public void TestAwsKeyCreationWithkeyAltNamesStepwise() { var keyAltNames = new[] { "KeyMaker", "Architect" }; var keyAltNameDocuments = keyAltNames.Select(name => new BsonDocument("keyAltName", name)); var keyAltNameBuffers = keyAltNameDocuments.Select(BsonUtil.ToBytes); var keyId = CreateKmsKeyId("aws", keyAltNameBuffers: keyAltNameBuffers); var key = CreateKmsCredentials("aws"); using (var cryptClient = CryptClientFactory.Create(new CryptOptions(new[] { key }))) using (var context = cryptClient.StartCreateDataKeyContext(keyId)) { BsonDocument dataKeyDocument; var(state, _, _) = ProcessState(context, isKmsDecrypt: false); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_KMS); (state, _, dataKeyDocument) = ProcessState(context, isKmsDecrypt: false); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY); dataKeyDocument.Should().NotBeNull(); var actualKeyAltNames = dataKeyDocument["keyAltNames"].AsBsonArray.Select(x => x.AsString); var expectedKeyAltNames = keyAltNames.Reverse(); // https://jira.mongodb.org/browse/CDRIVER-3277? actualKeyAltNames.Should().BeEquivalentTo(expectedKeyAltNames); (state, _, _) = ProcessState(context, isKmsDecrypt: false); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_DONE); } }
public void EncryptQueryStepwise() { using (var cryptClient = CryptClientFactory.Create(CreateOptions())) using (var context = cryptClient.StartEncryptionContext("test", command: BsonUtil.ToBytes(ReadJsonTestFile("cmd.json")))) { var(state, _, operationSent) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_COLLINFO); operationSent.Should().Equal((ReadJsonTestFile("list-collections-filter.json"))); (state, _, operationSent) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); operationSent.Should().Equal(ReadJsonTestFile("mongocryptd-command.json")); (state, _, operationSent) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_KEYS); operationSent.Should().Equal(ReadJsonTestFile("key-filter.json")); (state, _, _) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_KMS); // kms fluent assertions inside ProcessState() (state, _, operationSent) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY); operationSent.Should().Equal((ReadJsonTestFile("encrypted-command.json"))); } }
public void EncryptExplicit() { var keyDoc = ReadJsonTestFile("key-document.json"); var keyId = keyDoc["_id"].AsBsonBinaryData.Bytes; BsonDocument doc = new BsonDocument() { { "v", "hello" }, }; var testData = BsonUtil.ToBytes(doc); byte[] encryptedBytes; using (var cryptClient = CryptClientFactory.Create(CreateOptions())) using (var context = cryptClient.StartExplicitEncryptionContextWithKeyId(keyId, AEAD_AES_256_CBC_HMAC_SHA_512_Random, testData)) { var(encryptedBinary, encryptedDocument) = ProcessContextToCompletion(context); encryptedBytes = encryptedBinary.ToArray(); // need to copy bytes out before the context gets destroyed } using (var cryptClient = CryptClientFactory.Create(CreateOptions())) using (var context = cryptClient.StartExplicitDecryptionContext(encryptedBytes)) { var(decryptedResult, _) = ProcessContextToCompletion(context); decryptedResult.ToArray().Should().Equal(testData); } }
public void EncryptQueryWithSchemaStepwise() { var listCollectionsReply = ReadJsonTestFile("collection-info.json"); var schema = new BsonDocument("test.test", listCollectionsReply["options"]["validator"]["$jsonSchema"]); var options = new CryptOptions( new[] { CreateKmsCredentials("aws") }, BsonUtil.ToBytes(schema)); using (var cryptClient = CryptClientFactory.Create(options)) using (var context = cryptClient.StartEncryptionContext( db: "test", command: BsonUtil.ToBytes(ReadJsonTestFile("cmd.json")))) { var(state, _, operationSent) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); var mongoCryptdCommand = ReadJsonTestFile("mongocryptd-command.json"); mongoCryptdCommand["isRemoteSchema"] = false; operationSent.Should().Equal(mongoCryptdCommand); (state, _, operationSent) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_KEYS); operationSent.Should().Equal(ReadJsonTestFile("key-filter.json")); (state, _, _) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_KMS); // kms fluent assertions inside ProcessState() (state, _, operationSent) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY); operationSent.Should().Equal((ReadJsonTestFile("encrypted-command.json"))); } }
public void EncryptQuery() { using (var cryptClient = CryptClientFactory.Create(CreateOptions())) using (var context = cryptClient.StartEncryptionContext("test", command: BsonUtil.ToBytes(ReadJsonTestFile("cmd.json")))) { var(_, bsonCommand) = ProcessContextToCompletion(context); bsonCommand.Should().Equal((ReadJsonTestFile("encrypted-command.json"))); } }
public BsonDocument EncryptCommand(IKmsCredentials credentials, IMongoCollection <BsonDocument> coll, BsonDocument cmd) { CryptOptions options = new CryptOptions(credentials); using (var cryptClient = CryptClientFactory.Create(options)) using (var context = cryptClient.StartEncryptionContext(coll.Database.DatabaseNamespace.DatabaseName, command: BsonUtil.ToBytes(cmd))) { return(ProcessState(context, coll.Database, cmd)); } }
public BsonDocument DecryptCommand(IKmsCredentials credentials, IMongoDatabase db, BsonDocument doc) { CryptOptions options = new CryptOptions(credentials); using (var cryptClient = CryptClientFactory.Create(options)) using (var context = cryptClient.StartDecryptionContext(BsonUtil.ToBytes(doc))) { return(ProcessState(context, db, null)); } }
public void TestAwsKeyCreationWithEndPoint() { var endpoint = "kms.us-east-1.amazonaws.com"; var keyId = CreateKmsKeyId("aws", endpoint); var key = CreateKmsCredentials("aws"); using (var cryptClient = CryptClientFactory.Create(new CryptOptions(new[] { key }))) using (var context = cryptClient.StartCreateDataKeyContext(keyId)) { var(_, dataKeyDocument) = ProcessContextToCompletion(context, isKmsDecrypt: false); dataKeyDocument["masterKey"]["endpoint"].Should().Be(endpoint); } }
public void EncryptBadBson() { using (var cryptClient = CryptClientFactory.Create(CreateOptions())) { Func <CryptContext> startEncryptionContext = () => cryptClient.StartEncryptionContext("test", command: new byte[] { 0x1, 0x2, 0x3 }); // Ensure if we encrypt non-sense, it throws an exception demonstrating our exception code is good var exception = Record.Exception(startEncryptionContext); exception.Should().BeOfType <CryptException>(); } }
public void TestGetKmsProviderName(string kmsName) { var key = CreateKmsCredentials(kmsName); var keyId = CreateKmsKeyId(kmsName); var cryptOptions = new CryptOptions(new[] { key }); using (var cryptClient = CryptClientFactory.Create(cryptOptions)) using (var context = cryptClient.StartCreateDataKeyContext(keyId)) { var request = context.GetKmsMessageRequests().Single(); request.KmsProvider.Should().Be(kmsName); } }
public void TestLocalKeyCreation() { var key = CreateKmsCredentials("local"); var keyId = CreateKmsKeyId("local"); var cryptOptions = new CryptOptions(new[] { key }); using (var cryptClient = CryptClientFactory.Create(cryptOptions)) using (var context = cryptClient.StartCreateDataKeyContext(keyId)) { var(_, dataKeyDocument) = ProcessContextToCompletion(context); dataKeyDocument.Should().NotBeNull(); } }
public void TestAwsKeyCreationWithEndPoint() { var endpoint = "kms.us-east-1.amazonaws.com"; var keyId = new AwsKeyId( customerMasterKey: "cmk", region: "us-east-1", endpoint: endpoint); var key = new AwsKmsCredentials(awsSecretAccessKey: "us-east-1", awsAccessKeyId: "us-east-1"); using (var cryptClient = CryptClientFactory.Create(new CryptOptions(CreateCredentialsMap(key)))) using (var context = cryptClient.StartCreateDataKeyContext(keyId)) { var(_, dataKeyDocument) = ProcessContextToCompletion(context, isKmsDecrypt: false); dataKeyDocument["masterKey"]["endpoint"].Should().Be(endpoint); } }
public void EncryptExplicitStepwise() { var keyDoc = ReadJsonTestFile("key-document.json"); var key = keyDoc["_id"].AsGuid; var doc = new BsonDocument("v", "hello"); var testData = BsonUtil.ToBytes(doc); using (var cryptClient = CryptClientFactory.Create(CreateOptions())) { byte[] encryptedResult; using (var context = cryptClient.StartExplicitEncryptionContext( key: key, encryptionAlgorithm: EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic, command: testData)) { var(state, binaryProduced, operationProduced) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_KEYS); operationProduced.Should().Equal(ReadJsonTestFile("key-filter.json")); (state, _, _) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_KMS); // kms fluent assertions inside ProcessState() (state, binaryProduced, operationProduced) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY); operationProduced.Should().Equal(ReadJsonTestFile("encrypted-value.json")); encryptedResult = binaryProduced.ToArray(); // need to copy bytes out before the context gets destroyed (state, _, _) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_DONE); } using (var context = cryptClient.StartExplicitDecryptionContext(encryptedResult)) { var(state, decryptedBinary, _) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY); decryptedBinary.ToArray().Should().Equal(testData); (state, _, _) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_DONE); } } }
public Guid GenerateKey(IKmsCredentials credentials, IKmsKeyId kmsKeyId) { CryptOptions options = new CryptOptions(credentials); BsonDocument key = null; using (var cryptClient = CryptClientFactory.Create(options)) using (var context = cryptClient.StartCreateDataKeyContext(kmsKeyId)) { key = ProcessState(context, _keyVault.Database, null); } _keyVault.InsertOne(key); Guid g = key["_id"].AsGuid; return(g); }
public void TestAwsKeyCreationWithkeyAltNames() { var keyAltNames = new[] { "KeyMaker", "Architect" }; var keyAltNameDocuments = keyAltNames.Select(name => new BsonDocument("keyAltName", name)); var keyAltNameBuffers = keyAltNameDocuments.Select(BsonUtil.ToBytes); var keyId = CreateAwsKey(keyAltNameBuffers: keyAltNameBuffers); var key = CreateAwsKmsCredentials(); using (var cryptClient = CryptClientFactory.Create(new CryptOptions(new[] { key }))) using (var context = cryptClient.StartCreateDataKeyContext(keyId)) { var(_, dataKeyDocument) = ProcessContextToCompletion(context, isKmsDecrypt: false); dataKeyDocument.Should().NotBeNull(); var actualKeyAltNames = dataKeyDocument["keyAltNames"].AsBsonArray.Select(x => x.AsString); var expectedKeyAltNames = keyAltNames.Reverse(); // https://jira.mongodb.org/browse/CDRIVER-3277? actualKeyAltNames.Should().BeEquivalentTo(expectedKeyAltNames); } }
public void TestLocalKeyCreationStepwise() { var key = CreateKmsCredentials("local"); var keyId = CreateKmsKeyId("local"); var cryptOptions = new CryptOptions(new[] { key }); using (var cryptClient = CryptClientFactory.Create(cryptOptions)) using (var context = cryptClient.StartCreateDataKeyContext(keyId)) { var(state, _, dataKeyDocument) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY); dataKeyDocument.Should().NotBeNull(); (state, _, _) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_DONE); } }
public void TestAwsKeyCreationWithEndpointStepwise() { var endpoint = "kms.us-east-1.amazonaws.com"; var keyId = CreateKmsKeyId("aws", endpoint); var key = CreateKmsCredentials("aws"); using (var cryptClient = CryptClientFactory.Create(new CryptOptions(new[] { key }))) using (var context = cryptClient.StartCreateDataKeyContext(keyId)) { BsonDocument dataKeyDocument; var(state, _, _) = ProcessState(context, isKmsDecrypt: false); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_KMS); (state, _, dataKeyDocument) = ProcessState(context, isKmsDecrypt: false); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY); dataKeyDocument["masterKey"]["endpoint"].Should().Be(endpoint); (state, _, _) = ProcessState(context, isKmsDecrypt: false); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_DONE); } }
public void DecryptQueryStepwise() { using (var cryptClient = CryptClientFactory.Create(CreateOptions())) using (var context = cryptClient.StartDecryptionContext(BsonUtil.ToBytes(ReadJsonTestFile("encrypted-command-reply.json")))) { var(state, _, operationProduced) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_KEYS); operationProduced.Should().Equal(ReadJsonTestFile("key-filter.json")); (state, _, _) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_KMS); // kms fluent assertions inside ProcessState() (state, _, operationProduced) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY); operationProduced.Should().Equal(ReadJsonTestFile("command-reply.json")); (state, _, _) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_DONE); } }
public void TestAwsKeyCreationWithEndpointStepwise() { var endpoint = "kms.us-east-1.amazonaws.com"; var keyId = new AwsKeyId( customerMasterKey: "cmk", region: "us-east-1", endpoint: endpoint); var key = new AwsKmsCredentials(awsSecretAccessKey: "us-east-1", awsAccessKeyId: "us-east-1"); using (var cryptClient = CryptClientFactory.Create(new CryptOptions(CreateCredentialsMap(key)))) using (var context = cryptClient.StartCreateDataKeyContext(keyId)) { BsonDocument dataKeyDocument; var(state, _, _) = ProcessState(context, isKmsDecrypt: false); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_KMS); (state, _, dataKeyDocument) = ProcessState(context, isKmsDecrypt: false); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY); dataKeyDocument["masterKey"]["endpoint"].Should().Be(endpoint); (state, _, _) = ProcessState(context, isKmsDecrypt: false); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_DONE); } }
public void CryptClientShouldFailToiInitializeWhenTargetingX86() { var exception = Record.Exception(() => CryptClientFactory.Create(CreateOptions())); exception.Should().BeOfType <PlatformNotSupportedException>(); }
private CryptClient CreateCryptClient(CryptOptions options) { return(CryptClientFactory.Create(options)); }