don't throw exception for encryption errors

Author: asloobq

tests/test_client.py

@@ -123,7 +123,7 @@ def get_post_refresh_keys_response_with_no_default_keyset_key():
 
         with self.assertRaises(EncryptionError) as context:
             client.encrypt(example_uid)
-        self.assertEqual('No Keyset Key Found', str(context.exception))
+        self.assertEqual("('No Keyset Key Found',)", str(context.exception))
 
     def test_cannot_encrypt_if_theres_no_default_keyset_header(self, mock_refresh_keys_util):
         def get_post_refresh_keys_response_with_no_default_keyset_header():
@@ -137,7 +137,7 @@ def get_post_refresh_keys_response_with_no_default_keyset_header():
 
         with self.assertRaises(EncryptionError) as context:
             client.encrypt(example_uid)
-        self.assertEqual('No Keyset Key Found', str(context.exception))
+        self.assertEqual("('No Keyset Key Found',)", str(context.exception))
 
     def test_expiry_in_token_matches_expiry_in_response(self, mock_refresh_keys_util):
         def get_post_refresh_keys_response_with_token_expiry():
@@ -176,7 +176,7 @@ def get_post_refresh_keys_response_with_key_inactive():
 
         with self.assertRaises(EncryptionError) as context:
             client.encrypt(example_uid)
-        self.assertEqual('No Keyset Key Found', str(context.exception))
+        self.assertEqual("('No Keyset Key Found',)", str(context.exception))
 
     def test_encrypt_key_expired(self, mock_refresh_keys_util):
         def get_post_refresh_keys_response_with_key_expired():
@@ -190,4 +190,4 @@ def get_post_refresh_keys_response_with_key_expired():
 
         with self.assertRaises(EncryptionError) as context:
             client.encrypt(example_uid)
-        self.assertEqual('No Keyset Key Found', str(context.exception))
+        self.assertEqual("('No Keyset Key Found',)", str(context.exception))

tests/test_sharing.py

@@ -1,4 +1,5 @@
 import unittest
+from unittest.mock import patch
 
 from uid2_client import *
 from test_utils import *
@@ -65,19 +66,21 @@ def test_multiple_keys_per_keyset(self):
 
         self.assertEqual(example_uid, result.uid)
 
-    def test_cannot_encrypt_if_no_key_from_default_keyset(self):
+    @patch('uid2_client.client.refresh_sharing_keys')
+    def test_cannot_encrypt_if_no_key_from_default_keyset(self, mock_refresh_sharing_keys):
         client = Uid2Client("endpoint", "authkey", client_secret)
-        json_body = key_set_to_json_for_sharing([master_key])
-        keys = client.refresh_json(json_body)
-
-        self.assertRaises(EncryptionError, encrypt, example_uid, IdentityScope.UID2, keys)
+        mock_refresh_sharing_keys.return_value = create_default_key_collection([master_key])
+        client.refresh_keys()
+        self.assertRaises(EncryptionError, client.encrypt, example_uid)
 
-    def test_cannot_encrypt_if_theres_no_default_keyset_header(self):
+    @patch('uid2_client.client.refresh_sharing_keys')
+    def test_cannot_encrypt_if_theres_no_default_keyset_header(self, mock_refresh_sharing_keys):
         client = Uid2Client("endpoint", "authkey", client_secret)
-        json_body = key_set_to_json_for_sharing_with_header("", site_id, [master_key, site_key])
-        keys = client.refresh_json(json_body)
-        self.assertRaises(EncryptionError, encrypt, example_uid, IdentityScope.UID2, keys)
-
+        key_set = [master_key, site_key]
+        mock_refresh_sharing_keys.return_value = EncryptionKeysCollection(key_set, IdentityScope.UID2, site_id, 1,
+                                        "", 86400)
+        client.refresh_keys()
+        self.assertRaises(EncryptionError, client.encrypt, example_uid)
 
     def test_expiry_in_token_matches_expiry_in_reponse(self):
         client = Uid2Client("endpoint", "authkey", client_secret)
@@ -92,14 +95,18 @@ def test_expiry_in_token_matches_expiry_in_reponse(self):
 
         self.assertRaises(EncryptionError, decrypt, encrypted_data_response.encrypted_data, keys, now=now + dt.timedelta(seconds=3))
 
-    def test_encrypt_key_inactive(self):
+    @patch('uid2_client.client.refresh_sharing_keys')
+    def test_encrypt_key_inactive(self, mock_refresh_sharing_keys):
         client = Uid2Client("endpoint", "authkey", client_secret)
         key = EncryptionKey(245, site_id, now, now + dt.timedelta(days=1), now +dt.timedelta(days=2), site_secret, keyset_id=99999)
-        keys = client.refresh_json(key_set_to_json_for_sharing([master_key, key]))
-        self.assertRaises(EncryptionError, encrypt, example_uid, IdentityScope.UID2, keys)
+        mock_refresh_sharing_keys.return_value = create_default_key_collection([master_key, key])
+        client.refresh_keys()
+        self.assertRaises(EncryptionError, client.encrypt, example_uid)
 
-    def test_encrypt_key_expired(self):
+    @patch('uid2_client.client.refresh_sharing_keys')
+    def test_encrypt_key_expired(self, mock_refresh_sharing_keys):
         client = Uid2Client("endpoint", "authkey", client_secret)
         key = EncryptionKey(245, site_id, now, now, now - dt.timedelta(days=1), site_secret, keyset_id=99999)
-        keys = client.refresh_json(key_set_to_json_for_sharing([master_key, key]))
-        self.assertRaises(EncryptionError, encrypt, example_uid, IdentityScope.UID2, keys)
+        mock_refresh_sharing_keys.return_value = create_default_key_collection([master_key, key])
+        client.refresh_keys()
+        self.assertRaises(EncryptionError, client.encrypt, example_uid)

tests/test_sharing_client.py

@@ -2,7 +2,7 @@
 from unittest.mock import patch
 
 from test_utils import *
-from uid2_client import SharingClient, EncryptionError, DecryptionStatus
+from uid2_client import SharingClient, DecryptionStatus
 from uid2_client.encryption_status import EncryptionStatus
 
 
@@ -165,9 +165,8 @@ def get_post_refresh_keys_response_with_no_default_keyset_key():
         mock_refresh_keys_util.return_value = get_post_refresh_keys_response_with_no_default_keyset_key()
         self._client.refresh()
 
-        with self.assertRaises(EncryptionError) as context:
-            self._client.encrypt_raw_uid_into_token(example_uid)
-        self.assertEqual('No Keyset Key Found', str(context.exception))
+        result = self._client.encrypt_raw_uid_into_token(example_uid)
+        self.assertEqual(result.status, EncryptionStatus.NOT_AUTHORIZED_FOR_KEY)
 
     def test_cannot_encrypt_if_theres_no_default_keyset_header(self, mock_refresh_keys_util):  #CannotEncryptIfTheresNoDefaultKeysetHeader
         def get_post_refresh_keys_response_with_no_default_keyset_header():
@@ -177,10 +176,10 @@ def get_post_refresh_keys_response_with_no_default_keyset_header():
 
         mock_refresh_keys_util.return_value = get_post_refresh_keys_response_with_no_default_keyset_header()
         self._client.refresh()
+        self._client.encrypt_raw_uid_into_token(example_uid)
 
-        with self.assertRaises(EncryptionError) as context:
-            self._client.encrypt_raw_uid_into_token(example_uid)
-        self.assertEqual('No Keyset Key Found', str(context.exception))
+        result = self._client.encrypt_raw_uid_into_token(example_uid)
+        self.assertEqual(result.status, EncryptionStatus.NOT_AUTHORIZED_FOR_KEY)
 
     def test_expiry_in_token_matches_expiry_in_response(self, mock_refresh_keys_util):  # ExpiryInTokenMatchesExpiryInResponse
 
@@ -198,7 +197,6 @@ def test_expiry_in_token_matches_expiry_in_response(self, mock_refresh_keys_util
         self.assertFalse(result.success)
         self.assertEqual(DecryptionStatus.TOKEN_EXPIRED, result.status)
 
-
     def test_encrypt_key_inactive(self, mock_refresh_keys_util):  #EncryptKeyInactive
         def get_post_refresh_keys_response_with_key_inactive():
             inactive_key = EncryptionKey(245, site_id, now, TOMORROW, IN_2_DAYS,
@@ -208,9 +206,8 @@ def get_post_refresh_keys_response_with_key_inactive():
         mock_refresh_keys_util.return_value = get_post_refresh_keys_response_with_key_inactive()
         self._client.refresh()
 
-        with self.assertRaises(EncryptionError) as context:
-            self._client.encrypt_raw_uid_into_token(example_uid)
-        self.assertEqual('No Keyset Key Found', str(context.exception))
+        result = self._client.encrypt_raw_uid_into_token(example_uid)
+        self.assertEqual(result.status, EncryptionStatus.NOT_AUTHORIZED_FOR_KEY)
 
     def test_encrypt_key_expired(self, mock_refresh_keys_util):  #EncryptKeyExpired
         def get_post_refresh_keys_response_with_key_expired():
@@ -221,9 +218,8 @@ def get_post_refresh_keys_response_with_key_expired():
         mock_refresh_keys_util.return_value = get_post_refresh_keys_response_with_key_expired()
         self._client.refresh()
 
-        with self.assertRaises(EncryptionError) as context:
-            self._client.encrypt_raw_uid_into_token(example_uid)
-        self.assertEqual('No Keyset Key Found', str(context.exception))
+        result = self._client.encrypt_raw_uid_into_token(example_uid)
+        self.assertEqual(result.status, EncryptionStatus.NOT_AUTHORIZED_FOR_KEY)
 
     def test_refresh_keys(self, mock_refresh_sharing_keys):
         key_collection = create_default_key_collection([master_key])

uid2_client/__init__.py

@@ -19,5 +19,8 @@
 from .publisher_client import *
 from .bid_stream_client import *
 from .sharing_client import *
+from .decryption_status import *
+from .encryption_status import *
+from .encryption_data_response import *
 
 

uid2_client/client.py

@@ -6,13 +6,13 @@
 """
 
 import datetime as dt
-from datetime import timezone
 import json
+from datetime import timezone
 
-from uid2_client import encryption
-from .client_type import ClientType
-from .keys import EncryptionKey, EncryptionKeysCollection
+#from uid2_client import encryption, EncryptionError, EncryptionStatus
+from .encryption import *
 from .identity_scope import IdentityScope
+from .keys import EncryptionKeysCollection
 from .refresh_keys_util import refresh_sharing_keys, parse_keys_json
 from .request_response_util import *
 
@@ -98,7 +98,11 @@ def encrypt(self, uid2, keyset_id=None):
 
             Returns (str): Sharing Token
             """
-        return encryption.encrypt(uid2, self._identity_scope, self._keys, keyset_id).encrypted_data
+        result = encrypt(uid2, self._identity_scope, self._keys, keyset_id)
+        if result.status == EncryptionStatus.SUCCESS:
+            return result.encrypted_data
+        else:
+            raise EncryptionError(result.status.value)
 
     def decrypt(self, token):
         """Decrypt advertising token to extract UID2 details.
@@ -115,7 +119,7 @@ def decrypt(self, token):
                 EncryptionError: if token version is not supported, the token has expired,
                                  or no required decryption keys present in the keys collection
         """
-        return encryption.decrypt(token, self._keys)
+        return decrypt(token, self._keys)
 
 class Uid2ClientError(Exception):
     """Raised for problems encountered while interacting with UID2 services."""

uid2_client/encryption.py

@@ -16,6 +16,7 @@
 from uid2_client.client_type import ClientType
 from uid2_client.decryption_status import DecryptionStatus
 from uid2_client.encryption_data_response import EncryptionDataResponse
+from uid2_client.encryption_status import EncryptionStatus
 from uid2_client.uid2_base64_url_coder import Uid2Base64UrlCoder
 from uid2_client.identity_type import IdentityType
 from uid2_client.identity_scope import IdentityScope
@@ -102,13 +103,10 @@ def _decrypt_token(token, keys, domain_name, client_type, now):
         now = dt.datetime.now(tz=dt.timezone.utc)
     if keys is None:
         return DecryptedToken.make_error(DecryptionStatus.NOT_INITIALIZED)
-        # raise EncryptionError('keys not initialized')
     if not keys.valid(now):
         return DecryptedToken.make_error(DecryptionStatus.KEYS_NOT_SYNCED)
-        # raise EncryptionError('no keys available or all keys have expired; refresh the latest keys from UID2 service')
     if len(token) < 4:
         return DecryptedToken.make_error(DecryptionStatus.INVALID_PAYLOAD)
-        # raise EncryptionError('invalid payload')
 
     header_str = token[0:4]
     index = next((i for i, ch in enumerate(header_str) if ch in base64_url_special_chars), None)
@@ -124,7 +122,6 @@ def _decrypt_token(token, keys, domain_name, client_type, now):
         return _decrypt_token_v3(Uid2Base64UrlCoder.decode(token), keys, domain_name, client_type, now, AdvertisingTokenVersion.ADVERTISING_TOKEN_V4)
     else:
         return DecryptedToken.make_error(DecryptionStatus.VERSION_NOT_SUPPORTED)
-        # raise EncryptionError('token version not supported')
 
 
 def _token_has_valid_lifetime(keys, client_type, established, expires, now):
@@ -312,7 +309,7 @@ def encrypt(uid2, identity_scope, keys, keyset_id=None, **kwargs):
         return
 
     if key is None:
-        raise EncryptionError("No Keyset Key Found")
+        return EncryptionDataResponse.make_error(EncryptionStatus.NOT_AUTHORIZED_FOR_KEY)
     if identity_scope is None:
         identity_scope = keys.get_identity_scope()
     return _encrypt_token(uid2, identity_scope, master_key, key, site_id, now, token_expiry, ad_token_version)
@@ -405,6 +402,7 @@ def encrypt_data(data, identity_scope, **kwargs):
 def _encrypt_data_v1(data, key, iv):
     return int.to_bytes(key.key_id, 4, 'big') + iv + _encrypt(data, iv, key)
 
+
 # DEPRECATED, DO NOT CALL
 def decrypt_data(encrypted_data, keys):
     """Decrypt data encrypted with encrypt_data().

uid2_client/encryption_status.py

@@ -3,7 +3,7 @@
 
 class EncryptionStatus(Enum):
     SUCCESS = "success",
-    # NOT_AUTHORIZED_FOR_KEY = "not_authorized_for_key",
+    NOT_AUTHORIZED_FOR_KEY = "No Keyset Key Found",
     # NOT_AUTHORIZED_FOR_MASTER_KEY = "not_authorized_for_master_key",
     # NOT_INITIALIZED = "not_initialized",
     # KEYS_NOT_SYNCED = "keys_not_synced",