def test_setopt_kms_provider_base64_or_bytes(self):
test_fields = [("local", "key"), ("gcp", "privateKey")]
callback = MockCallback()
base_kms_dict = {
'local': {
'key': b'\x00' * 96
},
'gcp': {
'email': '*****@*****.**',
'privateKey': b'\x00'
}
}
for f1, f2 in test_fields:
kms_dict = copy.deepcopy(base_kms_dict)
# Case 1: pass key as string containing bytes (valid)
kms_dict[f1][f2] = b'\x00' * 96
options = MongoCryptOptions(kms_dict)
mc = MongoCrypt(options, callback)
mc.close()
# Case 2: pass key as base64-encoded unicode literal (valid)
kms_dict[f1][f2] = to_base64(b'\x00' * 96)
options = MongoCryptOptions(kms_dict)
mc = MongoCrypt(options, callback)
mc.close()
# Case 3: pass key as unicode string containing bytes (invalid)
kms_dict[f1][f2] = unicode_type(b'\x00' * 96)
options = MongoCryptOptions(kms_dict)
with self.assertRaisesRegex(
MongoCryptError,
"unable to parse base64 from UTF-8 field %s.%s" %
(f1, f2)):
MongoCrypt(options, callback)
# Case 4: pass key as base64-encoded string (invalid)
# Only applicable to "local" as key length is not validated for gcp.
kms_dict = copy.deepcopy(base_kms_dict)
kms_dict['local']['key'] = base64.b64encode(b'\x00' * 96)
options = MongoCryptOptions(kms_dict)
with self.assertRaisesRegex(MongoCryptError,
"local key must be 96 bytes"):
MongoCrypt(options, callback)
def to_base64(data):
b64 = base64.b64encode(data)
if not PY3:
return unicode_type(b64)
return b64.decode('utf-8')