Respond with encryption error status enums

Author: asloobq

tests/test_client.py

@@ -185,7 +185,7 @@ def get_post_refresh_keys_response_with_key_inactive():
 
         with self.assertRaises(EncryptionError) as context:
             client.encrypt(example_uid)
-        self.assertEqual("No Keyset Key Found", str(context.exception))
+        self.assertEqual(EncryptionStatus.NOT_AUTHORIZED_FOR_MASTER_KEY.value, str(context.exception))
 
     def test_encrypt_key_expired(self, mock_refresh_keys_util):
         def get_post_refresh_keys_response_with_key_expired():
@@ -199,4 +199,4 @@ def get_post_refresh_keys_response_with_key_expired():
 
         with self.assertRaises(EncryptionError) as context:
             client.encrypt(example_uid)
-        self.assertEqual("No Keyset Key Found", str(context.exception))
+        self.assertEqual(EncryptionStatus.KEYS_NOT_SYNCED.value, str(context.exception))

tests/test_sharing_client.py

@@ -283,15 +283,15 @@ def test_expiry_in_token_matches_expiry_in_response(self):  # ExpiryInTokenMatch
 
     def test_encrypt_key_expired(self):  #EncryptKeyExpired
         expired_key = EncryptionKey(site_key_id, site_id, created=now, activates=now, expires=YESTERDAY, secret=site_secret)
-        refresh_response = self._client._refresh_json(keyset_to_json_for_sharing([expired_key]))
+        refresh_response = self._client._refresh_json(keyset_to_json_for_sharing([master_key, expired_key]))
         self.assertTrue(refresh_response.success)
 
         result = self._client.encrypt_raw_uid_into_token(example_uid)
         self.assertEqual(result.status, EncryptionStatus.NOT_AUTHORIZED_FOR_KEY)
 
     def test_encrypt_key_inactive(self):  #EncryptKeyInactive
         inactive_key = EncryptionKey(site_key_id, site_id, now, TOMORROW, IN_2_DAYS, site_secret)
-        refresh_response = self._client._refresh_json(keyset_to_json_for_sharing([inactive_key]))
+        refresh_response = self._client._refresh_json(keyset_to_json_for_sharing([master_key, inactive_key]))
         self.assertTrue(refresh_response.success)
 
         result = self._client.encrypt_raw_uid_into_token(example_uid)

uid2_client/encryption.py

@@ -318,9 +318,15 @@ def encrypt(uid2, identity_scope, keys, keyset_id=None, **kwargs):
         now = dt.datetime.now(tz=timezone.utc)
 
     ad_token_version = AdvertisingTokenVersion.ADVERTISING_TOKEN_V4
+    if keys is None:
+        return EncryptionDataResponse.make_error(EncryptionStatus.NOT_INITIALIZED)
+    if not keys.valid(now):
+        return EncryptionDataResponse.make_error(EncryptionStatus.KEYS_NOT_SYNCED)
 
     key = keys.get_default_keyset_key(now) if keyset_id is None else keys.get_by_keyset_key(keyset_id, now)
     master_key = keys.get_by_keyset_key(keys.get_master_keyset_id(), now)
+    if master_key is None:
+        return EncryptionDataResponse.make_error(EncryptionStatus.NOT_AUTHORIZED_FOR_MASTER_KEY)
 
     token_expiry = now + dt.timedelta(days=30) if keys.get_token_expiry_seconds() is None \
         else now + dt.timedelta(seconds=int(keys.get_token_expiry_seconds()))
@@ -334,7 +340,11 @@ def encrypt(uid2, identity_scope, keys, keyset_id=None, **kwargs):
         return EncryptionDataResponse.make_error(EncryptionStatus.NOT_AUTHORIZED_FOR_KEY)
     if identity_scope is None:
         identity_scope = keys.get_identity_scope()
-    return _encrypt_token(uid2, identity_scope, master_key, key, site_id, now, token_expiry, ad_token_version)
+    try:
+        return _encrypt_token(uid2, identity_scope, master_key, key, site_id, now, token_expiry, ad_token_version)
+    except Exception:
+        return EncryptionDataResponse.make_error(EncryptionStatus.ENCRYPTION_FAILURE)
+
 
 
 # DEPRECATED, DO NOT CALL

uid2_client/encryption_status.py

@@ -2,5 +2,9 @@
 
 
 class EncryptionStatus(Enum):
-    SUCCESS = "success"
+    ENCRYPTION_FAILURE = "Failed to encrypt"
+    KEYS_NOT_SYNCED = "no keys available or all keys have expired; refresh the latest keys from UID2 service"
     NOT_AUTHORIZED_FOR_KEY = "No Keyset Key Found"
+    NOT_AUTHORIZED_FOR_MASTER_KEY = "not authorized for master key"
+    NOT_INITIALIZED = "keys not initialized"
+    SUCCESS = "success"