public void TestAwsKeyCreationWithkeyAltNamesStepwise() { var keyAltNames = new[] { "KeyMaker", "Architect" }; var keyAltNameDocuments = keyAltNames.Select(name => new BsonDocument("keyAltName", name)); var keyAltNameBuffers = keyAltNameDocuments.Select(BsonUtil.ToBytes); var keyId = new AwsKeyId(customerMasterKey: "cmk", region: "us-east-1", alternateKeyNamesBsonDocuments: keyAltNameBuffers); var key = new AwsKmsCredentials(awsSecretAccessKey: "us-east-1", awsAccessKeyId: "us-east-1"); using (var cryptClient = CryptClientFactory.Create(new CryptOptions(CreateCredentialsMap(key)))) using (var context = cryptClient.StartCreateDataKeyContext(keyId)) { BsonDocument dataKeyDocument; var(state, _, _) = ProcessState(context, isKmsDecrypt: false); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_KMS); (state, _, dataKeyDocument) = ProcessState(context, isKmsDecrypt: false); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY); dataKeyDocument.Should().NotBeNull(); var actualKeyAltNames = dataKeyDocument["keyAltNames"].AsBsonArray.Select(x => x.AsString); var expectedKeyAltNames = keyAltNames.Reverse(); // https://jira.mongodb.org/browse/CDRIVER-3277? actualKeyAltNames.Should().BeEquivalentTo(expectedKeyAltNames); (state, _, _) = ProcessState(context, isKmsDecrypt: false); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_DONE); } }
public void TestAwsKeyCreationWithEndPoint() { var endpoint = "kms.us-east-1.amazonaws.com"; var keyId = new AwsKeyId( customerMasterKey: "cmk", region: "us-east-1", endpoint: endpoint); var key = new AwsKmsCredentials(awsSecretAccessKey: "us-east-1", awsAccessKeyId: "us-east-1"); using (var cryptClient = CryptClientFactory.Create(new CryptOptions(CreateCredentialsMap(key)))) using (var context = cryptClient.StartCreateDataKeyContext(keyId)) { var(_, dataKeyDocument) = ProcessContextToCompletion(context, isKmsDecrypt: false); dataKeyDocument["masterKey"]["endpoint"].Should().Be(endpoint); } }
public void TestAwsKeyCreationWithEndpointStepwise() { var endpoint = "kms.us-east-1.amazonaws.com"; var keyId = new AwsKeyId( customerMasterKey: "cmk", region: "us-east-1", endpoint: endpoint); var key = new AwsKmsCredentials(awsSecretAccessKey: "us-east-1", awsAccessKeyId: "us-east-1"); using (var cryptClient = CryptClientFactory.Create(new CryptOptions(CreateCredentialsMap(key)))) using (var context = cryptClient.StartCreateDataKeyContext(keyId)) { BsonDocument dataKeyDocument; var(state, _, _) = ProcessState(context, isKmsDecrypt: false); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_KMS); (state, _, dataKeyDocument) = ProcessState(context, isKmsDecrypt: false); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY); dataKeyDocument["masterKey"]["endpoint"].Should().Be(endpoint); (state, _, _) = ProcessState(context, isKmsDecrypt: false); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_DONE); } }
static void Main(string[] args) { // The C# driver transmutes data unless you specify this stupid line! BsonDefaults.GuidRepresentation = GuidRepresentation.Standard; Console.WriteLine("Using url: " + args); // or change me to use the mock Uri kmsURL = Environment.GetEnvironmentVariable("AWS_SECRET_ACCESS_KEY") != null ? null : new Uri("https://*****:*****@"{ 'find': 'test', 'filter' : { '$or': [{ '_id': 1},{ 'ssn': '123-45-6789'}]}, }"); var findCmd = new BsonDocumentCommand <BsonDocument>(controller.EncryptCommand(kmsCredentials, collection, findDoc)); Console.WriteLine("Find CMD: " + findCmd.Document); findCmd.Document.Remove("$db"); var commandResult = database.RunCommand(findCmd); Console.WriteLine("Find Result: " + commandResult); var decryptedDocument = controller.DecryptCommand(kmsCredentials, database, commandResult); Console.WriteLine("Find Result (DECRYPTED): " + decryptedDocument); }