FileDecryptionProperties should have at least one key

rok · rok · commit c4860dad2f79 · 2025-01-22T16:37:03.000+01:00
diff --git a/parquet/src/arrow/arrow_reader/mod.rs b/parquet/src/arrow/arrow_reader/mod.rs
@@ -1893,7 +1893,8 @@ mod tests {
         let decryption_properties = FileDecryptionProperties::builder()
             .with_column_key("double_field".as_bytes().to_vec(), column_1_key.to_vec())
             .with_column_key("float_field".as_bytes().to_vec(), column_2_key.to_vec())
-            .build();
+            .build()
+            .unwrap();
 
         verify_encryption_test_file_read(file, decryption_properties);
     }
@@ -1913,7 +1914,8 @@ mod tests {
             .with_footer_key(footer_key.to_vec())
             .with_column_key("double_field".as_bytes().to_vec(), column_1_key.to_vec())
             .with_column_key("float_field".as_bytes().to_vec(), column_2_key.to_vec())
-            .build();
+            .build()
+            .unwrap();
 
         verify_encryption_test_file_read(file, decryption_properties);
     }
@@ -1928,7 +1930,8 @@ mod tests {
         let key_code: &[u8] = "0123456789012345".as_bytes();
         let decryption_properties = FileDecryptionProperties::builder()
             .with_footer_key(key_code.to_vec())
-            .build();
+            .build()
+            .unwrap();
 
         verify_encryption_test_file_read(file, decryption_properties);
     }
diff --git a/parquet/src/encryption/decryption.rs b/parquet/src/encryption/decryption.rs
@@ -15,6 +15,7 @@
 // specific language governing permissions and limitations
 // under the License.
 
+use crate::errors::{ParquetError, Result};
 use ring::aead::{Aad, LessSafeKey, UnboundKey, AES_128_GCM};
 use std::collections::HashMap;
 
@@ -23,7 +24,7 @@ const TAG_LEN: usize = 16;
 const SIZE_LEN: usize = 4;
 
 pub trait BlockDecryptor {
-    fn decrypt(&self, length_and_ciphertext: &[u8], aad: &[u8]) -> crate::errors::Result<Vec<u8>>;
+    fn decrypt(&self, length_and_ciphertext: &[u8], aad: &[u8]) -> Result<Vec<u8>>;
 }
 
 #[derive(Debug, Clone)]
@@ -43,7 +44,7 @@ impl RingGcmBlockDecryptor {
 }
 
 impl BlockDecryptor for RingGcmBlockDecryptor {
-    fn decrypt(&self, length_and_ciphertext: &[u8], aad: &[u8]) -> crate::errors::Result<Vec<u8>> {
+    fn decrypt(&self, length_and_ciphertext: &[u8], aad: &[u8]) -> Result<Vec<u8>> {
         let mut result =
             Vec::with_capacity(length_and_ciphertext.len() - SIZE_LEN - NONCE_LEN - TAG_LEN);
         result.extend_from_slice(&length_and_ciphertext[SIZE_LEN + NONCE_LEN..]);
@@ -99,12 +100,16 @@ impl DecryptionPropertiesBuilder {
         }
     }
 
-    pub fn build(self) -> FileDecryptionProperties {
-        FileDecryptionProperties {
+    pub fn build(self) -> Result<FileDecryptionProperties> {
+        if self.footer_key.is_none() && self.column_keys.is_none() {
+            return Err(ParquetError::General("Footer or at least one column key is required".to_string()))
+        }
+
+        Ok(FileDecryptionProperties {
             footer_key: self.footer_key,
             column_keys: self.column_keys,
             aad_prefix: self.aad_prefix,
-        }
+        })
     }
 
     // todo decr: doc comment
@@ -184,6 +189,7 @@ impl FileDecryptor {
                 .with_footer_key(column_key.clone())
                 .with_aad_prefix(self.aad_prefix.clone())
                 .build()
+                .unwrap()
         } else {
             self.decryption_properties.clone()
         };
