From 05b264a8f161fd6e7c0ecd93b636c5f069eb8b52 Mon Sep 17 00:00:00 2001
From: Steven Silvester <steve.silvester@mongodb.com>
Date: Mon, 14 Jul 2025 09:22:49 -0500
Subject: [PATCH] PYTHON-5361 Fix timeouts in CSE custom endpoint test

---
 test/asynchronous/test_encryption.py | 21 ++++++++-------------
 test/test_encryption.py              | 21 ++++++++-------------
 2 files changed, 16 insertions(+), 26 deletions(-)

diff --git a/test/asynchronous/test_encryption.py b/test/asynchronous/test_encryption.py
index c2ef7c7e33..f6afa4b2a3 100644
--- a/test/asynchronous/test_encryption.py
+++ b/test/asynchronous/test_encryption.py
@@ -1306,7 +1306,7 @@ async def asyncSetUp(self):
         kms_providers_invalid = copy.deepcopy(kms_providers)
         kms_providers_invalid["azure"]["identityPlatformEndpoint"] = "doesnotexist.invalid:443"
         kms_providers_invalid["gcp"]["endpoint"] = "doesnotexist.invalid:443"
-        kms_providers_invalid["kmip"]["endpoint"] = "doesnotexist.local:5698"
+        kms_providers_invalid["kmip"]["endpoint"] = "doesnotexist.invalid:5698"
         self.client_encryption_invalid = self.create_client_encryption(
             kms_providers=kms_providers_invalid,
             key_vault_namespace="keyvault.datakeys",
@@ -1364,15 +1364,10 @@ async def test_03_aws_region_key_endpoint_port(self):
             },
         )
 
-    @unittest.skipUnless(any(AWS_CREDS.values()), "AWS environment credentials are not set")
-    async def test_04_aws_endpoint_invalid_port(self):
-        master_key = {
-            "region": "us-east-1",
-            "key": ("arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0"),
-            "endpoint": "kms.us-east-1.amazonaws.com:12345",
-        }
-        with self.assertRaisesRegex(EncryptionError, "kms.us-east-1.amazonaws.com:12345"):
-            await self.client_encryption.create_data_key("aws", master_key=master_key)
+    async def test_04_kmip_endpoint_invalid_port(self):
+        master_key = {"keyId": "1", "endpoint": "localhost:12345"}
+        with self.assertRaisesRegex(EncryptionError, "localhost:12345"):
+            await self.client_encryption.create_data_key("kmip", master_key=master_key)
 
     @unittest.skipUnless(any(AWS_CREDS.values()), "AWS environment credentials are not set")
     async def test_05_aws_endpoint_wrong_region(self):
@@ -1478,7 +1473,7 @@ async def test_11_kmip_master_key_endpoint(self):
         self.assertEqual("test", await self.client_encryption_invalid.decrypt(encrypted))
 
     async def test_12_kmip_master_key_invalid_endpoint(self):
-        key = {"keyId": "1", "endpoint": "doesnotexist.local:5698"}
+        key = {"keyId": "1", "endpoint": "doesnotexist.invalid:5698"}
         with self.assertRaisesRegex(EncryptionError, self.kmip_host_error):
             await self.client_encryption.create_data_key("kmip", key)
 
@@ -2166,7 +2161,7 @@ async def test_01_aws(self):
             await self.client_encryption_invalid_hostname.create_data_key("aws", key)
 
     async def test_02_azure(self):
-        key = {"keyVaultEndpoint": "doesnotexist.local", "keyName": "foo"}
+        key = {"keyVaultEndpoint": "doesnotexist.invalid", "keyName": "foo"}
         # Missing client cert error.
         with self.assertRaisesRegex(EncryptionError, self.cert_error):
             await self.client_encryption_no_client_cert.create_data_key("azure", key)
@@ -2241,7 +2236,7 @@ async def test_06_named_kms_providers_apply_tls_options_aws(self):
             await self.client_encryption_with_names.create_data_key("aws:with_tls", key)
 
     async def test_06_named_kms_providers_apply_tls_options_azure(self):
-        key = {"keyVaultEndpoint": "doesnotexist.local", "keyName": "foo"}
+        key = {"keyVaultEndpoint": "doesnotexist.invalid", "keyName": "foo"}
         # Missing client cert error.
         with self.assertRaisesRegex(EncryptionError, self.cert_error):
             await self.client_encryption_with_names.create_data_key("azure:no_client_cert", key)
diff --git a/test/test_encryption.py b/test/test_encryption.py
index 68b24f1729..5c8813203d 100644
--- a/test/test_encryption.py
+++ b/test/test_encryption.py
@@ -1302,7 +1302,7 @@ def setUp(self):
         kms_providers_invalid = copy.deepcopy(kms_providers)
         kms_providers_invalid["azure"]["identityPlatformEndpoint"] = "doesnotexist.invalid:443"
         kms_providers_invalid["gcp"]["endpoint"] = "doesnotexist.invalid:443"
-        kms_providers_invalid["kmip"]["endpoint"] = "doesnotexist.local:5698"
+        kms_providers_invalid["kmip"]["endpoint"] = "doesnotexist.invalid:5698"
         self.client_encryption_invalid = self.create_client_encryption(
             kms_providers=kms_providers_invalid,
             key_vault_namespace="keyvault.datakeys",
@@ -1358,15 +1358,10 @@ def test_03_aws_region_key_endpoint_port(self):
             },
         )
 
-    @unittest.skipUnless(any(AWS_CREDS.values()), "AWS environment credentials are not set")
-    def test_04_aws_endpoint_invalid_port(self):
-        master_key = {
-            "region": "us-east-1",
-            "key": ("arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0"),
-            "endpoint": "kms.us-east-1.amazonaws.com:12345",
-        }
-        with self.assertRaisesRegex(EncryptionError, "kms.us-east-1.amazonaws.com:12345"):
-            self.client_encryption.create_data_key("aws", master_key=master_key)
+    def test_04_kmip_endpoint_invalid_port(self):
+        master_key = {"keyId": "1", "endpoint": "localhost:12345"}
+        with self.assertRaisesRegex(EncryptionError, "localhost:12345"):
+            self.client_encryption.create_data_key("kmip", master_key=master_key)
 
     @unittest.skipUnless(any(AWS_CREDS.values()), "AWS environment credentials are not set")
     def test_05_aws_endpoint_wrong_region(self):
@@ -1472,7 +1467,7 @@ def test_11_kmip_master_key_endpoint(self):
         self.assertEqual("test", self.client_encryption_invalid.decrypt(encrypted))
 
     def test_12_kmip_master_key_invalid_endpoint(self):
-        key = {"keyId": "1", "endpoint": "doesnotexist.local:5698"}
+        key = {"keyId": "1", "endpoint": "doesnotexist.invalid:5698"}
         with self.assertRaisesRegex(EncryptionError, self.kmip_host_error):
             self.client_encryption.create_data_key("kmip", key)
 
@@ -2158,7 +2153,7 @@ def test_01_aws(self):
             self.client_encryption_invalid_hostname.create_data_key("aws", key)
 
     def test_02_azure(self):
-        key = {"keyVaultEndpoint": "doesnotexist.local", "keyName": "foo"}
+        key = {"keyVaultEndpoint": "doesnotexist.invalid", "keyName": "foo"}
         # Missing client cert error.
         with self.assertRaisesRegex(EncryptionError, self.cert_error):
             self.client_encryption_no_client_cert.create_data_key("azure", key)
@@ -2233,7 +2228,7 @@ def test_06_named_kms_providers_apply_tls_options_aws(self):
             self.client_encryption_with_names.create_data_key("aws:with_tls", key)
 
     def test_06_named_kms_providers_apply_tls_options_azure(self):
-        key = {"keyVaultEndpoint": "doesnotexist.local", "keyName": "foo"}
+        key = {"keyVaultEndpoint": "doesnotexist.invalid", "keyName": "foo"}
         # Missing client cert error.
         with self.assertRaisesRegex(EncryptionError, self.cert_error):
             self.client_encryption_with_names.create_data_key("azure:no_client_cert", key)