[CDRIVER-4540] Define a success test for CreateEncryptedCollection (#1176)

vector-of-bool · web-flow · commit a8560d748877 · 2023-01-13T13:54:37.000-07:00
Define a success test for CreateEncryptedCollection

Creates an encrypted collection using the CEC API, then uses the
generated key to encrypt a value, and then inserts that value into the
new encrypted collection. Expects success.
diff --git a/src/libmongoc/tests/test-mongoc-client-side-encryption.c b/src/libmongoc/tests/test-mongoc-client-side-encryption.c
@@ -6417,6 +6417,122 @@ test_create_encrypted_collection_bad_keyId (void *unused)
    mongoc_client_destroy (client);
 }
 
+// Implements Prose Test 21. Case: 4.
+static void
+test_create_encrypted_collection_insert (void *unused)
+{
+   BSON_UNUSED (unused);
+   bson_error_t error = {0};
+   mongoc_client_t *const client = test_framework_new_default_client ();
+   bson_t *const kmsProviders = _make_kms_providers (false, true);
+
+   const char *const dbName = "cec-test-db";
+
+   // Drop prior data
+   {
+      mongoc_collection_t *const coll =
+         mongoc_client_get_collection (client, "keyvault", "datakeys");
+      if (coll) {
+         mongoc_collection_drop (coll, &error);
+         bool okay =
+            error.code == 0 || strstr (error.message, "ns not found") != NULL;
+         ASSERT_OR_PRINT (okay, error);
+      }
+      mongoc_collection_destroy (coll);
+
+      mongoc_database_t *const db = mongoc_client_get_database (client, dbName);
+      ASSERT_OR_PRINT (mongoc_database_drop (db, &error), error);
+      mongoc_database_destroy (db);
+   }
+
+   // Create a CE
+   mongoc_client_encryption_opts_t *const ceOpts =
+      mongoc_client_encryption_opts_new ();
+   mongoc_client_encryption_opts_set_kms_providers (ceOpts, kmsProviders);
+   mongoc_client_encryption_opts_set_keyvault_namespace (
+      ceOpts, "keyvault", "datakeys");
+   mongoc_client_encryption_opts_set_keyvault_client (ceOpts, client);
+   mongoc_client_encryption_t *const ce =
+      mongoc_client_encryption_new (ceOpts, &error);
+   mongoc_client_encryption_opts_destroy (ceOpts);
+   ASSERT_OR_PRINT (ce, error);
+
+   // Create the encrypted collection
+   bsonBuildDecl (ccOpts,
+                  kv ("encryptedFields",
+                      doc (kv ("fields",
+                               array (doc (kv ("path", cstr ("ssn")),
+                                           kv ("bsonType", cstr ("string")),
+                                           kv ("keyId", null)))))));
+   mongoc_database_t *const db = mongoc_client_get_database (client, dbName);
+   mongoc_client_encryption_datakey_opts_t *const dkOpts =
+      mongoc_client_encryption_datakey_opts_new ();
+   bson_t new_opts;
+   mongoc_collection_t *const coll =
+      mongoc_client_encryption_create_encrypted_collection (
+         ce, db, "testing1", &ccOpts, &new_opts, "local", dkOpts, &error);
+   ASSERT_OR_PRINT (coll, error);
+   bson_destroy (&ccOpts);
+
+   // Extract the encryption key ID that was generated by
+   // CreateEncryptedCollection:
+   bson_value_t new_keyid;
+   bsonParse (
+      new_opts,
+      require (
+         keyWithType ("encryptedFields", doc),
+         parse (require (
+            keyWithType ("fields", array),
+            visitEach (require (type (doc)),
+                       parse (require (key ("keyId"),
+                                       require (type (binary)),
+                                       do({
+                                          bson_value_copy (
+                                             bson_iter_value (
+                                                (bson_iter_t *) &bsonVisitIter),
+                                             &new_keyid);
+                                       }),
+                                       halt)))))));
+   ASSERT_CMPSTR (bsonParseError, NULL);
+
+   // Generate some plaintext:
+   bson_value_t plain;
+   plain.value_type = BSON_TYPE_UTF8;
+   plain.value.v_utf8.str = "123-45-6789";
+   plain.value.v_utf8.len = (uint32_t) strlen (plain.value.v_utf8.str);
+
+   // Encrypt the value using the new encryption key:
+   mongoc_client_encryption_encrypt_opts_t *eo =
+      mongoc_client_encryption_encrypt_opts_new ();
+   mongoc_client_encryption_encrypt_opts_set_keyid (eo, &new_keyid);
+   mongoc_client_encryption_encrypt_opts_set_algorithm (
+      eo, MONGOC_ENCRYPT_ALGORITHM_UNINDEXED);
+   bson_value_t ciphertext;
+   bool okay =
+      mongoc_client_encryption_encrypt (ce, &plain, eo, &ciphertext, &error);
+   ASSERT_OR_PRINT (okay, error);
+   mongoc_client_encryption_encrypt_opts_destroy (eo);
+   bson_value_destroy (&new_keyid);
+
+   // Insert the ciphertext:
+   bsonBuildDecl (doc, kv ("ssn", value (ciphertext)));
+   okay = mongoc_collection_insert_one (coll, &doc, NULL, NULL, &error);
+   ASSERT_OR_PRINT (okay, error);
+   // Success!
+
+   bson_destroy (&doc);
+   bson_value_destroy (&ciphertext);
+   bson_destroy (kmsProviders);
+   mongoc_client_encryption_datakey_opts_destroy (dkOpts);
+   mongoc_collection_destroy (coll);
+   mongoc_database_drop (db, &error);
+   mongoc_database_destroy (db);
+   mongoc_client_encryption_destroy (ce);
+   mongoc_client_destroy (client);
+   bson_destroy (&new_opts);
+}
+
+
 typedef struct listen_socket {
    mongoc_socket_t *socket;
    mongoc_cond_t cond;
@@ -6890,6 +7006,15 @@ test_client_side_encryption_install (TestSuite *suite)
                       test_framework_skip_if_no_client_side_encryption,
                       test_framework_skip_if_max_wire_version_less_than_17,
                       test_framework_skip_if_single);
+   TestSuite_AddFull (
+      suite,
+      "/client_side_encryption/createEncryptedCollection/insert",
+      test_create_encrypted_collection_insert,
+      NULL,
+      NULL,
+      test_framework_skip_if_no_client_side_encryption,
+      test_framework_skip_if_max_wire_version_less_than_17,
+      test_framework_skip_if_single);
    TestSuite_AddFull (
       suite,
       "/client_side_encryption/bypass_mongocryptd_shared_library",
