z-PhSV&ddlZddlmZddlZ ddlmZddlmcm Z ddl m Z m Z n#e$rdZdZ YnwxYwdZdZdZdZdZejjejjgZejd d Zejd d Zd ZdZdZdZdZdZdZ dZ!dZ"dZ#dZ$dZ%dZ&dZ'dZ(dZ)dZ*ej+dd Z,ej+d!d"Z-d#Z.d$Z/d%Z0dS)&N) timedelta)InMemoryKmsClientverify_file_encryptedzencrypted_table.in_mem.parquets0123456789112345 footer_keys1234567890123450col_keymodule)scopectjtjgdtjgdtjgdd}|S)N))abc)xyz)paTable from_pydictarray) data_tables e/var/www/html/test/jupyter/venv/lib/python3.11/site-packages/pyarrow/tests/parquet/test_encryption.pyrr0s^%% Xiii Xooo & & Xooo & &''J cNtjttddgi}|S)Nrr)r column_keys)peEncryptionConfigurationFOOTER_KEY_NAME COL_KEY_NAME)basic_encryption_configs rr!r!:s3 8" 3*     #"rcbtj|}d}tj|}||fS)z Sets up and returns the KMS connection configuration and crypto factory based on provided KMS configuration parameters. custom_kms_confc t|SNrkms_connection_configurations r kms_factoryz1setup_encryption_environment..kms_factoryK !=>>>r)rKmsConnectionConfig CryptoFactory)r$kms_connection_configr*crypto_factorys rsetup_encryption_environmentr0DsD 2?SSS???%k22N . 00rc||d||di}t|\}} t||||| || fS)zL Writes an encrypted parquet file based on the provided parameters. UTF-8)decoder0write_encrypted_parquet) pathrfooter_key_name col_key_namerrencryption_configr$r.r/s rwrite_encrypted_filer9Tsz **733gnnW--O -I--)>D*.?1>CCC !. 00rc |tz }tjttddgidt dd}t ||tttt|\}}t|tj t d}t||||}| |sJd S) zDWrite an encrypted parquet, verify it's encrypted, and then read it.rr AES_GCM_V1@minutesrrencryption_algorithmcache_lifetimedata_key_length_bitsrBN) PARQUET_NAMErrrr rr9 FOOTER_KEYCOL_KEYrDecryptionConfigurationread_encrypted_parquetequals)tempdirrr5r8r.r/decryption_config result_tables r!test_encrypted_parquet_write_readrNjs \ !D 2" 3* * --- """-A j/<W--)>$2 ---///) !6HHL   \ * ******rc|||}|Jtj||j|5}||ddddS#1swxYwYdS)N)encryption_properties)file_encryption_propertiespq ParquetWriterschema write_table)r5tabler8r.r/rQwriters rr4r4s!/!J!J0"2"2 % 1 1 1  %,"< > > >"AG5!!!""""""""""""""""""sAA!Ac4|||}|Jtj||}|jdksJtj||}t |jdksJtj||}|dS)Ndecryption_propertiesr T use_threads) file_decryption_propertiesrR read_metadata num_columns read_schemalennames ParquetFileread)r5rLr.r/r]metarTresults rrIrIs!/!J!J0"2"2 % 1 1 1  $> @ @ @D  q ^ $>@@@F v|   ! ! ! ! ^ $>@@@F ;;4; ( ((rc f|tz }tjttddgidt dd}t ||tttt|t|ttt dtt di\}}tj t d }tjtd 5t!||||d d d d S#1swxYwYd S) zYWrite an encrypted parquet, verify it's encrypted, and then read it using wrong keys.rrr;r<r=r?r@r2rDzIncorrect master key usedmatchN)rErrrr rr9rFrGrr0r3rHpytestraises ValueErrorrI)rKrr5r8wrong_kms_connection_configwrong_crypto_factoryrLs r+test_encrypted_parquet_write_read_wrong_keyros \ !D 2" 3* * --- """z?L#W.?AAA$8T00j''00V995!5 2 ---/// z)E F F F"" #%@  " " """""""""""""""""""sD&&D*-D*ct||tjtd5t j|t z ddddS#1swxYwYdS)zmWrite an encrypted parquet, verify it's encrypted, but then try to read it without decryption properties. no decryptionrhN)rNrjrkIOErrorrRrcrErdrKrs r0test_encrypted_parquet_read_no_decryption_configrts&gz::: w&6 7 7 766 w-..33555666666666666666666s/A((A,/A,ct||tjtd5t j|t z ddddS#1swxYwYdS)zwWrite an encrypted parquet, verify it's encrypted, but then try to read its metadata without decryption properties.rqrhN)rNrjrkrrrRr^rErss r9test_encrypted_parquet_read_metadata_no_decryption_configrvs&gz::: w&6 7 7 711 </000111111111111111111AAAct||tjtd5t j|t z ddddS#1swxYwYdS)zuWrite an encrypted parquet, verify it's encrypted, but then try to read its schema without decryption properties.rqrhN)rNrjrkrrrRr`rErss r7test_encrypted_parquet_read_schema_no_decryption_configrys&gz::: w&6 7 7 7// w-...//////////////////rwc |dz }tjt}tjt d5t ||tttd|ddddS#1swxYwYdS)zMWrite an encrypted parquet, but give only footer key, without column key.z)encrypted_table_no_col_key.in_mem.parquetrz4Either column_keys or uniform_encryption must be setrhrN) rrrrjrkOSErrorr9r rF)rKrr5r8s r'test_encrypted_parquet_write_no_col_keyr}s @ @D2"$$$ w% & & &AA T: '.? A A A AAAAAAAAAAAAAAAAAAs%A--A14A1c|dz }|}tj}d}tj|}tjt d5t |||||ddddS#1swxYwYdS).kms_factorys!!=>>>rrrhN)rr,r-rjrkKeyErrorr4rKrr!r5r8r.r*r/s r&test_encrypted_parquet_write_kms_errorrs ? ?D/244??? %k22N x| 4 4 4GGj2C 5~ G G GGGGGGGGGGGGGGGGGGG A..A25A2c,|dz }|}tj}Gddtjfd}tj|}t jt d5t|||||ddddS#1swxYwYdS)rrc$eZdZdZdZdZdZdS)Jtest_encrypted_parquet_write_kms_specific_error..ThrowingKmsClientzVA KmsClient implementation that throws exception in wrap/unwrap calls cRtj|||_dS)z%Create an InMemoryKmsClient instance.N)r KmsClient__init__configselfrs rrzStest_encrypted_parquet_write_kms_specific_error..ThrowingKmsClient.__init__s# L ! !$ ' ' ' DKKKrc td)NCannot Wrap Keyrlr key_bytesmaster_key_identifiers rwrap_keyzStest_encrypted_parquet_write_kms_specific_error..ThrowingKmsClient.wrap_keys.// /rc td)NzCannot Unwrap Keyrr wrapped_keyrs r unwrap_keyzUtest_encrypted_parquet_write_kms_specific_error..ThrowingKmsClient.unwrap_keys011 1rN__name__ __module__ __qualname____doc__rrrrrThrowingKmsClientrsK   ! ! !  0 0 0 2 2 2 2 2rrc|Sr&r)r)rs rr*zDtest_encrypted_parquet_write_kms_specific_error..kms_factory"s  !=>>>rrrhN)rr,rr-rjrkrlr4) rKrr!r5r8r.r*r/rs @r/test_encrypted_parquet_write_kms_specific_errorr s- ? ?D/24422222BL222 ?????%k22N z): ; ; ;GGj2C 5~ G G GGGGGGGGGGGGGGGGGGGs(B  B B c|dz }|}tj}d}tj|}tjt d5t |||||ddddS#1swxYwYdS)z@Write an encrypted parquet, but raise ValueError in kms_factory.0encrypted_table_kms_factory_error.in_mem.parquetc td)NCannot create KmsClientrr(s rr*zCtest_encrypted_parquet_write_kms_factory_error..kms_factory6s2333rrrhN)rr,r-rjrkrlr4rs r.test_encrypted_parquet_write_kms_factory_errorr-s G GD/244444%k22N z6 8 8 8GG j2C 5~ G G GGGGGGGGGGGGGGGGGGGrc|dz }|}tj}Gddfd}tj|}tjt 5t |||||ddddS#1swxYwYdS)z_Write an encrypted parquet, but use wrong KMS client type that doesn't implement KmsClient.rc$eZdZdZdZdZdZdS)Otest_encrypted_parquet_write_kms_factory_type_error..WrongTypeKmsClientz4This is not an implementation of KmsClient. c|j|_dSr&)r$master_keys_maprs rrzXtest_encrypted_parquet_write_kms_factory_type_error..WrongTypeKmsClient.__init__Os#)#9D rcdSr&rrs rrzXtest_encrypted_parquet_write_kms_factory_type_error..WrongTypeKmsClient.wrap_keyR4rcdSr&rrs rrzZtest_encrypted_parquet_write_kms_factory_type_error..WrongTypeKmsClient.unwrap_keyUrrNrrrrWrongTypeKmsClientrKsK   : : :        rrc|Sr&r)r)rs rr*zHtest_encrypted_parquet_write_kms_factory_type_error..kms_factoryXs!!">???rN)rr,r-rjrk TypeErrorr4) rKrr!r5r8r.r*r/rs @r3test_encrypted_parquet_write_kms_factory_type_errorrAs( G GD/244        @@@@@%k22N y ! !GGj2C 5~ G G GGGGGGGGGGGGGGGGGGGsA<<BBc ld}tjttddgidddt ddd }||tjt }tddgi|_d|_d|_d|_t d|_ d|_ d |_ ||dS) Nct|jksJddg|jtksJd|jksJ|jsJ|jrJtd|jksJ|j rJd|j ksJdS)NrrAES_GCM_CTR_V1$@r=) rrrr rAplaintext_footerdouble_wrappingrrBinternal_key_materialrC)r8s r!validate_encryption_configurationzZtest_encrypted_parquet_encryption_configuration..validate_encryption_configurationcs"3">>>>>Sz.:<HHHHH#4#IIIII 1111$4444&&&*;*JJJJJ$::::'<<<<<<.validate_kms_connection_configsq3CCCCC.?????1BBBBB)3CDD%5666666rrrrrrrr)rr,rrrr$)rr.kms_connection_config_1s r(test_encrypted_parquet_kms_configurationrs7772#"$$     #"#8999 466.9+/5,/8,  //+#"#:;;;;;rzNPlaintext footer - reading plaintext column subset reads encrypted columns too)reasonc`|tz }tjttddgidd}tjtt dttdi}d}tj |}t|||||d S) zWrite an encrypted parquet, with plaintext footer and with single wrapping, verify it's encrypted, and then read plaintext columns.rrTF)rrrrr2r#c t|Sr&r'r(s rr*zStest_encrypted_parquet_write_read_plain_footer_single_wrapping..kms_factoryr+rN) rErrrr r,rFr3rGr-r4rKrr5r8r.r*r/s r>test_encrypted_parquet_write_read_plain_footer_single_wrappingrs \ !D 2" 3*  2 Z..w77 '..11 ???%k22ND*.?1>CCCCCrz'External key material not supported yetc|tz }tjtid}tjtt di}d}tj|}t|||||dS)zWrite an encrypted parquet, with external key material. Currently it's not implemented, so should throw an exceptionF)rrrr2r#c t|Sr&r'r(s rr*z:test_encrypted_parquet_write_external..kms_factoryr+rN) rErrrr,rFr3r-r4rs r%test_encrypted_parquet_write_externalrs \ !D2"#%%% 2(**;*;G*D*DE???%k22ND*.?1>CCCCCrc |tz }t||tttt |\}}t |tjtd}tdD]_}| ||}|Jtj ||} | d} || sJ`dS) z`Write an encrypted parquet, verify it's encrypted, and then read it multithreaded in a loop.r<r=rD2NrYTr[)rEr9rr rFrGrrrHrranger]rRrcrdrJ) rKrr!r5r.r/rLir]rfrMs rtest_encrypted_parquet_looprs \ !D -A j/<W-!-!)>$2 ---///2YY / /%3%N%N !#4&6&6")555 (BDDD{{t{44   ...... / /rc |tz }t||tttt |\}}t |tjtd}| ||}~tj ||}| d} || sJdS)z^ Test that decryption properties can be used if the crypto factory is no longer alive r<r=rDrYTr[N)rEr9rr rFrGrrrHrr]rRrcrdrJ) rKrr!r5r.r/rLr]rfrMs r%test_read_with_deleted_crypto_factoryr s \ !D,@ j/<W-!-!)>$2 ---///!/!J!J0"2"2 ^ $>@@@F;;4;00L   \ * ******rc |tz }t||tttt |\}}t jtd}| ||}tj ||}| |sJtj ||}| |sJdS)z>Write an encrypted parquet then read it back using read_table.r<r=rDrYN) rEr9rr rFrGrrHrr]rR read_tablerJ) rKrr!r5r.r/rLr]rMs r!test_encrypted_parquet_read_tabler%s \ !D-A j/<W-!-!)>2 ---///!/!J!J0"2"2==WXXXL   \ * ****='ACCCL   \ * ******r)1rjdatetimerpyarrowrpyarrow.parquetparquetrRpyarrow.parquet.encryption encryptionr pyarrow.tests.parquet.encryptionrr ImportErrorrErFrrGr markparquet_encryption pytestmarkfixturerr!r0r9rNr4rIrortrvryr}rrrrrrrxfailrrrrrrrrrs" 2      +++++++++ 222222222  B BBB0    K" K h h## # 1 1 1 111,+++<""")))" " " "F666111///AAA"GGG*!G!G!GHGGG(GGGB ; ; ;FIII<<<:233CC33CNCDDCCEDC4///:+++0+++++s ( 44