summaryrefslogtreecommitdiff
path: root/jstests/client_encrypt/lib/fle_command_line_explicit_encryption.js
blob: da83d69c87bcc7e9af41809ef8c889a09b518f95 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

/**
 * Check the functionality of encrypt and decrypt functions in KeyVault.js. This test is run by
 * jstests/fle/fle_command_line_encryption.js.
 */

load("jstests/client_encrypt/lib/mock_kms.js");

(function() {
"use strict";

const mock_kms = new MockKMSServer();
mock_kms.start();

const shell = Mongo();
const keyVault = shell.getKeyVault();

const test = shell.getDB("test");
const collection = test.coll;

const randomAlgorithm = "AEAD_AES_256_CBC_HMAC_SHA_512-Random";
const deterministicAlgorithm = "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic";
const encryptionAlgorithms = [randomAlgorithm, deterministicAlgorithm];

const passTestCases = [
    "mongo",
    NumberLong(13),
    NumberInt(23),
    UUID(),
    ISODate(),
    new Date('December 17, 1995 03:24:00'),
    BinData(2, '1234'),
    new Timestamp(1, 2),
    new ObjectId(),
    new DBPointer("mongo", new ObjectId()),
    /test/
];

const failDeterministic = [
    true,
    false,
    12,
    NumberDecimal(0.1234),
    ["this is an array"],
    {"value": "mongo"},
    Code("function() { return true; }")
];

const failTestCases = [null, undefined, MinKey(), MaxKey(), DBRef("test", "test", "test")];

// Testing for every combination of (algorithm, javascriptVariable)
for (const encryptionAlgorithm of encryptionAlgorithms) {
    collection.drop();

    assert.writeOK(keyVault.createKey("aws", "arn:aws:kms:us-east-1:fake:fake:fake", ['mongoKey']));
    const keyId = keyVault.getKeyByAltName("mongoKey").toArray()[0]._id;

    let pass;
    let fail;
    if (encryptionAlgorithm === randomAlgorithm) {
        pass = [...passTestCases, ...failDeterministic];
        fail = failTestCases;
    } else if (encryptionAlgorithm === deterministicAlgorithm) {
        pass = passTestCases;
        fail = [...failTestCases, ...failDeterministic];
    }

    for (const passTestCase of pass) {
        const encPassTestCase = shell.encrypt(keyId, passTestCase, encryptionAlgorithm);
        assert.eq(passTestCase, shell.decrypt(encPassTestCase));

        if (encryptionAlgorithm == deterministicAlgorithm) {
            assert.eq(encPassTestCase, shell.encrypt(keyId, passTestCase, encryptionAlgorithm));
        }
    }

    for (const failTestCase of fail) {
        assert.throws(shell.encrypt, [keyId, failTestCase, encryptionAlgorithm]);
    }
}

mock_kms.stop();
print("Test completed with no errors.");
}());
View Lorry Controller Status