gSV>ddlZddlmZddlZ ddlmZddlmcm Z ddl m Z m Z dZdZdZdZdZej(j*ej(j gZej.d d Zej.d d Zd ZdZdZdZdZdZdZ dZ!dZ"dZ#dZ$dZ%dZ&dZ'dZ(dZ)dZ*ej(jWdd Z,ej(jWd!d"Z-d#Z.d$Z/d%Z0y#e$rdZdZ YwxYw)&N) timedelta)InMemoryKmsClientverify_file_encryptedzencrypted_table.in_mem.parquets0123456789112345 footer_keys1234567890123450col_keymodule)scopectjjtjgdtjgdtjgdd}|S)N))abc)xyz)paTable from_pydictarray) data_tables Z/var/www/openai/venv/lib/python3.12/site-packages/pyarrow/tests/parquet/test_encryption.pyrr0sG%% XXi XXo & XXo &'J cLtjttddgi}|S)Nrr)r column_keys)peEncryptionConfigurationFOOTER_KEY_NAME COL_KEY_NAME)basic_encryption_configs rr!r!:s, 88" 3*   #"rcftj|}d}tj|}||fS)z Sets up and returns the KMS connection configuration and crypto factory based on provided KMS configuration parameters. custom_kms_confct|SNrkms_connection_configurations r kms_factoryz1setup_encryption_environment..kms_factoryK !=>>r)rKmsConnectionConfig CryptoFactory)r$kms_connection_configr*crypto_factorys rsetup_encryption_environmentr0Ds7 22?S?%%k2N . 00rc||jd||jdi}t|\}} t||||| || fS)zL Writes an encrypted parquet file based on the provided parameters. UTF-8)decoder0write_encrypted_parquet) pathrfooter_key_name col_key_namerrencryption_configr$r.r/s rwrite_encrypted_filer9Tsc **73gnnW-O -I-)>D*.?1>C !. 00rc V|tz }tjttddgidt dd}t ||tttt|\}}t|tjt d}t||||}|j|sJy ) zDWrite an encrypted parquet, verify it's encrypted, and then read it.rr AES_GCM_V1@minutesrrencryption_algorithmcache_lifetimedata_key_length_bitsrBN) PARQUET_NAMErrrr rr9 FOOTER_KEYCOL_KEYrDecryptionConfigurationread_encrypted_parquetequals)tempdirrr5r8r.r/decryption_config result_tables r!test_encrypted_parquet_write_readrNjs \ !D 22" 3* * - "-A j/<W-)>$22 -/) !6HL   \ ** *rc|j||}|Jtj||j|5}|j |dddy#1swYyxYw)N)encryption_properties)file_encryption_propertiespq ParquetWriterschema write_table)r5tabler8r.r/rQwriters rr4r4s`!/!J!J0"2 % 11 1   %,,"< >AG5! > > >s AAc2|j||}|Jtj||}|jdk(sJtj||}t |j dk(sJtj||}|jdS)Ndecryption_propertiesr T use_threads) file_decryption_propertiesrR read_metadata num_columns read_schemalennames ParquetFileread)r5rLr.r/r]metarTresults rrIrIs!/!J!J0"2 % 11 1   $> @D   q  ^^ $>@F v||  !! ! ^^ $>@F ;;4; ((rc  |tz }tjttddgidt dd}t ||tttt|t|tttjdttjdi\}}tjt d }tjtd 5t!||||d d d y #1swYy xYw) zYWrite an encrypted parquet, verify it's encrypted, and then read it using wrong keys.rrr;r<r=r?r@r2rDzIncorrect master key usedmatchN)rErrrr rr9rFrGrr0r3rHpytestraises ValueErrorrI)rKrr5r8wrong_kms_connection_configwrong_crypto_factoryrLs r+test_encrypted_parquet_write_read_wrong_keyros \ !D 22" 3* * - "z?L#W.?A$8T0j''0V95!5 22 -/ z)E F #%@  " G F Fs !C99Dct||tjtd5t j |t z jdddy#1swYyxYw)zmWrite an encrypted parquet, verify it's encrypted, but then try to read it without decryption properties. no decryptionrhN)rNrjrkIOErrorrRrcrErdrKrs r0test_encrypted_parquet_read_no_decryption_configrtsC&gz: w&6 7 w-.335 8 7 7s +AA%ct||tjtd5t j |t z dddy#1swYyxYw)zwWrite an encrypted parquet, verify it's encrypted, but then try to read its metadata without decryption properties.rqrhN)rNrjrkrrrRr^rErss r9test_encrypted_parquet_read_metadata_no_decryption_configrvs<&gz: w&6 7 </0 8 7 7 AAct||tjtd5t j |t z dddy#1swYyxYw)zuWrite an encrypted parquet, verify it's encrypted, but then try to read its schema without decryption properties.rqrhN)rNrjrkrrrRr`rErss r7test_encrypted_parquet_read_schema_no_decryption_configrys:&gz: w&6 7 w-. 8 7 7rwc |dz }tjt}tjt d5t ||tttd|dddy#1swYyxYw)zMWrite an encrypted parquet, but give only footer key, without column key.z)encrypted_table_no_col_key.in_mem.parquetrz4Either column_keys or uniform_encryption must be setrhrN) rrrrjrkOSErrorr9r rF)rKrr5r8s r'test_encrypted_parquet_write_no_col_keyr}se @ @D22"$ w% & T: '.? A  & & &s A""A+c|dz }|}tj}d}tj|}tjt d5t |||||dddy#1swYyxYw).kms_factorys!!=>>rrrhN)rr,r-rjrkKeyErrorr4rKrr!r5r8r.r*r/s r&test_encrypted_parquet_write_kms_errorrsl ? ?D/224? %%k2N x| 4j2C 5~ G 5 4 4 A((A1c |dz }|}tj}Gddtjfd}tj|}t j t d5t|||||dddy#1swYyxYw)rrc"eZdZdZdZdZdZy)Jtest_encrypted_parquet_write_kms_specific_error..ThrowingKmsClientzVA KmsClient implementation that throws exception in wrap/unwrap calls cPtjj|||_y)z%Create an InMemoryKmsClient instance.N)r KmsClient__init__configselfrs rrzStest_encrypted_parquet_write_kms_specific_error..ThrowingKmsClient.__init__s LL ! !$ ' DKrctd)NCannot Wrap Keyrlr key_bytesmaster_key_identifiers rwrap_keyzStest_encrypted_parquet_write_kms_specific_error..ThrowingKmsClient.wrap_keys./ /rctd)NzCannot Unwrap Keyrr wrapped_keyrs r unwrap_keyzUtest_encrypted_parquet_write_kms_specific_error..ThrowingKmsClient.unwrap_keys01 1rN__name__ __module__ __qualname____doc__rrrrrThrowingKmsClientrs  !  0 2rrc|Sr&r)r)rs rr*zDtest_encrypted_parquet_write_kms_specific_error..kms_factory"s !=>>rrrhN)rr,rr-rjrkrlr4) rKrr!r5r8r.r*r/rs @r/test_encrypted_parquet_write_kms_specific_errorr s~ ? ?D/2242BLL2 ?%%k2N z): ;j2C 5~ G < ; ;s +BB c|dz }|}tj}d}tj|}tjt d5t |||||dddy#1swYyxYw)z@Write an encrypted parquet, but raise ValueError in kms_factory.0encrypted_table_kms_factory_error.in_mem.parquetctd)NCannot create KmsClientrr(s rr*zCtest_encrypted_parquet_write_kms_factory_error..kms_factory6s233rrrhN)rr,r-rjrkrlr4rs r.test_encrypted_parquet_write_kms_factory_errorr-su G GD/2244%%k2N z6 8 j2C 5~ G 8 8 8rc|dz }|}tj}Gddfd}tj|}tjt 5t |||||dddy#1swYyxYw)z_Write an encrypted parquet, but use wrong KMS client type that doesn't implement KmsClient.rc"eZdZdZdZdZdZy)Otest_encrypted_parquet_write_kms_factory_type_error..WrongTypeKmsClientz4This is not an implementation of KmsClient. c&|j|_yr&)r$master_keys_maprs rrzXtest_encrypted_parquet_write_kms_factory_type_error..WrongTypeKmsClient.__init__Os#)#9#9D rcyr&rrs rrzXtest_encrypted_parquet_write_kms_factory_type_error..WrongTypeKmsClient.wrap_keyRrcyr&rrs rrzZtest_encrypted_parquet_write_kms_factory_type_error..WrongTypeKmsClient.unwrap_keyUrrNrrrrWrongTypeKmsClientrKs  :  rrc|Sr&r)r)rs rr*zHtest_encrypted_parquet_write_kms_factory_type_error..kms_factoryXs!">??rN)rr,r-rjrk TypeErrorr4) rKrr!r5r8r.r*r/rs @r3test_encrypted_parquet_write_kms_factory_type_errorrAsv G GD/224  @%%k2N y !j2C 5~ G " ! !s A33A<c Jd}tjttddgidddt ddd }||tjt }tddgi|_d|_d|_d|_t d|_ d|_ d |_ ||y) Nc0t|jk(sJddg|jtk(sJd|jk(sJ|j sJ|j rJtd|jk(sJ|jrJd|jk(sJy)NrrAES_GCM_CTR_V1$@r=) rrrr rAplaintext_footerdouble_wrappingrrBinternal_key_materialrC)r8s r!validate_encryption_configurationzZtest_encrypted_parquet_encryption_configuration..validate_encryption_configurationcs"3">">>>>Sz.::<HHHH#4#I#IIII 1111$4444&*;*J*JJJJ$::::'<<<<.validate_kms_connection_configsb3CCCCC.?????1BBBBB)3CD%556 76rrrrrrrr)rr,rrrr$)rr.kms_connection_config_1s r(test_encrypted_parquet_kms_configurationrs722#"$$  ##89 446.9+/5,/8,  /+##:;rzNPlaintext footer - reading plaintext column subset reads encrypted columns too)reasonc>|tz }tjttddgidd}tj tt jdttjdi}d}tj|}t|||||y ) zWrite an encrypted parquet, with plaintext footer and with single wrapping, verify it's encrypted, and then read plaintext columns.rrTF)rrrrr2r#ct|Sr&r'r(s rr*zStest_encrypted_parquet_write_read_plain_footer_single_wrapping..kms_factoryr+rN) rErrrr r,rFr3rGr-r4rKrr5r8r.r*r/s r>test_encrypted_parquet_write_read_plain_footer_single_wrappingrs \ !D 22" 3*  22 Z..w7 '..1 ?%%k2ND*.?1>Crz'External key material not supported yetc|tz }tjtid}tjtt j di}d}tj|}t|||||y)zWrite an encrypted parquet, with external key material. Currently it's not implemented, so should throw an exceptionF)rrrr2r#ct|Sr&r'r(s rr*z:test_encrypted_parquet_write_external..kms_factoryr+rN) rErrrr,rFr3r-r4rs r%test_encrypted_parquet_write_externalrs| \ !D22"#% 22(**;*;G*DE?%%k2ND*.?1>Crc x|tz }t||tttt |\}}t |tjtd}tdD]T}|j||}|Jtj||} | jd} |j| rTJy) z`Write an encrypted parquet, verify it's encrypted, and then read it multithreaded in a loop.r<r=rD2NrYTr[)rEr9rr rFrGrrrHrranger]rRrcrdrJ) rKrr!r5r.r/rLir]rfrMs rtest_encrypted_parquet_looprs \ !D -A j/<W-!)>$22 -/2Y%3%N%N !#4&6")555 (BD{{t{4   ...rc R|tz }t||tttt |\}}t |tjtd}|j||}~tj||}|jd} |j| sJy)z^ Test that decryption properties can be used if the crypto factory is no longer alive r<r=rDrYTr[N)rEr9rr rFrGrrrHrr]rRrcrdrJ) rKrr!r5r.r/rLr]rfrMs r%test_read_with_deleted_crypto_factoryr s \ !D,@ j/<W-!)>$22 -/!/!J!J0"2 ^^ $>@F;;4;0L   \ ** *rc j|tz }t||tttt |\}}t jtd}|j||}tj||}|j|sJtj||}|j|sJy)z>Write an encrypted parquet then read it back using read_table.r<r=rDrYN) rEr9rr rFrGrrHrr]rR read_tablerJ) rKrr!r5r.r/rLr]rMs r!test_encrypted_parquet_read_tabler%s \ !D-A j/<W-!)>22 -/!/!J!J0"2===WXL   \ ** *=='ACL   \ ** *r)1rjdatetimerpyarrowrpyarrow.parquetparquetrRpyarrow.parquet.encryption encryptionr pyarrow.tests.parquet.encryptionrr ImportErrorrErFrrGr markparquet_encryption pytestmarkfixturerr!r0r9rNr4rIrortrvryr}rrrrrrrxfailrrrrrrrrrs"2 ++ 20    KK"" KK h h# # 1 1,+<")" "F61/A"G*!GHG(GB ;FI<:23C3CNCDCEC4/:+0+[ B BsD DD