Prose test 22.1

Author: jmikola

tests/SpecTests/ClientSideEncryption/FunctionalTestCase.php

@@ -69,7 +69,7 @@ protected static function insertKeyVaultData(Client $client, ?array $keyVaultDat
         $collection->insertMany($keyVaultData);
     }
 
-    private function createInt64(string $value): Int64
+    protected static function createInt64(string $value): Int64
     {
         $array = sprintf('a:1:{s:7:"integer";s:%d:"%s";}', strlen($value), $value);
         $int64 = sprintf('C:%d:"%s":%d:{%s}', strlen(Int64::class), Int64::class, strlen($array), $array);

tests/SpecTests/ClientSideEncryption/Prose22_RangeExplicitEncryptionTest.php

@@ -0,0 +1,244 @@
+<?php
+
+namespace MongoDB\Tests\SpecTests\ClientSideEncryption;
+
+use Generator;
+use MongoDB\BSON\Binary;
+use MongoDB\BSON\Decimal128;
+use MongoDB\BSON\Document;
+use MongoDB\BSON\UTCDateTime;
+use MongoDB\Driver\ClientEncryption;
+
+use function base64_decode;
+use function file_get_contents;
+use function get_debug_type;
+use function is_int;
+use function version_compare;
+
+/**
+ * Prose test 22: Range Explicit Encryption
+ *
+ * @see https://github.com/mongodb/specifications/blob/master/source/client-side-encryption/tests/README.rst#range-explicit-encryption
+ * @group csfle
+ * @group serverless
+ */
+class Prose22_RangeExplicitEncryptionTest extends FunctionalTestCase
+{
+    private $clientEncryption;
+    private $collection;
+    private $encryptedClient;
+    private $key1Id;
+
+    public function setUp(): void
+    {
+        parent::setUp();
+
+        if ($this->isStandalone() || ($this->isShardedCluster() && ! $this->isShardedClusterUsingReplicasets())) {
+            $this->markTestSkipped('Range explicit encryption tests require replica sets');
+        }
+
+        if (version_compare($this->getServerVersion(), '7.0.0', '<')) {
+            $this->markTestSkipped('Range explicit encryption tests require MongoDB 7.0 or later');
+        }
+
+        $client = static::createTestClient();
+
+        $key1Document = $this->decodeJson(file_get_contents(__DIR__ . '/../client-side-encryption/etc/data/keys/key1-document.json'));
+        $this->key1Id = $key1Document->_id;
+
+        // Drop the key vault collection and insert key1Document with a majority write concern
+        self::insertKeyVaultData($client, [$key1Document]);
+
+        $this->clientEncryption = $client->createClientEncryption([
+            'keyVaultNamespace' => 'keyvault.datakeys',
+            'kmsProviders' => ['local' => ['key' => new Binary(base64_decode(self::LOCAL_MASTERKEY), 0)]],
+        ]);
+
+        $autoEncryptionOpts = [
+            'keyVaultNamespace' => 'keyvault.datakeys',
+            'kmsProviders' => ['local' => ['key' => new Binary(base64_decode(self::LOCAL_MASTERKEY), 0)]],
+            'bypassQueryAnalysis' => true,
+        ];
+
+        $this->encryptedClient = self::createTestClient(null, [], [
+            'autoEncryption' => $autoEncryptionOpts,
+            /* libmongocrypt caches results from listCollections. Use a new
+             * client in each test to ensure its encryptedFields is applied. */
+            'disableClientPersistence' => true,
+        ]);
+    }
+
+    public function setUpWithTypeAndRangeOpts(string $type, array $rangeOpts): void
+    {
+        if ($type === 'DecimalNoPrecision' || $type === 'DecimalPrecision') {
+            $this->markTestSkipped('Bundled libmongocrypt does not support Decimal128 (PHPC-2207)');
+        }
+
+        /* Read the encryptedFields file directly into BSON to preserve typing
+         * for 64-bit integers. This means that DropEncryptedCollection and
+         * CreateEncryptedCollection will be unable to inspect the option for
+         * metadata collection names, but that's not necessary for the test. */
+        $encryptedFields = Document::fromJSON(file_get_contents(__DIR__ . '/../client-side-encryption/etc/data/range-encryptedFields-' . $type . '.json'));
+
+        $database = $this->encryptedClient->selectDatabase($this->getDatabaseName());
+        $database->dropCollection('explicit_encryption', ['encryptedFields' => $encryptedFields]);
+        $database->createCollection('explicit_encryption', ['encryptedFields' => $encryptedFields]);
+        $this->collection = $database->selectCollection('explicit_encryption');
+
+        $encryptOpts = [
+            'keyId' => $this->key1Id,
+            'algorithm' => ClientEncryption::ALGORITHM_RANGE_PREVIEW,
+            'contentionFactor' => 0,
+            'rangeOpts' => $rangeOpts,
+        ];
+
+        $cast = self::getCastCallableForType($type);
+        $fieldName = 'encrypted' . $type;
+
+        $this->collection->insertMany([
+            ['_id' => 0, $fieldName => $this->clientEncryption->encrypt($cast(0), $encryptOpts)],
+            ['_id' => 1, $fieldName => $this->clientEncryption->encrypt($cast(6), $encryptOpts)],
+            ['_id' => 2, $fieldName => $this->clientEncryption->encrypt($cast(30), $encryptOpts)],
+            ['_id' => 3, $fieldName => $this->clientEncryption->encrypt($cast(200), $encryptOpts)],
+        ]);
+    }
+
+    public function tearDown(): void
+    {
+        $this->collection = null;
+        $this->clientEncryption = null;
+        $this->encryptedClient = null;
+        $this->key1Id = null;
+    }
+
+    /**
+     * @see https://github.com/mongodb/specifications/blob/master/source/client-side-encryption/tests/README.rst#case-1-can-decrypt-a-payload
+     * @dataProvider provideTypeAndRangeOpts
+     */
+    public function testCase1_CanDecryptAPayload(string $type, array $rangeOpts): void
+    {
+        $this->setUpWithTypeAndRangeOpts($type, $rangeOpts);
+
+        $encryptOpts = [
+            'keyId' => $this->key1Id,
+            'algorithm' => ClientEncryption::ALGORITHM_RANGE_PREVIEW,
+            'contentionFactor' => 0,
+            'rangeOpts' => $rangeOpts,
+        ];
+
+        $cast = self::getCastCallableForType($type);
+        $originalValue = $cast(6);
+
+        $insertPayload = $this->clientEncryption->encrypt($originalValue, $encryptOpts);
+        $decryptedValue = $this->clientEncryption->decrypt($insertPayload);
+
+        /* Decryption of a 64-bit integer will likely result in a scalar int, so
+         * cast it back to an Int64 before comparing to the original value. */
+        if ($type === 'Long' && is_int($decryptedValue)) {
+            $decryptedValue = $cast($decryptedValue);
+        }
+
+        /* Use separate assertions for type and equality as assertSame isn't
+         * suitable for comparing BSON objects and using assertEquals alone
+         * would disregard scalar type differences. */
+        $this->assertSame(get_debug_type($originalValue), get_debug_type($decryptedValue));
+        $this->assertEquals($originalValue, $decryptedValue);
+    }
+
+    /** @see https://github.com/mongodb/specifications/blob/master/source/client-side-encryption/tests/README.rst#test-setup-rangeopts */
+    public static function provideTypeAndRangeOpts(): Generator
+    {
+        // TODO: skip DecimalNoPrecision test on mongos
+        yield 'DecimalNoPrecision' => [
+            'DecimalNoPrecision',
+            ['sparsity' => 1],
+        ];
+
+        yield 'DecimalPrecision' => [
+            'DecimalPrecision',
+            [
+                'min' => new Decimal128('0'),
+                'max' => new Decimal128('200'),
+                'sparsity' => 1,
+                'precision' => 2,
+            ],
+        ];
+
+        yield 'DoubleNoPrecision' => [
+            'DoubleNoPrecision',
+            ['sparsity' => 1],
+        ];
+
+        yield 'DoublePrecision' => [
+            'DoublePrecision',
+            [
+                'min' => 0.0,
+                'max' => 200.0,
+                'sparsity' => 1,
+                'precision' => 2,
+            ],
+        ];
+
+        yield 'Date' => [
+            'Date',
+            [
+                'min' => new UTCDateTime(0),
+                'max' => new UTCDateTime(200),
+                'sparsity' => 1,
+            ],
+        ];
+
+        yield 'Int' => [
+            'Int',
+            [
+                'min' => 0,
+                'max' => 200,
+                'sparsity' => 1,
+            ],
+        ];
+
+        yield 'Long' => [
+            'Long',
+            [
+                'min' => self::createInt64('0'),
+                'max' => self::createInt64('200'),
+                'sparsity' => 1,
+            ],
+        ];
+    }
+
+    private static function getCastCallableForType(string $type): callable
+    {
+        switch ($type) {
+            case 'DecimalNoPrecision':
+            case 'DecimalPrecision':
+                return function (int $value) {
+                    return new Decimal128((string) $value);
+                };
+
+            case 'DoubleNoPrecision':
+            case 'DoublePrecision':
+                return function (int $value) {
+                    return (double) $value;
+                };
+
+            case 'Date':
+                return function (int $value) {
+                    return new UTCDateTime($value);
+                };
+
+            case 'Int':
+                return function (int $value) {
+                    return $value;
+                };
+
+            case 'Long':
+                return function (int $value) {
+                    return self::createInt64((string) $value);
+                };
+
+            default:
+                throw new LogicException('Unsupported type: ' . $type);
+        }
+    }
+}