| #!/bin/bash |
| # Copyright 2019 Google LLC |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| ################################################################################ |
| |
| REPO_DIR="${TEST_SRCDIR}" |
| TOOLS_DIR="${REPO_DIR}/tools" |
| GCP_KMS_AEAD_CLI="${TOOLS_DIR}/testing/cc/gcp_kms_aead_cli" |
| TEST_UTIL="${TOOLS_DIR}/testing/cross_language/test_util.sh" |
| GCP_KEY_NAME_FILE="${TOOLS_DIR}/testdata/gcp/key_name.txt" |
| CREDENTIALS_GCP_JSON_FILE="${TOOLS_DIR}/testdata/gcp/credential.json" |
| BAD_GCP_KEY_NAME_FILE="${TOOLS_DIR}/testdata/gcp/key_name_bad.txt" |
| BAD_CREDENTIALS_GCP_JSON_FILE="${TOOLS_DIR}/testdata/gcp/credential_bad.json" |
| associated_data="some associated data" |
| |
| # Roots for GRPC |
| # (https://github.com/grpc/grpc/blob/master/doc/environment_variables.md) |
| export GRPC_DEFAULT_SSL_ROOTS_FILE_PATH="$TEST_SRCDIR/google_root_pem/file/downloaded" |
| |
| source $TEST_UTIL || exit 1 |
| |
| ############################################################################# |
| # All good, encryption and decryption should work. |
| test_name="good_key_name_and_credentials" |
| echo "+++ starting test $test_name ..." |
| generate_plaintext $test_name |
| encrypted_file="$TEST_TMPDIR/${test_name}_encrypted.bin" |
| decrypted_file="$TEST_TMPDIR/${test_name}_decrypted.bin" |
| log_file="$TEST_TMPDIR/${test_name}.log" |
| echo " encrypting..." |
| $GCP_KMS_AEAD_CLI $GCP_KEY_NAME_FILE $CREDENTIALS_GCP_JSON_FILE\ |
| encrypt $plaintext_file "$associated_data" $encrypted_file 2> $log_file |
| assert_file_contains $log_file "All done" |
| assert_files_different $plaintext_file $encrypted_file |
| |
| echo " decrypting..." |
| $GCP_KMS_AEAD_CLI $GCP_KEY_NAME_FILE $CREDENTIALS_GCP_JSON_FILE\ |
| decrypt $encrypted_file "$associated_data" $decrypted_file 2> $log_file |
| assert_file_contains $log_file "All done" |
| |
| echo " checking decryption result..." |
| assert_files_equal $plaintext_file $decrypted_file |
| |
| ############################################################################# |
| # Bad credentials test. |
| test_name="bad_gcp_credentials" |
| echo "+++ starting test $test_name ..." |
| generate_plaintext $test_name |
| encrypted_file="$TEST_TMPDIR/${test_name}_encrypted.bin" |
| log_file="$TEST_TMPDIR/${test_name}.log" |
| $GCP_KMS_AEAD_CLI $GCP_KEY_NAME_FILE $BAD_CREDENTIALS_GCP_JSON_FILE\ |
| encrypt $plaintext_file "$associated_data" $encrypted_file 2> $log_file |
| |
| assert_file_contains $log_file "invalid authentication credentials" |
| |
| ############################################################################# |
| # Bad key name test. |
| test_name="bad_key_name" |
| echo "+++ starting test $test_name ..." |
| generate_plaintext $test_name |
| encrypted_file="$TEST_TMPDIR/${test_name}_encrypted.bin" |
| log_file="$TEST_TMPDIR/${test_name}.log" |
| $GCP_KMS_AEAD_CLI $BAD_GCP_KEY_NAME_FILE $CREDENTIALS_GCP_JSON_FILE\ |
| encrypt $plaintext_file "$associated_data" $encrypted_file 2> $log_file |
| |
| assert_file_contains $log_file "Permission" "denied" "or it may not exist" |