From dd63cebf8174a48da57543fc43af7eb708846eeb Mon Sep 17 00:00:00 2001
From: mattsb42-aws <bullocm@amazon.com>
Date: Tue, 27 Aug 2019 20:49:47 -0700
Subject: [PATCH] add kms:ReEncrypt invalid destination key test

---
 moto/kms/models.py         |  2 ++
 tests/test_kms/test_kms.py | 19 +++++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/moto/kms/models.py b/moto/kms/models.py
index e5dc1cd76..5f89407f5 100644
--- a/moto/kms/models.py
+++ b/moto/kms/models.py
@@ -217,6 +217,8 @@ class KmsBackend(BaseBackend):
     def re_encrypt(
         self, ciphertext_blob, source_encryption_context, destination_key_id, destination_encryption_context
     ):
+        destination_key_id = self.any_id_to_key_id(destination_key_id)
+
         plaintext, decrypting_arn = self.decrypt(
             ciphertext_blob=ciphertext_blob, encryption_context=source_encryption_context
         )
diff --git a/tests/test_kms/test_kms.py b/tests/test_kms/test_kms.py
index c132608c9..1c5aa39ea 100644
--- a/tests/test_kms/test_kms.py
+++ b/tests/test_kms/test_kms.py
@@ -889,6 +889,25 @@ def test_re_encrypt_decrypt(plaintext):
     decrypt_response_1["Plaintext"].should.equal(decrypt_response_2["Plaintext"])
 
 
+@mock_kms
+def test_re_encrypt_to_invalid_destination():
+    client = boto3.client("kms", region_name="us-west-2")
+
+    key = client.create_key(Description="key 1")
+    key_id = key["KeyMetadata"]["KeyId"]
+
+    encrypt_response = client.encrypt(
+        KeyId=key_id,
+        Plaintext=b"some plaintext",
+    )
+
+    with assert_raises(client.exceptions.NotFoundException):
+        client.re_encrypt(
+            CiphertextBlob=encrypt_response["CiphertextBlob"],
+            DestinationKeyId="8327948729348",
+        )
+
+
 @mock_kms
 def test_enable_key_rotation_key_not_found():
     client = boto3.client("kms", region_name="us-east-1")