Mirror
/
mongo-csharp-driver
mirror of https://github.com/mongodb/mongo-csharp-driver.git
2
0
Fork 0
Code Issues Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4979 Commits
35 Branches
139 Tags
1.1 GiB
Tree: f192112925
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f192112925'
${ noResults }
mongo-csharp-driver/tests/MongoDB.Driver.Tests/Encryption/CsfleSchemaBuilderTests.cs

689 lines
32 KiB
Raw Normal View History

Fixed stub
5 months ago
Various improvements plus fixed tests
3 months ago
Fixed stub
5 months ago
Added first basic test
3 months ago
Improved tests
3 months ago
Added exceptions and improved testing
3 months ago
Improved tests
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Improved tests
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Improved tests
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Improved tests
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Added exceptions and improved testing
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Added exceptions and improved testing
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Added exceptions and improved testing
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Improved tests
3 months ago
Added exceptions and improved testing
3 months ago
Improved tests
3 months ago
Added exceptions and improved testing
3 months ago
Improved tests
3 months ago
Added exceptions and improved testing
3 months ago
Improved tests
3 months ago
Added exceptions and improved testing
3 months ago
Corrected test naming
3 months ago
Added exceptions and improved testing
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Added exceptions and improved testing
3 months ago
Corrections plus more tests
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Corrections plus more tests
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Corrections plus more tests
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Corrections plus more tests
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Corrections plus more tests
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Corrections plus more tests
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Corrections plus more tests
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Corrections plus more tests
3 months ago
Corrected test naming
3 months ago
Corrections plus more tests
3 months ago
Corrected test naming
3 months ago
Corrections plus more tests
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Corrections plus more tests
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Corrections plus more tests
3 months ago
Improved tests
3 months ago
Corrections plus more tests
3 months ago
Improved tests
3 months ago
Corrections plus more tests
3 months ago
Corrected order
3 months ago
Corrected test naming
3 months ago
Corrections plus more tests
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Corrections plus more tests
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Corrections plus more tests
3 months ago
Improved tests
3 months ago
Corrections plus more tests
3 months ago
Added first basic test
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Added first basic test
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Added first basic test
3 months ago
Corrected test naming
3 months ago
Added first basic test
3 months ago
Several improvements
4 months ago
Corrections plus more tests
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Corrections plus more tests
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Corrections plus more tests
3 months ago
Corrected test naming
3 months ago
Corrections plus more tests
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Corrections plus more tests
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Corrections plus more tests
3 months ago
Corrected test naming
3 months ago
Corrections plus more tests
3 months ago
Corrected test naming
3 months ago
Improved tests
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Improved tests
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Improved tests
3 months ago
Corrected test naming
3 months ago
Improved tests
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Improved tests
3 months ago
Moved builder to encryption project and removed CsfleEncryptionEnum (using the one that's already there)
3 months ago
Improved tests
3 months ago
Various improvements plus fixed tests
3 months ago
Added exceptions and improved testing
3 months ago
Various improvements plus fixed tests
3 months ago
Added exceptions and improved testing
3 months ago
Various improvements plus fixed tests
3 months ago
Added exceptions and improved testing
3 months ago
Various improvements plus fixed tests
3 months ago
Added exceptions and improved testing
3 months ago
Various improvements plus fixed tests
3 months ago
Added exceptions and improved testing
3 months ago
Various improvements plus fixed tests
3 months ago
Added exceptions and improved testing
3 months ago
Several improvements
4 months ago
Corrected order
3 months ago
Fixed API
5 months ago
Corrected order
3 months ago
Fixed API
5 months ago
Added first basic test
3 months ago
Corrected order
3 months ago
Added first basic test
3 months ago
Added exceptions and improved testing
3 months ago
Added first basic test
3 months ago
Fixed stub
5 months ago
  1. /* Copyright 2010-present MongoDB Inc.
  2. *
  3. * Licensed under the Apache License, Version 2.0 (the "License");
  4. * you may not use this file except in compliance with the License.
  5. * You may obtain a copy of the License at
  6. *
  7. * http://www.apache.org/licenses/LICENSE-2.0
  8. *
  9. * Unless required by applicable law or agreed to in writing, software
  10. * distributed under the License is distributed on an "AS IS" BASIS,
  11. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. * See the License for the specific language governing permissions and
  13. * limitations under the License.
  14. */
  16. using System;
  17. using System.Collections.Generic;
  18. using FluentAssertions;
  19. using MongoDB.Bson;
  20. using MongoDB.Bson.Serialization.Attributes;
  21. using MongoDB.Driver.Encryption;
  22. using Xunit;
  24. namespace MongoDB.Driver.Tests.Encryption
  25. {
  26. public class CsfleSchemaBuilderTests
  27. {
  28. private const string _keyIdString = "6f4af470-00d1-401f-ac39-f45902a0c0c8";
  29. private static Guid _keyId = Guid.Parse(_keyIdString);
  31. [Fact]
  32. public void CsfleSchemaBuilder_works_as_expected()
  33. {
  34. const string collectionName = "medicalRecords.patients";
  36. var builder = CsfleSchemaBuilder.Create(schemaBuilder =>
  37. {
  38. schemaBuilder.Encrypt<Patient>(collectionName, builder =>
  39. {
  40. builder
  41. .EncryptMetadata(keyId: _keyId)
  42. .Property(p => p.MedicalRecords, BsonType.Array,
  43. EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random)
  44. .Property("bloodType", BsonType.String,
  45. algorithm: EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random)
  46. .Property(p => p.Ssn, BsonType.Int32,
  47. EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic)
  48. .Property(p => p.Insurance, innerBuilder =>
  49. {
  50. innerBuilder
  51. .Property(i => i.PolicyNumber, BsonType.Int32,
  52. EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic);
  53. })
  54. .PatternProperty("_PIIString$", BsonType.String, EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic)
  55. .PatternProperty("_PIIArray$", BsonType.Array, EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random)
  56. .PatternProperty(p => p.Insurance, innerBuilder =>
  57. {
  58. innerBuilder
  59. .PatternProperty("_PIIString$", BsonType.String,
  60. EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic)
  61. .PatternProperty("_PIINumber$", BsonType.Int32,
  62. algorithm: EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic);
  63. });
  65. } );
  66. });
  68. var expected = new Dictionary<string, string>
  69. {
  70. [collectionName] = """
  71. {
  72. "bsonType": "object",
  73. "encryptMetadata": {
  74. "keyId": [{ "$binary" : { "base64" : "b0r0cADRQB+sOfRZAqDAyA==", "subType" : "04" } }]
  75. },
  76. "properties": {
  77. "insurance": {
  78. "bsonType": "object",
  79. "properties": {
  80. "policyNumber": {
  81. "encrypt": {
  82. "bsonType": "int",
  83. "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
  84. }
  85. }
  86. }
  87. },
  88. "medicalRecords": {
  89. "encrypt": {
  90. "bsonType": "array",
  91. "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
  92. }
  93. },
  94. "bloodType": {
  95. "encrypt": {
  96. "bsonType": "string",
  97. "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
  98. }
  99. },
  100. "ssn": {
  101. "encrypt": {
  102. "bsonType": "int",
  103. "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
  104. }
  105. }
  106. },
  107. "patternProperties": {
  108. "_PIIString$": {
  109. "encrypt": {
  110. "bsonType": "string",
  111. "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic",
  112. },
  113. },
  114. "_PIIArray$": {
  115. "encrypt": {
  116. "bsonType": "array",
  117. "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random",
  118. },
  119. },
  120. "insurance": {
  121. "bsonType": "object",
  122. "patternProperties": {
  123. "_PIINumber$": {
  124. "encrypt": {
  125. "bsonType": "int",
  126. "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic",
  127. },
  128. },
  129. "_PIIString$": {
  130. "encrypt": {
  131. "bsonType": "string",
  132. "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic",
  133. },
  134. },
  135. },
  136. },
  137. },
  138. }
  139. """
  140. };
  142. AssertOutcomeCsfleSchemaBuilder(builder, expected);
  143. }
  145. [Fact]
  146. public void CsfleSchemaBuilder_with_multiple_types_works_as_expected()
  147. {
  148. const string patientCollectionName = "medicalRecords.patients";
  149. const string testClassCollectionName = "test.class";
  151. var builder = CsfleSchemaBuilder.Create(schemaBuilder =>
  152. {
  153. schemaBuilder.Encrypt<Patient>(patientCollectionName, builder =>
  154. {
  155. builder
  156. .EncryptMetadata(keyId: _keyId)
  157. .Property(p => p.MedicalRecords, BsonType.Array,
  158. EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random);
  159. });
  161. schemaBuilder.Encrypt<TestClass>(testClassCollectionName, builder =>
  162. {
  163. builder.Property(t => t.TestString, BsonType.String);
  164. });
  165. });
  167. var expected = new Dictionary<string, string>
  168. {
  169. [patientCollectionName] = """
  170. {
  171. "bsonType": "object",
  172. "encryptMetadata": {
  173. "keyId": [{ "$binary" : { "base64" : "b0r0cADRQB+sOfRZAqDAyA==", "subType" : "04" } }]
  174. },
  175. "properties": {
  176. "medicalRecords": {
  177. "encrypt": {
  178. "bsonType": "array",
  179. "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
  180. }
  181. },
  182. },
  183. }
  184. """,
  185. [testClassCollectionName] = """
  186. {
  187. "bsonType": "object",
  188. "properties": {
  189. "TestString": {
  190. "encrypt": {
  191. "bsonType": "string",
  192. }
  193. },
  194. }
  195. }
  196. """
  197. };
  199. AssertOutcomeCsfleSchemaBuilder(builder, expected);
  200. }
  202. [Theory]
  203. [InlineData(
  204. EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random,
  205. null,
  206. """ "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random" """)]
  207. [InlineData(
  208. null,
  209. _keyIdString,
  210. """ "keyId": [{ "$binary" : { "base64" : "b0r0cADRQB+sOfRZAqDAyA==", "subType" : "04" } }] """)]
  211. public void EncryptedCollection_Metadata_works_as_expected(EncryptionAlgorithm? algorithm, string keyString, string expectedContent)
  212. {
  213. Guid? keyId = keyString is null ? null : Guid.Parse(keyString);
  214. var builder = new EncryptedCollectionBuilder<Patient>();
  216. builder.EncryptMetadata(keyId, algorithm);
  218. var expected = $$"""
  219. {
  220. "bsonType": "object",
  221. "encryptMetadata": {
  222. {{expectedContent}}
  223. }
  224. }
  225. """;
  227. AssertOutcomeCollectionBuilder(builder, expected);
  228. }
  230. [Theory]
  231. [InlineData(BsonType.Array,
  232. EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random,
  233. null,
  234. """ "bsonType": "array", "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random" """)]
  235. [InlineData(BsonType.Array,
  236. null,
  237. _keyIdString,
  238. """ "bsonType": "array", "keyId": [{ "$binary" : { "base64" : "b0r0cADRQB+sOfRZAqDAyA==", "subType" : "04" } }] """)]
  239. [InlineData(BsonType.Array,
  240. EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random,
  241. _keyIdString,
  242. """ "bsonType": "array", "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random", "keyId": [{ "$binary" : { "base64" : "b0r0cADRQB+sOfRZAqDAyA==", "subType" : "04" } }] """)]
  243. public void EncryptedCollection_PatternProperty_works_as_expected(BsonType bsonType, EncryptionAlgorithm? algorithm, string keyString, string expectedContent)
  244. {
  245. Guid? keyId = keyString is null ? null : Guid.Parse(keyString);
  246. var builder = new EncryptedCollectionBuilder<Patient>();
  248. builder.PatternProperty("randomRegex*", bsonType, algorithm, keyId);
  250. var expected = $$"""
  251. {
  252. "bsonType": "object",
  253. "patternProperties": {
  254. "randomRegex*": {
  255. "encrypt": {
  256. {{expectedContent}}
  257. }
  258. }
  259. }
  260. }
  261. """;
  263. AssertOutcomeCollectionBuilder(builder, expected);
  264. }
  266. [Theory]
  267. [InlineData(new[] {BsonType.Array, BsonType.String},
  268. EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random,
  269. null,
  270. """ "bsonType": ["array", "string"], "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random" """)]
  271. [InlineData(new[] {BsonType.Array, BsonType.String},
  272. null,
  273. _keyIdString,
  274. """ "bsonType": ["array", "string"], "keyId": [{ "$binary" : { "base64" : "b0r0cADRQB+sOfRZAqDAyA==", "subType" : "04" } }] """)]
  275. [InlineData(new[] {BsonType.Array, BsonType.String},
  276. EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random,
  277. _keyIdString,
  278. """ "bsonType": ["array", "string"], "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random", "keyId": [{ "$binary" : { "base64" : "b0r0cADRQB+sOfRZAqDAyA==", "subType" : "04" } }] """)]
  279. public void EncryptedCollection_PatternProperty_with_multiple_bson_types_works_as_expected(IEnumerable<BsonType> bsonTypes, EncryptionAlgorithm? algorithm, string keyString, string expectedContent)
  280. {
  281. Guid? keyId = keyString is null ? null : Guid.Parse(keyString);
  282. var builder = new EncryptedCollectionBuilder<Patient>();
  284. builder.PatternProperty("randomRegex*", bsonTypes, algorithm, keyId);
  286. var expected = $$"""
  287. {
  288. "bsonType": "object",
  289. "patternProperties": {
  290. "randomRegex*": {
  291. "encrypt": {
  292. {{expectedContent}}
  293. }
  294. }
  295. }
  296. }
  297. """;
  299. AssertOutcomeCollectionBuilder(builder, expected);
  300. }
  302. [Fact]
  303. public void EncryptedCollection_PatternProperty_nested_works_as_expected()
  304. {
  305. Guid? keyId = Guid.Parse(_keyIdString);
  306. var builder = new EncryptedCollectionBuilder<Patient>();
  308. builder.PatternProperty(p => p.Insurance, innerBuilder =>
  309. {
  310. innerBuilder
  311. .EncryptMetadata(keyId)
  312. .Property("policyNumber", BsonType.Int32,
  313. EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic)
  314. .PatternProperty("randomRegex*", BsonType.String,
  315. EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random);
  316. });
  318. var expected = """
  319. {
  320. "bsonType": "object",
  321. "patternProperties": {
  322. "insurance": {
  323. "bsonType": "object",
  324. "encryptMetadata": {
  325. "keyId": [{ "$binary" : { "base64" : "b0r0cADRQB+sOfRZAqDAyA==", "subType" : "04" } }]
  326. },
  327. "properties": {
  328. "policyNumber": {
  329. "encrypt": {
  330. "bsonType": "int",
  331. "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
  332. }
  333. }
  334. },
  335. "patternProperties": {
  336. "randomRegex*": {
  337. "encrypt": {
  338. "bsonType": "string",
  339. "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
  340. }
  341. }
  342. }
  343. }
  344. }
  345. }
  346. """;
  348. AssertOutcomeCollectionBuilder(builder, expected);
  349. }
  351. [Fact]
  352. public void EncryptedCollection_PatternProperty_nested_with_string_works_as_expected()
  353. {
  354. Guid? keyId = Guid.Parse(_keyIdString);
  355. var builder = new EncryptedCollectionBuilder<Patient>();
  357. builder.PatternProperty<Insurance>("insurance", innerBuilder =>
  358. {
  359. innerBuilder
  360. .EncryptMetadata(keyId)
  361. .Property("policyNumber", BsonType.Int32,
  362. EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic)
  363. .PatternProperty("randomRegex*", BsonType.String,
  364. EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random);
  365. });
  367. var expected = """
  368. {
  369. "bsonType": "object",
  370. "patternProperties": {
  371. "insurance": {
  372. "bsonType": "object",
  373. "encryptMetadata": {
  374. "keyId": [{ "$binary" : { "base64" : "b0r0cADRQB+sOfRZAqDAyA==", "subType" : "04" } }]
  375. },
  376. "properties": {
  377. "policyNumber": {
  378. "encrypt": {
  379. "bsonType": "int",
  380. "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
  381. }
  382. }
  383. },
  384. "patternProperties": {
  385. "randomRegex*": {
  386. "encrypt": {
  387. "bsonType": "string",
  388. "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
  389. }
  390. }
  391. }
  392. }
  393. }
  394. }
  395. """;
  397. AssertOutcomeCollectionBuilder(builder, expected);
  398. }
  400. [Theory]
  401. [InlineData(BsonType.Array,
  402. EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random,
  403. null,
  404. """ "bsonType": "array", "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random" """)]
  405. [InlineData(BsonType.Array,
  406. null,
  407. _keyIdString,
  408. """ "bsonType": "array", "keyId": [{ "$binary" : { "base64" : "b0r0cADRQB+sOfRZAqDAyA==", "subType" : "04" } }] """)]
  409. [InlineData(BsonType.Array,
  410. EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random,
  411. _keyIdString,
  412. """ "bsonType": "array", "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random", "keyId": [{ "$binary" : { "base64" : "b0r0cADRQB+sOfRZAqDAyA==", "subType" : "04" } }] """)]
  413. public void EncryptedCollection_Property_with_expression_works_as_expected(BsonType bsonType, EncryptionAlgorithm? algorithm, string keyString, string expectedContent)
  414. {
  415. Guid? keyId = keyString is null ? null : Guid.Parse(keyString);
  416. var builder = new EncryptedCollectionBuilder<Patient>();
  418. builder.Property(p => p.MedicalRecords, bsonType, algorithm, keyId);
  420. var expected = $$"""
  421. {
  422. "bsonType": "object",
  423. "properties": {
  424. "medicalRecords": {
  425. "encrypt": {
  426. {{expectedContent}}
  427. }
  428. }
  429. }
  430. }
  431. """;
  433. AssertOutcomeCollectionBuilder(builder, expected);
  434. }
  436. [Theory]
  437. [InlineData(new[] {BsonType.Array, BsonType.String},
  438. EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random,
  439. null,
  440. """ "bsonType": ["array", "string"], "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random" """)]
  441. [InlineData(new[] {BsonType.Array, BsonType.String},
  442. null,
  443. _keyIdString,
  444. """ "bsonType": ["array", "string"], "keyId": [{ "$binary" : { "base64" : "b0r0cADRQB+sOfRZAqDAyA==", "subType" : "04" } }] """)]
  445. [InlineData(new[] {BsonType.Array, BsonType.String},
  446. EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random,
  447. _keyIdString,
  448. """ "bsonType": ["array", "string"], "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random", "keyId": [{ "$binary" : { "base64" : "b0r0cADRQB+sOfRZAqDAyA==", "subType" : "04" } }] """)]
  449. public void EncryptedCollection_Property_with_multiple_bson_types_works_as_expected(IEnumerable<BsonType> bsonTypes, EncryptionAlgorithm? algorithm, string keyString, string expectedContent)
  450. {
  451. Guid? keyId = keyString is null ? null : Guid.Parse(keyString);
  452. var builder = new EncryptedCollectionBuilder<Patient>();
  454. builder.Property(p => p.MedicalRecords, bsonTypes, algorithm, keyId);
  456. var expected = $$"""
  457. {
  458. "bsonType": "object",
  459. "properties": {
  460. "medicalRecords": {
  461. "encrypt": {
  462. {{expectedContent}}
  463. }
  464. }
  465. }
  466. }
  467. """;
  469. AssertOutcomeCollectionBuilder(builder, expected);
  470. }
  472. [Theory]
  473. [InlineData(BsonType.Array,
  474. EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random,
  475. null,
  476. """ "bsonType": "array", "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random" """)]
  477. [InlineData(BsonType.Array,
  478. null,
  479. _keyIdString,
  480. """ "bsonType": "array", "keyId": [{ "$binary" : { "base64" : "b0r0cADRQB+sOfRZAqDAyA==", "subType" : "04" } }] """)]
  481. [InlineData(BsonType.Array,
  482. EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random,
  483. _keyIdString,
  484. """ "bsonType": "array", "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random", "keyId": [{ "$binary" : { "base64" : "b0r0cADRQB+sOfRZAqDAyA==", "subType" : "04" } }] """)]
  485. public void EncryptedCollection_Property_with_string_works_as_expected(BsonType bsonType, EncryptionAlgorithm? algorithm, string keyString, string expectedContent)
  486. {
  487. Guid? keyId = keyString is null ? null : Guid.Parse(keyString);
  488. var builder = new EncryptedCollectionBuilder<Patient>();
  490. builder.Property("medicalRecords", bsonType, algorithm, keyId);
  492. var expected = $$"""
  493. {
  494. "bsonType": "object",
  495. "properties": {
  496. "medicalRecords": {
  497. "encrypt": {
  498. {{expectedContent}}
  499. }
  500. }
  501. }
  502. }
  503. """;
  505. AssertOutcomeCollectionBuilder(builder, expected);
  506. }
  508. [Fact]
  509. public void EncryptedCollection_Property_nested_works_as_expected()
  510. {
  511. Guid? keyId = Guid.Parse(_keyIdString);
  512. var builder = new EncryptedCollectionBuilder<Patient>();
  514. builder.Property(p => p.Insurance, innerBuilder =>
  515. {
  516. innerBuilder
  517. .EncryptMetadata(keyId)
  518. .Property("policyNumber", BsonType.Int32,
  519. EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic)
  520. .PatternProperty("randomRegex*", BsonType.String,
  521. EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random);
  522. });
  524. var expected = """
  525. {
  526. "bsonType": "object",
  527. "properties": {
  528. "insurance": {
  529. "bsonType": "object",
  530. "encryptMetadata": {
  531. "keyId": [{ "$binary" : { "base64" : "b0r0cADRQB+sOfRZAqDAyA==", "subType" : "04" } }]
  532. },
  533. "properties": {
  534. "policyNumber": {
  535. "encrypt": {
  536. "bsonType": "int",
  537. "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
  538. }
  539. }
  540. },
  541. "patternProperties": {
  542. "randomRegex*": {
  543. "encrypt": {
  544. "bsonType": "string",
  545. "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
  546. }
  547. }
  548. }
  549. }
  550. }
  551. }
  552. """;
  554. AssertOutcomeCollectionBuilder(builder, expected);
  555. }
  557. [Fact]
  558. public void EncryptedCollection_Property_nested_with_string_works_as_expected()
  559. {
  560. Guid? keyId = Guid.Parse(_keyIdString);
  561. var builder = new EncryptedCollectionBuilder<Patient>();
  563. builder.Property<Insurance>("insurance", innerBuilder =>
  564. {
  565. innerBuilder
  566. .EncryptMetadata(keyId)
  567. .Property("policyNumber", BsonType.Int32,
  568. EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic)
  569. .PatternProperty("randomRegex*", BsonType.String,
  570. EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random);
  571. });
  573. var expected = """
  574. {
  575. "bsonType": "object",
  576. "properties": {
  577. "insurance": {
  578. "bsonType": "object",
  579. "encryptMetadata": {
  580. "keyId": [{ "$binary" : { "base64" : "b0r0cADRQB+sOfRZAqDAyA==", "subType" : "04" } }]
  581. },
  582. "properties": {
  583. "policyNumber": {
  584. "encrypt": {
  585. "bsonType": "int",
  586. "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
  587. }
  588. }
  589. },
  590. "patternProperties": {
  591. "randomRegex*": {
  592. "encrypt": {
  593. "bsonType": "string",
  594. "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
  595. }
  596. }
  597. }
  598. }
  599. }
  600. }
  601. """;
  603. AssertOutcomeCollectionBuilder(builder, expected);
  604. }
  606. [Fact]
  607. public void EncryptedCollection_Property_with_empty_bson_types_throws()
  608. {
  609. var builder = new EncryptedCollectionBuilder<Patient>();
  611. var recordedException = Record.Exception(() => builder.Property("test", []));
  612. recordedException.Should().NotBeNull();
  613. recordedException.Should().BeOfType<ArgumentException>();
  614. }
  616. [Fact]
  617. public void EncryptedCollection_Metadata_with_empty_algorithm_and_key_throws()
  618. {
  619. var builder = new EncryptedCollectionBuilder<Patient>();
  621. var recordedException = Record.Exception(() => builder.EncryptMetadata(null, null));
  622. recordedException.Should().NotBeNull();
  623. recordedException.Should().BeOfType<ArgumentException>();
  624. }
  626. private void AssertOutcomeCsfleSchemaBuilder(CsfleSchemaBuilder builder, Dictionary<string, string> expectedSchema)
  627. {
  628. var builtSchema = builder.Build();
  629. expectedSchema.Should().HaveCount(builtSchema.Count);
  630. foreach (var collectionNamespace in expectedSchema.Keys)
  631. {
  632. var parsed = BsonDocument.Parse(expectedSchema[collectionNamespace]);
  633. builtSchema[collectionNamespace].Should().BeEquivalentTo(parsed);
  634. }
  635. }
  637. private void AssertOutcomeCollectionBuilder<T>(EncryptedCollectionBuilder<T> builder, string expected)
  638. {
  639. var builtSchema = builder.Build();
  640. var expectedSchema = BsonDocument.Parse(expected);
  641. builtSchema.Should().BeEquivalentTo(expectedSchema);
  642. }
  644. internal class TestClass
  645. {
  646. public ObjectId Id { get; set; }
  648. public string TestString { get; set; }
  649. }
  651. internal class Patient
  652. {
  653. [BsonId]
  654. public ObjectId Id { get; set; }
  656. [BsonElement("name")]
  657. public string Name { get; set; }
  659. [BsonElement("ssn")]
  660. public int Ssn { get; set; }
  662. [BsonElement("bloodType")]
  663. public string BloodType { get; set; }
  665. [BsonElement("medicalRecords")]
  666. public List<MedicalRecord> MedicalRecords { get; set; }
  668. [BsonElement("insurance")]
  669. public Insurance Insurance { get; set; }
  670. }
  672. internal class MedicalRecord
  673. {
  674. [BsonElement("weight")]
  675. public int Weight { get; set; }
  677. [BsonElement("bloodPressure")]
  678. public string BloodPressure { get; set; }
  679. }
  681. internal class Insurance
  682. {
  683. [BsonElement("provider")]
  684. public string Provider { get; set; }
  686. [BsonElement("policyNumber")]
  687. public int PolicyNumber { get; set; }
  688. }
  689. }
  690. }