Don't throw exception. Reply with encryption-decryption response

Author: asloobq

examples/sample_client.py

@@ -27,7 +27,7 @@ def _usage():
 # client = EuidClientFactory.create(base_url, auth_key, secret_key)
 # for UID2 use:
 client = Uid2ClientFactory.create(base_url, auth_key, secret_key)
-client.refresh()
+client.refresh_keys()
 decrypt_result = client.decrypt(ad_token)
 
 print('UID =', decrypt_result.uid)

examples/sample_sharing_client.py

@@ -21,11 +21,11 @@ def _usage():
 
 client = SharingClient(base_url, auth_key, secret_key)
 client.refresh()
-new_sharing_token = client.encrypt_raw_uid_into_token(raw_uid)
+encryption_data_response = client.encrypt_raw_uid_into_token(raw_uid)
 
-print('New Sharing Token =', new_sharing_token)
+print('New Sharing Token =', encryption_data_response.encrypted_data)
 
-decrypt_result = client.decrypt_token_into_raw_uid(new_sharing_token)
+decrypt_result = client.decrypt_token_into_raw_uid(encryption_data_response.encrypted_data)
 
 print('Decrypted UID =', decrypt_result.uid)
 print('Established =', decrypt_result.established)

tests/test_bidstream_client.py

@@ -2,14 +2,24 @@
 from unittest.mock import patch
 
 from test_utils import *
-from uid2_client import BidstreamClient, EncryptionError, Uid2Base64UrlCoder
+from uid2_client import BidstreamClient, EncryptionError, Uid2Base64UrlCoder, DecryptionStatus
 
 
 @patch('uid2_client.bid_stream_client.refresh_bidstream_keys')
 class TestBidStreamClient(unittest.TestCase):
     _CONST_BASE_URL = 'base_url'
     _CONST_API_KEY = 'api_key'
 
+    def assert_success(self, decryption_response, token_version, scope):
+        self.assertEqual(decryption_response.advertising_token_version, token_version)
+        self.assertEqual(decryption_response.uid, example_uid)
+        self.assertEqual(decryption_response.identity_scope, scope)
+        self.assertEqual((now - decryption_response.established).total_seconds(), 0)
+
+    def decrypt_and_assert_success(self, token, token_version, scope):
+        decrypted = self._client.decrypt_token_into_raw_uid(token, None)
+        self.assert_success(decrypted, token_version, scope)
+
     def setUp(self):
         self._key_collection = create_key_collection(IdentityScope.UID2)
         self._client = BidstreamClient(self._CONST_BASE_URL, self._CONST_API_KEY, client_secret)
@@ -20,10 +30,8 @@ def test_smoke_test(self, mock_refresh_bidstream_keys):  # SmokeTest
                 token = generate_uid_token(expected_scope, expected_version)
                 mock_refresh_bidstream_keys.return_value = create_key_collection(expected_scope)
                 self._client.refresh()
-                decrypted = self._client.decrypt_token_into_raw_uid(token, None)
-                self.assertEqual(decrypted.identity_scope, expected_scope)
-                self.assertEqual(decrypted.advertising_token_version, expected_version)
-                self.assertEqual((now - decrypted.established).total_seconds(), 0)
+                self.decrypt_and_assert_success(token, expected_version, expected_scope)
+
 
     def test_phone_uids(self, mock_refresh_bidstream_keys):  # PhoneTest
         for expected_scope, expected_version in test_cases_all_scopes_v3_v4_versions:
@@ -51,9 +59,9 @@ def test_token_lifetime_too_long_for_bidstream(self, mock_refresh_bidstream_keys
                                                                                   99999, 86400,
                                                                                   max_bidstream_lifetime_seconds=max_bidstream_lifetime)
                 self._client.refresh()
-                with self.assertRaises(EncryptionError) as context:
-                    self._client.decrypt_token_into_raw_uid(token, None)
-                self.assertEqual('invalid token lifetime', str(context.exception))
+                result = self._client.decrypt_token_into_raw_uid(token, None)
+                self.assertFalse(result.success)
+                self.assertEqual(result.status, DecryptionStatus.INVALID_TOKEN_LIFETIME)
 
     def test_token_generated_in_the_future_to_simulate_clock_skew(self, mock_refresh_bidstream_keys):  # TokenGeneratedInTheFutureToSimulateClockSkew
         created_at_future = dt.datetime.now(tz=timezone.utc) + dt.timedelta(minutes=31)  #max allowed clock skew is 30m
@@ -64,9 +72,9 @@ def test_token_generated_in_the_future_to_simulate_clock_skew(self, mock_refresh
                                                                                   expected_scope, site_id, 1,
                                                 99999, 86400)
                 self._client.refresh()
-                with self.assertRaises(EncryptionError) as context:
-                    self._client.decrypt_token_into_raw_uid(token, None)
-                self.assertEqual('invalid token lifetime', str(context.exception))
+                result = self._client.decrypt_token_into_raw_uid(token, None)
+                self.assertFalse(result.success)
+                self.assertEqual(result.status, DecryptionStatus.INVALID_TOKEN_LIFETIME)
 
     def test_token_generated_in_the_future_within_allowed_clock_skew(self, mock_refresh_bidstream_keys):  # TokenGeneratedInTheFutureWithinAllowedClockSkew
         created_at_future = dt.datetime.now(tz=timezone.utc) + dt.timedelta(minutes=29)  #max allowed clock skew is 30m
@@ -86,9 +94,9 @@ def test_empty_keys(self, mock_refresh_bidstream_keys):  # EmptyKeyContainer
         token = generate_uid_token(IdentityScope.UID2, AdvertisingTokenVersion.ADVERTISING_TOKEN_V3)
         mock_refresh_bidstream_keys.return_value = None
         self._client.refresh()
-        with self.assertRaises(EncryptionError) as context:
-            self._client.decrypt_token_into_raw_uid(token, None)
-        self.assertEqual('keys not initialized', str(context.exception))
+        result = self._client.decrypt_token_into_raw_uid(token, None)
+        self.assertFalse(result.success)
+        self.assertEqual(result.status, DecryptionStatus.NOT_INITIALIZED)
 
     def test_master_key_expired(self, mock_refresh_bidstream_keys):  #ExpiredKeyContainer
         def get_post_refresh_keys_response_with_key_expired():
@@ -101,10 +109,9 @@ def get_post_refresh_keys_response_with_key_expired():
         mock_refresh_bidstream_keys.return_value = get_post_refresh_keys_response_with_key_expired()
         self._client.refresh()
 
-        with self.assertRaises(EncryptionError) as context:
-            self._client.decrypt_token_into_raw_uid(example_uid, None)
-
-        self.assertEqual('no keys available or all keys have expired; refresh the latest keys from UID2 service', str(context.exception))
+        result = self._client.decrypt_token_into_raw_uid(example_uid, None)
+        self.assertFalse(result.success)
+        self.assertEqual(result.status, DecryptionStatus.KEYS_NOT_SYNCED)
 
     def test_not_authorized_for_master_key(self, mock_refresh_bidstream_keys):  #NotAuthorizedForMasterKey
         def get_post_refresh_keys_response_with_key_expired():
@@ -116,10 +123,9 @@ def get_post_refresh_keys_response_with_key_expired():
         self._client.refresh()
         token = generate_uid_token(IdentityScope.UID2, AdvertisingTokenVersion.ADVERTISING_TOKEN_V4)
 
-        with self.assertRaises(EncryptionError) as context:
-            self._client.decrypt_token_into_raw_uid(token, None)
-
-        self.assertEqual('not authorized for master key', str(context.exception))
+        result = self._client.decrypt_token_into_raw_uid(token, None)
+        self.assertFalse(result.success)
+        self.assertEqual(result.status, DecryptionStatus.NOT_AUTHORIZED_FOR_MASTER_KEY)
 
     def test_invalid_payload(self, mock_refresh_bidstream_keys):  #InvalidPayload
         mock_refresh_bidstream_keys.return_value = create_default_key_collection([master_key, site_key])
@@ -128,21 +134,21 @@ def test_invalid_payload(self, mock_refresh_bidstream_keys):  #InvalidPayload
         payload = Uid2Base64UrlCoder.decode(token)
         bad_token = base64.urlsafe_b64encode(payload[:0])
 
-        with self.assertRaises(EncryptionError) as context:
-            self._client.decrypt_token_into_raw_uid(bad_token, None)
-        self.assertEqual('invalid payload', str(context.exception))
+        result = self._client.decrypt_token_into_raw_uid(bad_token, None)
+        self.assertFalse(result.success)
+        self.assertEqual(result.status, DecryptionStatus.INVALID_PAYLOAD)
 
-    def test_token_expiry_custom_decryption_time(self, mock_refresh_bidstream_keys):
+    def test_token_expiry_custom_decryption_time(self, mock_refresh_bidstream_keys):  #TokenExpiryAndCustomNow
         mock_refresh_bidstream_keys.return_value = create_default_key_collection([master_key, site_key])
         self._client.refresh()
 
         expires_at = now - dt.timedelta(days=60)
         created_at = expires_at - dt.timedelta(minutes=1)
         token = generate_uid_token(IdentityScope.UID2, AdvertisingTokenVersion.ADVERTISING_TOKEN_V4,
                                    created_at=created_at, expires_at=expires_at)
-        with self.assertRaises(EncryptionError) as context:
-            self._client._decrypt_token_into_raw_uid(token, None, expires_at + dt.timedelta(seconds=1))
-        self.assertEqual('token expired', str(context.exception))
+        result = self._client._decrypt_token_into_raw_uid(token, None, expires_at + dt.timedelta(seconds=1))
+        self.assertFalse(result.success)
+        self.assertEqual(result.status, DecryptionStatus.TOKEN_EXPIRED)
 
         result = self._client._decrypt_token_into_raw_uid(token, None, expires_at - dt.timedelta(seconds=1))
         self.assertIsNotNone(result)

tests/test_client.py

@@ -90,15 +90,15 @@ def test_raw_uid_produces_correct_identity_type_in_token(self, mock_refresh_keys
         ad_token = client.encrypt(example_uid)
 
         self.assertEqual(IdentityType.Email,
-                         get_token_identity_type("Q4bGug8t1xjsutKLCNjnb5fTlXSvIQukmahYDJeLBtk=", client._keys))
+                         get_identity_type(client.encrypt("Q4bGug8t1xjsutKLCNjnb5fTlXSvIQukmahYDJeLBtk=")))
         self.assertEqual(IdentityType.Phone,
-                         get_token_identity_type("BEOGxroPLdcY7LrSiwjY52+X05V0ryELpJmoWAyXiwbZ", client._keys))
+                         get_identity_type(client.encrypt("BEOGxroPLdcY7LrSiwjY52+X05V0ryELpJmoWAyXiwbZ")))
         self.assertEqual(IdentityType.Email,
-                         get_token_identity_type("oKg0ZY9ieD/CGMEjAA0kcq+8aUbLMBG0MgCT3kWUnJs=", client._keys))
+                         get_identity_type(client.encrypt("oKg0ZY9ieD/CGMEjAA0kcq+8aUbLMBG0MgCT3kWUnJs=")))
         self.assertEqual(IdentityType.Email,
-                         get_token_identity_type("AKCoNGWPYng/whjBIwANJHKvvGlGyzARtDIAk95FlJyb", client._keys))
+                         get_identity_type(client.encrypt("AKCoNGWPYng/whjBIwANJHKvvGlGyzARtDIAk95FlJyb")))
         self.assertEqual(IdentityType.Email,
-                         get_token_identity_type("EKCoNGWPYng/whjBIwANJHKvvGlGyzARtDIAk95FlJyb", client._keys))
+                         get_identity_type(client.encrypt("EKCoNGWPYng/whjBIwANJHKvvGlGyzARtDIAk95FlJyb")))
 
     def test_multiple_keys_per_keyset(self, mock_refresh_keys_util):
         def get_post_refresh_keys_response_with_multiple_keys():
@@ -123,7 +123,7 @@ def get_post_refresh_keys_response_with_no_default_keyset_key():
 
         with self.assertRaises(EncryptionError) as context:
             client.encrypt(example_uid)
-            self.assertTrue('No Site ID in keys' in context.exception)
+        self.assertEqual('No Keyset Key Found', str(context.exception))
 
     def test_cannot_encrypt_if_theres_no_default_keyset_header(self, mock_refresh_keys_util):
         def get_post_refresh_keys_response_with_no_default_keyset_header():
@@ -137,7 +137,7 @@ def get_post_refresh_keys_response_with_no_default_keyset_header():
 
         with self.assertRaises(EncryptionError) as context:
             client.encrypt(example_uid)
-            self.assertTrue('No Keyset Key Found' in context.exception)
+        self.assertEqual('No Keyset Key Found', str(context.exception))
 
     def test_expiry_in_token_matches_expiry_in_response(self, mock_refresh_keys_util):
         def get_post_refresh_keys_response_with_token_expiry():
@@ -162,7 +162,7 @@ def decrypt_side_effect(token_bytes, keys, now):
 
             with self.assertRaises(EncryptionError) as context:
                 client.decrypt(ad_token)
-                self.assertTrue('token expired' in context.exception)
+            self.assertEqual('invalid payload', str(context.exception))
 
     def test_encrypt_key_inactive(self, mock_refresh_keys_util):
         def get_post_refresh_keys_response_with_key_inactive():
@@ -176,7 +176,7 @@ def get_post_refresh_keys_response_with_key_inactive():
 
         with self.assertRaises(EncryptionError) as context:
             client.encrypt(example_uid)
-            self.assertTrue('No Keyset Key Found' in context.exception)
+        self.assertEqual('No Keyset Key Found', str(context.exception))
 
     def test_encrypt_key_expired(self, mock_refresh_keys_util):
         def get_post_refresh_keys_response_with_key_expired():
@@ -190,4 +190,4 @@ def get_post_refresh_keys_response_with_key_expired():
 
         with self.assertRaises(EncryptionError) as context:
             client.encrypt(example_uid)
-            self.assertTrue('No Keyset Key Found' in context.exception)
+        self.assertEqual('No Keyset Key Found', str(context.exception))

tests/test_encryption.py

@@ -1,9 +1,9 @@
 import unittest
 
-from tests.uid2_token_generator import UID2TokenGenerator, Params
+from test_utils import *
+from tests.uid2_token_generator import Params
 from uid2_client import *
 from uid2_client.encryption import _encrypt_token
-from test_utils import *
 
 _master_secret = bytes([139, 37, 241, 173, 18, 92, 36, 232, 165, 168, 23, 18, 38, 195, 123, 92, 160, 136, 185, 40, 91, 173, 165, 221, 168, 16, 169, 164, 38, 139, 8, 155])
 _site_secret =   bytes([32, 251, 7, 194, 132, 154, 250, 86, 202, 116, 104, 29, 131, 192, 139, 215, 48, 164, 11, 65, 226, 110, 167, 14, 108, 51, 254, 125, 65, 24, 23, 133])
@@ -20,6 +20,7 @@
 _keyset_key = EncryptionKey(_site_key_id, _site_id, _now - dt.timedelta(days=-1), _now, _now + dt.timedelta(days=1), _site_secret, keyset_id=20)
 _test_site_key = EncryptionKey(_test_site_key_id, _site_id, dt.datetime(2020, 1, 1, tzinfo=timezone.utc), dt.datetime(2020, 1, 1, tzinfo=timezone.utc), _now + dt.timedelta(days=1), encryption_block_size * b'9')
 
+
 class TestEncryptionFunctions(unittest.TestCase):
 
     def test_cross_platform_consistency_check_base64_url_test_cases(self):
@@ -200,11 +201,8 @@ def test_decrypt_token_2_invalid_lifetime_exception(self):
                                                           None, None,
                                                           max_sharing_lifetime_seconds, max_bidstream_lifetime_seconds,
                                                           None)
-
-                with self.assertRaises(EncryptionError) as context:
-                    decrypt_token(token, key_collection, "", client_type)
-
-                self.assertEqual(str(context.exception), "invalid token lifetime")
+                decrypted_token = decrypt_token(token, key_collection, "", client_type)
+                self.assertEqual(decrypted_token.status, DecryptionStatus.INVALID_TOKEN_LIFETIME)
 
     def test_decrypt_token_invalid_lifetime_pass(self):
         seconds_since_established = 3600  # from UID2TokenGenerator.generate_uid2_token_v4
@@ -414,7 +412,7 @@ def test_smoke_token_v3(self):
                                 token_expiry=now + dt.timedelta(days=30) if keys.get_token_expiry_seconds() is None \
                                     else now + dt.timedelta(seconds=int(keys.get_token_expiry_seconds())),
                          ad_token_version=AdvertisingTokenVersion.ADVERTISING_TOKEN_V3)
-        final = decrypt(result, keys, now=now)
+        final = decrypt(result.encrypted_data, keys, now=now)
 
         self.assertEqual(uid2, final.uid)
 
@@ -427,7 +425,7 @@ def test_smoke_token_v4(self):
                                         master_keyset_id=9999, caller_site_id=20)
 
         result = encrypt(uid2, identity_scope, keys, now=now)
-        final = decrypt(result, keys, now=now)
+        final = decrypt(result.encrypted_data, keys, now=now)
 
         self.assertEqual(uid2, final.uid)