1#!/bin/bash 2# Copyright 2021 Google LLC 3# 4# Licensed under the Apache License, Version 2.0 (the "License"); 5# you may not use this file except in compliance with the License. 6# You may obtain a copy of the License at 7# 8# http://www.apache.org/licenses/LICENSE-2.0 9# 10# Unless required by applicable law or agreed to in writing, software 11# distributed under the License is distributed on an "AS IS" BASIS, 12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13# See the License for the specific language governing permissions and 14# limitations under the License. 15################################################################################ 16 17set -euo pipefail 18 19set -x 20 21############################################################################# 22# Tests for envelope encryption AEAD example. 23############################################################################# 24 25CLI="$1" 26KEY_URI="$2" 27CRED_FILE="$3" 28PROJECT_ID="$4" 29GCS_BUCKET="$5" 30 31# Root certificates for GRPC. 32# Reference: 33# https://github.com/grpc/grpc/blob/master/doc/environment_variables.md 34export GRPC_DEFAULT_SSL_ROOTS_FILE_PATH="${TEST_SRCDIR}/google_root_pem/file/downloaded" 35 36DATA_FILE="${TEST_TMPDIR}/example_data.txt" 37 38echo "This is some plaintext to be encrypted." > "${DATA_FILE}" 39 40############################################################################# 41 42# A helper function for getting the return code of a command that may fail 43# Temporarily disables error safety and stores return value in ${TEST_STATUS} 44# Usage: 45# % test_command somecommand some args 46# % echo ${TEST_STATUS} 47test_command() { 48 set +e 49 "$@" 50 TEST_STATUS=$? 51 set -e 52} 53 54print_test() { 55 echo "+++ Starting test $1..." 56} 57 58############################################################################# 59 60print_test "encrypt" 61 62# Run encryption 63test_command ${CLI} --mode encrypt \ 64 --kek_uri "${KEY_URI}" \ 65 --gcp_credential_path "${CRED_FILE}" \ 66 --gcp_project_id "${PROJECT_ID}" \ 67 --local_path "${DATA_FILE}" \ 68 --gcs_blob_path "${GCS_BUCKET}/example_data.txt.encrypted" 69 70if (( TEST_STATUS == 0 )); then 71 echo "+++ Success: file was encrypted." 72else 73 echo "--- Failure: could not encrypt file." 74 exit 1 75fi 76 77############################################################################# 78 79print_test "decrypt" 80 81# Run decryption 82test_command ${CLI} --mode decrypt \ 83 --kek_uri "${KEY_URI}" \ 84 --gcp_credential_path "${CRED_FILE}" \ 85 --gcp_project_id "${PROJECT_ID}" \ 86 --gcs_blob_path "${GCS_BUCKET}/example_data.txt.encrypted" \ 87 --local_path "${DATA_FILE}.decrypted" 88 89if (( TEST_STATUS == 0 )); then 90 echo "+++ Success: file was successfully decrypted." 91else 92 echo "--- Failure: could not decrypt file." 93 exit 1 94fi 95 96if cmp -s "${DATA_FILE}" "${DATA_FILE}.decrypted"; then 97 echo "+++ Success: file content is the same after decryption." 98else 99 echo "--- Failure: file content is not the same after decryption." 100 exit 1 101fi 102