add kms:ReEncrypt invalid destination key test

2019-08-27 20:49:47 -07:00 · 2019-08-27 20:49:47 -07:00 · dd63cebf81
commit dd63cebf81
parent 9ffb9d3d0a
2 changed files with 21 additions and 0 deletions
--- a/moto/kms/models.py
+++ b/moto/kms/models.py
@ -217,6 +217,8 @@ class KmsBackend(BaseBackend):
    def re_encrypt(
        self, ciphertext_blob, source_encryption_context, destination_key_id, destination_encryption_context
    ):
+        destination_key_id = self.any_id_to_key_id(destination_key_id)
+
        plaintext, decrypting_arn = self.decrypt(
            ciphertext_blob=ciphertext_blob, encryption_context=source_encryption_context
        )
--- a/tests/test_kms/test_kms.py
+++ b/tests/test_kms/test_kms.py
@ -889,6 +889,25 @@ def test_re_encrypt_decrypt(plaintext):
    decrypt_response_1["Plaintext"].should.equal(decrypt_response_2["Plaintext"])


+@mock_kms
+def test_re_encrypt_to_invalid_destination():
+    client = boto3.client("kms", region_name="us-west-2")
+
+    key = client.create_key(Description="key 1")
+    key_id = key["KeyMetadata"]["KeyId"]
+
+    encrypt_response = client.encrypt(
+        KeyId=key_id,
+        Plaintext=b"some plaintext",
+    )
+
+    with assert_raises(client.exceptions.NotFoundException):
+        client.re_encrypt(
+            CiphertextBlob=encrypt_response["CiphertextBlob"],
+            DestinationKeyId="8327948729348",
+        )
+
+
@mock_kms
 def test_enable_key_rotation_key_not_found():
    client = boto3.client("kms", region_name="us-east-1")