dS)z%Create an InMemoryKmsClient instance.N)r KmsClient__init__configselfrrrrrGs  zStest_encrypted_parquet_write_kms_specific_error..ThrowingKmsClient.__init__cStd)NCannot Wrap Keyrhr key_bytesmaster_key_identifierrrrwrap_keyLr'zStest_encrypted_parquet_write_kms_specific_error..ThrowingKmsClient.wrap_keycSr)NzCannot Unwrap Keyrr wrapped_keyrrrr unwrap_keyOr'zUtest_encrypted_parquet_write_kms_specific_error..ThrowingKmsClient.unwrap_keyN__name__ __module__ __qualname____doc__rrrrrrrThrowingKmsClientBs  rc|Sr"rr$rrrr&RszDtest_encrypted_parquet_write_kms_specific_error..kms_factoryrrdN)rr(rr)rfrgrhr/r}rrr/test_encrypted_parquet_write_kms_specific_error9s  "rcCry)z@Write an encrypted parquet, but raise ValueError in kms_factory.0encrypted_table_kms_factory_error.in_mem.parquetcSr)NCannot create KmsClientrr$rrrr&fr'zCtest_encrypted_parquet_write_kms_factory_error..kms_factoryrrdN)rr(r)rfrgrhr/r}rrr.test_encrypted_parquet_write_kms_factory_error]s "rcsx|d}|}t}Gdddfdd}t|}ttt|||||WddS1s5wYdS)z_Write an encrypted parquet, but use wrong KMS client type that doesn't implement KmsClient.rc@r) zOtest_encrypted_parquet_write_kms_factory_type_error..WrongTypeKmsClientz4This is not an implementation of KmsClient. cSs |j|_dSr")r master_keys_maprrrrrs zXtest_encrypted_parquet_write_kms_factory_type_error..WrongTypeKmsClient.__init__cSdSr"rrrrrrzXtest_encrypted_parquet_write_kms_factory_type_error..WrongTypeKmsClient.wrap_keycSrr"rrrrrrrzZtest_encrypted_parquet_write_kms_factory_type_error..WrongTypeKmsClient.unwrap_keyNrrrrrWrongTypeKmsClient{s  rcrr"rr$rrrr&r'zHtest_encrypted_parquet_write_kms_factory_type_error..kms_factoryN)rr(r)rfrg TypeErrorr/r}rrr3test_encrypted_parquet_write_kms_factory_type_errorqs  "rc Csdd}tjttddgidddtdd dd d }||tjtd }tddgi|_d|_d|_d|_tdd |_ d|_ d |_ ||dS) NcSsvt|jksJddg|jtksJd|jksJ|jsJ|jr#Jtdd|jks-J|j r2Jd|j ks9JdS)Nr r AES_GCM_CTR_V1$@r8) rrrrr<plaintext_footerdouble_wrappingrr=internal_key_materialr>)r3rrr!validate_encryption_configurations   zZtest_encrypted_parquet_encryption_configuration..validate_encryption_configurationr r rTFrr8r)rrr<rrr=rr>rt) rrrrrrr<rrr=rr>)rr3encryption_config_1rrr/test_encrypted_parquet_encryption_configurations.     rcCsRtjtddd}tdd|jksJt}tdd|_tdd|jks'JdS)Nrr8r?)rrDrr=)rIdecryption_config_1rrr/test_encrypted_parquet_decryption_configurations rcCsZdd}tjddddddd }||t}d|_d|_d|_ddd|_||dS) NcSsBd|jksJd|jksJd|jksJddd|jksJdS)N Instance1URL1MyTokenkey_material_1key_material_2key1key2kms_instance_idkms_instance_urlkey_access_tokenr )r*rrrvalidate_kms_connection_configs  zPtest_encrypted_parquet_kms_configuration..validate_kms_connection_configrrrrrrr)rr(rrrr )rr*kms_connection_config_1rrr(test_encrypted_parquet_kms_configurations$ rzNPlaintext footer - reading plaintext column subset reads encrypted columns too)reasoncCsh|t}tjttddgiddd}tjttdttdid}dd }t |}t |||||d S) zWrite an encrypted parquet, with plaintext footer and with single wrapping, verify it's encrypted, and then read plaintext columns.r r TF)rrrrr-rcSr!r"r#r$rrrr&r'zStest_encrypted_parquet_write_read_plain_footer_single_wrapping..kms_factoryN) r@rrrrr(rBr.rCr)r/rHrr0r3r*r&r+rrr>test_encrypted_parquet_write_read_plain_footer_single_wrappings$   rz'External key material not supported yetcCsT|t}tjtidd}tjttdid}dd}t|}t|||||dS)zWrite an encrypted parquet, with external key material. Currently it's not implemented, so should throw an exceptionF)rrrr-rcSr!r"r#r$rrrr&r'z:test_encrypted_parquet_write_external..kms_factoryN) r@rrrr(rBr.r)r/rrrr%test_encrypted_parquet_write_externals  rc Cs|t}t||tttt|\}}t|tjt ddd}t dD]"}| ||}|dus/Jt j ||d} | jdd} || sCJq!dS) z`Write an encrypted parquet, verify it's encrypted, and then read it multithreaded in a loop.r7r8r?2NrVTrX)r@r4rrrBrCrrrDrrangerZrPr`rarF) rHrrr0r*r+rIirZrcrJrrrtest_encrypted_parquet_loop s(    rc Cst|t}t||tttt|\}}t|tjt ddd}| ||}~t j ||d}|j dd} || s8JdS)z^ Test that decryption properties can be used if the crypto factory is no longer alive r7r8r?rVTrXN)r@r4rrrBrCrrrDrrZrPr`rarF) rHrrr0r*r+rIrZrcrJrrr%test_read_with_deleted_crypto_factory=s$  rc Csz|t}t||tttt|\}}tjtddd}| ||}t j ||d}| |s-Jt j ||d}| |s;JdS)z>Write an encrypted parquet then read it back using read_table.r7r8r?rVN) r@r4rrrBrCrrDrrZrP read_tablerF) rHrrr0r*r+rIrZrJrrr!test_encrypted_parquet_read_tableUs" r)3rfdatetimerpyarrowrpyarrow.parquetparquetrPpyarrow.parquet.encryption encryptionr ImportError pyarrow.tests.parquet.encryptionrrr@rBrrCrmarkparquet_encryption pytestmarkfixturerrr,r4rKrMr/rErkrorqrrrwrxr~rrrrrrxfailrrrrrrrrrsb        #   $!#   '