1 // Copyright 2019 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16
17 #include "tink/integration/gcpkms/gcp_kms_client.h"
18
19 #include <cstdlib>
20 #include <string>
21 #include <vector>
22
23 #include "gtest/gtest.h"
24 #include "absl/status/status.h"
25 #include "absl/strings/str_cat.h"
26 #include "tink/kms_clients.h"
27 #include "tink/util/status.h"
28 #include "tink/util/statusor.h"
29 #include "tink/util/test_matchers.h"
30 #include "tink/util/test_util.h"
31
32 namespace crypto {
33 namespace tink {
34 namespace integration {
35 namespace gcpkms {
36 namespace {
37
38 using ::crypto::tink::test::IsOk;
39 using ::crypto::tink::test::StatusIs;
40
TEST(GcpKmsClientTest,ClientNotBoundToAKey)41 TEST(GcpKmsClientTest, ClientNotBoundToAKey) {
42 std::string gcp_key1 = "gcp-kms://projects/someProject/.../cryptoKeys/key1";
43 std::string gcp_key2 = "gcp-kms://projects/otherProject/.../cryptoKeys/key2";
44 std::string non_gcp_key = "aws-kms://arn:aws:kms:us-west-2:acc:other/key3";
45 std::string creds_file =
46 std::string(getenv("TEST_SRCDIR")) + "/tink_cc_gcpkms/testdata/gcp/credential.json";
47
48 util::StatusOr<std::unique_ptr<GcpKmsClient>> client =
49 GcpKmsClient::New("", creds_file);
50 ASSERT_THAT(client, IsOk());
51 EXPECT_TRUE((*client)->DoesSupport(gcp_key1));
52 EXPECT_TRUE((*client)->DoesSupport(gcp_key2));
53 EXPECT_FALSE((*client)->DoesSupport(non_gcp_key));
54 }
55
TEST(GcpKmsClientTest,ClientBoundToASpecificKey)56 TEST(GcpKmsClientTest, ClientBoundToASpecificKey) {
57 std::string gcp_key1 = "gcp-kms://projects/someProject/.../cryptoKeys/key1";
58 std::string gcp_key2 = "gcp-kms://projects/otherProject/.../cryptoKeys/key2";
59 std::string non_gcp_key = "aws-kms://arn:aws:kms:us-west-2:acc:other/key3";
60 std::string creds_file =
61 std::string(getenv("TEST_SRCDIR")) + "/tink_cc_gcpkms/testdata/gcp/credential.json";
62
63 util::StatusOr<std::unique_ptr<GcpKmsClient>> client =
64 GcpKmsClient::New(gcp_key1, creds_file);
65 ASSERT_THAT(client, IsOk());
66 EXPECT_TRUE((*client)->DoesSupport(gcp_key1));
67 EXPECT_FALSE((*client)->DoesSupport(gcp_key2));
68 EXPECT_FALSE((*client)->DoesSupport(non_gcp_key));
69 }
70
TEST(GcpKmsClientTest,ClientCreationAndRegistry)71 TEST(GcpKmsClientTest, ClientCreationAndRegistry) {
72 std::string gcp_key1 = "gcp-kms://projects/someProject/.../cryptoKeys/key1";
73 std::string creds_file =
74 absl::StrCat(getenv("TEST_SRCDIR"), "/tink_cc_gcpkms/testdata/gcp/credential.json");
75
76 util::Status client_result =
77 GcpKmsClient::RegisterNewClient(gcp_key1, creds_file);
78 ASSERT_THAT(client_result, IsOk());
79
80 util::StatusOr<const KmsClient*> registry_result = KmsClients::Get(gcp_key1);
81 EXPECT_THAT(registry_result, IsOk());
82 }
83
TEST(GcpKmsClientTest,ClientCreationInvalidRegistry)84 TEST(GcpKmsClientTest, ClientCreationInvalidRegistry) {
85 std::string non_gcp_key = "aws-kms://arn:aws:kms:us-west-2:acc:other/key3";
86 std::string creds_file =
87 std::string(getenv("TEST_SRCDIR")) + "/tink_cc_gcpkms/testdata/gcp/credential.json";
88
89 util::Status client_result =
90 GcpKmsClient::RegisterNewClient(non_gcp_key, creds_file);
91 EXPECT_THAT(client_result, StatusIs(absl::StatusCode::kInvalidArgument));
92 }
93
94 } // namespace
95 } // namespace gcpkms
96 } // namespace integration
97 } // namespace tink
98 } // namespace crypto
99