1 // Copyright 2023 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16
17 #include "gtest/gtest.h"
18 #include "absl/log/check.h"
19 #include "tink/integration/gcpkms/gcp_kms_aead.h"
20 #include "tink/integration/gcpkms/gcp_kms_client.h"
21 #include "tink/util/test_matchers.h"
22 #include "tools/cpp/runfiles/runfiles.h"
23
24 namespace crypto {
25 namespace tink {
26 namespace integration {
27 namespace gcpkms {
28 namespace {
29
30 using ::bazel::tools::cpp::runfiles::Runfiles;
31 using ::crypto::tink::test::IsOk;
32 using ::crypto::tink::test::IsOkAndHolds;
33 using ::testing::Environment;
34
35 constexpr absl::string_view kGcpKmsKeyUri =
36 "gcp-kms://projects/tink-test-infrastructure/locations/global/keyRings/"
37 "unit-and-integration-testing/cryptoKeys/aead-key";
38
RunfilesPath(absl::string_view path)39 std::string RunfilesPath(absl::string_view path) {
40 std::string error;
41 std::unique_ptr<Runfiles> runfiles(Runfiles::CreateForTest(&error));
42 CHECK(runfiles != nullptr) << "Unable to determine runfile path: ";
43 const char* workspace_dir = getenv("TEST_WORKSPACE");
44 CHECK(workspace_dir != nullptr && workspace_dir[0] != '\0')
45 << "Unable to determine workspace name.";
46 return runfiles->Rlocation(absl::StrCat(workspace_dir, "/", path));
47 }
48
49 class GcpKmsAeadIntegrationTestEnvironment : public Environment {
50 public:
51 ~GcpKmsAeadIntegrationTestEnvironment() override = default;
52
SetUp()53 void SetUp() override {
54 // Set root certificates for gRPC in Bazel Test which are needed on macOS.
55 const char* test_srcdir = getenv("TEST_SRCDIR");
56 if (test_srcdir != nullptr) {
57 setenv(
58 "GRPC_DEFAULT_SSL_ROOTS_FILE_PATH",
59 absl::StrCat(test_srcdir, "/google_root_pem/file/downloaded").c_str(),
60 /*overwrite=*/false);
61 }
62 }
63 };
64
65 Environment* const foo_env = testing::AddGlobalTestEnvironment(
66 new GcpKmsAeadIntegrationTestEnvironment());
67
TEST(GcpKmsAeadIntegrationTest,EncryptDecrypt)68 TEST(GcpKmsAeadIntegrationTest, EncryptDecrypt) {
69 std::string credentials = RunfilesPath("testdata/gcp/credential.json");
70 util::StatusOr<std::unique_ptr<GcpKmsClient>> client =
71 GcpKmsClient::New(/*key_uri=*/"", credentials);
72 ASSERT_THAT(client, IsOk());
73
74 util::StatusOr<std::unique_ptr<Aead>> aead =
75 (*client)->GetAead(kGcpKmsKeyUri);
76 ASSERT_THAT(aead, IsOk());
77
78 constexpr absl::string_view kPlaintext = "plaintext";
79 constexpr absl::string_view kAssociatedData = "aad";
80
81 util::StatusOr<std::string> ciphertext =
82 (*aead)->Encrypt(kPlaintext, kAssociatedData);
83 ASSERT_THAT(ciphertext, IsOk());
84 EXPECT_THAT((*aead)->Decrypt(*ciphertext, kAssociatedData),
85 IsOkAndHolds(kPlaintext));
86 }
87
88 } // namespace
89 } // namespace gcpkms
90 } // namespace integration
91 } // namespace tink
92 } // namespace crypto
93