PHPC-1499: Implement ClientEncryption::createDataKey

alcaeus · alcaeus · commit e65a933c8f8a · 2020-01-22T08:18:32.000+01:00
diff --git a/php_phongo.c b/php_phongo.c
@@ -2947,6 +2947,163 @@ void phongo_clientencryption_init(php_phongo_clientencryption_t* clientencryptio
 		mongoc_client_encryption_opts_destroy(opts);
 	}
 } /* }}} */
+
+static mongoc_client_encryption_datakey_opts_t* phongo_clientencryption_datakey_opts_from_zval(zval* options TSRMLS_DC) /* {{{ */
+{
+	mongoc_client_encryption_datakey_opts_t* opts;
+
+	opts = mongoc_client_encryption_datakey_opts_new();
+
+	if (!options || Z_TYPE_P(options) != IS_ARRAY) {
+		return opts;
+	}
+
+	if (php_array_existsc(options, "keyAltNames")) {
+		zval*      zkeyaltnames = php_array_fetchc(options, "keyAltNames");
+		HashTable* ht_data;
+		uint32_t   keyaltnames_count;
+		char**     keyaltnames;
+		uint32_t   i      = 0;
+		uint32_t   j      = 0;
+		bool       failed = false;
+
+		if (!zkeyaltnames || Z_TYPE_P(zkeyaltnames) != IS_ARRAY) {
+			phongo_throw_exception(PHONGO_ERROR_INVALID_ARGUMENT TSRMLS_CC, "Expected keyAltNames to be array, %s given", PHONGO_ZVAL_CLASS_OR_TYPE_NAME_P(zkeyaltnames));
+			goto cleanup;
+		}
+
+		ht_data           = HASH_OF(zkeyaltnames);
+		keyaltnames_count = ht_data ? zend_hash_num_elements(ht_data) : 0;
+		keyaltnames       = ecalloc(keyaltnames_count, sizeof(char*));
+
+#if PHP_VERSION_ID >= 70000
+		{
+			zend_string* string_key = NULL;
+			zend_ulong   num_key    = 0;
+			zval*        keyaltname;
+
+			ZEND_HASH_FOREACH_KEY_VAL(ht_data, num_key, string_key, keyaltname)
+			{
+				if (i >= keyaltnames_count) {
+					phongo_throw_exception(PHONGO_ERROR_LOGIC TSRMLS_CC, "Iterating over too many keyAltNames. Please file a bug report");
+					failed = true;
+					break;
+				}
+
+				if (Z_TYPE_P(keyaltname) != IS_STRING) {
+					if (string_key) {
+						phongo_throw_exception(PHONGO_ERROR_INVALID_ARGUMENT TSRMLS_CC, "Expected keyAltName with index \"%s\" to be string, %s given", ZSTR_VAL(string_key), PHONGO_ZVAL_CLASS_OR_TYPE_NAME_P(keyaltname));
+					} else {
+						phongo_throw_exception(PHONGO_ERROR_INVALID_ARGUMENT TSRMLS_CC, "Expected keyAltName with index \"%lu\" to be string, %s given", num_key, PHONGO_ZVAL_CLASS_OR_TYPE_NAME_P(keyaltname));
+					}
+
+					failed = true;
+					break;
+				}
+
+				keyaltnames[i] = estrdup(Z_STRVAL_P(keyaltname));
+				i++;
+			}
+			ZEND_HASH_FOREACH_END();
+		}
+#else
+		{
+			HashPosition pos;
+			char*        string_key     = NULL;
+			uint         string_key_len = 0;
+			ulong        num_key        = 0;
+			zval**       keyaltname;
+
+			for (
+				zend_hash_internal_pointer_reset_ex(ht_data, &pos);
+				zend_hash_get_current_data_ex(ht_data, (void**) &keyaltname, &pos) == SUCCESS;
+				zend_hash_move_forward_ex(ht_data, &pos)) {
+
+				if (i == keyaltnames_count) {
+					phongo_throw_exception(PHONGO_ERROR_LOGIC TSRMLS_CC, "Iterating over too many keyAltNames. Please file a bug report");
+					failed = true;
+					break;
+				}
+
+				if (Z_TYPE_PP(keyaltname) != IS_STRING) {
+					if (zend_hash_get_current_key_ex(ht_data, &string_key, &string_key_len, &num_key, 0, &pos) == HASH_KEY_IS_STRING) {
+						phongo_throw_exception(PHONGO_ERROR_INVALID_ARGUMENT TSRMLS_CC, "Expected keyAltName with index \"%s\" to be string, %s given", string_key, PHONGO_ZVAL_CLASS_OR_TYPE_NAME_P(*keyaltname));
+					} else {
+						phongo_throw_exception(PHONGO_ERROR_INVALID_ARGUMENT TSRMLS_CC, "Expected keyAltName with index \"%lu\" to be string, %s given", num_key, PHONGO_ZVAL_CLASS_OR_TYPE_NAME_P(*keyaltname));
+					}
+
+					failed = true;
+					break;
+				}
+
+				keyaltnames[i] = estrdup(Z_STRVAL_PP(keyaltname));
+				i++;
+			}
+		}
+#endif
+
+		if (!failed) {
+			mongoc_client_encryption_datakey_opts_set_keyaltnames(opts, keyaltnames, keyaltnames_count);
+		}
+
+		for (j = 0; j < i; j++) {
+			efree(keyaltnames[j]);
+		}
+		efree(keyaltnames);
+
+		if (failed) {
+			goto cleanup;
+		}
+	}
+
+	if (php_array_existsc(options, "masterKey")) {
+		bson_t masterkey = BSON_INITIALIZER;
+
+		php_phongo_zval_to_bson(php_array_fetchc(options, "masterKey"), PHONGO_BSON_NONE, &masterkey, NULL TSRMLS_CC);
+		if (EG(exception)) {
+			goto cleanup;
+		}
+
+		mongoc_client_encryption_datakey_opts_set_masterkey(opts, &masterkey);
+	}
+
+	return opts;
+
+cleanup:
+	if (opts) {
+		mongoc_client_encryption_datakey_opts_destroy(opts);
+	}
+
+	return NULL;
+} /* }}} */
+
+void phongo_clientencryption_create_datakey(php_phongo_clientencryption_t* clientencryption, zval* return_value, char* kms_provider, zval* options TSRMLS_DC) /* {{{ */
+{
+	mongoc_client_encryption_datakey_opts_t* opts;
+	bson_value_t                             keyid;
+	bson_error_t                             error = { 0 };
+
+	opts = phongo_clientencryption_datakey_opts_from_zval(options TSRMLS_CC);
+	if (!opts) {
+		/* Exception already thrown */
+		goto cleanup;
+	}
+
+	if (!mongoc_client_encryption_create_datakey(clientencryption->client_encryption, kms_provider, opts, &keyid, &error)) {
+		phongo_throw_exception_from_bson_error_t(&error TSRMLS_CC);
+		goto cleanup;
+	}
+
+	if (!php_phongo_bson_value_to_zval(&keyid, return_value)) {
+		/* Exception already thrown */
+		goto cleanup;
+	}
+
+cleanup:
+	if (opts) {
+		mongoc_client_encryption_datakey_opts_destroy(opts);
+	}
+} /* }}} */
 #else /* MONGOC_ENABLE_CLIENT_SIDE_ENCRYPTION */
 static void phongo_throw_exception_no_cse(php_phongo_error_domain_t domain, const char* message TSRMLS_DC) /* {{{ */
 {
@@ -2971,6 +3128,12 @@ void phongo_clientencryption_init(php_phongo_clientencryption_t* clientencryptio
 	phongo_throw_exception_no_cse(PHONGO_ERROR_RUNTIME, "Cannot configure clientEncryption object." TSRMLS_CC);
 }
 /* }}} */
+
+void phongo_clientencryption_create_datakey(php_phongo_clientencryption_t* clientencryption, zval* return_value, char* kms_provider, zval* options TSRMLS_DC) /* {{{ */
+{
+	phongo_throw_exception_no_cse(PHONGO_ERROR_RUNTIME, "Cannot create encryption key." TSRMLS_CC);
+}
+/* }}} */
 #endif
 
 void phongo_manager_init(php_phongo_manager_t* manager, const char* uri_string, zval* options, zval* driverOptions TSRMLS_DC) /* {{{ */
diff --git a/php_phongo.h b/php_phongo.h
@@ -167,6 +167,8 @@ int  php_phongo_set_monitoring_callbacks(mongoc_client_t* client);
 
 bool php_phongo_parse_int64(int64_t* retval, const char* data, phongo_zpp_char_len data_len);
 
+void phongo_clientencryption_create_datakey(php_phongo_clientencryption_t* clientencryption, zval* return_value, char* kms_provider, zval* options TSRMLS_DC);
+
 zend_bool phongo_writeerror_init(zval* return_value, bson_t* bson TSRMLS_DC);
 zend_bool phongo_writeconcernerror_init(zval* return_value, bson_t* bson TSRMLS_DC);
 
diff --git a/src/MongoDB/ClientEncryption.c b/src/MongoDB/ClientEncryption.c
@@ -26,11 +26,40 @@
 
 zend_class_entry* php_phongo_clientencryption_ce;
 
+/* {{{ proto MongoDB\BSON\Binary MongoDB\Driver\ClientEncryption::createDataKey(string $kmsProvider[, array $options])
+   Creates a new key document and inserts into the key vault collection. */
+static PHP_METHOD(ClientEncryption, createDataKey)
+{
+	char*                          kms_provider     = NULL;
+	phongo_zpp_char_len            kms_provider_len = 0;
+	zval*                          options          = NULL;
+	zend_error_handling            error_handling;
+	php_phongo_clientencryption_t* intern;
+
+	intern = Z_CLIENTENCRYPTION_OBJ_P(getThis());
+	zend_replace_error_handling(EH_THROW, phongo_exception_from_phongo_domain(PHONGO_ERROR_INVALID_ARGUMENT), &error_handling TSRMLS_CC);
+
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|a!", &kms_provider, &kms_provider_len, &options) == FAILURE) {
+		zend_restore_error_handling(&error_handling TSRMLS_CC);
+		return;
+	}
+
+	zend_restore_error_handling(&error_handling TSRMLS_CC);
+
+	phongo_clientencryption_create_datakey(intern, return_value, kms_provider, options TSRMLS_CC);
+} /* }}} */
+
+ZEND_BEGIN_ARG_INFO_EX(ai_ClientEncryption_createDataKey, 0, 0, 1)
+	ZEND_ARG_INFO(0, kmsProvider)
+	ZEND_ARG_ARRAY_INFO(0, options, 1)
+ZEND_END_ARG_INFO()
+
 ZEND_BEGIN_ARG_INFO_EX(ai_ClientEncryption_void, 0, 0, 0)
 ZEND_END_ARG_INFO()
 
 static zend_function_entry php_phongo_clientencryption_me[] = {
 	/* clang-format off */
+	PHP_ME(ClientEncryption, createDataKey, ai_ClientEncryption_createDataKey, ZEND_ACC_PUBLIC | ZEND_ACC_FINAL)
 	ZEND_NAMED_ME(__construct, PHP_FN(MongoDB_disabled___construct), ai_ClientEncryption_void, ZEND_ACC_PRIVATE | ZEND_ACC_FINAL)
 	ZEND_NAMED_ME(__wakeup, PHP_FN(MongoDB_disabled___wakeup), ai_ClientEncryption_void, ZEND_ACC_PUBLIC | ZEND_ACC_FINAL)
 	PHP_FE_END
diff --git a/tests/clientEncryption/clientEncryption-createDataKey-001.phpt b/tests/clientEncryption/clientEncryption-createDataKey-001.phpt
@@ -0,0 +1,28 @@
+--TEST--
+MongoDB\Driver\ClientEncryption::createDataKey()
+--SKIPIF--
+<?php require __DIR__ . "/../utils/basic-skipif.inc"; ?>
+<?php skip_if_not_libmongocrypt(); ?>
+<?php skip_if_not_live(); ?>
+--FILE--
+<?php
+require_once __DIR__ . "/../utils/basic.inc";
+
+$key = base64_decode('Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk');
+
+$manager = new MongoDB\Driver\Manager(URI);
+$clientEncryption = $manager->createClientEncryption(['keyVaultNamespace' => 'default.keys', 'kmsProviders' => ['local' => ['key' => new MongoDB\BSON\Binary($key, 0)]]]);
+
+var_dump($clientEncryption->createDataKey('local'));
+
+?>
+===DONE===
+<?php exit(0); ?>
+--EXPECTF--
+object(MongoDB\BSON\Binary)#%d (%d) {
+  ["data"]=>
+  string(16) "%a"
+  ["type"]=>
+  int(4)
+}
+===DONE===
diff --git a/tests/clientEncryption/clientEncryption-createDataKey_error-001.phpt b/tests/clientEncryption/clientEncryption-createDataKey_error-001.phpt
@@ -0,0 +1,38 @@
+--TEST--
+MongoDB\Driver\ClientEncryption::createDataKey() with invalid keyAltNames
+--SKIPIF--
+<?php require __DIR__ . "/../utils/basic-skipif.inc"; ?>
+<?php skip_if_not_libmongocrypt(); ?>
+<?php skip_if_not_live(); ?>
+--FILE--
+<?php
+require_once __DIR__ . "/../utils/basic.inc";
+
+$key = base64_decode('Mng0NCt4ZHVUYUJCa1kxNkVyNUR1QURhZ2h2UzR2d2RrZzh0cFBwM3R6NmdWMDFBMUN3YkQ5aXRRMkhGRGdQV09wOGVNYUMxT2k3NjZKelhaQmRCZGJkTXVyZG9uSjFk');
+
+$tests = [
+    ['keyAltNames' => 'foo'],
+    ['keyAltNames' => [0 => []]],
+    ['keyAltNames' => ['foo' => []]],
+];
+
+$manager = new MongoDB\Driver\Manager(URI);
+$clientEncryption = $manager->createClientEncryption(['keyVaultNamespace' => 'default.keys', 'kmsProviders' => ['local' => ['key' => new MongoDB\BSON\Binary($key, 0)]]]);
+
+foreach ($tests as $opts) {
+    echo throws(function () use ($clientEncryption, $opts) {
+        $clientEncryption->createDataKey('local', $opts);
+    }, MongoDB\Driver\Exception\InvalidArgumentException::class), "\n";
+}
+
+?>
+===DONE===
+<?php exit(0); ?>
+--EXPECT--
+OK: Got MongoDB\Driver\Exception\InvalidArgumentException
+Expected keyAltNames to be array, string given
+OK: Got MongoDB\Driver\Exception\InvalidArgumentException
+Expected keyAltName with index "0" to be string, array given
+OK: Got MongoDB\Driver\Exception\InvalidArgumentException
+Expected keyAltName with index "foo" to be string, array given
+===DONE===
