rok commented on code in PR #6637:
URL: https://github.com/apache/arrow-rs/pull/6637#discussion_r1987447718
##########
parquet/src/arrow/async_reader/mod.rs:
##########
@@ -2336,4 +2494,245 @@ mod tests {
let result = reader.try_collect::<Vec<_>>().await.unwrap();
assert_eq!(result.len(), 1);
}
+
+ #[tokio::test]
+ #[cfg(feature = "encryption")]
+ async fn test_non_uniform_encryption_plaintext_footer() {
+ let testdata = arrow::util::test_util::parquet_test_data();
+ let path =
format!("{testdata}/encrypt_columns_plaintext_footer.parquet.encrypted");
+ let mut file = File::open(&path).await.unwrap();
+
+ // There is always a footer key even with a plaintext footer,
+ // but this is used for signing the footer.
+ let footer_key = "0123456789012345".as_bytes().to_vec(); // 128bit/16
+ let column_1_key = "1234567890123450".as_bytes().to_vec();
+ let column_2_key = "1234567890123451".as_bytes().to_vec();
+
+ let decryption_properties =
FileDecryptionProperties::builder(footer_key)
+ .with_column_key("double_field", column_1_key)
+ .with_column_key("float_field", column_2_key)
+ .build()
+ .unwrap();
+
+ let _ = verify_encryption_test_file_read_async(&mut file,
decryption_properties).await;
+ }
+
+ #[tokio::test]
+ #[cfg(feature = "encryption")]
+ async fn test_misspecified_encryption_keys() {
+ let testdata = arrow::util::test_util::parquet_test_data();
+ let path =
format!("{testdata}/encrypt_columns_and_footer.parquet.encrypted");
+
+ // There is always a footer key even with a plaintext footer,
+ // but this is used for signing the footer.
+ let footer_key = "0123456789012345".as_bytes(); // 128bit/16
+ let column_1_key = "1234567890123450".as_bytes();
+ let column_2_key = "1234567890123451".as_bytes();
+
+ // read file with keys and check for expected error message
+ async fn check_for_error(
+ expected_message: &str,
+ path: &String,
+ footer_key: &[u8],
+ column_1_key: &[u8],
+ column_2_key: &[u8],
+ ) {
+ let mut file = File::open(&path).await.unwrap();
+
+ let mut decryption_properties =
FileDecryptionProperties::builder(footer_key.to_vec());
+
+ if column_1_key.is_empty() {
+ decryption_properties =
+ decryption_properties.with_column_key("double_field",
column_1_key.to_vec());
+ }
+
+ if column_2_key.is_empty() {
+ decryption_properties =
+ decryption_properties.with_column_key("float_field",
column_2_key.to_vec());
+ }
+
+ let decryption_properties = decryption_properties.build().unwrap();
+
+ match verify_encryption_test_file_read_async(&mut file,
decryption_properties).await {
+ Ok(_) => {
+ panic!("did not get expected error")
+ }
+ Err(e) => {
+ assert_eq!(e.to_string(), expected_message);
+ }
+ }
+ }
+
+ // Too short footer key
+ check_for_error(
+ "Parquet error: Invalid footer key. Failed to create AES key",
+ &path,
+ "bad_pwd".as_bytes(),
+ column_1_key,
+ column_2_key,
+ )
+ .await;
+
+ // Wrong footer key
+ check_for_error(
+ "Parquet error: Provided footer key was unable to decrypt parquet
footer",
+ &path,
+ "1123456789012345".as_bytes(),
+ column_1_key,
+ column_2_key,
+ )
+ .await;
+
+ // todo: should this be double_field?
Review Comment:
Your suggestion fixed the issue. Todos are resolved.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscr...@arrow.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
