1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
# frozen_string_literal: true
# rubocop:todo all
require 'spec_helper'
describe 'Client-Side Encryption' do
describe 'Prose tests: KMS TLS Tests' do
require_libmongocrypt
require_enterprise
min_server_fcv '4.2'
include_context 'define shared FLE helpers'
let(:client) do
new_local_client(
SpecConfig.instance.addresses,
SpecConfig.instance.test_options
)
end
let(:client_encryption) do
Mongo::ClientEncryption.new(
client,
{
kms_providers: aws_kms_providers,
kms_tls_options: {
aws: default_kms_tls_options_for_provider
},
key_vault_namespace: 'keyvault.datakeys',
},
)
end
context 'invalid KMS certificate' do
it 'raises an error when creating data key' do
expect do
client_encryption.create_data_key(
'aws',
{
master_key: {
region: "us-east-1",
key: "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0",
endpoint: "127.0.0.1:8000",
}
}
)
end.to raise_error(Mongo::Error::KmsError, /certificate verify failed/)
end
end
context 'Invalid Hostname in KMS Certificate' do
context 'MRI' do
require_mri
it 'raises an error when creating data key' do
expect do
client_encryption.create_data_key(
'aws',
{
master_key: {
region: "us-east-1",
key: "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0",
endpoint: "127.0.0.1:8001",
}
}
)
end.to raise_error(Mongo::Error::KmsError, /certificate verify failed/)
end
end
context 'JRuby' do
require_jruby
it 'raises an error when creating data key' do
expect do
client_encryption.create_data_key(
'aws',
{
master_key: {
region: "us-east-1",
key: "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0",
endpoint: "127.0.0.1:8001",
}
}
)
end.to raise_error(Mongo::Error::KmsError, /hostname mismatch/)
end
end
end
end
end
|
