public void EncryptExplicit()
{
var keyDoc = ReadJsonTestFile("key-document.json");
Guid key = keyDoc["_id"].AsGuid;
BsonDocument doc = new BsonDocument()
{
{ "v", "hello" },
};
var testData = BsonUtil.ToBytes(doc);
byte[] encryptedBytes;
using (var cryptClient = CryptClientFactory.Create(CreateOptions()))
using (var context = cryptClient.StartExplicitEncryptionContext(key, EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random, testData))
{
var(encryptedBinary, encryptedDocument) = ProcessContextToCompletion(context);
encryptedBytes = encryptedBinary.ToArray(); // need to copy bytes out before the context gets destroyed
}
using (var cryptClient = CryptClientFactory.Create(CreateOptions()))
using (var context = cryptClient.StartExplicitDecryptionContext(encryptedBytes))
{
var(decryptedResult, _) = ProcessContextToCompletion(context);
decryptedResult.ToArray().Should().Equal(testData);
}
}
public void EncryptQuery()
{
using (var cryptClient = CryptClientFactory.Create(CreateOptions()))
using (var context =
cryptClient.StartEncryptionContext("test", command: BsonUtil.ToBytes(ReadJsonTestFile("cmd.json"))))
{
var(_, bsonCommand) = ProcessContextToCompletion(context);
bsonCommand.Should().Equal((ReadJsonTestFile("encrypted-command.json")));
}
}
static BsonDocument ReadJsonTestFile(string file)
{
var text = ReadTestFile(file);
if (text == null)
{
throw new FileNotFoundException(file);
}
// Work around C# drivers and C driver have different extended json support
text = text.Replace("\"$numberLong\"", "$numberLong");
return(BsonUtil.FromJSON(text));
}
public void EncryptExplicitStepwise()
{
var keyDoc = ReadJsonTestFile("key-document.json");
var key = keyDoc["_id"].AsGuid;
var doc = new BsonDocument("v", "hello");
var testData = BsonUtil.ToBytes(doc);
using (var cryptClient = CryptClientFactory.Create(CreateOptions()))
{
byte[] encryptedResult;
using (var context = cryptClient.StartExplicitEncryptionContext(
key: key,
encryptionAlgorithm: EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic,
command: testData))
{
var(state, binaryProduced, operationProduced) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_KEYS);
operationProduced.Should().Equal(ReadJsonTestFile("key-filter.json"));
(state, _, _) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_KMS);
// kms fluent assertions inside ProcessState()
(state, binaryProduced, operationProduced) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY);
operationProduced.Should().Equal(ReadJsonTestFile("encrypted-value.json"));
encryptedResult = binaryProduced.ToArray(); // need to copy bytes out before the context gets destroyed
(state, _, _) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_DONE);
}
using (var context = cryptClient.StartExplicitDecryptionContext(encryptedResult))
{
var(state, decryptedBinary, _) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY);
decryptedBinary.ToArray().Should().Equal(testData);
(state, _, _) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_DONE);
}
}
}
public void DecryptQueryStepwise()
{
using (var cryptClient = CryptClientFactory.Create(CreateOptions()))
using (var context = cryptClient.StartDecryptionContext(BsonUtil.ToBytes(ReadJsonTestFile("encrypted-command-reply.json"))))
{
var(state, _, operationProduced) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_KEYS);
operationProduced.Should().Equal(ReadJsonTestFile("key-filter.json"));
(state, _, _) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_KMS);
// kms fluent assertions inside ProcessState()
(state, _, operationProduced) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY);
operationProduced.Should().Equal(ReadJsonTestFile("command-reply.json"));
(state, _, _) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_DONE);
}
}
public void EncryptQueryWithSchemaStepwise()
{
var listCollectionsReply = ReadJsonTestFile("collection-info.json");
var schema = new BsonDocument("test.test", listCollectionsReply["options"]["validator"]["$jsonSchema"]);
var options = new CryptOptions(
new AwsKmsCredentials(
awsSecretAccessKey: "us-east-1",
awsAccessKeyId: "us-east-1"),
BsonUtil.ToBytes(schema)
);
using (var cryptClient = CryptClientFactory.Create(options))
using (var context =
cryptClient.StartEncryptionContext(
db: "test",
command: BsonUtil.ToBytes(ReadJsonTestFile("cmd.json"))))
{
var(state, _, operationSent) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_MARKINGS);
var mongoCryptdCommand = ReadJsonTestFile("mongocryptd-command.json");
mongoCryptdCommand["isRemoteSchema"] = false;
operationSent.Should().Equal(mongoCryptdCommand);
(state, _, operationSent) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_KEYS);
operationSent.Should().Equal(ReadJsonTestFile("key-filter.json"));
(state, _, _) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_KMS);
// kms fluent assertions inside ProcessState()
(state, _, operationSent) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY);
operationSent.Should().Equal((ReadJsonTestFile("encrypted-command.json")));
}
}
public void EncryptQueryStepwise()
{
using (var cryptClient = CryptClientFactory.Create(CreateOptions()))
using (var context = cryptClient.StartEncryptionContext("test", command: BsonUtil.ToBytes(ReadJsonTestFile("cmd.json"))))
{
var(state, _, operationSent) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_COLLINFO);
operationSent.Should().Equal((ReadJsonTestFile("list-collections-filter.json")));
(state, _, operationSent) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_MARKINGS);
operationSent.Should().Equal(ReadJsonTestFile("mongocryptd-command.json"));
(state, _, operationSent) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_KEYS);
operationSent.Should().Equal(ReadJsonTestFile("key-filter.json"));
(state, _, _) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_KMS);
// kms fluent assertions inside ProcessState()
(state, _, operationSent) = ProcessState(context);
state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY);
operationSent.Should().Equal((ReadJsonTestFile("encrypted-command.json")));
}
}
/// <summary>
/// Processes the current state, simulating the execution the operation/post requests needed to reach the next state
/// Returns (stateProcessed, binaryOperationProduced, bsonOperationProduced)
/// </summary>
/// <param name="context"></param>
/// <param name="isKmsDecrypt"></param>
/// <returns></returns>
/// <exception cref="NotImplementedException"></exception>
private (CryptContext.StateCode stateProcessed, Binary binaryProduced, BsonDocument bsonOperationProduced) ProcessState(CryptContext context, bool isKmsDecrypt = true)
{
_output.WriteLine("\n----------------------------------\nState:" + context.State);
switch (context.State)
{
case CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_COLLINFO:
{
var binary = context.GetOperation();
var doc = BsonUtil.ToDocument(binary);
_output.WriteLine("ListCollections: " + doc);
var reply = ReadJsonTestFile("collection-info.json");
_output.WriteLine("Reply:" + reply);
context.Feed(BsonUtil.ToBytes(reply));
context.MarkDone();
return(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_COLLINFO, binary, doc);
}
case CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_MARKINGS:
{
var binary = context.GetOperation();
var doc = BsonUtil.ToDocument(binary);
_output.WriteLine("Markings: " + doc);
var reply = ReadJsonTestFile("mongocryptd-reply.json");
_output.WriteLine("Reply:" + reply);
context.Feed(BsonUtil.ToBytes(reply));
context.MarkDone();
return(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_MARKINGS, binary, doc);
}
case CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_KEYS:
{
var binary = context.GetOperation();
var doc = BsonUtil.ToDocument(binary);
_output.WriteLine("Key Document: " + doc);
var reply = ReadJsonTestFile("key-document.json");
_output.WriteLine("Reply:" + reply);
context.Feed(BsonUtil.ToBytes(reply));
context.MarkDone();
return(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_KEYS, binary, doc);
}
case CryptContext.StateCode.MONGOCRYPT_CTX_NEED_KMS:
{
var requests = context.GetKmsMessageRequests();
foreach (var req in requests)
{
var binary = req.Message;
_output.WriteLine("Key Document: " + binary);
var postRequest = binary.ToString();
postRequest.Should().Contain("Host:kms.us-east-1.amazonaws.com");
var reply = ReadHttpTestFile(isKmsDecrypt ? "kms-decrypt-reply.txt" : "kms-encrypt-reply.txt");
_output.WriteLine("Reply: " + reply);
req.Feed(Encoding.UTF8.GetBytes(reply));
req.BytesNeeded.Should().Be(0);
}
requests.MarkDone();
return(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_KMS, null, null);
}
case CryptContext.StateCode.MONGOCRYPT_CTX_READY:
{
Binary binary = context.FinalizeForEncryption();
_output.WriteLine("Buffer:" + binary.ToArray());
var document = BsonUtil.ToDocument(binary);
_output.WriteLine("Document:" + document);
return(CryptContext.StateCode.MONGOCRYPT_CTX_READY, binary, document);
}
case CryptContext.StateCode.MONGOCRYPT_CTX_DONE:
{
_output.WriteLine("DONE!!");
return(CryptContext.StateCode.MONGOCRYPT_CTX_DONE, null, null);
}
case CryptContext.StateCode.MONGOCRYPT_CTX_ERROR:
{
// We expect exceptions are thrown before we get to this state
throw new NotImplementedException();
}
}
throw new NotImplementedException();
}