public void EncryptExplicit() { var keyDoc = ReadJsonTestFile("key-document.json"); Guid key = keyDoc["_id"].AsGuid; BsonDocument doc = new BsonDocument() { { "v", "hello" }, }; var testData = BsonUtil.ToBytes(doc); byte[] encryptedBytes; using (var cryptClient = CryptClientFactory.Create(CreateOptions())) using (var context = cryptClient.StartExplicitEncryptionContext(key, EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random, testData)) { var(encryptedBinary, encryptedDocument) = ProcessContextToCompletion(context); encryptedBytes = encryptedBinary.ToArray(); // need to copy bytes out before the context gets destroyed } using (var cryptClient = CryptClientFactory.Create(CreateOptions())) using (var context = cryptClient.StartExplicitDecryptionContext(encryptedBytes)) { var(decryptedResult, _) = ProcessContextToCompletion(context); decryptedResult.ToArray().Should().Equal(testData); } }
public void EncryptQuery() { using (var cryptClient = CryptClientFactory.Create(CreateOptions())) using (var context = cryptClient.StartEncryptionContext("test", command: BsonUtil.ToBytes(ReadJsonTestFile("cmd.json")))) { var(_, bsonCommand) = ProcessContextToCompletion(context); bsonCommand.Should().Equal((ReadJsonTestFile("encrypted-command.json"))); } }
static BsonDocument ReadJsonTestFile(string file) { var text = ReadTestFile(file); if (text == null) { throw new FileNotFoundException(file); } // Work around C# drivers and C driver have different extended json support text = text.Replace("\"$numberLong\"", "$numberLong"); return(BsonUtil.FromJSON(text)); }
public void EncryptExplicitStepwise() { var keyDoc = ReadJsonTestFile("key-document.json"); var key = keyDoc["_id"].AsGuid; var doc = new BsonDocument("v", "hello"); var testData = BsonUtil.ToBytes(doc); using (var cryptClient = CryptClientFactory.Create(CreateOptions())) { byte[] encryptedResult; using (var context = cryptClient.StartExplicitEncryptionContext( key: key, encryptionAlgorithm: EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic, command: testData)) { var(state, binaryProduced, operationProduced) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_KEYS); operationProduced.Should().Equal(ReadJsonTestFile("key-filter.json")); (state, _, _) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_KMS); // kms fluent assertions inside ProcessState() (state, binaryProduced, operationProduced) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY); operationProduced.Should().Equal(ReadJsonTestFile("encrypted-value.json")); encryptedResult = binaryProduced.ToArray(); // need to copy bytes out before the context gets destroyed (state, _, _) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_DONE); } using (var context = cryptClient.StartExplicitDecryptionContext(encryptedResult)) { var(state, decryptedBinary, _) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY); decryptedBinary.ToArray().Should().Equal(testData); (state, _, _) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_DONE); } } }
public void DecryptQueryStepwise() { using (var cryptClient = CryptClientFactory.Create(CreateOptions())) using (var context = cryptClient.StartDecryptionContext(BsonUtil.ToBytes(ReadJsonTestFile("encrypted-command-reply.json")))) { var(state, _, operationProduced) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_KEYS); operationProduced.Should().Equal(ReadJsonTestFile("key-filter.json")); (state, _, _) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_KMS); // kms fluent assertions inside ProcessState() (state, _, operationProduced) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY); operationProduced.Should().Equal(ReadJsonTestFile("command-reply.json")); (state, _, _) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_DONE); } }
public void EncryptQueryWithSchemaStepwise() { var listCollectionsReply = ReadJsonTestFile("collection-info.json"); var schema = new BsonDocument("test.test", listCollectionsReply["options"]["validator"]["$jsonSchema"]); var options = new CryptOptions( new AwsKmsCredentials( awsSecretAccessKey: "us-east-1", awsAccessKeyId: "us-east-1"), BsonUtil.ToBytes(schema) ); using (var cryptClient = CryptClientFactory.Create(options)) using (var context = cryptClient.StartEncryptionContext( db: "test", command: BsonUtil.ToBytes(ReadJsonTestFile("cmd.json")))) { var(state, _, operationSent) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); var mongoCryptdCommand = ReadJsonTestFile("mongocryptd-command.json"); mongoCryptdCommand["isRemoteSchema"] = false; operationSent.Should().Equal(mongoCryptdCommand); (state, _, operationSent) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_KEYS); operationSent.Should().Equal(ReadJsonTestFile("key-filter.json")); (state, _, _) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_KMS); // kms fluent assertions inside ProcessState() (state, _, operationSent) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY); operationSent.Should().Equal((ReadJsonTestFile("encrypted-command.json"))); } }
public void EncryptQueryStepwise() { using (var cryptClient = CryptClientFactory.Create(CreateOptions())) using (var context = cryptClient.StartEncryptionContext("test", command: BsonUtil.ToBytes(ReadJsonTestFile("cmd.json")))) { var(state, _, operationSent) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_COLLINFO); operationSent.Should().Equal((ReadJsonTestFile("list-collections-filter.json"))); (state, _, operationSent) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); operationSent.Should().Equal(ReadJsonTestFile("mongocryptd-command.json")); (state, _, operationSent) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_KEYS); operationSent.Should().Equal(ReadJsonTestFile("key-filter.json")); (state, _, _) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_KMS); // kms fluent assertions inside ProcessState() (state, _, operationSent) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY); operationSent.Should().Equal((ReadJsonTestFile("encrypted-command.json"))); } }
/// <summary> /// Processes the current state, simulating the execution the operation/post requests needed to reach the next state /// Returns (stateProcessed, binaryOperationProduced, bsonOperationProduced) /// </summary> /// <param name="context"></param> /// <param name="isKmsDecrypt"></param> /// <returns></returns> /// <exception cref="NotImplementedException"></exception> private (CryptContext.StateCode stateProcessed, Binary binaryProduced, BsonDocument bsonOperationProduced) ProcessState(CryptContext context, bool isKmsDecrypt = true) { _output.WriteLine("\n----------------------------------\nState:" + context.State); switch (context.State) { case CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_COLLINFO: { var binary = context.GetOperation(); var doc = BsonUtil.ToDocument(binary); _output.WriteLine("ListCollections: " + doc); var reply = ReadJsonTestFile("collection-info.json"); _output.WriteLine("Reply:" + reply); context.Feed(BsonUtil.ToBytes(reply)); context.MarkDone(); return(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_COLLINFO, binary, doc); } case CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_MARKINGS: { var binary = context.GetOperation(); var doc = BsonUtil.ToDocument(binary); _output.WriteLine("Markings: " + doc); var reply = ReadJsonTestFile("mongocryptd-reply.json"); _output.WriteLine("Reply:" + reply); context.Feed(BsonUtil.ToBytes(reply)); context.MarkDone(); return(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_MARKINGS, binary, doc); } case CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_KEYS: { var binary = context.GetOperation(); var doc = BsonUtil.ToDocument(binary); _output.WriteLine("Key Document: " + doc); var reply = ReadJsonTestFile("key-document.json"); _output.WriteLine("Reply:" + reply); context.Feed(BsonUtil.ToBytes(reply)); context.MarkDone(); return(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_KEYS, binary, doc); } case CryptContext.StateCode.MONGOCRYPT_CTX_NEED_KMS: { var requests = context.GetKmsMessageRequests(); foreach (var req in requests) { var binary = req.Message; _output.WriteLine("Key Document: " + binary); var postRequest = binary.ToString(); postRequest.Should().Contain("Host:kms.us-east-1.amazonaws.com"); var reply = ReadHttpTestFile(isKmsDecrypt ? "kms-decrypt-reply.txt" : "kms-encrypt-reply.txt"); _output.WriteLine("Reply: " + reply); req.Feed(Encoding.UTF8.GetBytes(reply)); req.BytesNeeded.Should().Be(0); } requests.MarkDone(); return(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_KMS, null, null); } case CryptContext.StateCode.MONGOCRYPT_CTX_READY: { Binary binary = context.FinalizeForEncryption(); _output.WriteLine("Buffer:" + binary.ToArray()); var document = BsonUtil.ToDocument(binary); _output.WriteLine("Document:" + document); return(CryptContext.StateCode.MONGOCRYPT_CTX_READY, binary, document); } case CryptContext.StateCode.MONGOCRYPT_CTX_DONE: { _output.WriteLine("DONE!!"); return(CryptContext.StateCode.MONGOCRYPT_CTX_DONE, null, null); } case CryptContext.StateCode.MONGOCRYPT_CTX_ERROR: { // We expect exceptions are thrown before we get to this state throw new NotImplementedException(); } } throw new NotImplementedException(); }